AV-TEST Advanced Threat Protection (ATP) AV.TEST test January - June 2025

[ForgottenSeer 123960]

That doesn't make sense because AVs can also close windows and have layers supporting each other.

The point about an indirect endorsement also doesn't make sense because most users don't know much about security. As for insisting that they should, think of the many things you're not familiar with, and how you have to depend on reviewers to help you choose.

"AVs can also close windows and have layers supporting each other."

When I mentioned an AV can't 'close windows,' I was using 'windows' as a metaphor for software vulnerabilities. For example, if your web browser is out-of-date, it's like a window left unlocked in your house. The AV is the guard at the front door, but an attacker might ignore the door and slip through that unlocked window (the browser vulnerability) instead. This is why keeping all your software updated is a critical layer of security that works alongside your antivirus.

"Most users don't know much about security... they have to depend on reviewers."

Regarding your point about reviewers, you are 100% correct. Most people aren't security experts and have to trust reviews. My point was that the reason we can trust a high-quality reviewer (like PCMag, for example) is that they base their recommendations on the highly technical, scientific testing done by labs like AV-TEST. So, our points actually support each other. We are both saying that users need a trustworthy source to make good decisions.

Thanks for asking for the clarification, it helps make the discussion better for everyone.

 

[ForgottenSeer 114717]

and it's likely that they won't or can't

Oh. They can. Like all things in life, it is what one prioritizes.

what they specialize in.

Most people specialize in being ignorant, misinterpretation, and being over sensitive.

The point about transparency is also questionable because several of them do provide certification

AV lab certification does not mean anything unless a person blindly trusts certification as meaning something.

How can anyone trust an organization that is not transparent?

Who, in their right mind, would trust black box testing that is done on behalf of the paying client to generate marketing tools from the test results for the client?

It is proven that audited companies and governments very often are untrustworthy despite passing many audits. AV labs are no different and there's no good reason why anyone would think that any one of them being certified, that they behave and do things in a manner that is blindly trustable and their work product should be accepted as fact.

show videos of what they did.

What is proven by a video? So, OK, the Youtube Tester executes some malware samples. How does anyone know that every single one of those samples is actually malware? How does anyone actually know that, if indeed a malicious file, does what it is supposed to do and that the AV completely blocked it? How does anyone know if the file, when executed, just loads into memory, consumes a little bit of resources, but then actually does nothing? How does anyone know from what is being shown in open Task Manager or similar what is really happening on the system? How does anyone know that the "end of test" tools are detecting everything that was missed by the tested AV? How does anyone know that everything used to perform and "confirm" the test results is identifying all false positives?

If the tester does not provide the samples or the files used, then one should question the results outright. It's the common sense thing to do.

Now, notice, I did not say "Dismiss outright." What I said is "Question the results." Those are not the same thing. Because you have a habit of reading what a person posts and then having your own unique, peculiar interpretation that is different - and probably deliberately so - from what the poster meant or intended.

The point about their having to admit that they're wrong is also questionable

I never said anyone needed to do anything. They can decide what to do and not to do.

How does anyone not expect them to admit they're wrong, when they make mistakes are wrong (which happens in both professional and enthusiast testing routinely)?

How does anyone trust them when they are wrong, but they don't admit it?

what if they're not wrong?

Then they don't have to admit they're wrong. They should if they want the public's trust, but they don't have to.

They are making claims about products. So the accountability and responsibility to prove their claims is entirely on them. Making false claims or misleading consumers - whether by intent or not, and then not admitting they were wrong or misleading means nobody should trust them.

Then do you admit that they're right?

For the most part they are right for the specific malware samples, the specific methodology, and the specific testing circumstances of the test(s).

It is people who misinterpret the results by extrapolating the results to any possible real world circumstances. And those people do so without thought.

But when a tester is wrong, they should be transparent about it and admit that they were wrong.

Your last point implies that no one should be trusted, not even those who present tests here, because they're either not revealing their mistakes or they're making mistakes.

Because they can and often do, and they don't even realize that they're making mistakes. This is well known and widely accepted as fact.

"Trust, but Verify."

How can anyone confirm and verify professional test lab methodology, samples, and results, let alone video testers? Just blindly trust them and curl the toes with glee because one's favorite AV got "5 Stars and All Green Bars?"

