COMODO CIS detection rate ranking #13 in recent AVP club static test

COMODO CIS seems can not detect malware well in Taiwan and China region. AVP Club collect most of the malwares from Taiwan region. This test is a static test by using 334 samples. Testing samples can be download from the following link.

http://www.avpclub.ddns.info/discuz/viewthread.php?tid=30804&extra=page%3D1

they tested with signature database 7876 and got 68.5%

I just tested again 5 days later with database 7932 and got 89.8%. Not a bad improvement in 5 days. Basically putting it in 2nd place right now.

The “detection window” is a problem that plagues EVERY SINGLE AV vendor.

There is always a “window of time” between a new malware being released to the AV company detecting it.

This is why “detection” cannot be your first line of defense.

This is why “Automatic Sandboxing” is a must for all unknown files.

This is why “Default Deny Architecture with Automatic Sandboxing” is the best protection you can have today!

Melih

Did you test all other vendors listed with their most recent database as well? or you retested CIS and asume that the others did not improve anything against those samples in 5 days?

89.8% detection against 5 days (probably older) malware isn’t that much to cheer about IMO (assuming that all those samples are bad). Still don’t matter that much when CIS auto sandbox “everything”.

Yes, Detection cannot be your first line of defense.

But, very few testing org do “Protection” test.
That is why most of the people believe famous teting org’s “detection” test report.

AVP Club Weekly testing report #1 date: 2011/2/20 Comodo CIS detection rate: 65.21% rank at #8
AVP Club Weekly testing report #3 date: 2011/3/06 Comodo CIS detection rate: 68.56% rank at #13

Comodo CIS is keeping progress in detection rate, growth 3.35%. But ranking drop.

Detection Rate !=(is not equal to) Protection Rate!

Static Test only put those malwares in a holder then run the those Detection Engines to find them.

Detection Engines Vendors work hard to collect known malware. But it does not mean the Detection Engine can find the new unknown malwares.

We need a test to run the undetected malwares, then to find if the PC infected or not under “Detection Engine” protection. After that we can understand “which one provider Better protection”.