who agrees with this statement from AV-comparatives?
“Malware detection rate is still one of the most important and reliable factors in determining the effectiveness of an anti-virus engine which works without asking for user interaction, decision or opinion.”
I guess they just maintain the simplest way to test avs - by detecion of ‘dead’ malware - which is inactive and the only thing is tested that av recognizes an infected file.
I do. It’s a "motherhood’ statement. Any questionabilty of its proposition is negated by it’s own qualifying condition. And if I may say so, whether intentional or not, a statement that neatly draws a distinction between PC users who expect (and are even prepared to pay money for) their security software to make the majority of decisions on their behalf, and those who prefer to be informed by their software but take responsibilty themselves.
I agree to that. If i choose for someone else an antivirus engine product that has to run “without asking for user interaction, decision or opinion”, then it HAS TO have a detection rate which covers the usual day malware, and the heuristics.
If you choose an “autonom” product, this product should be able to act like that.
This avC statement has been made about “anti virus engines”. And for an antivirus engine, this statement is right. I dont read hips or sandboxes.
My first antivirus product was a diskette for the amiga. There havent been updates. I just had this diskette. And if back then there would have been malware tests, the detection rate result had shown the effectiveness of that antivirus. Its logical.
You can argument about, if antivirus is enough. But you can not negate the tests which test antivirus. That doesnt make sense.
If it would make sense, comodo could have a detection rate of 1%, and you could say: Let this program run on its own, and you will be protected. That is wrong. I saw peoples machines getting infected after a few days, even though, they had “a host intrusion protection”.
The antivirus is able to safe the user if he makes bad decisions, or if he cant make decisions on his own. But it needs a detection rate to achieve that. This is tested. This IS a factor for valuating the use of an antivirus engine product.
This is not yet information, but speculation.
“Here is my opinion about The issues with AV-Comparitives.org and why they try hard to “censor” anyone who reveals this:”
Yes, I have. You’ve pointed me to this beforehand, remember? It would be rude of me not to read it. But like I said, it’s better to put it in research than go this way. Otherwise, it’s all speculation (which are defamatory).
Many have done the same and placed it in research. This is information. Well grounded, tested and proven. If they make any speculation they attempt to prove it through research and objective investigation.
That is one example.
What is thought to be otherwise unquantifiable is in fact measurable and researchable. This is my last post. it’s still up to you anyway.
[attachment deleted by admin]
So the email AV-Comparatives sent to me was not real it was speculation? There has been so much discussion, coming here and saying it was all speculation is difficult to understand. There are many opinions and there are “unverified claims” (speculation) by AV-Comparatives about their methods and their financial relationships.
So its more like what “Independent” AV-Comparatives do by taking money from Vendors for those tests, they create “non-transparent”, “unverified” doubt in order to create market for their “self interest”. They are making Hundreds of Thousands of Euro every year and this comes back to them as Salary.
never trust anything that involves money.
Money is an evil that it is unfortunately necessary.
sorry my english!
Let’s pretend that I agree with this statement…Now let’s put it to the test. I have programmed myself to look for an AV with the HIGHEST rate of DETECTION because according to the ‘experts’ detection is the most important and reliable factor in determining the EFFECTIVENESS of an anti-virus engine. Now where would I find the AV produt with the highest detection rate? Duh! av-comparatives!
Yay! Now that I have found and purchased ‘the best’ product out there according to the ‘experts’, I feel safe. However, one day my system got heavily infected and now my computer will no longer startup. I cannot blame the AV because after all their detection rate was about 97%. I guess that malware was part of the 3%.
However right before my system got infected, I sent this weird file that messed up my system to my friend who runs Comodo Antivirus. Like my AV, Comodo did not DETECT it either but somehow my friends system is perfectly fine!? How can this be!? Because it was SANDBOXED!
So in this scenario we have person A who purchased the best AV according to AVC and ended up with a non booting computer, and we have his friend who has Comodo Antivirus (with a relative low detection rate) and yet person b’s computer is perfectly fine!
