Author Topic: AV-comparatives retrospective/pro active May'05  (Read 10211 times)

0 Members and 1 Guest are viewing this topic.

Nicolas

  • Guest
Re: AV-comparatives retrospective/pro active May'05
« Reply #15 on: September 01, 2005, 03:33:57 PM »
I do know that several AV products use the same defs and/or engine. Apparently you too.  Why then compare them ?

I do not prefer any AV test, because the methods used are not as reliable as the testers apparently claim, sothat not too savvy computers users believe them !
 
AV-Comparatives does supply some detailed information about their tests on their website, implying that the results should be interpretated with caution. Indeed, the latest major attack on US corporate computer networks was not detected by the AV scanners performing so brilliantly in your tests. We need AV scanners to protect us, not to perform so well in highly specific tests.
Is there any statistical weight analysis applied ? No.
What kind of malware will likely be encountered ? There is huge difference here between home users and corporate networks ! Do the tests take this into account ? No.
Moreover, there are a lot of other issues to consider, before you can decide on a specific brand of AV.

I am indeed not happy at all with those AV tests, because the ordinary computer users are more or less fooled by them.
 
« Last Edit: September 01, 2005, 03:37:22 PM by Nicolas »

IBK

  • Guest
Re: AV-comparatives retrospective/pro active May'05
« Reply #16 on: September 01, 2005, 03:46:42 PM »
The tests that are atm provided by av-comparatives are on-demand tests, one time as complete on-demand test against all malware and one time a retrospective test. of course those are only 2 aspects. if you need the other data like you said (e.g. outbreak response tests, itw tests only, etc.), there are a lot of other testing sites and reviews which provide them, a list of links is also included on the website. more aspects of av will be included in the av-comparatives tests next year and in the following years.

Nicolas

  • Guest
Re: AV-comparatives retrospective/pro active May'05
« Reply #17 on: September 01, 2005, 04:12:11 PM »
Ok, I understand you are improving your testing methods.

However, do you know the malcreants are using anti-AV tests to ascertain the viruses they made (with one of the more than 200 viruskits) will not be detected ?
Of course, such undetectable viruses will be in the wild. Not those of your testfiles ! Which, of course, also applies to other test sites.
 
This is the main problem today.
About 90 % of all computers is infected and the owners are not aware of it. In spite of all the security software used here, this malware indirectly only shows up by employing methods that are not useful for home users. Sooner or later this crap is detected, but not on the fly. Unless you are tolerating a lot of false positives (like PE compressed and encrypted files that might be legit install/uninstall files).






Offline Abraxas

  • Avast Evangelist
  • Advanced Poster
  • ***
  • Posts: 730
  • Perseverance Furthers...
    • PCLinuxOS-Forums
Re: AV-comparatives retrospective/pro active May'05
« Reply #18 on: September 03, 2005, 12:44:41 PM »
 :) The approach in this Project is very interesting: eweek.com
"The monkey launches a browser instance for each suspect URL and waits for a few minutes. The monkey is not set up to click on any dialog box to permit installation of any software; consequently, any executable files that get created outside the browser's temporary folder are detected by the [data recorder] and signal an exploit," Wang (Microsoft) said.
Microsoft Unwraps HoneyMonkey Detection Project