Is this the kind of test Comodo Prefer to Participate?

I extract a section of the test report introduction here from http://www.pcsecuritylabs.net;

"PCSL Total Protection Test is to test the comprehensive defense ability to virus, trojan, worm and other malware of security products (antivirus products). PCSL Total Protection Test consists of three parts: Static Test, Dynamic Test and False Positive Test.

Generally speaking, antivirus products will scan all the data in the computer and compare their code to the signature database, so static test is designed to test the capability of this kind of detection. In Dynamic Test, we will execute the samples left in static test one by one and check whether the antivirus product can successfully block the infection or not. We will use a large scale of clean files to test how many false positives the tested products have and currently there is only static false positive test…"

Link of their July full test report;
http://www.pcsecuritylabs.net/document/PCSL%20Total%20Protection%20Test%202009%20July.zip

Difference from AV-Comparatives and most of the other popular AV tests, the test not just compares the static on-demand detection rate but also includes the dynamic test that actually run the virus.

Is this the kind of test Comodo prefer to participate in?
I really like to see how CIS performs in the test. :wink:

It’s better, but, IMHO, they are running the tests in the wrong order.

Wouldn’t it make more sense to start with a clean, uninfected PC (to more accurately reflect the real world) and run the dynamic test first to check if the malware can even get onto the PC in the first place?

After this first pass, then a static test could be run to see what leftovers it can detect.

Ewen :slight_smile:

I won’t say that its in the wrong order. Do you think that it is logical in the real world that a file is being run before it is being accessed in any form?

I also don’t think that it is an infected PC. Can you say that your PC is infected if you just use it to scan a set of virus samples?

In fact, it is very similar to the current protection approach of CIS with on-access virus scanner that carry out static detection first. Then, D+ will be in action if a virus get through the virus scanner.

Is this the kind of test Comodo Prefer to Participate?
I think comodo prefers amto tests with the review board approval (the most preferred method)

Are you referring to “amtso”
That kinds of test will never exist as that’s what I find in amtso.org.

“One of the issues that AMTSO and affiliated organizations are looking at is how testing organizations can demonstrate the effectiveness of their testing and their own competence, for instance by some form of certification for testers. However, AMTSO does not currently offer such certification, or any other formal mechanism for auditing a testing methodology or specific product review. Thus, product vendors and testers are not able to claim that their service is “endorsed” or “confirmed” by AMTSO or its members. …”

It seems to me that Comodo can use this reason forever to avoid taking part in any test. :o

It seems to me that Comodo can use this reason forever to avoid taking part in any test.

I’m just thinking the same thing… :frowning:

Hahaha this is funny, every time someone asks a test I know the answer already. Now you do to.

Sorry, but I’m confused by your question. If a file is run then surely it has been accessed hasn’t it? I can’t think of a way to run a file without accessing it.

I also don't think that it is an infected PC.

If it has malware on it, then I don’t think you could call it anything except “infected”.

Can you say that your PC is infected if you just use it to scan a set of virus samples?

Yes. See above.

In fact, it is very similar to the current protection approach of CIS with on-access virus scanner that carry out static detection first.

You’ve missed the whole point of a dynamic test. A dynamic test STARTS with a PC that has no malware on it and they visit a series of sites that will attempt to drop malware on it. They also attempt to copy This is how they test PREVENTION - whether the software can prevent the malware getting written onto the disk or getting written into memory.

If it can’t get into a particular PC, it can’t do anything to that PC.

Then, D+ will be in action if a virus get through the virus scanner.

D+ and the AV both come into play at the point of attempted entry onto the system. The blacklist (sigs) and the whitelist (allowed apps) are both checked. If the object attempting to get into your system is not found in either list, then, if CIS is configured correctly, D+ would alert when the object is being written to the disk. Similarly, D+ would also alert if the object was being inserted into memory.

The whole conecpt of a dynamic test is about testing whether codes can be written to a system without the users knowledge.

Dynamic tests: They test to see if a product can prevent malware from infecting a PC.
Static tests: They test to see if a product can identify a malware on a PC and/or clean it (which means its infected PC already) (this is the kind of tests that av comparitives sites do…)

CIS is designed to PREVENT malware from coming into your PC in the first place. So only a dynamic test can do it justice. Of course now there is a standard for these kind of tests and guideline is published by AMTSO.

AMTSO has a Review Board that, once requested, will give its opinion if a test has followed AMTSO guidelines or not. As soon as AMTSO review board has given its blessing to one of these tests, we will be the next one!

PS: Because there are many infected PCs out there, we decided to put some acid like cleaning features in ver 4.

Thanks
Melih

[quote author=Melih

AMTSO has a Review Board that, once requested, will give its opinion if a test has followed AMTSO guidelines or not. As soon as AMTSO review board has given its blessing to one of these tests, we will be the next one!

Thanks
Melih
[/quote]
Once requested by whom, Melih? Please enlighten us.

Peace.

I could not have said it better, thanks. ;D

Peace.

Then so what. Hey!

Peace.

Wait a minute I’ve thought of it first. ;D

Peace.

Here is an interesting idea Melih:

You never going to participate in a test unless the AMTSO review board gives its approval. However, for the AMTSO review board to review, the test must be already conducted, right? Now for the test to be conducted the test needs participants. Consequently, if every security company thinks like you, well, there is never going to be any participant. Without any participant there can ever be any test.

Don’t you think?

Please Melih meditate on the idea: “A world without testing, ever.”

Peace.

The testing organisation who claims to follow AMTSO guidelines obviously.
As soon as a testing organisation have shown themselves to be compliant, then we’ll know that they can carry out tests following AMTSO guidelines. And thats a key for us to request a test from that testing organisation.

Melih

Do I get the wrong information from AMTSO.org?

There is not going to has such AMTSO “blessing” test as it is mentioned in AMTSO.org that

AMTSO does not currently offer such certification, or any other formal mechanism for auditing a testing methodology or specific product review. Thus, product vendors and testers are not able to claim that their service is “endorsed” or “confirmed” by AMTSO or its members. …

Come on Melih, you know better or at least you should; such an answer is synonymous to a mirage.Why can’t you give a straight answer since you are a member of the AMTSO? I will give you ample time to correct your answer, no offense intended. We walked on that road before :wink:

Peace anyway.

Hi Jaki, you sure you’re not related to Jose_Lisbon somehow? Killjoy all the way instead of trying to really understand the underlying purpose of it all, give it a chance all the same won’t you… :stuck_out_tongue:
Xman
8)

What in the world you are talking about?

Peace.

I’m talking about your short sightedness Jaki, give it a rest!
Thank-you
Regards & Peace
Xman