Andy Ful

Level 45
Verified
Trusted
Content Creator
Comparison | AV-Comparatives

Microsoft 106 FPs. How is this even possible? I guess software cracks are in the mix?
You have to look at the prevalence table, which for Microsoft is:

Very low 73
Low 22
Medium 8
High 3


So, you probably can see in practice only the medium and high prevalence false positives (8 and 3), and those numbers are not high.
The developers can submit the application installers to Microsoft (I do it from 2 years), and then the application is whitelisted by Microsoft.
 

plat1098

Level 8
Verified
I see that. Could we assume SmartScreen was included? Looked under Test Methods section and it states "all products tested at default settings." Doesn't explicitly say SmartScreen unless it's mentioned somewhere else.

Edit: Oh I see Andy Ful has explained it. :giggle:
 
  • Like
Reactions: Andy Ful and raveed

notabot

Level 8
The developers can submit the application installers to Microsoft (I do it from 2 years), and then the application is whitelisted by Microsoft.
Just FYI hard configurator executable at your github was blocked a couple of weeks ago by my Smartscreen
 
  • Like
Reactions: raveed

Raiden

Level 13
Verified
Content Creator
Just FYI hard configurator executable at your github was blocked a couple of weeks ago by my Smartscreen
Smartscreen flags this for me too, but I think it has more to do with it not being digitally signed. I'm not sure how many people use it either so its overall prevalence may have a factor too. Usually you should be able to allow it through Smartscreen without issue. One thing I've noticed is that once you allow it once through Smartscreen, it seems to remember this the next time around, at least this is how it worked for me.
 

Andy Ful

Level 45
Verified
Trusted
Content Creator
Just FYI hard configurator executable at your github was blocked a couple of weeks ago by my Smartscreen
That is normal. SmartScreen is a reputation service. Hard_Configurator installer and its executables are whitelisted by WD - If not, then they will be recognized as the hack-tools, and quarantined. Usually my installers are accepted by SmartScreen after some months - that depends on how many users install the new versions. Actually, the 64-bit ConfigureDefender is accepted by SmartScreen (but not the 32-bit version).
 
Last edited:

Andy Ful

Level 45
Verified
Trusted
Content Creator
...One thing I've noticed is that once you allow it once through Smartscreen, it seems to remember this the next time around, at least this is how it worked for me.
Technically, SmartScreen will still recognize it as not safe, if you will download it again. But after the first SmartScreen bypass (by the user) the information about downloading the installer from the Internet (Mark Of The Web) is deleted, so that particular file is ignored by SmartScreen.(y)
Digitally signed files are also considered as unsafe in the beginning, except if the file has got the EV code signing certificate. Yet, the digitally unsigned files usually require the greater prevalence to be accepted by SmartScreen.
 
Last edited:

Raiden

Level 13
Verified
Content Creator
Everyone can see one important thing in the report. The differences between most AVs are very little. So, there is a little advantage of comparing them.
I agree.

I'm always baffled when I see this constant back and forth that goes on when it comes to picking a security program. There are many more aspects to a program than just picking the one that "scores" the highest on a particular test (ie: performance, customer support, privacy, overall system stability, any conflicts with other programs on your system, etc...). Overall the general feeling that I get when reading various tests is that protection wise, the vast majority of programs are more or less very similar in the real world. We can nit pick all day long about this and that, but really we're splitting hairs at this point. I can find examples all over the internet of every program missing something at one point or another, so as I've always said, no product is perfect, just pick the one that fits your needs best.
 
D

Deleted member 178

Everyone can see one important thing in the report. The differences between most AVs are very little. So, there is a little advantage of comparing them.
The Hidden secret in those test labs is that all AVs are equivalent, why?
1- all of them are between 98-100%
2- how many malware a classic user will encounter on his whole life? 10-20 for safe users, 50-100 for happy clickers?
Even the worse happy clicker will become cautious after the 20th infection...

In my all digital life I never crossed any malware unless I looked for them.

Now do the math between the worst AV (~98%) and the best (~99-100) = 2%

So at worst, 2% of 100 malware in your whole life? 2 malwares...

At best, 2% of 10 malwares = 0.2 malware...

Those test labs are BS, they are marketing proxies for vendors, and they get their fare share of money from them... While stupid fanboys are fighting over the results and noobs changing AVs like underwears when their current one get a "low" score.

And spare me, the "but this is an extrapolation to properly measure the AVs efficiency".
No dude, in real world scenarios there is no extrapolations, only real usage, and those labs are far away from it.
 

Raiden

Level 13
Verified
Content Creator
The Hidden secret in those test labs is that all AVs are equivalent, why?
1- all of them are between 98-100%
2- how many malware a classic user will encounter on his whole life? 10-20 for safe users, 50-100 for happy clickers?
Even the worse happy clicker will become cautious after the 20th infection...

In my all digital life I never crossed any malware unless I looked for them.

Now do the math between the worst AV (~98%) and the best (~99-100) = 2%

So at worst, 2% of 100 malware in your whole life? 2 malwares...

At best, 2% of 10 malwares = 0.2 malware...

Those test labs are BS, they are marketing proxies for vendors, and they get their fare share of money from them... While stupid fanboys are fighting over the results and noobs changing AVs like underwears when their current one get a "low" score.

And spare me, the "but this is an extrapolation to properly measure the AVs efficiency".
No dude, in real world scenarios there is no extrapolations, only real usage, and those labs are far away from it.
Very well said, I couldn't have said it better myself. You can test, test and test as much as you want, it still doesn't represent the real world. Sad part is many people don't understand this and the so called “professional" YouTube testers don't get this either. I am by no means saying that you cannot try and test products for fun, or if that interests you, by all mean have at it, but if you are testing and/or looking at tests just to pick the one that scores the highest, well better be prepared to change your program every month, because it always changes.
 
Last edited:

Cortex

Level 10
The small differences between AV's on this chart are even more apparent as it starts at 0% rather than the often 75% thereby showing in realty how small the differences really are. Pointless worrying about what you use & even less point in changing an AV solution because of some minuscule percentage. I've never had any serious malware like I suspect most people who are reasonably careful.
 

Andy Ful

Level 45
Verified
Trusted
Content Creator
Most users who were infected, do not use AV at all, or disables the protection. Many users intentionally run unsafe files (cracks, pirated software) and seek the protection that could mitigate already executed malware. That scenario cannot be tested, so the test results are not useful for them, too.
 

brod56

Level 15
Verified
The Hidden secret in those test labs is that all AVs are equivalent, why?
1- all of them are between 98-100%
2- how many malware a classic user will encounter on his whole life? 10-20 for safe users, 50-100 for happy clickers?
Even the worse happy clicker will become cautious after the 20th infection...

In my all digital life I never crossed any malware unless I looked for them.

Now do the math between the worst AV (~98%) and the best (~99-100) = 2%

So at worst, 2% of 100 malware in your whole life? 2 malwares...

At best, 2% of 10 malwares = 0.2 malware...

Those test labs are BS, they are marketing proxies for vendors, and they get their fare share of money from them... While stupid fanboys are fighting over the results and noobs changing AVs like underwears when their current one get a "low" score.

And spare me, the "but this is an extrapolation to properly measure the AVs efficiency".
No dude, in real world scenarios there is no extrapolations, only real usage, and those labs are far away from it.
One of the best posts I've seen in this forum.