new results from AV-Test.org (Q1/2008)

@ Inspector Clouseau

The corollary to what you say, is if you really don't need it, don't put it on your system, because its just another avenue of attack. This is particularly true for media players like Quicktime and Real Media.

Its also pretty hard to identify which AV's protect online games (or whatever) particularly well. Not everyone has your sources of information. My guess would be the big names do real well on MS Office related stuff, as they are aimed at the mainstream customer.

 

LMAO

 

Alex of Sunbelt has written a blog post about the growth of malware, which might be interesting to those who made comments earlier in this thread disputing the figures:

http://sunbeltblog.blogspot.com/2008/01/growth-of-malware.html

He puts over the point well thus:

One or two of you have asked how such samples can be gathered and checked:

 

It's all part of the security-hype and commerce. If they were really interested in the consumer an-sigh, they would send the whole bunch of viruses and samples to the "security-vendors" were some months later we all would be safe against the full 100% of them.

Their ultimate goal is not getting you secure, it is selling "security".

 

av-comparatives do send the samples to the vendors.

 

avast detected more than 99 % ! what a pleasant surprise

 

Considering it's pure signature engine, it's results are certanly outstanding.

 

Is anyone surprised by Trend Micro's performance? I've always found it to be inferior to other quality AV's.

 

Work is finally paying off, TrendMicro made quite some improvements to it's engine and released quite big signature updates (steady around 500 a day).

 

Yes, but it still slows down your machine much more than other AVs with higher detection ratings.

 

Actually the scanengine is quite speedy. Also since version 2007 they included a whitelisting system, containing many Windows systemfiles for example.

 

It didnt slow down at all on neither my comp, nor my parents (3 ghz p4, 1 gb ram). Actually it runs very well

 

I did not say the scan engine slowed you down. The entire program takes up a lot of memory compared to other top AVs such as Avira and Kaspersky. I have used and tested Trend Micro since it was developed, and it is bloated like Norton was a few years ago. There are better choices.

 

agreed.

 

If he takes Canon, he isn't a PROFESSIONAL photographer. Today it is Nikon that rocks among Full Frame dSLR cameras, tomorrow after a couple of months it will be Sony (Minolta based) dSLR FF cameras that rocks. Because of body based image stabilization, Sony takes sharp pictures without a tripod with any lens available.

Best regards,
Firefighter!

 

i keep my eyes on the prevx daily chart on their homepage, and trend does terrible.

http://www.prevx.com/

 

Pretty bad when CA out preforms them.

 

this chart tells me that Microsoft is doing not bad in comparison to the others

 

I'm guessing that this is because there is a corporate application for MS in security software (forefront). MS has never been hugely successful in consumer electronics (zune, xbox) but anything that has a corporate use is developed well (office, windows etc).

 

Thanks to Firecat, CSJ and of the course The Inspector for illuminating posts.

 

your welcome jake,

my posts are usually the entertaining ones

 

I didn't experience any slow downs when TM 2008 was running. It's just that it took a lonnnnng time to load. I got tired of watching the little spinning icon do its thing every time I started up. That was my experience with it anyway.

 

Hi Paul and everyone else here,

Andreas Marx sent me some answers on friday.

1. One Mio. samples were used for the on-demand detection test. The samples had unique MD5 checksums but were not unique programs.

2. There was no ad/spyware used.

And here are some link Andreas sent me which probably backup his big sample numbers.

http://news.zdnet.co.uk/security/0,1000000189,39292422,00.htm?r=1
"The numbers are going through the roof," said Hypponen on Friday.
"We're getting 17,000 samples [of malware] a day, and our database uses 30TB of hard-drive space. The job is getting harder and harder.
Small companies will be overwhelmed unless they get really clever."

And here is an interesting link from McAfee:
http://www.avertlabs.com/research/blog/index.php/2008/01/25/many-facets-of-av-testing/

Greetings,
Valentin

 

That was part of my point. A lonnnnnnnnng time to load is too long. Again, better choices exist. NOD32, and Avira load fast as hell and do not slow down your computer. Try em'-you'll like em'.

 

If I superimpose sample counts provided by AV-Test.org but appearing at Alex Eckelberry's Sunbelt blog with unique signatures in the Kaspersky database,

​

they basically convey the same message. Scaling factors and apparent growth rates differ somewhat, but both are quite high and accelerating. Determining whether AV companies are losing ground is fraught with difficulty. However, if your examine detection trending behavior using the results of the www.av-comparatives.org for both the on-demand and retrospective tests:

​

it doesn't appear that the battle is being lost as yet. Note - values shown are the average of two successive test results starting in 2004 and ending with the latest values published in 2007. The simple paired moving average scheme was used to emphasize longer term directional trends.

From a user's perspective, I tend to focus on two points:

• I download content from the Internet and am not about to rely exclusively on my own opinion as to whether a specific file is malware or not. I prefer to rely on the expert analysis system provided by a classical blacklist AV. I really don't see this changing in the near term even if smaller vendors start to find themselves overwhelmed by volume.
• As a guard against the potential issue of being overwhelmed by volume, there's clearly a number of directions that a vendor and a user can go. On the vendor side, for example, Kaspersky has incorporated a proactive detection HIPS-like module while others have focused on a middle ground of heuristic detection. On the user side there are a number of competing strategies, but it's important to appreciate that if a truly overwhelming onslaught of malware appears on the horizon, it will swamp any signature based approach. Therefore, cascading this style of solution (e.g. AV + AS + AT, etc), which still remains a popular approach, is unlikely to directly address the real problem if/when malware volume overload occurs. Users do need to actively look beyond signature based schemes, and there are a number of options currently available (HIPS, virtualization/sandboxing, restriction policies, etc.). I tend to not recommend these alternate approaches as the sole option used because of the previous point.

Blue