Given that, what then is the basis of making a choice on what to purchase?

Gain adequate knowledge to confirm for oneself. Know how to spot problems and identify BS. Be skeptical because it will save one's bacon from being cooked needlessly and money, if they be a paying consumer instead of a software pirater or freeloader.

You seem very willing to trust marketing claims - that are often highly problematic, up to the point of being misleading. As far as Youtube Testers, anyone that keeps posting test videos with positive outcomes and bypass videos with negative outcomes has an agenda. Anybody that conducts an international campaign of live demonstrations to show how their product is superior to every other product has an agenda.

Anyone that keeps promoting their product or a product through participation on a forum has an agenda.

The agenda is always to influence the viewer one way or the other. And that means huge bias. Which means the viewer should be skeptical, unless they be the ignorant, gullible type.

 

[ForgottenSeer 123960]

Professional lab tests, such as those conducted by AV-TEST, provide the most reliable approximation of real-world performance available. However, they should be considered a baseline, as they cannot account for every variable present in a live environment. While their published results help users make informed decisions when selecting security products, these tests do not factor in individual system configurations, usage patterns, or personal habits. Ultimately, user behavior is the most critical component of security, as no software suite can fully protect a user with unsafe online practices.

 

[ForgottenSeer 114717]

Professional lab tests, such as those conducted by AV-TEST, provide the most reliable approximation of real-world performance available. However, they should be considered a baseline, as they cannot account for every variable present in a live environment. While their published results help users make informed decisions when selecting security products, these tests do not factor in individual system configurations, usage patterns, or personal habits. Ultimately, user behavior is the most critical component of security, as no software suite can fully protect a user with unsafe online practices.

Hear, hear. Well said. Brilliant.

MT site owners should pin this as a Notice banner on the MT landing page or make it a mandatory Advisory banner for any AV test thread.

"All Ye Who Enter this Thread Be Warned..."

 

[monkeylove]

"AVs can also close windows and have layers supporting each other."

When I mentioned an AV can't 'close windows,' I was using 'windows' as a metaphor for software vulnerabilities. For example, if your web browser is out-of-date, it's like a window left unlocked in your house. The AV is the guard at the front door, but an attacker might ignore the door and slip through that unlocked window (the browser vulnerability) instead. This is why keeping all your software updated is a critical layer of security that works alongside your antivirus.

"Most users don't know much about security... they have to depend on reviewers."

Regarding your point about reviewers, you are 100% correct. Most people aren't security experts and have to trust reviews. My point was that the reason we can trust a high-quality reviewer (like PCMag, for example) is that they base their recommendations on the highly technical, scientific testing done by labs like AV-TEST. So, our points actually support each other. We are both saying that users need a trustworthy source to make good decisions.

Thanks for asking for the clarification, it helps make the discussion better for everyone.

Thanks. I think that's why some security programs come with software updaters. Meanwhile, additional features are considered bloat by some while increasing the price of the AVs.

 

[monkeylove]

Oh. They can. Like all things in life, it is what one prioritizes.


Most people specialize in being ignorant, misinterpretation, and being over sensitive.


AV lab certification does not mean anything unless a person blindly trusts certification as meaning something.

How can anyone trust an organization that is not transparent?

Who, in their right mind, would trust black box testing that is done on behalf of the paying client to generate marketing tools from the test results for the client?

It is proven that audited companies and governments very often are untrustworthy despite passing many audits. AV labs are no different and there's no good reason why anyone would think that any one of them being certified, that they behave and do things in a manner that is blindly trustable and their work product should be accepted as fact.


What is proven by a video? So, OK, the Youtube Tester executes some malware samples. How does anyone know that every single one of those samples is actually malware? How does anyone actually know that, if indeed a malicious file, does what it is supposed to do and that the AV completely blocked it? How does anyone know if the file, when executed, just loads into memory, consumes a little bit of resources, but then actually does nothing? How does anyone know from what is being shown in open Task Manager or similar what is really happening on the system? How does anyone know that the "end of test" tools are detecting everything that was missed by the tested AV? How does anyone know that everything used to perform and "confirm" the test results is identifying all false positives?

If the tester does not provide the samples or the files used, then one should question the results outright. It's the common sense thing to do.

