AV-Comparatives: Real-World Protection Test - May 2017

Nice job for free avast, AVG, Kaspersky

 

avast & AVG scored
as high as
Kaspersky, Trend Micro, and F-Secure.

 

Yes, that is true my friend.

 

In my opinion, given the high rates of detection and consistent good results of EM, for an average user, most (if not all) of such 'user dependent' prompts will always be real threats.

 

Since installation, I only got prompts for legit operations. Once it was Macrium update, twice Tor browser after update. So it seems that files with low reputation ( as just released updates ) could cause problems to users if they were among first that encountered specific file.

 

Trend Micro 12 FP and F-Secure 37 FP have been having a real problem with FPs for years at least when tested by AV Comparatives. Within these parameters Kaspersky has been unbeatable so far.

 

2 engines = 110 % detection!

 

It's only one engine now....

 

Emsi only uses BD engine for signatures and on-demand stuff like heuristics and B-HAVE. Otherwise it's an original product, it doesn't even use BitDefender's Anti-Rootkit. The BD products are doing well because eScan uses CYREN cloud, and Lavasoft and eScan both use Active Virus Control. As you all know BullGuard develops NovaShield and F-Secure has it's own research division which is pretty active.

 

There should always be a question of how old are the samples used in the test. Obviously if the samples are a week or two old the test would have no real validity since in all probability these malware no longer exist in the Wild outside of malware repositories and testing scenarios.

So how to get an idea of the age of the malware samples used in the test? Easy- First- note that even the best product that ONLY works through traditional AV routine of detection by definition can obviously not detect malware for which it has no definitions.
Second- look at the products used for the test, and consider just those products WITHOUT any supplementary protection (like HIPS, etc). Find out the percent detection for the best product in this class.

Then all you have to do is to subtract that number from 100 to find out how many samples that are close to zero day were used.

 

I wonder despite all the complains with tests nobody does something different.
What is the validity then of a youtube video with a few samples to test a product? if it's 0, why those videos exist?

 

And apparently it's able to score this high without the need for Win SmartScreen. As expected, no one bothered to ask if it was enabled or not, all of a sudden it's not an issue anymore.

 

I believe they are now testing w/SmartScreen enabled. This would account for the recent increase in MSE test scores. Perhaps AV-C will confirm.

Also, this test was done on Win 7, so native SmartScreen protection is N/A. They don't specify browser used so I assume it is IE11 which would have SmartScreen enabled by default. Now if the browser used was Chrome or Firefox, suspect a much lower score would have resulted.

 

Chrome.

 

So @Rasheed187 you are correct. SmartScreen use is irrelevant.

 

At the age of Windows 10, especially after Creators Update, the fate of third party AV is doomed. The built-in anti-malware mechanism is highly integrated with the OS itself. It's been harder and harder for third party AV to get integrated into the OS in a manner that won't broke the OS.

Anyway, AV sounds like a thing of the Windows XP/7/8 era. In 2017, you can safely forget about it, especially when you use a standard user account and don't click-happy (use your brain) on the net. Think about Linux/MacOS. Eventually Windows 10 is going to be the same (security-wise).

 

No, development just got tougher and gained a few additional APIs. It's still possible to take control of almost everything Windows Firewall and Windows Defender does, you just need to use some more APIs for it....If you can crack the code of complex malware, Windows APIs should theoretically be a cakewalk. Unless some of these companies have been selling us snake oil all these years.

 

Would be interesting to know, because when Win Def scores bad, people often say it's a basic AV. And if SmartScreen is now enabled, I also wonder if they consider it a pass if it warns that a certain app "might not be safe".