Do AV tests make any sense?

Maybe they don’t know they are infected with anything. :stuck_out_tongue: There are some people out there like that. I know. I have looked at their computer before and had to spend a great deal many hours getting rid of viruses. is a press release: maybe you should also look at the guidelines that have already been published, and monitor the ones that are coming out later this year. You might get a better idea of what AMTSO is really trying to do: or wasn’t that the point? Take a look at, for a start.

“And here is the list of all the Companies and testing organisations who are part of this and made the above statement.”

And your point is?

“In one hand they make the above statement and on the other hand they continue to launch these tests…”

Ah. You’re apparently under a misapprehension.

Newsflash. Anti-virus vendors don’t generally launch/publish comparative tests. There is, of course, the occasional “independent” test site secretly underwritten by a vendor, and those are a problem addressed in the guidelines. There are indeed many poor tests: however, the testers who have actually joined AMTSO are among the very best. I don’t say that every test they perform is perfect: I do say that they’re streets ahead of the naysayers because they’re trying to raise the standard of testing in general.

“One good recent example of this was: None of so called Anti Virus products who got 99% in these tests were able to stop Confiker until they created the signature for it, yet CIS “prevented” it at day zero!”

Will you be removing the so called Anti Virus product from CIS then? And would you like to share with us which tests you’re referring to?

That’s why AMTSO made the above statement: “many existing tests are unable to evaluate product effectiveness properly”."

I don’t think so.

AMTSO’s statement means exactly what it says. And I suspect that one of the reasons that statement was made was to stop people making fallacious comparisons between different kinds of security software. Comparing the performance of several stand-alone signature scanners to a single security suite would generally be considered a blatantly dishonest way of testing.

Thats because those ppl don’t even know you have forums. If you look closely most of users consis of geeks like pretty much all in this thread.

But surely, even a computer newbie would do an internet search to find a solution to their problem?! ???

If they did that, they’d see, go to the website, where there is a Support link, with access to the forum…

Computer newbies may be ignorant sometimes, but they’re not all stupid :wink:

Beanie :slight_smile:

Do you really think people know the difference between Anti malware, anti virus, anti spyware, HIPS, Firewall?

Majority don’t!

They don’t understand what is being tested is an on demand signature scanner.

To them they want a product to get rid of their malicious software problems, which in majority calls it Anti Virus.

What is CIS if not Anti Virus? Is it Pro Virus? Just like a definition of Firewall has evolved from early days, the definition of Anti Virus also needs to evolve. Day one Anti virus was on demand scanning, now has on access, heuristics etc. So why can Anti Virus have all these technologies but not Default Deny Protection? Where is the rule that say, you can put this technology into an Anti Virus product but not that? At the end of the day Anti Virus product is a product that thwarts malware, period!

[at]evil_religion: Noone is saying who might or might not have HIPS technology. Having HIPS code is one thing and having it enabled as a default at installatin is yet another and I applaud the companies who have it enabled by default in the interest of their user’s security.


Sorry, Melih, are you talking to me?

nope :slight_smile:


Majority of people using computers know the difference. How? An anti-malware application will say that XYZ something is malicious, as in infected.

A HIPS solution won’t say nothing alike. It will show an alert, which could mean something.
Now, there are HIPS and HIPS. What do I mean? There are HIPS which a have a very poor database of known and digitally signed applications, and those HIPS that have a huge database of known and digitally signed applications. This makes all the difference when it comes to make a judgment when a HIPS application alerts for XYZ something. If all applications a given user runs are all known by that HIPS, and an alert is given saying UNKNOWN PROCESS (or similar information), then it is most likely to be a malicious activity.
A HIPS with a poor database of known and digitally signed applications, on the other hand, just won’t let the user know what activity is that that is happening. The situation is even worse when the malicious process has the same name as a familiar process, like the name of a text editor, mp3 player, etc, which the user may happen to have installed. The user allows it. Has no reason not to, considering, the anti-malware tool(s) detected nothing. So, one of the security measures that should help him/her to prevent an infection/other malicious activity, simple fails.

This does not happen with an anti-malware tool. It’s an acquired knowledge that it won’t detect all, but, what it detects, and the alerts that are given, are specific - This file/process is malicious.
It could be just a false positive, but, even if that is the case, the user will play for sure, and delete it. The safest situation would be to set it to manual clean-up, but, unless that’s set by a friend, familiar or an IT professional, this user will just have it set to automatically delete the threat, even if it happens to be a false positive, which could be pointing to a system file. Then, the user would just take it where the computer was bought and say what happened - The anti-malware tool detected something, and after that no more system.

That’s it.

I think we can all find “weaknesses” in a HIPS, its not preferred by everyone…
However Iam glad we do have a HIPS, it makes CIS stand out, and makes us protected against ALL zero day threats… Or at least almost all… ;D while norton or similar is less annoying its also a weaker approach hundred thousands threats at least slips by ANY AV any day…

If you are happy with a protection like that then fine. :-TU :-TU Thanks to those few popups CIS brings you will never have to worry again about “do my AV detect conflicker”… =S Or any new threat that arises. :stuck_out_tongue:

Well maby some day…

But statistic proves that AV’s are not up to the job of securing a PC… HIPS has yet to be proven “powerless” in the same sense…

I really don’t think people in general know the difference…

They know because most anti-malware applications are installed, not by them, but by IT professionals, friends and their relatives, and that tell them how to work with those anti-malware applications. And, those people know that what they have installed are anti-malware applications, because they were told so.
If I install some HIPS in someone’s system, who has no idea of what is what, and say that’s an anti-virus, then the person will believe me. And, will also believe that’s how anti-viruses work.
Otherwise, most wouldn’t even install an anti-virus. The only protection would be the one provided by the Operating System itself. Nothing else. This very same people would never update their systems and applications as well.
And, that’s why millions of people may have infected system, without even knowing it, and happily connect to the Internet. But, other millions of people, do not have infected systems, and for the reason I mentioned above.

I rather think people in general use what comes preloaded with their PCs, usually Norton AV or something similar. Most people probably understand it’s an antivirus, but I doubt most people know what other software you can get - e.g. antimalware, antispyware etc. because there are tons of real-time and on-demand apps to chose from and people simply are not interested. That’s why they get infected - lack of interest => lack of knowledge.

Well then as an educated user you should take it upon yourself to educate the masses. Nonetheless, as an educated user myself I will, consequently, try to educate you RejZoR. The only way to deal with the “default allow”, as you put it, is to turn on password parental control with suppression of alerts (Antivirus, D+, and firewall). That way, my dearest educated RejZoR the uneducated user will not have to deal with pop-ups at all, CIS will do that. Nothing the uneducated can do to infect his or her computer when the password parental control with pop-ups suppression is on.

I hope you understand my dearest RejZoR, don’t you? 88) ???

Peace unto you. >:(