File-Detection Test September 2012

1) Irrespective of what tests users think are the most important, we care about actually protecting users which is why we focus on realtime protection.

2) We put much more of a focus on the general performance of WSA on the system - realtime protection is definitely why users use an AV, not retroactive detection. After the initial scan with WSA, you don't need to run another as it monitors everything in realtime.

 

Execpt for the fact the initial scan for a highly infected system may not be very good.

 

1. The WSA technology is inherently not on-demand friendly. The issue is not about what users thinks its the most important test to consider but what is the best software able to protect users.
2. and at the same time able to protect the users with minimal impacts (not just speed).

Probably a stupid idea but.... if on-demand is the only problem of WSA then it can be easily solved by getting a licence for an OEM SDK package (e.g. Bitdefender). So cloud is filled with useless signatures, detection will sky rocket and everybody will be happy*!

* Except webroot pockets

 

I think WSA is the best designed AV program currently available, and I feel secure when I use it.

 

No, it would actually be very good as the infections are active on the system.

 

Well done Avira

 

Then why isn't Webroot doing well in the Av-Comparative on demand test?

 

I see it this way, there has been 10 or so tests done on Webroots product now. 1/10 was a good result and 9/10 bad. You can be a fan and complain that the test does not look at how WebrootSA works, but panda cloud does fine? same with any other cloud product. Every other anti-virus takes part using the same test so complaining its unfair is no good, either improve your signatures or go home.

Its like catching a criminal after the fact with CCTV rather then posting a guard to watch over the crown jewels. Claiming that its okay to do this because "we have seen everything and can put it back the same way after"

 

In e.g. this type of test (WPDT) files get also executed:
http://www.av-comparatives.org/comparativesreviews/dynamic-tests

 

Yes, better but the test is not dynamic over time, just a single shot.
So, webroot protection within minutes or few hours fall outside your methodology and ratings.

Summary: testing WSA is not a piece of cake

 

Because they're on-demand right click scans, not in an infected system.

 

Not everybody thinks like you.There are people who change their AV based on Youtube videos for example or worse,based on other opinions.
Congratulations Avira!!!!

 

OK Thanks.

 

ok, now how about you reply to IBK?

 

I've responded in quite a bit of detail in the WPDT threads previously - WSA works differently in how it protects the user so just because it doesn't fully block a file upfront doesn't mean it isn't blocking its malicious actions. We're working with AV-C on being able to test this (likely in a separate, standalone test).

 

I rent out angels to protect peoples families. Don't call me out if you don't see them or they don't work right away, they are there. You just don't use them correctly. they are hard to test because they are so complex, please don't judge before you know how they work or how to test them.

 

I'm not sure that I follow the reasoning behind this.Surely it's better to block everything upfront if it contains known malicious components rather than leaving bits and pieces on the system? Wouldn't it be better working on blocking/removing all traces of an infected file rather than trying to come up with new tests?

 

I challenge anyone to find any user who has actually had a bad experience with WSA not fully protecting them. If we were failing all over, the forums would be loaded with people complaining.

 

This thread is not about Webroot. If anyone is using Webroot, and has an issue or question about the software, please go to the Webroot subforum (which is in this forum): https://www.wilderssecurity.com/forumdisplay.php?f=105

 

Anyone seeing a trend in Trend, Nice to see them doing well. Lets watch the... sigs gone wild.

 

Wow IBK dropped a bomb on PrevxHelp with that post.

 

Joe (PrevxHelp) was just responding to questions/comments within this thread about Webroot's test performance. Nothing unusual about that.
If someone would open a thread under the PrevX forum about the AV-Comparative test,
it might get closed since this thread already exists.

 

Nice Job PandaLabs glad to see detection staying strong with all the work being put into Panda Cloud 2.0.

I have to say Fortinet is doing a rather good job for its popularity it has. It seems to have less cloud sensors then vendors with a larger database to pick up name samples. Taking out the SDK gang ( Mainly Bitdefender SDKed) the results would look much like: Avira, Panda, Trend, Kaspersky, Bitdefender, Fortinet. So it seems their engine dept is working very hard

As for Webroot, I don't think now is the time to go down hard on them. I have used WSA to remove malware from my machine as it was active. That malware was not being detected by a fair amount of the vendors. So I do trust their on-demand scanning for machines with active malware. Sure it would be nice if they were able to use their full engine with on-demand scans but so far they can not. I don't want to see them before another SDK clone of another vendors engines, lets see what they can create on their own for a change. As for the FPs yeah it has a lot but I am sure they are actively seeking a way to cure that problem.

 

Well done Panda, top detection for free!

 

I'm not aware of any policy change like this, but if this is the case, then I would hope that all other comments about other vendors would be handled the same way and this isn't something specific against Webroot.

In the meantime, I will refrain from answering any questions users post in this thread - feel free to PM me instead if you would like anything specific clarified.