What gives MRG. Avira aced um

Ok, I have been a fan of MRG for quite awhile, and still am. But the flash tests results even started to raise my eyebrow with the results. All in fun I agree.

I just spent the last 40 minutes with Avira PE and Sandboxie visiting the entire first page over at Malware Domain List. I went through the entire first page and Aviras HTTP scanner caught every single one that ran, but 5 that IE9 Smart Screen Filter caught. IE9 is really cool.

But I have tried this with other products and most do well but miss one in about 8 or 9 tries. I literally did each one including all the fake AVS that some dude has posted. Some dont run but the bottom line nothing ever got through.

Avira just proved its weight in gold to me, just renewed my license for a year, as Sandboxie did to, and I now have a very hard time understanding Sveta how your tests seem to favor a certain 5 and kick to the curb the others. Because some of your top ones do not hold a candle to doing this at this site as you show.

Just calling the pitch as I see it. Doesnt matter, I still love MRG but Avira is still a beast. And for those who wonder about the worth of HTTP scanning, go do what I did and Avira proves that you cant live without it. Or Sandboxie.

 

One of those current top 5 was roughly middle of the pack in 2010 and 2011 is still young. I agree with you about HTTP scanning regardless of the Av choice. A couple of other products I was interested in are a little high in the FP count to make me comfortable right now, so I'll probably renew Avira for either my desktop or netbook at the end of May.

 

Hi trjam,

I cant pass opinion on Avira but MDL is not the greatest benchmark for assessing newly emerging malware detections and heres why-

By the time the malware is verified and URL's uploaded then time will have elapsed and once published to MDL the files are either picked up immediately by vendors or forwarded onto vendors by helpers.

This makes MDL probaly not the most suitable candidate for benchmarking new malware detection rates as it is commonly subscribed too(the same can be said for most public facing listing sites.)

The realistic benchmark is not gained from malware listing sites but from acquiring actual live infections on the fly>> Drivebys or infected machines acting as honeypots(updating components).

The files listed at MDL and other like sites are usually acquired by someone intentionally infecting their test enviroment and seeing what the malware servers are dishing up at that point in time.That point of delivery is when new malicious code is emerging 0 hour and that is when most people need protection from

I would be personally be surprised if MRG are using samples from public listing sites as for reasons stated above..they are always escalated quickly to vendors.

 

Ok, that may be. But would you not agree that my chances of actually getting hit by one are about as good as me winning the lottery.

I mean everyone is testing and posting their stuff all over the place. Maybe I need to just get me a few pretty girls and start my own website for testing.

The fact is, all can sway folks on how they choose a product and to me that is a half-truth. Honestly, I still look to AV-C for my testing results. I mean it is all meant to be taken in the context it was created. It is the sometimes bias creation that bothers me.

Anyway, good to hear from you fcukdat, you know I value your thoughts.

 

I could go through their resumes and conduct the in person interviews for you.

 

Like others said, sites like malwaredomainlist are not really useable for comparison testing, as the links are public, so vendors could check the site every hour/day and add detection for the samples.

 

well damn sam, that is where some of these so called testers state they get their malware.

 

There are many places: hxxp://www.kernelmode.info/forum/viewtopic.php?f=16&t=308

USE AT YOUR OWN RISK!

TH

 

malc0de.com, support.clean-mx.de/clean-mx/viruses
Excellent sites.

 

What kind of site is this?

 

Same kind as MDL

 

Live link to a malware site?

 

Its a link to the site. You have to go to search in order to get to the links. I've found that clean-MX.de is fresher than MDL and malc0de. All the links are good and aren't caught by DNS servers.

 

Its good that avira's http filter caught the links as I said earlier avira's main strength lies in its http filter and not in the scanning engine(still it is solid AV), trjam mind if you turn off you http filter and then try to punch the links, I am damn sure that many would not be working and if the link worked avira will fail to detect those programs

 

I can help checking the backgrounds if ya''ll dont mind

 

This is absolutely not true! Avira's strength is exactly in its core AV engine. Most of the time I've used it with the Web-guard turned off and it caught everything it would have caught with the Webguard on (saw the references of co-forum mmbers who tried it with Http scanning on), of course with the exception of blocking malicious pages or exploits themselves (the on-access scanner takes care of the payload). Let's take the personal edition - it doesn't have a Webguard at all but still is at the top concerning detection and also highly rated at the RAP test of VB.
Remember also what one of Immunet said here at Wilders - Avira may be the best coded AV.
Webguard also relies on signatures, though there are separate updates for it. It enhances the protection offered but it's complete nonsense to claim that without it Avira's real-time scanner is weak. This can be said only by someone that has not used the program enough.

 

Avira is the AV that catches the most malware for me too, when I test -admittedly amaterurish, of course -, and it does so before the malware is written to the hard drive, with the Webguard.

Norton, who seem to do very well in the Flash test, for example, rarely catches anything by signature detection, but blocks it upon execution (SONAR and/or unproven file insight).

In the end it probably doesn't matter how they stop it, as long as they do.

Still, I prefer detection before execution, not after, if I have to choose.

 

First thing I take every test with a pinch of salt, I don't trust 100% to any of the test taking place but I do enjoy reading the results and methods of testing. I never said that Avira being bad, its just that AV engine is not the main plus point. Infact what trjam said in earlier post of testing avira with some MDL links its the same way I too tried some months back when avira v10 was in BETA with some variations(fidgeting with some of settings). The page was blocked by avira but when you turn the web guard off the page is already dead.

Many user still do have some or the other issues with the web guard (I don't know that this issue exist or not but couple of months back avira's webguard blocked the official web site of Barclays Premier League(EPL))

This was a basic test, I have even mentioned in their BETA forums and also mailed my feedback the same through which they promptly replied also. And to make sure I tested avira for months during its BETA so I have a fair enough stint with it, all the claims that I have given are not biased but just have given my own experience

Yeah even I have read that thread here, It may be or may not I leave it to security gurus but I have my own suggestion

PEACE ​

 

Sorry if I've sounded a bit harsh, it's only software after all, but not according to official tests only (of course you can't make your judgment solely relying on them) but from my experience with the guard only, I don't think Webguard is the stressed strong point of Avira. It's their AV engine that's always been their strong spot.

 

I believe your correct. The engine is where it's at for Avira.

 

Thanks for posting that. I'm about to run some more tests later in the week and that helps a lot!

 

well the one thing I do know is, you can expect if you wish, for your product to come out with a new version, model, whatever, every year, but it really makes no sense. These arent cars where you expect a new model every year. Take Defensewall, it isnt refreshed with a new paint job every year, but Ilya makes improvements as needed. That is the way it should work. Heck, you can add new modules to a product whenever ready instead of waiting for the new fresh paint job.

For Avira, if it aint broke, why fix it. When they are ready to try something new then just do it. It doesnt have to be tied to the Mayan calendar.

 

I thought they got rid of the NAG screen for the free version, but it still is back upon reading from different websites. They should get rid of this massive block ad and maybe do something less annoying like after a scan or incorporate into the gui like avast. This will bring more users to Avira.

 

It's not back with every update. Only at specific times as noted in a info release.

 

They could do a little Feng Shui with the UI and leave the internals the same.