AV-Comparatives June (May 2007) Results (Retrospective / Proactive Tests)

Re: AV-Comparatives June Results (Retrospective / Proactive Tests)

thats not what i said.

 

Re: AV-Comparatives June Results (Retrospective / Proactive Tests)

Thanks, IBK

Wow, I can't get over Fortinet's FPs. It would go crazy over the stuff on my computer, lol.

 

Re: AV-Comparatives June Results (Retrospective / Proactive Tests)

well yes but would the detection rate decrease that much with heuristik set to medium? (standard setting)


sorry wrong word

 

Re: AV-Comparatives June Results (Retrospective / Proactive Tests)

now i understand what u meant

 

Re: AV-Comparatives June Results (Retrospective / Proactive Tests)

im happy with drwebs result,

and this is still 4.33,

36 FP's, but out of 20,000+ ... i think this is good, very good.

but IBK, the 36 FP's all give a malware name that suggests it was signature based and not an heuristic detection

so did the heuristics not give any FP's, or am i mistaken by the malware-file-names?

would be still nice if 4.44 beta could be tested on this.

 

Re: AV-Comparatives June Results (Retrospective / Proactive Tests)

Looking at Kaspersky the FPs were generated by Bit Defender Package. What is that package?

Thanks,
Jerry

 

Re: AV-Comparatives June Results (Retrospective / Proactive Tests)

I am curious how many of those 18 false positives are still to be found with Avira's current updated heuristics&signatures, hehe.

 

Re: AV-Comparatives June Results (Retrospective / Proactive Tests)

Quarantine may not always help . False positive is false positive and it is something important . Remember a week or two ago when Symantec detected files in the Chinese Windows XP (legitimate files) , which detection made Windows unbootable . False positives may be harmless but in much more cases can be harmfull , a simple wrong alarm can make your computer useless and you will need to reinstall and loose time/resourses .

The less false positive , the better . The higher detection , the better ! Combining these two , the results show number 1

 

Re: AV-Comparatives June Results (Retrospective / Proactive Tests)

Wow, I looked at the report, and fortinet, wow.

Also IBK, not meaning to nitpick or anything, but you mispelled the word "thousands" on page 15 as "tousands", just wanted to tell you since I know it is a professional document and all (don't blame you for the mistake, after typing and doing all that work, I think I would collapse myself)

Cheers,

Alphalutra1

 

Re: AV-Comparatives June Results (Retrospective / Proactive Tests)

i should predict the lottery

 

Re: AV-Comparatives June Results (Retrospective / Proactive Tests)

I am not either nitpicking the word 'u', the internet can teach us all bad typing habits.

Thanks Andreas for giving us the names how a particular AV detects a false positive. So in Avira AntiVirs case one should maybe submit the file first to VirusTotal or Jotti before doing anything if it starts with HEUR.

You are right HiTech_boy. Sometimes just quaranteening a fp can cause damage if the file is some system file.
And I agree that NOD32 is a winner in in this retrospective test.

 

Re: AV-Comparatives June Results (Retrospective / Proactive Tests)

Antivir is and has been working on the false positive issue all along and will continue to do so. On the subject of Eset though. How do you know what it's capabilities are, except from tests?

 

Re: AV-Comparatives June Results (Retrospective / Proactive Tests)

False Positives are important:
- If the antivirus causes too many false positives, the user can choose to select ignore on an alertfor actual malware, because he/she thinks it is yet another fp.
- The user has to spend time in researching and reporting the fp.
- False Positives can be dangerous, especially if the user is inexperienced
- If you are a software developer and a AV had a fp on your product, lot of users will accuse you of distributing "virus" with your product, as many users doesn't know that false positives exist.

 

Re: AV-Comparatives June Results (Retrospective / Proactive Tests)

Congrats to Eset, despite being one of the worst in the industry for adding signatures for threats submitted by customers, their heuristic engine is still top notch. Symantec is impressive too, especially their detection for backdoors.

 

Re: AV-Comparatives June Results (Retrospective / Proactive Tests)

well, i think 36 is not alot over a 20,000+ test set, it would have been nice for drweb to get its advanced level.

im also impressed that it is only 36, when compared to 49 of the last test and that only had 10,000 samples.

i hope IBK just clears up the false positives though, as the detection names look like signature detections and not heuristics, and so it it definatly should get advanced for its proactive test, maybe wrong though... thats just what it looks like.

anyhow, nice to see improvements, and more so for 4.44 and 5, all due this year

 

Re: AV-Comparatives June Results (Retrospective / Proactive Tests)

the number of false positives and the number of threats in the used malware test-set has no correlation.
it does not matter how the false positives occur.

 

Re: AV-Comparatives June Results (Retrospective / Proactive Tests)

Just downloaded the test.
Wow Onecare surprised me.....

 

Re: AV-Comparatives June Results (Retrospective / Proactive Tests)

ok but can i ask if they were signature fp's or heuristics?

the last test report said which was which...... so i didnt need to ask.

 

Re: AV-Comparatives June Results (Retrospective / Proactive Tests)

Should it not be Dr. Web that clears up the false positives and not IBK? Or are you asking for information from IBK on the false positive types generated?

 

Re: AV-Comparatives June Results (Retrospective / Proactive Tests)

Since IBK wil be testing Fortinet without heuristics from now on, I wonder if it will fail entirely in every test

 

Re: AV-Comparatives June Results (Retrospective / Proactive Tests)

i do not remember. in the next retrospective test i will again put more details about how the false alarms occured etc.

 

Re: AV-Comparatives June Results (Retrospective / Proactive Tests)

yeah just asking for info

 

Re: AV-Comparatives June Results (Retrospective / Proactive Tests)

ok, maybe firecat will come on and shed some light on this,

the file names (to me) look signature based, and for a proactive test.... well, you know the rest

 

Re: AV-Comparatives June Results (Retrospective / Proactive Tests)

I'm confused by the "no name" FPs of F-Prot. What do they mean?
FPs are rising everywhere (except Symantec, McAfee and ESET)

 

Re: AV-Comparatives June Results (Retrospective / Proactive Tests)

oh, and i forgot to add....... Fortinet should NOT be used, damn thats terrible.

it only gets its good detection, because of this...... simple as!

very poor product, very poor indeed.

any software can flag anything and everything and say it has a super detection, geez... even i could do that.