AV-Comparatives ~ Protection-Test Overview March-June 2012

Discussion in 'other anti-virus software' started by malexous, Jul 19, 2012.

Thread Status:
Not open for further replies.
  1. malexous

    malexous Registered Member

    Joined:
    Jun 18, 2010
    Posts:
    828
    Location:
    Ireland
  2. JoeBlack40

    JoeBlack40 Registered Member

    Joined:
    Apr 1, 2009
    Posts:
    1,572
    Location:
    Romania
    Wow,Bifdefender placed first...and GData with 2 engines is right behind it.Well done and congratulations Bitdefender!
     
  3. trjam

    trjam Registered Member

    Joined:
    Aug 18, 2006
    Posts:
    9,057
    Location:
    North Carolina
    congrats to Bitdefender, or anything that has it inb it.;)
     
  4. treehouse786

    treehouse786 Registered Member

    Joined:
    Jun 6, 2010
    Posts:
    1,388
    Location:
    Lancashire
    whats up with WSA? pretty sure the old PrevX 3.0 would have fared better even though it had a quarter of the bells and whistles WSA has.
     
  5. Amin

    Amin Registered Member

    Joined:
    May 16, 2012
    Posts:
    437
    Location:
    UK
    :thumb: :thumb:

    Bitdefender reached the place it deserves. :thumb:
     
  6. malexous

    malexous Registered Member

    Joined:
    Jun 18, 2010
    Posts:
    828
    Location:
    Ireland
    Even Webroot Internet Security 7.0 performed better in protection in previous reports.
     
  7. The Seeker

    The Seeker Registered Member

    Joined:
    Oct 24, 2005
    Posts:
    1,100
    Location:
    Adelaide
    A detailed explanation can be found here.
     
  8. treehouse786

    treehouse786 Registered Member

    Joined:
    Jun 6, 2010
    Posts:
    1,388
    Location:
    Lancashire
    wow what a load of tosh, so their defense from this result is that WSA is better at removing threats and that the samples were added soon after the test? unfortunately for them the other companies added the samples before the test.

    that was a painful read.

    seems like i was right to drop WSA as in testing it seemed to be highly buggy. maybe WSA bugged out in this test as that is a dreadful result, cant see the old prevx team missing so many samples so i put it down to a bug (hopefully).
     
  9. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
    No, it's that you're still protected even if you're the first user to see a threat across the user base.
     
  10. Thankful

    Thankful Savings Monitor

    Joined:
    Feb 28, 2005
    Posts:
    3,731
    Location:
    New York City
    If your system has been compromised, how are you protected?
    No vendor is able to completely undo system changes done by malware as evidenced by AV-Test.org removal scores.
     
  11. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
    AV Test first infects the system, then installs the product. It doesn't handle the case where the threat entered while the product was installed or disabled. During that time within WSA, it's transparently sandboxing the process so that it can take it out as soon as it rechecks with the behavior data. If this was tested with WSA, we would score 100% every time (not to mention the generic identity security which also blocks threats from stealing information in the meantime - a surprising number of threats in these AV-C tests are Zeus Trojans which are generically blocked from doing any harm by WSA).
     
  12. King Grub

    King Grub Registered Member

    Joined:
    Sep 12, 2006
    Posts:
    814
    Of course you would.
     
  13. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
    We're working on getting a firm to specifically publicly test these aspects of the product. I know we've done demos for some of our Business clients but I don't think any of them have been recorded. The results are dramatically clear as soon as you see them.
     
  14. treehouse786

    treehouse786 Registered Member

    Joined:
    Jun 6, 2010
    Posts:
    1,388
    Location:
    Lancashire
    so your saying that WSA protects you from every Zues variant? bold statement.

    what about file injectors like Sality? so if all my pictures got infected with an undetected Sality infection then WSA could return all the pictures to normal? and would it also decrypt my data folder should a rogue encrypt it? 100% my bum

    i will test an undetected new varient of sality against the repair capabilities of WSA and if it cleans all data files then i will donate £10 to charity in WSA's name.

    someone as knowledgeable as you should know better than to use phrase "100%" on a security forum
     
    Last edited: Jul 19, 2012
  15. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
    Yes it would. Ransomware infections are fully reverted, as are file infectors. Zeus' attacks are blocked generically, as are those of Carberp, Silon, etc.
     
  16. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
    Sounds good - if we don't detect it, you can use the Manual File Cleanup feature to add a local override for it.
     
  17. treehouse786

    treehouse786 Registered Member

    Joined:
    Jun 6, 2010
    Posts:
    1,388
    Location:
    Lancashire
    @PrevxHelp

    cheers for replying, although making a 100% statement is crazy in my eyes, it does mean you have massive marbles :thumb:
     
  18. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
    Ive also tested it against Sality and Virut myself so I already know the results :) And yes, 100% over time is logically likely not possible, but we've seen what these tests have covered and have tested them ourselves.
     
  19. TonyW

    TonyW Registered Member

    Joined:
    Oct 12, 2005
    Posts:
    2,634
    Location:
    UK
    While some of us discuss the claims and validity of one vendor, let us not forget that many new samples remain undetected by other vendors, even after a few hours. This has been clearly shown by Nossirah on the Malwarebytes forums in two simple tests he conducted to demonstrate this point.
     
  20. kdcdq

    kdcdq Registered Member

    Joined:
    Apr 19, 2002
    Posts:
    657
    Location:
    Southwestern Massachusetts
    I am very pleased that the excellent Webroot support staff have already posted not only the AV-Comparatives testing methodology but why their WSA product did not do well in this test. :thumb:
     
  21. Blackcat

    Blackcat Registered Member

    Joined:
    Nov 22, 2002
    Posts:
    4,010
    Location:
    Christchurch, UK
    I wonder if Ahn Lab have similar unique detection techniques to explain their relatively poor score? :p
     
  22. SLE

    SLE Registered Member

    Joined:
    Jun 30, 2011
    Posts:
    361
    Much marketing...

    "Of the 68 misses, 34 of the files were seen for the very first time during the test".
    So what? 34 were known but no protection at the moment of testing and other products detected more, over months, as the results show. Have other vendors better monitoring systems, better sources and/or even a "greater" cloud?

    We have 2012 - many other vendors have large cloud systems, urgent detection and analyzing systems, cloud based behaviour detections etc. - so what makes WSA unique?

    And a rollback hours later...nice but also nothing unique. And sometimes too late.
     
  23. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
    A great deal of this is down to geography - WSA is still not officially launched into European countries so we tend to see threats from those areas later than other vendors simply because they didn't affect our users. To us, it isn't as important to just block a random file if it hasn't been seen by our customers. Other vendors have very strong user bases in these areas and will therefore have customers affected by these threats far earlier than us, giving them more lead time to block the threats.
     
  24. Rompin Raider

    Rompin Raider Registered Member

    Joined:
    May 6, 2010
    Posts:
    1,228
    Location:
    North Texas
    He speaks the truth...and you don't have to experience "hardening of the arteries" because the system is so slow as is the case with some of those "leaders".;)
     
  25. MeAgain

    MeAgain Registered Member

    Joined:
    Sep 2, 2011
    Posts:
    62
    So does this mean free products with BitDefender and Kaspersky engines would do well too? Particularly Roboscan for Bitdefender, and Zone Alarm Antivirus with Firewall Free 2013 for Kaspersky. I'm not sure they have some of the other protection offered by paid versions like behavior blocking and heuristics. Thanks.
     
Loading...
Thread Status:
Not open for further replies.