Heuristics in action

Discussion in 'other anti-virus software' started by CloneRanger, Mar 11, 2010.

Thread Status:
Not open for further replies.
  1. dw426

    dw426 Registered Member

    Joined:
    Jan 3, 2007
    Posts:
    5,543
    While I know for sure from experience that Avira has a high amount of FP detections, I think you're going a little overboard with your statement. I see no reason whatsoever why AVC would count FP results in their detection ratings, it wouldn't make a bit of sense. I'm quite sure they can tell an FP from a true detection, so surely they either separate FP detections from their testing results or completely toss out the FP detections.

    I don't claim to have first hand knowledge of their testing procedure, but again, counting FP results towards the positive detection rate would make no sense and would completely skew the entire test, making their findings a whole lot less important, imho.
     
  2. Zimzi

    Zimzi Registered Member

    Joined:
    Jul 10, 2005
    Posts:
    289
    I think it is easier to say that you do not like Avira, but to think up something like this? :rolleyes:
     
  3. Motherroad

    Motherroad Registered Member

    Joined:
    Feb 13, 2006
    Posts:
    234
    Location:
    Florida
    Bottom line is Avira has excellent protection false positives or not.
     
  4. dcrowe0050

    dcrowe0050 Registered Member

    Joined:
    Sep 1, 2009
    Posts:
    378
    Location:
    NC

    So basically you are saying the more FP's it gets, the better the detection rate. I think maybe you had a typo or just got mixed up. Read the test methodology that they publish with each test and you will discover that this is not true. I am almost positive that AVC takes points away from AV's for FP detections.
     
  5. whitedragon551

    whitedragon551 Registered Member

    Joined:
    Sep 30, 2008
    Posts:
    3,264
    Location:
    USA
    Yes they do take points away for having FP's. It was a mis-wording on my part. Regardless Avira has alot of FP's and thats why it gets bumped to the bottom of the list at AVC because it detects things that arent infected. I used Avira Premium on my laptop for about 6 months and Avira Free on my wifes laptop. For her it was good because shes not so computer savvy, but for me its rather annoying getting pop-ups for video games because its a "virus".

    Excellent protection and FP's dont go in the same sentence. Avira has good detection due to its over zealous amount of FP's. Excellent detection would be something like ESET NOD32 or KAV where the FP's are minimal, but detection rate is also top notch.
     
  6. thegoat

    thegoat Registered Member

    Joined:
    Mar 12, 2010
    Posts:
    17
    Interesting how you get so many FP's. You seem to be one of the few on this forum so far who has reported thus. The majority of people on this forum are having very few FP's.

    Just goes to show that different people will like different things better. It's not very insightful to make generalised statements like Avira doesn't give you good protection. It seems/appears to be giving plenty of people good protection on this forum. Right?
     
  7. whitedragon551

    whitedragon551 Registered Member

    Joined:
    Sep 30, 2008
    Posts:
    3,264
    Location:
    USA
    After only a few posts you have already proven you cant read or do your own research. Let me spell it out for you.

    I never said it gave bad protection or anything less than good. I said it only gives good protection because the amount of FP's make it undesirable. Great protection would be high detection rate, low FP rate which Avira is not. AVC didnt just create FP's to say Avira detects FP's. It happened in a controlled environment. AVC considers "many" false positives 15 or more false detections in their test. Not only did it break the 15 FP thresh hold for ranking it had 21 FP's. I wasnt able to find the amount of samples that were used for a ratio of FP's to legit detections.
     
  8. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    6,906
    Location:
    Hawaii
    Do you have any *hard-info* basis for this statement, are or you merely theorizing?

    AVC's database for assessing FPs is NOT the same database that is used to assess detection rates.

    It is perhaps accurate to state that AVC's high detection is partially due to very aggressive heuristics (which can be adjusted downward by the user). It is equally accurate to say that AVC's excellent "proactive" performance against zero-day stuff is also at least partially due to very aggressive heuristics. It is equally accurate to say that highly aggressive heuristics shall result in increased FPs -- this ensues largely because the behaviors/patterns found in malware are oftentimes manifested in benign apps.

