dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
1389
share rss forum feed

claudiubotez

join:2009-06-28

File-Detection Test September 2012 -released

AV Compsrstives File-Detection Test September 2012

»www.av-comparatives.org/comparat···ber-2012


Name Game
Premium
join:2002-07-07
Grand Rapids, MI
kudos:7
bummer..its a pdf and right now I am not trusting adobe...
hope your favorities won last month. How about a synopsis ?


Blackbird
Built for Speed
Premium
join:2005-01-14
Fort Wayne, IN
kudos:3
Reviews:
·Frontier Communi..

1 recommendation

said by Name Game:

bummer..its a pdf and right now I am not trusting adobe...

There are others... what about using Foxit, Nitro, or Sumatra as alternatives to Adobe?
--
"Is life so dear, or peace so sweet, as to be purchased at the price of chains and slavery? Forbid it, Almighty God!" -- P.Henry, 1775

HarryH3
Premium
join:2005-02-21
kudos:3
Reviews:
·Suddenlink

1 recommendation

reply to Name Game
I kicked Adobe to the curb a couple of years ago. (I never understood why updating the freakin' pdf reader should require a system reboot!) So far, Foxit Reader has been quite suitable as a replacement.


Name Game
Premium
join:2002-07-07
Grand Rapids, MI
kudos:7

2 recommendations

reply to Blackbird
said by Blackbird:

said by Name Game:

bummer..its a pdf and right now I am not trusting adobe...

There are others... what about using Foxit, Nitro, or Sumatra as alternatives to Adobe?

Actually i have read it..just don't want to hear again about that webroot stuff.

»www.wilderssecurity.com/showthre···t=333713
--
Gladiator Security Forum
»www.gladiator-antivirus.com/


poppster
Tell the truth and then run.
Premium
join:2003-12-23
Midwest
kudos:1
reply to claudiubotez
Still upset with MSE........had much higher hopes for it than this.

Avira still looks awesome however, as well as my avast!


Noah Vail
Son made my Avatar
Premium
join:2004-12-10
Lorton, VA
kudos:3
Reviews:
·Bright House

1 recommendation

reply to claudiubotez
Things.

1st) AVComp ran false pos tests for Qihoo and Tencent; but their products are absent from the primary report. ???

2nd) I'd like to have seen how Emsisoft (a-squared) rated but it was not to be.

3rd) Scans for commercial keyloggers - and - FP results for admin tools would take these results into the Real-World-Usefulness category.

4th) I have to take these comparison tests with a big grain of salt - they just never align w/ my experience.

Case in point is a submission I made yesterday.
Jotti
VirusTotal
VirScan (zipped sample)

This isn't an obscure bug. It's a Black Hole Java Exploit, that's been well documented since early July.
Yet about half of the top performers don't detect it (Avira detected it 1st BTW).

Over time, my real-life submissions should trend similar to the comparison reports; but they don't.
My 0day submissions aren't even close (except for G-Data, they rock).

Summary: My mileage is very vary.
--
Campaign contributions influence laws through a process called bribery.


Dustyn
Premium
join:2003-02-26
Ontario, CAN
kudos:11
reply to Name Game
Click for full size
Another one that I think is tops for being plain and simple document viewer is Evince.
• PDF
• Postscript
• djvu
• tiff
• dvi
• XPS
• SyncTex support with gedit
• comics books (cbr,cbz,cb7 and cbt)
--
Remember that cool hidden "Graffiti Wall" here on BBR? After the name change I became the "owner", so to speak as it became: Dustyn's Wall »[Serious] RIP


Dustyn
Premium
join:2003-02-26
Ontario, CAN
kudos:11

3 edits

1 recommendation

reply to claudiubotez
I see Symantec is not participating.
Webroot had a CRAZY number of false positives...(210fp) and G-DATA with it's highly impressive 99.9% detection rate had 23fp. Microsoft had 0fp.
That means little to myself as this is one test result on one specific area of an A/V. This test may excel in one aspect of the A/V... but it very well could fail miserably in another test which would be as equally important.


