I'm testing AV products against zeroday malware

Thanks I will look forward to it.

FWIW- just a suggestion, I would like to see the products tested straight out of box or set to max...all the same, whatever it is.

Nice job at the videos.

 

I'll state, and show settings each time..

 

I find these types of Demonstrations (certainly not tests) interesting in that they show the features and some of the capabilities of the various products out there and give some reviews of the features. Matt's remove-malware even provides hints on how to use the products to do just that. They are certainly not scientific "tests" (and mostly don't claim to be) but often provide insight into the operation and some of the general weaknesses of the products tested. Compared to some of the small sample "tests" that show no understanding of sampling or testing, they seem much more valuable than, for example, the SSUpdater clones and similar that show up here and elsewhere with no justification that the results have any particular validity in terms of differentiating between products or were even conducted in a scientific manner.

 

id prefer to see the products full capabilities at max settings.

 

No real need to apologize. Differences of opinion are fine and that's what this is, a difference of opinion.

I don't believe I've said "trust av-comparatives", at least blindly. I do believe they make a decent effort to provide a level playing field and reasonably vetted challenge sample set, although I'd personally do a lot more to squeeze the data obtained to put some of the differences noted on a statistically sound basis and I've previously provided some rough metrics with respect to that for their test results.

One point that we'd probably agree on, a million samples tested poorly is probably less useful than a hundred samples examined well. A small test bed brings with it additional complications with respect to the generality of the findings, but it's not a definitive weakness if that detail is appreciated.

It's called a reality check, deal with it. If you think my comments constitute bashing, you have an exceptionally low threshold to criticism and really have no idea what bashing is.

Objectively speaking, what's being gained? Is there enough control in the test? See below.

Step back and seriously examine what you just said, especially the part in bold. Your challenge set varies across the product set. Given that I think we all agree that no product covers everything, you really haven't assessed, at least as far as I can see, whether the test is homogeneous even to the extent of challenge type. You're observing behavior, but how illustrative is it of the products and how uniform is it across the product set.

I understand you're focusing on behavior, but to be perfectly candid you have too many floating uncontrolled variables to possibly get a decent handle even on that.

Blue

 

Thank you for your opinions..

 

Thank you, I plan on doing other products other than AV programs.. Show users how to setup WSUS, and ensure it is working via means of scripting.. How to setup some open source free linux based proxies.. How you can use Active Directory to help protect against malware, some nice GPO settings to implement, along with Software Restriction Policies .. Also things I have done with Terminal Services to lock down end users..

 

Perhaps it would be nice if some people weren't quite so jaded.
The av tests, whether those of pro testers or what we're reading today, don't make me decide what av I'm going to use. Rather they give me an idea of which one's don't even come close to being what I would want and also some indication of which one's I might want to look at more closely.
This is an interesting thread. Let's enjoy it.
Hugger

 

Okay guys I just finished Checkpoint Zonealarm 2010 Extreme Security.. It is added to the upload list.. I have Twister Antivirus, Avast5, and Zonealarm 2010 in queue in that order.. About 50 minutes left for the twister review..

Out of all of them I would recommend Twister.. Looking over the list and personal messages of other products recommended.. Microsoft, PrevX, Rising, and Commodo..

 

I certainly am nothng close to an expert but I get a lot out of the videos just watching the programs run, see how the tests are performed, other little things here and there. I can read the av-c results in a couple minutes and be done with them for a while. The videos certainly seem more interesting especially captured in real time. Better than what's on tv, since my Cards are done, anyway.

 

For once, I agree with you.

 

I agree with both of these.Also, AV companies, if they really want to make an impact in the industry, especially The Up-And-Comers, really need to toss out the idea of relying on signatures and heuristics and focus on some more advanced heuristics that actually work, instead of just calling them advanced.

Signatures worked in the DOS and windows 95 days, they really aren't effective anymore.Your living in the past.. just forget about signatures alltogeather and focus on behavioral and advanced techniques.As viruses advance and evolve, so does the software written to detect them.... at least it should.

Personally, my common sense and computer knowledge keep me virus free, I only use anti-virus software as a second layer of defense.I could literally use no anti-virus or firewall and remain virus free, I only use them as backup and peace of mind.

 

Just finished reviewing Rising Internet Security... Very impressed with the software.. It, and Twister so far today have impressed me the most!

 

Although I think elimination of signatures are a worthy target, if I walk up to you today and hand you an executable (or conversely, you download one from a site on the internet), how do you know it's fine to run? Disassembly? Guess? Hope? If you're like the majority of users, you don't know. You may rely on an "expert" system. That "expert" system may be an AV, it may be a site you trust (which presumably vets their content), or some combination.

I realize there are general issues with a blacklisting approach - issues of scalability in the current climate (although there still seems to be slack there), issues of immediacy which are compounded by very rapid dispersal methods, and so on.

However, the behavioral approach also has significant issues. The operational primitives often do not reflect intent. Malware employs the same set of unit operations to accomplish an objective that any valid application typically uses. Recognizing these steps as malicious involves a degree of intent intrepretation and contextual sense. Sometimes it's obvious, sometimes it's not, but that's with an advanced and savvy user. It's much less certain with a casual user.

You really have to ask yourself if a behavioral approach is oriented to address the problem or if it is yet another attempt to mitigate the symptoms and leave the underlying issue untreated.

Blue

 

What's my reality check? That you are a "tool"? Thanks but i was able to figure that out by myself. I'm obviosly not the only one that thought your 1st post was a bash. I'm not bashing your classlessness either. If you think my comments are bashing, you also have an exceptionally low threshold to criticism. Deal with that.

 

I just think the technology isn't advancing and evolving rapidly enough to keep up, which is shown in some expert and non-expert testing.AV companies seem to still be relying 75% on keeping signatures updated, instead of modules.Usually when you go to update your anti-virus program, it updates the signatures, instead of advancing program components or modules to keep up...... I just think signatures are old school in this day and age.Some of these anti-virus companies have been around for years, you mean to tell me they can't keep up with a few script kiddies ? it's a joke ! !

 

What you got to ask your self is has this topic just devolved into nothing but bickering.

 

You knew this was bound to happen At any rate, let the show continue Interesting indeed and we may be getting somewhere, where other threads have not.

 

Why don't we just let the OP conduct his tests and take requests from members for apps to test, and not delve into all this other stuff? Can't this thread just be about what the OP wanted it to be about?

 

It can, but people don't seem to be letting it... Hopefully it won't last for another page or so.

 

Argh!! youtube removed my twister review because it was longer than ten minutes!!

 

Were not hijacking the thread, just throwing in important discussion about the subject here and there.I wouldn't know where else to put in my 2 cents anyway, I guess I could have just dropped it into any active discussion or make my own thread in whatever catagory and discuss it there.