Avast WEBforum

Consumer Products => Avast Free Antivirus / Premium Security (legacy Pro Antivirus, Internet Security, Premier) => Topic started by: Texas-Hansen on May 28, 2009, 04:32:32 PM

Title: What happened to Avast in the latest AV-Comparatives Pro-active Test?
Post by: Texas-Hansen on May 28, 2009, 04:32:32 PM
What happened to Avast in the latest AV-Comparatives Retrospective/Proactive Test (May 2009)?   http://www.av-comparatives.org/comparativesreviews/main-tests

Avast only scored a 42 and was rated "Standard"...even MS's One Care scored higher.  Avast seem to also have lots of false positives.  Doesn't seem like the Avast I know and use but those are the results.  Has Avast let down its guard or made changes that have not worked well, or have the other companies been quicker to develop better products? 
Title: Re: What happened to Avast in the latest AV-Comparatives Pro-active Test?
Post by: DavidR on May 28, 2009, 04:36:12 PM
This has been reported in another topic.

Short answer, nothing as most AVs take a big hit in the retrospective rather than on-demand test.

See my reply in that, http://forum.avast.com/index.php?topic=19387.msg382529#msg382529 (http://forum.avast.com/index.php?topic=19387.msg382529#msg382529).
Title: Re: What happened to Avast in the latest AV-Comparatives Pro-active Test?
Post by: igor on May 28, 2009, 04:38:23 PM
The false positive test is actually old - it's the same (and equally questionable) as here (http://forum.avast.com/index.php?topic=43589.0).
Title: Re: What happened to Avast in the latest AV-Comparatives Pro-active Test?
Post by: Lisandro on May 28, 2009, 07:36:55 PM
Won't they listen to you?
Is av-comparatives credibility decreasing? ???
Title: Re: What happened to Avast in the latest AV-Comparatives Pro-active Test?
Post by: Omid Farhang on May 28, 2009, 07:53:12 PM
well False Positive thins is one side and caused avast! to get lower award, but there are one other fact and it's other numbers...

usually avast! was No.2 in detecting rate and Free version was the reason everyone liked it, the No.2 in detection rate + Free version was every user like and going to use avast! and avast reached to +75M registered user.

but now... what's happened to database and the number "42%" in score. we have seen some report of missed samples in forum and of course thanks to alwil team we have seen some treat that ONLY avast! CAN DETECT THEM. we should see GOOD and BAD both.

I'm not that much expert and don't know why Microsoft OneCare is Advanced+ (because of very few FP) and the number 60% in total score. but this nice AV (avast!) get lower than it... you friends explain me by true and honest review/opinion
Title: Re: What happened to Avast in the latest AV-Comparatives Pro-active Test?
Post by: igor on May 28, 2009, 07:59:23 PM
I'd say you should read the description of the test more carefully ;)
This is a pro-active test - i.e. the scan was performed (on new virus samples) with a three-months old virus database.
Title: Re: What happened to Avast in the latest AV-Comparatives Pro-active Test?
Post by: Lisandro on May 28, 2009, 08:32:32 PM
I'd say you should read the description of the test more carefully ;)
This is a pro-active test - i.e. the scan was performed (on new virus samples) with a three-months old virus database.
What are they testing in this situation could be anything but the real situation for an user... sorry... I can understand you can't run a test for future versions of malware, but testing with an old virus database is not the common user situation. Besides, we know that avast heuristic and proactive compared to other ones isn't the great one, specially if in a test it depends on signatures like in this case.

Igor, it was a relief with your explanation.
Title: Re: What happened to Avast in the latest AV-Comparatives Pro-active Test?
Post by: Omid Farhang on May 28, 2009, 08:48:06 PM
I'd say you should read the description of the test more carefully ;)
This is a pro-active test - i.e. the scan was performed (on new virus samples) with a three-months old virus database.


