NOD32 is the Leader in 05/06 AV-Comparatives

webyourbusiness,

Perhaps the best way to assess this approach is that it doesn't really matter if the definitions are 3 months or 3 minutes out of date, if a piece of malware is not covered by an explicit signature, it is not covered by a signature. That's true regardless of the timing. The degree to which the signatures are out of date is immaterial.

The one thing this type of test does not quantify really well is responsiveness of the vendor to both specific and generic detection schemes, which does impact in-use performance, and I think everyone realizes that. All in all, I have a hard time coming up with a better approach towards quantifying a forward looking test and statistic designed to probe robustness in the detection of new-to-world threats.

In an informal sense, poor performance on this type of test can be mitigated by extremely rapid deployment of signature updates. By the same token, a low score on this test coupled with a lax update policy is certainly an unfortunate combination for any user.

Blue

 

I respectfully disagree - because along with signatures, comes module updates - which improve the software itself - more packers have been added to archives and improved heuristics have been added in the last three months. So - again - I say that to test ANY 3 month old solution against current threats is an invalid test - yes, all solutions are on the same invalid playing field, but it hardly makes the test any more valid - but this in IN MY OPINION.

cheers

Greg

ps - I agree with you on poor performance in this kind of test can mean poor solution - but as you said, it does nothing to point out how well any company does in their reactiveness to new threats, or threat classes. 3 month old heuristics are going to be "ok" - but not massively great - because they are constantly improved!

 

retrospective test are not of interest to me - they are fundamentally flawed in their ability to provide any meaningful data - in my opinion. It's like comparing an '90s car to the safety standards in 2006 - they are DIFFERENT standards for the most part - improvements have been made which make such "tests" of little/no value.

 

I must subscribe to your oppinion webyourbusiness.
And, btw you can test NOD32 even updating definitions. It's the only AV since which has the option to disable the definitions when scanning and thus you can test the heuristic engine even after an update.

 

2 simply facts:
- it is not possible to determine in real-time the pure proactive detection rate. e.g. because of missing samples etc. (what the results show, btw, is the proactive rate of the products of February, just read the report).
- due that, all new samples which are new to the product of february, are new samples (consider them to be released all at that moment in february if you want), and you can check how good a product is able to identify new malware without having released a signature for that malware.
As (so far) no time-machine exist which could bring us in future or in past, the is the only way to determine the pure proactive on-demand detection capability of the av products.
Those that do not care about proactive detection/security and prefer to wait undetermined time for signatures, can rely on the tests of February and August only.

 

But that is the point - How do the previous design fundamentals (that has in reality since been improved upon and updated) stand up against the current conditions? You don't go out and buy a new car 5, 6 or 7 times a week (assuming they incorporated new improvements to their production line that often) just because the design and technology is capable of being improved that often.

Cheers