Top Anti-virus fail miserably in basic security tests

Discussion in 'other anti-malware software' started by Mister X, Aug 27, 2015.

  1. Mister X

    Mister X Registered Member

    Joined:
    Aug 10, 2013
    Posts:
    1,770
    Location:
    Mexico
    Top Anti-virus like Avast, McAfee, Norton, Avira, Kaspersky and Bitdefender fail miserably in basic security tests.
    http://www.techworm.net/2015/08/top...ira-kaspersky-bitdefender-security-tests.html
     
  2. fax

    fax Registered Member

    Joined:
    May 30, 2005
    Posts:
    3,731
    Location:
    localhost
    Oh... Matousec tests are back with a different dress...they keep trying :D
     
  3. amarildojr

    amarildojr Registered Member

    Joined:
    Aug 8, 2013
    Posts:
    1,989
    Location:
    Brasil
    Is that a bad thing? :p
     
  4. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    8,046
    Location:
    The Netherlands
    I don't get it, can this test be found on Matousec's site?
     
  5. fax

    fax Registered Member

    Joined:
    May 30, 2005
    Posts:
    3,731
    Location:
    localhost
    No, I mean it used his test suite....
     
  6. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    4,953
    Location:
    USA
    Was the test sponsored by SpyShelter?
     
  7. oliverjia

    oliverjia Registered Member

    Joined:
    Jul 21, 2005
    Posts:
    1,517
    Obviously.
     
  8. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    4,953
    Location:
    USA
    It's strange to see Comodo do poor on this type of test.
     
  9. hjlbx

    hjlbx Guest

    The tester ran the SSTS64 utilities as Trusted !!!! So Comodo allowed the utilities to run without monitoring and alerts !!!!

    The whole Comodo test was not performed correctly... which goes to show that the tester did not understand precisely how file ratings affect Comodo Internet Security behavior !!!
     
  10. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    4,953
    Location:
    USA
    If I ever use Comodo again the first thing i'm going to do is remove all trusted digital certificates. There's a ridiculous number of them on Comodo's list. The chances of one of them being used by malware, or a government entity are fairly good.
     
  11. kinder2

    kinder2 Registered Member

    Joined:
    Aug 17, 2015
    Posts:
    51
  12. ichito

    ichito Registered Member

    Joined:
    Jan 14, 2011
    Posts:
    1,486
    Location:
    Poland - Cracow
    I don't think so...it's just a kind of software that is not based on signatures and test shows us the obvious true...even the best signatures and a lot of technolgies in AV/IS are sometimes just useless.

    It's matter of Comodo not tester...is it not true? :)
     
  13. hjlbx

    hjlbx Guest

    Tester needs to rate files as Unrecognized in order for test to be accurate; Comodo technicians updated Cloud and rated the utilities as Unrecognized.

    Tester made mistake...

    The Tester is ultimately responsible for making sure that the utilities were properly rated... same as any other AV test lab. His test is not accurate; it is misleading because he did not change the utility rating...
     
  14. ArchiveX

    ArchiveX Registered Member

    Joined:
    Apr 7, 2014
    Posts:
    1,016
  15. Yash Khan

    Yash Khan Registered Member

    Joined:
    Apr 4, 2011
    Posts:
    1,837
    So you mean as the utilities are harmless testing sample...it was treated as safe/whitelisted by Comodo, right?
    Now Comodo has changed the rating to unrecognized, right?

    So IMO Comodo didn't failed the test... Some security software vendor blacklist harmless testing utilities & some dont... And this case Comodo didn't blacklisted the harmless utilities.
    As now the utilities are rated unrecognized by Comodo... now would be correct to test CIS modules protection/effectiveness IMO.
     
  16. fax

    fax Registered Member

    Joined:
    May 30, 2005
    Posts:
    3,731
    Location:
    localhost
    If the tester used defaults it will indeed impact a number of products. E.g. ZA at install will have its HIPS module on learning mode and will not block a thing unless recognised as malware.

    This has been discussed before in here...you can indeed blame the software developer to choose install settings that are not safe... but also you should take this result with a bit of caution as they do not reflect the real capacity of the product tested.
     
    Last edited: Aug 28, 2015
  17. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    8,046
    Location:
    The Netherlands
    OK I see, so it's nothing new.
     
  18. fax

    fax Registered Member

    Joined:
    May 30, 2005
    Posts:
    3,731
    Location:
    localhost
    Yeap!
     
  19. Yash Khan

    Yash Khan Registered Member

    Joined:
    Apr 4, 2011
    Posts:
    1,837
    Its not about default CIS settings.
    Its simple...the utilities are harmless test samples & not actual malware. If a harmless sample is not blacklisted by security software vendor then nothing wrong with it...but if you test that harmless sample against that product then you have to test it correctly.

    If the sample was real malware & missed/whitelisted then you can question the product effectiveness, etc...
     
  20. hjlbx

    hjlbx Guest

    The default settings have nothing to do with it...

    Comodo Internet Security only protects the system against Unrecognized and Malicious files; it a file is rated as Trusted it will be allowed to run without restriction.

    The SSTS64 files were incorrectly run as Trusted - which generated erroneous results !

    So in the case of the test, the tester did not change the file rating from Trusted to Unrecognized; when executed as a Trusted file - CIS allowed it run - and it returned a "Fail" result. Had the tester properly changed the file ratings to Unrecognized, then CIS would have autosandboxed the utilities...

    That is how CIS works. The tester must not have known this fact...
     
  21. hjlbx

    hjlbx Guest

    @yesnoo - you are absolutely correct !

    Sanya got the Comodo techs to black-list all the SSTS64 utilities... (I would think permanently added to the non-malicious black-list\PUA).
     
  22. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    4,953
    Location:
    USA
    I suggest Comodo automatically classify any unrecognized file as not trusted in the future to avoid this. I think Comodo should have done this to begin with. Did Comodo fail to do this, or did the tester change the file rating from unrecognized to trusted? I think I am remembering the Comodo options correctly. Comodo is not part of my layered security.
     
  23. hjlbx

    hjlbx Guest

    Until recently, the SSTS64 utilities from Matousec\Stanford U have been rated as Trusted by Comodo Cloud for years. Evidently the tester did not know that such utilities must be rated as Unrecognized for the test results to be valid. In other words, the tester did not disable Comodo Cloud Lookup (FLS) and then change the file ratings from Trusted to Unrecognized in the local CIS File List.

    Regardless of whether Comodo rates the leak test utilities as Trusted or Unrecognized, it is up to any tester to verify file ratings of leak tests and the likes before running them. If they do not do this important verification then it shows a lack of understanding of how Comodo and leak testing works.

    Operator Error...
     
Loading...