Cyveillance testing finds AV vendors detect on average less than 19% of malware attac

Hello guys,

I accidentally came across this very interesting though discouraging article.



http://www.cyveillance.com/web/news/press_rel/2010/2010-08-04.asp

 

@ zerotox

Good catch, thanks for posting



Very revealing chart

*

Well that's a lot better than the poultry 16 samples from - https://www.wilderssecurity.com/showthread.php?t=279735

*

*

Hmm Virginia, that's where Langley is too

 

All this great info from a company with a security product/service to sell.

 

Thank you, have missed that. I didn't know they were selling security solutions.

 

Too bad they didn't test Avast, Avira and Emsisoft.

 

Panda where are you?

 

Norton always surprising, some test thet are the best in others the worst, a bit suspicious.
Some people are already killing NOD32 but seems that thet still have a lot of things to offer.

 

Yes, NOD32 has very good detection of rogues especially. On 1 forum in our country, where daily people post links to many zero day threats for testing - NOD32 is usually one of the few according to VT that catches the largest number of them.
As a pure antivirus, I think there are very few rivals. Of course relying solely on it is quite naiive but still I'm quite amused at those saying it is going downhill.

 

+1 Yeah, we need some more vendors in that list

 

I doubt u can find a single test where nod32 wont score among the first positions, along with kaspersky. I as many others prefer this kind of constancy when choosing an AV solution. On the specific test one should focus particularly to the 1st (zero day) capability which indicates the heuristics, and the 8th day, which demonstrates how fast the producer will implement the new definitions.

 

From http://www.thetechherald.com/articl...acking-when-it-comes-to-detection-says-report:

 

These type of pure scanning tests are almost useless these days as many AV products have several layers of protection. HIPS/behaviour blocker, reputation, improved detection on their cloud backend and so on.

The problem is that it is almost impossible to perform a reproduceable test and of course it takes way more time as you have to execute every single of the malware samples instead of just scanning them in 1 pass. Only very few testers are capable of doing a proper AV test these days.

 

I would agree that the tests were of little value if the security packages could only be installed as a single unit and none of the components turned off. But that is generally not the case. Since you can select your own HIPS, for example, then knowing how the 'virus scanner' part of a package performs can be useful, if you want to play mix and match. OTOH, while I consider cloud based (or not) to be a legitimate part of the AV component, I'm still not convinced that this, by itself, should increase detection, but that would be a discussion for a different thread.