Av-Test April 2012 Test Results

[RejZoR]

I've asked about it several times and never got any real answer which is a bit disappointing...

[SpeedyPC]

Have to agree,Vlk when are u guys going to make avast behav shield to block malicious events?? 

Maybe just maybe we might have to wait until v7.1...................or maybe v8.0 might turn out to be the new weapon who knows

[true indian]

Maybe just maybe we might have to wait until v7.1...................or maybe v8.0 might turn out to be the new weapon who knows

And till that time we will have to use behav shield on ask i guess??

Wake-Up Vlk and and avast team...wake up! 

[!Donovan]

Testing BitDefender 2013

http://beta2013.bitdefender.com/

"Safepay
Never worry again about hackers stealing your account information!
Bitdefender keeps hackers at bay by automatically opening all your online banking pages in a separate iron-clad, secure browser."

Interesting.

[DonZ63]

Read the recent articles on the "Flame" virus. Sucker has been the "wild" for two years and no one can detect it.

Nothing is going to protect you against the new breed of malware except a good HIPS. Something that will detect code injection, hooks, keyloggers, screen scrappers, you name it.

[true indian]

You need to trust the test for good and for bad. No prejudices.

I kinda feel nostalgic now..

The testing is getting more and more problematic. And on each AV conference there are multiple papers about how to do proper testing (not that I think that all of them make sense  )

I have objections against all AV-Comparatives tests performed, also the Av-Test, but those are less 'documented', so it's hard to tell where the deficiencies lie.

The usual points about static testing are:
a) the tests are carried long after the real infection took place, so it's kind of useless from today's point of view
b) the tests are carried without any context state information. Such information - if there is file named "document.doc   .exe" in email, this is enough to ban the execution
c) the tests are carried only with the signature engines - they don't test the other generic protection engines the products may have
d) the tests don't know anything about the relationship of the samples. If you detect the dropper, you don't have to detect the dropped binary.
e) the tests are too binary-centric and have only small amount of script/pdf/flash malware, althought these are one of the main vectors of getting thru to your computer.
f) there is little of no info on how the testbeds are created. All these 99.1% and such scores are complete nonsense from my point of view. The overlap of the product's detections is not as great as clementi/marx tests suggest.

This is not an excuse, that's an explanation what your really should read from the static tests. Yep, it's nice to be on the first places, but the world does not end if you're not there.
Regarding the pro-active test, this is the most flawed test of them all. It does _NOT_ test the ability of the product to protect you from the unknown malware. It tests the ability of the signature engines to detect the samples Av-Comparatives got in the test's timeframe. For example, what if the engine authors already had the samples and wrote the detections and Av-Comparatives added them later? We're back again in the 'testedbed construction' problem.

[bob3160]

Read the recent articles on the "Flame" virus. Sucker has been the "wild" for two years and no one can detect it.

Nothing is going to protect you against the new breed of malware except a good HIPS. Something that will detect code injection, hooks, keyloggers, screen scrappers, you name it.

According to openDNS, that's not the case:
http://blog.opendns.com/2012/05/29/malware-alert-opendns-users-protected-from-flame-malware/

[DonZ63]

From Bob's OpenDNS link:

OpenDNS blocks communication between Flame and its Command and Control (C&C), ensuring that private or sensitive data will not be transmitted off the networks of infected parties.

If you think about that statement, if true why would need need anti- anything software? If OpenDNS knows Flame's Conmand and Control Centers it definite should give that info to all these country CERTs that seem unable to do the same.

As far as I am aware of, all the DNS service providers are doing is maintaining blacklists of bad domain names and giving you some degree of DNS hijacking protection. Don't get me wrong, I definitely recommend using one; I use NortonDNS and my web speed had a signifigant increase. I have also observed a marked decrease of dropped IPs to the honeypot I created on my router to catch orphaned IP addresses.

[Para-Noid]

I've said it before and I'll say it again. The only results I care about are the ones I get on my computer.

No doubt avast looks at these so called "tests" and will react appropriately. 

Wow....what a standard you set for Avast selection. How did you select Avast for the first time selection?

While using AVG I was infected with two trojans that AVG couldn't deal with. Someone suggested I try avast. After installing avast I went right back to the same exact websites that I got the two trojans and avast blocked them both. Since I started using avast I have been infection free. That's how I selected avast in the first place and have stayed with avast.