Av-Comparatives: Retrospective/Proactive Comparative May 2010

No, users shouldn't rely on an antivirus to "protect" them from threats, everyone gets bit at least once. Unless the user starts to understand how things work, there will always be infections no matter the AV.

Pardon me if I offend anyone here, this will be my last post... An antivirus does have its place, but not fullproof

 

Avira always delivers and consistently, thats been the salient feature of Avira and the reason I recommend this to all those on Windows.

 

For me i think the big come back is BitDefender with its version 2010, much sucessfull in the last 4 tests with Adv+ and the news is it has vers few Fps...
+1 BitDefender...

 

Thanks a bunch for the heads up

 

Yes, but there is room for improvement ...

 

I agree there's never been a test where Avira performed badly, I wish they had tested V10 rather than V9.

 

There will be always discussions about how useful these tests are in order to help us decide which AV to use. But there is one important benefit...these tests put some pressure on the vendors...at least I hope.

 

Congrats to all AV companies which scored an Advanced+ in this test.

Given that 63% is the best result, this shows that one has to use an AV which provides different layers of protection like reputation or behaviour detection in order to be protected.

AVs like Avast and Avira should include a real behaviour blocker in order to protect their users in the real world and to remain competitive, otherwise it would be better to switch to MSE.

However in reality AV companies are definitely losing the war against malware writers! Fake AVs seem to be very prevalent these days and these rogues are detected neither by heuristics nor behaviour blockers, so it is impossible for AVs to keep pace. The problem is further compounded by the reluctance of users to learn about security issues. As a result there are a large number of infected users asking for assistance in AV support forums and this testifies how critical the situation is.

 

aviras test was bad.
last from november, 74 % now 53.
for me, avira is the loser

 

yeah, but we are going to eat our Wheaties, and come back stronger.

 

Avira v8 : 69% tested against 22K samples
Avira v9 : 53% tested against 27K samples there is huge difference and infact malwares have evolved too.

 

Norton improved by 7%

 

I knoiw it has been said before but retrospective proactive on-demand testing is of little relevance to the actual protection offered by any of the products tested. These tests are of most interest to the software vendors who submit their products, and designate settings, for testing.

Its a bit like telling Italy's 2006 team that they have to play in this year's World Cup, and BTW, no half backs and your goalkeeper will be blindfolded.

 

Incorrect. It is infact the most relevant test as it measures the likely hood of the AV product in specific to detect a 0 day threat before analysis. Detecting 100% of yesterdays threats is usually useless in today's fast moving world.

 

haha.. I like this analogy....

 

I'm with PC_Pete on this one. At best, I find the test interesting and they show SOME of the AVs' capabilities to detect unknown threats, but on-demand scanning of unknown threats isn't testing the AV properly.

For example, I use NOD32 and have seen numerous examples where it has blocked a zero day web attack, but if I then perform an on-demand scan of that sample it isn't detected. There are other components at work to protect you (depending on your AV of choice) and this is just a test of the on-demand abilities.

AV-C has one dynamic (i.e. real world) test on their site from Dec 2009 and I seem to recall IBK saying there would be more to come, but clearly that type of testing is hugely time consuming and more expensive to conduct, plus is likely to include a reduced sample size (the Dec 2009 sample size was 100).

That said(!), thanks to AV-C for this test, always interesting to read.

 

I noticed this as well, and do not know how the duplicate comments occurred. For better or for worse, I am the author of the comment “While the battle against malware remains challenging, from these results you cannot infer...”. Somehow guest incorporated the same comment into his post, and apparently forgot the attribution. (Nothing more than an honest oversight, I am sure.)

 

From my perspective, this test does not measure the actual likelihood of detecting a zero-day threat, because the test cripples the anti-malware product by prohibiting the use of in-the-cloud information in the detection process which would occur under normal usage conditions. As a consequence, the results are “of little relevance to the actual protection offered by any of the products tested,” as stated by PC_Pete.

On a general note, it seems to me that AV-Comparatives -- an excellent organization -- may be mired in their own history, conducting such tests because that’s the way they have always done them. Years ago, it made sense to seek to separately test the component functionality of anti-malware products, but today that approach seems to be considerably less justifiable. Anti-malware products now consist of a set of interrelated subsystems which are not additive but multiplicative. As a consequence, you can’t infer the behavior of the whole from testing the parts -- a 'decomposition fallacy' based on reductionism, in my opinion.

 

Doubt it: https://www.wilderssecurity.com/showpost.php?p=1644783&postcount=174

 

I wonder about the frequency of zero day infections, and whether the average user would ever experiece it. Personally I doubt it.

The test is germane as to the overall protection of an AV, but I do not worry about it, and would not change my AV for the differences in the top several.

Regards,
Jerry

 

Your grasp of superlative and cliche is evident.
Are you by any chance a political speechwriter?

 

I take that post and others by IBK to mean the sample size will be bigger than the 100 from the Dec 2009 dynamic test.

I mean that the sample size is likely to be smaller than the other main tests, such as this Proactive/Retrospective Test (27,271 samples).

 

I am going to repeat something I said on page 2:

Also the relevance of zero-day malware is often exaggerated, there aren't many people attacked by zero-day malware. Older malware is still the biggest threat for pc users.

If you look around with what actually really threatens normal people, that is older malware, not zero-day, one-day, two-day or whatever. All malware on LimeWire, porn sites, download sites, torrents in e-mail attachments keygens and cracks and so on are older malware.
If you want to get zero-day malware you really have to search for it on the dark side of the web: malware domain lists or other shabby sites.
That is why the following combination is still enough for normal pc users: a well protected network (preferably by a modern router), an up-to-date Windows operating system (preferably NOT Windows XP, but Windows 7), up-to-date applications (Adobe, Java, Microsoft products), an up-to-date Tier 1 antivirus (Internet Security suites are quite handy for normal users).

 

I curious to know if there exist any research investigations supporting this assertion. It seems contradictory to the trajectory of the evolution of malware which is increasingly polymorphic -- i.e., malware that mutates into unique instances, each of which has never been seen before and is by definition “new” rather than “older.”

Additionally, consider that “Symantec created 2,895,802 new malicious code signatures in 2009, a 71 percent increase over 2008.”

 

How many new malware is created or being detected doesnt say anything about how many people are actually attacked by that zero-day malware.

Catalin Cosoi, head of Online Threats Lab of BitDefender: "As odd as it may seem, zero-day attacks are not even by far the most important vector of infection." (Softpedia Exclusive Interview)