NOD32 and AntiVirusKit? Look at Anti-Virus Comparative test.

Discussion in 'other anti-virus software' started by FoxesHunter, Mar 3, 2006.

Thread Status:
Not open for further replies.
  1. trojan

    trojan Registered Member

    Joined:
    Aug 22, 2005
    Posts:
    123
    Location:
    london

    And that stops it being tested how so? i dont see beta on my 6.0.0.299 copy maybe i missed it lol.
    And the tests on av-comparitives i guess are very limited as its not real time but only scantime, put all the samples in a cab archive and most of the avs will detect nothing until run. So its about as usefull as virustotal differnt services yes but both lacking in real time scanning. av comparatives needs to run some of these samples and start testing in real time will take more effot on thier part i know but would make the tests more like real life situations, ie scan time is so easy to defeat its real time that we need to test and know how secure that is.
     
    Last edited: Apr 24, 2006
  2. BlueZannetti

    BlueZannetti Registered Member

    Joined:
    Oct 19, 2003
    Posts:
    6,590
    It doesn't stop it from being tested, but it's not a commercial product yet, and therefore can't be purchased. Tests should have some degree of longevity, why not use what a user can actually buy so they can use the data in coming to a decision?

    In this case, exactly what are you expecting to see? Perhaps seeing KAV detection jump a whopping 0.05% to 99.82%? Does that really provide you with information you don't have today? I didn't think so.

    The simple fact of the matter is that many of the improvements in the 6.0 branch will not be directly probed by these types of tests anyway. They don't probe the Proactive Detection module, application control, the Web AV and so on.

    However, casually suggesting someone head off and start doing these tests in realtime like it was another straightforward scan-like undertaking suggests you really don't appreciate the scope of that undertaking at all. The simple scanning tests are involved enough if done well. I agree that it would be very nice to have objective and comprehensive realtime data, I just don't think that kind of test result is around the corner.

    Blue
     
  3. trojan

    trojan Registered Member

    Joined:
    Aug 22, 2005
    Posts:
    123
    Location:
    london

    "you really don't appreciate the scope of that undertaking at all" oh yes i do what a silly comment !!! the simple fact is proactive defence makes a big differnce!!. Its real life tests that help me to decide not tests like av-comparitves that have no real value in a real life situation. If your saying av comparatives helps ppl make choices in what software they buy that does shock me, that ppl would not investgate for themselves rather than make choices based on such a primitive test. If you read my post properly you will see i said run "some" of the samples in real time notice the word "some" indicating that testing them all would be a large undertaking but obviously i dont understand the concept of that do i. The plan and simple fact is that the test results are misleading and don't account for proactive defence so are not much better than useless!!!!
    unless real time and proactive are tested. How can 6.0 score any higher than 5.0 you sarcasticly say a whopping 0.05 % how would thier be any differnce at all between 5.0 and 6.0 if realtime and proactive are not tested the results would be exactly the same unless 6.0 has extra unpacking engines and the malware is packed, to be quite honest i would of exspected more from some1 that posts so oftern as you do im thinking maybe you dont write your posts and they are infact pre written templates lol look foward to your next copy and paste
     
    Last edited: Apr 24, 2006
  4. Detox

    Detox Retired Moderator

    Joined:
    Feb 9, 2002
    Posts:
    8,507
    Location:
    Texas, USA
    I don't think there are any valid reasons to begin with personal attacks, no matter how much you might agree or disagree with another poster's remarks. Let's stick to the topic at hand.
     
  5. Detox

    Detox Retired Moderator

    Joined:
    Feb 9, 2002
    Posts:
    8,507
    Location:
    Texas, USA
    One post removed - discussion (regarding individual posters) is over.
     
  6. BlueZannetti

    BlueZannetti Registered Member

    Joined:
    Oct 19, 2003
    Posts:
    6,590
    trojan,

    What I was getting at is that a true realtime test needs whole applications to be executed. You can't do a partial fragment, it has to be the whole working package. Assuming equivalent settings, a file scan based test will behave as an on-access realtime monitor, so that takes care of most of the dataset. However, look at the most recent av-comparatives.org result for KAV 5.0. That still leaves roughly a thousand files to go through, test, and validate and you really have to do that across the AV test set, and many of those have more than a 1000 missed. I stand by my statement, you haven't seriously assessed the scope of the project.
    Are you certain of that? Yes, it makes a difference. However, let's take KAV for a moment. The detection rate is running at 99.77%. It can only go to 100%, unless you're willing to count false positives in the count. The incremental enhancement globally is small, but yes could be important for new threats. I say "could be" since that is a moving target as signatures are added.
    I say this particular test has fairly significant value. We clearly differ in outlook.
    Why should it shock you, I've stated as much here many times. The fact of the matter is, the av-comparatives test provides a reasonably objective and comprehensive performance metric for potential customers. A customer can assess the impact of a product on the responsiveness of their system and their impression of the GUI. If they want to engage in risky behavior, they can even do some personal testing. However, most users don't go that last step, and for good reason.
    If you take a partial subset, it is easy to be subject to the statistics of small populations, which are notoriously noisy.
    I was speaking of the samples not detected by signature at the time of the test. In other words, how much will KAV 6.0 increase above the base of 99.77% because of the proactive defense module? I have no idea. I pulled 0.05% out of thin air. But I can say with absolute assurance, it will be 0.23% or less. In light of that, 0.05% is as good as any guessed value.

    Finally, you should relax a bit. Really. The conversation goes much better that way.

    Cheers,

    Blue
     
  7. Notok

    Notok Registered Member

    Joined:
    May 28, 2004
    Posts:
    2,969
    Location:
    Portland, OR (USA)
    You also can't *really* test the effectiveness of the behavior blocking aspects in real-world situations. You can have an .exe and script blocker to stop every piece of malware out there, but if everyone is just allowing it, how do you rate it's effectiveness? Knowing that what you are executing is malware is very different than encountering it in a real-world situation, and the effectiveness relies entirely on the user.

    It quite often takes months to do on-demand tests, I can't imagine how long it would take to actually run thousands and thousands of samples (which it would take to have any level of accuracy) over 10-20 different programs. It's certainly not a task I would enjoy, and by the time it was done the results would be obsolete (the on-demand tests are bad enough about that). I don't think there's anyone here that wouldn't like to see those kinds of tests, I just don't see it happening in any way that could be considered reliable.
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.