I'm sorry, but it says:
Quote
The products used the same updates and signatures they had the 9th February, and the same highest detection settings were used.
it did not said avast! was old and others are new, so, it's same about all, all database was old and viruses was same for all...
Title: Re: What happened to Avast in the latest AV-Comparatives Pro-active Test?
Post by: scythe944 on May 28, 2009, 08:53:42 PM
right... they were ALL out of date.  Still, what's the point?  If you can browse the web and potentially get malicious software installed on your computer, then why would you have out of date definitions for your virus database?  I mean, if you're browsing the web, then your A/V program should have access to the internet too, and it would have updated itself by then.

The only reason avast may be low on the list is because the definitions were out of date, and it doesn't use heuristics to find "potential" viruses. If it doesn't know about them, it can't detect them.

I think it's just a dumb test.  It doesn't prove anything, other than how many new malwares have been added since the last time they updated the definitions on the test computers.  So what?
Title: Re: What happened to Avast in the latest AV-Comparatives Pro-active Test?
Post by: Reductase on May 28, 2009, 08:54:32 PM
The idea is that zero-day malware will not have signatures in the database immediately but behavior blocking/heuritics can help improve the AV for these and this attempts to help measure that.  Avast has routinely scored in the 40% range for this test since some of the newer malware is a variation of older ones and the signatures can catch some of those.
Title: Re: What happened to Avast in the latest AV-Comparatives Pro-active Test?
Post by: Lisandro on May 28, 2009, 09:00:51 PM
it did not said avast! was old and others are new, so, it's same about all, all database was old and viruses was same for all...
Sure. Igor understand that.
Just that this is a test, not a real scenario.
Title: Re: What happened to Avast in the latest AV-Comparatives Pro-active Test?
Post by: igor on May 28, 2009, 09:01:16 PM
Yes, of course all antiviruses had old databases, I didn't say it was just avast!. I was just trying to say that if you don't update the virus database for 3 months, you can't expect 99% detection on current malware (and only current - older was excluded, at least as much as possible).
Also, it's nothing you can change by quickly adding submitted samples.
Title: Re: What happened to Avast in the latest AV-Comparatives Pro-active Test?
Post by: Omid Farhang on May 28, 2009, 09:08:18 PM
Yes, of course all antiviruses had old databases, I didn't say it was just avast!. I was just trying to say that if you don't update the virus database for 3 months, you can't expect 99% detection on current malware (and only current - older was excluded, at least as much as possible).
Also, it's nothing you can change by quickly adding submitted samples.


Thanks, now I got it,
but my question is why avast! went down in compare to other products in that time? I'm not saying why it's not 99%, I'm asking why it's lower than other products, I know you work hard to add all new virus samples and I appreciate it.
Title: Re: What happened to Avast in the latest AV-Comparatives Pro-active Test?
Post by: Mike Buxton on May 28, 2009, 10:41:43 PM
Hi,

The test strikes me as being clueless, useless and pointless. It was, in any event careless, since it neither included all the major players nor was the reason for such exclusion explained.

There would be little point in using any of the tested products were the effective detection rate genuinely some 70% at best. However, Avast does not give Hackers a three month's start and Avast is consistently ranked in top handful by meaningful tests.

I do not even have any confidence that the False Positive results are worthwhile.

My regards

 

Title: Re: What happened to Avast in the latest AV-Comparatives Pro-active Test?
Post by: calcu007 on May 29, 2009, 01:53:20 PM
Thanks, now I got it,
but my question is why avast! went down in compare to other products in that time? I'm not saying why it's not 99%, I'm asking why it's lower than other products, I know you work hard to add all new virus samples and I appreciate it.