Would it not be logical to say that Comodo Antivirus performed better than AVC’s most recommended product, SPECIALLY because Comodo AV’s detection rate is lower and yet it saved your computer in the end WITHOUT asking questions???
Please explain to me again why detection is still more important than protection!? In the end of the day all that matters is if your computer is still wokring properly rather than how many popups your AV did shoing off it’s detection power?
according to AV-Comparatives our detection is not low. Here is their statement.
"Furthermore, your ~90% is higher than what some few other products scored and similar to what other well-known products reached. You will see "
But your example is spot on, Protection wins over Detection. And its easily testable…
The problem is: the best Protection software out there is Free…so who would pay to be listed in AV-Comparatives if the best one was free 
Melih
“One of the most”
In the internet like any other too.
Yes, that is what 97% in the test result means. 
Yes, but still, you can hit the file that erases or changes all your private files, or the keylogger which send the data while its active… (just examples, not related to a product, but based on real happenings).
Anyway, why do you come with sandbox, when the sentence is speaking about an antivirus engine?
Bikes are one of the most used vehicles. (“This statement is wrong, because with planes, you can move faster!”??? :D)
What if “…” was the most recommended product, which has a sandbox too? And a high detection rate?
The statement in question has been taken by a person, out of a context. As i say, its a sentence. And it wasnt written with comodo or anything else in mind, it was about antivirus engines. About ONE of the most important points for those engines.
To make it simple: If you say, detection isnt one of the important, why do you have to add sandbox in your explaination. Because detection is important, and if it fails, you need something else
No one even tried to explain this 
EDIT:
Then you didnt send this file to “that friend” who would get angry about his security product, because “the file from dariovolaric” doesnt run. So he disables the annoying security product, to use that file, because he is too annoyed to deal with particular settings. And if it doesnt run still, “its for sure because of the firewall is blocking it, so i disable the wall; hm, no, i will allow the traffic, ■■■■ another question, … i will choose remember my answer”…
No fiction
The malware could be an infecting but otherwise “functionless file”, with a known functions name: “this funny game”-exe
how do you actually know it is 97%? Did anyone validate this result?
I replied to the example in the quote. To say, that 97% detection excludes the other 3% , nothing new here
Yes, that is what 97% in a test result means. To make it clear.
but how do you know it is 97% detection?
how do you validate the tester’s statements? Otherwise its totally unvalidated statements that people make in return for money…Madoff of AntiVirus testing I say
We even dont know, which file is among the 3%
The only test that i look at is matousec. There are some strange examples of reputated products with not so good results.
Are all of them not good, or do they dont fit to the test sometimes?
Tests are relative and artificial. But its good to have them. Just dont look only on one test, if you want to choose something new.
Guys, let’s don’t forget about false positives. According to AVC CIS has ‘crazy many’ fps. That’s a great disadvantage for CIS.
Its easy to get FPs with any AV.
the question is: How wide spread the app is that causes FP. Just saying it has FP is at best misleading…it could well be one application you wrote yourself that causes an FP, this would not affect other users. Also, did anyone validate the statement they made?
here is the thing though, even if the av identifies the file as a FP, if it on the TVL or in the cooud white list the detection is ignored. This is both a good thing and a bad thing. Good becasue even if the AV has high FPs they will not be shown to the user but it can also be bad becasue of a piece of malware is mistakenly white listed it will not be stopped.
Gizmo criticizes the Matousec’s tests. It’s a technical reading, but seems fair (http: //www.techsupportalert.com /content/matousec-personal-firewall-tests-analyzed.htm).
Others point to an interest/money conflict on Matousec’s tests, reducing their independence (?) (http: // Matousec’s Firewall Challenge wrinkle: conflict of interests? « Smokey's Security Weblog).
Isn’t Matousec as the same as other test?
Edited on 3.12.11 due to Kail comments on post #59. Sorry, I have messed something or the webpage contents changed. I cannot find a Google’s cache of the site 
:-\
Are you sure you posted the correct article Tech? The cited Gizmo article is not technical at all, the author has an issue with Matousec’s scoring method, results presentation and what they consider a critical failure (including its consequence).