PCSL Total Protection Test July 2010 Report

Discussion in 'other anti-virus software' started by pcslinfo, Aug 23, 2010.

Thread Status:
Not open for further replies.
  1. pcslinfo

    pcslinfo Registered Member

    Joined:
    Jul 18, 2008
    Posts:
    157
  2. Matthijs5nl

    Matthijs5nl Guest

    Rapport does support previously seen results:
    - impossible to make a final judgement on the neverending question: "Which one is the best?";
    - the "big names" are really close (except Trend Micro and Dr. WEB), if someone makes a decision to buy one of those big names it is most likely based on user experience and ease of use and system impact instead of pure detection numbers;
    - programs with multiple engines performing at the top: Emsisoft, G Data;
    - Panda really great in pure detection;
    - Sunbelt keeps it's good rising trend, really becoming one of the big guys;
    - despite negative feelings about the latest AVG versions it proofs in most of the tests it is still a great program;
    - the BitDefender engine is a great engine;
    - MSE the king of zero false positives (ESET coming in close, and a lot of the others are improving [Emsisoft, Panda, McAfee, BitDefender]).
     
    Last edited by a moderator: Aug 23, 2010
  3. eplose

    eplose Registered Member

    Joined:
    Sep 28, 2009
    Posts:
    51
    Were the products allowed to connect thier cloud? It wasn't clear if dynamic tests included internet connection.
     
  4. pcslinfo

    pcslinfo Registered Member

    Joined:
    Jul 18, 2008
    Posts:
    157
    in the first page, you can see network connection enabled:)
     
  5. pcslinfo

    pcslinfo Registered Member

    Joined:
    Jul 18, 2008
    Posts:
    157
    BTW, we have facebook community page, we can also discuss there:D

    Click to Facebook
     
  6. thanhtai2009

    thanhtai2009 Registered Member

    Joined:
    Feb 16, 2010
    Posts:
    205
    Location:
    Vietnam
    Kaspersky: low FP :D
     
  7. SweX

    SweX Registered Member

    Joined:
    Apr 21, 2007
    Posts:
    6,429
    Great testing as usual Jeff:thumb:

    And regarding the results, as Matthijs said above AVG keeps getting good results on these tests, and so did Panda.
     
  8. pcslinfo

    pcslinfo Registered Member

    Joined:
    Jul 18, 2008
    Posts:
    157
    Glad that you like the report, the report is supposed to release earlier due to the language checking and also the type setting.

    Hope the english is now more easy to read and understand:D
     
  9. Sputnik

    Sputnik Registered Member

    Joined:
    Feb 24, 2005
    Posts:
    1,198
    Location:
    Москва
    Thanks for the new report Jeffrey! Good work on the new layout.
     
  10. funkydude

    funkydude Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    6,852
    Nice MSE, coming in 9th out of 31 AV's putting so many paid-for AV's to shame once again. High detection 0 FPs, You know they're doing something right.

    It's a shame you didn't test any of the other free AV's only their paid-for suits (obviously understandable though since that's probably what people want to know). But I'm betting they would score higher than a lot of the other paid-for AV's also.

    I really don't see a point in paying these days.
     
    Last edited: Aug 23, 2010
  11. lordraiden

    lordraiden Registered Member

    Joined:
    Jan 30, 2006
    Posts:
    3,067
    Just a couple of questions about the dynamic test for Comodo.

    Could you explain the methodology?
    Was the malware not detected in the dynamic test able to infect the computer?
    Did you check that the malware in the sandbox was able to infect the computer after restart the pc?


    Seems that if the malware is not detected by the AV in the dynamic testing you declare malware able to bypass the security even if the malware is in the sandbox and it has not been able to infect the computer, if this is true I think that PCSL should re-think the meaning of dynamic testing like other testing groups have made. (real life test).

    It's a pity that Comodo 5 was not ready in July to see the behaviour cloud blocker and the cloud AV work.
     
    Last edited: Aug 23, 2010
  12. pcslinfo

    pcslinfo Registered Member

    Joined:
    Jul 18, 2008
    Posts:
    157
    For how to deal with sandbox in dyanmic testing, I have explained clearly to umesh@comodo who is in charge of comodo security part.

    The malware can bypass sandbox even if the client says the malware is quarantined or tells you needn't worry about it.

    None of the intelligent solution can block 100% of the malware.