If you read the report there is part where it explain that antivirus programs now days use some type of heuristics,hips, behavior analysis,behavior blocker, HIPS, complex generic signatures and not only simply signatures to detect new/unknown malware. In Avast case, it uses generic signatures(if i am not wrong). Maybe the lack of some type of heuristics or better generic signatures affected Avast results.
Title: Re: What happened to Avast in the latest AV-Comparatives Pro-active Test?
Post by: Lisandro on May 29, 2009, 01:58:32 PM
Maybe the lack of some type of heuristics or better generic signatures affected Avast results.
Sure. You're right. Maybe we can sleep in peace with avast 5. It should have a better heuristic (proactive) detection.
Title: Re: What happened to Avast in the latest AV-Comparatives Pro-active Test?
Post by: cinchez on May 29, 2009, 02:14:00 PM
Tests?

With only numbers and words?

Sure, u can believe it^^

^^Its just a test^^It doesnt really matter^^

Thus,avast! didnt loose its credibility and is still doing its best in protecting us in the labyrinth^^

Title: Re: What happened to Avast in the latest AV-Comparatives Pro-active Test?
Post by: IBK on May 29, 2009, 05:08:29 PM
just to clarify to those that were not able to read the report for various reasons: its not 3 months old AV's, its max. 1 week old.
Title: Re: What happened to Avast in the latest AV-Comparatives Pro-active Test?
Post by: Hally on May 29, 2009, 05:41:56 PM
Hi  :)


I don't bother to read those test results .. Coz I just don't trust them!  :-\

It doesn't seem to matter... Where they're from, who did them, how they were done, what they were done on.
They Always Smell - Fishy!  >:(

Just For Instance!
Has any of you ever been to the Symantec forum?
And seen how many people are always getting infected  ::)
Also!
I had NIS 09 on my laptop for approx 4 months ... Had 3 False Positives  :o

I've now had Avast Home for about the same length of time ... False Positives = 0  8)

Experience and Forums - Speak Louder Than... Fishy Tests!  ;D
Title: Re: What happened to Avast in the latest AV-Comparatives Pro-active Test?
Post by: cinchez on May 29, 2009, 05:47:19 PM
@Hally

Totally dude^^

Well said^^

-AnimeLover^^
Title: Re: What happened to Avast in the latest AV-Comparatives Pro-active Test?
Post by: NAMOR on May 30, 2009, 10:51:47 PM
Hi  :)


I don't bother to read those test results .. Coz I just don't trust them!  :-\

It doesn't seem to matter... Where they're from, who did them, how they were done, what they were done on.
They Always Smell - Fishy!  >:(

Just For Instance!
Has any of you ever been to the Symantec forum?
And seen how many people are always getting infected  ::)
Also!
I had NIS 09 on my laptop for approx 4 months ... Had 3 False Positives  :o

I've now had Avast Home for about the same length of time ... False Positives = 0  8)

Experience and Forums - Speak Louder Than... Fishy Tests!  ;D

I'm not here to say anything bad about Avast but, if you got to any AV vendors forum you see threads about infections and false positives. Even this forum has them.
Title: Re: What happened to Avast in the latest AV-Comparatives Pro-active Test?
Post by: cimmind on June 10, 2009, 11:45:48 PM
Hi  :)
I had NIS 09 on my laptop for approx 4 months ... Had 3 False Positives  :o
I've now had Avast Home for about the same length of time ... False Positives = 0  8)

I just had a small q to ask.. How does one know that an alarm is a false positive

I mean, in statistics we have a concept that we compare to a Gold Standard test to say if a result is a false positive. If we have just Avast as an AV on our computer (or any other AV as a single AV program, as usually happens) can we be certain that the alarm is a false positive?

How does the guy i have quoted from (assuming he is a common user) say that 'false positives = 0' instead of 'positives = 0' ? 
Title: Re: What happened to Avast in the latest AV-Comparatives Pro-active Test?
Post by: DavidR on June 11, 2009, 12:08:05 AM
First based on the file name and its location and if it is something that you know and has been on your system for a while, that would give rise to investigate further.

