AV Tests

Well then, move along, nothing to see here.

 

As of this post, Norton Internet Security 2010 has insight into about 80.5 million files across the 50+ million members of the Norton Community, 70.5 million of which are known to be good (79%), 13.5 million of which are known to be bad (15%), with the remainder (5.5 million) in the process of collecting enough information to make a good/bad classification decision (6%).

Thus, there is only about 6% chance that the reputation component of NIS10 will not be able to instantly make a good/bad classification -- and, that’s only a temporary situation. If you receive a warning not to download a file “until more is known about it,” then the prudent course of action is to wait 4 to 24 hours and check back again. Based on my experience, NIS10 will have formed an expert opinion on the trustworthiness of the file by that time.

The reputation element of NIS10 is a potent component of the total protection provided by the product, by itself correctly identifying 76% of all malware (true positive rate). Of course, the real-world protection of NIS10 is augmented further through the use of signatures and heuristics above and beyond the reputation functionality.

 

Last night, I did some more testing. Only got to two different AV's last night though...ran out of time. Got 15 brand new links and tried them with the following. I used Avast again to see if it would continue on it's same pace:

Panda Cloud
Kaspersky
Avast

Using Shadow Defender in Shadow Mode so I don't have to reload an image each time (I don't use or have a VM), I uninstalled all AV and then loaded the latest version of the below AV's and let them update/setup:

Panda Cloud

Score: Malware 15, Panda 0: 0%

The machine was a mess after the 15 links. Pop ups galore, tons of running processes. Panda missed every single link. No a single peep out of Panda the entire time.

Kaspersky

Score: Malware 0, Kaspersky 15: 100%

Avast

Score: Malware 0, Avast 15: 100%

The machine was left unharmed while the links were executed with Kaspersky running as well as the tests with Avast. So again, Avast gets a perfect score. Kaspersky also performed very well with just single pop ups and it easily took care of all the malware.

Again, nothing scientific here and I'm no pro and yes, I had fun doing it. Not sure why having fun means it should be taken any less seriously, but these are just simple, small sample tests to see how AV's perform against malware that hasn't been out there that long.

The free Avast continues to surprise me.

 

Guys, this thread is about testing the products that I have tested. I haven't even tested Norton. Why are we arguing about Norton? Can we please get back to the topic at hand?

 

When I used Norton, it didn't even warn me for many files through reputation. Sonar alerted on some clean files. It is no better than the others, IN MY OPINION. I've said my piece. Now we should get back to the topic.

 

The way I see it, you shouldn't be surprised that people are arguing about Norton or any other thing. When you set out to test AVs, and the inevitable discussion ensues, it's like placing a can of gasoline next to a book of matches and expressing shock when someone can't resist torching the place up.

You're not to blame for it, but then again, the thread strikes me as the equivalent of A vs B vs C, etc.

 

Well, people discussing products that have actually been included in the test would make more sense to me.

This thread also is not meant to do anything other than inform. If someone is using Panda Cloud for example, I doubt very much that my tests here would make them stop and use something else, even though my tests showed it to test extremely poorly.

 

Yeah, well, who said anything about making sense?
Your tests are enjoyable and informative for what they are.
I'm sure that is all you had in mind.
But you can't stop certain people from pontificating about Symantec no matter what the thread topic is.
Thanks again for the fun thread, though.

 

No matter how many products you did test you would be asked why you haven't tested one that you didn't!just the nature of this place and the people that use it!

 

Important to know is if you use out-of-box settings for all the software that you test - no changes. (?)

 

Stated here...

 

I think that nobody need Norton in order to know if the file is popular or not.
I know if the file is popular without use norton, just use your common sense.

 

Hi TheIgster, my guess is that Avast performed so well due to its shiled that blocks malicious web sites etc.

If you had downloaded just the samples ans scanned them with on-demand scanners, Avast,s results would had been same as others.

I will suggest something. Next time if you test, try two ways.

1- Try all malicious URLs you are testing and download the samples that they deliver. You can use a HIPS in addition to control malicious file downloads in addition.

2- Try all malicious URLs as you tested this time.

3- Run a scan of the downloaded samples with each AV.

It will give a more better understanding of real time protection of each product.

Anyway, I do like the new Avast and its shields. Only wish that they improve their behav blocker too.

 

Ouch.............

 

Yeah, I was very surprised.

 

I am personally very surprised about the results of Panda, I would have thought that some of the would be detected as Suspicious. I have never seen a review before with Panda detecting nothing. Hopefully when they add the behavior blocker it will do better.

 

Thank you, must've missed it when I tried to find that information.

 

Well, I suppose the none detected could happen with any of the products as these are just 15 random links. Not a huge sample as stated, but I still found it surprising. I also found MSE's rating surprising.

Also, the odds on Avast getting all 30 seems strange as well. We all know that no one AV is perfect by any means and a layered approach is best IMO, but it was very strange indeed that Avast got all 30. With that being said though, Kaspersky got all 15 in it's test as well.

 

Next time you test antivirus software please test Panda Anitivirus PRO and Norman. I am just wondering how TruPrevent will help protect the system.


I would test myself but I don't feel safe trying to infect my machine on purpose.

 

And this was with default settings, right? Cool.

I have tweaked the settings to automatically assign "Untrusted" status to all applications without a digital signature or not whitelisted by Kaspersky, and using those settings, I haven't been able to get a single piece of malware to do anything at all. I've tried quite a number, including many that Kaspersky did not have a signature detection for, and everything has been instantly blocked. Good to know that default setting are also so effective.

 

Would I not need a license for the Pro version of Panda?

I tested the free version obviously when I tested.

I will add Norman to my growing list.

 

Are you sure Panda was actually working? You can test this with a well known sample. Panda cloud will not give a bold pop up. It will just disable the file execution and the small alert near systray is some times a bit hidden and easy to miss. It was best to do two things:

1- Check that Panda is actually working by using some common sample.
2- Checking Panda,s log to see what it blocked.

 

Just use the free trials

Panda: https://www.wilderssecurity.com/showthread.php?t=265689

Norman: http://www.norman.com/downloads/trial_registrations/58627/

 

OK...will do with the free trials next round of tests.

aigle: Yes, it was working. I of course was watching for any reaction by all AV products closely. Nothing popped up other than all the malware which infected the system with Panda running.

 

Here, my one line review

I'm very surprised too. In my test, those malwares could stay in memory, download other files and install them