I'm testing AV products against zeroday malware

Discussion in 'other anti-virus software' started by bradtech, Oct 12, 2009.

Thread Status:
Not open for further replies.
  1. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    79,960
    Location:
    Texas
    I doubt anyone could gather the newest threats pursuing this testing 24/7. :D

    Make a big pot of coffee.
     
  2. acr1965

    acr1965 Registered Member

    Joined:
    Oct 12, 2006
    Posts:
    4,988
    Thanks I will look forward to it.

    FWIW- just a suggestion, I would like to see the products tested straight out of box or set to max...all the same, whatever it is.

    Nice job at the videos.
     
  3. bradtech

    bradtech Guest

    I'll state, and show settings each time..
     
  4. sded

    sded Registered Member

    Joined:
    Jun 4, 2004
    Posts:
    512
    Location:
    San Diego CA
    I find these types of Demonstrations (certainly not tests) interesting in that they show the features and some of the capabilities of the various products out there and give some reviews of the features. Matt's remove-malware even provides hints on how to use the products to do just that. They are certainly not scientific "tests" (and mostly don't claim to be) but often provide insight into the operation and some of the general weaknesses of the products tested. Compared to some of the small sample "tests" that show no understanding of sampling or testing, they seem much more valuable than, for example, the SSUpdater clones and similar that show up here and elsewhere with no justification that the results have any particular validity in terms of differentiating between products or were even conducted in a scientific manner.
     
  5. firzen771

    firzen771 Registered Member

    Joined:
    Oct 29, 2007
    Posts:
    4,815
    Location:
    Canada
    id prefer to see the products full capabilities at max settings.
     
  6. BlueZannetti

    BlueZannetti Registered Member

    Joined:
    Oct 19, 2003
    Posts:
    6,590
    No real need to apologize. Differences of opinion are fine and that's what this is, a difference of opinion.

    I don't believe I've said "trust av-comparatives", at least blindly. I do believe they make a decent effort to provide a level playing field and reasonably vetted challenge sample set, although I'd personally do a lot more to squeeze the data obtained to put some of the differences noted on a statistically sound basis and I've previously provided some rough metrics with respect to that for their test results.

    One point that we'd probably agree on, a million samples tested poorly is probably less useful than a hundred samples examined well. A small test bed brings with it additional complications with respect to the generality of the findings, but it's not a definitive weakness if that detail is appreciated.

    It's called a reality check, deal with it. If you think my comments constitute bashing, you have an exceptionally low threshold to criticism and really have no idea what bashing is.

    Objectively speaking, what's being gained? Is there enough control in the test? See below.

    Step back and seriously examine what you just said, especially the part in bold. Your challenge set varies across the product set. Given that I think we all agree that no product covers everything, you really haven't assessed, at least as far as I can see, whether the test is homogeneous even to the extent of challenge type. You're observing behavior, but how illustrative is it of the products and how uniform is it across the product set.

    I understand you're focusing on behavior, but to be perfectly candid you have too many floating uncontrolled variables to possibly get a decent handle even on that.

    Blue
     
  7. bradtech

    bradtech Guest

    :thumb:
     
  8. bradtech

    bradtech Guest

    Thank you for your opinions..
     
  9. bradtech

    bradtech Guest

    Thank you, I plan on doing other products other than AV programs.. Show users how to setup WSUS, and ensure it is working via means of scripting.. How to setup some open source free linux based proxies.. How you can use Active Directory to help protect against malware, some nice GPO settings to implement, along with Software Restriction Policies :).. Also things I have done with Terminal Services to lock down end users..
     
  10. Hugger

    Hugger Registered Member

    Joined:
    Oct 27, 2007
    Posts:
    1,003
    Location:
    Hackensack, USA
    Perhaps it would be nice if some people weren't quite so jaded.
    The av tests, whether those of pro testers or what we're reading today, don't make me decide what av I'm going to use. Rather they give me an idea of which one's don't even come close to being what I would want and also some indication of which one's I might want to look at more closely.
    This is an interesting thread. Let's enjoy it.
    Hugger
     
  11. bradtech

    bradtech Guest

    Okay guys I just finished Checkpoint Zonealarm 2010 Extreme Security.. It is added to the upload list.. I have Twister Antivirus, Avast5, and Zonealarm 2010 in queue in that order.. About 50 minutes left for the twister review..

    Out of all of them I would recommend Twister.. Looking over the list and personal messages of other products recommended.. Microsoft, PrevX, Rising, and Commodo..
     
  12. acr1965

    acr1965 Registered Member

    Joined:
    Oct 12, 2006
    Posts:
    4,988
    I certainly am nothng close to an expert but I get a lot out of the videos just watching the programs run, see how the tests are performed, other little things here and there. I can read the av-c results in a couple minutes and be done with them for a while. The videos certainly seem more interesting especially captured in real time. Better than what's on tv, since my Cards are done, anyway.
     
