AV Comparatives has released the newest report.

+1 Nice to see some common sense brought into proceedings

 

Yes it is the same (with v10 Beta too),I've never really understood why that is

 

Stefan, which anti-malware products use run-time emulation during an on-demand scan in order to dynamically examine the behavior of an executable file?

At least in one case, based on my reading of the capabilities of the heuristic SONAR2 engine in Norton AntiVirus, your assertion may be incorrect: SONAR2 is not employed during a full system scan (nor is the reputation-based in-the-cloud insight functionality). As a consequence, the full power of the product to protect against malware is not evaluated properly in an on-demand detection test. I suspect the same may be equally true for other products.

 

Oh, I see. Therefore Norton products are definitely not advisable if someone wants to scan some files on-demand from time to time.

Cheers

 

My previous post was not “about Norton” -- it was about which, if any, anti-malware products actually use run-time emulation during an on-demand scan in order to dynamically examine the behavior of an executable file. Norton AntiVirus was simply an example, referenced for illustration.

 

Pretty much all major AV engines nowadays use some kind of code emulation during on-demand scanning.

That is, the executable code is executed in a virtual environment (the emulator) and the results are then analyzed by the decision engine.

 

Thanks for joining in VLK. By the way -- Avast 5 is simply bee-yoo-ti-ful! I know that your contributions thereto were significant so -- DOUBLY thanks.

 

Hmm, no rebuttals from the Contrarians about Stefan Kurtzhals' explanation?
I'd expect some form of counterstatement after all the harsh words on the latest AV-C test.

OT; Thanks Bellgamin, for expanding my vocabulary

 

Just as vlk said, almost every AV product uses this technology.

Pleonasm, SONAR2 is a behaviour blocker, but Norton also has emulation capabilities in it's on-demand scan engine. You need emulation for at least handling polymorphic file infectors (we all love Virut ) but at some point, AV's began to upgrade the emulation more and more until it became almost a complete sandbox.

 

+1

and thanks to developers (and vlk in particular) avast has one of the gratest community.
Avast forum is next to wildersecurity my favorite source of "inside" information.

 

Lol, it happens every time IBK posts new results. We go through this 4 times a year, and the funny thing is, he is still the best at doing this.

 

"The report notes that modern security suites include many layers of protection, including "URL filtering, web reputation services, exploit blocking, 'in-the-cloud' scanning as well as behavior-based protection mechanisms." A test that only challenges the product's on-demand scanner is not representative of real-world performance."

Quoted from here
http://blogs.pcmag.com/securitywatch/2009/12/av-testorg_releases_real-world.php

This perhaps explains why some users express concerns about the AV-C on demand tests.

What do you think about the AV-C proactive tests where the AVs are prevented from updating and then are tested offline. All cloud AVs are unfairly penalised. This test may show which product has the best heuristics but it does not show which product will best protect the user in real life.

The on demand tests are good for testing AV detection against old samples but to test how AVs respond to new threats, AV-C should use dynamic tests.

In short, instead of doing 5 on demand tests and only 1 dynamic test(with a small sample), will it not be better if AV-C do 3 on demand tests and 1 real life test(with a larger sample)?

 

What about MSE, Avast, Eset? They are not worth testing?

 

PC Mag and Norton.......I rest my case.

 

Indeed they are worth testing, this is why I would like AV-C to to improve its dynamic tests making them better than those of AV Tests.org while continuing to perform its on demand tests.

But for them to have the resources to do better dynamic teats, they should reduce(not eliminate) the number of on demand tests.

Many users buy Internet Security suites, so they have the right to know which suite will provide better protection in real life.

 

Read carefully before drawing conclusions please.
This test was not performed by PC Mag but by AV Test.

 

Of course where Avira scores significantly less and Norton does 100%, conclusions not necessary, its just imminent isn't it. PC Mag will always highlight tests where Norton scores 100%, its an old affiliation, one thats common knowledge.

 

Norton scored only 92.8% not 100%. No Av can score 100% in a true test. At least take 1 min to read the test before posting.
http://blogs.pcmag.com/securitywatch/2009/12/av-testorg_releases_real-world.php

Don't be a loyalist and stop comparing Norton with Avira. The issue is not about the results but about the type of test which has been performed.

