New Real World Test AV Comparatives results are out!

http://www.av-comparatives.org/wp-content/uploads/2013/07/avc_prot_2013a_en.pdf

Thoughts?

 

Well done avast! Bitdefender and trend micro results are suprising

 

Real-World Protection Test March-June 2013
http://chart.av-comparatives.org/chart1.php?chart=chart2&year=2013&month=7&sort=1&zoom=3

.

 

Trend Micro, I agree, but why Bitdefender?

 

Maybe due to the amount of false positives.

 

It doesn't matter to me much because I could deal with them personally. Overall, it's still the best product.

 

Why is Qihoo not in the report?

 

I was looking at overall detection rates. False positives dont bother me that much unless every other detection is one.

 

It is in the Chinese report. http://www.av-comparatives.org/dynamic-tests/. Qihoo does not have an English interface available to the public.

 

How Bitdefender keeps scoring high is beyond me. I own a Bitdefender antivirus plus license and I wanted to see how good the product really was, so over the last 2 weeks I've been testing it in a virtual machine. I've lost count of the amount of samples that have bypassed it. For the life of me I cannot understand how Bd consistently scores 100% and 99.9% on AVC and also scores 100% on AV-TEST. Anyone on this forum can download even a small set of samples (say 40) and I guarantee BD will be bypassed more than once. Now if I'm coming across malware samples on a daily basis for 2 weeks that are bypassing BD why the hell aren't AVC coming across as many samples able to go straight passed BD?

I just find it very strange. Before anyone starts jumping in, the tests I've done are not youtube tests, they are just my own private tests, and for me Bitdefender has failed big time and I no longer consider it anywhere near 99.9%.

 

Yep, Just how I predicted with G-DATA 2014 getting lower scores due to a lack of Avast!. Compare march where it was using 2013, and the other three months where its using 2014. I think they were being cheap not renewing Avast! as engine (B).

They get secondary gains from all the other antivirus programs that use their engines or cloud, which means they get free signature files.

You also find BD and others with constantly higher scores use a dirty trick in testing. Example one would be a code trip where after 100 signature detections consecutively it can go into "test" mode and assume all unknown files are malicious and thus flags everything as "Generic:Malware."

 

Isn't that this?

http://www.360safe.com/pc.html

 

FWIW, if one wants to see the June results only then go here and chose June in the menu: http://chart.av-comparatives.org/chart1.php

 

MSE bringing up the rear again (almost), as usual.

 

Kaspersky keeps on rockin'. The Russians gettin' it right and can get it fairly cheap on Amazon.

 

Interesting....thanks! A little bit of shakin & bakin going on!

 

A couple of questions:

1. How did you download your malware samples?
2. What were your BD settings;

a). On-access i.e. realtime scan settings?
b). On-demand i.e. offline scan settings?
c). Active Virus Control i.e. hueristics settings?
d). IDS set on?

 

For a start there is no IDS in Bitdefender antivirus plus plus.

All settings were at default.

I got my samples from MalwareTips uploaded by Spywar and MalwareCentre all verified fresh by the respective uploaders.

Test it yourself on default settings, but however you try to discredit my personal tests won't take away the fact that BDAV+ is easily bypassed by malware samples on a daily basis. Go on try it yourself.

 

The problem here is your methodology. In your methodology the entire step of how the malware gets to your system is completely removed from the whole equation.

Some behavior blockers will keep in mind the origin of a file and how it got onto your system. That means if it is downloaded from the Internet, it may get a strong bias towards being malicious.

Of course there is also the fact that a lot of AVs will block access to malicious hosts or prevent or block the exploits that are used to install the malware on the victim's PC. All cases that will count as a "blocked" by AV-C.

 

Thanks Fabian, but I was strictly testing the Av without it's web protection. I wanted to know how strong the AV itself was. But I do understand your point that AVC do take web blocking into consideration, thanks again.

 

Then you can't compare your results with neither AV-C nor AV-Test results as both will not just test the AV, but will look at protection in general, starting from the attempted exploitation/malware download.

 

Good showing by McAfee.

 

Even including that I really don't see how Bitdefender is scoring so high, it's AV really isn't that strong.

 

It doesn't have to. Quite frankly you can get 100% block rate at these tests without a single signature if your URL block list for example is complete enough . BitDefenders URL blocking is quite aggressive, as you can see when you look at the amounts of false positives it caused.

 

Ok Fabian thanks for the info. I'll spend the next couple of weeks testing the whole of BDAV+ guards and see if It still gets bypassed a lot as has happened so far in just testing the AV. Thanks again.