So checking against just one other isn't good enough.
So check the offending/suspect file at: VirusTotal - Multi engine on-line virus scanner (http://www.virustotal.com/) 39 different scanners and report the findings here the URL in the Address bar of the VT results page. You can't do this with the file securely in the chest, you need to extract it to a temporary (not original) location first.
Title: Re: What happened to Avast in the latest AV-Comparatives Pro-active Test?
Post by: cimmind on June 11, 2009, 12:31:38 AM
Thanks David. You always provide the most lucid answers..

One thing.. if i fiddle around with a possible false positive file, eg. in removing it from vault, posting it on the site you mentioned etc.; is there any chance of it causing infection or is it that only clicking on a file can lead to infection?

If you could help me with a related matter, i have set autorun disabled on all my removable drives. I have to use my pendrive on a known infected computer at office, and i use it to carry material from my home comp to office. What i do is to format it always before opening on my home comp. So far it works, but is there a theoretical chance of getting virus by merely inserting the pendrive? (The obvious disadvtg in my method is that the pendrive can only be used oneway, it cant be used to carry material from other comps to mine)     
Title: Re: What happened to Avast in the latest AV-Comparatives Pro-active Test?
Post by: mkis on June 11, 2009, 12:34:42 AM
Hi Cimmind.

The reference to false positive can be be misleading at times, since the term is used in more fields than just computers.

Anyhow, try this - false positives=0, therefore positives=1 (one detection of malware)

Not long ago I referred to an example as false positive, which was really a false negative - that is, the message generated to screen is malicious but posing as a genuine Windows, asking for delete or not delete of a necessary system file. A false negative. I haven't been back to edit my example as yet but this prompt from you may help.

Here is situation put in terms of Type I and Type II errors, which is probably bit clearer.

http://en.wikipedia.org/wiki/Type_I_and_type_II_errors#Statistical_error:_Type_I_and_Type_II (http://en.wikipedia.org/wiki/Type_I_and_type_II_errors#Statistical_error:_Type_I_and_Type_II)


Given of course that false positive takes on an own particular meaning once applied in AV /S
Title: Re: What happened to Avast in the latest AV-Comparatives Pro-active Test?
Post by: cimmind on June 11, 2009, 01:04:39 AM
That was a interesting post mkis!

And i perked up on seeing the reference to type I and type II errors! Interestingly, while we are always taught that a false positive is a more cardinal sin than a false negative, in terms of antivirus it would be the other way round. Because here the test object itself is negative i.e. 'anti-virus'. Whatsay? Hope u get the funda.

Btw, i would beg to differ with what u stated. 'false postive=0' would not imply that 'positive=0'
It may be:
Positive alarms = 1   True P =1   False P=0
Positive alarms = 0   True P =0  False P=0  !

Title: Re: What happened to Avast in the latest AV-Comparatives Pro-active Test?
Post by: Lisandro on June 11, 2009, 01:05:21 AM
One thing.. if i fiddle around with a possible false positive file, eg. in removing it from vault, posting it on the site you mentioned etc.; is there any chance of it causing infection or is it that only clicking on a file can lead to infection?
You shouldn't open or execute the file. The only safe option will be open www.virustotal.com in your browser and access the file from there.

