Reply to thread

Message

<blockquote data-quote="Andy Ful" data-source="post: 809659" data-attributes="member: 32260">I think that many people who discuss the AV test scoring on several forums take for granted some assumptions that are not true:<ol>
<li data-xf-list-type="ol">If antivirus A is better than B, then A can detect all malware as B and some more. In fact, in many cases, B can detect malware before A.</li>
<li data-xf-list-type="ol">If I would get infected in the year 2018, then probably it would be due to the malware tested by one of the AV testing Labs. In fact, the opposite is much more probable.</li>
<li data-xf-list-type="ol">The pool of tested samples is a very good representation of malware that could infect the average users. In fact, it is only wishful thinking.</li>
<li data-xf-list-type="ol">The statistical error, related to choosing a little pool of samples from an unknown large pool of all malware, can be well estimated for AV tests. In fact, it is another wishful thinking. If the statistical error would be 0.1% then the result 99.99% is an illusion, because the real result could lay somewhere between 99.9% and 100%. In this scenario, all AVs tested by AV-Comparatives in February-Mart test should be scored equally.</li>
</ol>So what should think the user about tests on malware that with high probability would not infect his/her computer, at all (if infection would happen anyway)?I would be cautious even when interpreting the AV tests for the year period. They measure something, but there are some other important factors, like the number of computers protected by the AV, cloud response time or advanced anti-malware modules (machine behavioral learning, AI, HIPS, malware detonation in the cloud, big data analysis, application reputation, anti-script modules, etc.).</blockquote>

[QUOTE="Andy Ful, post: 809659, member: 32260"] I think that many people who discuss the AV test scoring on several forums take for granted some assumptions that are not true: [LIST=1] [*]If antivirus A is better than B, then A can detect all malware as B and some more. In fact, in many cases, B can detect malware before A. [*]If I would get infected in the year 2018, then probably it would be due to the malware tested by one of the AV testing Labs. In fact, the opposite is much more probable. [*]The pool of tested samples is a very good representation of malware that could infect the average users. In fact, it is only wishful thinking. [*]The statistical error, related to choosing a little pool of samples from an unknown large pool of all malware, can be well estimated for AV tests. In fact, it is another wishful thinking. If the statistical error would be 0.1% then the result 99.99% is an illusion, because the real result could lay somewhere between 99.9% and 100%. In this scenario, all AVs tested by AV-Comparatives in February-Mart test should be scored equally. [/LIST] So what should think the user about tests on malware that with high probability would not infect his/her computer, at all (if infection would happen anyway)? I would be cautious even when interpreting the AV tests for the year period. They measure something, but there are some other important factors, like the number of computers protected by the AV, cloud response time or advanced anti-malware modules (machine behavioral learning, AI, HIPS, malware detonation in the cloud, big data analysis, application reputation, anti-script modules, etc.). [/QUOTE]

Verification