AV-Comparatives Whole Product Dynamic Tests updated

Correct. However, testing protocol has been agreed with AVAST. Probably best to complaint to AVAST that accepted this methodology.

 

Like they had much choice. It's not like AV-C will change the methodology because of one vendor which uses tech no one else does.

 

Actually I guess that is exactly the reason for the protocol. So both party were happy about how to perform the test. Again, best to adress this directly to AVAST. I am sure they will explain why this approach. Let us know! Please...

 

Yeah well, count whatever you want, i also count user dependent decisions as protection (for all vendors, not just avast!). It's there for protection and in most cases it's counted as user dependent even though you don't really have much to choose...

 

I guess you don't pay attention to this forum cause I was using Avast. I have been using since version 6. Recently switched to BD cause I got it for only $7.

 

As I have previously stated stop looking at this through your eyes and look at from the average user perspective. The average user when looking at the chart sees green as good. Green usually always represents good.

 

That definitely sounds likes a user-decision to me and you are correct, its anybody's guess what the user will do. Most want to run that keygen/crack and will choose "Allow".

 

And yet it is the average Joe that is perpetually getting infected. So obviously, it is not "working" for them at all. Rather it is the people using "user dependent" methods such as Comodo D+ & Sandboxie that are running clean boxes.

And for the record, I get about 1 popup per month from Comodo. When svchost.exe needs to connect outbound for Windows Update. Once you fine tune your rules your user dependence phase is over. I do agree though, that this is beyond the average Joe's capability. But let's face it, the people engaging in this discussion are not average Joes. To us user dependent = good as gold.

Heck, you could call my entire setup user dependent, since I have no real-time AV. I rely on SRP, LUA, Sandboxie, Comodo FW/D+, and hardening measures. And it's been 100% effective for the past 8 years. For me the entire bar would be yellow... and that's just fine with me.

 

Remember just cause you mange to stay virus free doesn't mean your security setup is effectively working. Do you visit malicious URL sites everyday? I haven't been infected on over 10 years. If you use common sense the chances of you running into malware is slim to none. I went a full year with no real time security and never got infected. Now if your security is throwing off alerts on a dally or weekly basis you better rethink your surfing habits.

 

Oh for god sake, just stop talking, because you're all talking rubbish. There is NO option to allow or disallow things. It's always auto sandboxed and auto analyzed.
There is no user selectable controls, user has NO control over it. Period.

I suggest everyone to try avast! and see how it actually works instead of talk about something you have no clue about.

 

There are different situations.
Here is one example:http://postimage.org/image/4cyqas6or/

 

It doesn't matter. Whatever you pick, the file will be excluded and virtualized analysis will not repeat ever again.

If you pick "Continue executing" it will re-run it straight away without sandbox.

If you pick "Close" it will not do anything. File will remain where it is and will not be blocked, quarantined or in any way restricted.

If you run the file again by double clicking it, you won't see this dialog again and the file will run as usual.

After we were talking with avast! team, their idea was to remove this dialog altogether to make the whole thing even more transparent to the user. But whatever you pick now it's not really user dependent since everything that had to be done was already done even before you got a chance to see this dialog.
Meaning users doesn't really have any control over it, you just pick if you want to run it right after analysis or not.

 

Maybe you misunderstand what is being told here.
Yes, the file was first autosandboxed. But if user after the autosandbox analysis (which came to the conclusion that the AV has no idea wth the file is) the user chooses to continue execution, the system is compromised. If he decides to close the program, he is not. So it is up to the user. In other words, user decision.
If after the autosandbox analysis there is the verdict that the file is malicious and blocked (which sometime happens), then it is counted as blocked, not as user-decision.

 

There is actually a moment in which (if the sandbox analysis does not find any potential malware) the users has to decide to run or not the executable. Pretty clear indeed. Thanks for the explanation, it sounded too weird otherwise

 

Thank you IBK. RejZor no one is picking on Avast. My point was that any program which allows user intervention to work effectively is very dangerous. CIS in the hands of a noob is dangerous. I used Avast for a long time and I thinks it's awesome. But facts are facts. It scored 93% on its own. Argue with AVC then and not us. I feel a Melih syndrome is playing a role here.

 

Exactly!
Just the way I´ve explained.

The dialog say:
We did not find enough evidence to identify the file as malware [during the time the process was running in sandbox]
"However, you should still use extreme caution when accesing it"

The default button seems to be the "Close button" according to the screenshot. So, obviously the other option is dangerous

Even say the reason of AutoSandboxing! : Low File Reputation

 

It's a bit unfortunate to see this thread turned to an avast discussion.

For your information, we analyzed the samples that fell into the user-dependent category, and the conclusion is quite interesting. Due to an unfortunate bug introduced a while ago, the samples were being correctly detected in the English version of Windows (on which our lab tests are based), but did not work e.g. on German version of Windows (which Andreas probably used). We have fixed the bug already (thanks Andreas for pointing us to the right direction). Hopefully, we will see better results for for the upcoming months.

Cheers
Vlk

 

Hi Ondrej, no, the WPDT runs on English OS.
So, we should continue investigating the issue by email to make sure that you fixed it or if there are other bugs.

 

So in that case user dependent is a quite fair classification.
Because avast doesn't tell you anything clear and you can simply re-run and get infected it could also be count as fail. If the program says "Not enough information, be careful..." at least I wouldn't count this as protection.

 

+1

 

now what is true?? rejor's statement or IBK statement?? and what av-comparatives is doing in reality?? counting the analysis toster box as user-dependent or the result after analysis as user dependent??

and since av-c test PC's use english language where does the bug reside??

 

Both.
IBK postet a screenshot of the behaviour which was counted as user dependent.

RejZoR' added "Whatever you pick, the file will be excluded and virtualized analysis will not repeat ever again."

So it is more than fair to count it as "user dependent" because there is no protection only the info: We have no real information, maybe it is good to be careful.

Cause we are talking about real world tests: What would average Joe do? He believes he downloaded a pretty cool tool/movie etc. and his AV tells him nothing special... IMO most users will run/rerun it. And if we add some experience with such messages that often appear on good but unknown apps even more users will run. So IMO you could never ever say "pass"

 

I'm sorry to sound like a troll, but seen as this thread has allready been hijacked by Avast! Questions I feel more comfortable. I don't see how anyone serious about keeping their machine safe can even contemplate installing Avast!

 

Because it's a great free antivirus? It's light, and has a great detection rate, not just here but on AV-Test. Nothing got past it when I used it on my PC, and it saved my stepdad's PC from some really nasty malware too.

 

Of course you have countless proofs to back that up right?