Jim cockfield can you give me link to website that rates av?

Started Nov 17, 2012 | Discussions thread
Jim Cockfield
Forum ProPosts: 14,444
Like?
Re: I'd scan your PC for malware. ;-)
In reply to PicOne, Nov 18, 2012

PicOne wrote:

In any event, if a product doesn't detect malware samples using XP, I doubt it's going to detect them under Win 7 either.

Isn't the question whether a piece of malware is still malware moving from one OS to another?

Not for the av-comparatives test we've been discussing, where MS ranked near the bottom for the percentage of samples it detected. It's my understanding that it's just a test to see how many samples a product is going to correctly flag as malware, using a large sample set of malware that they scan using each product.

IOW, it's not a test of how well a product it going to prevent infection, like you'd find with some of the other tests.

So, a higher detection is desirable, so that software you want to download and install is correctly identified as malware, so that you don't end up installing it to begin with.

[snip]

http://www.westcoastlabs.com/realTimeTesting/article/?articleID=1

This would seem to put it on par with the rest.

Now, that's a pretty old test (May 2011).

I'm referring to the live charts that are reporting past 30-days compromization rates.

Well... even if you look at the live charts (which is only for 5 different free products), it's was next to the bottom (the free versions of AVG, Avira, and Avast all perform better, with only the free PC Tools doing worse) from what I can see from the graphs.

But, given that it's a year and a half year old article, I have no idea if that's really a real time indication of how the products are performing now, what versions are being used, if they're being updated, or anything else about them.

Also realize that even within these tests, almost all tested products had a 100% detection rate of "widespread and prevalent malware", and that that eg. MSE's low score seems primarily based on a test of just 99 samples (that this tester somehow identified but we're unsure how).

The widespread and prevalent malware group is a very small percentage of malware being circulated.

If you look at the malware set collected over the past 2 or 3 months (which included over 294K samples) used by the av-test.org tests of AV products, Microsoft only detected 95% of it.

That's in line with the detection tests at av-comparatives.org, where it only recognized 94.9% of the samples (missing over 12,000 of them). Yet a number of other products (10 of them in the av-comparatives detection test) caught over 99% of them, and all but two products had better detection rates than MSE.

So, MSE is not a product I'd trust to identify if something I want to install is malware or not, as most other products do a much better job.

Not one system.. Probably 5-6 consecutive different systems (desktops and laptops) over last 10 years or so. Actually most of these haven't run MSE -- they've basically run whatever each mfg had provided pre-installed. (McAfee, Norton, Trend eg..). It's only on custom PCs where I've chosen my brand of AV software (first PC had Kaspersky, 2nd has MSE). I'm not so much arguing for MSE, as I am that it probably JUST DOESN'T MATTER. Or, if it does, these AV test sites may or may not be representative of real issues.

I don't trust any one protection product, which is one reason I use a mult-layered approach, including an "always deny" method of dealing with any new software I want to use (as mentioned in my previous posts in this thread on the subject) that requires me to OK any suspicious behavior for software that hasn't been "white listed" yet.

Right this minute, I'm using Avira Antivir Premium, because it does nicely on detection tests, and I like the ability to perform frequent definition updates (I've got my install set to update every hour)

But, it doesn't do as well as some of the other products for protection against zero day malware. So, I use a combination of Threatfire and Comodo Secure Firewall to help out in that area, with Comodo set to an "always deny" configuration, so that software that isn't "white listed" yet can't install or do anything suspicious without me OKing the behavior.

IOW, even though Avira does nicely on some of the detection tests, and I keep it set to update frequently when I'm running Windows, there's always new malware coming out and there's going to be a Window before the AV vendors know how to recognize it and update their products for it. So, I want something else to help out with Zero Day protection (that's where Comodo Secure Firewall and Threatfire come in with my current setup).

I also use Comodo SecureDNS, which updates a blacklist of URLs found to be malicious on their DNS servers, so that it blocks access to sites they've found to dangerous, without me needing to update software on the PC to keep that kind of thing up to date); and I also run as a standard user account with less permissions to further limit my exposure to anything that "slips through the cracks"

If I were going to rely on a single product (which I wouldn't do), I might consider BitDefender for that purpose, as it does a pretty good job on most real world type testing at preventing infection by previously unknown (a.k.a., zero day) malware, and also does pretty nicely on file detection tests.   Basically, it offers a pretty good "balance" between detection rate and zero day protection compared to most products. IOW, there is just so much new malware coming out anymore, I would want to have that end covered as best as possible, too (as none of them are going to catch everything based on signature based detection).

But, for right this minute, I'll stick to what I'm using, with an "always deny" approach so that I stop any suspicious behavior from software that's not "white listed" yet by Comodo Secure Firewall, even if it scans as clean by AV products.

As mentioned earlier, if "Joe's EXIF Reader" is trying to do something like update registry entries related to Network Settings, I'm going to want to know about and block that behavior by default, even if every AV product around says it scans clean.

In any event, MSE just doesn't do as well as most other products in the detection area if you look at tests of recently collected malware in the av-test.org or av-comparatives.org tests, where they test products using more than 200K samples collected in the weeks before a test), or in zero day protection from what I can see from tests of it. So, I certainly wouldn't consider using it for anything.

I think the largest problem I've ever had with a system is actually with the AV software (Trend Micro a couple years or so back) itself causing way too many FPs and freezing my system. In turn, attempting to uninstall was a major pain, eventually requiring purchase of some cleaner software and eventual reinstallation (Kaspersky). So, while you could be right, I fear that the cure might be worse than the disease of picking additional products to install, run, and then uninstall.Is Malwarebytes a known "easy to uninstall" program? One of the first hits.. it's this kinda stuff I'm wary of:

http://forums.malwarebytes.org/index.php?showtopic=107286

No. Again, it doesn't leave anything running on your system if you use the free version of it either. It's an "on demand" type of scanner. You run it, update it's definitions and scan. Then, just exit it when finished.

It's a well respected product for augmenting other AV software to help insure you're not missing anything (as no one product is going to catch everything), and is pretty good about finding and removing a lot of the newer malware coming out anymore.

-- hide signature --

JimC
------

Reply   Reply with quote   Complain
Post (hide subjects)Posted by
Keyboard shortcuts:
FForum PPrevious NNext WNext unread UUpvote SSubscribe RReply QQuote BBookmark post MMy threads
Color scheme? Blue / Yellow