New test results, february, from VirusInfo

You can find them here
http://virusinfo.info/index.php?page=homeeng&langid=1

F-Secure is doing rather well.


Cheers

 

thank you
f-secure doing good now
long time i dont try f-secure
but maybe i will try it after av test on 10 march

 

i forget to say dr web doing good too & avira antivir doing good

 

I wonder on their tests, a big part of Antivir,s detection is by packers etc detection. More than any othet major AV.

 

I've to admit that I'm surprised, almost puzzled, by their low results with some products, namely : Nod32v2.

Well, I was considering switching to Dr.Web anyway, for other motives. Even though I, for one, am not one to switch more than 1 time per /2years, regarding security apps.

 

F-Secure surely went up alot this time.

As for packer detection, I think this is somewhat unfair. AntiVir reports TR/Crypted or HEUR/Crypted - others just report "suspicious" which counts as heuristic detection, even if its packer based. Maybe I should just rename the Avira reporting style? TR/ATRAPS.Gen is coming anyway...

 

I'm seeing a fair amount of Gemini detections on Virustotal.

I think so. I know that when Panda or eSafe report "suspicious" they're detecting the packer(s)

What does that mean?

 

drweb always does well on this test, how valid?..... aint too sure.

 

I assume he tested the old AVG & not version 8? Why doesn't he give versions?

It seems to me that Avast suffers greatly from its lack of heuristics. Further, as far as I know, they do NOT plan to add heuristics in the forthcoming version 5. Amazing & disappointing, if true. Do they lack the talent to develop heuristics, I wonder, or do they know something that the makers of AVs-with-heuristics do not know?

 

they still got A+ at av-comparatives, so they dont need them

 

Hi bellgamin! I think the only problem here is resources. All these things costs money n time.

BTW does AVG 8 has better heuristics than AVG 7.5?

 

F-secure did very well

 

doesn't virusinfo rely on results from virustotal? note that virustotal uses different settings for each product which is why some products score exceptionally good and some exceptionally bad. some vendors want their scanner on virustotal be configured to detect only few samples (e.g. without enabled heuristic) in order to get the missed samples, while other vendors have their product running their with special paranoid parameters to detect much.

 

Hmm. i did not know that, never to old to learn. But IBK, why would a vender prefer to find less, afraid for FP's perhaps?

Another thing is that samples sent to virustotal can contain all kinds of malware, not only virusses/trojans etc. but adware,spyware, dialers and even tracking-cookies etc. another thing is, how can they report False Positives then? What is the quality of the samples?

It would be better, that there was more background info on how (settings) and what (sort of samples) is tested and the details about how many samples , and test on False Positives.

av-comparatives has a good reputation, and gives good info about these details, others should do this as well.

A while ago i heared a antivirus company complaining that av-test.org
did not test on False Positives, with other words, if you made a program that would detect all files in your system as being malware you would be the highest in ranking.
Does anyone know if that is true or just noise from a company that was ranked to low with this test?

 

For example as IBK pointed out. I wonder what settings are used for Avast as it does quite well in the AV Comparatives, and yet doesn't do well here.

 

I have *heard*, from somewhere in THIS Wilders thread, that AVG version 8's emulator/heuristics are greatly improved. I myself haven't tried it yet.

VERRRRY interesting. I wish we knew which is paranoid & which is not.

However, "without enabled heuristics" doesn't apply to Avast -- they ain't got none.

Originally Posted by IBK
"some vendors want their scanner on virustotal be configured to detect only few samples (e.g. without enabled heuristic) in order to get the missed samples"

To wit --- those organizations that agree to participate in the tests are entitled to receive samples of the malware which was not detected by their AV. Miss-a-lot means get-a-lot.

 

imho, hard to believe there's such differences on detections between kav & f-secure.... about half the percentages!!!

and, compared with previous month... no way.

It seems to me testers are drinking a lot of vodka while working on tests

 

Nothing wrong with that. A product is pretty useless if it has a high FP rate. Some of the smaller players have high FPs even when they have a relatively smaller number of customers. Imagine what would happen if they had that many FPs and as many customers as say Symantec/McAfee.

 

Last time I checked you and a few experts were coming down pretty hard on IBK's methodology, therefore it seems rather interesting that you're assuming Avast! doesn't need heuristics based upon AV-Comparative's latest test.

On a lighter note I find it interesting that eTrust scored the same as F-Prot & NOD32 on detection.

 

Where does the "as far as I know" come from, exactly?

 

What

 

sarcastic comment elite

 

The 'normal distribution policy' is sending vendors samples that they don't detect and samples they detect by heuristics. Some vendors modify that distribution policy adding extra rules (like skipping samples detected only by certain other vendors, etc).

 

yes, i was trying to say that using virustotal for doing tests is a very bad idea due the different settings etc.. otherwise virustotal would distribute the huge interesting test reports to the public and not only internally.