Yes, they DO get paid by AV vendors and yes they MIGHT be influenced by money to put some AV products higher in rank than others. However this cannot be proven and should remain a speculation.
Well said, and as speculations, should not be spread as truths without well-grounded proofs (that is to say, proofs that would not open to a wide range of possibilities). If one speculates, a rigorous research of proofs must be done and then properly documented. This would make for a more persuasive argument and would thus be legitimate in its claims. This mudslinging acts are further marring the situation. It's blown way out of proportion in my view.
The FACT here is that AVC has a BIG influence on a products marketing and sales if AVC ranks it's products DETECTION on high. The flaw here is that DETECTION means NOTHING compared to PROTECTION. They have an outdated view of AV testing by believing that DETECTION is THE SAME AS PROTECTION. If you detect malware, then you can stop it, right? Wrong! There are many AV's that detect malware AFTER the damage has been done. You might have a product that detects 99% of malware, but what good is it if they are not stopped? And what about the 1%? That is still 1.000.000 pieces of malware let through out of 100.000.000.
"Old as they may be, I still find them rather relevant as they do show you the capacity of AV's in case of emergencies. Prevention is indeed a better option, but it is not expected that every malware can be prevented. This is still as serious as it can be because if every other av company focused on prevention, and it so happens that by some misfortune a prodigious cracker manages to slip a virus inside computers, then what of the capacities of the av's to remedy such things? What would become of the users?"
see here: https://forums.comodo.com/other-security-products/retrospective-test-november-2011-t78699.0.html
As was stated in the Fee agreement, vendors can use the AVC logo for marketing purposes, meaning that AV vendors can put an AVC logo on their products, showing that it was tested by AVC and thus you can 'trust' it, boosting the products 'trust' and feeling of 'safetey', while in reality the product may provide less protection that those that scored very very low on avc (i.e: Comodo?).
Well, I don't view it as that, that detection should be the sole basis for trusting a product. I understand that systems are just as unique as its users (as a matter of fact, I'm preparing to write an essay about this. still doing some more research), hence, needs vary. Detection is ONE of the MANY criteria to consider in choosing a product. This is something not many people understand.
"Malware detection rate is still one of the most important and reliable factors in determining the effectiveness of an anti-virus engine which works without asking for user interaction, decision or opinion." -From AV-C
This is a clear attempt in objectifying the basis for choosing products. Because detection can be objectively measured, but not protection (because protection is subject to vary per person depending on the current level of knowledge he possess about his system. Objectifying protection cannot be successfully done without causing misunderstanding. For example, product A claims to protect 100%, but has compatibility issues with system A and causes system A to crash, or product B claims to protect 100% but is entirely user-dependent and since user B has little working knowledge of systems, allows malware in anyway. Protection cannot be measured as it is a very general criteria and varies from person to person. One way of trying to measure it is by measuring INDIVIDUAL COMPONENTS of protection i.e. Detection rates).
For me AVC is like the FDA, creating false trust. They claim they use an AUTOMATED testing procedure and release results every 3 months or so? How many products do they test, about 20? How much does it cost to hire 1 person to test 20 AV products in 3 months time manually (like a real user would, i.e. Languy99 on YouTube) ? AV products will be used by people and NOT by robots! Or are they using this 'automated testing' thing as a protection when people claim that the tests are not accurate to reply that the tests were performed by an automated system and thus is more accurate than a human tester?
Their methodology is included in their website and can be downloaded from there. I have attached the file here for faster access.
They include in their test summaries these lines:
"Do not take the results as an absolute assessment of quality - they just give an idea of who detected more, and who less, in this specific test... Readers should look at the results and build an opinion based on their needs.
"We do not give any guarantee
of the correctness, completeness, or suitability for a specific purpose of any of the information/content provided at any given time."
It would seem that only the vendors propagate this "Detection is Everything!" marketing strategy.
Bottom line,my opinion is that AVC is just a "marketing through trust" merchant where you can buy "trust" by having your product tested and results put in a 'roulette' of other vendor's results, hoping your product would come out as highest ranking and use this in your marketing. For a couple of thousand dollars, you can also enter your AV into this roulette...who knows, you might 'win' this time?
Trust cannot be commodified as it is an abstract object and without a clear definition of its nature. Trust cannot be forced upon anyone. Only influenced. People choose the highest detection? Ok, sure. What about others? My colleagues, I and my brother choose products that are consistent in their records. Which means we shift through records to identify reliable companies. Since there has been no formal statistical collection of the number of users and how they base their judgment on choosing products, we cannot assume that AV-C has such a huge influence. Maybe on the more technically inclined, but certainly not average users. In my university, only three of ten people (on a sample size of 1000 users collected in ten months time. This is an informal statistical collection by the way done in 2010 by me and two other friends in their colleges) are aware of AV-C and only 1 of ten base on AV-C results as a SOLE criteria. So claiming that AV-C has a huge impact on the general public does not seem to appeal to me much.
[attachment deleted by admin]