Avast WEBforum

Consumer Products => Avast Free Antivirus / Premium Security (legacy Pro Antivirus, Internet Security, Premier) => Topic started by: jhiker on April 21, 2006, 12:58:16 PM

Title: Anybody read this review...?
Post by: jhiker on April 21, 2006, 12:58:16 PM
The new issue of 'Computer Shopper' (at least I think it's Computer Shopper and not Computer Buyer - they are very similar) has just group tested leading a/v suites with particular emphasis on detecting Trojans. Avast gets completely hammered and comes out with a one-star rating. I've been a satisified Avast (Home) user for years and it's kept me out of trouble on several occasions. I've always been quite happy with it but it is really so much less effective than other a/v programs. I notice Kaspersky comes out particularly well and even AVG gets rated more highly.
Anybody else read the review?
Title: Re: Anybody read this review...?
Post by: RejZoR on April 21, 2006, 01:40:10 PM
These magazine tests are mostly full of shit (not nice word but thats how it is).
I trust only av-comparatives.org tests.
Title: Re: Anybody read this review...?
Post by: jhiker on April 21, 2006, 02:04:55 PM
Why?
Would you care to expand on that?
Title: Re: Anybody read this review...?
Post by: FreewheelinFrank on April 21, 2006, 02:21:08 PM
Computer Shopper is one of the leading computing magazines here in the UK, and, with respect, that sort of dismissal is not going to carry much weight with its readers.
Title: Re: Anybody read this review...?
Post by: TAP on April 21, 2006, 02:45:15 PM
In my opinion, most of tests/reviews from such magazine were not done by *real-antivirus experts* (real-antivirus experts such as Joe Wells, the founder of the WildList Organization), to make thing short, reviewers/testers from such magazine don't really know what they say or do, they just use their personal opinions or personal experiences that may based on wrong knowledge.

Do you think who can test/review an antivirus software better than real-antivirus experts who really know how malware and antivirus software work?  :)

Title: Re: Anybody read this review...?
Post by: OrangeCrate on April 21, 2006, 02:59:42 PM
Tap,

Your comments aroused my interest. I went to the WildList Organization website, and couldn't find any AV program reviews.

Would you be able to point me to a link where Joe Wells comments on avast!?

Thanks.
Title: Re: Anybody read this review...?
Post by: FreewheelinFrank on April 21, 2006, 03:02:47 PM
[Edit: I was actually refering to Tap's post here: sorry for any confusion!]

I don't really have much time for that sort of argument, sorry. I doubt if anybody would be claiming that authors from a major magazine "don't really know what they say or do, they just use their personal opinions or personal experiences that may based on wrong knowledge" if avast! had come out well.

Not so long ago people here were making excuses for avast! not passing the in-the-wild virus test, now people congratulate avast! when it passes.

I haven't read the review (I'll have to go out and buy the mag) but I'm certainly not going to dismiss it out of hand. avast! certainly needs to improve its detection rate, and I'm sure the writers at Computer Shopper know what they are doing.
Title: Re: Anybody read this review...?
Post by: OrangeCrate on April 21, 2006, 03:04:23 PM
Computer Shopper is one of the leading computing magazines here in the UK, and, with respect, that sort of dismissal is not going to carry much weight with its readers.

Frank,

I'm confused. If Computer Shopper is one of the leading computing magazines in the UK, why would their readers dismiss an article that trashes avast!?

Edit:

Frank, See post below.


Title: Re: Anybody read this review...?
Post by: jhiker on April 21, 2006, 03:12:53 PM
TAP

Hang on a minute..
It may be a simplistic view but surely an objective test - either a trojan is detected or it isn't.
Are you really telling me that it's possible to 'influence' the results to such an extent by doctoring the tests or manipulating the a/v sensitivity settings or something?
Even if it were, what's to be gained in a so called 'independent test' carried out by a respectable publication.

BTW - I looked at some past results on a-vcomparitives and Avast does indeed seem to score quite low for Trojan detection. I'm sure the Avast developers are aware of this and striving to improve things. I'm not denigrating Avast - i like it - I just want it to be the best!
Title: Re: Anybody read this review...?
Post by: Bascule on April 21, 2006, 03:17:54 PM
I picked this up in the News Agents today and leafed through.

I'm normally one for checking out the mags and reviews before going for a product and I've been using Avast! for a couple of years without any problems. So based on that I walked away thinking "must download Kaspersky tonight - what's £18 for a year when the product is streets ahead of Avast!"

