Studies on the efficiency of ISS or AV

Discussion in 'other anti-malware software' started by Jibse, Nov 17, 2012.

Thread Status:
Not open for further replies.
  1. Jibse

    Jibse Registered Member

    Joined:
    Feb 9, 2007
    Posts:
    54
    It’s difficult to make his judgments on AV or ISS (Internet security suites) from the tests of AV test companies, if you aren’t a computer scientist.

    Does it exist studies on the damages caused by malwares (crash, loss of data, thefts, etc.) according the AV or ISS software used (studies controlled, of course, by the behavior of the computer owner) ?

    Thanks
     
  2. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    Not sure exactly what you're asking for. Are you asking for how effective antiviruses are or something else?
     
  3. Jibse

    Jibse Registered Member

    Joined:
    Feb 9, 2007
    Posts:
    54
    Yes, how effective antiviruses are, but not based on tests, but on real studies.
     
  4. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    Real studies as in asking how many people would have died for disease XYZ when they were not vacinated with ABC?

    ** Flashback Botnet Infects Over Half A Million Macs **

    ** DocCrypt/Dorifel hits Dutch government and municipal organisations **
    Dorifel is also the reason for the launch of the new HitManPro Endpont security https://www.wilderssecurity.com/showpost.php?p=2137726&postcount=4804
     
  5. Jibse

    Jibse Registered Member

    Joined:
    Feb 9, 2007
    Posts:
    54
    No. Studies which allow to compare different AV.
     
  6. Sully

    Sully Registered Member

    Joined:
    Dec 23, 2005
    Posts:
    3,719
    Personally, I think thats going to be a difficult task.

    I say that because of user habits. A given AV being used by people doing the exact same thing could be compared. Being used by a million different people, each with different software installed like firewalls/scanners/hips/AE/etc would make it hard to know how the AV worked. That doesn't include whether UAC is on or off, whether users are LUA or Admin, nor the websites people visit. We could both use the same AV, and you might be infected a dozen times while I never even see an alert prompt come up.

    The only tests I have ever seen that, to me, had any value were independent labs that had a collection of older and 0day virii, and used these as a test bed. The AV ratings are simply based on what they detect at the time of test. You are always left to find out for yourself whether your chosen AV will detect tommorrows new variants.

    Sul.
     
  7. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    A study like this could focus on too many aspects.

    If you're looking for how easy it is to bypass an AV I can tell you that, with source code, I could do it in very little time. It's usually very simple, almost anyone could do it and bypass the majority of AVs just by copy/pasting code and with very very minor knowledge of programming and how function calls work. I've never actually tried though, actually - just going by guides I've read, which used very trivial methods (like encoding a string).

    But is that effectiveness? In the wild a fully up to date AV can catch quite a bit of what's actually out there just because by the time a user runs into it it's often in the database.

    You'd have to define effectiveness more strictly. Effective against what exactly? Targeted attacks? In the wild malware?
     
  8. Jibse

    Jibse Registered Member

    Joined:
    Feb 9, 2007
    Posts:
    54
    Yes, but statisticians know how to do.
     
Thread Status:
Not open for further replies.