Why this low detection in the RAP test?

In the RAP (Reactive And Proactive) test from virusbtn.com the detection from Comodo AV is poor (below 80%), why is this?

http://www.virusbtn.com/vb100/rap-index.xml

I too dont understand how can the detection be low.

Everytime I test Comodo AV with popular AV’s like Avast, AVG, Avira, etc its always at par with these AV’s & even better than them.

I mostly test with 30-100 zeroday malware.

Dont know why its low detection at these tests.

It is a detection test. They look at detection in two points in time and see how much more gets detected with the second test if I recall correctly. They call that proactive testing.

It is not a proactive test like it should be done. It is Comodo’s,mine and many other’s point of view that a true proactive test would test the complete suite with sandbox and D+ enabled and then run malware and see if it can infect the system or not. Then you would see other figures.

During the development of the v5 sandbox it was tested (no av enabled) with 15,000 malwares. None of them was able to infect the system. That show the potential of protection of CIS.

OK point taken.

So, what Comodo is telling here is that the AV engine alone does not work that well but D+ and the sand box save the day?

actually no av engine works well, sorry but that is the truth. Most major av companies are going towards a model to protect the users without signatures. They are doing behavior blocking, sandboxing, hips, real time file analysis, etc.

The nice thing is comodo has all of this into one program and soon will add on realtime file analysis with Valk, and a local ( in addition to cloud) behavior blocker.

because no AV can detect 100%, that means they will always allow infection to occur. The current model of “Default allow” (eg: if not detected, then allow mentality) architecture is flawed and dangerous for end users.

Default Deny With Auto Sandboxing is a great solution that works! (eg: if not detected and its a new app, then sandbox first)

Melih

Melih beat me to this. :smiley:

Sandbox, D+ and default deny keep the bad guys at bay. The AV is and added layer to that foundation. When it comes to detection CIS is somewhere in the mid range.

Keep in mind that sandbox and D+ don’t need signatures to prevent malware from infecting the system like an AV does. That makes them ahead of the curve. It always takes time for a virus to be detected and a av definition to be made. Add to that the enormous amounts of malware being made these days to the point that no scanner is up to the task of keeping up with that. That’s why prevention is important these days.

I agree with you.

But all the others are also tested with AV part & not the full suite. So its like proactive test for AV only.

Any way I find Comdo’s detection way better than mentioned in the test. I test it myself & find its at par & even better than many AV’s in the test which are at top.

IMHO, a true proactive test would start with a clean system and then the test would attempt to 1) download malware and 2) execute said malware thereby giving the software under test the opportunity to both preventand to detect.

Starting from a clean base is, again MHO, the first pre-requisite for a proactive test.