AV-Comparatives: Whole Product Dynamic Test (2010)

I love it how F-Secure uses the same engine as BitDefender, but humiliates the BitDefender products. In every single aspect: detection, performance, interface, reliability, usability, price. One thing I really like about their Internet Security suite is the option they offer to install it without Parental Control.
Someone who uses BitDefender really is a fool .
(One thing I really don't like about F-Secure, is that it uses a lot of processes (just like AVG); and the uninstaller leaves too much traces behind.)

I am personally a little bit dissappointed with ESET. It did great all the time, except for the last month.
Also a nice performance again by Symantec.

 

Fine results by my two favorits

Anyone knows how F-Secure results compares to there Client Security?

 

Ha-ha . F-Secure must be kidding , really.




"User dependent" pop-ups in Norton clearly state files are most likely dangerous + SONAR will take action if a file is still allowed to run by the user

 

No, I think that getting 0,5 for every "user dependent" is just right and F-Secure won this test. As an ex-FS user I'm surprised, it used to be bloatware a few years ago.

The average users aren't going to block all Download Insight popups. And SONAR won't detect all malware out there.

Congratz to all which got Adv+.

 

F secure uses bitdefender or sophos engine ?

 

bitdefender and its own as well

 

Wow, difference is only a half of a sample (point)

 