But then I got to thinking. The results of that test seem to be at odds with pretty much everything else I've read, including other independent comparisons so perhaps I should stick with Avast! after all. I'm not sure what to do. Those mags do wield a lot of power when they publish this stuff and they really should do it responsibly.

 ???
Title: Re: Anybody read this review...?
Post by: TAP on April 21, 2006, 03:20:20 PM
Tap,

Your comments aroused my interest. I went to the WildList Organization website, and couldn't find any AV program reviews.

Would you be able to point me to a link where Joe Wells comments on avast!?

Thanks.


No, I didn't mean Joe Wells comments on avast! or something like this or the WildList Organization has any antivirus reviews. I just say I want real-antivirus experts who have more credibility in AV industry such as Joe Wells (and others) to do the most correct tests/reviews.

I don't applaud people or magazine who say avast! is good and blame others who say avast! is bad, I have to know how their methodologies that make such results. If their methodologies are acceptable and avast! fails, I would blame avast! for its flaws, but if their methodologies are flaw and avast! fails so is it fair for avast!?

And what I said in Reply #4 is just my opinion, anyone can or cannot freely agree.
Title: Re: Anybody read this review...?
Post by: OrangeCrate on April 21, 2006, 03:21:26 PM
Frank,

Never mind, I lost continuity between your post and RejZoR's (?).

Sorry.
Title: Re: Anybody read this review...?
Post by: polonus on April 21, 2006, 03:26:10 PM
Hi jhiker,

I also question the objectivity of such tests. What would you think that you have two of these tests and Bitdefender in the one test is number one, and in the other test is number final. It says something about the credibility. And then it is what you get out of the virus zoo to test the darned scanners with (in the wild). Furthermore you cannot compare apples with pears (heuristic scanners, the amount of packers detected, on the fly scanning, shortly there are so many features a scanner could have, how do you weigh the results?).
Don't pay too much attention, better put energy into a question how do I achieve the best results on my machine in the way of multilevel-protection.
I think if you have for instance one resident scanner like Avast, together with one non-resident open source solution like ClamWin, some online scanner regularly like BitDefender together with stinger.exe, and the free downloaded DrWebCureIt, together with in-browser script protection and siteadvisor, hyperlink pre-scanning installed, WebShield active, I think in that case we are talking shop, you are well protected, and you need not worry about test results. That is all IMHO.

polonus
Title: Re: Anybody read this review...?
Post by: jhiker on April 21, 2006, 04:16:38 PM
Joe Wells isn't sat at my computer... I am.

It's me who's doing the real-world testing on a day-to-day basis and I want to be sure I'm protected as well as I can be whether it's with Avast or an alternative...
Title: Re: Anybody read this review...?
Post by: jhiker on April 21, 2006, 04:20:13 PM

I think if you have for instance one resident scanner like Avast, together with one non-resident open source solution like ClamWin, some online scanner regularly like BitDefender together with stinger.exe, and the free downloaded DrWebCureIt, together with in-browser script protection and siteadvisor, hyperlink pre-scanning installed, WebShield active, I think in that case we are talking shop, you are well protected, and you need not worry about test results. That is all IMHO.

polonus

...or Kaspersky..?
Title: Re: Anybody read this review...?
Post by: DavidR on April 21, 2006, 04:45:05 PM
I too haven't read the review and I don't think I will be buying it just to read it, I'm here sat behind my keyboard, a happy avast user for two years and if avast were really bad, would I not be infected by now.

No I exercise caution and have a multi level approach to protection, I use avast, adaware, spybot S&D, spywareblaster, ewido and hijackthis on occasion as my main security programs; this backed up with exercising common sense should see most people right.

In some of the posts in this thread they are talking about trojans, now a trojan by its nature can be many things, adware, spyware, etc. and since avast is primarily an anti-virus program that happens to detect some other malware, it may well miss a trojan that is picked up by another AV but this is true for many AVs.

Yes avast can definitely improve its detections but does it make it bad, I don't think so. Some of the recent reviews from the likes of avcomparitives places AVGs detections below that of avast, yet this single review places it higher.

Now neither of this means they are bad AVs, just that in that particular test, not knowing how it was conducted and what samples were used, avast did less well. There is more to an AV than simple detection rate, yes it is an important factor, there are some that may well have great detections, but it doesn't provide email protection or P2P support, etc.

