new results from AV-Test.org (Q1/2008)

IMHO, not at all. The figures you gathered are in %. Given a constant value of the percentage of found virii through time basically means that the absolute value of missed malware samples increases with time. With the acceleration of the creation of new malicious code, the expansion of this gap also accelerates...

We can see on your graph that for some antivirus, the detection percentage increases over time... But does it increase as fast as the creation of new malware code? I personnaly don't think so...

 

Maybe you should read his coments again.: From a user's perspective, I tend to focus on two points:

He sums up pretty well what a user needs to do.

 

It's actually a lot more complicated than that.

You're correct that as the absolute number of circulating malware samples increases, at a fix percent detected, the absolute size of the pool of "undetected" samples increases. To put some numbers around that, with 99% detection and a total pool of 1 million malware samples, that would be 10,000 "undetected" samples with linear scaling for larger or smaller pools. If it were 5 million samples, that's 50,000 "undetected" samples. Yes, those are large numbers of files.

However, how do you get infected? You either decide to execute some malware or you have your system configured so that some series of steps that you execute allow the malware to be executed.

That increasing pool of malware is embedded in an enlarging pool of valid content - and both are very rapidly increasing in size, so it's not clear that actual probabilities that you'll sample the malware has increased. If valid content were growing faster than malware content, it would actually have a dilutive effect. Let's take the cases mentioned above. If the 1 million sample/10,000 undetected case existed in a content world populated 100 million items, you have a 0.01% chance of picking a piece of malware at random. If the 5 million/50,000 case existed in a content world populated with 5 billion items, the probability of randomly sampling one of those 50,000 "undetected" samples has actually dropped by an order of magnitude to 0.001%. That's with random sampling. In the real world these numbers are biased according to your personal usage profile/style. I really don't know how it balances out overall, but my point is that you really can't casually look at absolute numbers.

Now, it's clear that some distribution channels are currently preferred for malware (P2P, free offering (legitimate as well as illegal cracked sources), etc.), and probabilities for exposure could be rather high in those domains and they could be genuinely increasing (as could the "typical" domain). Operationally, this is a self-correcting situation.

However, that really doesn't change my two primary points.

Blue

 

Isnt that what I just said.

 

I believe so. I just put some numbers around it.

Blue

 

I've used both Avira and NOD32. I liked one, but had some problems with it. I didn't like the other. I'm using KIS 7 now with no slow downs.

 

KIS works well if you don't mind it placing object identifiers that permeate your hard drive from their iSwift technology. I mind it a lot- so I would never use Kaspersky.

 

This technology will be gone with the new v8 so maybe time for some new perspectives?

 

Perspectives change when the reason for them changes and that has not happened yet. When Version8 fixes the issue, we may have a new rationale.

 

Isn't Kaspersky v8 still supposed to have the object identifiers, only reprogrammed so that they do not interfere with chkdsk?

 

I woulnd't put that past Eugene.

 

Definitely agreed. Trend is one of the slowest of the lot after McAfee.

 

Definitely not. At least for me.
Used v. 6 + 7 for a yr. and a half.
After the chkdsk problems then a reformat, even if they make the best product in the world, kis will never see the likes of any computer I own..ever!

 

I don't know, but if that's the case, my "perspective" will stay the same (I won't use the friggin' program).

 

This is so true (blue)

Let me illustrate my evolution of securing my son's PC

a) AV
b) AS
c) Thrown in a outbound FW
d) skip the AS and replace by HIPS


Now the best measure security measure I took was
e) Stop backing up his data drive, so he loses his homework when he willingly allows a cracked program to install
f) Replaced HIPS by behavior blocker (PRSC auto quarantaine)


Result: no PC crashes since a year, most dominating factor = THE USER!

 

Terrific idea, LOL

 

If I'm correct then AVK 2008 uses both the Kaspersky and Avast engine, if this is correct then why does AVK have a "poor" rating on rootkit detection, while both Kaspersky and Avast have a "good" rating on detecting rootkits??

 

Active rootkit detection and removal depends on the effectiveness and strength of the AV drivers of the individual program as well as the engine and database used. So the most likely answer here would be that AVK's drivers aren't quite as good as KAV's.

 

Hi again,

Very interesting! And very true. I didn't finish my reasoning and ended up wrong.
We might then be in a paradoxical world where safe user are safer and not so safe user less safer...

so this clever remark:

Nevertheless, to come back to numbers and figures, all you said Blue is acceptable as long as you don't receive any malware : the overall probability to get hit may decrease over time, due to this diluting factor. As soon as you get hit, i.e., any given malware has a chance to challenge your antivirus,... well, that's a totally different story.

BTW, when I finished my previous post ad re-read your post, I realized how close conclusions might be. And I was too lazy to edit and soften my post.

Thanks for sharing your thougts

 

This is a very good point and should be almost stickied somewhere.

People tend to compare AVs purely by engine basis most of the times, thinking "so, it uses engine from X, so it must be 100% equal". Apparently not so.

 

Active rootkits are not gonna be a problem anymore when avast! 4.8 is released mwahahaha

 

Famous last words.

 

Time will tell.....

 

Man, I take a break from this site, and like clockwork--another AV-Test.org test to break everyone into hives.

Doesn't this happen every year or so?