shadowserver?

anyone looked further into the files that they test against?

And Also their methodology, I'd like to know.

What do the staff-experts on wilders know about it?

 

I am not sure there are that many experts- some members of this forum are likely as expert as it comes. That said, I have not seen any updates on the kind of files being used for analysis, or any other aspect of the empirical testing process.

I do know that whether Shadowserver tests are valid or not, Dr. Web is at the top of the list at the moment, which strongly conflicts with other AV tests. Therefore, we can conclude that something is wrong somewhere because the results are contradictory.

 

The samples coming from this source are very different to those coming of other sources (for example VirusTotal). So the results are contradictory.

But you should also look at the results in longer time span and also on 'retry'. The AV you mentioned is much down the slope...

 

When I look at yearly stats, Dr.Web is on 4th place. I don't think this is "down the slope".

Or are we talking about different things ?

 

I just think some of the experts would have found out more info, as it's their products being tested.

 

What is the basis of both comments, as I see nothing that confirms your first statement of the second.

 

Well if they are, they are not using their real names with a few exceptions. That means that my shill argument gets more substantiation. If they want to provide us with more info, they should have the integrity to use their real names and the firms they represent.

 

What I mean is, if it was 'my product' being tested, I'd want to know about the test.

It's a shame this info is not already available.

 

The fact that they ran at least one of the AVs in demo-mode, after their license had expired, gives some indication of their expertise. So I do not hold out much hope for a high level test-bed.

Further, Honeypots are well-known to contain a high proportion of corrupted samples.

 

First statement:
I simply have access to various sample sources. And shadowserver is sending very different samples.

Second statement:
http://www.shadowserver.org/wiki/pmwiki.php?n=Stats.Virus90-DayStats

See retry/summary.

 

By taking a look at the stats, I'm guessing that they use a thousand+ replicants of the same family of malware.