AV-Comparatives AV-Comparatives Real-World protection July-August 2019

[eonline]

I currently use Panda that should improve on its false positives.

 

[roger_m]

I currently use Panda that should improve on its false positives.

I used Panda for some time and never experienced more than minor issues with false positives. I'm someone who is regularly downloading new PUPs etc, rather than just downloading well known software.

The poor detection rate for new malware, is much more of an issue in my opinion.

 

[[correlate]]

 

[harlan4096]

I have been testing Avira for about 2 weeks and it was far to get 100% in any malware pack (check Hub Stats section), it only got good results in special samples on demand which already had high detections (not fresh), and in some packs "being benevolent" and testing the pack after many hours later it was posted... so I laugh at these tests

 

[Venustus]

There is no way Kaspersky is on par with Tencent

 

[Digmor Crusher]

Why is anyone who has been a member of this forum for more than a couple of months even debating the validity of these tests? If you have been a member for a certain period you should know that these tests in no way indicate the actual ability of these AV's to protect you in a real world scenario.

 

[mlnevese]

Why is anyone who has been a member of this forum for more than a couple of months even debating the validity of these tests? If you have been a member for a certain period you should know that these tests in no way indicate the actual ability of these AV's to protect you in a real world scenario.

Agreed. All it does is to show how well they performed against that particular samples in the moment of test. As I usually say 1 minute and 1 update could change the entire test result...

 

[blackice]

Why is anyone who has been a member of this forum for more than a couple of months even debating the validity of these tests? If you have been a member for a certain period you should know that these tests in no way indicate the actual ability of these AV's to protect you in a real world scenario.

Boredom, I’m sure.

 

[Andy Ful]

These tests are like watching TV news. You do not learn the real world from it, but you hardly have the choice (except researching by yourself).

 

[[correlate]]

 

[Bryan320]

Windows defender scored on par with Avast? I'll take it!!! I'm assuming this test was done with default settings? I'm sure it would have been better on *high protection*. NANO antivirus is crushing the competition im almost willing to switch!

 

[Lenny_Fox]

A friend of mine , who studies IT-security & penetration testing, was allowed to have a peek in the kitchen of AV_comparatives. My friend has seen with his own eyes that AV-comparatives collected zero day samples 24x7. The check to confirm whether a sample is really malware takes 5 to 30 minutes, so most of AV-comparatives samples are zero hour. Most testing agencies disable smart screen (otherwise even less malware is able to execute).

The test conducted by experienced members on this forum are 'shoot in the foot' testing (executing malware on your harddisk), while AV-Test and AV-comparatives perform real world testing (simulating clicking on a link in the browser). The high succes rate of the AV-products tested has nothing to do with the age of the malware samples collected by the testing organizations (as often claimed on security forums). Most malware has a hard time gaining high integrity level rights when triggered from a link on a fully patched Windows 10 PC.

Windows Defender set to HIGH or MAX with Configure defender (try to pass smartscreen, WD cloud block at first sight and block executables from running unless they meet a certain age and prevalence of trust criteria) will even perform better against web based attack vectors.

 

[shmu26]

Most malware has a hard time gaining high integrity level rights when triggered from a link on a fully patched Windows 10 PC.

Windows Defender set to HIGH or MAX with Configure defender (try to pass smartscreen, WD cloud block at first sight and block executables from running unless they meet a certain age and prevalence of trust criteria) will even perform better against web based attack vectors.

+1
Assuming one doesn't commit suicide by downloading warez in rar files, the biggest threat to the home user is malware on flash drives and other removable media.

 

[Andy Ful]

+1
Assuming one doesn't commit suicide by downloading warez in rar files, the biggest threat to the home user is malware on flash drives and other removable media.

... and spam attachments.

 

[Bryan320]

This is exactly why I use windows defender and configure it to high settings on all my friends/family computers. It's great to have a free almost comprehensive solution with no hassels. How times have changed back in 2007 nothing was offered free with complete protection. As a rule of thumb i always tell my friends/family to run a windows update before browsing on the internet especially if they have had they're PC or laptops off. Doing a windows update before browsing the internet will ensure everything is patched and antivirus is updated I love how easy it is.

 

[Lenny_Fox]

... and spam attachments.

Maybe an idea (when it s not already implemented) to set the MAIL attachment type1 file extensions with the enhanced SRP file extensions values of hard_configurator? I assume that default values of MAIL type-1 are the same as the file types of SRP, which don't have wsf, wsh, ps1, js, etc in the SRP default set, so I assume the type 1 MAIL attachments are also missing them.

 

[Andy Ful]

Maybe an idea (when it s not already implemented) to set the MAIL attachment type1 file extensions with the enhanced SRP file extensions values of hard_configurator? I assume that default values of MAIL type-1 are the same as the file types of SRP, which don't have wsf, wsh, ps1, js, etc in the SRP default set, so I assume the type 1 MAIL attachments are also missing them.

Lenny, what do you mean by 'MAIL attachment type1 file extensions'?

 

[SeriousHoax]

Windows Defender does have email scanning option though. Might be useful if someone uses email apps like Outlook, Thunderbird in which case their mailbox files will be parsed to scan its content but since smartsceen is not integrated into WD and network inspection protection is very limited, any malicious links in mails won't be blocked or notified to user and this is why I think it's disabled by default plus if any known malicious attachment from emails is saved on HDD then WD would detect it anyway so there's not much to gain by email scanning and it makes sense for them to keep it disabled by default. Besides, WD already often slows down my Thunderbird a lot when a new email is opened and deleted so turning the feature on might make it even worse.

 

[Lenny_Fox]

Lenny, what do you mean by 'MAIL attachment type1 file extensions'?

Sorry Andy, I meant high risk type attachements. I thought that H_C set more file extensions to block than the high risk file types described here Blocked attachments in Outlook so I wondered whether it was a good idea to add those to high-risk types of attachment manager. But @SeriousHoax explained it is not very usefull

Regards Len

 

[Andy Ful]

... I thought that H_C set more file extensions to block than the high risk file types described here Blocked attachments in Outlook so I wondered whether it was a good idea to add those to high-risk types of attachment manager. But @SeriousHoax explained it is not very usefull

Regards Len

Understand. Thanks for the explanation. I think that also WD ASR rules would be worth trying (if one uses WD as the main AV).