AV-Comparatives: Malware Removal Test 2017

Discussion in 'other anti-virus software' started by anon, Nov 2, 2017.

  1. anon

    anon Registered Member

    Joined:
    Dec 27, 2012
    Posts:
    7,970
    AV-Comparatives: Malware Removal Test 2017
    https://www.av-comparatives.org/removal-tests/
     
    Last edited: Nov 2, 2017
  2. mekelek

    mekelek Registered Member

    Joined:
    May 5, 2017
    Posts:
    518
    Location:
    Hungary
    surprised Tencent scoring higher than Kaspersky.
    now that i look back to other tests, Tencent been nailing them, hmm, some Chinese stuff
    anyone with any experience with it?
     
  3. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    8,591
    Location:
    U.S.A.
    Some noticeable low scores for big name products e.g. F-secure score of 72%. The one that doesn't make any sense to me is BD scored 93% and Emsisoft 78%. Doesn't EAM use BD's engine anymore?

    And as expected, Windows Defender scoring 70%; second last from the bottom.
     
    Last edited: Nov 2, 2017
  4. xxJackxx

    xxJackxx Registered Member

    Joined:
    Oct 23, 2008
    Posts:
    8,616
    Location:
    USA
    I'm not sure myself if they are still using it but I have seen it explained in the past that when something uses the same engine (BD in this case) that it may be an older version, or not the same definition set, so the scores will not necessarily be the same.
     
  5. mekelek

    mekelek Registered Member

    Joined:
    May 5, 2017
    Posts:
    518
    Location:
    Hungary
    this test is about malware removal, it has nothing to do with signatures, or at least have to do very little with it.
     
  6. anon

    anon Registered Member

    Joined:
    Dec 27, 2012
    Posts:
    7,970
    ^^^ This.
    ---------------------
     
    Last edited: Nov 2, 2017
  7. guest

    guest Guest

    EAM uses the current BD engine and definitions but not its cloud, and since BD relies quite a lot on it, it makes a noticeable difference.
     
  8. xxJackxx

    xxJackxx Registered Member

    Joined:
    Oct 23, 2008
    Posts:
    8,616
    Location:
    USA
    So it detects and removes malware with it psychic abilities? It still has to detect the infection and know what to remove and how.
     
  9. mekelek

    mekelek Registered Member

    Joined:
    May 5, 2017
    Posts:
    518
    Location:
    Hungary
    they're using already detected samples, infect the computer, and let the antivirus disinfect. you can read the variants on the 3rd page if i remember correctly.
    this test is solely about the disinfection of your computer.
     
  10. Nightwalker

    Nightwalker Registered Member

    Joined:
    Nov 7, 2008
    Posts:
    1,387
    Well said !
     
  11. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    8,591
    Location:
    U.S.A.
    Still doesn't "add up." Cloud usage would be of benefit primarily for detection purposes. Remediation is done after detection and blocking and done using locally employed methods.
     
  12. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    14,881
    Location:
    Slovenia, EU
    EAM is probably using only BD's definitions and not also their cleaning engine or algorithms.
     
  13. Azure Phoenix

    Azure Phoenix Registered Member

    Joined:
    Nov 22, 2014
    Posts:
    1,556
    Oh, so that explains it. I remember Fabian mentioning something regarding disinfection.

    Okay, I found a couple of post for those that are interested.

    https://www.wilderssecurity.com/threads/emsisoft-anti-malware-9-released.365088/page-4#post-2384016
    "The reason why we don't support "cure" as in disinfecting files that have been infected by an actual virus is because it isn't reliable. In addition to that, we also have to provide cleaning support for detections that our engine finds. As a direct result of both we decided to implement our own cleaning."

    https://support.emsisoft.com/topic/...s-mean-exactly/?do=findComment&comment=127903
    "Replace the file with the clean original. In 99% of all cases disinfection won't work anyways, mostly because during infection certain information are overwritten which can't be restored, that ultimately the cured file will not be the same as the original one, which will lead to all kinds of subtle bugs."

    This could explain why the results in this test are different from Bitdefender.
     
  14. guest

    guest Guest

    i was just answering the question about the engine and definitions used, not talking about their impact about the test result.
     
  15. Firecat

    Firecat Registered Member

    Joined:
    Jan 2, 2005
    Posts:
    8,251
    Location:
    The land of no identity :D
    None of the AV engine SDKs also include any "clean engine" components. Cleaning is based on scanning, independent whitelists, proprietary algorithms - each implemented by the product vendor. The AV SDK definitions do have some very generic cleaning algorithms as part of definition set but that will only work when your detection is very specific i.e. not a generic detection or heuristic one.
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.