    Bottom line is that (a) on-demand detection rates vis a vis (b) proactive detection rates vis a vis (c) FPs, are somewhat on a 3-sided totterboard. An AV with less aggresive heuristics can do well on on-demand rates with low FPs, but at the expense of lesser proactive detection of zero-day stuff. AVC does well both as to on-demand detection (incl on-access etc) AND as to proactive detection, but the FP side of the 3-way totterboard elevates.

    There is, no doubt, the *perfect AV* that can achieve high on-demand effectiveness, coupled with high proactive effectiveness, coupled with zero FPs -- but that perfect AV has yet to be fielded. For those who prefer top echelon performance on-demand/on-access & proactive, there is Avira. I am one of those. In any event, a simple Google often suffices to determine the trueness or falseness of any "positive" reported by ANY AV.
    ~~~~~~~~~~~~~~~~~~~~

    By the way, I used Antivir Personal for >5 years, & have been using Avira Premium for nearly 3 years. In that time, I have had perhaps a dozen FPs.
     
    Last edited: Mar 13, 2010
  9. whitedragon551

    whitedragon551 Registered Member

    Joined:
    Sep 30, 2008
    Posts:
    3,264
    Location:
    USA
    I already stated I made a miss-post.
     
  10. icr

    icr Registered Member

    Joined:
    Sep 6, 2008
    Posts:
    1,589
    Location:
    Mumbai

    Are you using the keygens and cracks to patch your video gameso_O

    Coz I hadn't had a single pop up of avira saying that it is a threat:cautious:
     
  11. Saraceno

    Saraceno Registered Member

    Joined:
    Mar 24, 2008
    Posts:
    2,404
    If you look at the retrospective/proactive test for Nov 09.

    Compared to another leading product, out of 23 237 viruses, not files, but viruses, Avira is top in detection. Beats the next leading product, sitting right next to it in the table, by 4941 malicious files. And the next product second to the right which earns the 'same award' as Avira by 5829 files. The two products above scored 3-15 false positives, Avira I assume say '20'. So for a possible 5 more false positives, Avira detects thousands more malicious files.

    Let's say, for every one false positive it will give you, Avira will protect you and detect 1000 more trojans and viruses the other leading security product will miss. That is amazing, and something many aren't comprehending. For a false positive, takes two seconds to google it, or upload it to virustotal while the AV alerts the user. And those false positives might not have even been on 'system files', in previous tests, I look at the false-positive samples, and it was mainly add-on software.

    No offence to AV-C, but false positives should count on system files and well known software, not some unknown applications that might be just listed on softpedia/download.com. From that test, although it was awarded only an 'Advanced', if I performed the test, it would have been awarded 'Advanced+++++++' while the others 'Advanced+'.
     
    Last edited: Mar 13, 2010
  12. Saraceno

    Saraceno Registered Member

    Joined:
    Mar 24, 2008
    Posts:
    2,404
    I checked report 23 appendix, listing of false positives. Avira had 21 false positives, so my 'assumption' above of 20 files is pretty close.

    Two had valid digital signatures, all software, I wouldn't categorise as critical software. Many of the other AVs detected one valid digital signature file. McAfee detected two files with digital signatures - McAfee is probably the number one AV used in the corporate environment in the country I'm in.
     
  13. estervantes

    estervantes Registered Member

    Joined:
    Nov 15, 2007
    Posts:
    47
    Can't resist commenting in this thread.

    Although I am presently using MSE in order to check it out, I previously used Avira for about three years and was very impressed with it.

    Over that time, despite surfing on the Net's dark side regularly, I had with heuristics turned up high only a handful of false positives and each of these was readily and easily identified as such even for a noob such as myself with only minimal investigation .

    I appreciated the fact that I could rely with great confidence on the statistically verified low probability of a FALSE NEGATIVE with Avira. A false negative is, as another poster mentioned in this thread, a far more worrying possibility than an easily identifiable FALSE POSITIVE. Maybe for ordinary users a false positive might cause panic and provoke an unfortunate reaction, but among Wilders readers, Avira might reasonably be considered an excellent choice of AV given their knowledge and the ability to respond appropriately.
     
