What's up with AV-Comparatives

Again, why would I care?

The approach works. They're constantly at the top of tests, have a reasonably low FP count, and their heuristics are nigh well unmatched. I think I can live with a bit of "laziness" on their part.

 

To make things clear - Avira is NOT "using a computer to add basically anything to the database", that's pure nonsense, end of story. In fact, I don't know any vendor who'd just add "basically anything" submitted automatically, the guy who's claiming this should either provide some specifics or not spread FUD.

 

Yes but how many legitimate software uses those packers?This is where avira is good,i agree with the FP's but the only place i seen FP's from avira is keygens.It wasn't as many as now a few months ago,but i agree with saberfox.Avira is not on a rampage against legitimate software,there are other products with more FP's.

 

There are companies that add signatures automatically if some bigger/famous vendors detects it. Ikarus, VBA32, Rising for example. They don't even bother using different names for the detections. This leads to many FP's and crappy signatures because the sigs are created by computers/automated systems. Probably by simply reading the file from memory or dumping it from memory, and then selecting some certain number of bytes/string and use it as a signature.

 

Well, that's something different that using "anything submitted" Ikarus has horrible issues w/ FPs, VBA32 - well uh, their detection rate is a big fail regardless how many signatures they "steal" from other products, so I wouldn't use it FPs or not... Rising, didn't have time to test.

 

Nonsense. Dr.Web has even more packer based generic detections than Avira. Over 600, most likely over 650 by now. Avira has less than 250. KAV has plenty of packer/cryptor detection. NOD32 has, so does Bitdefender, VBA32, Symantec, Mcafee and all the others. You are not able to tell if it's a packer/cryptor based detection by just looking at the name! Because there is no "Packer", "Crypt" or something like it in the malware name that does not mean the detection is not cryptor based. Maybe you should perform some tests how the actual detection works... You would be surprised...

BTW, if you require your AV to perform cleaning of your system, it already has failed you. What good is cleaning malware, when the cleaning just kills the malware files and registry keys? What about your stolen private data, credit card numbers, serials, login/accounts? Can those fine repairs fix those things too?

Avast and no fps? In my daily work with malware & clean stuff, I see plenty of Avast FPs.

 

It's a bit difficult to understand why so many people here get infected by viruses, I've had only only incident in the past 12 months when a malicious piece of javascript tried to download a trojan, but that was caught in time. Even before that I've encountered only about 3 infections, with OLD antivirus software.

I was using the McAfee Virusscan Plus at the time, I know it's not very popular here. I still have it, for lack of something better (keeping in mind my current hardware and software setup) and that I've already paid for it.

On the other hand, the amount of spyware and adware infections was staggering, except for the past year or so, when I ditched the Spyware Doctor and got a more sensible setup, which currently includes McAfee and the reviled Spy Sweeper 5.5.7. Plus I added some common sense.

I suppose most people here know a 'lot' about security, so I wonder how they get their antivirus to detect infections ?? A year ago I knew only a fraction of what I know now.

 

Hello,
i wondered if you would show up.
so you think detecting everything is the answer?
FYI kaspersky and before that f-secure have never failed me.

i never said companies like drweb and kaspersky dont use packer/cryptor detection.

the other day kaspersky detected malware by heristic detection. i sent it to kaspersky to get it checked. turns out they already had a signiture detection for it and told me to update the program. the signiture detection has a proper name rather than trojan.gen and also it means kaspersky can add removal routines for that malware.

i remember when drweb was talking about being the first to detect and remove a certain rootkit. you just added a rootkit.gen detection for it. that isnt useful at all. if that is found in an on demand scan and avira cannot clean it the user has no idea which rootkit it is so cant find a removal tool.

thats if it can even detect the rootkit when it is active.

99percent of home users dont have imaging software so they cannot just rollback to before the rootkit infected the computer. so if you cannot remove the malware it will continue to steal information from the user such as credit card details etc. thats even worse.

do you really think you can detect all malware all the time without any fp's which could be the only version of that file?
get real malware is on the increase all the time so at some point a user will get infected wont have a backup of the computer and will need to clean the machine.

 

Any AV has false positives. Though i all these years with avast! i had maybe 4 or 5 of them in real world conditions and i try quiet a lot of programs.
And they always got fixed in day or two tops.

