SSUpdater's Anti-Malware test [CLOSED]

[Guest]

[Melih]

Very interesting discussions so far

It certainly has provoked a huge discussion which is good.

1) I do agree the tone of the site should be more professional. We , as Comodo community, would like to see more professional tone on your website please and would be grateful if you could take our advice and modify your tone. It will help your cause.

2) This issue has raised, once again, what testing AVs is and the issue of who chooses what malware and the consequence of this skewing numbers. I have no doubt you had the 18,000 malware you say you do and I have no doubt your results are correct. As to whether that represents a fair represenation of whats out there... well.. "no one can say"! And that is the reality. What good is AV testing if there is no authority who can say: This is the definitive list and test against that!? Its all subjective choice of malware samples and this goes for every AV testing orgs.

3) I like what you guys stand for ... the truth.... and your goal of trying to arm the end users with information without being influenced by any vendor. I will not like you any more or any less because we rank high. My views about AV testing still stands. However as I said, I like the spirit in which you guys approach the subject that I respect.

4) Some of the statements you have made about some AV vendors creating sigs etc: I don't know if this is true or not, I am not even sure even if it was true this would be documented and available on Internet, unless those guys are totally dumb arse and get caught red handed. We will take this as your and your view only and we will leave it at that. On the other hand as far as end users are concerned AV companies do generate viruses, and here is the explanation: there has been many fake AV products that has infected people's machine and unless you pay them money to buy their product (and only their product could clean this nasty virus they just happened to find) you can't remove this nasty. So to an end user they see that as this neferious AV companies introducing stuff into their machines. (of course we all know decent AV companies do not do this but there are no standards that end users can rely on saying this AV was built using this standard etc, which is another problem with AV industry in general).

5) Some people are taking this as Comodo vs etc... pls.. this has nothing to do with Comodo and its just because Comodo came very high, you guys are having a go at us!!! Pls stop that... this is NOT about Comodo.. its about AV testing in general...(ok sded?)

Well... i could continue.. but getting too late....I am grateful  to state.of.security for showing us a different perspective on AV testing and causing such a stir to get us all talking about it and being man enough to come to our forums and take us on. We hope we didn't offend you and we appreciate your time in our forums and look forward to many more hot discussions about AV testing

Thanks

Melih

[wellofsouls]

5) Some people are taking this as Comodo vs etc... pls.. this has nothing to do with Comodo and its just because Comodo came very high, you guys are having a go at us!!! Pls stop that... this is NOT about Comodo.. its about AV testing in general...(ok sded?)

well, I don't know about you, but IMHO being no.12 out of a list of 30 doesn't look like "very high" in any sense of the word.

On the other hand as far as end users are concerned AV companies do generate viruses, and here is the explanation: there has been many fake AV products that has infected people's machine and unless you pay them money to buy their product (and only their product could clean this nasty virus they just happened to find) you can't remove this nasty. So to an end user they see that as this neferious AV companies introducing stuff into their machines. (of course we all know decent AV companies do not do this but there are no standards that end users can rely on saying this AV was built using this standard etc, which is another problem with AV industry in general).

well, the end user can choose AV with the standards based on trusted brand names, like Symantec, Kaspersky, McAfee, ESET, etc. And of course Comodo to stay away from those "nefarious" virus spreading "AV companies".

[doktornotor]

But feedback isn't the proper place for this topic.

It's be better to move the original thread to a proper place then? 

[LeoniAquila]

This is interesting and I look forward to see how it continues. Also looking forward to see the registry cleaning test, but of course, that's a topic for the CRC board.

LA

[LeoniAquila]

But feedback isn't the proper place for this topic.

Do you mean "this topic" as in this topic, or "this topic" as in the original topic?

The original topic is proper for at least feedback and comments (referring to the board title), I'm not sure what this topic is about. "Advanced" test discussions?

LA

[gandazilla]

Do you mean "this topic" as in this topic, or "this topic" as in the original topic?

i like this

let's merge both of them and put it in general secuirty discussion (not product related) board. 
yeah i know it's about AV test, we're talkinmg about the test, not the AV.  what do you think?

[LeoniAquila]

let's merge both of them and put it in general secuirty discussion (not product related) board. 
yeah i know it's about AV test, we're talkinmg about the test, not the AV.  what do you think?

First I'd like to see if Vettetech wants to take this thread in another direction than the original SSU thread, and if so, which direction.

LA

[DarkButterfly]

I think MoonSecure is using the ClamAV engine, so ClamWin should be similar?
As far as I understand, Outpost and PC Tools are both using VirusBuster engine, so they should be similar?

As for a-squared Anti-Malware, it may have a high detection rate for using Ikarus plus their own malware detection engine, but it has a SUPER HIGH false-positive rate too. Too many false positives to be really usable IMO.

I guess from your list it seems Norton is the best, since it receives an "excellent" rating with just a "novice" requirement for its users 

Doesn't Avira use Kaspersky engine? At least, it used to, unless I am mistaken. So, would this mean that Avira and Kaspersky should have same score? All tests say otherwise, as they all place Avira on top, and some even place Kaspersky way down.
The engine may be licensed, but Aviira, etc evolve their own product structure.

