AV-Comparatives Real-World protection July-Nov

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,040
Comparison | AV-Comparatives

Microsoft 106 FPs. How is this even possible? I guess software cracks are in the mix?
You have to look at the prevalence table, which for Microsoft is:

Very low 73
Low 22
Medium 8
High 3


So, you probably can see in practice only the medium and high prevalence false positives (8 and 3), and those numbers are not high.
The developers can submit the application installers to Microsoft (I do it from 2 years), and then the application is whitelisted by Microsoft.
 

plat

Level 29
Top Poster
Sep 13, 2018
1,793
I see that. Could we assume SmartScreen was included? Looked under Test Methods section and it states "all products tested at default settings." Doesn't explicitly say SmartScreen unless it's mentioned somewhere else.

Edit: Oh I see Andy Ful has explained it. :giggle:
 
  • Like
Reactions: Andy Ful and raveed

notabot

Level 15
Verified
Oct 31, 2018
703
The developers can submit the application installers to Microsoft (I do it from 2 years), and then the application is whitelisted by Microsoft.

Just FYI hard configurator executable at your github was blocked a couple of weeks ago by my Smartscreen
 
  • Like
Reactions: raveed
F

ForgottenSeer 72227

Just FYI hard configurator executable at your github was blocked a couple of weeks ago by my Smartscreen
Smartscreen flags this for me too, but I think it has more to do with it not being digitally signed. I'm not sure how many people use it either so its overall prevalence may have a factor too. Usually you should be able to allow it through Smartscreen without issue. One thing I've noticed is that once you allow it once through Smartscreen, it seems to remember this the next time around, at least this is how it worked for me.
 

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,040
Just FYI hard configurator executable at your github was blocked a couple of weeks ago by my Smartscreen
That is normal. SmartScreen is a reputation service. Hard_Configurator installer and its executables are whitelisted by WD - If not, then they will be recognized as the hack-tools, and quarantined. Usually my installers are accepted by SmartScreen after some months - that depends on how many users install the new versions. Actually, the 64-bit ConfigureDefender is accepted by SmartScreen (but not the 32-bit version).
 
Last edited:

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,040
...One thing I've noticed is that once you allow it once through Smartscreen, it seems to remember this the next time around, at least this is how it worked for me.
Technically, SmartScreen will still recognize it as not safe, if you will download it again. But after the first SmartScreen bypass (by the user) the information about downloading the installer from the Internet (Mark Of The Web) is deleted, so that particular file is ignored by SmartScreen.(y)
Digitally signed files are also considered as unsafe in the beginning, except if the file has got the EV code signing certificate. Yet, the digitally unsigned files usually require the greater prevalence to be accepted by SmartScreen.
 
Last edited:
F

ForgottenSeer 72227

Everyone can see one important thing in the report. The differences between most AVs are very little. So, there is a little advantage of comparing them.
I agree.

I'm always baffled when I see this constant back and forth that goes on when it comes to picking a security program. There are many more aspects to a program than just picking the one that "scores" the highest on a particular test (ie: performance, customer support, privacy, overall system stability, any conflicts with other programs on your system, etc...). Overall the general feeling that I get when reading various tests is that protection wise, the vast majority of programs are more or less very similar in the real world. We can nit pick all day long about this and that, but really we're splitting hairs at this point. I can find examples all over the internet of every program missing something at one point or another, so as I've always said, no product is perfect, just pick the one that fits your needs best.
 
D

Deleted member 178

Everyone can see one important thing in the report. The differences between most AVs are very little. So, there is a little advantage of comparing them.
The Hidden secret in those test labs is that all AVs are equivalent, why?
1- all of them are between 98-100%
2- how many malware a classic user will encounter on his whole life? 10-20 for safe users, 50-100 for happy clickers?
Even the worse happy clicker will become cautious after the 20th infection...

In my all digital life I never crossed any malware unless I looked for them.

Now do the math between the worst AV (~98%) and the best (~99-100) = 2%

So at worst, 2% of 100 malware in your whole life? 2 malwares...

At best, 2% of 10 malwares = 0.2 malware...

Those test labs are BS, they are marketing proxies for vendors, and they get their fare share of money from them... While stupid fanboys are fighting over the results and noobs changing AVs like underwears when their current one get a "low" score.

And spare me, the "but this is an extrapolation to properly measure the AVs efficiency".
No dude, in real world scenarios there is no extrapolations, only real usage, and those labs are far away from it.
 
F

ForgottenSeer 72227

The Hidden secret in those test labs is that all AVs are equivalent, why?
1- all of them are between 98-100%
2- how many malware a classic user will encounter on his whole life? 10-20 for safe users, 50-100 for happy clickers?
Even the worse happy clicker will become cautious after the 20th infection...

In my all digital life I never crossed any malware unless I looked for them.

Now do the math between the worst AV (~98%) and the best (~99-100) = 2%

So at worst, 2% of 100 malware in your whole life? 2 malwares...

At best, 2% of 10 malwares = 0.2 malware...

Those test labs are BS, they are marketing proxies for vendors, and they get their fare share of money from them... While stupid fanboys are fighting over the results and noobs changing AVs like underwears when their current one get a "low" score.

And spare me, the "but this is an extrapolation to properly measure the AVs efficiency".
No dude, in real world scenarios there is no extrapolations, only real usage, and those labs are far away from it.

Very well said, I couldn't have said it better myself. You can test, test and test as much as you want, it still doesn't represent the real world. Sad part is many people don't understand this and the so called “professional" YouTube testers don't get this either. I am by no means saying that you cannot try and test products for fun, or if that interests you, by all mean have at it, but if you are testing and/or looking at tests just to pick the one that scores the highest, well better be prepared to change your program every month, because it always changes.
 
Last edited by a moderator:

Cortex

Level 26
Verified
Top Poster
Well-known
Aug 4, 2016
1,465
The small differences between AV's on this chart are even more apparent as it starts at 0% rather than the often 75% thereby showing in realty how small the differences really are. Pointless worrying about what you use & even less point in changing an AV solution because of some minuscule percentage. I've never had any serious malware like I suspect most people who are reasonably careful.
 

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,040
Most users who were infected, do not use AV at all, or disables the protection. Many users intentionally run unsafe files (cracks, pirated software) and seek the protection that could mitigate already executed malware. That scenario cannot be tested, so the test results are not useful for them, too.
 

brod56

Level 15
Verified
Top Poster
Well-known
Feb 13, 2017
737
The Hidden secret in those test labs is that all AVs are equivalent, why?
1- all of them are between 98-100%
2- how many malware a classic user will encounter on his whole life? 10-20 for safe users, 50-100 for happy clickers?
Even the worse happy clicker will become cautious after the 20th infection...

In my all digital life I never crossed any malware unless I looked for them.

Now do the math between the worst AV (~98%) and the best (~99-100) = 2%

So at worst, 2% of 100 malware in your whole life? 2 malwares...

At best, 2% of 10 malwares = 0.2 malware...

Those test labs are BS, they are marketing proxies for vendors, and they get their fare share of money from them... While stupid fanboys are fighting over the results and noobs changing AVs like underwears when their current one get a "low" score.

And spare me, the "but this is an extrapolation to properly measure the AVs efficiency".
No dude, in real world scenarios there is no extrapolations, only real usage, and those labs are far away from it.
One of the best posts I've seen in this forum.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top