Dustyn
Premium
join:2003-02-26
Ontario, CAN
kudos:11

1 recommendation

reply to Name Game
said by NameGame :

Actually i have read it..just don't want to hear again about that webroot stuff.

»www.wilderssecurity.com/showthre···t=333713

Fair enough. I almost forgot who the OP was.

Mele20
Premium
join:2001-06-05
Hilo, HI
kudos:5
reply to Dustyn
Yes, I've been a happy Windows user of Evince for some time now. But I have to use an older version. The current one causes a lockup of itself and then freezes the computer resulting in a forced shut down of the computer. It doesn't like my Samsung Smart TV's 300+ page manual for some weird reason. But the old version likes it just fine.
--
When governments fear people, there is liberty. When the people fear the government, there is tyranny. Thomas Jefferson

Mele20
Premium
join:2001-06-05
Hilo, HI
kudos:5

2 recommendations

reply to Dustyn
Symantec threw a hissy fit the test before this one, I believe it was, and you can read about it at AVComparatives. They left in a huff. We had a thread about it here also.

I am amazed at how well Trend Micro did! They have certainly improved a lot. GData...I was going to trial it on a new computer but not with all those FP's. It gets all of Bit Defender's FP's and Avast FP's so no wonder the number is high. I'm gonna ask Dell if they will put Trend Micro on my new computer instead of McAfee. They might since I am buying through Small Business Division (but I am doing it using MPP which makes the configurator use the settings for Home Division which installs McAfee while Small Business sans MPP installs Trend Micro).

I see Avast did great also and that is good news.
--
When governments fear people, there is liberty. When the people fear the government, there is tyranny. Thomas Jefferson


Name Game
Premium
join:2002-07-07
Grand Rapids, MI
kudos:7

1 edit
reply to Dustyn
Wish that one could do XDP format. Had to print one of those the other day to get absentee ballot from S.C. Downloaded an older version of Acrobum Reader..then promptly uninstalled it after the deed was done.

IBK10

join:2012-10-10

3 recommendations

reply to Noah Vail
"AVComp ran false pos tests for Qihoo and Tencent; but their products are absent from the primary report. ???"

Qihoo and Tencent products are available in Chinese only. Therefore, you can find them in the Chinese report (in which some products which do not exist in China are absent).
What you call primary report is the international report which contains products available in English language.


Noah Vail
Son made my Avatar
Premium
join:2004-12-10
Lorton, VA
kudos:3
Reviews:
·Bright House
said by IBK10:

explanation

Thank you for the explanation.
--
Campaign contributions influence laws through a process called bribery.


sdgfdg

@apexcovantage.com
reply to Mele20
said by Mele20:

Symantec threw a hissy fit the test before this one, I believe it was, and you can read about it at AVComparatives. They left in a huff. We had a thread about it here also.

They did not want to be tested in the file detection test. No hissy fit or huffing involved.

Mele20
Premium
join:2001-06-05
Hilo, HI
kudos:5
Yeah, but why wouldn't they wish to be tested in file detection other than that they do horrible on that test? File detection is probably the most important function of an AV. I got the impression Symantec is pulling a Webroot. i wouldn't dream of using either AV since neither can pass muster on file detection. I would link to my post where I explain more but our "friendly moderators" deleted the thread it is in today. Has discussion of file detection become a hot potato here?

T'would be nice if the site would save a copy of a post in a thread that is being deleted and forward that when notifying the poster in the thread of the action as I don't feel like trying to recreate it.
--
When governments fear people, there is liberty. When the people fear the government, there is tyranny. Thomas Jefferson


ZipZap

@europa.eu
said by Mele20:

File detection is probably the most important function of an AV.

Yes, but the test in not about file detection but about scanning detection. Detection of a file by an AV is achieved with different technics. From the standard comparison with signature to running into a sandbox environment or heuristics or behaviour analysis.

By only scanning and not executing the file the test assess the performance of only some features of AVs (typically signature or heuristics detection). Some detection technics also needs to analyse the threat over a time period or needs the threat been actually downloaded from an actual web site(real life scenario). This is not actually implemented in thi specific test.

You need to put these tests results into context, something many users are indeed not able to do. This is why the best test environment is you and your daily work with the PC.

