dslreports logo
Search similar:


uniqs
1338
windaz
join:2010-09-23

windaz

Member

AV-Comparatives Performance Test Security Suits August 2011

»av-comparatives.org/
Mele20
Premium Member
join:2001-06-05
Hilo, HI
kudos:8

Mele20

Premium Member

I thought the following (in the Introductory Remarks) was the most interesting thing:

"Only AVG, Bitdefender, Sophos and Webroot detected and
blocked the malware before its execution after system start-up (by loading itself by default at an early
stage). In all others cases first the malware was successfully executed and only later detected by the
AV products (which took longer to load all its protection modules), when it would be already too late."

So, anyone withOUT a classic HIPS is HAD if they use any AV other than the above 4 and get malware that installs only after a reboot. That is quite disturbing!
--
When governments fear people, there is liberty. When the people fear the government, there is tyranny. Thomas Jefferson

Stem Bolt
Aka Smiling Bob
Premium Member
join:2002-11-08
Cleveland, OH
kudos:2

1 edit

Stem Bolt

Premium Member

Norton has an "early load" option. I can't remember if it's enable by default or the user has to turn it on.

Edit:

AV-Comparatives state that they use default settings for this test. Most likely Norton's early load option isn't enabled by default.
windaz
join:2010-09-23

windaz

Member

Off, Normal, Aggressive.

In Norton 2011, the early boot setting is set to Normal but for the 2012 beta, it is off.
Mele20
Premium Member
join:2001-06-05
Hilo, HI
kudos:8

Mele20 to Stem Bolt

Premium Member

to Stem Bolt
As AVcomparatives stated they don't want to encourage behavior from Antivirus companies that make it optional in order to deliver a faster loading desktop. Symantec should make it default even if it slows desktop loading.

I believe Avira has it also but as optional and I think it started with ver 10 but I am not sure. I am not concerned because I use ProcessGuard and I periodically run Bootlog XP which shows me where in the boot process antivirus and ProcessGuard load. PG loads extremely early in boot...before many system files load so it would block any malware attempting to execute before AV loads. But I won't have PG whenever I get a new machine so I am more interested now in how various AV handle this.
--
When governments fear people, there is liberty. When the people fear the government, there is tyranny. Thomas Jefferson

zteardrop
join:2005-12-20
Brooklyn, NY

zteardrop to windaz

Member

to windaz
I think early boot protection provides little if any benefit and all the performance penalty and thats why Symantec turned it off by default I think.

Think about it, before the reboot some malware got on the system, the AV product missed it. Then that malware a created anew driver sys file on the system, the AV product missed that too. Then the malware registered that driver, or service. The AV missed that behavior too. So whats the likelihood of the AV product catching the early load malware on boot. NONE!!!

I think people need to think about their exposure before complaining about these outdated protection techniques. I for one would wish that they removed the testing of manual scan too. Who cares how long manual scan takes, its value is dubious to begin with.
--
The official Norton Forum from Symantec: »community.norton.com/norton/
You are safer with IE Protected Mode »msdn.microsoft.com/en-us ··· 85).aspx

rcdailey
Dragoonfly
Premium Member
join:2005-03-29
Rialto, CA

rcdailey

Premium Member

It's also interesting that one of the products that they mention, Webroot, which provides early boot protection, also scores much lower in their overall ratings. If early boot protection were such an important feature, would that not have pushed Webroot higher?
--
Don't let the pluperfect be the enemy of the perfect.
GuruGuy
join:2002-12-16
Atlanta, GA

GuruGuy to zteardrop

Member

to zteardrop
said by zteardrop:

I think early boot protection provides little if any benefit and all the performance penalty and thats why Symantec turned it off by default I think.

Think about it, before the reboot some malware got on the system, the AV product missed it. Then that malware a created anew driver sys file on the system, the AV product missed that too. Then the malware registered that driver, or service. The AV missed that behavior too. So whats the likelihood of the AV product catching the early load malware on boot. NONE!!!

I think people need to think about their exposure before complaining about these outdated protection techniques. I for one would wish that they removed the testing of manual scan too. Who cares how long manual scan takes, its value is dubious to begin with.