 

Well no loyalist here but then Avira rules on every tests and thats a fact, you OTOH are just trying to make Norton look superb, now take a look at the copy/paste from the link you have posted.

MALWARE DETECTION RATES AND WARNING MESSAGES (FALSE ALARMS)
Tested Product Malware Detected False Alarms
Symantec Norton Internet Security 2010 98.0% almost none
Kaspersky Internet Security 2010 97.5% few
PC Tools Internet Security 2010 95.8% almost none
AVG Internet Security 9.0 92.2% few
G Data Internet Security 2010 90.0% many
Panda Internet Security 2010 90.0% almost none
Avira Premium Security Suite 9.0 87.7% many
McAfee Internet Security 2010 87.2% few
CA Internet Security 2010 86.7% few
F-Secure Internet Security 2010 85.8% almost none
BitDefender Internet Security 2010 84.3% few
Trend Micro Internet Security 2010 83.3% few


Avira's detection rate lower than AVG? Apart from IBK, other sites have also tested Avira and found its detection rate to be the highest but with FPs. This tests makes Norton supreme, no denying that and probably the only reason you keep highlighting and defending it.

I use Linux personally so don't have to be fan of any particular AV however I do recommend Avira and Avast to those on Windows and also use them on Windows installations at my institute.

 

Why are you relating this to Norton each time?
This is the part that I was referring.

MALWARE BLOCKING RATES AND BLOCKED GOOD PROGRAMS (FALSE ALARMS)

Tested Product Malware Blocked False Alarms
PC Tools Internet Security 2010 94.8% none
Symantec Norton Internet Security 2010 92.8% none
Kaspersky Internet Security 2010 89.8% few
Panda Internet Security 2010 88.7% none
Avira Premium Security Suite 9.0 87.2% none
McAfee Internet Security 2010 86.7% none
AVG Internet Security 9.0 84.2% few
G Data Internet Security 2010 83.0% few
Trend Micro Internet Security 2010 81.3% few
F-Secure Internet Security 2010 80.2% none
BitDefender Internet Security 2010 77.8% none
CA Internet Security 2010 73.5% none

These results have surprised many people, this is why I want AV-C to do dynamic tests with larger samples so that we can get better results. But the main argument against dynamic tests is that they require too much resources, this is why I suggest that AV-C should reduce the number of On demand tests(do only 3 instead of 5) so that it can do a better dynamic test.

Now I've said what I needed to say, I done with this. No need for you to reply as you are still stuck with Norton and Avira and you cannot see the bigger picture.

 

Good luck with Avira and Avast. When the premiere tester in the world like AV-Comparatives find that Norton is "Product of the Year", I think you are doing your institute a dis-service.

And stop with all this business about "I am not a fan of any AV". Clearly you spending so much time year indicates you are a fan of Avira and/or Avast.

By the way, your comments about affiliations between PCMag and Norton are ridiculous as others have indicated. AV-test and others do the tests for these magazine, and the magazines then interpret the results.

If you think PCMag and Norton are related, then you should look at any of the big German magazines like C't, ComputerBild and their german product buddies like GData. Now there is a match made in hell.

 

But you spend your entire resources discrediting IBK and all the security experts and veterans here at Wilders with your blatant fanboyizm of NORTON, don't worry, I got news for you, with Avira 10 out and Avast 5 improving in miles, end of the year, the AV comparatives results will be quite predictable, Avira, MSE and Avast on top so collect all your bricks for poor IBK.

PC Mag has been blatant pusher of Norton, their biggest revenue giver and that ain't no secret.

Years of dis-service at my institute with Avira and Avast and yet no data loss, I guess the dis-service has done OK so far

 

Any given AV is only tested if AV-C is requested to do so by the company concerned. There is also a fee for being included. Thus, any exclusions from AV-C's testing are a result of the company's choice NOT to participate because of the cost &/or for *other reasons*..

 

I repeat: we will provide whole-product dynamic tests! bigger & better

@bellgamin & others: you are mixing/confusing AV-C with av-test.

 

Yes everything is fine now.

Thanks