AV-Comparatives AV-Comparatives Real-World protection July-August 2019

eonline

Level 21
Verified
Well-known
Nov 15, 2017
1,064
1.jpg

I currently use Panda that should improve on its false positives.
 

roger_m

Level 41
Verified
Top Poster
Content Creator
Dec 4, 2014
3,014
I currently use Panda that should improve on its false positives.
I used Panda for some time and never experienced more than minor issues with false positives. I'm someone who is regularly downloading new PUPs etc, rather than just downloading well known software.

The poor detection rate for new malware, is much more of an issue in my opinion.
 

harlan4096

Moderator
Verified
Staff Member
Malware Hunter
Well-known
Apr 28, 2015
8,635
I have been testing Avira for about 2 weeks and it was far to get 100% in any malware pack (check Hub Stats section), it only got good results in special samples on demand which already had high detections (not fresh), and in some packs "being benevolent" and testing the pack after many hours later it was posted... so I laugh at these tests :rolleyes:
 
Last edited:

Digmor Crusher

Level 23
Verified
Top Poster
Well-known
Jan 27, 2018
1,236
Why is anyone who has been a member of this forum for more than a couple of months even debating the validity of these tests? If you have been a member for a certain period you should know that these tests in no way indicate the actual ability of these AV's to protect you in a real world scenario.
 

mlnevese

Level 26
Verified
Top Poster
Well-known
May 3, 2015
1,531
Why is anyone who has been a member of this forum for more than a couple of months even debating the validity of these tests? If you have been a member for a certain period you should know that these tests in no way indicate the actual ability of these AV's to protect you in a real world scenario.

Agreed. All it does is to show how well they performed against that particular samples in the moment of test. As I usually say 1 minute and 1 update could change the entire test result...
 

blackice

Level 38
Verified
Top Poster
Well-known
Apr 1, 2019
2,731
Why is anyone who has been a member of this forum for more than a couple of months even debating the validity of these tests? If you have been a member for a certain period you should know that these tests in no way indicate the actual ability of these AV's to protect you in a real world scenario.
Boredom, I’m sure.
 

Lenny_Fox

Level 22
Verified
Top Poster
Well-known
Oct 1, 2019
1,120
A friend of mine , who studies IT-security & penetration testing, was allowed to have a peek in the kitchen of AV_comparatives. My friend has seen with his own eyes that AV-comparatives collected zero day samples 24x7. The check to confirm whether a sample is really malware takes 5 to 30 minutes, so most of AV-comparatives samples are zero hour. Most testing agencies disable smart screen (otherwise even less malware is able to execute).

The test conducted by experienced members on this forum are 'shoot in the foot' testing (executing malware on your harddisk), while AV-Test and AV-comparatives perform real world testing (simulating clicking on a link in the browser). The high succes rate of the AV-products tested has nothing to do with the age of the malware samples collected by the testing organizations (as often claimed on security forums). Most malware has a hard time gaining high integrity level rights when triggered from a link on a fully patched Windows 10 PC.

Windows Defender set to HIGH or MAX with Configure defender (try to pass smartscreen, WD cloud block at first sight and block executables from running unless they meet a certain age and prevalence of trust criteria) will even perform better against web based attack vectors.
 
Last edited:

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,150
Most malware has a hard time gaining high integrity level rights when triggered from a link on a fully patched Windows 10 PC.

Windows Defender set to HIGH or MAX with Configure defender (try to pass smartscreen, WD cloud block at first sight and block executables from running unless they meet a certain age and prevalence of trust criteria) will even perform better against web based attack vectors.
+1
Assuming one doesn't commit suicide by downloading warez in rar files, the biggest threat to the home user is malware on flash drives and other removable media.
 

Bryan320

Level 8
Oct 11, 2019
293
This is exactly why I use windows defender and configure it to high settings on all my friends/family computers. It's great to have a free almost comprehensive solution with no hassels. How times have changed back in 2007 nothing was offered free with complete protection. As a rule of thumb i always tell my friends/family to run a windows update before browsing on the internet especially if they have had they're PC or laptops off. Doing a windows update before browsing the internet will ensure everything is patched and antivirus is updated I love how easy it is.
 

Lenny_Fox

Level 22
Verified
Top Poster
Well-known
Oct 1, 2019
1,120
... and spam attachments.(y)
Maybe an idea (when it s not already implemented) to set the MAIL attachment type1 file extensions with the enhanced SRP file extensions values of hard_configurator? I assume that default values of MAIL type-1 are the same as the file types of SRP, which don't have wsf, wsh, ps1, js, etc in the SRP default set, so I assume the type 1 MAIL attachments are also missing them.
 

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,040
Maybe an idea (when it s not already implemented) to set the MAIL attachment type1 file extensions with the enhanced SRP file extensions values of hard_configurator? I assume that default values of MAIL type-1 are the same as the file types of SRP, which don't have wsf, wsh, ps1, js, etc in the SRP default set, so I assume the type 1 MAIL attachments are also missing them.
Lenny, what do you mean by 'MAIL attachment type1 file extensions'?:unsure:
 

SeriousHoax

Level 47
Well-known
Mar 16, 2019
3,630
Windows Defender does have email scanning option though. Might be useful if someone uses email apps like Outlook, Thunderbird in which case their mailbox files will be parsed to scan its content but since smartsceen is not integrated into WD and network inspection protection is very limited, any malicious links in mails won't be blocked or notified to user and this is why I think it's disabled by default plus if any known malicious attachment from emails is saved on HDD then WD would detect it anyway so there's not much to gain by email scanning and it makes sense for them to keep it disabled by default. Besides, WD already often slows down my Thunderbird a lot when a new email is opened and deleted so turning the feature on might make it even worse.
 

Lenny_Fox

Level 22
Verified
Top Poster
Well-known
Oct 1, 2019
1,120
Lenny, what do you mean by 'MAIL attachment type1 file extensions'?:unsure:
Sorry Andy, I meant high risk type attachements. I thought that H_C set more file extensions to block than the high risk file types described here Blocked attachments in Outlook so I wondered whether it was a good idea to add those to high-risk types of attachment manager. But @SeriousHoax explained it is not very usefull

Regards Len
 
Last edited:

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,040
... I thought that H_C set more file extensions to block than the high risk file types described here Blocked attachments in Outlook so I wondered whether it was a good idea to add those to high-risk types of attachment manager. But @SeriousHoax explained it is not very usefull

Regards Len
Understand. Thanks for the explanation. I think that also WD ASR rules would be worth trying (if one uses WD as the main AV).
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top