What gives MRG. Avira aced um

Discussion in 'other anti-virus software' started by trjam, Mar 14, 2011.

Thread Status:
Not open for further replies.
  1. trjam

    trjam Registered Member

    Joined:
    Aug 18, 2006
    Posts:
    9,057
    Location:
    North Carolina
    Ok, I have been a fan of MRG for quite awhile, and still am. But the flash tests results even started to raise my eyebrow with the results. All in fun I agree.

    I just spent the last 40 minutes with Avira PE and Sandboxie visiting the entire first page over at Malware Domain List. I went through the entire first page and Aviras HTTP scanner caught every single one that ran, but 5 that IE9 Smart Screen Filter caught. IE9 is really cool.

    But I have tried this with other products and most do well but miss one in about 8 or 9 tries. I literally did each one including all the fake AVS that some dude has posted. Some dont run but the bottom line nothing ever got through.

    Avira just proved its weight in gold to me, just renewed my license for a year, as Sandboxie did to, and I now have a very hard time understanding Sveta how your tests seem to favor a certain 5 and kick to the curb the others. Because some of your top ones do not hold a candle to doing this at this site as you show.

    Just calling the pitch as I see it. Doesnt matter, I still love MRG but Avira is still a beast. And for those who wonder about the worth of HTTP scanning, go do what I did and Avira proves that you cant live without it. Or Sandboxie.:D
     
  2. The Hammer

    The Hammer Registered Member

    Joined:
    May 12, 2005
    Posts:
    5,619
    Location:
    Toronto Canada
    One of those current top 5 was roughly middle of the pack in 2010 and 2011 is still young. I agree with you about HTTP scanning regardless of the Av choice. A couple of other products I was interested in are a little high in the FP count to make me comfortable right now, so I'll probably renew Avira for either my desktop or netbook at the end of May.
     
    Last edited: Mar 14, 2011
  3. fcukdat

    fcukdat Registered Member

    Joined:
    Feb 20, 2005
    Posts:
    569
    Location:
    England,UK
    Hi trjam,

    I cant pass opinion on Avira but MDL is not the greatest benchmark for assessing newly emerging malware detections and heres why-

    By the time the malware is verified and URL's uploaded then time will have elapsed and once published to MDL the files are either picked up immediately by vendors or forwarded onto vendors by helpers.

    This makes MDL probaly not the most suitable candidate for benchmarking new malware detection rates as it is commonly subscribed too(the same can be said for most public facing listing sites.)

    The realistic benchmark is not gained from malware listing sites but from acquiring actual live infections on the fly>> Drivebys or infected machines acting as honeypots(updating components).

    The files listed at MDL and other like sites are usually acquired by someone intentionally infecting their test enviroment and seeing what the malware servers are dishing up at that point in time.That point of delivery is when new malicious code is emerging 0 hour and that is when most people need protection from:thumb:

    I would be personally be surprised if MRG are using samples from public listing sites as for reasons stated above..they are always escalated quickly to vendors.
     
  4. trjam

    trjam Registered Member

    Joined:
    Aug 18, 2006
    Posts:
    9,057
    Location:
    North Carolina
    Ok, that may be. But would you not agree that my chances of actually getting hit by one are about as good as me winning the lottery.

    I mean everyone is testing and posting their stuff all over the place. Maybe I need to just get me a few pretty girls and start my own website for testing.

    The fact is, all can sway folks on how they choose a product and to me that is a half-truth. Honestly, I still look to AV-C for my testing results. I mean it is all meant to be taken in the context it was created. It is the sometimes bias creation that bothers me.

    Anyway, good to hear from you fcukdat, you know I value your thoughts.
     
  5. The Hammer

    The Hammer Registered Member

    Joined:
    May 12, 2005
    Posts:
    5,619
    Location:
    Toronto Canada
    I could go through their resumes and conduct the in person interviews for you.;) :D
     
  6. BoerenkoolMetWorst

    BoerenkoolMetWorst Registered Member

    Joined:
    Dec 22, 2009
    Posts:
    3,764
    Location:
    Outer space
    Like others said, sites like malwaredomainlist are not really useable for comparison testing, as the links are public, so vendors could check the site every hour/day and add detection for the samples.
     
  7. trjam

    trjam Registered Member

    Joined:
    Aug 18, 2006
    Posts:
    9,057
    Location:
    North Carolina
    well damn sam, that is where some of these so called testers state they get their malware.
     
  8. Triple Helix

    Triple Helix Webroot Product Advisor

    Joined:
    Nov 20, 2004
    Posts:
    12,011
    Location:
    Ontario, Canada
    There are many places: hxxp://www.kernelmode.info/forum/viewtopic.php?f=16&t=308

    USE AT YOUR OWN RISK!

    TH
     
  9. kjdemuth

    kjdemuth Registered Member

    Joined:
    Jul 29, 2005
    Posts:
    2,960
    Location:
    Boston, MA
    malc0de.com, support.clean-mx.de/clean-mx/viruses
    Excellent sites.
     
    Last edited by a moderator: Mar 14, 2011
  10. The Hammer

    The Hammer Registered Member

    Joined:
    May 12, 2005
    Posts:
    5,619
    Location:
    Toronto Canada
    What kind of site is this?
     
  11. J_L

    J_L Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    8,516
    Same kind as MDL
     
  12. The Hammer

    The Hammer Registered Member

    Joined:
    May 12, 2005
    Posts:
    5,619
    Location:
    Toronto Canada
    o_O Live link to a malware site?
     
  13. kjdemuth

    kjdemuth Registered Member

    Joined:
    Jul 29, 2005
    Posts:
    2,960
    Location:
    Boston, MA
    Its a link to the site. You have to go to search in order to get to the links. I've found that clean-MX.de is fresher than MDL and malc0de. All the links are good and aren't caught by DNS servers.
     
