AV-Test.org results: Sep-Oct 2014 / Windows 8

It's a lot to pay for an antivirus which has been performing very poorly in the last few years up till this latest test. Maybe it's really good at detecting Korean malware?

 

Agree, but I don't really believe local malware is caught by local companies. I live in Seoul and I have never been hit by ' 'local' malware.

 

I'm not sure but you might be able to download the latest here, provided you give them some personal info:
http://us.ahnlab.com/etc/request.do

 

Vipre appears to be heading the wrong direction in all categories. What has happened?

 

Well,I still have questions on AV-Tests as well...I have pointed out earlier if someone ever read it.Don't go and assume.I must have forgetten to mention but still stuff seems to be a drop in the bucket and secondly no deeper explainations on the ratings? Because I was assuming if we were 4/5 rating then we must have got like 80% of detection but that wasn't the case we got 99% and 98% ratio so where is the catch?

stephentony,I dont know if the results ahead will be reflecting what we see but I am sure they improved in detection of malware that's not in their database.However,I dont know how dna-gen and additional stuff works and if it is fully working or not? I think avast staff should be explaining things further if or not the deepscreen improved greatly over the last version??

 

Stefan who?

 

When you say "we", do you imply that you work for a vendor or sell/promote a specific product? (just asking for my better understanding)
I think they explained in past their rating system somewhere, I just do not yet remember where.

 

Thanks for the link. For the moment I'm going to stick with another Korean antivirus, Virus Chaser.

 

@roger_m

It took a while to find it, don't know if you will get an English version of course.
But they do mention a 30-day trial of AhnLab IS V9 on this page. And since you're usually not that picky in your search for AVs so I thought I could mention it anyway

https://translate.googleusercontent.com/translate_c?depth=1&hl=sv&rurl=translate.google.com&sl=ko&tl=en&u=http://www.ahnlab.com/kr/site/product/productView.do?prodSeq=13&tab=14&usg=ALkJrhg8Ecvq-zLZKVsQl0n6IhsTSRDSag

 

Thanks for that. I actually already found that page, but clicking on the download link does nothing even when viewed without Google Translate, or when I view the page in Internet Explorer.

 

Mhm I see.
I clicked on the button that says "free trial download" for the heck of it and it took me to this page where one is supposed to login: https://www.ahnlab.com/kr/site/login/loginForm.do?from_url=http://www.ahnlab.com/kr/site/product/productView.do?prodSeq=13

Yes it exited out of google translate.

Edit: No it doesn't matter what I try to download, I found a list of installers on the site, and when I try to download any of them I am taken to the same login page as above.

 

I hope they also explain their methodology.
I don't count this in methodology, it's just an overview.
http://www.av-test.org/en/test-procedures/test-modules/

Also, can you give details about how you AV-Comp choose samples? I don't mean how you collect or gather samples (I know that), but mean how you classify malware and what sampling method do you use?

 

Depends on the test. E.g. in the FDT it states that the test-set is build consulting telemetry data with the aim of including mainly prevalent samples from the last weeks/months which are/were endangering users in the field. We apply a clustering method to classify similar files. All samples included are analyzed with our own analysis system and partially another sandbox.

 

You mean, e.g. you take those samples simply from the most prevalent one, next prevalent one, and so on? Probably not. Maybe you first stratify samples, right? Please refer to what I posted in this thread.
https://www.wilderssecurity.com/thre...ld-protection-test-october-2014.370224/page-3

Do you use any of machine learning algorithm to automatically classify malware?
I also want to hear about dynamic test.

 

Ahnlab...

 

@yuki: what you wrote there explains it quite well in few sentences and better than I would have been able to tell.
Regarding machine learning: no.
Regarding dynamic test: here we take all exploits/urls we find in-the-field and which work on the system, we just remove the same cases, pua, etc.

 

Then, you use any of common clustering method with pre-defined rules?
I also want to know how many properties/characteristics are considered to classify malware.
Sorry if it troubles you.

Well, my suggestion for future dynamic test report:
Please consider to include info about what types of attack was used in dynamic test.
E.g. proportion of each initial infection methods such as exploit (if possible, what types of exploit such as for browser, for Office docs, etc.), manual execution (with social engineering or not), and others maybe by pie chart.
And general (I know exact classification is hard) proportion of finally installed malware such as ransomware, banking trojan, etc.
MRG already gives the latter.
I believe such proportion can largely affects result (if a product is weak in malware engine but strong in exploit prevention, then...).