Now, notice, I did not say "Dismiss outright." What I said is "Question the results." Those are not the same thing. Because you have a habit of reading what a person posts and then having your own unique, peculiar interpretation that is different - and probably deliberately so - from what the poster meant or intended.


I never said anyone needed to do anything. They can decide what to do and not to do.

How does anyone not expect them to admit they're wrong, when they make mistakes are wrong (which happens in both professional and enthusiast testing routinely)?

How does anyone trust them when they are wrong, but they don't admit it?


Then they don't have to admit they're wrong. They should if they want the public's trust, but they don't have to.

They are making claims about products. So the accountability and responsibility to prove their claims is entirely on them. Making false claims or misleading consumers - whether by intent or not, and then not admitting they were wrong or misleading means nobody should trust them.


For the most part they are right for the specific malware samples, the specific methodology, and the specific testing circumstances of the test(s).

It is people who misinterpret the results by extrapolating the results to any possible real world circumstances. And those people do so without thought.

But when a tester is wrong, they should be transparent about it and admit that they were wrong.


Because they can and often do, and they don't even realize that they're making mistakes. This is well known and widely accepted as fact.

"Trust, but Verify."

How can anyone confirm and verify professional test lab methodology, samples, and results, let alone video testers? Just blindly trust them and curl the toes with glee because one's favorite AV got "5 Stars and All Green Bars?"


Gain adequate knowledge to confirm for oneself. Know how to spot problems and identify BS. Be skeptical because it will save one's bacon from being cooked needlessly and money, if they be a paying consumer instead of a software pirater or freeloader.

You seem very willing to trust marketing claims - that are often highly problematic, up to the point of being misleading. As far as Youtube Testers, anyone that keeps posting test videos with positive outcomes and bypass videos with negative outcomes has an agenda. Anybody that conducts an international campaign of live demonstrations to show how their product is superior to every other product has an agenda.

Anyone that keeps promoting their product or a product through participation on a forum has an agenda.

The agenda is always to influence the viewer one way or the other. And that means huge bias. Which means the viewer should be skeptical, unless they be the ignorant, gullible type.

They can't for the same reason you can't, i.e., concerning their specialization. That's why they have consumer reviews for various goods and services.

They don't specialize in being ignorant. Rather, some specialize in some things and others in other things. You need to stick to reality.

Certification has the same meaning for other goods and services. Stop being paranoid.

"It is proven that audited companies and governments very often are untrustworthy despite passing many audits. AV labs are no different and there's no good reason why anyone would think that any one of them being certified, that they behave and do things in a manner that is blindly trustable and their work product should be accepted as fact."

I get this feeling that you trust no one. Good grief.

"How does anyone trust them when they are wrong, but they don't admit it?"

What do you do when they admit that they're prove? Do you still consider them as "untrustworthy"? And they're not even audited!

Now, you're making things worse:

"They are making claims about products. So the accountability and responsibility to prove their claims is entirely on them. Making false claims or misleading consumers - whether by intent or not, and then not admitting they were wrong or misleading means nobody should trust them."

What's the point? You've already prejudged everyone: "audited companies and governments very often are untrustworthy despite passing many audits".

"Any possible realworld circumstances"? You mean specific circumstances, right?

"But when a tester is wrong, they should be transparent about it and admit that they were wrong." And what if he's right? He's still untrustworthy?

How do you "trust, but verify" given the point that you don't trust any form of certification? Will you be doing the verification yourself? Are you assuming that all users will insist on the same because they won't trust your verification?

For now, I'll be charitable and argue that you're simply not thinking about this clearly. You need to consider this issue in practical terms. That is,

Assume that no one's an expert on everything.

You have to trust someone eventually.

 

[Zero Knowledge]

Most people don't have time to troll security forums or groups looking for guides and advice. People are busy with day to day life and working hard to keep their head above water financially and keep their jobs. There is plenty of education and up-skilling that goes on but it's just people don't have time to worry about security, that's why they hire security people, SOC analyst's and CISO's in large corps.

Tests like these are fine, as Divergant said people can use it as a baseline for existing knowledge. But just don't use it as a bible.

 

[monkeylove]

Professional lab tests, such as those conducted by AV-TEST, provide the most reliable approximation of real-world performance available. However, they should be considered a baseline, as they cannot account for every variable present in a live environment. While their published results help users make informed decisions when selecting security products, these tests do not factor in individual system configurations, usage patterns, or personal habits. Ultimately, user behavior is the most critical component of security, as no software suite can fully protect a user with unsafe online practices.