Mele20
Premium
join:2001-06-05
Hilo, HI
kudos:5
Yeah...so? Never use an AV that fails file detection scanning like Norton or Webroot. ALL AV should do outstanding when doing on demand scanning. I don't care about weird crap that some claim is "better". That is simply not true. ALL AV should do outstanding on AV Comparatives File Detection test. It is a basic and FUNDAMENTAL test. If an AV can't do well on it....well then the user should run as fast as they can in the opposite direction and install an AV that can. I don't use anything in the cloud. If Avira had never pulled the crap with sleazeware and scareware that they did, I would still be leaving them when they kill versions 8 and 9 later this year. Version 13 relies a lot on the cloud...mostly for the paid versions currently but it will come to the free version and I want nothing in the cloud...certainly not my AV.

Further, an AV that refuses to detect malware because it wasn't downloaded from a website is one that should be laughed into the ground immediately.
--
When governments fear people, there is liberty. When the people fear the government, there is tyranny. Thomas Jefferson


ZipZap

@europa.eu
uuuhm, probably my explanation was too loong or complicated. An AV that fails to identify a malware by scanning may still be able to perfectly protect your system from infection(s). You cannot judge a security tool only by its scanning capability.

Even more simply: Detection is not equal to protection. A software may fail to protect a system from a malware even if capable of detecting it. If one would need to priorities on which tool to choose then it should look for a security tool able to protect the system from infection(s). It should not be too difficult to grasp the essence of what I am trying to say


deke40
Premium
join:2003-01-23
Texas
reply to ZipZap
said by ZipZap :

This is why the best test environment is you and your daily work with the PC.

Amen to that.

I have been using MSE from day one and MBAM, Spybot and SpywareBlaster with no infections yet. Knock on wood I hope I didn't jinx myself.


Name Game
Premium
join:2002-07-07
Grand Rapids, MI
kudos:7
reply to ZipZap
It is my understanding this Comparison AV test was a test as if you right clicked a file and scanned it when it was on your desktop already. For some AV's that is not an accurate test of their capabilities.

Mele20
Premium
join:2001-06-05
Hilo, HI
kudos:5
reply to ZipZap
What are you talking about? You are not making sense.

Of course, detection on right click scan of a file on your computer is equal to protection! What do you think "protection" is? Right click scan of a file (or a full on demand scan of all files on the computer) will WITH ANY AV WORTH USING detect an infected file (assuming signature and heuristics and any other detection capabilities are able to detect that particular infection). That detection is PROTECTION. Your AV says "This file has a virus!" You then choose what your AV should do with the infected file.

Correct safe hex practice says to always right click scan a file downloaded to disk before executing it so your on demand scanner will detect a virus and you can then get rid of the file instead of executing it and allowing a virus to become active. That file with a virus in it cannot hurt your computer as long as you don't execute it. I have files with viruses in them that have been sitting on this computer for years but do no harm as I don't try to execute them. I use them to test new AV programs when I evaluate a new program as I will be doing when Avira kills versions 8 and 9 (that I use) later this year.

Also, these days if your AV program has an excellent real time scanner (like Avira) then you may not need to do a right click on demand scan of a newly downloaded file because the real time scanner will have already alerted on it. I had to shut down Avira Guard (the real time scanner) in order to get the screenshot of the on demand scanner detecting a virus in the PStools folder (pskills.exe). This was because, until I shut down the real time scanner, Avira was going nuts if I so much as got my mouse anywhere near the folder in Explorer where the PStools files sit. Guard is an extremely sensitive scanner and I no more than opened explorer.exe, and was mousing down the file tree, and had just expanded C:\Downloaded programs (which contains all my downloaded files including PDF ones) which is a huge folder, and Guard immediately detected that file in that huge folder and went off.

(pskill.exe BTW is not infected. Avira has a thing about detecting certain files and you need to either exclude or simply don't check the boxes in the Extended Threat category for Security Privacy Risk and Applications. If those are checked then Avira will detect all Nirsoft files as viruses and things like all key finders and some files from SysInternals).
--
When governments fear people, there is liberty. When the people fear the government, there is tyranny. Thomas Jefferson
Expand your moderator at work