We all know (I hope), that prevention is better than cure so stopping a virus getting into you system is better than trying to remove it once established, so in this case better detection isn't necessarily going to protect you better. So all I'm trying to say is that you need to compare more than simply detection rate tests.
Title: Re: Anybody read this review...?
Post by: curious! on April 21, 2006, 05:21:26 PM
Hi,

Is there an excerpt or something like that on the Net. A link?

Difficult to discuss someting you havn't seen.  ;)

HL
Title: Re: Anybody read this review...?
Post by: FreewheelinFrank on April 21, 2006, 06:29:02 PM
Here's the review for anybody interested:

(http://donaldbroatch.users.btopenworld.com/howwetested.jpg)

(http://donaldbroatch.users.btopenworld.com/review.jpg)
Title: Re: Anybody read this review...?
Post by: FreewheelinFrank on April 21, 2006, 06:44:33 PM
Some info about the source of the malware here:

http://insight.zdnet.co.uk/internet/security/0,39020457,39239134,00.htm

Quote
MessageLabs antivirus team deal with a mixture of long and short-term projects running concurrently. Long-term projects include looking at different ways to roll out malware signatures over the company infrastructure and measuring the efficacy of other vendors' antivirus engines used by MessageLabs. Currently, the email monitoring company use antivirus engines from McAfee and F-Secure, having switched last year from Sophos.

Short-term projects arrive as-and-when for ad hoc fire-fighting. Every day MessageLabs stop 12,000 items that are not stopped by the antivirus engines alone. Dedicated mailservers are used to filter emails for malware by analysing how much 'chaos' is contained in the code. Good files such as legitimate updates have a different stat distribution within the code. If the code has a number of different values, it is classed as chaotic. "If the code has 64 bytes, and every single byte is different, then the code is likely to be malware," said Shipp. For example, bad files often have encryption, and look different from good files because they are trying to hide themselves.

MessageLabs also compares new code with its signature file databases, which is between 2GB and 3GB of information. This database is constantly being updated, "so having caught variant A, we're confident of catching B, C, and D," says Shipp.

Initially defining viruses is "processor intensive". MessageLabs take the potentially malicious code and analyse it. Unusual features in email immediately mark code down as being suspicious. "If the code has IRC, FTP and email — not many legitimate programs have all of those capabilities," says Shipp.

MessageLabs also look for profanity, and virus writer handles. "Virus writers have big egos — they like putting their own names into the code. This never appears in good files," he adds.

Knowing their code contains indicators has led hackers to attempt more subtle social engineering tactics to propagate malicious code, including sending links in emails. This circumvents this problem as the malicious code is not actually contained in the email. "That's why the bad guys are sending links," said Shipp. One example of social engineering tactics is an email pretending the recipient has been sent an e-card. When the person clicks on the link to the card, they are redirected to a site containing malware, and infected.

MessageLabs work around this by detecting if the links have been obfuscated in an email to hide the URL or URI of the site the user would go to. There is also a link-following system which feeds into a discrete network that is dedicated to analysing the links.

Antivirus knowledge is also increased by MessageLabs sharing virus information with other companies, and law enforcement agencies. The company provides virus samples to sharing networks such as AV Gurus. This site maintains and publishes a collection of viruses using PTP encryption, and can only be accessed by legitimate users, according to Shipp.

The threat landscape: A new threat that the antivirus team has seen are data-stealing Trojans sent in spam. The email only has to be opened and the Trojan — hidden in a word document — is activated. These are being repeatedly sent to banks and government agencies in the hope that some information can be stolen.

So the malware used to test was caught by McAfee, F-Secure or MessageLabs themselves.
Title: Re: Anybody read this review...?
Post by: RejZoR on April 21, 2006, 08:34:25 PM
Why noone ever cares to try to understand the program? They are all talking about skinned inteface but no one cares to tell that there is also normal, non skinned and non "futuristic" interface.
Thats why i call all reviews BS. Testing AVs is not about installing them and quickly judge (and misjudge them), but in actually understanding them, learning what specific features do and so on.
Title: Re: Anybody read this review...?
Post by: OrangeCrate on April 22, 2006, 12:05:29 AM
Hmm...

I don't profess to be an expert on anything, but, it looks like an objective evalutation to me.

However, avast! plus the "wonderful three" are working for me. I don't think I'll change a thing.

