Welcome · log in · join

Security → AV-Comparatives Performance Test Security Suits August 2011

uniqs
1338

« Researchers show off homemade spy drone at Black Hat • Security flaw found in feds' digital radios »

windaz join:2010-09-23	windaz Member 2011-Aug-13 5:49 pm AV-Comparatives Performance Test Security Suits August 2011 »av-comparatives.org/
	actions · 2011-Aug-13 5:49 pm ·
Mele20 Premium Member join:2001-06-05 Hilo, HI kudos:8	Mele20 Premium Member 2011-Aug-13 8:42 pm I thought the following (in the Introductory Remarks) was the most interesting thing: "Only AVG, Bitdefender, Sophos and Webroot detected and blocked the malware before its execution after system start-up (by loading itself by default at an early stage). In all others cases first the malware was successfully executed and only later detected by the AV products (which took longer to load all its protection modules), when it would be already too late." So, anyone withOUT a classic HIPS is HAD if they use any AV other than the above 4 and get malware that installs only after a reboot. That is quite disturbing! -- When governments fear people, there is liberty. When the people fear the government, there is tyranny. Thomas Jefferson
	actions · 2011-Aug-13 8:42 pm ·
Stem Bolt Aka Smiling Bob Premium Member join:2002-11-08 Cleveland, OH kudos:2 1 edit	Stem Bolt Premium Member 2011-Aug-13 9:07 pm Norton has an "early load" option. I can't remember if it's enable by default or the user has to turn it on. Edit: AV-Comparatives state that they use default settings for this test. Most likely Norton's early load option isn't enabled by default.
	actions · 2011-Aug-13 9:07 pm ·
windaz join:2010-09-23	windaz Member 2011-Aug-13 9:34 pm Off, Normal, Aggressive. In Norton 2011, the early boot setting is set to Normal but for the 2012 beta, it is off.
	actions · 2011-Aug-13 9:34 pm ·
Mele20 Premium Member join:2001-06-05 Hilo, HI kudos:8	Mele20 to Stem Bolt Premium Member 2011-Aug-13 9:37 pm to Stem Bolt As AVcomparatives stated they don't want to encourage behavior from Antivirus companies that make it optional in order to deliver a faster loading desktop. Symantec should make it default even if it slows desktop loading. I believe Avira has it also but as optional and I think it started with ver 10 but I am not sure. I am not concerned because I use ProcessGuard and I periodically run Bootlog XP which shows me where in the boot process antivirus and ProcessGuard load. PG loads extremely early in boot...before many system files load so it would block any malware attempting to execute before AV loads. But I won't have PG whenever I get a new machine so I am more interested now in how various AV handle this. -- When governments fear people, there is liberty. When the people fear the government, there is tyranny. Thomas Jefferson
	actions · 2011-Aug-13 9:37 pm ·
zteardrop join:2005-12-20 Brooklyn, NY	zteardrop to windaz Member 2011-Aug-13 10:50 pm to windaz I think early boot protection provides little if any benefit and all the performance penalty and thats why Symantec turned it off by default I think. Think about it, before the reboot some malware got on the system, the AV product missed it. Then that malware a created anew driver sys file on the system, the AV product missed that too. Then the malware registered that driver, or service. The AV missed that behavior too. So whats the likelihood of the AV product catching the early load malware on boot. NONE!!! I think people need to think about their exposure before complaining about these outdated protection techniques. I for one would wish that they removed the testing of manual scan too. Who cares how long manual scan takes, its value is dubious to begin with. -- The official Norton Forum from Symantec: »community.norton.com/norton/ You are safer with IE Protected Mode »msdn.microsoft.com/en-us ··· 85).aspx
	actions · 2011-Aug-13 10:50 pm ·
rcdailey Dragoonfly Premium Member join:2005-03-29 Rialto, CA	rcdailey Premium Member 2011-Aug-13 11:27 pm It's also interesting that one of the products that they mention, Webroot, which provides early boot protection, also scores much lower in their overall ratings. If early boot protection were such an important feature, would that not have pushed Webroot higher? -- Don't let the pluperfect be the enemy of the perfect.
	actions · 2011-Aug-13 11:27 pm ·

