new results from AV-Test.org (Q1/2008)

Discussion in 'other anti-virus software' started by Valentin_Pletzer, Jan 22, 2008.

Thread Status:
Not open for further replies.
  1. Diver

    Diver Registered Member

    Joined:
    Feb 6, 2005
    Posts:
    1,444
    Location:
    Deep Underwater
    @ Inspector Clouseau

    The corollary to what you say, is if you really don't need it, don't put it on your system, because its just another avenue of attack. This is particularly true for media players like Quicktime and Real Media.

    Its also pretty hard to identify which AV's protect online games (or whatever) particularly well. Not everyone has your sources of information. My guess would be the big names do real well on MS Office related stuff, as they are aimed at the mainstream customer.
     
  2. lucas1985

    lucas1985 Retired Moderator

    Joined:
    Nov 9, 2006
    Posts:
    4,047
    Location:
    France, May 1968
    LMAO :D
     
  3. TonyW

    TonyW Registered Member

    Joined:
    Oct 12, 2005
    Posts:
    2,741
    Location:
    UK
    Alex of Sunbelt has written a blog post about the growth of malware, which might be interesting to those who made comments earlier in this thread disputing the figures:

    http://sunbeltblog.blogspot.com/2008/01/growth-of-malware.html

    He puts over the point well thus:
    One or two of you have asked how such samples can be gathered and checked:
     
  4. ChicknDip

    ChicknDip Registered Member

    Joined:
    Aug 15, 2007
    Posts:
    59
    It's all part of the security-hype and commerce. If they were really interested in the consumer an-sigh, they would send the whole bunch of viruses and samples to the "security-vendors" were some months later we all would be safe against the full 100% of them.

    Their ultimate goal is not getting you secure, it is selling "security".
     
  5. C.S.J

    C.S.J Massive Poster

    Joined:
    Oct 16, 2006
    Posts:
    5,029
    Location:
    this forum is biased!
    av-comparatives do send the samples to the vendors.
     
  6. 031

    031 Registered Member

    Joined:
    Sep 5, 2007
    Posts:
    187
    Location:
    Bangladesh
    avast detected more than 99 % ! what a pleasant surprise :D :D :D
     
  7. RejZoR

    RejZoR Lurker

    Joined:
    May 31, 2004
    Posts:
    6,426
    Considering it's pure signature engine, it's results are certanly outstanding.
     
  8. EliteKiller

    EliteKiller Registered Member

    Joined:
    Jan 18, 2007
    Posts:
    1,138
    Location:
    TX
    Is anyone surprised by Trend Micro's performance? I've always found it to be inferior to other quality AV's.
     
  9. Sputnik

    Sputnik Registered Member

    Joined:
    Feb 24, 2005
    Posts:
    1,198
    Location:
    Москва
    Work is finally paying off, TrendMicro made quite some improvements to it's engine and released quite big signature updates (steady around 500 a day).
     
  10. Bunkhouse Buck

    Bunkhouse Buck Registered Member

    Joined:
    May 29, 2007
    Posts:
    1,157
    Location:
    SinCity (aka Las Vegas)
    Yes, but it still slows down your machine much more than other AVs with higher detection ratings.
     
  11. Sputnik

    Sputnik Registered Member

    Joined:
    Feb 24, 2005
    Posts:
    1,198
    Location:
    Москва
    Actually the scanengine is quite speedy. Also since version 2007 they included a whitelisting system, containing many Windows systemfiles for example.
     
  12. eBBox

    eBBox Registered Member

    Joined:
    Aug 10, 2006
    Posts:
    482
    Location:
    Aalborg, Denmark
    It didnt slow down at all on neither my comp, nor my parents (3 ghz p4, 1 gb ram). Actually it runs very well :thumb:
     
  13. Bunkhouse Buck

    Bunkhouse Buck Registered Member

    Joined:
    May 29, 2007
    Posts:
    1,157
    Location:
    SinCity (aka Las Vegas)
    I did not say the scan engine slowed you down. The entire program takes up a lot of memory compared to other top AVs such as Avira and Kaspersky. I have used and tested Trend Micro since it was developed, and it is bloated like Norton was a few years ago. There are better choices.
     
  14. computer geek

    computer geek Registered Member

    Joined:
    Oct 6, 2007
    Posts:
    776
    agreed.
     
  15. Firefighter

    Firefighter Registered Member

    Joined:
    Oct 28, 2002
    Posts:
    1,670
    Location:
    Finland
    If he takes Canon, he isn't a PROFESSIONAL photographer. Today it is Nikon that rocks among Full Frame dSLR cameras, tomorrow after a couple of months it will be Sony (Minolta based) dSLR FF cameras that rocks. Because of body based image stabilization, Sony takes sharp pictures without a tripod with any lens available. :D

    Best regards,
    Firefighter!
     
  16. C.S.J

    C.S.J Massive Poster

    Joined:
    Oct 16, 2006
    Posts:
    5,029
    Location:
    this forum is biased!
    i keep my eyes on the prevx daily chart on their homepage, and trend does terrible.

    http://www.prevx.com/
     
  17. Threedog

    Threedog Registered Member

    Joined:
    Mar 20, 2005
    Posts:
    1,125
    Location:
    Nova Scotia, Canada
    Pretty bad when CA out preforms them.
     
