Av-Comparative Retrospective/Proactive Test May 2010

[Dch48]

It is just as important for an AV to keep up with new malware by updating it's signatures as it is to detect new things. They say in the test that they used the same signature base from February that they used back then for the other test. Also notice that the version of Avast! used is not the latest one and they admit that behavior analysis was not used. The second fact pretty much nullifies the test results for me. If they tested the latest version with the latest signatures, I'm sure every sample would have been detected. Even the latest version with the February signatures would probably do better. I don't think we can give these results much credibility when they used a version of Avast! that is at least two updates behind.

[sg09]

It is just as important for an AV to keep up with new malware by updating it's signatures as it is to detect new things. They say in the test that they used the same signature base from February that they used back then for the other test. Also notice that the version of Avast! used is not the latest one and they admit that behavior analysis was not used. The second fact pretty much nullifies the test results for me. If they tested the latest version with the latest signatures, I'm sure every sample would have been detected. Even the latest version with the February signatures would probably do better. I don't think we can give these results much credibility when they used a version of Avast! that is at least two updates behind.

Please I think you guys are not understanding the problem. If they had to test with the latest engines of Avast, they will have to make all the viruses their own. Otherwise there will be no significance of this test.
These test shows how avast and all other AVs proactive defense were at Feb2010, not now. Also in these 3 months all the AVs have improved.

[SpeedyPC]

Does anybody noticed in the Retrospective/Proactive Test May 2010 they were using the old Avast version 5.0.396

I'll bet the latest Avast v5.0.545 might have improved the Retrospective/Proactive result we have to understand that not all AV testers out their keep the software up to date before the test result start, I have no problems Avast will keep getting better each day Vlk may release the next Avast version soon that may cover the problem who knows .

The real question is for everybody in here Who do you TRUST!

My vote is Avast

[gery]

I think Avast focusing on Program Version which fixing plenty of bugs and adding languages which they forgot to focus on Very basic function of AV's? Detecting, Removing and Blocking.

Im very sad to see the result.

Avast beaten by AVG which is crap!!!
Says who? the results do not say so!!!!!!!!!!! unfortunately Avast did bad but that is not the end of the world. We should not bash other product because avast did bad. grow  up people stop murmuring.

[coper]

Sorry for my English skills but I need write my opinion.
Avast is good antivirus but one big problem for me is avast support is very slowly. I send often about one virus sample per day to avast lab but research durative about 1-2 days its too long. All samples I sent to virus@avast.com. Avast support must be quickly half day to release update on this sample. Avast has big problems with pdfka detections and fakeav detection. In nowadays very much infiltrations are focus on fake av products and pdfka / trojans. Avast must be more proactive. I am waiting on changes.

Good job for microsoft developers
Microsoft essentials is good free alternative product.

[kubecj]

The testing is getting more and more problematic. And on each AV conference there are multiple papers about how to do proper testing (not that I think that all of them make sense  )

I have objections against all AV-Comparatives tests performed, also the Av-Test, but those are less 'documented', so it's hard to tell where the deficiencies lie.

The usual points about static testing are:
a) the tests are carried long after the real infection took place, so it's kind of useless from today's point of view
b) the tests are carried without any context state information. Such information - if there is file named "document.doc   .exe" in email, this is enough to ban the execution
c) the tests are carried only with the signature engines - they don't test the other generic protection engines the products may have
d) the tests don't know anything about the relationship of the samples. If you detect the dropper, you don't have to detect the dropped binary.
e) the tests are too binary-centric and have only small amount of script/pdf/flash malware, althought these are one of the main vectors of getting thru to your computer.
f) there is little of no info on how the testbeds are created. All these 99.1% and such scores are complete nonsense from my point of view. The overlap of the product's detections is not as great as clementi/marx tests suggest.

This is not an excuse, that's an explanation what your really should read from the static tests. Yep, it's nice to be on the first places, but the world does not end if you're not there.
Regarding the pro-active test, this is the most flawed test of them all. It does _NOT_ test the ability of the product to protect you from the unknown malware. It tests the ability of the signature engines to detect the samples Av-Comparatives got in the test's timeframe. For example, what if the engine authors already had the samples and wrote the detections and Av-Comparatives added them later? We're back again in the 'testedbed construction' problem.

[Maxx_original]

coper: pdfka samples should be well covered, regarding our internal stats... fake av detections need to improve, that's right (but they're difficult to detect proactively - Mystic compresor e.g. - used to wrap some rogues - brings new anti-emu tricks in each generation)..

[coper]

I think Its about solidarity human who want help avast community with virus sample.

[kubecj]

Coper, regarding the pdf detections... I dug out all pdf samples we got from beginning of january.

It was 10104 unique samples. Scanned with the latest signatures of command line scanners.
If we assume, that there are no false alarms, and we can say that 1 detection of any AV means the file is real malware (I know this is oversimplification), then 9226 files are detected.

AV	Detections	Percentage
Avast	8441	91.5%
Kaspersky	6908	74.9%
Bitdefender	6340	68.7%
NOD32	4772	51.7%
Symantec	4136	44.8%
Microsoft	4044	43.8%
Avira	2946	31.9%
AVG	2167	23.5%

Now tell me, where is your comment based on our pdfka problems based on?

And this is completely 'honest' without any deliberate messing with the testbed and using the latest signatures. Again - there is nonzero possibility that AVs with bad scores may have some generic anti-exploit protection techniques in their full fledged scanners and are able to protect their customer even contrary to the fact that they had 'bad score' in my 'test'.

[sanjose123]

I always read about Avast and Avira.

Avast is good on Pro-active protection not excellent on demand scan. I mean not very good on detection rates.
Avira is good on demand scanning but not good on Pro Active Protection which cause plenty of FP.

I hope next Pro Active Test Avast would came Top 5 for Av comparative.

I know Avast is not good on Detection rates so i always back up and anti malware software.

I always use Avast and MBAM.
Avast for protection.
MBAM for detecting and removing malware which avast missed it.

[coper]

Its not only on based pdfka files
Holding fingers to the futures

[Dch48]

All the results I read about say Avira has a slightly higher detection rate than Avast! but with far more FP's. I'll take the very slightly lower detection rate without the FP's any day.

[Henrique - RJ]

No more sending samples to Alwil.

The samples are underutilized and even ignored.

I'm tired.

 

[DavidR]

One thing for sure not sending them at all will ensure there is zero possibility of anything being done at all.

[Lisandro]

One thing for sure not sending them at all will ensure there is zero possibility of anything being done at all.

+1
Henrique, don't give up, please. I'm also interested in avast protection - as a lot of other Brazilians - and we're seeing that Avira is forward compared to avast. But, I still have hope...