Interesting stuff, but you have made the same mistake that most other testing sites have done - you’re testing CAVS solely on its detection capabilities and totally ignoring the fact that it has a HIPS component to prevent the infection occuring in the first place.
It would be interesting to see the results if each application was first installed onto a known clean system and scanned after installing, or attempting to install, each malware component and then recording the quantity of undetected malware samples remaining on the system after HIPS prevention and AV detection.
In this case, the HIPS component in CAVS would alert on each attempted malware install which you could block, and then it’s number of “undetected malware samples” would be negligible. AVs without HIPS would not, however, vary in their results.
I think Burillo was testing only CAVS’s detection capabilities not its overall anti malware efficiency. Most people are concerned about its detection rate. I am using cfp 3 which has a much more advanced HIPS than CAVS so why would I use CAVS if not for its detection capability as a backup?
It’s a really good job you’re doing Burillo, BUT I think I must ask you to remove the links, as it’s against the forum policy to post links to malware (I doubt anyone except me have read it lol), even tho you did include warnings.
And I really doubt all those are FP’s lol (can only happen with Norton ;D).
Quoted from the Forum Policy:
The reason for why I’m not deleting it myself, is so that you can copy the links, so you don’t have to upload it all again.
Anyways, you’re still allowed to PM/e-mail it to someone if they’re interested.
Also, I will test them with Avira Free 7, fully updated, in around half an hour when my download is finished.
What is the ultimate, long-term goal of an AV? Surely it is so you end up with a virus free PC, regardless of the mechanisms employed in achieving this. The fact that CAVS employs a prevention - detection - removal cycle, whereas other AVs only use a detection - removal cycle, doesn’t mean that CAVS is deficient. To my way of thinking, it serves to highlight the inadequacies of the others.
It’s like saying
“At the four furlong mark, my horse was running at 98 MPH and yours was only running at 92 !”
I totally agree with the prevention approach of comodo. So I don’t need to be shown the right way of thinking. Anyway this horse race was a good example. What you are saying is true. period. I didn’t say that it is not like that nor that CAVS is deficient. Maybe you misunderstood my post or it is just my lack of English. When I was using cpf 2.4 my AV was CAVS and I was pleased with it. Liked its application control module. But now that I am using cfp 3 which employs a much more sophisticated prevention mechanism it takes over CAVS prevention part of its “prevention-detection-removal/cure” cycle. What remain is detection and removal. Which are currently not the best part of CAVS. So right now I don’t know why should I use CAVS. In its own it could be a very efficient anti malware product regardless of its detection rate. But in my case as for me cfp 3 copes with prevention I prefer to have an av only for detection. Which could still be useful even using a hips alongside. There are a lot of legit applications not to mention the not-so-legit ones containing malware that a user may want to run. In this case when I am not sure to trust a program a good file scanner could be handy.
Please don’t misunderstand me, there are many AVs out there with a greater detection rate than CAVS and CAVS definitely needs to improve.
CAVS3 is currently in development and promises to have vastly improved detection capabilities, along with the ability to co-operatively use the HIPS component of the firewall (if it’s installed and the user agress with this, of course). The merging of the BOClean and CAVS signature bases will bring further improvements.
LOL. Gotta agree about the efficiency of CFP as an anti-malware measure. AVs are starting to seem almost irrelevant (AV lovers please note - I did say ALMOST), but, at a minimum, an on demand scanner is still needed, if only as a safety net.
And here we are : The same old discussion about Prevention ( HIPS ) versus Detection ( Defenition ). But what I miss in most of the discussions is the usability of HIPS. Ofcource you can use a Whitelist to make things easier for the user like Comodo does, but with HIPS it will always come to a point were the user has to decide if something is good or bad. And the majority of users won’t have a clue what to decide than. That is why detection is, and will be so important
Back to the race track : You can have the fastest horse, but if hardly no one can rides it you won’t win much races
Of course detection is important (I never said it wasn’t), but I firmly believe that detection is part of a structured, layered defense strategy, but just one part. Hopefully CAVS3 will have a greatly improved detection rate.
For me, the most important part of our e-defenses is knowledge. The more info a user can get (and understand) the better they can determine what to do. Clear descriptions of an intended action during the prevention phase can surely help users make up their mind what to do in the event of a HIPS alert (whether that HIPS alert came from the firewall or from the AV is irrelevant).
To continue the analogy of signature based detection and racetracks…
“coming in to the home straight with 2 furlongs to run it’s Detection Based AV out in front by a mile, but wait a minnute … the finish line just got moved because there’s X thousand new viruses released - guess we’ll just have to keep running. And running. And running. And running …”
(:KWL) Hello. Well I just tested Norton Internet Security 2008 with latest definitios and stuff and I found out that it’s very good ( a little bit worst than Kaspersky, but only a little, so I think I won’t change it now) Maybe when Comodo realeases CAVS 3 :BNC (:AGL)
removed the links. here are some thoughts. Proper testing of NOD32 v3.0 is impossible, will now download (and use!) version 2.7. I had nothing to do and wrote a detailed report which you can read in my Windows Live blog.
i do not agree. HIPS is the best thing to prevent unknown viruses, but there are too many users that just can’t determine right from wrong, and that’s where signature detection comes in. Yes, with HIPS we have 100% safety, but only when you know what you’re doing, whereas virus signatures can 99% (counting false positives) assure you that you HAVE malware.