dslreports logo
 
    All Forums Hot Topics Gallery
spc
uniqs
21

ZipZap
@europa.eu

ZipZap to Mele20

Anon

to Mele20

Re: File-Detection Test September 2012 -released

said by Mele20:

File detection is probably the most important function of an AV.

Yes, but the test in not about file detection but about scanning detection. Detection of a file by an AV is achieved with different technics. From the standard comparison with signature to running into a sandbox environment or heuristics or behaviour analysis.

By only scanning and not executing the file the test assess the performance of only some features of AVs (typically signature or heuristics detection). Some detection technics also needs to analyse the threat over a time period or needs the threat been actually downloaded from an actual web site(real life scenario). This is not actually implemented in thi specific test.

You need to put these tests results into context, something many users are indeed not able to do. This is why the best test environment is you and your daily work with the PC.
Mele20
Premium Member
join:2001-06-05
Hilo, HI

Mele20

Premium Member

Yeah...so? Never use an AV that fails file detection scanning like Norton or Webroot. ALL AV should do outstanding when doing on demand scanning. I don't care about weird crap that some claim is "better". That is simply not true. ALL AV should do outstanding on AV Comparatives File Detection test. It is a basic and FUNDAMENTAL test. If an AV can't do well on it....well then the user should run as fast as they can in the opposite direction and install an AV that can. I don't use anything in the cloud. If Avira had never pulled the crap with sleazeware and scareware that they did, I would still be leaving them when they kill versions 8 and 9 later this year. Version 13 relies a lot on the cloud...mostly for the paid versions currently but it will come to the free version and I want nothing in the cloud...certainly not my AV.

Further, an AV that refuses to detect malware because it wasn't downloaded from a website is one that should be laughed into the ground immediately.

ZipZap
@europa.eu

ZipZap

Anon

uuuhm, probably my explanation was too loong or complicated. An AV that fails to identify a malware by scanning may still be able to perfectly protect your system from infection(s). You cannot judge a security tool only by its scanning capability.

Even more simply: Detection is not equal to protection. A software may fail to protect a system from a malware even if capable of detecting it. If one would need to priorities on which tool to choose then it should look for a security tool able to protect the system from infection(s). It should not be too difficult to grasp the essence of what I am trying to say

deke40
deke40
Premium Member
join:2003-01-23
Texas

deke40 to ZipZap

Premium Member

to ZipZap
said by ZipZap :

This is why the best test environment is you and your daily work with the PC.

Amen to that.

I have been using MSE from day one and MBAM, Spybot and SpywareBlaster with no infections yet. Knock on wood I hope I didn't jinx myself.

Name Game
Premium Member
join:2002-07-07
Grand Rapids, MI

Name Game to ZipZap

Premium Member

to ZipZap
It is my understanding this Comparison AV test was a test as if you right clicked a file and scanned it when it was on your desktop already. For some AV's that is not an accurate test of their capabilities.
Mele20
Premium Member
join:2001-06-05
Hilo, HI

Mele20 to ZipZap

Premium Member

to ZipZap
What are you talking about? You are not making sense.

Of course, detection on right click scan of a file on your computer is equal to protection! What do you think "protection" is? Right click scan of a file (or a full on demand scan of all files on the computer) will WITH ANY AV WORTH USING detect an infected file (assuming signature and heuristics and any other detection capabilities are able to detect that particular infection). That detection is PROTECTION. Your AV says "This file has a virus!" You then choose what your AV should do with the infected file.

Correct safe hex practice says to always right click scan a file downloaded to disk before executing it so your on demand scanner will detect a virus and you can then get rid of the file instead of executing it and allowing a virus to become active. That file with a virus in it cannot hurt your computer as long as you don't execute it. I have files with viruses in them that have been sitting on this computer for years but do no harm as I don't try to execute them. I use them to test new AV programs when I evaluate a new program as I will be doing when Avira kills versions 8 and 9 (that I use) later this year.

Also, these days if your AV program has an excellent real time scanner (like Avira) then you may not need to do a right click on demand scan of a newly downloaded file because the real time scanner will have already alerted on it. I had to shut down Avira Guard (the real time scanner) in order to get the screenshot of the on demand scanner detecting a virus in the PStools folder (pskills.exe). This was because, until I shut down the real time scanner, Avira was going nuts if I so much as got my mouse anywhere near the folder in Explorer where the PStools files sit. Guard is an extremely sensitive scanner and I no more than opened explorer.exe, and was mousing down the file tree, and had just expanded C:\Downloaded programs (which contains all my downloaded files including PDF ones) which is a huge folder, and Guard immediately detected that file in that huge folder and went off.

(pskill.exe BTW is not infected. Avira has a thing about detecting certain files and you need to either exclude or simply don't check the boxes in the Extended Threat category for Security Privacy Risk and Applications. If those are checked then Avira will detect all Nirsoft files as viruses and things like all key finders and some files from SysInternals).
Expand your moderator at work