Interesting read though.
Title: Re: Anybody read this review...?
Post by: DavidR on April 22, 2006, 12:27:10 AM
When talking about a futuristic looking interface (non--standard interface, what the hell is a standard interface, there is no such beast ?), the review becomes subjective and not objective,
Title: Re: Anybody read this review...?
Post by: curious! on April 22, 2006, 12:54:45 AM
Part of the test seems to be subjective in my opinion.

But it also states that Avast is not the best trojanscanner in the world.  :(

I don't think that's something new, lets hope on improvements in that area.   :)

Personally I will continue to use Avast because I like the most of it.

But let's face the facts, too. Not everything negative about Avast needs to be wrong.  ;)

HL
Title: Re: Anybody read this review...?
Post by: OrangeCrate on April 22, 2006, 12:57:06 AM
DavidR,

I wasn't referring to the interface (I agree with you), but Message Labs' definition of the Malware used in Computer Shopper's test, the testing procedures outlined in the "How we test AV software", and the testing results outlined in the second to the last paragraph in the article.

If you can get past the interface, and care to comment on how and why the testing procedures and results are flawed, I'm all ears, and happy to learn.

Thanks.
Title: Re: Anybody read this review...?
Post by: DavidR on April 22, 2006, 01:29:58 AM
And I wasn't replying directly to you or I would generally use a quote.

I still don't see any detailed mention of what was tested and how it was tested, however, I didn't mention anything about the AV tests themselves because I don't know what and how the tests were conducted. I did however agree that avast could improve detections previously.

Quote from: DavidR
Yes avast can definitely improve its detections but does it make it bad, I don't think so. Some of the recent reviews from the likes of avcomparitives places AVGs detections below that of avast, yet this single review places it higher.

But when a summary lists only three items, Free, Detections, Non-standard Interface, two out of three have no barring on the effectiveness of an AV and to me that isn't objective, sorry if you think differently.
Title: Re: Anybody read this review...?
Post by: drhayden1 on April 22, 2006, 01:54:50 AM
or norton............
or panda............
or trend micro....
or......stick with avast
i saw the review and i still have my avast! pro and its staying there ;D 8)
Title: Re: Anybody read this review...?
Post by: OrangeCrate on April 22, 2006, 01:55:48 AM
DavidR,

No offense taken from this end. Different views are the spices of life. My apologies if you read that into my post.

Frank was kind enough to post the article, and the Message Labs' methodology on providing the raw data for the test. It was that info I based my comments on. In my opinion, there's enough meat there, for someone who knows a lot more than me, to comment on the effectiveness of the testing. I'm not going to take the time to look them up, but I have vague memories of a couple of other marginal reviews in other publications recently. So, I'm interested, but as I mentioned in an earlier post in this thread, unmoved by the article.

You're correct, that you don't really know for sure what they did, unless you're looking over their shoulder when they're doing it, but when I said I'm all ears, and willing to learn, that's what I meant, and why I read this forum.

Title: Re: Anybody read this review...?
Post by: Vlk on April 22, 2006, 05:18:32 AM
We don't like the way the review was written, and for that reason, we have contacted its author and asked him to explain some of its points. Also, Eda (our CEO) will probably be meeting him during the next week (in London). Let's see what the results will be like...


Thanks
Vlk
Title: Re: Anybody read this review...?
Post by: scaa on April 22, 2006, 05:23:30 AM
I have neither read the review nor am that  competent a person to comment on the efficacy of the review.
I however feel avast is THE BEST
However we should not be complacent about negative comments and the ALWIL team should endeavour to improve the product so that  scope is not given for commenting on basic functions of the antivirus
LONG LIVE AVAST
Vlk, please keep us posted on the result of the meeting
Title: Re: Anybody read this review...?
Post by: curious! on April 22, 2006, 09:56:15 AM
By rereading what was written, I agree upon that the presentation was not good.  :(

I f you read the excerpt, and know nothing about antiviri programs, you might get the impression
that Avast generally speaking is a one star(out pf 5), which I of course know is VERY misleading.

IMHO I would Give Avast 4 stars out of 5, with a user interface and ease of use that I
like very much. After rereading, they focus on lack of trojandetection in the text, which is not the stongest part of Avast, as stated many times on this forum.

I must admit that I thought the "one star" was because the trojans that went through.
I understand now that I have misintepreted the presentation, and then I totally agree that
the conclusion is wrong, looking at the whole of Avast.

If I misintepreted the results, I suppose others might do,too... ;)

Keep on the good work.

