Test of AV's for the detection of contemporary polymorphous viruses

Probably NOT. Even worse than a shill is unsupported FUD.

 

Your fear, uncertainty, and doubt. And, you don't need to shout.

I am telling people here the emperor has no clothes-and many can't handle it psychologically. True believers in a lot of the garbage that passes to the uncritical thinkers as something sagacious.

 

If you think that the Wilders Mods are incapable of dealing with shills & spam, then you should report it. That's what the exclamation mark in the upper right corner of a post is for. Otherwise, why demean an excellent forum with unsupported slurs and dire hints?

Yes, there are members here who work for security software companies, or who test security software, or who moderate threads or forums for security software. They are well known to us. They are highly respected members. NOT shills!

 

You and the moderators cannot possibly know all the players. My view is that you and several others, provide most of the assertions. Don't worry though, this place is a paranoia pit, and I have simply studied it for a year as a way to find humor and relieve stress!

 

the mods will never know if anyone works for an av, if the user does not want them to know.

a forum has always standard users, fanboys, staff, mods and admins, that is... what makes it a good forum

 

Thanks for posting the test results, Tommy.

I was pleased to see avast do so well. All the tables and figures made avast appear as if it would end up with a higher rating than a Silver Award and 25 points, but I guess it was that "low" score of 93.81% with the Allaple.4 family in Table 1 that dragged it down overall.

 

I am not ready to go so far as to call anyone a shill. Its more like they are overly excited about their choice of product. Its really such a waste.

There could be a lot of fruitful discussion here dealing with AV problems/bugs and testing methodology. Too bad so much of that is getting lost in the noise.

There was one very important comment here about the polymorphic virus sample sets being used by the various testers. That is the kind of stuff we need to know. Anyone can read the charts.

 

I concur.

I fully rely on tests (and IME)

 

@BrianN: err, maybe you should get your facts straight about the tested viruses first, before comparing them to DOS viruses. Those are very recent. Virut has made the Top10 in virustotal multiple times during the last 3 months with more than 30 different variants, the same goes for Allaple. The very first variant of Almanahe appeared in the 2nd quarter of last year, Twido (or Tvido) first appeared in November last year.

While this test of course has its limits due to the small amount of different variants/families (and probably the lack of verification whether the replicated samples are still running properly), it is not fitting to compare it to testing detection of DOS viruses.

 

Gee, somebody with some sanity, and a clear unclouded perspective. And having made millions with computers (not bragging just a fact), I cut people a new asshole when I see posts that are clearly nonsensical and promotional in nature. If certain industry interests cannot take my heat, get out of the kitchen. If your products work as well as advertised, they will hold up to empirical testing and anecdotal user experience. Many do not on both levels, yet we see endless promulgation of mediocre (at best) AVs.

 

As a complete novice in relation to virus testing one thing puzzles me about this report. It states that a polymorphic virus cannot be detected by conventional signature tests and I would therefore have assumed that heuristics would have played a major part. However NOD32, which has one of the strongest heuristics, comes out worse than Kaspersky v7 which is definitely weaker in that area.
Can one of the experts advise where I have gone wrong.
Quick edit - I assume the dates given are incorrect

 

Some Polymorphic Viruses using EPO; means that a emulator prolly never reaches that point where the virus gets activated. That means you have to write dedicated detection functions for some of the viruses. And besides that, most of the heuristic is trimmed to deal with the mass stuff, such as trojans etc.

 

I'm not surprised. By the nature of their work, shills have a vested interest in making sure they're the loudest (and even more preferably, only) huckster on the scene.

 

Agreed. And just who around here is behaving in such manner? No one. If someone does try to behave in such manner, all that anyone needs to do is press the exclamation button.

However, this forum is pretty much self-policing. In those rare cases when some bloke tried *shilly* schtuff (I love puns), the other posters quickly shot him down in flames.

Anyway, Solcroft, I hope your return means that your ISP has got you up and running again.

Can someone please explain what is meaning of "EPO"?

 

Entry Point Obscuring/Obfuscating

 

Thanks Lucas. Oh my, that is really spooky stuff! A fascinating bunch of articles.

 

You're welcome

 

I'm accessing the net at uni, actually, where network policy is rather uppity about downloading executables, among other things. Thanks for the wishes though.

 

Now available official english version of this test on Anti-malware Test Lab official site:
http://www.anti-malware-test.com/?q=taxonomy/term/20

In the future we will try post immediately russian and english version.

 

One more achievement for Avira

 

Can you include some others like f-prot and ikarus? Also how about that false alarm test?

 

hmm, its not coming next

packer support and keyloggers test are next.

 

Tx Chris. Do you have a date for the p. s. n k. test? Sounds interresting.

 

nope, sorry... i dont.

they are in-progress though.

hope i aint breaking any barriers here, i apologize if i am

---

but, i too would like to see the 'dreaded false alarm test', because i have not seen them do one yet, and i HAVE seen a packer support one.

so, i suggest everyone go to Anti-Malware Test Lab and vote for the False Alarm test

 

An anticipated failure, I'd say.