Dennis Technology Labs: PC Anti-Virus Protection 2011

Even if he does test against MDL, he'll find his conclusion at odds with his statements for any significantly sized sample.

 

What's the point of doing any test whatsoever? Someone will rip it apart in some way or another. Whether it's a controlled lab test, Joe Blow, languy or anybody who has posted in this thread, you will not get any credit. Your test in someway will be flawed. Now Norton may not be perfect, but on that day, no matter who done the test, it was. Now I don't use Norton but a free AV and windows FW. Maybe I'm infected and don't even know it, but my computer still runs fast and there is still money in my bank account. I don't go to Malware sites and bombard my computer to test my AV or FW, but it makes for a good read paid for or not.

 

You call 0day malware to samples released btw 5th and the 8th? funny

As I said before, I said what I said because I personally tested Norton against 0day malware.

And please dont post the same post in different threads with one is enough.

 

Rather odd how they mixed together paid versions of Norton, Kaspersky, Eset, BitDefender, G-Data, Mcafee and Trend Micro (the full suites) but ran free versions of Avira, Avast and AVG along side in the test. The fact that those freebies were right in the thick with those big paid versions is a tribute to them...

 

@guest

So let me understand this correctly, you want to avoid my questions asking you to present some evidence, and not just anecdotes? And you don't want to say whether you've tested the final of NIS2011? Or present some samples that bypass it?

As for your quip about zero day malware, the date on which a file is created, and the date on which files are released nearly always don't coincide. Surely you know this, and understand that zero day malware can be as old as it wants to be, eg. as old as 1 year? This was the case (for example) with TDSS - the first variants seen in the wild were released much later than they were created. You should know this, if you've ever done any serious malware analysis or research, or even read any research articles.

So what is so "funny" about my zero day samples? Or do you just not know what you are talking about?

 

Please see the report...

Please see Appendix C in the report for a listing of the specific threats tested.

 

Comodo did not want their products to be tested, Melih categorically refused, from one lame excuse to another. However, I was told that he changed his mind reluctantly and in the next AV-Comparatives CIS will be tested. You also have forgotten VIPRE. .

Thanks.

 

I didnt see any evidence of your famous test either, just bla bla...
I usually test apps, so I tested norton with 20 samples more or less and I remember that norton did quite well but didnt detect some of the samples.
Sorry since I use DeepFrezee in a virtual machine everything is lost and I usually dont save the malware.

I will probably test Norton 2011 soon, so if you are here around I can send you the samples not detected, anyway since every sample is uploaded to norton server I dont know during how many time will not be detected.

I would not consider a file 3 days old in MDL, 0day malware, that's all, since some of the files in MDL are not 0day malware.
When I say 0day I mean in the wild, you can check when the file was found in the first time using different databases, like prevx investigation report per example.

Is quite gaudy that the samples of Dennis labs were all detected and not the samples of AVTest with almost the same sample size.

BTW is very easy for the AV vendors monitor sites like MDL, Malc0de... and auto add to their database every single file posted, so this is another reason why I usually dont get malware from this kind of webs

 

This is the real purpose of the current Symantec "blitzkrieg", to show how free versions (their real financial threat) aren't as good as the big boys.

 

The results from the test, however, contradict this hypothesis: several of the “big boys” scored more poorly than some of the “free versions” (e.g., McAfee versus AVG).

From a marketing perspective, I suspect that Symantec is more likely to gain customers from other paid alternatives than from those using free anti-malware solutions. The “free crowd” is a distinct market segment that probably isn’t very interested in any paid solution, whether from Symantec or from one of its competitors.

 

MSE barely scoring higher than something as bad as K7?
Avast and NOD32 beating the dual-engine GDATA?

I giggled. Then again as stated earlier, a 40 sample test is useless.

 

How many samples do you expect a zero-day test to have? You are not going to find one with 1000 samples.

 

Let's just agree that no one can agree. (This message was Funded by So it is rigged)

 

According to AV vendors themselves, thousands of samples are created each day, so why not? Also, what is your definition of "0 day"?

 

The "free crowd" of Avira, Avast, AVG, MSE alone, we are talking about 350+ million users! You are naive if you think Symantec isn't interested even in a small percentage of that free crowd. Besides, why test all the free versions and not the paid versions? Because the results are from "free" versions, it is highlighted simply because it is stated in writing, "free" is inferior.

 

Agree with 3G... U guys talking like kids here.. Can anybody tell be what the heck is 0Day? Do you guys think that the malware found on MDL is 0Day? If they were 0Day, then how those guys found them who posted them on MDL?

 

well i agree
free products have shown that they are upto the mark , that is why i have avast in my desktpo in spite of having genuine av of all comapanies

 

Well, that's because I'm not the one who is disputing the conclusion of tests linked here -you are. So the burden of proof is on your side, not mine.

Even if this was not the issue, you can't expect me to post samples on a public forum - I have not recieved any PM's with requests from you nor anyone else. So much for your talk.

Does that mean you haven't tested it yet? Well well... And you still haven't answered the question if you have tested the final version of NIS2011 before making your interesting remarks about NIS easily failing on a set of 10 MDL links....

Thank you for that delightful insight. I'm not sure you realise that I research malware for a living. Either way, your remarks about how my samples were "funny" were rather rude (you made assumptions that I take my malware from MDL, that they weren't zero day, and rather than politely asking, you tried to prove your er... "superiority").

