|reply to Triple Helix |
Re: How an antivirus performs repair---> need expert opinion
said by Triple Helix:In Malware Removal Test from AV comparatives , WSA scored only 78%. So, if the system is so great what was "lost in translation"
Hi Magnus when WSA comes into contact with an unknown file it starts journaling and is auto sandboxed, when the file is found to be bad it will revert back to the state before the infection and if found good it's stops journaling and allowed to it's business.
actions · 2012-Oct-8 3:53 pm · (locked)
said by claudiubotez:Read up on AV-C's testing process for this test and you'll find the answer quickly.
In Malware Removal Test from AV comparatives , WSA scored only 78%. So, if the system is so great what was "lost in translation"
actions · 2012-Oct-8 4:01 pm · (locked)
Smokey Bearveritas odium paritPremium
I just don't understand the why of joining a test when at the same time you can't agree with testing process.
actions · 2012-Oct-8 4:15 pm · (locked)
Not at all related to agreement or disagreement with the testing process. (Though for the record, I do disagree with the testing process, as it's faulty for every AV out there unfortunately and effectively represents user error, but that's unrelated to this in this case.)
The OP asked why AV-C test results are so low if journalling can roll back everything. I advised him to read the test process to find his answer. Upon doing so, he'd discover that the process is "Infect machine. Install AV. Try to disinfect machine." Then it's trivially easy to see that if journalling by the AV is the process by which it normally rolls back infections, obviously if the AV is not there when the machine is infected, it can't journal. Which means that journalling is not able to be used in the test at all.
actions · 2012-Oct-8 4:23 pm · (locked)