 

if you require cleaning?........ says it all.

sorry, but you product misses more than IBK seems to think.

im sure the other AV's could come on here and slate your methods of 'protection', although wouldn't this then be labelled as un-professional?

I Think your falseifying your 'true protection'.

 

also, no AV with 'many' Fp's on IBK's test should be given Advanced+

looks like he has changed his methods too.

on the proactive test, 'many' FP's would lower an AV rating to STANDARD, so i wouldnt be too happy with your certifcation either.

 

and your product has an on-demand scanner why?

 

Damn Stefan, I think what most are saying is, detect and clean go hand and hand, seamlessly. Detect, then clean all remnants. This is exactly what has gotten my goat with Avira for a long time. Put all the BS aside. Avira looks through a very narrow telescope, the suite is proof of that. Mele tried, and I ridiculed him, to try and get you folks to make better what you had, but no one heard him. Cleaning doesnt mean you are screwed. Geez, you are such a great gentleman and I respect the hell out of you, so this is hard. Enjoy the view at the top, because it is a hard damn fall on the way down. Eset at least caught themselves half way down.

And screw my avatar. Lets settle this blooming issue once and for all. Read my lips please. I use the Eset Suite. Not AVIRA, not NORTON, not F-SECURE, but Eset.

 

I hate to say this, but , ROTFLMAO

 

Why this very sudden change?

 

You obviously don't know trjam. He changes his av every week, sometimes daily. I believe it was norton yesterday.

 

there isnt a change, ok. I have licences for frigging everything here, and I do like Avira, but Eset or Nod is really my choice. Now back to this thread. It seems the Norton folks cant enjoy a moment of rejoice because of all the frigging Avira folks pissing in. It was the same for Eset when they got the glory. People use to piss on their parade.

Avira is tops in detection, no one can dispute that. They suck at cleaning but feel that isnt important, their choice. Norton has been at the bowels of a donkey because of their past, and now, they finally have something to cheer about. They detect, clean, and have risen the bar for all the rest. Let their folks enjoy it.

Let their folks enjoy it.

 

I think it's a good choice...btw you made reference to a post by marcos could you PM me reference the post...thanks...

 

I have no problem pointing to it. Here

He needs to stick his chest out and show some frustration. People can say what they want, but Eset started this frigging change in AV perception anyway, and before to long, will raise the bar again. It is nice to see him speak from the heart, instead of the support side.

 

So detecting 2 variants of OnlineGames as OnlineGames.SABC and OnlineGames.SDEF helps the user how? Strange, people here advice it is more important to put weeks into analysing a single (!) malware while in the meantime, your customers are not protected against 100.000s of other new malware. That it's better to have 100.000 of signatures in your database instead of 10 generic detections that possibly protect you against future variants?
Some people really have a weird logic, indeed... And then complain about bloated AV programs that use too much memory? Hm...

There are gigabytes of new malware samples every single day. Anyone who believes you can analyse and add detection for every single sample without any automation must be nuts! Or must have that time bending machine that kaspersky obviously hide in their labs ;-) Well, or you must be Microsoft and can hire an army for your virus lab. How many people work in the Dr.Web vlab, again?

trjam, we do add cleaning for important malware (that actually came from customer computers) and keep improving the general repair abilities. But I don't get it. It's like a burglar breaking into your house, smashing the front doors lock and messing your rooms, stealing things. So when you fix the lock and put in new windows it's all ok? You don't care about the stolen things??! That's what "repairing" todays malware is - fixing just the obvious things. Users have to understand about the side effects! Is that so hard to understand?

 

no problem, but my thought is, when the burglar breaks the door down, you blow him away, on entry, before he steals anything.

 

I try others always end up back at ESET either the suite of AV+loon n stop , I always run SAS with it, it works for me...

 

I know him, for some time now. I was just wondering because he was praising Norton that much

 

Don't worry Jeff.
It's ok.

 

its quite rare for malware to take weeks to analyse and create removal for.
btw its more like zip#card.scr_ and Trojan-Downloader.Win32.Small.acyi
the first one is a very loose name. the second one is a clear name and can easily find out more information.