VB100 Comparative Review – June 2017 https://www.virusbulletin.com/virusbulletin/2017/06/vb100-comparative-review Download PDF = https://www.virusbulletin.com/uploads/pdf/magazine/2017/201706-vb100-comparative.pdf ------------- VB100 results from 2017-06 (latest) on Windows 7 Professional, Windows 10 Professional Read the full review, or download it https://www.virusbulletin.com/uploads/pdf/magazine/2017/201706-vb100-comparative.pdf https://www.virusbulletin.com/testing/results/latest/vb100-antimalware
Yes, they've missed some samples. ESET is one with most consistent results on this test. IDK why they were not included in RAP tests.
In that chart, it did better than Avira, Avast, Kaspersky and Symantec, and was in equal top position with Bitdefender. There were a number of user dependent detections, but this does not count as missing them.
Re: Emsisoft: for uninitiated AV shoppers, these graphs might be a turn-off. I wonder if that was an unspoken factor in Emsi's decision to go AntiMalware. I see Microsoft didn't participate in this study.
I am trying to figure out why both Eset and Kaspersky didn't participate in RAP testing? Both always did do in past testing. This might explain part of it:
Reading the pdf, it states For the second ('Proactive') part of the RAP test, we freeze the product with their latest updates installed and then disable Internet access. After 10 days, we test the products using malware samples seen in the wild one to ten days after the product was frozen, thus after they had last received updates. So, it seems Emsisoft didn't have access to its Anti-Malware Network. Btw, let's not forget that Auto-resolve mode for the behavior blocker was released for the stable version on August 1, 2017.
It looks like the Behaviour Blocker from avg and the new cloud thing are quite effective in Avast/avg
As it seems, AV-Comparatives do Not see things the way you do and therefore, Emsisoft was ranked "One-But-Last". On the contrary, that 6.4% (User dependent) counted against Emsisoft according to the AV-Comparatives Testing Pattern and Ranking. Passing the Responsibility on the User counted against Emsisoft, because inexperienced users can easily get infected.
Because of this "penality" Emsisoft implemented auto-resolve mode for behavior blocker (default settings), so no more yellow bars, it will work similar to Kaspersky's System Watcher and Bitdefender's Advanced Threat Defense http://blog.emsisoft.com/2017/08/01...og-auto-resolve-mode-behavior-blocker-alerts/ Personally I dont care about this user dependency, but it makes sense for Emsisoft to do this change because while its protection is top notch (just 0,1 % compromissed) one can equivocally assume its protection is lacking.
Which translates into higher false positives in the other test to come, which translates into more people freaking out, this move with auto resolve is a two edged sword, if i remember correctly example people had to send crystal security to be whitelisted often which mean they seems not to remember certain whitelisted apps, this is just my 2cents worth I can see trouble times ahead.
The update for Emsisoft was rolled out this month (August) so you cannot expect improvements in the July results.
They'll always find someone else. Kaspersky, Avast, AVIRA are still putting up SDKs TBH, the reason the SDK model works is because of the effectiveness of the combined data of the users of all licensees - as well as samples coming in every hour from each licensee. Note that different licensees can use different cloud servers/providers and this means the SDK vendor gets access to a much larger database of suspect files. In short BD won't be as good as it is if it starts to stop or reduce it's SDK licensing. Once upon a time when Kaspersky had many, many products using it's engine, it was topping each and every comparative test, dubious or AMTSO certified. Now, it's licensee base has reduced - it's still good but doesn't reach the heights of the past.
I know there are more AV's with SDK's but taking into account how hard is getting the consumer market for AV companies they may agree not to license their SDK's for a few years to eliminate the competence. Kasperky still has a high presence in the enterprise market, only the companies with enterprise presence will be strong in the future for 2 reasons, money and data (malware/file samples), for example if sophos places their XG firewall or UTM product in a company with 10K users it will be feed by the navigation "data" of all those users, simply using 1 device, the the company can decide to use sophos or anything else in the endpoint. The consumer market will be swallowed by free solutions starting with Windows Defender, and companies focused in consumer market will mostly survive by selling anonymize data and if they have a huge user base. I think the security market will suffer a lot of consolidations in the coming years, in particular after the actual bubble. Although is also important to consider how AI, automation and collaboration (VT) has lower down the OPEX of these companies.
