AV-Test Certifications for the 1st Quarter 2011 (Windows 7)

Discussion in 'other anti-virus software' started by King Grub, Apr 15, 2011.

Thread Status:
Not open for further replies.
  1. littlebits

    littlebits Registered Member

    Joined:
    Jul 7, 2006
    Posts:
    262
    Completely agree, something is badly wrong with these test results.
    When a single engine scores higher than a multi-engine that uses that single engine then the results can not be trusted. Same applies to F-Secure that uses BitDefender and their own engines. Both GData and F-Secure should have had a higher score than BitDefender.

    What is even stranger, on some other AV testing sites Avast had better protection than BitDefender. When GData was tested on them, Avast engine had a better detection rate.

    So I'm starting to get sick of all of these AV testing sites, they never agree on results. Each one has a different top pick.

    Thanks.:D
     
  2. Boost

    Boost Registered Member

    Joined:
    Feb 2, 2007
    Posts:
    1,294
    Antivirus tests and their detection rates are laughable,period. Good software in the day,but with todays sandbox / virtulization programs, totally not needed.
     
  3. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    123,596
    Location:
    Texas
    Antimalware programs are still useful for a goodly amount of computer users.

    All these myriad of tests could probably be dispensed with though. :)
     
  4. Boost

    Boost Registered Member

    Joined:
    Feb 2, 2007
    Posts:
    1,294
    On demand tools,are of good use,I'll agree to that :thumb:
     
  5. dazed1

    dazed1 Registered Member

    Joined:
    Mar 2, 2011
    Posts:
    161
    Absolutely true :thumb:


    Also very true..
     
    Last edited: Apr 15, 2011
  6. J_L

    J_L Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    8,738
    Some more interesting data to process when making decisions on AVs.
     
  7. Osaban

    Osaban Registered Member

    Joined:
    Apr 11, 2005
    Posts:
    5,376
    Location:
    Milan and Seoul
    I share elapsed's skepticism towards AVs tests, and I agree with you the AntiVirus first defense line has done its time in terms of real protection. One can only rely on AVs as a "second opinion" therefore on demand scanners can still be the only way to detect malware if it is recorded in their database.

    It goes without saying that to have an on demand scanner which might be useful one needs to have an active company behind it which makes money through sales. I use my AV most of the time on demand nowadays, but I'm planning to support them even though it is not required. MS should be rich enough to maintain its AV on the current free model.

    Just one more thought: How much malware have you encountered in the last year? Browsing the web I had one single instance with no consequences. Feeding malware by thousands in a test is to say the least unrealistic and of course the ones without signature won't be detected. What is the probability to run into a "0 day"? I believe that if I'm not looking specifically for malware on specific malware sites, it would be a very rare occurrence.
     
  8. Sportscubs1272

    Sportscubs1272 Registered Member

    Joined:
    Apr 9, 2007
    Posts:
    341
    I have been using Avast Internet Security mainly because I won a Facebook contest a few months ago. I haven't really faced a threat while using the program. I think the sandbox should be a little more friendly compared to Sandboxie. I like the automatically delete the contents function with SB. I have to fumble through a couple of directories inside Avast to delete their sandbox contents. I wasn't able to use SB for a while until the latest update because of a conflict between the two programs. I thought both had similar performances and I was able to surf w/out any problems. Would you think that the cyber criminals would find a way to break the auto-sandbox and regular sandbox to get into the system?
     
    Last edited: Apr 15, 2011
  9. xorrior

    xorrior Registered Member

    Joined:
    Mar 22, 2010
    Posts:
    66
    I wont go into too much detail. The detection failure is public and by someone known in the real independent testing scene as languy99. It's on youtube A.K.A. marketing debunk central for AVs.

    The crashing is driver related and done by a well known rootkit tool author and a few others on his forum. For legal reasons I won't link to it or give names.
    Couldn't agree more. What did it for me is all the easy to acquire samples that defeat the top-scourer's HIPS relatively easy. The vendors, or rather lack there of, puts this test low on the credibility scale in the independent testing demographic they are claiming to be a part of too.

    How a commercial subsidiary doing private lab tests is 'independent' and 'open' still baffles me.
     
  10. RejZoR

    RejZoR Lurker

    Joined:
    May 31, 2004
    Posts:
    6,426
    GData does use BitDefender and avast! engine, but it's using just the scan engine, not the advanced features like sandbox, behavior shield or BitDefender's behavior blocker where both mentioned programs use these extras. That's why you see the difference.
     
  11. Firecat

    Firecat Registered Member

    Joined:
    Jan 2, 2005
    Posts:
    8,229
    Location:
    The land of no identity :D
    MS seems to be rolling out a new engine update soon, maybe they started moving definitions to the newer engine thus causing the drop in detection rates. The next test should reveal more.
     
  12. Matthijs5nl

    Matthijs5nl Guest

    I do read a lot of comments and I agree on some, especially the fact that it is strange that the tests of AV-Test, AV-Comparatives and VirusBulletin show very little similarity.