I don't think anyone "[can] account for every variable present in a live environment", and the more one insists on considering more variables then the longer it takes to come up with a review of what to use. In fact, it's even possible that one will never be able to decide what to use.

Also, it's not an end-or issue, where one has to choose between user behavior and better security programs. One should have both, and that doesn't make testing irrelevant.

The insistence that no one can be trusted and that everything has to be verified is bizarre.

 

[ForgottenSeer 123960]

Thanks. I think that's why some security programs come with software updaters. Meanwhile, additional features are considered bloat by some while increasing the price of the AVs.

While these built-in updaters in security suites can be convenient, they have limitations because, it's not their primary job.

Incomplete Inventory

They often can't see every piece of software on your system. They might miss niche applications, portable apps that aren't formally "installed," or even just misidentify a version number. Their main focus is being an antivirus.

Potential for Delay

There can be a lag between when a developer (like Google or Adobe) releases a critical patch and when the security suite's updater adds it to their distribution list. For zero-day vulnerabilities, every hour counts, and getting the update directly from the source is always fastest.

OS is the Authority

Your OS knows what it needs better than any third-party program. Relying on anything other than the official, built-in Windows Update or macOS Software Update for core system patches is unreliable and risky.

Thanks for raising this. It's a subtle but critical distinction that prevents users from falling into a false sense of security. An AV's software updater is a "nice-to-have" feature, not a replacement for fundamental security hygiene.

 

[ForgottenSeer 114717]

They can't for the same reason you can't, i.e., concerning their specialization.

Oh, but I can.

They don't specialize in being ignorant. Rather, some specialize in some things and others in other things. You need to stick to reality.

Sure they specialize is being ignorant. The definition of "not knowing" is ignorance. If the person does not do the work required to gain the knowledge, then they are just lazy. That is reality.

Certification has the same meaning for other goods and services.

You do realize that certification means very little, right? There are a lot of people that are "certified" with the ISC2 CISSP, but despite this they are professionally inept.

AV test lab ISO or similar certification provides little in the way of consumer assurances of quality.

Stop being paranoid.

I'm not paranoid. It is your right to believe what you want to believe and I respect that you're gullible and do not bother to do the research to figure out for yourself what is what.

I get this feeling that you trust no one.

It is common sense that a person should spend the time and effort to "Trust, but Verify." If one does not do that, then the person is being self-negligent and negligent of others.

If you trust marketing materials (AV lab test results) to be adequate consumer assurances of product quality, then that is your prerogative. You don't even have to do that. You can just believe non-professional Youtube tester test results.

What do you do when they admit that they're prove? Do you still consider them as "untrustworthy"? And they're not even audited!

What AV labs do is for marketing purposes - on behalf of the paying participating clients. They don't exist to provide consumer assurances. Their duty and responsibility is not to the public, but the paying client.

If any AV lab is audited under a certification scheme, it does not include an audit of their test methodology or the accuracy and validity of those test and results. There is no certification organization that performs such audits of AV test labs. You, as the reader, just have to take their word for it. Better cross your fingers and whisper chants to make their word true.

Now, you're making things worse:

I'm not making anything worse. I'm merely stating the facts. You just have no answers and so you avoid answering any questions posed.

What's the point? You've already prejudged everyone: "audited companies and governments very often are untrustworthy despite passing many audits".

Whom have I "prejudiced?" I don't have any influence on anyone. The only person giving my posts any attention is you and you're a non-believer.

"Any possible realworld circumstances"? You mean specific circumstances, right?

"Any possible real world circumstances" means the millions of possible specific circumstances that test methods and scenarios do not apply to.

Can you list even three (2) circumstances that ANY AV lab test or Youtube tester do NOT apply to?

I tell you what. I'll provide you a cheat. It is 400 Euros per hour.

 

[ForgottenSeer 123960]

I don't think anyone "[can] account for every variable present in a live environment", and the more one insists on considering more variables then the longer it takes to come up with a review of what to use. In fact, it's even possible that one will never be able to decide what to use.

Also, it's not an end-or issue, where one has to choose between user behavior and better security programs. One should have both, and that doesn't make testing irrelevant.

The insistence that no one can be trusted and that everything has to be verified is bizarre.

