av-comparatives news

Discussion in 'other anti-virus software' started by IBK, Aug 8, 2006.

Thread Status:
Not open for further replies.
  1. IBK

    IBK AV Expert

    Joined:
    Dec 22, 2003
    Posts:
    1,819
    Location:
    Innsbruck (Austria)
    hi,

    i only want to inform you all that you should visit the website more often, as - beside the regular tests of february, may, august and november - also other test reports etc. are released from time to time (mainly always listed somewhere on this page: http://www.av-comparatives.org/seiten/comparatives.html). so stay tuned, i plan to release some more reports this month and at the 1st september the results/report for the august test. ;)

    cu,
    IBK

    (p.s. currently busy due the august test etc., do not expect that i answer within minutes like usual ;)).
     
    Last edited: Aug 8, 2006
  2. Acadia

    Acadia Registered Member

    Joined:
    Sep 8, 2002
    Posts:
    4,048
    Location:
    SouthCentral PA
    Thanks, IBK. :thumb:

    Acadia
     
  3. gre87y

    gre87y Registered Member

    Joined:
    Oct 27, 2004
    Posts:
    164
    Indeed , thank you :)
     
  4. pykko

    pykko Registered Member

    Joined:
    Apr 27, 2005
    Posts:
    2,236
    Location:
    Romania...and walking to heaven
    nice..I've just read some interesting stuff from July's release report. ;) ESET is among the first to add signatures, having about 16 updates per week and adding about 1300 defs/week. Symantec adds much more and so KAV but they have poor heuristics and this may be one of the reason. :)
    I've noticed something else also. KAV release sometimes updates with only 1 definition submitted by an infected user and McAfee(and I should say Panda also from my experience) includes in the e-mail a special signature for that user and then it releases it for general public also. Perhaps some others should do the same. I don't know if ESET reacts this way or not. o_O
     
  5. RejZoR

    RejZoR Registered Member

    Joined:
    May 31, 2004
    Posts:
    6,426
    I would argue about poor KAV heuristics since you obviously haven't read the KAV6 document which is two clicks above the one you're commenting...
     
  6. pykko

    pykko Registered Member

    Joined:
    Apr 27, 2005
    Posts:
    2,236
    Location:
    Romania...and walking to heaven
    it's about PDM and I've read it. ;) I've clicked everywhere on av-comparatives.org site. :p But I'm talking about heuristics not Proactive defence module (there are similitudes but they are different from many points of view). you will say the PDM is more effective etc but I don't like to be prompted everytime even on legitimate files and process. On my first run of KAV it prompted me when I tried to launch Yahoo! Messenger (injector, bla, bla). If I get these I don't think I can trust it too much (prompting almost on everything of course it will catch malware also)
     
  7. RejZoR

    RejZoR Registered Member

    Joined:
    May 31, 2004
    Posts:
    6,426
    Oh for crying out loud, PDM is NOT asking you for every legitim stuff. In fact it never DID compared to all the false positives by heuristics.:rolleyes:
     
  8. edwardk

    edwardk Registered Member

    Joined:
    Aug 1, 2006
    Posts:
    36
    Who is AV-comparatives and how accurate is their research?
     
  9. Don Pelotas

    Don Pelotas Registered Member

    Joined:
    Jun 29, 2004
    Posts:
    2,257
    They (or he) is a test org and one of the better there is.:)
     
  10. IBK

    IBK AV Expert

    Joined:
    Dec 22, 2003
    Posts:
    1,819
    Location:
    Innsbruck (Austria)
    its anyway something completly different with different approach. when kav will release their new heuristic in near future, it can be compared with that, but not with pdm plz.
     
  11. phasechange

    phasechange Registered Member

    Joined:
    Aug 10, 2004
    Posts:
    359
    Location:
    Edinburgh
    PDM? Proactive Defence Module? or something?
     
