New test results, february, from VirusInfo

Discussion in 'other anti-virus software' started by JasSolo, Mar 9, 2008.

Thread Status:
Not open for further replies.
  1. JasSolo

    JasSolo Registered Member

    Joined:
    May 9, 2007
    Posts:
    414
    Location:
    Denmark
  2. xandros

    xandros Registered Member

    Joined:
    Oct 30, 2006
    Posts:
    411
    thank you
    f-secure doing good now
    long time i dont try f-secure
    but maybe i will try it after av test on 10 march
     
  3. xandros

    xandros Registered Member

    Joined:
    Oct 30, 2006
    Posts:
    411
    i forget to say dr web doing good too & avira antivir doing good
     
  4. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    I wonder on their tests, a big part of Antivir,s detection is by packers etc detection. More than any othet major AV.
     
  5. InVitroVeritas

    InVitroVeritas Registered Member

    Joined:
    Mar 5, 2008
    Posts:
    64
    I've to admit that I'm surprised, almost puzzled, by their low results with some products, namely : Nod32v2. :blink:

    Well, I was considering switching to Dr.Web anyway, for other motives. Even though I, for one, am not one to switch more than 1 time per /2years, regarding security apps.
     
  6. Stefan Kurtzhals

    Stefan Kurtzhals AV Expert

    Joined:
    Sep 30, 2003
    Posts:
    701
    F-Secure surely went up alot this time.

    As for packer detection, I think this is somewhat unfair. AntiVir reports TR/Crypted or HEUR/Crypted - others just report "suspicious" which counts as heuristic detection, even if its packer based. Maybe I should just rename the Avira reporting style? TR/ATRAPS.Gen is coming anyway... :rolleyes:
     
  7. lucas1985

    lucas1985 Retired Moderator

    Joined:
    Nov 9, 2006
    Posts:
    4,047
    Location:
    France, May 1968
    I'm seeing a fair amount of Gemini detections on Virustotal.
    I think so. I know that when Panda or eSafe report "suspicious" they're detecting the packer(s)
    What does that mean?
     
  8. C.S.J

    C.S.J Massive Poster

    Joined:
    Oct 16, 2006
    Posts:
    5,029
    Location:
    this forum is biased!
    drweb always does well on this test, how valid?..... aint too sure.
     
  9. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    5,648
    Location:
    Hawaii
    I assume he tested the old AVG & not version 8? Why doesn't he give versions?

    It seems to me that Avast suffers greatly from its lack of heuristics. Further, as far as I know, they do NOT plan to add heuristics in the forthcoming version 5. Amazing & disappointing, if true. Do they lack the talent to develop heuristics, I wonder, or do they know something that the makers of AVs-with-heuristics do not know?
     
  10. C.S.J

    C.S.J Massive Poster

    Joined:
    Oct 16, 2006
    Posts:
    5,029
    Location:
    this forum is biased!
    they still got A+ at av-comparatives, so they dont need them :rolleyes:
     
  11. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    Hi bellgamin! I think the only problem here is resources. All these things costs money n time.

    BTW does AVG 8 has better heuristics than AVG 7.5?
     
  12. s4u

    s4u Registered Member

    Joined:
    Oct 24, 2007
    Posts:
    441
    F-secure did very well
     
  13. IBK

    IBK AV Expert

    Joined:
    Dec 22, 2003
    Posts:
    1,818
    Location:
    Innsbruck (Austria)
    doesn't virusinfo rely on results from virustotal? note that virustotal uses different settings for each product which is why some products score exceptionally good and some exceptionally bad. some vendors want their scanner on virustotal be configured to detect only few samples (e.g. without enabled heuristic) in order to get the missed samples, while other vendors have their product running their with special paranoid parameters to detect much.
     
  14. Joe_Jones

    Joe_Jones Registered Member

    Joined:
    Aug 31, 2007
    Posts:
    41
    Hmm. i did not know that, never to old to learn. But IBK, why would a vender prefer to find less, afraid for FP's perhaps?

    Another thing is that samples sent to virustotal can contain all kinds of malware, not only virusses/trojans etc. but adware,spyware, dialers and even tracking-cookies etc. another thing is, how can they report False Positives then? What is the quality of the samples?

