AV-Comparative Real-World Protection Test February-June 2017

5

509322

Thread author
Yep, Emsisoft is overrated as much as Comodo is but with less bugs/second. About the forum being associated with Emsisoft the answer is no but what does that have to do with anything.

Put Kaspersky onto a system, then throw a bunch of commonly exploited programs - like browsers, office suites, Java, Adobe products, etc - into Low and High Restricted and just watch the bug-sparks fly. Your computer room will twang with the sound of bugs flying off your screen and bouncing off the ceiling, walls and floor. Tink tink tink tink tink tink tink tink tink tink tink
 

SHvFl

Level 35
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Nov 19, 2014
2,342
Put Kaspersky onto a system, then throw a bunch of commonly exploited programs - like browsers, office suites, Java, Adobe products, etc - into Low and High Restricted and just watch the bug-sparks fly. Your computer room will twang with the sound of bugs flying off your screen and bouncing off the ceiling, walls and floor. Tink tink tink tink tink tink tink tink tink tink tink
Lol, must admit i didn't know that about Kaspersky but that is because it's heavy on any system i ever used so i usually uninstall instantly. Honestly i prefer stability and light protection even if i have to decide a few times from alerts. This is why i prefer Emsisoft from all the other AV companies(they pay me to say this but don't tell anyone).
 
5

509322

Thread author
Honestly i prefer stability and light protection even if i have to decide a few times from alerts. This is why i prefer Emsisoft from all the other AV companies(they pay me to say this but don't tell anyone).

If anyone keeps kickin' it with the security softs, after they've tried just about everything they can get their hands on, then they usually see the same light.

I use Emsisoft on one personal system. The one that I do nothing but ordinary stuff on. It's good all the way around for me personally on my specific system.
 
5

509322

Thread author
Lol, must admit i didn't know that about Kaspersky but that is because it's heavy on any system i ever used so i usually uninstall instantly. Honestly i prefer stability and light protection even if i have to decide a few times from alerts. This is why i prefer Emsisoft from all the other AV companies(they pay me to say this but don't tell anyone).

I have Kaspersky on another personal laptop and have had very good results with it too. It wasn't like that on a different system back in the day. These security suites either love or hate a system - and that can change with updates and new versions. So over time, I find that I have to switch products sometimes.
 

mekelek

Level 28
Verified
Well-known
Feb 24, 2017
1,661
Put Kaspersky onto a system, then throw a bunch of commonly exploited programs - like browsers, office suites, Java, Adobe products, etc - into Low and High Restricted and just watch the bug-sparks fly. Your computer room will twang with the sound of bugs flying off your screen and bouncing off the ceiling, walls and floor. Tink tink tink tink tink tink tink tink tink tink tink
it's too morning for me to get your analogy, would you ELI5 this for me?

And what av do you use ?
he needs those VMs/PCs to test compatibility/develop his own security suite obviously.
 
5

509322

Thread author
And what av do you use ?

For personal systems I use Emsisoft IS, Kaspersky IS on another and SpyShelter on the last one. I prefer Emsisoft, but I have a license for Kaspersky and figure I might as well use it. Once that K license is expired I'll probably not renew it. Of course all three have AppGuard installed. Then add uBlock Origin and LastPass. There's enough overkill plutonium in those combos.
 
5

509322

Thread author
it's too morning for me to get your analogy, would you ELI5 this for me?

When programs are added to Low and High Restricted in Application with interactive mode enabled, the HIPS, policy editor and firewall alert bugs are rampant. Some are quite old - like HIPS not remembering existing rules.

What I find I send on to @harlan4096. He then passes it on - and hopefully it ends up on some soft engineer's desk in Moscow.
 

mekelek

Level 28
Verified
Well-known
Feb 24, 2017
1,661
When programs are added to Low and High Restricted in Application with interactive mode enabled, the HIPS, policy editor and firewall alert bugs are rampant. Some are quite old - like HIPS not remembering existing rules.

What I find I send on to @harlan4096. He then passes it on - and hopefully it ends up on some soft engineer's desk in Moscow.
oh alright, i have those groups set to fully deny access so it doesn't really affect me.
 
5

509322

Thread author
Can they next time do test's with all AV's put on best possible settings?...

The labs don't test that way; they only test with default settings. The only one I can remember using "maximum" settings was Matousec - which is now defunct since 2014. Whatever they meant by "maximum" settings nobody knows because they did not publish any settings used during their testing.
 
5

509322

Thread author
oh alright, i have those groups set to fully deny access so it doesn't really affect me.

You add vulnerable programs like browsers to Low Restricted so that they run with limited privileges. With many programs if you set everything to deny then they won't work correctly.

In other words, you move vulnerable programs from Trusted to Low or High Restricted - dependent upon what the program does. Browsers, Adobe products, Microsoft Office, archivers, etc should not be run as Trusted but instead as Low Restricted. Then you set interactive mode so that you can respond to alerts and craft the necessary rules as you use the programs. It's full of bugs.

Just set Application Control to move unknown files to Untrusted. It is better than Trusted Application Mode. TAM is for n00bs.
 
Last edited by a moderator:
5

509322

Thread author
@Lockdown Last question: Whats the ram usage of appguard and how many processes does it use?

Thanks.

Cap3.PNG
 

spaceoctopus

Level 16
Verified
Top Poster
Content Creator
Well-known
Jul 13, 2014
766
Emsisoft did a great job. I think it just depends how you interpret the results. Emsisoft's BB is mostly local, it doesn't have the big data and machine learning infrastructure like other companies. That is why the user dependent notifications are always high. Nevertheless EAM BB is among the best in the market. Products such as AVIRA need access to their cloud infrastructure to be able to effectively protect about zero-days.

This is the reason why i think, EAM is still effective even when disconnected from the net, the cloud querying function is turned off, or some of the shields are turned off except the BB and Anti-Ransomware.

While on the other side a product like AVIRA would easily get bypassed by a zero-day malware in the same situation. ESET as another example needs its LiveGrid network for its Anti-Ransomware module to work.

All this can explain the results above:)
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top