That's an interesting take. It's like saying that because car crash-test ratings can't account for every possible road condition or a deer jumping out at midnight, the ratings are irrelevant and we shouldn't bother teaching defensive driving.
Of course, we do both. We use the tests to pick a safer car, and we learn to drive carefully. My point was never 'one or the other', it was that the best airbags won't save a driver who insists on speeding through red lights.

 

[ForgottenSeer 114717]

I don't think anyone "[can] account for every variable present in a live environment", and the more one insists on considering more variables then the longer it takes to come up with a review of what to use. In fact, it's even possible that one will never be able to decide what to use.

Nobody ever said that it is possible or that it should even be attempted. I know I certainly never stated that.

However, without covering every single possible circumstances that means a test has significant limitations.

Also, it's not an end-or issue, where one has to choose between user behavior and better security programs.

Nobody here ever said that one has to make a choice between behavior and better security programs.

Where do you come up with this stuff?

Did you not state repeatedly that "people are specialized" with the meaning that they cannot be expected to know because they are "specialized."

OK, then. Riddle me this... What happens when the person is not specialized in safe online behaviors and they don't understand what AV test lab results really say - and most importantly what they do not say? What happens when they make assumptions about the test results because they do not know any better?

One should have both, and that doesn't make testing irrelevant.

I'm beginning to think you are either daft, don't understand what you read too good, or just don't pay attention.

For the 10th time, nobody in this entire thread has ever stated that AV testing is irrelevant. You are the only one interpreting others' statements as saying so.

My point was never 'one or the other', it was that the best airbags won't save a driver who insists on speeding through red lights.

People driving cars with "5 Stars and All Green Bars" safety ratings die every second of every day.

Most product and service testing of any kind is just a best effort approximation under test conditions and using methodology that might be ideal, might be correct, or not. Anyone remember the Pinto tests?

This is not difficult for even a child to understand. It is rather strange that a few just don't get it about product or service testing. Even the AV industry itself fights bitterly amongst its members about what is correct testing, the validity and accuracy of the test results, criticize the AV test labs all the time, and yet we have consumers willing to accept whatever the labs push out to the public and they just blindly believe all of it. Not to mention John and Jane Q Public are willing to accept any Youtube tester tests without question.

¯\_(ツ)_/¯

 

[ForgottenSeer 114717]

"But when a tester is wrong, they should be transparent about it and admit that they were wrong." And what if he's right? He's still untrustworthy?

If the test is done correctly and the results are accurate for the samples, methodology, and environment, then the lab has done part of its job that it was paid to do. What do you expect them to get for doing their job correctly - The Good Housekeeping seal of approval?

For Youtube testers they almost never get it right and cannot be trusted outright. They are not professional testers. It is not wrong to view non-professional testing as unqualified testing worthy of skepticism. Because some enthusiast tester says "I wrote this malware and it is intended to do this" or "active XYZ infection remaining" does not prove anything. Nobody knows what the truth and facts are except for, perhaps, the tester themselves and accepting such testing blindly is foolish.

Most Youtube testers that market their tests are not malware analysts either and have inadequate knowledge to know much of anything about the samples that they use in their "demonstrations."

So before you go down the rabbit hole, I am not saying that there are no competent Youtube testers. There are a few. There are a few that are very knowledgeable and experienced malware analysts and professional testers, but they don't know how to make a right proper video and explain things clearly.

One has to be able to separate the chaff from the wheat. If not, one is operating in full-on "A Sucker is Born Every Day" mode.

There is no truly independent, unbiased fully-dedicated AV test lab in existence. Youtube testers are definitely biased. Every Youtube tester brings their own biases to the test - the performance and the interpretation of the results. Not to mention what they don't know and understand.

How do you "trust, but verify" given the point that you don't trust any form of certification? Will you be doing the verification yourself? Are you assuming that all users will insist on the same because they won't trust your verification?

I will do the verification by myself, for myself. Not anyone else. Because I can.

I don't care what anyone else believes or thinks.

Assume that no one's an expert on everything.

One does not need to be an expert on anything. They just have to have the ability and willingness to do the work required to learn and make fully-informed determinations for themselves.

Being "specialized" is not a barrier to doing it. It's just an excuse.

You have to trust someone eventually.

I do. Trust, but Verify.

