AV-Comparatives: Malware Protection Test March 2017

Discussion in 'other anti-virus software' started by anon, Apr 13, 2017.

  1. anon

    anon Registered Member

    Joined:
    Dec 27, 2012
    Posts:
    7,970
    Malware Protection Test - March 2017

    http://chart.av-comparatives.org/chart1.php?chart=chart9&year=2017&month=3&sort=1&zoom=3

    https://www.av-comparatives.org/malware-protection-test/

    ---------------------------------
    False Alarm Test - March 2017

    http://chart.av-comparatives.org/chart1.php?chart=chart6&year=2017&month=3&sort=1

    https://www.av-comparatives.org/false-alarm-tests/
    ---------------------------------
    Introducing AV-Comparatives’ Malware Protection Test
    http://weblog.av-comparatives.org/introducing-av-comparatives-malware-protection-test/

    Sample quality for the Malware Protection Test
    http://weblog.av-comparatives.org/sample-quality/

    Malware Protection Test March 2017
    http://weblog.av-comparatives.org/malware-protection-test-march-2017/
     
    Last edited: Apr 13, 2017
  2. M3gatron

    M3gatron Registered Member

    Joined:
    Oct 3, 2016
    Posts:
    41
    Location:
    ::1
    Bad results from symantec (too many FP)
     
  3. Antarctica

    Antarctica Registered Member

    Joined:
    Feb 25, 2003
    Posts:
    2,176
    Location:
    Canada
    Panda is doing quite well. Anyone using it? Is it heavy?
     
  4. clocks

    clocks Registered Member

    Joined:
    Aug 25, 2007
    Posts:
    2,787
    Same results for Avast & AVG. Guess they are officially merged.

    MS with 99.64% and no false positives.
     
  5. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    8,591
    Location:
    U.S.A.
    New with this test are results on how each product performs when its cloud reputation feature is disabled. An important factor to review since a lot of malware will attempt to interfere with your network connection.
     
  6. shadek

    shadek Registered Member

    Joined:
    Feb 26, 2008
    Posts:
    2,538
    Location:
    Sweden
  7. xxJackxx

    xxJackxx Registered Member

    Joined:
    Oct 23, 2008
    Posts:
    8,616
    Location:
    USA
    Some nice results for all of them, except for the couple that had way too many false positives. Other than that, looks like you can't go wrong with any of them.
     
  8. illumination

    illumination Guest

    Criteria has a lot to do with it. Norton "Symantec" has Download & File Insight module, that will if "Unknown" automatically block and pop up giving the user the choice to run or take recommended action to not run. This is highly different then legit programs being flagged as malware, quarantined or removed, like a lot of other suites do.

    Personally, I do not like testing facilities like these that use one set of testing methodology to test many different products that react differently to threats or non threats. I fully believe wrapping a test around a products design, to test it as it was designed, is the best method, and way more accurate.
     
  9. roger_m

    roger_m Registered Member

    Joined:
    Jan 25, 2009
    Posts:
    8,627
    I'm using Panda, and it is one of the lightest antiviruses there is. Sometimes in performance tests it does not do so well, but it does very well on my computer.
     
  10. roger_m

    roger_m Registered Member

    Joined:
    Jan 25, 2009
    Posts:
    8,627
    I realised that when I saw the results for Symantec. It's a shame that av-comparatives do not mention this.
     
  11. illumination

    illumination Guest

    It is very misleading for sure not being mentioned, and is why I have a problem with these sites and prefer to test myself.
     
  12. xxJackxx

    xxJackxx Registered Member

    Joined:
    Oct 23, 2008
    Posts:
    8,616
    Location:
    USA
    I don't feel that it is misleading because in most cases when Norton does this to me it deletes the file and I have to disable it and download it again. For them not recognizing a file equals malware and it is most of why I don't have Norton currently installed despite having a 5 user license. I've been asking them for years for a setting to allow me to decide what to so with the files but for the sake of the average user they won't give it to us.
     
  13. roger_m

    roger_m Registered Member

    Joined:
    Jan 25, 2009
    Posts:
    8,627
    I believe that Norton only auto quarantines actual threats and it should prompt you for unknown files. That was my exeprience anyway the last time I tried it, which was just a few months ago.
     
  14. xxJackxx

    xxJackxx Registered Member

    Joined:
    Oct 23, 2008
    Posts:
    8,616
    Location:
    USA
    That's the way they tell people it works, but has not been my experience. Sometimes it prompts, but I dare to say 9 times out of 10 it just deletes my files. All they have to do is add a setting for advanced users to prompt. Come on Norton. Just do it. :isay:
     
  15. illumination

    illumination Guest

    I have yet to have Norton just "Auto Delete" a legit or "Unknown" file. Generally Download/File insight intercepts it before any of the other modules, and you are prompted. I have been testing Norton heavily for quite some time. Matter of fact, it is what im running on the machine im writing this from, which is my 'Host" on my testing machine. I also run several "Guest" machines in the VM, one of which has Norton EAP channel running in it, on a daily basis, im testing features and malware for submission.
     
