Bluepoint 70 Threat Challenge - any comments?

This is running 'live' now

http://173.14.219.57:9000/SeventyThreatLiveVideoChallenge/pages/default.aspx

 

Interesting and... IMHO expected to see CIS blocking every tested threat till now, BUT it's too bad a lot of malware has not yet been tested against it so far.


EDIT: Even more interesting, or more like ironic is how for the BPS-machine, there are no pop-ups whatsoever, which IT IS when you actually run BPS yourself. Also, I bet they count every tested malware as successful for the simple reason that if you run into an unknown file, you've the choice to either block or allow, hence they can just choose to block and it's "succeeded" - while in reality it's (quite) obvious that the success rate is dependent on the user's choice, which is solely based on common sense in the actual cases of unknown files.


My two cents, thanks

 

There's a description of the event How Does This Site Work?

I can't understand why Emsisoft Anti-Malware and Panda are doing so poorly. if BPS do have it 'rigged' then surely all other products would be doing equally as bad...

 

http://www.eset.com/blog/2010/05/27/test-toot-suite-antivirus-vendors-blowing-own-horn

 

Maybe you just answered half the question.

 

So, BPS are totally in cahoots with Comodo and partially in bed with Prevx, but they didn't get off with panda or emsisoft: wacko: ...so far

 

If anyone is so naive as to believe that Bluepoint won't come out of this test extremely well could they please PM me I'd like to sell them London Bridge.

 

I don't think it has anything to do with nativity, I personally think it's a given that BPS will 'win', but that still doesn't explain the behaviour, so far.

As a mod on the comodo forums andyman35, I would have though you'd be quite pleased with the results, so far.

I only started the topic to hear peoples thoughts about these 'tests' So, if you think they're completely worthless and biased, say so, if you believe they have any validity at all, say so...

If enough people believe it's a sham, the tests will stop. Otherwise, observer the results and make useful comments.

 

Some of the results are bizarre to say the least (Emsi with what 5% detection).It's difficult to have faith in any vendor sponsored tests,maybe everything is completely above board and all the results are quantifiable,if so I'm happy for this old cynic to be proven wrong.

Also there seem to be a lot of technical issues with these tests with some of the products tested,they don't seem to be running at all?

 

The reason for that is give in the link I posted above, here it is again How Does This Site Work?

 

I've read the information but I'm wondering why Gdata for example doesn't seem to have even started,even accounting for the resetting methodology mentioned.

 

One interesting stat is Prevx has the highest score for 'unique' preventions. Not totally sure what that means. Is it simple better at detecting '0day' threats?

 

WoW there is actually a security product that is 100% effective I'm on the band wagon

TH

 

That's how I'd interpret the meaning.That,at least would be no surprise to me given PrevX's huge community database.
I can't understand the abysmal detection of Panda and Emsi,if those were reflective of real-world performance those companies would be out of business

 

emsi has the ikarus detection engine which is known to be among the best, as seen on shadow server http://www.shadowserver.org/wiki/pmwiki.php/Stats/VirusYearlyStats

as for bluepoint, not allowing executables to run probably wont let many infections get through but will give a huge amount of fp. this is not concidered in their test at all but makes the difference between good and bad av products.

as for selecting what virus they will "use" theres huge space for speculations since they can simply run it first on their software and if blocked then check it with the other vendors. obviously if not blocked by bluepoint chances are they ll never test it anyway....

i see many reasons why this "test" is biased

 

Not a terribly productive comment really. No security product is 100% effective and that was the whole point of the thread.

 

It's a test by Bluepoint and they so far have 100% or are you seeing something that I'm not? And that is my point no security software will detect 100%!

TH

 

Any security software could detect 100%. If those samples are carefully chosen.

 

Always that's why these type of test are useless, you have to leave it up to the Creditable Security Software Testing Organizations IMO!

TH

 

I wouldn't say it's 100% effective given the fact that when I tested it, BPS marked known good files as unknown and, therefore, requested user interaction as to allow or deny. An example is MS Works word processor.

I understand the reasoning and the options available to the user, but unless I misinterpreted the way it works, I thought some of these known good files would have been whitelisted already as many were.

 

I realize that Tony that why I cleared up comment with 2 more posts above yours!

TH

 

So do Comodo. Also, as I mentioned in an earlier post, until they reset the VMs and made the test 'live' Prevx, the company for which you are 'Forum Helper' had the highest score for 'unique' preventions...

As noted in my earlier post, I don't believe any product is capable of providing 100% detection rate and this test is being run by a company with an axe to grind and they will undoubtedly show their product to the wider world with a rose tint.

 

Looks like Prevx has regained the lead in 'unique' preventions

 

I'm not speaking as a Prevx Forum Helper! I'm speaking for myself as part of the greater security community, I just don't agree with test like these and that's it! I will Quote myself!

Regards,

TH

 

Comodo had showned an infection and now their score is perfect again.