AV-Comparatives Polymorphic detection test

Discussion in 'other anti-virus software' started by Firecat, Apr 21, 2007.

Thread Status:
Not open for further replies.
  1. Firecat

    Firecat Registered Member

    Joined:
    Jan 2, 2005
    Posts:
    7,927
    Location:
    The land of no identity :D
    Well, I was looking through the Februrary 2007 comparative again, and I found something strange in the Polymorphic detection test. I am hoping that Andreas can help me in understanding this somewhat.

    My doubt lies with the detection rates of TrustPort Workstation edition on the Polymorphic test set. TrustPort uses the Norman, BitDefender, and AVG+Ewido engines, but we'll leave Ewido out of this because I do not think Ewido detects polymorphic viruses. :)

    Now, here are the peculiarities I notice:

    1) W32/Zelly.A - TrustPort detects 95.2% according to the report. Norman detects 0%, BitDefender detects 0%. However, AVG detects 95.0%. I am wondering where this 0.2% change comes from, because neither BitDefender nor Norman detect any strain of Zelly. o_O

    2) W32/Insane.A - Here, TrustPort detects 65.7%. BitDefender detects 65.6%, Norman detects 58.1%, and AVG detects 75.2%. Given that TrustPort uses all three engines, the expected result was that TrustPort should have been better than AVG. But it remains only slightly ahead of BD. Any idea of why this should be? o_O

    I hope IBK can shed some light on this issue. :doubt:

    P.S. I see that AV-comparatives site has been updated with a new article on AV testing sites. Very nice! ;)
     
    Last edited: Apr 21, 2007
  2. IBK

    IBK AV Expert

    Joined:
    Dec 22, 2003
    Posts:
    1,818
    Location:
    Innsbruck (Austria)
    if i remember fine it was:
    1) due rounding percentages but also
    2) because of last minute updates and slightly delay of update release between the various vendors (original vendors - third party vendor updates).
    Therefore Trustport detected a bit lesser than the original engines.
     
  3. Firecat

    Firecat Registered Member

    Joined:
    Jan 2, 2005
    Posts:
    7,927
    Location:
    The land of no identity :D
    Thanks for that. So the 95.2% acquired by TrustPort for Zelly.A (in relation to AVG's 95.0%) is due to rounding percentages?

    Also, how did the vendors know the exact date and time of your testing in order to release a last-minute update that covered this malware? I mean, it is understandable if they release it say 1 day earlier, but 1 day is more than enough time for TrustPort to receive the updates :doubt:
     
  4. IBK

    IBK AV Expert

    Joined:
    Dec 22, 2003
    Posts:
    1,818
    Location:
    Innsbruck (Austria)
    they do not know exactly when.
    they get updated at the same moment.
     
  5. aluckystar

    aluckystar Registered Member

    Joined:
    May 30, 2006
    Posts:
    66
    Location:
    Paris of the East
Loading...
Thread Status:
Not open for further replies.