Interesting you say this, because you were the one who brought up MDL, not me. Nowhere did I say that I take my samples from there (which I don't, they come from private resources not available to the public).


So I am still patiently waiting for your proof that in some 10 MDL links, it can be easily shown that NIS2011 does not score 100%, and your answer on whether you tested the final version of NIS2011.

 

I'm still patient for your proof of hundreds "0day" malware (not 0day anymore), no xD I am really not interested.

I tested one of the 2011 beta, and 2010 (I already said this like 2 or 3 times). Maybe not in this thread because you copy paste your replies to me in various threads.
Some of the malware was from MDL, but I have other resources.


So if I was able to find malware not detected by Norton, AVtest, PCSL and AVComparatives also, why Dennis Technology Labs can't?
There have been 3 test sponsored by Norton made by Dennis Technology Labs since Symantec created it, in all this 3 test norton always scored 100%. Is the only testing group that have malware 100% detected by a product.

Lately MDL is no a valid source for most of the cloud AV, in Norton pe you can see how many times this files have been seen. Some times 30 min after the file is published in MDL norton tells you that they have seen this file in less than 50 users, so btw 5 and 50.

You want me to say that I exagerated when I said that is possible beat norton with 10 samples from MDL, maybe, or maybe not. But of course you are the pro, the testing experiences of other people does not count.

But of course is impossible beat norton 2011 beta or 2010 with MDL files according to you: http://www.youtube.com/watch?v=RPjo0yaXueA http://www.youtube.com/watch?v=cLkDD00P4oU
I'm not going to check everything because I already know that is possible but because you think is not you can lose your time:
http://www.youtube.com/results?search_query=norton 2011 test&aq=f
http://www.youtube.com/results?search_query=norton 2010 test&aq=f

 

It seems to me that statement pretty much encapsulates the argument.

Either you:

A:Believe what Dennis Labs is saying is the truth,in which case despite being sponsored by Norton the test is valid and above board.

B:Think they're lying and in fact Norton had prior knowledge of the samples used,or even picked the samples themselves.

Since scenario B would effectively destroy Dennis Labs reputation as a credible test organisation the onus is on the conspiracy theorists to provide some evidence of foul play surely?

 

And yet you still haven't asked me for the samples...

Well this is just hilarious - you came to make claims that if we test a product against 10 mdl links, we will easily see how it doesn't get 100%, when you have never even tested it yourself? Do you take everyone here for idiots? And after several people have posted their results to the contrary, you still claim your self-admitted untested claim is true?

"Obvious troll is obvious", to quote Ray William Johnson.

To turn your argument against you (idiotic as it is, as clearly sample size will affect any correlation) "if I can find 124 malware samples that are all detected by Norton, why can't Dennis Technology labs?"

First you tell us all how we should all test NIS2011 against MDL, now all of a sudden, it's not a valid source any more. Why then did you suggest to test against MDL in the first place?

Oh, no no, don't get me wrong, other people's experiences do count. One's that have tested the actual product, that is. But not yours. Because as you yourself admit, you haven't tested NIS2011. Please do so before telling telling the rest of us how our test results should look like.

1. Where have I ever talked about NIS2011 beta or 2010? I only dealt with NIS2011 final, which you can clearly see from my posts. You must have missed that.

2. I myself have said, on several occasions, that NIS can be bypassed:

https://www.wilderssecurity.com/showpost.php?p=1745767&postcount=24

But you must have missed this too. The fact that you don't read what other people say is so evident.

If you wan't to keep ignoring hard evidence and trolling, feel free to do so! But you may want to actually consider trying the product in question before you begin your baseless accusations against the validity of other people's tests; since so far, everything you have said has looked like an immature tantrum!

 

Of course, Symantec is interested in gaining customers from the “free crowd.” My point, however, was that (1) the ease with which a free user is converted to a paid user of any anti-malware product is less than (2) the ease with which a paid user of Product X is converted to a paid user of Product Y, in my opinion.

If Symantec had not included a reasonable sample of free products in its tests, then it would certainly have been criticized and some would have said that Symantec was “worried” about comparing the performance of its products against the free alternatives. Thus, I see the motivation for the inclusion of the free products in the tests as a defensive (rather than an offensive) measure.

 

Not only would Scenario B negatively impact the reputation of Dennis Technology Labs, but it would also devastate the business of Symantec.

Who would purchase a security solution from a company that knowingly and willingly engaged in such deception? Who would trust PGP or VeriSign, now that they are run by Symantec? The risk/reward tradeoff of such an action is abysmal. For the gain of looking good in one test, Symantec would potentially endure the pain of substantial business loss? The idea, in my opinion, is beyond absurd.

 

FYI -- I see no evidence in the report that “zero-day” was a criterion for the selection of the malware samples used in this test.

The test was designed to simulate “genuine internet threats that real customers could have encountered during the test period. Crucially, this exposure was carried out in a realistic way, reflecting a customer’s experience as closely as possible.”

 

Personally I don't see any reason to doubt the intregrity of the test. However, I am really eager to see the results of the AV Comparatives dynamic test. I have more confidence in IBK than anyone. Even more that the world class experts on this forum.

I pedict that Norton and Kaspersky will remain at the top. I wonder when that test will be conducted?

Regards,
Jerry