AV-Comparatives AV-Comparatives Real World Protection Test - Feburary - May 2019

Disclaimer
  1. This test shows how an antivirus behaves with certain threats, in a specific environment and under certain conditions.
    We encourage you to compare these results with others and take informed decisions on what security products to use.
    Before buying an antivirus you should consider factors such as price, ease of use, compatibility, and support. Installing a free trial version allows an antivirus to be tested in everyday use before purchase.

a1nn

Level 2
Thread author
Verified
Jun 5, 2017
50
215200


Full report and statistics can be found here:
Real-World Protection Test February-May 2019 | AV-Comparatives
 

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,150
The major difference between the various products is in the FPs. For advanced users, an FP is not a big deal, they know how to handle it. But for an average user, it can deter them from needed updates and valuable programs, or get them in the habit of turning off the AV, neither of which is healthy.
 

blackice

Level 38
Verified
Top Poster
Well-known
Apr 1, 2019
2,731
The major difference between the various products is in the FPs. For advanced users, an FP is not a big deal, they know how to handle it. But for an average user, it can deter them from needed updates and valuable programs, or get them in the habit of turning off the AV, neither of which is healthy.
I hadn’t had a FP till I started trialing SHP. That son of a gun keeps deleting all Andy’s tools It just did it again today, got home from work checked and made sure Macrium ran and all these alerts pop. Good grief.
 

TairikuOkami

Level 35
Verified
Top Poster
Content Creator
Well-known
May 13, 2017
2,452
Over 98% seems pretty good to me. The magnified graph really can be misleading. That’s also default.
That depends, what kind of malware was tested. 12 missed samples, that does not sound so bad, but if one was eg ransomware, that would make it real bad. Considering, that ESET was running with heuristics and cloud detection, so the detection of zero day malware is probably not that great.
 

Evjl's Rain

Level 47
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Apr 18, 2016
3,684
Microsoft is doing a great job with their WD. Kaspersky has always been top notch. Regarding Eset, emmm I don't know...
WD has block at first sight enabled which is a kind of reputation-based protection => safe or unsafe files are blocked if they don't have sufficient number of users => tons of FPs, great blocking of new malwares

this feature is nice but there is an overlap with windows smartscreen because BAFS only works if the file is downloaded from the internet. If the file is originated from other sources (USB, HDD,...), BAFS and smartscreen are useless

this feature is conditional. It doesn't always work
 

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,150
If the file is originated from other sources (USB, HDD,...), BAFS and smartscreen are useless
This important point shows how much the testing conditions affect the results. A high-scoring AV might provide poor protection for you if sharing flash drives or external hard disks, or opening RAR files, is part of your lifestyle.
 

Evjl's Rain

Level 47
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Apr 18, 2016
3,684
This important point shows how much the testing conditions affect the results. A high-scoring AV might provide poor protection for you if sharing flash drives or external hard disks, or opening RAR files, is part of your lifestyle.
that's why an AV with good USB protection (panda, avira,...) or unconditional reputation checker is nice (avast's hardened mode, panda's application control, kaspersky's TAM/App. control sets to High restricted/untrusted, comodo's cloud lookup...)
also using Bandizip is a big plus for bring smartscreen back to life :D
 

SeriousHoax

Level 47
Well-known
Mar 16, 2019
3,630
But they love Star Wars so much, more than money and millions of potential customers.
Exactly. It seems they are very stubborn. Stubborn at the wrong things. They always had one of the best signatures in the industry along with heuristics and with cloud protection they are doing a great job detecting zero day malwares too. But they must change the UI of their product. They changed a bit couple of years ago but still bad compared to other popular products. Also it comes with Avira launcher or something, it's only job is to open the UI probably. If you uninstall Avira, the launcher would still remain on your PC. It needs a separate uninstall as far as I remember. So, it's a mess. They must stop fangirling Star Wars and do a UI overhaul.
 

Zorro

Level 9
Verified
Well-known
Jun 11, 2019
404
On the one hand, the result in 98-99% is simply wonderful, on the other hand, there is enough activity of 1 or 2 malicious programs out of 1-2% missed to encrypt all personal files. There is no perfect protection, but this suggests that any antivirus needs to be configured so that the probability of successful operation of malicious programs from these 1-2% tends to zero. The same ESET has a weak HIPS by default, but setting up this component already provides tangible protection. The main thing is to keep a balance between protection and performance, as well as ease of use.
 

TairikuOkami

Level 35
Verified
Top Poster
Content Creator
Well-known
May 13, 2017
2,452
There is no perfect protection, but this suggests that any antivirus needs to be configured so that the probability of successful operation of malicious programs from these 1-2% tends to zero. The same ESET has a weak HIPS by default, but setting up this component already provides tangible protection.
The problem is, that 99% users always use the default config and those, who can customize it, usually do not need AV in the first place. ;)
 

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,040
WD has block at first sight enabled which is a kind of reputation-based protection => safe or unsafe files are blocked if they don't have sufficient number of users => tons of FPs, great blocking of new malwares
BASF is not reputation-based protection. I can see this, for example, when running freshly compiled executables. Every such executable uploaded to GitHub and downloaded to disk triggers BASF but the executable is allowed, anyway (I do not compile malware). If I try to execute it, then I can always see the SmartScreen alert.
Sporadically, my files are detected by BASF as trojan, so I have to submit my executables for whitelisting, before they will be published.
BASF is based on AI in the cloud like Kaspersky Secure Network feature. BASF uses many factors in the analysis (deep learning), also the file prevalence.
WD false positives can be visible only with low & very low prevalence samples. The average user will not see a significant difference between all AVs, because she/he can feel only false positives from the High or Medium category.
215221

The false positives should be read as follows:
McAfee = 3317, Symantec = 1389, Microsoft 840
So, Microsoft is third not first in the false positives list.
 
Last edited:

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,150
WD false positives can be visible only with low & very low prevalence samples.
There was someone complaining on the other forum that at the office they needed to update their HP printer software because of a certain issue, and WD blocked the update. I told him that WD is nervous about very new files so just don't be the first guy to update. He said that over a week later, the HP update was still being blocked.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top