I am very average. Average height. Average age. And I have 3.6 children, which is the national average. As a very average user I WOULD block all Download Insight popups.
~~~~~~~~~~~~~~~~~~~~~~~

But seriously - - - Any security program that directs its user's attention to a specific risk, & also describes that risk in reasonably clear terms, has THOROUGHLY done its job. IMO, to downgrade Symantec's performance was inappropriate on AV-C's part. That is, AV-C penalized Symantec for possible user failure.

If the user fails to act correctly when given clear & ample warning, that is NOT the security program's fault.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Reference statement: "SONAR won't detect all malware out there." IMO, the statement is inane. NO security app detects all malware. Moreover, the issue has nothing to do with the malware not detected but, rather, with the user's action in response to what actually WAS detected. Based on the totality of data reflected, it is my fervent opinion that Symantec did, in fact, do a tad better than F-secure.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

P.S. I am neither a user of Symantec nor a fan. But "fair is fair", & "give the devil his due", & all that sort of folderol, wot?

 

I thought you were 80. What's average about that ?

Al

 

What I meant was that SONAR wouldn't always block a malicious program which an user would decide to run despite getting a Download Insight popup. 3GUSER's post gives a feeling that if you allow a Download Insight popup, the malware will be blocked by SONAR anyway, which I'm certain of that it isn't always true.

You've been a Wilders member for 8 years, you can't really be an average user after that.

 

I am not anti-symantec but the results given by AV-C I feel are fair. Lets say a new messenger worm is going around, and a user gets a message from a friend (since they are infected) containing the worm. The user then attempts to open the file and see's that its blocked because of not many users in the Norton network have that file. So they think oh well its new because I got it from a friend let me hit launch this file anyway. They are infected now because they allowed the file because they are an average user.

If every user hit deny when they got that message you would not see Norton users at Malware Removal forums asking how to remove infection x (most commonly I see Backdoor.Tidserv).

Each tech will have its limits, and Norton largest weakspot is that it requires users to make decisions. They have a 50/50 chance of getting it right so since AV-C does not know what each user will do points get docked if it requires a choice. Its not like the rules are against Norton each product is against the same set of rules.

Either way congrats to the F-Secure team on the good results.

 

no, if user allowed file and sonar blocked it, symantec got 1 point. if user allowed and malware was not blocked, it got 0,5 (user decision, as it depends on what the user clicks). its written in general inside the report.
@3GUSER: you are not using NIS2011, in which the DI prompt looks a bit different (more unclear about what is recommended, now it looks to suggest to "run this program anyway").

 

Uh... yes I suppose my age is a few years younger than average.

 

As an Avira user I'm certainly satisfied wit its performance, always among the best. It is also great to have an organisation like AV Comparatives giving us arguably the most reliable environment to test real life situations (Thank you!).

The results, however, show how limited is the protection delivered by AVs. Their position is no longer as the main defense layer as they can't possibly catch all malware (98.7 for Avira means with bad luck one could have been compromised at least once in 25 instances).

Paradoxically most AVs become very effective a month in the future, as they have time to produce signatures for newly found malware. The bottom line is that Image backup, Sandboxing, Virtualization, Default/Deny policies are the only effective answers against new malware.

AVs have still an important role, and that is to check for known malware and therefore the speed of a company to produce new signatures from users notifications and others, becomes IMO the most important factor. I personally think the "On Demand" test is still very useful as it gives an idea of how well a particular AV recognizes existing malware.

 

What makes you think that "Run this program anyway" is the recommened one ?

P.S. IBK, I use Norton 2011 , the previous screenshot is from Google
Here it is a real example on virgin Windows 7 + updates + NIS 2011:

 

No , it can't be right . First , F-Secure has more Compromised than Symantec . Symantec has the least - just 13 of all the 1968 test cases.

1968 minus 13 = 1955

1968 minus 22 compromised for F-Secure = 1946


It is not fair to give 0.5 point when the programs (being it Norton , Kaspersky , AVG , ESET) think the file might be malicious and when they give clear statement that they do NOT recommend using the file.

In the case of Norton it would be fair to give 0.5 points only if it gave a clear message (like it gives now in 2011 Insight) and the user allowed the run the file but then SONAR didn't stop the threat.

Although it is not clearly written in the AVC report we can judge from the least compromised number (13) that Norton killed 1936 automatically , showed DI pop-up on 19 threats but SONAR also took action afterwards.

In case of F-Secure - it automatically with no user interaction missed 22 samples . Norton might have missed just 19 user dependant because of user mistake

 

Actually, it showed DI pop-up on 19 threats and SONAR let them through if the DI pop-up was allowed. At least according to IBK:

So it depends entirely on the user's action.

We all can have different opinions on this. For me I always take pop-ups like DI or KIS HIPS pop-ups very seriously, but I don't think all average users do so too. That's why I'm running KIS; I can use it effectively but for most users Norton/FS would be a better choice because KIS is so user dependent.

 

Norton is very good. Great job Symantec.

 

Ibrad , conditionts where a user need to make decisions are really rare . Norton is made for average Joe users and needs pretty much no user interaction .

As with the situation you describe , Download Insight very rarely would display a pop-up (as seen in the tests by AVC - in about 1% of the situations). Most times (in more than 99% of the cases) it would be a red direct action and something like WS.Reputation.1 , Suspicious.Cloud , WS.Heuristic.3 , WS.Emerging ... etc. When the product is sure , it will show this one:

 

plz read again what i wrote [if user allowed and malware was not blocked, it got 0,5 (user decision, as it depends on what the user clicks).]

 

I'm a NIS user, but to me, 0.5 point is fair enough. The fact that Norton gave a alert popup means it couldn't be 100% sure that the file was unsafe (or safe), otherwise, it could just do without the popup and block the file straight away.

All the AV that rely on heuristic and behavioural analysis would have a threshold set in which any file that exceeds it would be flagged as malicious. Then the question is, how do you deal with files on the borderline, or slightly below it? Let it through or give an alert popup?

So my presumption is perhaps F-Secure doesn't have this kind of system implemented. If only they too give a popup on borderline case, their score will be even higher.

Of course, more point can be given to such an "uncertain" file, granted, the system also deduct an equivalent point from safe file (not just from popular applications) that have been shown such an alert popup.

Even though I like F-Secure when I tested it months ago, but its impact on system performance was a lot heavier than NIS. For that, Norton is still a choice for me... even though both of them should be able to protect an "average" user sufficiently lol.

 

fsecure most certainly does have those kinds of systems, it just appears they did not recognize anything in this test that wasnt detected by the AV

 

Is the December 10th edition of the report the final version – or, will the testing continue through the end of this month with a final report issued in January, 2011?

 

final.

 

surely if a user decides to override the products recommended action that cannot be blamed in any way on the product tested(any product not just Norton):-any product used by anybody should be under the control of the user not the other way round,it is up to the user to make final decision and if that ends up with them infecting their PC then so be it,my daughter had probs the other way with Nis 2010,it deleted the software used to log on to her university account:-it was written by the university for that sole purpose and so was deemed unknown/malware by Nis 2010 and didn't offer any user interaction,the file also wasn't even quarantined just deleted hence she couldn't do some work she needed to do over the weekend