Interesting comment about the manual scan. I tend to agree.

I have all of my pc's set to run a daily scan in the middle of the night when everyone is sleeping. I could care less how long it takes. The scans are completed the next morning when I or anyone else is ready to use the machine(s), so who cares!
--
GuruGuy

WeRAnonymous
Professional Troll
join:2008-12-10
Ottawa, ON

WeRAnonymous to rcdailey

Member

to rcdailey
said by rcdailey:

It's also interesting that one of the products that they mention, Webroot, which provides early boot protection, also scores much lower in their overall ratings. If early boot protection were such an important feature, would that not have pushed Webroot higher?

Because, even if a product scores lower due to a longer system boot time, the system should still be able to perform well for regular day-to-day operations.

The system with Webroot installed scored mediocre on the following tests
- archiving and unarchiving (it took 30% to 50% longer to archive/unarchive files vs the system without any protection)
- installing/uninstalling applications (it took 20% to 30% longer to install/uninstall apps vs the system without any protection)

Only 2 protection suites got a mediocre rating on those tests.

This is why it got such a low score.

Deal with it.

antdude
A Ninja Ant
VIP
join:2001-03-25
United State
kudos:5
·Time Warner Cable

antdude to Mele20

VIP

to Mele20
said by Mele20:

... I periodically run Bootlog XP which shows me where in the boot process ...

Where do you get this Bootlog for XP?

rcdailey
Dragoonfly
Premium Member
join:2005-03-29
Rialto, CA

rcdailey to WeRAnonymous

Premium Member

to WeRAnonymous
Fortunately, I don't have to.
Mele20
Premium Member
join:2001-06-05
Hilo, HI
kudos:8

Mele20 to antdude

Premium Member

to antdude
said by antdude:

Where do you get this Bootlog for XP?

»bootlog-xp.greatis-softw ··· ive.org/
--
When governments fear people, there is liberty. When the people fear the government, there is tyranny. Thomas Jefferson

antdude
A Ninja Ant
VIP
join:2001-03-25
United State
kudos:5
·Time Warner Cable

antdude

VIP

said by Mele20:

said by antdude:

Where do you get this Bootlog for XP?

»bootlog-xp.greatis-softw ··· ive.org/

Thanks, but WOT doesn't like that web site: »www.mywot.com/en/scoreca ··· hive.org ... Also, it is not free?
--
Ant @ »antfarm.ma.cx and »aqfl.net. Please do not IM/e-mail me for technical support. Use the forum! Disclaimer: The views expressed in this posting are mine, and do not necessarily reflect the views of my employer
Mele20
Premium Member
join:2001-06-05
Hilo, HI
kudos:8

Mele20

Premium Member

Sorry, that link was in my bookmarks. I am not sure why because that is not the greatis site. Maybe that is a bad site and maybe I should start using WOT!

Here, this is the link I should have given you. This is a link to the creator of the software. I can't imagine WOT would object to this link.

»www.greatis.com/utilitie ··· otlogxp/

No, it is not free. You get a 30 day trial. I got it many years ago after someone mentioned it here. You get lifetime free updates.
--
When governments fear people, there is liberty. When the people fear the government, there is tyranny. Thomas Jefferson

antdude
A Ninja Ant
VIP
join:2001-03-25
United State
kudos:5
·Time Warner Cable

antdude

VIP

said by Mele20:

Sorry, that link was in my bookmarks. I am not sure why because that is not the greatis site. Maybe that is a bad site and maybe I should start using WOT!

Here, this is the link I should have given you. This is a link to the creator of the software. I can't imagine WOT would object to this link.

»www.greatis.com/utilitie ··· otlogxp/

No, it is not free. You get a 30 day trial. I got it many years ago after someone mentioned it here. You get lifetime free updates.

Thanks, it is a good site. Hmm, I wonder if there is a freeware version.
--
Ant @ »antfarm.ma.cx and »aqfl.net. Please do not IM/e-mail me for technical support. Use the forum! Disclaimer: The views expressed in this posting are mine, and do not necessarily reflect the views of my employer