New german PC-Welt Test by av-test.org

Discussion in 'other anti-virus software' started by FRug, Nov 28, 2006.

Thread Status:
Not open for further replies.
  1. KikiBibi

    KikiBibi Registered Member

    Joined:
    Oct 23, 2006
    Posts:
    173
    I downloaded and installed Forticlient yesterday. The experience is not so good.
    At max settings(enable heuristics), BOclean, Firefox Setup file, Opera spellchecker came as suspicious with its realtime protection.

    Then when I try the system scan, NOD32/SSM/AutoPatcher/etc setup files also appear as suspicious.

    Also, the update process is very slow(15-20min). Not sure if it's because I'm using the evaluation version.
     
  2. Legendkiller

    Legendkiller Registered Member

    Joined:
    Jun 29, 2006
    Posts:
    1,053
    can someone give more details on forticlient,i am hearing its name for the first time..
     
  3. lucas1985

    lucas1985 Retired Moderator

    Joined:
    Nov 9, 2006
    Posts:
    4,047
    Location:
    France, May 1968
    I´ve readed that Fortinet´s heuristics are very prone to FP
    I believe they flag any packed executable as suspicious
    We´ll have to wait for IBK´s tests
     
    Last edited: Nov 29, 2006
  4. Stefan Kurtzhals

    Stefan Kurtzhals AV Expert

    Joined:
    Sep 30, 2003
    Posts:
    702
    I am looking forward very much to see Fortinet tested against the false positive set of IBK (av-comparatives). :rolleyes:

    Strange, though. Both Fortinet and Sophos basically report every runtime-packed program as suspicious. Esafe added a similar "advanced" detection "technology" just recently. But why does Sophos score so bad in this test, while fortinet rates very high?
     
  5. vlk

    vlk AV Expert

    Joined:
    Dec 26, 2002
    Posts:
    621
    And what about AntiVir - and its detections of Obsidium (and other) packed binaries?
     
  6. pykko

    pykko Registered Member

    Joined:
    Apr 27, 2005
    Posts:
    2,236
    Location:
    Romania...and walking to heaven
    hmm... NOD32 didn't perform so well... I"m wondering if ESET is aware of this test and if they are going to react by adding some defs... Hope they won't expect the av-comparatives test to add monster updates. Anyway, they seemed to be concerned about those "dangerous" DOS viruses in the last weeks. :rolleyes:
     
  7. Stefan Kurtzhals

    Stefan Kurtzhals AV Expert

    Joined:
    Sep 30, 2003
    Posts:
    702
    vlk, you are right, AntiVir does report that. But it doesn't claim it is malware. Sophos reports Mal/Packer, Esafe reports Trojan/Worm, Fortinet says "suspicious". Now, all they do is to detect the packer. They don't perform any additional tests. It's a strange conclusion - all programs packed with UPACK must be malware - only because alot of malware is actually compressed with UPACK? It's a good preselection test, but not a final conclusion.

    AntiVir reports: "This program is compressed with an unusual compressor. Please check the origin of this file".

    I don't see any problems with that. It's an option you must manually enable, it is off by default.
     
  8. i_g

    i_g Registered Member

    Joined:
    Aug 30, 2006
    Posts:
    133
    Now the question is: is this result considered as "clean" or "infected" by this test? (and also other ones, such as AV-Comparatives)
     
  9. Firecat

    Firecat Registered Member

    Joined:
    Jan 2, 2005
    Posts:
    8,251
    Location:
    The land of no identity :D
    And also whether this option is enabled for AntiVir in all the tests....
     
  10. Inspector Clouseau

    Inspector Clouseau AV Expert

    Joined:
    Apr 2, 2006
    Posts:
    1,329
    Location:
    Maidenhead, UK
    Most of the testers just enable "everything" just to be on a safe site not to get screams from vendors why they didn't enable it :rolleyes:
     
  11. Arin

    Arin Registered Member

    Joined:
    May 1, 2004
    Posts:
    997
    Location:
    India
    Curiosity got the better of me and i downloaded and installed FortiClient on my computer. yes, it seems their heuristics is prone to false alarm. I'll wait for some expert to perform some test on it.

    A friend of mine told me Sophos sorted out the mal/packer problem with version 6.5 but still they have this on their web site which means the detection is still there. Atleast they are doing what AntiVir is doing with Obsidium.

    if what IC says, is true for Andreas Marx, (which i don't think so) then Fortinet is not worth the trouble for me.
     
  12. Stefan Kurtzhals

    Stefan Kurtzhals AV Expert

    Joined:
    Sep 30, 2003
    Posts:
    702
    You just have to look at the Virus Total Top10 to see that Mal/Packer (Sophos) is still present and being used, so is Trojan/Worm (Esafe). VirusTotal does not enable the Packer detection (PCK/) of AntiVir.
     