GuruGuy join:2002-12-16 Atlanta, GA	GuruGuy to zteardrop Member 2011-Aug-14 5:17 am to zteardrop said by zteardrop: I think early boot protection provides little if any benefit and all the performance penalty and thats why Symantec turned it off by default I think. Think about it, before the reboot some malware got on the system, the AV product missed it. Then that malware a created anew driver sys file on the system, the AV product missed that too. Then the malware registered that driver, or service. The AV missed that behavior too. So whats the likelihood of the AV product catching the early load malware on boot. NONE!!! I think people need to think about their exposure before complaining about these outdated protection techniques. I for one would wish that they removed the testing of manual scan too. Who cares how long manual scan takes, its value is dubious to begin with. Interesting comment about the manual scan. I tend to agree. I have all of my pc's set to run a daily scan in the middle of the night when everyone is sleeping. I could care less how long it takes. The scans are completed the next morning when I or anyone else is ready to use the machine(s), so who cares! -- GuruGuy
	actions · 2011-Aug-14 5:17 am ·
WeRAnonymous Professional Troll join:2008-12-10 Ottawa, ON	WeRAnonymous to rcdailey Member 2011-Aug-14 5:19 pm to rcdailey said by rcdailey: It's also interesting that one of the products that they mention, Webroot, which provides early boot protection, also scores much lower in their overall ratings. If early boot protection were such an important feature, would that not have pushed Webroot higher? Because, even if a product scores lower due to a longer system boot time, the system should still be able to perform well for regular day-to-day operations. The system with Webroot installed scored mediocre on the following tests - archiving and unarchiving (it took 30% to 50% longer to archive/unarchive files vs the system without any protection) - installing/uninstalling applications (it took 20% to 30% longer to install/uninstall apps vs the system without any protection) Only 2 protection suites got a mediocre rating on those tests. This is why it got such a low score. Deal with it.
	actions · 2011-Aug-14 5:19 pm ·
antdude A Ninja Ant VIP join:2001-03-25 United State kudos:5 ·Time Warner Cable	antdude to Mele20 VIP 2011-Aug-15 5:10 pm to Mele20 said by Mele20: ... I periodically run Bootlog XP which shows me where in the boot process ... Where do you get this Bootlog for XP?
	actions · 2011-Aug-15 5:10 pm ·
rcdailey Dragoonfly Premium Member join:2005-03-29 Rialto, CA	rcdailey to WeRAnonymous Premium Member 2011-Aug-15 5:57 pm to WeRAnonymous Fortunately, I don't have to.
	actions · 2011-Aug-15 5:57 pm ·
Mele20 Premium Member join:2001-06-05 Hilo, HI kudos:8	Mele20 to antdude Premium Member 2011-Aug-15 6:27 pm to antdude said by antdude: Where do you get this Bootlog for XP? »bootlog-xp.greatis-softw ··· ive.org/ -- When governments fear people, there is liberty. When the people fear the government, there is tyranny. Thomas Jefferson
	actions · 2011-Aug-15 6:27 pm ·
antdude A Ninja Ant VIP join:2001-03-25 United State kudos:5 ·Time Warner Cable	antdude VIP 2011-Aug-15 6:30 pm said by Mele20: said by antdude: Where do you get this Bootlog for XP? »bootlog-xp.greatis-softw ··· ive.org/ Thanks, but WOT doesn't like that web site: »www.mywot.com/en/scoreca ··· hive.org ... Also, it is not free? -- Ant @ »antfarm.ma.cx and »aqfl.net. Please do not IM/e-mail me for technical support. Use the forum! Disclaimer: The views expressed in this posting are mine, and do not necessarily reflect the views of my employer
	actions · 2011-Aug-15 6:30 pm ·
Mele20 Premium Member join:2001-06-05 Hilo, HI kudos:8	Mele20 Premium Member 2011-Aug-15 6:51 pm Sorry, that link was in my bookmarks. I am not sure why because that is not the greatis site. Maybe that is a bad site and maybe I should start using WOT! Here, this is the link I should have given you. This is a link to the creator of the software. I can't imagine WOT would object to this link. »www.greatis.com/utilitie ··· otlogxp/ No, it is not free. You get a 30 day trial. I got it many years ago after someone mentioned it here. You get lifetime free updates. -- When governments fear people, there is liberty. When the people fear the government, there is tyranny. Thomas Jefferson
	actions · 2011-Aug-15 6:51 pm ·
antdude A Ninja Ant VIP join:2001-03-25 United State kudos:5 ·Time Warner Cable	antdude VIP 2011-Aug-15 7:21 pm said by Mele20: Sorry, that link was in my bookmarks. I am not sure why because that is not the greatis site. Maybe that is a bad site and maybe I should start using WOT! Here, this is the link I should have given you. This is a link to the creator of the software. I can't imagine WOT would object to this link. »www.greatis.com/utilitie ··· otlogxp/ No, it is not free. You get a 30 day trial. I got it many years ago after someone mentioned it here. You get lifetime free updates. Thanks, it is a good site. Hmm, I wonder if there is a freeware version. -- Ant @ »antfarm.ma.cx and »aqfl.net. Please do not IM/e-mail me for technical support. Use the forum! Disclaimer: The views expressed in this posting are mine, and do not necessarily reflect the views of my employer
	actions · 2011-Aug-15 7:21 pm ·

Forums → Software and Operating Systems → Security	« Researchers show off homemade spy drone at Black Hat • Security flaw found in feds' digital radios »