Otherwise, imagine that you start to build a new brand of cars and you use a licensed Ferrari engine. It won't do any good, unless all other components are of high quality as well.

Bottom line, just because a security company uses a licensend engine from someone else, that, won't necessarily mean that their product will be at the same level. It may become better, or worse. It depends on how they use it.

[3xist]

I believe Avira has it's own engine. And yeah Kaspersky licenses it's engines to alot of other companies...


Josh

[DarkButterfly]

SOS
I am not arguing with you but where do you get the info can you give some sources.  I have looked for verification of this and have found nothing but rumors in blogs.

Xui
(formally OD)

...

That's something that was a matter of discussion in one of my classes (there goes some time) and we all came to a conclusion: what is the main goal of all (except those that provide a 100% free service) security companies? To make their products useful. If there were no malware, there would be no reason for people to use their products. Meaning they would be making no money. And is this their goal, not to make money?

What happens from some time in the past until now, and towards the future, is that AV companies aren't the only ones developing malware. There are folks who develop malware, so they also can get money with their creations. At the present day, viruses are not really viruses, because a virus is something that infects something and spreads it self.
But, it does make good news for an AV company to say they were the first to find out about a specific malware. Why don't all AV companies create a common center of research and help each other out on fighting malware, which in turn would help us all out? Because there would be no logical reason for that. Why? Each one is out there to make money and not to give money to the others.

[Vettetech]

Doesn't bother me none. You guys are the modders. Heck I am surprised that ganda hasn't already moved it 3 or 4 times.

[3xist]

Merged Topics. 

[state.of.security]

doktornotor- How can I answer those "questions" that you are referring to when you saw how that post started, I think what you are asking me to do is a bit out of place.
Sorry of the mistakes I made, English is not my first language, I was answering questions on quite a few sites, and it was very late in my country.....so mistakes can happen.

Xiuhcoatl - I think that Melih answered that question, it is sad to see what some will do in terms of marketing.
There are quite a few malwares that can not be tested in the virtual environment, also there are new forms of malware that can attack the host form inside the virtual system, luckily their numbers are still very low.

wellofsouls - Yes Moon Secure uses the same engine and database as ClamWin, there is a difference in the results because Moon Secure also uses another heuristic engine which is present in their Beta (which was tested).
Outpost was not tested so I can't say how similar it is to PC Tools, but having the same engine doesn't mean that the results will be exactly the same.
We have said many times that a-squared produces many False Positives, that is why we gave it "User Experience Advised- Expert).
There is no such thing as the best, Norton is a well balanced option for most users, but it is not the best.

solcroft - All we do is test, that is no guarantee that you will get saying that NOD32, AVG, Microsoft, Twister, DrWeb...are better or worse, the results show that Comodo Internet Security detected more, I guess when and if others test CIS , you will believe the results more.
When we are talking about my attacks on other testing sites, we can talk about that on my site, Comodo Forums are not a place for that.I just don't trust the others simply because in my tests, the results are very different.


DarkButterfly- Both Avira and Kaspersky have their own engines , Avira has better heuristics, it is faster and it has a bigger signature database.
Now I loved your caparison about Ferrari's engine in different cars (for those who follow Formula 1, you know what I talking about), but it is the same when we are talking about the AV's, the engine is one thing, how you work around that engine is another.


I am willing to answer any question there is, I know that it is very hard for some people to accept new things, but my testing started only because there was a need for something like that, people wanted it.
I see that many people question my method of testing, they didn't like when I said that this is the only independent test, but it is, we have no backing by anybody, we have to find our own samples (we do not get them from vendors), we do not get any programs or info form vendors.....we have to do everything from the ground up.We do not favor any program, we just test, and with our testing we want to help a large number of people who are starting to believe in us.
If this is so hard for some to believe, well nobody is forcing you.
 

[ToM-X]

I believe Avira has it's own engine. And yeah Kaspersky licenses it's engines to alot of other companies...
Josh

Avira isn't a normal engine...It's a jet engine on steroids.    However, one is not perfect. It doesn't remove AntiSpyware 2009 (I think it's that) and the quality of free version is poor!

However, I don't know what to think of this test. I tested a couple of the Av's with a 100 samples so I have a rough idea of which are the killer catchers.

I think it was unfair to put SuperAntiSpyware against full blown Anti-Virus-Spyware-Malware scanners. So therefore I don't care, I know roughly what Comodo can catch and I'm still going to use it!    

PS:

Melih! Get your whip out and make sure "TotalSecure2009" and "Anti Spyware 2009" and "Antie MalwareGF" are all pushed in the next update.  

[doktornotor]

doktornotor- How can I answer those "questions" that you are referring to when you saw how that post started, I think what you are asking me to do is a bit out of place.

How's that exactly out of place? You generally answer the questions where they are asked, instead of ignoring them because the audience on a particular site doesn't look very enthusiastic about your tests? What's the problem with answering this post or this post? 

We do not favor any program, we just test, and with our testing we want to help a large number of people who are starting to believe in us.
If this is so hard for some to believe, well nobody is forcing you.

Calling some products crapware and claiming yourself to be independent testers at the same time doesn't get along well, huh? 

[Tags:]