Drweb Version 4.44

I've had Dr Web on my main system for years. But there have been too many problems. If you think I'm bashing tthen I'm sorry, that is not my intent. I love Dr Web but I have given them too many chances to live up to their potential.

What would you suggest I use? This is all I have to go off of. Are you saying that the numbers, for years now, have been lying?

In fact it has not. There have been two cases when Dr Web's lack of a quarantine feature has caused me to reinstall everything. There were FPs detected that were actaually files I needed to login to windows. Those files were moved amd I couldn't login, even in safe mode.

 

This doesn't prove that DrWeb is the culprit
Version 4.44 may be adding new functions that are revealing buggy code in the other application.

 

so you think that all these samples in these tests are actual threats/malware?

tests are nothing but guidelines, interesting results to read and wonder, i would have thought better from someone who has used drweb for years to dismiss the software as such.

i think if you take out the files that aint actually malware, and also the ones that cant execute and aint a threat, drweb would score very highly.

i think the 99.% av's just have a greater detection of false positives.

also, the beta tested is an old build, yes ... of 5th august, the latest builds of the beta aint even available for public download.

 

Av-test.org's results

http://blog.chip.de/0-security-blog/microsoft-verbessert-seinen-virenscanner-20070821

yeah, they dont match... as i said, guildlines.

drweb have a great VB record, and are also ICSA certified.

also, with trustport also adding the drweb engine of late, surely all these people are seeing a poor product right?

russian military defense aswell, damn ... you must know something that all these people dont, right?

 

Actually, malware that doesn't execute is not (really) malware. At least as far as execution is concerned, most competent AV testers are able to filter out non-executable files from their test sets. There are very few, if any at all, un-executable malicious files in AV-test or AV-comparatives' test sets.

I don't particularly think that is the case. Yes, to some extent some vendors may in fact be detecting crud (and that is a big MAY), but this is unlikely to really cause any more than a placebo effect. As far as AV-comparatives and AV-test are concerned, the margin of error is usually quite low (less than 1%).

Dr.Web's performance is indeed a bit strange, however, I do not think the results are false because I trust the testers enough, plus I also have my personal experiences to talk of where I sometimes see ArcaVir detecting stuff Dr.Web would not (trojans/backdoors category). IMO Dr.Web has become a bit "weak" for trojans and/or backdoors (haven't really researched much into this, so think of this as a wild guess for now).

Regardless, I still consider Dr.Web as a pretty good product. Its real-life protection rate is good enough - I really haven't seen any cases where it has missed any rapidly spreading, in the wild malware, be it trojan, worm, backdoor, exploit or whatever. No issues with their support here. But the relative stagnancy in the development of their product is not going to do their sales team any good, given that their current interface is not so good after all. This, combined with the "average" detection numbers, do not bode well for a new customer looking for a decent AV product.

Given Dr.Web's history, I must say I am a bit impressed at their product, their technology and how they have made it this far. But given the current situation, I cannot help but worry about how long Dr.Web will survive, because currently the company's popularity is going down due to various reasons, justified or not. Even here on this forum, where Dr.Web used to have a great fan following just a few years ago, I can clearly see there has been some decline in the popularity of this product.

They need to release version 5 FAST - A decent interface alone can do wonders for the popularity of the product and a resultant increase in sales and company growth.

 

Completely agree here. It's interesting to see the development of a product in a period of time.

I don't agree here. Garbage surely exists in IBK's collection and Marx's test bed, but I think that the amount of it is statistically insignificant.

 

exactly.

your sure of this?

im certainly not, these tests, on such a massive test set will contain junk, its almost inevitable, so when i see the 99.%, they must just flag everything as a virus.

anyway, enough is enough... i dont need to explain drwebs detection rates, thats for sure.

 

Yes, they contain some junk. All test-sets do, but not in any significant extents. The cleaning of the test sets from crud is always a continuous task, and always performed by professionals with enough experience for this kind of task.

Of course, if the test sets were significantly flawed then we would not see many products tested (since vendors would not offer permission), and we would see massive "anti-tester" campaigns going on to the public by the AV companies (the marketing teams are there for a reason you know....the PR machine ).

 

incorrect, but how do you know just how much crud is in the tests of av-test and av-comp?

im sure it doesnt state it anywhere.

these tests should only be used as guildlines, for this... they are great.

drwebs methods are different to those of the others, so these results (for drweb anyway) are misleading, or at least i think so.

 

Not incorrect, if you really think AV-comparatives and AV-test doesn't have a single guy who is not experienced in ASM, C/C++ and other such programming languages, who can't go ahead and look at every file and classify them into every category of malware, then you are mistaken.

No, I do not know just HOW much crud is in the tests of AV-test and AV-comparatives. But I do know it is not in significant quantities for the reasons I mentioned in my edit of my previous post.

 

im not denying their qualifications or what they know, they are certainly very talented at what they do.

im talking about the test sets, what you say are tested by professionals for their execution and threats, i dont believe this to be true. (or at least... not as much as you think)

drweb certainly found loads of junk in their missed samples from the last dvds they recieved, and still not sure if they have recieved the latest ones.

i mean, the other week ... i certainly had to put across my detection arguments to someone using clamav, could not believe it.

sometimes drweb do monitor wilders themselfs, i dont think they are too worried or im sure they would say something.

i think POST #29 says it all really for what i mean.

 

You don't believe this, but have no problems with claiming that Dr Web would "certainly" score in the high 90% if all "junk" was removed?