    But I don't agree with comments made by Boost. In the real world, 99% of the users don't know of the existence of virtualization / sandboxing applications. Where you think the detection rates of antivirus programs are laughable, I think the Wilders community and their experience with virtualization / sandboxing is not really representative for the real world and therefor the decision antivirus vendors make.

    Also, about BitDefender and sharing engines etc.

    BitDefender's engine, which is sublicensed to G Data and F-Secure, is the part of the engine which handles signatures/generic signatures.
    BitDefender themselves use next to that B-HAVE, which is quite a strange name, since it are heuristics, so it is not really clear to me whether they do behavior-based protection. However popups on detection do mention behavior-based protection.
    F-Secure uses that BitDefender engine however they create their own signatures, and adds in-house technologies such as BlackLight (anti-rootkit) and DeepGuard. DeepGuard is a perfect example of how useless it is to use buzzwords like HIPS, sandboxing, emulation and behavior blocking. Since it uses all of them, also it uses prevelance statistics. DeepGuard is HIPS technology which combines proactive protection technologies such as system monitoring, sandboxing, blocking of code injections, advanced heuristics and run-time behavioral blocking.
    G Data uses the BitDefender engine, plus the avast! engine (so no autosandboxing or any of those fancy features) and adds an in-house behavior blocker. To be honest I don't know whether G Data create their own signatures or not.
     
  13. Narxis

    Narxis Registered Member

    Joined:
    Jun 10, 2009
    Posts:
    477
    BitDefender has a very good behavior blocker and HIPS wich are mostly automatic.

    G Data and MSE still depends mostly on signatures.
     
  14. RejZoR

    RejZoR Lurker

    Joined:
    May 31, 2004
    Posts:
    6,426
    It was a bit confusing with BitDefender years ago and i got the answer from Andreas Clementi (AV-C). When BitDefender introduced HiVE (Heuristics in Virtual Environment) they were doing the same thing most good heursitics do these days. They emulate entire system which can be used for on-access and on-demand scanning. Soon after HiVE they've announced B-Have which is basically the same thing plus the part that only works in on-access and is essentially a direct host behavior blocker. B-Have means "behave" since it monitors application behavior.
     
  15. Matthijs5nl

    Matthijs5nl Guest

    Thanks, that makes it clearer. Since I found it confusing that you call heuristics B-HAVE (ofcourse an infusion of behave).
     
  16. clayieee

    clayieee Registered Member

    Joined:
    Apr 14, 2011
    Posts:
    260
    but bitdefender is so slow
     
  17. Nevis

    Nevis Registered Member

    Joined:
    Aug 28, 2010
    Posts:
    812
    Location:
    255.255.255.255
    well , the report says different
     
  18. xorrior

    xorrior Registered Member

    Joined:
    Mar 22, 2010
    Posts:
    66
    Remembers when BitDefender was the first engine with a compression wrapper engine and it made them relevant. Now it's a boring over-advertised AV with a HIPS that looks impressive under only closed mediocre commercial tests.

    I only publicly demonstrate the irony to counter balance all the soliciting going on of an expensive commercial product..There are also plenty of public samples that contradict both these claims and this test result.
     
  19. dazed1

    dazed1 Registered Member

    Joined:
    Mar 2, 2011
    Posts:
    161
  20. LODBROK

    LODBROK Guest

    Summary of March 2011 0-day and Dynamic Detection tests added to previous results.

    All other metrics are "BFD." :cautious:
     

    Attached Files:

  21. J_L

    J_L Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    8,738
    Looks good, thanks.
     
  22. littlebits

    littlebits Registered Member

    Joined:
    Jul 7, 2006
    Posts:
    262
    I tried the latest BitDefender on three systems, Win7, WinVista and WinXP.
    When you open a folder in Windows Explorer with a lot of files, it takes forever for that folder to load unless you disable BitDefender's real-time. The result was the exact same on each system.

    If you open a folder with only a few files, then you really can't see much slow down.

    Because on the report they must have use a system with few files.

    The latest BitDefender kind of reminded me of Norton 2002.
    Actually might even been slower. The protection maybe better but you get the bloat to go along with it.

    Thanks.:D
     
  23. Dermot7

    Dermot7 Registered Member

    Joined:
    Dec 20, 2009
    Posts:
    3,411
    Location:
    Surrey, England.
    I suspect they ("these myriad of tests") might be, in some cases just trying to
    make business on the coattails of the stability and growth in the security software market. And how authentically accredited are they all?
    Their benefits to users, generally, are questionable, since they are likely to
    generate a good deal of confusion with their diversity of formats and results.
     
  24. Matthijs5nl

    Matthijs5nl Guest

    I don't think novice/average users will see these type of reviews anyway, they are just not interested. They use a well-known product, a product which was preinstalled on their pc (so Norton, McAfee or Trend Micro) or a product which was recommended to them/installed for them. They really won't go searching on the internet to compare performance and protection. At most they will see those shitty reviews by pc magazines.
     
  25. m0unds

    m0unds Guest

    out of curiosity, did you run a full system scan before trying that?
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.