Only 6 Real AV's !

http://www.kernelmode.info/forum/viewtopic.php?f=16&t=3226&sid=0f3d007bd2d897056e94fa9dfbfdaae9

 

I don't understand the arguments behind that statement.

 

Harsh statement but would partly agree with it. I have high regard for most of those Avs, and also some others. OTOH there are some Av's that detect everything unusual as some kind of Generic malware...

hqsec

 

What about AVG, Avira, Bitdefender, Emsisoft, Panda?

 

I agree^^^

i wouldn't give BD up for any of those,maybe... Kaspersky.

 

Then the Virus Total must consist of only this "G6".

 

I see 3 I would swap out with Bitdefender, 360 and Panda

 

With more than 50 av's on VT there are indeed quite a few that are not good, and some of them seem to have a FP on almost every file. But to say there are only 6 real AV's is way too harsh imo.

 

F-Secure is also missing.

nsm0220 coming to this thread to defend his trash in 3...2...1

 

Doesn't EP_XOFF know that the term "AV" is a marketing term and that in fact should be termed antimalware? Why is he making a differentiation between so-called AVs and antispywares when in todays context, the vendors listed no longer produce specialized products to detect only certain categories of malware? What next - anti-trojan and anti-worms?

Doesn't he know that VT uses the commandline scanners and not the full fledged products that consumer/enterprise use? By definition (check VT stance about using their service to compare AVs - it simply isn't the right methodology) , none of those can be called "real AVs".
https://www.virustotal.com/en/faq/

Even if we dismiss the above and are only going to focus on the engine part, how can he possibly not include vendors who create their own and have been in the industry for a long time?

EP_XOFF is clearly an expert and highly regarded as knowledgeable in his field. Unfortunately, in my personal opinion, this is one instance of "False Authority Syndrome".
https://vmyths.com/fas/

That being said, I do agree that certain AVs deserve more weight when you are trying to decide whether something is a positive/valid detection or false positive. Even then, sometimes the less popular ones might correctly detect something the bigger names fail to. After all, who was the first to detect Stuxnet? Did you mention VirusBlokAda?

 

So Microsoft is a real AV, but Bitdefender, Avira, and WSA (Webroot) are not lol What a joke! Maybe they thought it was April already.

 

Agreed. I don't use F-Secure these days, but it's absolutely real, and fantastic.

Also, apparently Immunet isn't real, therefore these detections in the last few hours on a machine here must be fake. (they are trojans, btw)

 

Just a thought: an AV could have high malware detection rates, but not be particularly useful for reverse engineers. Very strict heuristics could pick up malware without necessarily recognizing the family.

He is right at least as far as ClamAV is concerned though.

 

It can also be an issue when it comes to removal. Likely that's why lighter, more "genericistic" AVs like Avira or Eset (whose detection rates are excellent now) are/were poor at it, because they wouldn't classify the detected malware accurately enough to apply the "right" removal routine.

Correct me if it doesn't work that way.

 

I was thinking that if VT can provide us details with very good detection rate sorted by time. The antivirus able to detect more than 90% before others will be a good choice. We need to deduct false positive.

 

There was a website that uploaded malware to VT and showed statistics on real time about the detections. The problems is that the scanners on VT are simply the on demand version, so is not like the real time protection test that AVC does.

Does someone remember this website?

 

CRDF Threat Center

 

i'am not using any Av's from this List !!

i'am siting behind my Router (Fritzbox 3270)the only Security
Solution i have is my Brain.exe,an a couple of on Demand Tools
(Hitman Pro.Hitman Alert,Malwarebytes Antimalware Pro,and the
Windows 7 Firewall.For me all seems fine,no Problems since a long
Time.

 

Congratulations...

 

The criticism seems indeed more towards those who try to play catch-all using signatures than those who can accurately dissect samples.
Hence the mentioned Sophos example of detecting malware but as a different trojan than the Zeus sample it actually is.
Likely, an AV can't remove it properly, if it isn't detected properly.

 

When you scroll down and look at the overall stats -- "average, all the time," it's remarkable how that list stacks up.

MBAM kicks ass
McAfee is very surprisingly high
Trend and Symantec are surprisingly low

Interesting.

 

Wow, never saw ESET with such good results.

hqsec

 

Very Very useful information. Thanks. Do you know that there addon Blockulicious for chrome is any good if I am using Malware Domains list in adblock plus.

 

In my experience Eset has one of the best zero day detection, it is simple that good

 

Some personal, independant tests, and threat honeypots show MBAM scoring in the 97-98%+ range. Considering it's widely regarded as a supplemental product - that's awesome. I was unable to infect a honeypot with Mbam+Immunet+Appguard running, regardless of what I threw it, it, and how much I threw at it. For me, I consider that combination to be the epitomy of perfect/nearperfect protection. That's with Immunet3 Free - no Clam/Bit..

I've always held ESET in high regard. If I could find it for multiple machines cheap enough, I'd consider it. But as it stands - Mbam+Immunet alone is massive protection for most client machines I service, and I toss Appguard onto the high threat risk systems when needed. Can't lose IMO.