I'm sure it's hurtful to have a product you hold close to heart criticized in a manner that an earlier poster did. But let's not lose all rational thought here.

 

you think it is I who is misleaded, lol......

i never said drweb would be one of, if not the highest detection, i just said it would be better.

im sure IBK has been following this thread, but i think drwebs methods are different to those of the other products, people forget this when looking at a test result.

 

Just a guess,
By junk, they might have meant "not significant threats" or "threats which don't affect DrWeb customer base".
Just a laguage ambiguity.

ESET is another company known to scrupulously analyze each and every file to avoid garbage going to their database. Yet, they score a little better in controlled tests.

 

they dont all have poor english lucas,

i mean corrupted samples, memory dumps etc.

but i am sure there were also samples that were not signifcant to drwebs customer base too, and also loads of real threats too.

nobodys perfect, i just think drwebs methods are different to others, and the tests lower drwebs value because of it, for reasons ive mentioned above.

i am more concerned for the decompression and read errors that drweb produced for 4.44 that IBK mentioned, but i have been told most have these have been fixed in the latest builds which are not available for the public, but we shall see.

 

I have no patience with those who prefer eye-candy over protection. Even so, the personalities are getting a bit much (even though entertaining at times) so I am concerned that they will get this interesting thread closed by a Mod. My humble suggestion is - please desist. Shalom

As to DrWeb's protection rates as measured at AV-Comp, all of the categories look just fine to me except for 3. One of those 3 is worrisome to me. The other 2 are mostly curiosities, simply because I'm not quite certain what they mean (maybe someone here can give clarification). To wit...

#1- Trojan detection 64.04% - long ago I dropped using stand-alone anti-trojan monitors because the trojan detection rates of antivirus programs had the bases covered. So I find DrWeb's relatively low rate with trojans to be worrisome. For this reason alone I have temporarily relegated DrWeb to on-demand and am now using BitDefender as my real-time monitor.

#2 - "Other OS viruses/malware 47.45%" -- what is this category? I use Windows, so why should I be concerned about being protected against bad stuff that affects OTHER operating systems?

#3 - "Other malware 64.04%" -- I suppose the word "other" means that this category covers "OTHER THAN" Windows viruses, macro viruses, Script viruses/malware, worms, backdoors, trojans, & other OS viruses/malware.

With all that stuff omitted from the "other" category, plus the fact that I recall IBK saying that spyware is NOT in the test bed, what the heck does that leave in the "other" category? Protection against electrical outages? Protection from elephant stampedes & the heartbreak of psoriasis? What?

All kidding aside, can anyone hazard a guess as to what IS included as "other", I wonder?

 

To reach Advanced, Dr.Web would need to discover at least 22.000 real garbage files in the misses of August, which is highly unprobably.
In January there will be a report on the garbage contained in the August 2007 test set and its impact on the results. All the rest is just speculation.

@bellgamin: from the FAQ: Rootkits, Exploits, Flooders, Nukers, DDoS, ActiveX malware, IRC malware, some droppers, etc.

 

i doubt it would get closed as it is all about 4.44 version still,

i dont say its a top-detector, i just think the tests are set up for drweb to fail, or at least... more than it would.

i certainly do think 4.44 will be a step forward still, and v5 even more so.

there are still many people that would choose drweb over anyone else, but i bet if it had a fancy GUI like norton or trend micro, there would be many more people using it, i do find this funny in itself too, even firecat believes the simple addition of a fancy GUI would help dramatically, sounds stupid right, but i agree too, as this is how people think in general, having a nice looking AV like norton etc is just pleasing on the eye and even though some people wont admit it, its one of the top prioritys for most people using an AV.

I think some people think Drweb dont know what they are doing, we are talking about highly qualified professionals here, and they have schedules and implementations of features like anyone else.

i would like to know, why av-test and av-comp differ soooo much this time around,?

 

just read what was tested and which samples were used.

If peoples see in a Standard rating a "fail", it means they did not read/understand the test. Would you feel better if I say e.g. Dr.Web is on place 17 of 100 AV products?

 

I didn't want to suggest that I should improve my own English (which is not very bad, but it could be a lot better)

Why? A trojan is a trojan in London, Moscow, Lhasa or Tahiti.

I think you're right. People bash AVs which don't get A+ checkmark.

PalmOS malware, Unix/Linux/Solaris malware, SymbianOS malware, etc.

For the most part, you shouldn't be concerned.

 

Clear & to the point. Thank you, Lucas -- bon ami

 

You're welcome
I think that I should delete the French part of my signature; it clearly leads to confusions

 

Could you please elaborate on this ? Do you really think they want dr web to fail ?


I do hope you are kidding C.S.J

 

This is just a case of someone livign in denial and wanting to believe so badly in Dr Web, even if there is no reason to.

 

yeah sure it is,

automated tools are used to determine if malware infact IS malware.

I also highly doubt that IBK, or any other tester (im not just having a go at IBK's. but these tests in general) checks each malware for its execution and threat on ones computer.

nothing is full proof on a test soooo large.

the ceo of drweb himself, told me just how its filled full of crap (just how much, i dont know), it is YOU who is in denial, who believes a test result, and jumps ship.

im sure drweb does miss loads, as do the others, but im sure IBK doesnt come clean about everything, nor do the developers.

oh no, my windows GUI changer does not work, better ditch my AV...pathetic!

ever played chess n7chavez?..... well, your the pawn to these people.

KMFO.