ransom trojan

Started Oct 2, 2012 | Discussions thread
PicOne
Veteran MemberPosts: 6,669
Like?
Re: MSE has close to the worse detection rate in the business
In reply to Jim Cockfield, Oct 3, 2012

Similar to how camera companies spec cameras to do well on testing sites, many AV companies design to do well on tests like AV-C conducts. Note that AV-C receives many of the samples it uses for its detection testing, from the AV Software companies themselves, yet doesn't disclose which companies provide which or how many. The success of a vendor seems tied to this; ie. the amount they participate the greater the likelihood their product will succeed. Peer review is part of their process.. I might hazard a guess that the security vendor industry, huddled around AV-C's homebase in Austria, might assist in this.

Do you think perhaps AV companies might cherry pick which samples they send into AV-C? Do these AV companies have more of a vested interest in doing whatever they can to succeed in these lab tests (vs. MS)?

AV-C doesn't include MSE in it's real world tests.. why? Additionally, to what extent is success in AV-C's detection test, linked to also providing higher numbers of false-positives? I couldn't find on the AV-C site, but what OS is running, with which modules running and/or turned off?

Here's an interesting question -- how did MSE drop so quickly?

http://lifehacker.com/5433229/microsoft-security-essentials-ranks-as-best+performing-free-antivirus

This seems to put real-world detection at respectable 88%

http://www.westcoastlabs.com/realTimeTesting/article/?articleID=1

Some interesting points of view expressed in this thread by Rob Koch and A Space on the topic.

http://answers.microsoft.com/en-us/protect/forum/mse-protect_scanning/why-is-mse-doing-so-poorly-on-recent-tests-done-by/1ec7e173-b16a-4e36-9e17-503958fca147?msgId=397b3f0f-f37b-472e-852d-a36163debeea

Jim Cockfield wrote:

sic0048 wrote:

Just because a virus protection program is free, doesn't mean it is bad. Windows Security Essentials is one of the better programs out there right now and it is free. Although it should be noted that Security Essentials does a better job when running on a clean system (ie it will keep a clean system clean).

You're kidding right?

Look at some of the tests showing detection rates for it. It's about as bad as it gets.

For example, the last Av-Comparatives file detection test using close to 300,000 samples collected from recent months placed MSE dead last out of all products tested (it detected the least number of samples):

http://www.av-comparatives.org/images/docs/avc_fdt_201203_en.pdf

Now, it was not the very lowest on their latest tests of how a product handles new threats via heuristics. But, it was still close to the bottom of the pack (detecting 77% of it).

http://www.av-comparatives.org/images/docs/avc_beh__en.pdf
201207

If you look at the latest av-tests.org tests for AV products for 64 Bit Win 7 from June, and sort by Protection, there were two other products that they tested that were worse. But, it was still near the bottom of the pack (all but two of the 25 products tested offered better protection compared to MSE).

Only Lavasoft's Ad-Aware Free and AhnLab's V3 Internet Security scored lower in protection compared to MSE (MSE ranked 23 out of 25 products tested in that category).

http://www.av-test.org/en/tests/home-user/mayjun-2012/

Given the amount of new malware coming out every day now (around 70,000 unique samples each day by some accounts), even a 1 percent difference in detection rate is a big deal So, I certainly wouldn't rely on a protect like MSE that's dead last on some independent lab tests, and very close to last on other independent lab tests for detecting malware.

Bitdefender has been moving up in that area on most independent tests I've seen lately. So, it's one to keep an eye on.

Right now with Windows, I use a variety of different products (including Avira Antivir Premium, Threatfire and Comodo Secure Firewall with relatively aggressive settings that prevent programs from running if they're not already "white listed".

IOW, I've got it setup for a Guilty until Proven Innocent approach, where it's going to block any program from running if it's not in Comodo's "White List". That way, even if something "slips through the cracks" because AV Scanners don't know about it yet, Comodo won't let something run without my OK. I also scan new software I want to install using http://www.virustotal.com first.

I use Bitdefender right this minute in Linux (and I use Linux most of the time), and I also use it for scanning my Windows partitions from within Linux, as an added measure in case something did slip through the cracks while running in Windows

-- hide signature --

JimC
------

-- hide signature --

'Everything in photography boils down to what's sharp and what's fuzzy.'
-Gaylord Herron

Reply   Reply with quote   Complain
Keyboard shortcuts:
FForum PPrevious NNext WNext unread UUpvote SSubscribe RReply QQuote BBookmark post MMy threads
Color scheme? Blue / Yellow