Who's the real winner here?

Few days back I had started a thread in Other Security Products forum here. The thread was about Avast. I had mentioned that Avast’s Shield’s protection are different. What the Webshield & Networkshield detects may not be detected by the Fileshield. A little discussion about this happened there. I mentioned Avast not coz I have anything against it. Its just coz I had tested Avast at that time.

Yesterday I tested Avira Free (It too now has a Webguard). After test I remembered few tests that I have watched in Youtube. Like AV Comparison tests. I remember a comparison test of Avast & CIS where Avast performed better than CIS & the comments below were like, Comodo AV Sucks, Comodo AV is weak, Wow Avast did amazing, Avast is the best. Now I find those tests kind of wrong or flawed.

Here is my yesterdays test explanation of Avast, Avira & Comodo.

You tell me who is the real winner?

I collected 20 zeroday working link from MDL, malwareblacklist & malc0de.

Avast

Fileshield - 8 detected
Webshield - 4 detected (PUP selection & sandbox didn’t reacted)
Networkshield - 4 detected
Rest - 4 Missed

Total - 16/20

Avira

Webguard - 12 detected
Guard - 6+1 detected (1 detected when general - all threats selected)
Rest - 2 missed

Total - 19/20

Comodo
Realtime - 17 detected
Cloud - 1 detected
Rest - 2 missed

Total - 18/20

Now the 2nd test. In this test I first downloaded & saved all the malware with the same 20 links above.

Avast - 12/20 - no pup & sb reacted

Avira - 17/20 - 1 by all threats

Comodo - 18/20 - 1 by cloud

Same malware but different results. So who’s the real winner here?

Thanxx
Naren

Actually web filter is the easiest way to stop malware for AV developers (and the fastest).

Compare time of:
-making signature for file,
-add site to blacklist,

Comodo is doing much more work, and other AVs is just adding sites to be blocked.
I don’t say it’s wrong or incorrect.

Very interesting experiment.

I don’t understand how you made your first test. Do you mean that you tried to go by a browser to those links? or what?

Could you say how much time did it take CIS to test file by cloud?

Nice little test there naren. Ill reverse the question if i may ;) [b]Who do you think is the winner?[/b] (winner probably being to strong a word in this context). As you can see all the vendors where pretty close when it came to malware coming from the known places, remember they can/do access these places as well. But what if these malware came in a zip file in an email. What if that was extracted then run. This is where actually detecting (as opposed to web filter) comes into its own.

The average of your 2 tests gives Avast 70%, Avira and CIS 90%

What where the 2 missed ones, do you have VT links? Remember no live malware. Also have you thought about asking to join the malware research group?

as I always said, the real tests are the ones that our users do!

Our users keep testing CIS vs Others and keep finding that we detect more…

  1. Yes I pasted the links in the browser

  2. The file was detected by Comodo Cloud AV. It was instant.

Thanxx
Naren

I dont have the 2 missed malware. But I had uploaded them to Valkyrie & they were detected as malware.
Next time onward I will paste the urls of missed malware by CAV too.

I just do tests of free AV’s to see whats the improvements, especially I compare Avast & Avira with Comodo coz CIS the security suite I am currently running on 2 of my laptops, home & personal. I kind of like to check CAV improvements so tests time to time. I dont test AVG mostly coz of the huge download size & slower installation. Also I have limited Internet package per month 10gb per month.

Doing these tests are not difficult. Joining malware research group is a responsibility & I am not that experienced/expert/qualified for such a job.

For me an AV’s real strength is Realtime scanner which is an alround scanner & detects malware coming from any channel, all the other shields are like bonus, stepney, for specific purpose. So I think the test of the AV’s should be Realtime v/s Realtime.

Thanxx
Naren

I am not an expert but I know well enough how CIS works coz I am associated with CIS right from CFW 2. I have followed the innovations & improvements of CIS.

In most of the tests of CIS done by the so called experts, if you read their review of CIS, reading halfway you know that the so called experts doesn’t know well how CIS works. And they paste their failure on CIS.

And yes in all my tests of free AV’s, CAV v/s Avira & Avast & few times AVG & PandaCloud included in the tests, CAV is mostly at the top, sometimes tie between CAV & Avira & few times second to Avira.

I test with zeroday malware from 2-3 sites, mostly with 30 malware, sometimes with 100 & few times with 15-20. First right click scan then remaining against Realtime scanner.

Thanxx
Naren