dslreports logo
 
    All Forums Hot Topics Gallery
spc
uniqs
14

Dustyn
Premium Member
join:2003-02-26
Ontario, CAN
·Carry Telecom
·TekSavvy Cable
Asus GT-AX11000
Technicolor TC4400

3 edits

1 recommendation

Dustyn to claudiubotez

Premium Member

to claudiubotez

Re: File-Detection Test September 2012 -released

I see Symantec is not participating.
Webroot had a CRAZY number of false positives...(210fp) and G-DATA with it's highly impressive 99.9% detection rate had 23fp. Microsoft had 0fp.
That means little to myself as this is one test result on one specific area of an A/V. This test may excel in one aspect of the A/V... but it very well could fail miserably in another test which would be as equally important.
Mele20
Premium Member
join:2001-06-05
Hilo, HI

2 recommendations

Mele20

Premium Member

Symantec threw a hissy fit the test before this one, I believe it was, and you can read about it at AVComparatives. They left in a huff. We had a thread about it here also.

I am amazed at how well Trend Micro did! They have certainly improved a lot. GData...I was going to trial it on a new computer but not with all those FP's. It gets all of Bit Defender's FP's and Avast FP's so no wonder the number is high. I'm gonna ask Dell if they will put Trend Micro on my new computer instead of McAfee. They might since I am buying through Small Business Division (but I am doing it using MPP which makes the configurator use the settings for Home Division which installs McAfee while Small Business sans MPP installs Trend Micro).

I see Avast did great also and that is good news.

sdgfdg
@apexcovantage.com

sdgfdg

Anon

said by Mele20:

Symantec threw a hissy fit the test before this one, I believe it was, and you can read about it at AVComparatives. They left in a huff. We had a thread about it here also.

They did not want to be tested in the file detection test. No hissy fit or huffing involved.
Mele20
Premium Member
join:2001-06-05
Hilo, HI

Mele20

Premium Member

Yeah, but why wouldn't they wish to be tested in file detection other than that they do horrible on that test? File detection is probably the most important function of an AV. I got the impression Symantec is pulling a Webroot. i wouldn't dream of using either AV since neither can pass muster on file detection. I would link to my post where I explain more but our "friendly moderators" deleted the thread it is in today. Has discussion of file detection become a hot potato here?

T'would be nice if the site would save a copy of a post in a thread that is being deleted and forward that when notifying the poster in the thread of the action as I don't feel like trying to recreate it.

ZipZap
@europa.eu

ZipZap

Anon

said by Mele20:

File detection is probably the most important function of an AV.

Yes, but the test in not about file detection but about scanning detection. Detection of a file by an AV is achieved with different technics. From the standard comparison with signature to running into a sandbox environment or heuristics or behaviour analysis.

By only scanning and not executing the file the test assess the performance of only some features of AVs (typically signature or heuristics detection). Some detection technics also needs to analyse the threat over a time period or needs the threat been actually downloaded from an actual web site(real life scenario). This is not actually implemented in thi specific test.

You need to put these tests results into context, something many users are indeed not able to do. This is why the best test environment is you and your daily work with the PC.
Mele20
Premium Member
join:2001-06-05
Hilo, HI

Mele20

Premium Member

Yeah...so? Never use an AV that fails file detection scanning like Norton or Webroot. ALL AV should do outstanding when doing on demand scanning. I don't care about weird crap that some claim is "better". That is simply not true. ALL AV should do outstanding on AV Comparatives File Detection test. It is a basic and FUNDAMENTAL test. If an AV can't do well on it....well then the user should run as fast as they can in the opposite direction and install an AV that can. I don't use anything in the cloud. If Avira had never pulled the crap with sleazeware and scareware that they did, I would still be leaving them when they kill versions 8 and 9 later this year. Version 13 relies a lot on the cloud...mostly for the paid versions currently but it will come to the free version and I want nothing in the cloud...certainly not my AV.

Further, an AV that refuses to detect malware because it wasn't downloaded from a website is one that should be laughed into the ground immediately.

ZipZap
@europa.eu

ZipZap

Anon

uuuhm, probably my explanation was too loong or complicated. An AV that fails to identify a malware by scanning may still be able to perfectly protect your system from infection(s). You cannot judge a security tool only by its scanning capability.

Even more simply: Detection is not equal to protection. A software may fail to protect a system from a malware even if capable of detecting it. If one would need to priorities on which tool to choose then it should look for a security tool able to protect the system from infection(s). It should not be too difficult to grasp the essence of what I am trying to say

deke40
deke40
Premium Member
join:2003-01-23
Texas

deke40 to ZipZap

Premium Member

to ZipZap
said by ZipZap :

This is why the best test environment is you and your daily work with the PC.

Amen to that.

I have been using MSE from day one and MBAM, Spybot and SpywareBlaster with no infections yet. Knock on wood I hope I didn't jinx myself.

Name Game
Premium Member
join:2002-07-07
Grand Rapids, MI

Name Game to ZipZap

Premium Member

to ZipZap
It is my understanding this Comparison AV test was a test as if you right clicked a file and scanned it when it was on your desktop already. For some AV's that is not an accurate test of their capabilities.
Mele20
Premium Member
join:2001-06-05
Hilo, HI

Mele20 to ZipZap

Premium Member

to ZipZap
What are you talking about? You are not making sense.

Of course, detection on right click scan of a file on your computer is equal to protection! What do you think "protection" is? Right click scan of a file (or a full on demand scan of all files on the computer) will WITH ANY AV WORTH USING detect an infected file (assuming signature and heuristics and any other detection capabilities are able to detect that particular infection). That detection is PROTECTION. Your AV says "This file has a virus!" You then choose what your AV should do with the infected file.

Correct safe hex practice says to always right click scan a file downloaded to disk before executing it so your on demand scanner will detect a virus and you can then get rid of the file instead of executing it and allowing a virus to become active. That file with a virus in it cannot hurt your computer as long as you don't execute it. I have files with viruses in them that have been sitting on this computer for years but do no harm as I don't try to execute them. I use them to test new AV programs when I evaluate a new program as I will be doing when Avira kills versions 8 and 9 (that I use) later this year.

Also, these days if your AV program has an excellent real time scanner (like Avira) then you may not need to do a right click on demand scan of a newly downloaded file because the real time scanner will have already alerted on it. I had to shut down Avira Guard (the real time scanner) in order to get the screenshot of the on demand scanner detecting a virus in the PStools folder (pskills.exe). This was because, until I shut down the real time scanner, Avira was going nuts if I so much as got my mouse anywhere near the folder in Explorer where the PStools files sit. Guard is an extremely sensitive scanner and I no more than opened explorer.exe, and was mousing down the file tree, and had just expanded C:\Downloaded programs (which contains all my downloaded files including PDF ones) which is a huge folder, and Guard immediately detected that file in that huge folder and went off.

(pskill.exe BTW is not infected. Avira has a thing about detecting certain files and you need to either exclude or simply don't check the boxes in the Extended Threat category for Security Privacy Risk and Applications. If those are checked then Avira will detect all Nirsoft files as viruses and things like all key finders and some files from SysInternals).
Expand your moderator at work