  13. lucas1985

    lucas1985 Retired Moderator

    Joined:
    Nov 9, 2006
    Posts:
    4,047
    Location:
    France, May 1968
    Thanks for confirming my thoughts
    IMHO, the positive things are the good results of AVG and Avast
     
  14. optigrab

    optigrab Registered Member

    Joined:
    Nov 6, 2002
    Posts:
    624
    Location:
    Brooklyn/NYC USA
    Lodore, Do you really think 0.69% difference is significant - either statistically or anecdotally? I don't. Furthermore I don't think we're provided enough information to speculate whether "more updates" or "more engines" accounted for the respective numbers. Finally, from the perspective of an end user, I feel the results for both these AV's are quite good - downward red arrows notwithstanding.
     
  15. lodore

    lodore Registered Member

    Joined:
    Jun 22, 2006
    Posts:
    9,065
    i see your point but the fact that sometimes f-secure is slightly up as well doesn't make much difference with its five engines compared to kaspersky's 1.
    ad aware in f-secure has caused quite a few fp's in the time ive used f-secure.
    lodore
     
  16. shek

    shek Registered Member

    Joined:
    Mar 27, 2005
    Posts:
    342
    Location:
    SE CHINA/NYC USA
    what about antivir's heur/crypted and some generic detections whose names include "crypt", such as TR/Crypt.NSPM.Gen? Do they detect threats by real heuristic( such as behavior analysis) or just detect them by their packing methods?
     
  17. yeuxbleus

    yeuxbleus Registered Member

    Joined:
    Jul 13, 2004
    Posts:
    90
    I have always had the inkling that NOD32 is overrated. :rolleyes:

    :thumb: Excellent job to Avira!
     
  18. JerryM

    JerryM Registered Member

    Joined:
    Aug 31, 2003
    Posts:
    4,306
    Even when NOD is ALMOST as good as Avast Home? :D :D

    Jerry
     
  19. Stefan Kurtzhals

    Stefan Kurtzhals AV Expert

    Joined:
    Sep 30, 2003
    Posts:
    702
    Some of the HEUR/Crypted rules are very easy too, but I continually try to add more checks that reduce possible false positives. TR/Crypt.F.Gen is very simple but very effective, but so far I only got less than 10 false positives with it. And all of those were cracked programs. There is no behaviour analysis using emulation - yet.
    TR/Crypt.NSPM.Gen has a bug which can cause it to trigger false positives.
     
  20. btman

    btman Registered Member

    Joined:
    Feb 11, 2006
    Posts:
    576
    Webwasher 99.89!!!!!!!!!!! Common, isn't anyone else rather than like 2 ppl thinking... well what the heck?
     
  21. Stefan Kurtzhals

    Stefan Kurtzhals AV Expert

    Joined:
    Sep 30, 2003
    Posts:
    702
    Webwasher had a false positive in their heuristic, they reported every UPX packed DLL as suspicious. That might be the additional detection on top of the Avira engine. ;)
     
  22. Firecat

    Firecat Registered Member

    Joined:
    Jan 2, 2005
    Posts:
    8,251
    Location:
    The land of no identity :D
    But I do expect Andreas Marx to be somewhat more knowledgeable and experienced than your average VX-collections tester.....
     
  23. Stefan Kurtzhals

    Stefan Kurtzhals AV Expert

    Joined:
    Sep 30, 2003
    Posts:
    702
    I am sure that Andreas has only malware in the collection. If you report every UPX packed DLL as suspicious you will raise the detection ratio on malware collections - but the detection is "accidentially".
     
  24. Wai_Wai

    Wai_Wai Registered Member

    Joined:
    Dec 28, 2004
    Posts:
    556
    Yes, I can confirm that. Fortinent has many false positives.It also flag many packed executable as suspicious. Not a reliable AV.
     
  25. Wai_Wai

    Wai_Wai Registered Member

    Joined:
    Dec 28, 2004
    Posts:
    556
    Same here. I have performed some testing about NOD32 too, mainly testing its trojan/keylogger/backdoor detection rates. The performance is so-so (like Kaspersky/AntiVir 50-60% vs NOD32 20-30%). Disappointed!! :thumbd:
    There are also other test results which show similar results (it can't come up to the top but Kaspersky and Antivir can still manage to do), although this is the worst one I have seen (NOD32 is ranked 12th and in the range of Avast and AVG :thumbd: :thumbd:).

    Same here. :thumb: :thumb: :thumb:
    - The world-top detection rates (both on-demand and proactive)
    - Fewer and fewer false positives (I have seen the improvement :thumb: )
    - what's more, it's free

    For obvious reasons, free security products can't match the best commercial products (they can beat some but not all of them). This one is the exception. :D
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.