Do they not teach this in grade school anymore? One of the foundations of being a good citizen and consumer is to treat all marketing claims - which all AV testing is - with skepticism and verify.

 

[Trident]

Unless in the very few cases where samples are chosen for their special properties (which also means they’ve been studied) and the test is conducted over period of time (not bombarding, gang banging and so on), the test could be interesting to see at most, but absolutely can not be a reason to uninstall a solution and install another one.

When samples are studied though, it is impossible to obtain very large sets of malware. This can always be made more accurate and interesting through deep theoretical evaluation (understanding the components a solution offers and how they work, as all AVs work perfectly when there is a signature/hash blacklisted, but with zero-days it’s totally different). Unfortunately a lot of testers spend exactly 0 minutes on understanding the product and its inner workings.
When a product and malware are studied, a small set of malware that is specifically chosen can lead to more meaningful results.

The lab tests are credible but are also just a single point of information. A solution must perform well across a number of tests to be considered good.

 

[ForgottenSeer 114717]

The test could be interesting to see at most but absolutely can not be a reason to uninstall a solution and install another one.

There is a corps of users that use both AV test lab and Youtube tester test results to decide the AV they will use. That means they are in a perpetual cycle of install-uninstall. Some do it more than they change their underwear.

You did a review of McAfee. Because of it, a significant number of people here at least tested it, if not switched completely to it.

Some hold sway. Others don't. Some follow that sway. Others don't.

Unfortunately a lot of testers spend exactly 0 minutes on understanding the product and its inner workings.

This statement is equally true of AV test labs. They don't have staff dedicated to figuring out each product's internals, design, and intended versus observed behaviors.

Just designing the test, controlling the variables, fixing problems, and obtaining samples is a huge, difficult task. There is no time to figure out how products work. Plus, the lab is not being paid to do that. It is being paid to demonstrate what it does, not know how it does it.

Product internals usually only ever becomes a forefront matter when it is required to fix a problem that is affecting the productivity or results of the test.

Of course, if one tests enough products and pays attention - taking careful notes - one learns a lot about how products work during that process. In my observation, most Youtube testers don't do any of that.

 

[monkeylove]

While these built-in updaters in security suites can be convenient, they have limitations because, it's not their primary job.

Incomplete Inventory

They often can't see every piece of software on your system. They might miss niche applications, portable apps that aren't formally "installed," or even just misidentify a version number. Their main focus is being an antivirus.

Potential for Delay

There can be a lag between when a developer (like Google or Adobe) releases a critical patch and when the security suite's updater adds it to their distribution list. For zero-day vulnerabilities, every hour counts, and getting the update directly from the source is always fastest.

OS is the Authority

Your OS knows what it needs better than any third-party program. Relying on anything other than the official, built-in Windows Update or macOS Software Update for core system patches is unreliable and risky.

Thanks for raising this. It's a subtle but critical distinction that prevents users from falling into a false sense of security. An AV's software updater is a "nice-to-have" feature, not a replacement for fundamental security hygiene.

I think they're separate modules, so that's likely their only job. The same goes for password managers, VPN, etc.

Meanwhile, I think any patches can be applied when you run a program and it checks for updates, or when you let it run in the task scheduler to do so.

 

[monkeylove]

Oh, but I can.


Sure they specialize is being ignorant. The definition of "not knowing" is ignorance. If the person does not do the work required to gain the knowledge, then they are just lazy. That is reality.


You do realize that certification means very little, right? There are a lot of people that are "certified" with the ISC2 CISSP, but despite this they are professionally inept.

AV test lab ISO or similar certification provides little in the way of consumer assurances of quality.


I'm not paranoid. It is your right to believe what you want to believe and I respect that you're gullible and do not bother to do the research to figure out for yourself what is what.


It is common sense that a person should spend the time and effort to "Trust, but Verify." If one does not do that, then the person is being self-negligent and negligent of others.

If you trust marketing materials (AV lab test results) to be adequate consumer assurances of product quality, then that is your prerogative. You don't even have to do that. You can just believe non-professional Youtube tester test results.


What AV labs do is for marketing purposes - on behalf of the paying participating clients. They don't exist to provide consumer assurances. Their duty and responsibility is not to the public, but the paying client.