If you could help me with a related matter, i have set autorun disabled on all my removable drives. I have to use my pendrive on a known infected computer at office, and i use it to carry material from my home comp to office. What i do is to format it always before opening on my home comp. So far it works, but is there a theoretical chance of getting virus by merely inserting the pendrive? (The obvious disadvtg in my method is that the pendrive can only be used oneway, it cant be used to carry material from other comps to mine)
Yes, you can get infected with the merely fact of inserting the pendrive.
Let your USB drive plugged and run Autorun Eater (http://www.softpedia.com/get/Security/Secure-cleaning/Autorun-Eater.shtml) or Flash Disinfector (http://download.bleepingcomputer.com/sUBs/Flash_Disinfector.exe), allowing them to clean up all drives. They would create hidden folders named autorun.inf in each partition and every USB drive plugged in when you ran it. These folders protect your drives from future infection. After that, reboot your computer.
Title: Re: What happened to Avast in the latest AV-Comparatives Pro-active Test?
Post by: cimmind on June 11, 2009, 01:20:40 AM
Yes, you can get infected with the merely fact of inserting the pendrive.
Let your USB drive plugged and run Autorun Eater (http://www.softpedia.com/get/Security/Secure-cleaning/Autorun-Eater.shtml) or Flash Disinfector (http://download.bleepingcomputer.com/sUBs/Flash_Disinfector.exe), allowing them to clean up all drives. They would create hidden folders named autorun.inf in each partition and every USB drive plugged in when you ran it. These folders protect your drives from future infection. After that, reboot your computer.

Tech, seeking your clarification on this point. What i infer from your post is that the danger is not from inserting the pendrive, but only if the autorun.inf file (or autorun.bat file that i have seen known infected drives to carry) gets activated.

As i stated, i have autorun disabled. Also, i have "Panda USBVaccine" (http://download.cnet.com/Panda-USB-Vaccine/3000-2239_4-10909938.html) which i think does the same job as the software you mentioned. The first thing i do after inserting the pendrive is to immediately format it. Still the risk is there?
   
Title: Re: What happened to Avast in the latest AV-Comparatives Pro-active Test?
Post by: mkis on June 11, 2009, 01:43:35 AM
Quote
false positives=0, therefore positives=1 (one detection of malware)

I stick with my above statement, my friend. A bit blunt, true, but works for me.
And I wont try to argue the pure stuff with you because I will be well out of my depth.

BTW, I have been in those situations like you have at work. What do you do? Hard not to do something and yet is really not your responsibility either. At times I would just say my bit - then watch as they charge the system with AVG Free more or less on the top of the old antivirus. It works for a while.
Title: Re: What happened to Avast in the latest AV-Comparatives Pro-active Test?
Post by: DavidR on June 11, 2009, 02:00:14 AM
Thanks David. You always provide the most lucid answers..

One thing.. if i fiddle around with a possible false positive file, eg. in removing it from vault, posting it on the site you mentioned etc.; is there any chance of it causing infection or is it that only clicking on a file can lead to infection?

If you could help me with a related matter, i have set autorun disabled on all my removable drives. I have to use my pendrive on a known infected computer at office, and i use it to carry material from my home comp to office. What i do is to format it always before opening on my home comp. So far it works, but is there a theoretical chance of getting virus by merely inserting the pendrive? (The obvious disadvtg in my method is that the pendrive can only be used oneway, it cant be used to carry material from other comps to mine)     


We are straying way off the original topic, so both points should really be taken out into its own topic.
Title: Re: What happened to Avast in the latest AV-Comparatives Pro-active Test?
Post by: mkis on June 11, 2009, 08:22:00 AM
DavidR, I've moved the first question across to a new thread

http://forum.avast.com/index.php?topic=46035.msg386268#msg386268 (http://forum.avast.com/index.php?topic=46035.msg386268#msg386268)

The second matter about disabling autorun in removable drive may also be worthwhile as own thread, but I will leave that option open for Cimmind or some other contributor.
Title: Re: What happened to Avast in the latest AV-Comparatives Pro-active Test?
Post by: DavidR on June 11, 2009, 04:05:56 PM
My post quoted Cimmind and not your post as it was his additional questions which were getting off-topic, all you were doing was trying to answer his additional questions. So it really is up to Cimmind to create a new topic about his additional questions.

Hopefully he will see your new topic and contribute.
Title: Re: What happened to Avast in the latest AV-Comparatives Pro-active Test?
Post by: cimmind on June 11, 2009, 04:46:17 PM
Thanks David. as suggested, the question regarding pendrive has been moved to a separate new thread. The original thread should remain focused on the av-comparatives results.