  18. Sjoeii

    Sjoeii Registered Member

    Joined:
    Aug 26, 2006
    Posts:
    1,240
    Location:
    52?18'51.59"N + 4?56'32.13"O
    this chart tells me that Microsoft is doing not bad in comparison to the others
     
  19. jrmhng

    jrmhng Registered Member

    Joined:
    Nov 4, 2007
    Posts:
    1,268
    Location:
    Australia
    I'm guessing that this is because there is a corporate application for MS in security software (forefront). MS has never been hugely successful in consumer electronics (zune, xbox) but anything that has a corporate use is developed well (office, windows etc).
     
  20. Joliet Jake

    Joliet Jake Registered Member

    Joined:
    Mar 1, 2005
    Posts:
    911
    Location:
    Scotland
    Thanks to Firecat, CSJ and of the course The Inspector for illuminating posts. :thumb:
     
  21. C.S.J

    C.S.J Massive Poster

    Joined:
    Oct 16, 2006
    Posts:
    5,029
    Location:
    this forum is biased!
    your welcome jake,

    my posts are usually the entertaining ones :D
     
  22. Graystoke

    Graystoke Registered Member

    Joined:
    Aug 15, 2003
    Posts:
    1,506
    Location:
    The San Joaquin Valley, California

    I didn't experience any slow downs when TM 2008 was running. It's just that it took a lonnnnng time to load. I got tired of watching the little spinning icon do its thing every time I started up. That was my experience with it anyway.
     
  23. Valentin_Pletzer

    Valentin_Pletzer Registered Member

    Joined:
    Jun 19, 2007
    Posts:
    11
    Hi Paul and everyone else here,

    Andreas Marx sent me some answers on friday.

    1. One Mio. samples were used for the on-demand detection test. The samples had unique MD5 checksums but were not unique programs.

    2. There was no ad/spyware used.

    And here are some link Andreas sent me which probably backup his big sample numbers.

    http://news.zdnet.co.uk/security/0,1000000189,39292422,00.htm?r=1
    "The numbers are going through the roof," said Hypponen on Friday.
    "We're getting 17,000 samples [of malware] a day, and our database uses 30TB of hard-drive space. The job is getting harder and harder.
    Small companies will be overwhelmed unless they get really clever."

    And here is an interesting link from McAfee:
    http://www.avertlabs.com/research/blog/index.php/2008/01/25/many-facets-of-av-testing/

    Greetings,
    Valentin
     
  24. Bunkhouse Buck

    Bunkhouse Buck Registered Member

    Joined:
    May 29, 2007
    Posts:
    1,157
    Location:
    SinCity (aka Las Vegas)
    That was part of my point. A lonnnnnnnnng time to load is too long. Again, better choices exist. NOD32, and Avira load fast as hell and do not slow down your computer. Try em'-you'll like em'.
     
    Last edited: Jan 27, 2008
  25. BlueZannetti

    BlueZannetti Registered Member

    Joined:
    Oct 19, 2003
    Posts:
    6,590
    If I superimpose sample counts provided by AV-Test.org but appearing at Alex Eckelberry's Sunbelt blog with unique signatures in the Kaspersky database,

    KAV-AVOrgRevised.png

    they basically convey the same message. Scaling factors and apparent growth rates differ somewhat, but both are quite high and accelerating. Determining whether AV companies are losing ground is fraught with difficulty. However, if your examine detection trending behavior using the results of the www.av-comparatives.org for both the on-demand and retrospective tests:

    OnDemand.png
    Retrospective.png

    it doesn't appear that the battle is being lost as yet. Note - values shown are the average of two successive test results starting in 2004 and ending with the latest values published in 2007. The simple paired moving average scheme was used to emphasize longer term directional trends.

    From a user's perspective, I tend to focus on two points:
    • I download content from the Internet and am not about to rely exclusively on my own opinion as to whether a specific file is malware or not. I prefer to rely on the expert analysis system provided by a classical blacklist AV. I really don't see this changing in the near term even if smaller vendors start to find themselves overwhelmed by volume.
    • As a guard against the potential issue of being overwhelmed by volume, there's clearly a number of directions that a vendor and a user can go. On the vendor side, for example, Kaspersky has incorporated a proactive detection HIPS-like module while others have focused on a middle ground of heuristic detection. On the user side there are a number of competing strategies, but it's important to appreciate that if a truly overwhelming onslaught of malware appears on the horizon, it will swamp any signature based approach. Therefore, cascading this style of solution (e.g. AV + AS + AT, etc), which still remains a popular approach, is unlikely to directly address the real problem if/when malware volume overload occurs. Users do need to actively look beyond signature based schemes, and there are a number of options currently available (HIPS, virtualization/sandboxing, restriction policies, etc.). I tend to not recommend these alternate approaches as the sole option used because of the previous point.
    Blue
     
    Last edited: Jan 27, 2008
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.