  13. Bunkhouse Buck

    Bunkhouse Buck Registered Member

    Joined:
    May 29, 2007
    Posts:
    1,058
    Location:
    Las Vegas
    For once, I agree with you.
     
  14. ccomputertek

    ccomputertek Registered Member

    Joined:
    Jul 27, 2009
    Posts:
    371
    I agree with both of these.Also, AV companies, if they really want to make an impact in the industry, especially The Up-And-Comers, really need to toss out the idea of relying on signatures and heuristics and focus on some more advanced heuristics that actually work, instead of just calling them advanced.

    Signatures worked in the DOS and windows 95 days, they really aren't effective anymore.Your living in the past.. just forget about signatures alltogeather and focus on behavioral and advanced techniques.As viruses advance and evolve, so does the software written to detect them.... at least it should.

    Personally, my common sense and computer knowledge keep me virus free, I only use anti-virus software as a second layer of defense.I could literally use no anti-virus or firewall and remain virus free, I only use them as backup and peace of mind.
     
  15. bradtech

    bradtech Guest

    Just finished reviewing Rising Internet Security... Very impressed with the software.. It, and Twister so far today have impressed me the most!
     
  16. BlueZannetti

    BlueZannetti Registered Member

    Joined:
    Oct 19, 2003
    Posts:
    6,590
    Although I think elimination of signatures are a worthy target, if I walk up to you today and hand you an executable (or conversely, you download one from a site on the internet), how do you know it's fine to run? Disassembly? Guess? Hope? If you're like the majority of users, you don't know. You may rely on an "expert" system. That "expert" system may be an AV, it may be a site you trust (which presumably vets their content), or some combination.

    I realize there are general issues with a blacklisting approach - issues of scalability in the current climate (although there still seems to be slack there), issues of immediacy which are compounded by very rapid dispersal methods, and so on.

    However, the behavioral approach also has significant issues. The operational primitives often do not reflect intent. Malware employs the same set of unit operations to accomplish an objective that any valid application typically uses. Recognizing these steps as malicious involves a degree of intent intrepretation and contextual sense. Sometimes it's obvious, sometimes it's not, but that's with an advanced and savvy user. It's much less certain with a casual user.

    You really have to ask yourself if a behavioral approach is oriented to address the problem or if it is yet another attempt to mitigate the symptoms and leave the underlying issue untreated.

    Blue
     
  17. rocky6

    rocky6 Registered Member

    Joined:
    Jun 19, 2009
    Posts:
    21
    What's my reality check? That you are a "tool"? Thanks but i was able to figure that out by myself. I'm obviosly not the only one that thought your 1st post was a bash. I'm not bashing your classlessness either. If you think my comments are bashing, you also have an exceptionally low threshold to criticism. Deal with that.
     
  18. ccomputertek

    ccomputertek Registered Member

    Joined:
    Jul 27, 2009
    Posts:
    371

    I just think the technology isn't advancing and evolving rapidly enough to keep up, which is shown in some expert and non-expert testing.AV companies seem to still be relying 75% on keeping signatures updated, instead of modules.Usually when you go to update your anti-virus program, it updates the signatures, instead of advancing program components or modules to keep up...... I just think signatures are old school in this day and age.Some of these anti-virus companies have been around for years, you mean to tell me they can't keep up with a few script kiddies ? it's a joke ! ! :thumbd: :rolleyes:
     
  19. Fajo

    Fajo Registered Member

    Joined:
    Jun 13, 2008
    Posts:
    1,814
    What you got to ask your self is has this topic just devolved into nothing but bickering. :doubt:
     
  20. ccomputertek

    ccomputertek Registered Member

    Joined:
    Jul 27, 2009
    Posts:
    371
    You knew this was bound to happen *puppy* At any rate, let the show continue :doubt: Interesting indeed and we may be getting somewhere, where other threads have not.
     
  21. bradtech

    bradtech Guest

    :thumbd:
     
  22. Page42

    Page42 Registered Member

    Joined:
    Jun 18, 2007
    Posts:
    6,281
    Location:
    USA
    Why don't we just let the OP conduct his tests and take requests from members for apps to test, and not delve into all this other stuff? Can't this thread just be about what the OP wanted it to be about? :(
     
  23. lifetweaker

    lifetweaker Registered Member

    Joined:
    Jun 24, 2009
    Posts:
    63
    Location:
    127.0.0.1
    It can, but people don't seem to be letting it...:doubt: Hopefully it won't last for another page or so.
     
  24. bradtech

    bradtech Guest

    Argh!! youtube removed my twister review because it was longer than ten minutes!!
     
  25. ccomputertek

    ccomputertek Registered Member

    Joined:
    Jul 27, 2009
    Posts:
    371
    Were not hijacking the thread, just throwing in important discussion about the subject here and there.I wouldn't know where else to put in my 2 cents anyway, I guess I could have just dropped it into any active discussion or make my own thread in whatever catagory and discuss it there.
     
Loading...
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.