If any AV lab is audited under a certification scheme, it does not include an audit of their test methodology or the accuracy and validity of those test and results. There is no certification organization that performs such audits of AV test labs. You, as the reader, just have to take their word for it. Better cross your fingers and whisper chants to make their word true.


I'm not making anything worse. I'm merely stating the facts. You just have no answers and so you avoid answering any questions posed.


Whom have I "prejudiced?" I don't have any influence on anyone. The only person giving my posts any attention is you and you're a non-believer.


"Any possible real world circumstances" means the millions of possible specific circumstances that test methods and scenarios do not apply to.

Can you list even three (2) circumstances that ANY AV lab test or Youtube tester do NOT apply to?

I tell you what. I'll provide you a cheat. It is 400 Euros per hour.

I put to question your statement that "Nobody ever said that it is possible or that it should even be attempted. I know I certainly never stated that" by going back to your previous post. Point by point:

You specialize on everything?

Not only do you think that no one should be trusted, they're all ignoramuses, too.

The point about certification is likely connected to that. You don't trust any doctor because for you their certifications are questionable. And the only one who can be trusted is you.

How do you verify? Do you open your own testing corporation and hire personnel to do so? That supports the rest of your beliefs, right? No one can be trusted, even if they're verified by others. Only you can tell the rest of us what can be trusted, and in the end it's what comes only from you.

What are "non-marketing materials"? You already pointed out that (a) no one can be trusted and (b) they can't be verified by others, either. That only leaves us with you: you're the only one everyone can trust to test AVs and to certify any tester.

You are not stating any facts. In fact, you've not done that throughout. You've only given the points above.

I'm a "non-believer" in what? You?

Finally, why are you asking me to prove my points? Why can't you prove yours?

(a) Show how every test cannot be trusted, and that includes even those shared in this forum.

(b) Show that no test can be verified, and that includes every test given in this forum.

(c) Show how you specialize in testing AVs and that only you can test AVs correctly and your testing is verifiable.

The catch: since you trust no verification, then that means the only one who can verify your test is also you.

Did I get that right?

 

[monkeylove]

Nobody ever said that it is possible or that it should even be attempted. I know I certainly never stated that.

However, without covering every single possible circumstances that means a test has significant limitations.


Nobody here ever said that one has to make a choice between behavior and better security programs.

Where do you come up with this stuff?

Did you not state repeatedly that "people are specialized" with the meaning that they cannot be expected to know because they are "specialized."

OK, then. Riddle me this... What happens when the person is not specialized in safe online behaviors and they don't understand what AV test lab results really say - and most importantly what they do not say? What happens when they make assumptions about the test results because they do not know any better?


I'm beginning to think you are either daft, don't understand what you read too good, or just don't pay attention.

For the 10th time, nobody in this entire thread has ever stated that AV testing is irrelevant. You are the only one interpreting others' statements as saying so.


People driving cars with "5 Stars and All Green Bars" safety ratings die every second of every day.

Most product and service testing of any kind is just a best effort approximation under test conditions and using methodology that might be ideal, might be correct, or not. Anyone remember the Pinto tests?

This is not difficult for even a child to understand. It is rather strange that a few just don't get it about product or service testing. Even the AV industry itself fights bitterly amongst its members about what is correct testing, the validity and accuracy of the test results, criticize the AV test labs all the time, and yet we have consumers willing to accept whatever the labs push out to the public and they just blindly believe all of it. Not to mention John and Jane Q Public are willing to accept any Youtube tester tests without question.

¯\_(ツ)_/¯

That makes no sense at all. You're insisting that the only ones who should consider reviews are specialists, but the reviews are made because most aren't specialists!

 

[monkeylove]

There is a corps of users that use both AV test lab and Youtube tester test results to decide the AV they will use. That means they are in a perpetual cycle of install-uninstall. Some do it more than they change their underwear.

You did a review of McAfee. Because of it, a significant number of people here at least tested it, if not switched completely to it.

Some hold sway. Others don't. Some follow that sway. Others don't.


This statement is equally true of AV test labs. They don't have staff dedicated to figuring out each product's internals, design, and intended versus observed behaviors.

Just designing the test, controlling the variables, fixing problems, and obtaining samples is a huge, difficult task. There is no time to figure out how products work. Plus, the lab is not being paid to do that. It is being paid to demonstrate what it does, not know how it does it.