    It would be better, that there was more background info on how (settings) and what (sort of samples) is tested and the details about how many samples , and test on False Positives.

    av-comparatives has a good reputation, and gives good info about these details, others should do this as well.

    A while ago i heared a antivirus company complaining that av-test.org
    did not test on False Positives, with other words, if you made a program that would detect all files in your system as being malware you would be the highest in ranking.
    Does anyone know if that is true or just noise from a company that was ranked to low with this test?
     
  15. Wordward

    Wordward Former Poster

    Joined:
    Jan 12, 2007
    Posts:
    707
    For example as IBK pointed out. I wonder what settings are used for Avast as it does quite well in the AV Comparatives, and yet doesn't do well here.
     
  16. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    5,648
    Location:
    Hawaii
    I have *heard*, from somewhere in THIS Wilders thread, that AVG version 8's emulator/heuristics are greatly improved. I myself haven't tried it yet.

    VERRRRY interesting. I wish we knew which is paranoid & which is not.

    However, "without enabled heuristics" doesn't apply to Avast -- they ain't got none. o_O

    Originally Posted by IBK
    "some vendors want their scanner on virustotal be configured to detect only few samples (e.g. without enabled heuristic) in order to get the missed samples"

    To wit --- those organizations that agree to participate in the tests are entitled to receive samples of the malware which was not detected by their AV. Miss-a-lot means get-a-lot.
     
    Last edited: Mar 9, 2008
  17. Macstorm

    Macstorm Registered Member

    Joined:
    Mar 7, 2005
    Posts:
    2,531
    Location:
    Sneffels volcano
    imho, hard to believe there's such differences on detections between kav & f-secure.... about half the percentages!!! o_O

    and, compared with previous month... no way.

    It seems to me testers are drinking a lot of vodka while working on tests :D
     
  18. Zombini

    Zombini Registered Member

    Joined:
    Jul 11, 2006
    Posts:
    469
    Nothing wrong with that. A product is pretty useless if it has a high FP rate. Some of the smaller players have high FPs even when they have a relatively smaller number of customers. Imagine what would happen if they had that many FPs and as many customers as say Symantec/McAfee.
     
  19. EliteKiller

    EliteKiller Registered Member

    Joined:
    Jan 18, 2007
    Posts:
    1,138
    Location:
    TX
    Last time I checked you and a few experts were coming down pretty hard on IBK's methodology, therefore it seems rather interesting that you're assuming Avast! doesn't need heuristics based upon AV-Comparative's latest test. o_O

    On a lighter note I find it interesting that eTrust scored the same as F-Prot & NOD32 on detection. ;)
     
    Last edited: Mar 10, 2008
  20. vlk

    vlk AV Expert

    Joined:
    Dec 26, 2002
    Posts:
    618
    Where does the "as far as I know" come from, exactly? o_O
     
  21. EraserHW

    EraserHW Malware Expert

    Joined:
    Oct 19, 2005
    Posts:
    588
    Location:
    Italy
    :D :D
     
  22. JasSolo

    JasSolo Registered Member

    Joined:
    May 9, 2007
    Posts:
    414
    Location:
    Denmark
    o_OWhato_Oo_O
     
  23. C.S.J

    C.S.J Massive Poster

    Joined:
    Oct 16, 2006
    Posts:
    5,029
    Location:
    this forum is biased!
    sarcastic comment elite ;)
     
  24. DjMaligno

    DjMaligno Hispasec/VirusTotal

    Joined:
    Feb 22, 2005
    Posts:
    63
    Location:
    Spain
    The 'normal distribution policy' is sending vendors samples that they don't detect and samples they detect by heuristics. Some vendors modify that distribution policy adding extra rules (like skipping samples detected only by certain other vendors, etc).
     
  25. IBK

    IBK AV Expert

    Joined:
    Dec 22, 2003
    Posts:
    1,818
    Location:
    Innsbruck (Austria)
    yes, i was trying to say that using virustotal for doing tests is a very bad idea due the different settings etc.. otherwise virustotal would distribute the huge interesting test reports to the public and not only internally.
     
Loading...
Thread Status:
Not open for further replies.