  16. xxJackxx

    xxJackxx Registered Member

    Joined:
    Oct 23, 2008
    Posts:
    8,616
    Location:
    USA
    You possibly haven't encountered the same files. I've had it happen many times. There are plenty of posts on their forums where others have had the same problem. I'm not a hater, I keep giving them money. Not everyone's experience is the same. Just sharing mine. Glad it works for you. Hoping it will work for me some day.
     
  17. ance

    ance formerly: fmon

    Joined:
    May 5, 2013
    Posts:
    1,360
    Very nice, is it the end of paid antivirus? :ouch: A lot of false positives from AVG/Avast, Trendmicro and Symantec ...
     
  18. anon

    anon Registered Member

    Joined:
    Dec 27, 2012
    Posts:
    7,970
  19. avman1995

    avman1995 Registered Member

    Joined:
    Sep 24, 2012
    Posts:
    944
    Location:
    india
    Looks like they considered my suggestion of not just testing with URL's that i said in prague.I have a few suggestions/questions for them.

    1)Are these samples the same ones used in real world test where you pasted the download link in the browser? If yes then why use a sample whose URL is already blocked.

    2)Has AV-C filtered out the samples because there is a very less amount that has the ability to spread by USB.You guys should be using malicious emails now because they are the biggest way of spreading ransom malware.

    3)There is no clear statement of how they consider the sample as bypassed? Eg: If AV blocks and detects the dropped/downloaded binary the system is still protected even if the dropper runs or downloads this is usually applicable for ransomware which spreads from JS downloaders coming from a E-mail client.

    4) Don't merge the results with real world graphs even if you plan to do so... the overlap is quite significant and it's more confusing.Making different graphs will allow us to see which AV is good at both or is inevitably getting good results at real world because of it's aggressive URL blocking but doesn't detect too much PE.

    5)Were the samples downloaded on the system in presence of a disabled AV or what? How was it brought onto the system? You won't find a big number of samples of different malware on a USB.Most USB threats involve file infectiors,worms,JS downloaders etc

    6) If you want to perform this type of a test which is great in my view please do it with threats that come via email and USB specifically .Don't just ship a ton of binaries onto a stick or a system without knowing whether the samples really do spread via a USB or not.

    Ransom comes from email client these days so that's the best gate to test right now.If you want to test USB threats then filter/use samples that have the ability to spread from USB.If you guys are interested in testing malicious Emails since it has quickly became the infection vector let me know where to send them to you guys ;)
     
  20. ance

    ance formerly: fmon

    Joined:
    May 5, 2013
    Posts:
    1,360
    Thank you but Kaspersky has more false positives than Microsoft in the latest test. Furthermore I don't need useless browser addons, registry cleaners, disk space booster and so on ... :mad: Is there really any reason to buy an antivirus licence nowadays?
     
  21. anon

    anon Registered Member

    Joined:
    Dec 27, 2012
    Posts:
    7,970
    In the article, the point is MS intentions, not the Kaspersky software itself.....
     
  22. ance

    ance formerly: fmon

    Joined:
    May 5, 2013
    Posts:
    1,360
    I know, first of all it's a problem for Kaspersky and other antivirus companies.
     
  23. Firecat

    Firecat Registered Member

    Joined:
    Jan 2, 2005
    Posts:
    8,251
    Location:
    The land of no identity :D
    Years ago, an AV testing lab had introduced this due to pressure from AV industry, specifically from players who were weak in signature-based/heuristic based detection. Real-World protection test already describes behaviourial/URL filtering efficacy of the product, so I am not sure why this method is now being adopted by AV-C when they already had a very comprehensive method of checking each method of detection.

    If this replaces the FDT forever, It'll become impossible to see which product is better for intranet/offline protection. In that case, we'll just have to rely on our gut. Not sure if this is a good idea.

    Only two days ago I encountered a PC in which behaviour blocker was successfully blocking a ransomware from running, but the file scanners were NOT able to find which file was the culprit (including cloud).

    Andreas?
     
  24. guest

    guest Guest

    Look at all those big fishes like Kaspersky whining like kids because they lose market shares because of Win Def...hilarious :argh:

    they don't care of the average users , they prefer letting them having an unsafe OS then add their paid AVs....:rolleyes:
     
  25. ance

    ance formerly: fmon

    Joined:
    May 5, 2013
    Posts:
    1,360
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.