Product internals usually only ever becomes a forefront matter when it is required to fix a problem that is affecting the productivity or results of the test.

Of course, if one tests enough products and pays attention - taking careful notes - one learns a lot about how products work during that process. In my observation, most Youtube testers don't do any of that.

There are groups (some of them include businesses and government offices) that change AVs because the price has gone up, the system has become slower, and/or their system was infected and they argue that Windows Defender failed. It's not like they're changing underwear.

Several of these businesses and offices rely on testing services, several of which you insist can't be trusted, are being used as marketing tools, and can't be verified. And they don't have the time to verify them.

But it looks like you can do that, and not just for testing AVs but for testing anything.

 

[ForgottenSeer 114717]

You specialize on everything?

I'm just really smart with decades of experienced within software engineering, security architecture, IT investigations, and security testing.

I know what I am talking about.

Not only do you think that no one should be trusted, they're all ignoramuses, too.

I never said that "no one should be trusted." What I said was for AV test labs "Trust, but Verify" and "Youtube testers cannot be generally trusted as they often do not perform correct testing."

How do you not know this stuff?

The point about certification is likely connected to that.

Because ISO certifications do not assess, audit, and certify the quality of the service provided by AV test labs. There are no certification organizations that certify AV test lab test methodology, procedures, and accuracy of the results.

For Youtube testers, they don't pay, so they would not find anyone willing to certify them. Besides, who would want to certify non-professional testers in the first place.

You don't trust any doctor because for you their certifications are questionable.

How silly can you be? I never said that I do not trust doctors. Only you are saying that I do not trust them. Trusting or not trusting doctors is not even relevant to the discussion.

You OK? Because with some of the stuff that you are saying suggests that you have gone off the rails and your mind is in orbit around Pluto. You are making absolutely no sense whatsoever.

And the only one who can be trusted is you.

Who said that? I know I never said that.

You need to calm down. You are triggered and got yourself whipped up into a hysteria where your mind is making false interpretations of what other people state.

How do you verify?

By obtaining the malware samples, carefully reviewing the methodology, and testing to professional standards all by myself.

My verification testing is for me, and me alone. I don't do it for anyone else. If someone else wants me to test, then it is 2,000 Euros per TTP, plus expenses.

Do you open your own testing corporation and hire personnel to do so?

I don't need to open one. I and others opened one decades ago. I'm an owner.

No one can be trusted, even if they're verified by others.

AV test labs and Youtube testers are not verified.

That only leaves us with you: you're the only one everyone can trust to test AVs and to certify any tester.

As I stated many times before, I only perform verifications for myself.

I don't care what you or anyone else believes or thinks to be trustworthy. It is your prerogative to trust whomever or whatever.

What I think should not matter to you or anybody else.

You already pointed out that (a) no one can be trusted and (b) they can't be verified by others, either.

(a) Sure they can be trusted. "Trust, but Verify."
(b) Of course they can be verified. Anyone has the ability to verify them with some willingness and effort.

That only leaves us with you: you're the only one everyone can trust to test AVs and to certify any tester.

I don't want anybody to trust me. They need to do the work so that they can trust themselves.

I do not certify testers. Don't want to.

You are not stating any facts.

Oh, but I have been stating facts accepted and known widely. You are the only one that does not know that what I am stating is factual and you refuse to accept reality.

I'm a "non-believer" in what? You?

I don't want you to believe in me and why would I want you to?

You have to figure it all out for yourself. You have a lot of work to do. You better get started as quickly as possible because there's a lot to learn, and so very little time to do so.

Finally, why are you asking me to prove my points?

They are just questions. Why won't you answer them?

Why can't you prove yours?

I already have proven them. Not once, but multiple times.

(a) Show how every test cannot be trusted, and that includes even those shared in this forum.

No samples provided. No test methodology provided. No independent, unpaid 3rd party validation of the test methodology or results.

(b) Show that no test can be verified, and that includes every test given in this forum.

But tests can be verified if the tested samples are provided, a methodology is provided, and an independent, unpaid entity verifies the accuracy and validity of both the test methodology and results.

(c) Show how you specialize in testing AVs and that only you can test AVs correctly and your testing is verifiable.

I am an owner in a test organization. I know how to test. My testing is not verifiable as I do the testing I am talking about here only for myself. The results are not intended for public release.

TriggeredBro, you need to try harder.