    Nice Question, thank you for your consideration:)
     
  13. lordraiden

    lordraiden Registered Member

    Joined:
    Jan 30, 2006
    Posts:
    3,067
    Could you post the detailed explanation here please? or just pm me.

    EDIT:
    I found a malware that was able to do it's job (apparently) even in the sandbox, (you still have the chance to block it with the FW) but disapear, the computer remains clean after the pc is restarted. This is the kind of malware that was able to bypass the sandbox?

    Thanks
     
    Last edited: Aug 23, 2010
  14. pcslinfo

    pcslinfo Registered Member

    Joined:
    Jul 18, 2008
    Posts:
    157
    Here is ok. Some of the malware drops PE out of sandbox onto real machine. I have given this feedback to comodo and I think they will improve the sandbox function.:)
     
  15. clocks

    clocks Registered Member

    Joined:
    Aug 25, 2007
    Posts:
    2,559
    It would seem that most companies sandboxes still need some work.
     
  16. lordraiden

    lordraiden Registered Member

    Joined:
    Jan 30, 2006
    Posts:
    3,067
    Sorry but what exactly is PE?
    Does the malware remain active?
     
  17. Ibrad

    Ibrad Registered Member

    Joined:
    Dec 8, 2009
    Posts:
    1,949
    PE = Executable files such as .exe, .dll, .com, .cmd, (More are out there but those are just some examples)
     
  18. lordraiden

    lordraiden Registered Member

    Joined:
    Jan 30, 2006
    Posts:
    3,067
    Thanks for the explanation

    I still would like to know if this PE files remains active or not.
    Anyway Comodo should fix this, I hope that they will do it in the next RC
     
  19. AvinashR

    AvinashR Registered Member

    Joined:
    Dec 26, 2009
    Posts:
    2,060
    Location:
    New Delhi Metallo β-Lactamase 1
    No PE files do not remain active.. actually PE was used to rename all the extension of an executable files...
     
  20. lordraiden

    lordraiden Registered Member

    Joined:
    Jan 30, 2006
    Posts:
    3,067
    So if the sandbox left, with some malware, some PE files back I would not say that the computer is infected...
    IMO the methodology is not good enough, they should differenciate btw a real infection a non infected computer with PE and a clean computer.

    Every single AV left something behind when is trying to clean a malware and when the AV is able to disinfect the computer have been always consider ok.

    The AV disinfect the PC, the malware is never active again, but the AV usually leaves some PE files without clean. This is consider a valid clean computer in any test with malware. Why not now?


    A question for PCSL; In the next cleaning test will be only a valid clean when the AV do not left ANY PE file after try to clean the computer with the AV?

    At least for Comodo the static detection is over the average and the dynamic detection is the highest one.
     
    Last edited: Aug 23, 2010
  21. pcslinfo

    pcslinfo Registered Member

    Joined:
    Jul 18, 2008
    Posts:
    157
    For this part, I had clearly explained to comodo and got no dissent(please remember dropping PE is only one kind of malware behaviors). Please do not forget that we also have dynamic false positive test, where the sandbox function will also be tested. I had also provided some of my opintion about the sandbox to comodo, I think you can expect some improvement in their next RC:)
    Personally, I am glad you can provide me your suggestion on the methodology, thank you!
     
  22. lordraiden

    lordraiden Registered Member

    Joined:
    Jan 30, 2006
    Posts:
    3,067
    Like I said before I would like to see in the test differentiated when the malware have been able to make a real infection in the computer and and when the malware just drop some "inoffensive" files that usually appears in some of the windows temp folders that sometimes even software like CCleaner removes.

    Thanks for the effort, it's really a very interesting test.
     
    Last edited: Aug 23, 2010
  23. progress

    progress Guest

    A lot of FP for Avira and Emsi ... :doubt:

    Well done AVG and Panda :thumb:
     
  24. pcslinfo

    pcslinfo Registered Member

    Joined:
    Jul 18, 2008
    Posts:
    157
    I know your meaning, also I mentioned earlier, dropping PE is only one behavior of malware, sending private information, etc. And also, some malware can realive after rebooting, so judging a PC infected or not is complex work and I just give you an example that you may easily to understand:)

    Glad that you are interested in the test, we will keep up our job:D
     
  25. clocks

    clocks Registered Member

    Joined:
    Aug 25, 2007
    Posts:
    2,559

    Nice job. Thanks for the testing, and the feedback to the vendors.
     
Loading...
Thread Status:
Not open for further replies.