  14. icr

    icr Registered Member

    Joined:
    Sep 6, 2008
    Posts:
    1,588
    Location:
    Mumbai
    Its good that avira's http filter caught the links as I said earlier avira's main strength lies in its http filter and not in the scanning engine(still it is solid AV), trjam mind if you turn off you http filter and then try to punch the links, I am damn sure that many would not be working and if the link worked avira will fail to detect those programs:)
     
  15. Kernelwars

    Kernelwars Registered Member

    Joined:
    Aug 12, 2010
    Posts:
    2,155
    Location:
    TX
    I can help checking the backgrounds if ya''ll dont mind:)
     
  16. zerotox

    zerotox Registered Member

    Joined:
    Jul 16, 2009
    Posts:
    417
    This is absolutely not true! Avira's strength is exactly in its core AV engine. Most of the time I've used it with the Web-guard turned off and it caught everything it would have caught with the Webguard on (saw the references of co-forum mmbers who tried it with Http scanning on), of course with the exception of blocking malicious pages or exploits themselves (the on-access scanner takes care of the payload). Let's take the personal edition - it doesn't have a Webguard at all but still is at the top concerning detection and also highly rated at the RAP test of VB.
    Remember also what one of Immunet said here at Wilders - Avira may be the best coded AV.
    Webguard also relies on signatures, though there are separate updates for it. It enhances the protection offered but it's complete nonsense to claim that without it Avira's real-time scanner is weak. This can be said only by someone that has not used the program enough.
     
  17. King Grub

    King Grub Registered Member

    Joined:
    Sep 12, 2006
    Posts:
    814
    Avira is the AV that catches the most malware for me too, when I test -admittedly amaterurish, of course -, and it does so before the malware is written to the hard drive, with the Webguard.

    Norton, who seem to do very well in the Flash test, for example, rarely catches anything by signature detection, but blocks it upon execution (SONAR and/or unproven file insight).

    In the end it probably doesn't matter how they stop it, as long as they do.

    Still, I prefer detection before execution, not after, if I have to choose.
     
  18. icr

    icr Registered Member

    Joined:
    Sep 6, 2008
    Posts:
    1,588
    Location:
    Mumbai
    First thing I take every test with a pinch of salt, I don't trust 100% to any of the test taking place but I do enjoy reading the results and methods of testing. I never said that Avira being bad, its just that AV engine is not the main plus point. Infact what trjam said in earlier post of testing avira with some MDL links its the same way I too tried some months back when avira v10 was in BETA with some variations(fidgeting with some of settings). The page was blocked by avira but when you turn the web guard off the page is already dead.

    Many user still do have some or the other issues with the web guard (I don't know that this issue exist or not but couple of months back avira's webguard blocked the official web site of Barclays Premier League(EPL))

    This was a basic test, I have even mentioned in their BETA forums and also mailed my feedback the same through which they promptly replied also. And to make sure I tested avira for months during its BETA so I have a fair enough stint with it, all the claims that I have given are not biased but just have given my own experience

    Yeah even I have read that thread here, It may be or may not I leave it to security gurus but I have my own suggestion;)

    :) PEACE:)
     
  19. zerotox

    zerotox Registered Member

    Joined:
    Jul 16, 2009
    Posts:
    417
    Sorry if I've sounded a bit harsh, it's only software after all, but not according to official tests only (of course you can't make your judgment solely relying on them) but from my experience with the guard only, I don't think Webguard is the stressed strong point of Avira. It's their AV engine that's always been their strong spot.
     
  20. The Hammer

    The Hammer Registered Member

    Joined:
    May 12, 2005
    Posts:
    5,619
    Location:
    Toronto Canada
    I believe your correct. The engine is where it's at for Avira.
     
  21. Cvette

    Cvette Registered Member

    Joined:
    Apr 16, 2010
    Posts:
    373
    Location:
    South Carolina, USA
    Thanks for posting that. I'm about to run some more tests later in the week and that helps a lot!
     
  22. trjam

    trjam Registered Member

    Joined:
    Aug 18, 2006
    Posts:
    9,057
    Location:
    North Carolina
    well the one thing I do know is, you can expect if you wish, for your product to come out with a new version, model, whatever, every year, but it really makes no sense. These arent cars where you expect a new model every year. Take Defensewall, it isnt refreshed with a new paint job every year, but Ilya makes improvements as needed. That is the way it should work. Heck, you can add new modules to a product whenever ready instead of waiting for the new fresh paint job.:cautious:

    For Avira, if it aint broke, why fix it. When they are ready to try something new then just do it. It doesnt have to be tied to the Mayan calendar.;)
     
  23. Miyagi

    Miyagi Registered Member

    Joined:
    Mar 12, 2005
    Posts:
    420
    Location:
    Honolulu, Hawaii
    I thought they got rid of the NAG screen for the free version, but it still is back upon reading from different websites. They should get rid of this massive block ad and maybe do something less annoying like after a scan or incorporate into the gui like avast. This will bring more users to Avira.
     
  24. The Hammer

    The Hammer Registered Member

    Joined:
    May 12, 2005
    Posts:
    5,619
    Location:
    Toronto Canada
    It's not back with every update. Only at specific times as noted in a info release.
     
  25. The Hammer

    The Hammer Registered Member

    Joined:
    May 12, 2005
    Posts:
    5,619
    Location:
    Toronto Canada
    They could do a little Feng Shui with the UI and leave the internals the same.:)
     
    Last edited: Mar 15, 2011
Loading...
Thread Status:
Not open for further replies.