  14. Saraceno

    Saraceno Registered Member

    Joined:
    Mar 24, 2008
    Posts:
    2,404
    Without getting bogged down in statistics, if Avira received 21 for false positives, and another received 5, the difference is 16 files for thousands of more detections.

    So depending on the AV you're comparing it to, my comment above might read (regarding the 4941 additional viruses detected):
    "Let's say, for every one false positive it will give you, Avira will protect you and detect 309 more trojans and viruses the other leading security product will miss."

    That's just based on the AV-C report. Anyway, everyone has their own opinion, but mine is that Avira is still one of the best products a user can have.

    Good points there estervantes. I'm also using MSE, but I respect how solid a program Avira is.
     
  15. shadek

    shadek Registered Member

    Joined:
    Feb 26, 2008
    Posts:
    2,538
    Location:
    Sweden
    Avira detects cracks for games as viruses... it's odd that whitedragon551 here is having issues with Avira and his games... don't you think? I buy all my games off Steam and never had a problem with Avira and the games (I own over 100 of them on Steam). After my subscription on NIS 2010 ends I'll probably revert back to Avira.
     
  16. Osaban

    Osaban Registered Member

    Joined:
    Apr 11, 2005
    Posts:
    5,000
    Saraceno, your analyses of Avira's AV-Comparatives results has always been my approach as well, even though AV comparatives is heavily penalizing FP numbers, it is nothing compared to VirusBulletin where one single FP could determine the overall failure of the test.

    As far as I know AV-Comparatives still doesn't want to disclose the list of applications/files which they use to determine FPs. If we consider 'heuristics' based on patterns that could be malicious, there will always be a certain amount of FPs. I have no doubts that any of the top contenders is a good choice as an AV as long as it is not the only layer.

    Avira has had a crescendo over the years, in terms of detections, but other companies as well. I'm also interested in the future of MSE.
     
  17. Motherroad

    Motherroad Registered Member

    Joined:
    Feb 13, 2006
    Posts:
    234
    Location:
    Florida
    I had NOD32 when it was listed at the top of the tests some years back and had many trojans that got in. If you think that is excellent detection than you can have it.
     
  18. trjam

    trjam Registered Member

    Joined:
    Aug 18, 2006
    Posts:
    9,102
    Location:
    North Carolina USA
    how can you compare anything from "many years back." I mean, many years back, "People use to eat with their feet."

    Things change
     
  19. whitedragon551

    whitedragon551 Registered Member

    Joined:
    Sep 30, 2008
    Posts:
    3,264
    Location:
    USA
    BF2 creates a .tmp file when it runs for the shader cache. I think its funny you jump to conclusions. COD4 does the same thing. Both got flagged by Avira.
     
  20. Motherroad

    Motherroad Registered Member

    Joined:
    Feb 13, 2006
    Posts:
    234
    Location:
    Florida
    Yes things change and so did my AV. A happy camper now with no trojans and viruses every week.
     
  21. trjam

    trjam Registered Member

    Joined:
    Aug 18, 2006
    Posts:
    9,102
    Location:
    North Carolina USA
    Oh, you use Eset now? ;)
     
  22. whitedragon551

    whitedragon551 Registered Member

    Joined:
    Sep 30, 2008
    Posts:
    3,264
    Location:
    USA
    What he meant to say is hes happy with the amount of FP's he gets.
     
  23. Motherroad

    Motherroad Registered Member

    Joined:
    Feb 13, 2006
    Posts:
    234
    Location:
    Florida
    No FP's here. Just top notch protection.:D
     
  24. AvinashR

    AvinashR Registered Member

    Joined:
    Dec 26, 2009
    Posts:
    2,060
    Location:
    New Delhi Metallo β-Lactamase 1
    My mistake...I always mix up HIPS with Heuristics....
     
  25. Noob

    Noob Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    6,490
    True, I also have BF2 and if i remember correctly some AV's that i tested reported them as dangerous or malicious :D
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.