HL
Title: Re: Anybody read this review...?
Post by: FreewheelinFrank on May 03, 2006, 09:07:18 AM
The review is now available online:

http://www.computershopper.co.uk/labs/220/anti-virus-exposed/products.html
Title: Re: Anybody read this review...?
Post by: alanrf on May 03, 2006, 09:16:24 AM
Hmmm ... I dislike the AVG interface and compared with this forum the AVG forums might as well not exist (I cannot like forums that tell you the conditions on which you may be graciously permitted to post - and no, it was not like that when my sticky in their mail forum was reposted at their request).

However, if they are rated that highly (and at the same price point as avast) I suppose I should give their product another look.
Title: Re: Anybody read this review...?
Post by: Vlk on May 03, 2006, 10:45:50 AM
Alanrf, that was a joke, right? :)

I mean, do you really think this review is relevant? We now have their official reaction to our objections, and it makes me even more confident that the "test" is one of the worst conducted I've ever seen...

It turns out that avast missed 6 (six) samples from their collection, and that was enough to score worst in the test. I can only wonder how many samples in total there were in such a "collection". Twenty? Fifty? :)

Title: Re: Anybody read this review...?
Post by: RejZoR on May 03, 2006, 10:56:52 AM
Vlk, i bet there was just 6 samples lol ;D
Title: Re: Anybody read this review...?
Post by: alanrf on May 03, 2006, 11:20:35 AM
Vlk,

you may have noticed that some us (including RejZoR) do sometimes look at what other products are doing and how they are looked at by the community.  The fact the we are still here in these forums speaks highly of the loyalty that your product has created in us, by its quality and the sustained efforts of your team in managing, maintaining and developing the product and your willingness to actively interface with us, your user community. 

OK, you are now waiting for the inevitable "but" that negates all I have just said.
There is none ... I just think that, as your users, it our job as much as yours to keep your team on its toes. 

If another product is faster than you with virus updates ... we should ask why you are lagging ... if another product can scan faster than yours we should ask why ... if another product can make it simple to terminate encrypted mail safely and scan it then we should ask why you do not.  So, it is up to us too to look at what the others are doing ... not just your folks. 

Besides ... some of us don't get to visit Redmond several times a year and attend  all the other major gatherings (any more in my case).  We just have the time to look at this stuff on the web ... the good analysis, the crap reports and the plain biased ones.

Would you really want a forum that that was not a pain in the rear end?   

     
Title: Re: Anybody read this review...?
Post by: Vlk on May 03, 2006, 11:42:54 AM
I have absolutely no objections about you (or anyone else) trying, OR using, any other AV product, of course... It's just that I'd find it a bit funny that someone (especially someone so proficient in the matter) would do anything after reading this particular review. :) ;)

In reality, tell me a name of an arbirary AV, and I will be give you not six, but six thousand samples it does not detect.
Title: Re: Anybody read this review...?
Post by: alanrf on May 03, 2006, 11:51:43 AM
Thanks Vlk, you got my point and I get yours - it wasn't so much a case of believing that report (since I disbelieve most of them on sight) - it was one of nudging me that avast is getting to me like an old pair of slippers and I really should should be out there looking at what is new.

You know - I really think I am becoming an avast evangelist - something I promised myself I would never become.
Title: Re: Anybody read this review...?
Post by: OrangeCrate on May 03, 2006, 12:29:19 PM
We don't like the way the review was written, and for that reason, we have contacted its author and asked him to explain some of its points. Also, Eda (our CEO) will probably be meeting him during the next week (in London). Let's see what the results will be like...

Any specifics from this meeting that you can share with us? Particularly, anything from their "official reaction" besides the six samples nonsense you mentioned in your later post?
Title: Re: Anybody read this review...?
Post by: Dwarden on May 03, 2006, 01:33:49 PM
this just leads back to what i keep suggesting and awaiting for long time :)

different system of suspicious file to upload/analyze and faster response times
 (ie addition of "suspicious/riskware" detection sets)

it just feel strange that i have in archive sitting trojan spamming tool element
from active infection sent to avast 3 months ago ,
most others AV detect it in some form yet Avast! itself still not ...

and that's why answer on question what's best AV something in style
" KAV, NOD32, (sometimes Dr.Web) and THEN avast!".
IT really not matters on some details (KAV false positives, NOD32 hype or missing files)
noone of them can be called perfect and as standalone to protect enough.