  12. IBK

    IBK AV Expert

    Joined:
    Dec 22, 2003
    Posts:
    1,819
    Location:
    Innsbruck (Austria)
    definitly "they", as listed in the about_us section ;) I would be unable to do all this work alone. even as it is now with the little "team" it takes much.

    yes, PDM = Proactive Defence Module
     
  13. RejZoR

    RejZoR Registered Member

    Joined:
    May 31, 2004
    Posts:
    6,426
    Since when does "approach" make any difference between one and another eh? Guys at Softwin, ESET and Norman are runing entire systems emulated and monitored. It's still behavior blocking with only difference that it's performed inside virtual environment. Yet we treat them as "heuristics".
    But KAV is running it on host level and is always out of the league for what reason exactly? Just because it's host based and not emulated? What makes regular heuristics so damn better than behavior blocker engine in KAV?
    Coz honestly apart from superior detection of later one, i don't see a single thing.
    You guys may think whatever you like but as i've cracked the ITW and ZOO stuff months ago i'm cracking up heuristics definition this time. The core behavior blocker is NO different than any of above heuristics. Has anyone ever got hundreds of popups with Panda TruPrevent. No? Wait, isn't that behavior blocker too? Em no? Last time i hear it was. So whats now? :eek:
     
  14. IBK

    IBK AV Expert

    Joined:
    Dec 22, 2003
    Posts:
    1,819
    Location:
    Innsbruck (Austria)
    for you it may be just a small difference, but imo it is a BIG difference between virtual emulation and behaviour blocking. emulation can identify viruses, most BBs will usually not be able to block e.g. viruses. :ninja:
    if it would be the same and as you say better than traditional heuristics, why would KAV add a better heuristic to their product?

    as behaviour blocker yes :D (at least in past, dunno now)
     
  15. RejZoR

    RejZoR Registered Member

    Joined:
    May 31, 2004
    Posts:
    6,426
    Yeah they can detect viruses but for most of the time they mis even the most obvious ones. And it's not like we have 300 file infectors every day... :rolleyes:
     
  16. dah145

    dah145 Registered Member

    Joined:
    Jul 3, 2006
    Posts:
    262
    Location:
    n/a
    KAV PDM acts practically as HIPS software, something I like along with the excellent AV detection rate that KAV has. :thumb:
     
  17. veri

    veri Registered Member

    Joined:
    Aug 3, 2006
    Posts:
    138
    Fantastic, I've been waiting on your results to decide whether to stay with Nod32 or switch to KAV, SAV CE, or BD. :D
     
  18. RejZoR

    RejZoR Registered Member

    Joined:
    May 31, 2004
    Posts:
    6,426
    You can install legit program that uses startup entries and KAV won't warn you at all (basic mode). But if you run some trojan that also uses startup it will warn you (again basic mode). So where is the warning on legit app? I haven't seen it. Registry control is completelly separate thing from core behavior blocker...
     
  19. pykko

    pykko Registered Member

    Joined:
    Apr 27, 2005
    Posts:
    2,236
    Location:
    Romania...and walking to heaven
    Agree with you IBK ...there are some differences between PDM and heuristics and KAV is doing a good job as well as other AVs. I don't think we should quarrel on this. :)
     
  20. IBK

    IBK AV Expert

    Joined:
    Dec 22, 2003
    Posts:
    1,819
    Location:
    Innsbruck (Austria)
    Hi,

    I again strongly suggest to visit the website , I uploaded another report (see the 2 reports of July). ;)

    regards,
    IBK
     
  21. CloneRanger

    CloneRanger Registered Member

    Joined:
    Jan 4, 2006
    Posts:
    4,833
    Thank you i will visit
     
  22. RejZoR

    RejZoR Registered Member

    Joined:
    May 31, 2004
    Posts:
    6,426
    Actually Bakaver is not the only one. I remember one sample on Malware Research that had identity problems. Some AV vendors said it's clean, others that it's indeed malware. And if i remember correctly it wasn't anything near polymorphic file infector type...
     
  23. rothko

    rothko Registered Member

    Joined:
    Jan 12, 2005
    Posts:
    579
    Location:
    UK
    damn the not knowing who is which vendor, i feel teased
     
  24. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,802
    Location:
    Texas
    One post removed.
     
    Last edited: Aug 22, 2006
  25. IBK

    IBK AV Expert

    Joined:
    Dec 22, 2003
    Posts:
    1,819
    Location:
    Innsbruck (Austria)
    To anyone: please do not try to tell to others who is behind which number. The report was censored due good reasons. IC said which number stands for F-Prot. But it should not been said who is behind other numbers (also not guesses, hints , etc.) - this is to protect the companies (and somehow also myself) against bashing from other companies relying on a statistical insignificant test. Thanks for understanding.

    @IC: will talk to u tomorrow on MSN ;)
     
    Last edited: Aug 17, 2006
Loading...
Thread Status:
Not open for further replies.