Av-comparatives Real-World Protection Test March 2016

done

Level 5
Verified
Mar 19, 2015
217
Certainly this month Kaspersky fell down in detection, it usually gets the great results in this test, anyway 99.1% is good enough... let's wait the results in next test :)

Visit MalWare Hub section in this forum, almost everyday We check dynamically unknown samples against some Security products :)
I went to a customer 2 weeks a go with kaspersky installed. I'll make it short the system was badly infected including fake AV running.
 
  • Like
Reactions: Der.Reisende

harlan4096

Moderator
Verified
Staff Member
Malware Hunter
Well-known
Apr 28, 2015
8,635
Which version of Kaspersky? KIS/KTS or only KAV?.

No AV detect 100% of course, and You have to count also with standard users decisions in a real scenario ... in general Kaspersky products need to be tweaked a bit to get stronger protection. I don't like the defaults settings of Kaspersky, but it's a matter to deal with a medium/low settings that suit with standard users...
 

Orion

Level 2
Verified
Apr 8, 2016
83
Avira web guard in pro is nothing but a web shield it blocks files before it gets downloaded using the signature DB not actual a web filter with its blacklist.In avira free it doesnt count that much since its all signatures.According to stefan (avira virus lab head) their cloud is good enough to substitute BB.And I will agree atleast in my testing APC has been a monster.

The ABS is different its one kind of a web filter.
 

jamescv7

Level 85
Verified
Honorary Member
Mar 15, 2011
13,070
Trend Micro, Bitdefender, F-secure and Avira ---> products which isn't surprising already considering that rely very much on signatures except to their backend behavior protection which TM, Bitdefender and F-secure kicks very well.

However those yellow percentage should be counted why? Because AV's are not intended to be automated, users should be notify too that the detection may be false positive so assurance is exist.
 

Entreri

Level 7
Verified
May 25, 2015
342
One test, so I wouldn't base my future purchase on that.

However, in the past couple of year's the top ones are: Kasperksy, BitDefender, Avira and F-Secure. These tend to trade places, depending on the test (e.g. protection, detection etc).
 

done

Level 5
Verified
Mar 19, 2015
217
Which version of Kaspersky? KIS/KTS or only KAV?.

No AV detect 100% of course, and You have to count also with standard users decisions in a real scenario ... in general Kaspersky products need to be tweaked a bit to get stronger protection. I don't like the defaults settings of Kaspersky, but it's a matter to deal with a medium/low settings that suit with standard users...
the fake AV managed to disable kaspersy, it was zero day coz no program detected it. I removed manually other than that there were a lot of crap.
As for the version I dont know
 

Orion

Level 2
Verified
Apr 8, 2016
83
After some time I realised avira doesn't need any kind of behavioural blocker

True...even if you have a file that is not identified by APC it doesn't take long until you execute it and APC sends the suspicious stuff to their cloud where it gets analyzed.....its quite impressive as such.

Snip from the latest malware pack and how avira apc stacked up.There are 2-3 files in there which are not real malware but just PUA.I have submitted those to Avira so APC should pick them up in some time.Actually this is the first time APC has missed something in my test.

I have tested Avast as such and stacked it up against avira APC.All their fancy new gimmicks are not even on par with APC.APC isn't just a onlne detection module it seems like a dynamic online signature DB as well alongside with all the dynamic analyzers and stuff.More than that they are consistent with the APC detection quality unlike avast.
 

Attachments

  • Capture.PNG
    Capture.PNG
    9.3 KB · Views: 384
Last edited:

TheMalwareMaster

Level 21
Verified
Honorary Member
Top Poster
Well-known
Jan 4, 2016
1,022
True...even if you have a file that is not identified by APC it doesn't take long until you execute it and APC sends the suspicious stuff to their cloud where it gets analyzed.....its quite impressive as such.

Snip from the latest malware pack and how avira apc stacked up.There are 2-3 files in there which are not real malware but just PUA.I have submitted those to Avira so APC should pick them up in some time.Actually this is the first time APC has missed something in my test.

I have tested Avast as such and stacked it up against avira APC.All their fancy new gimmicks are not even on par with APC.APC isn't just a onlne detection module it seems like a dynamic online signature DB as well alongside with all the dynamic analyzers and stuff.More than that they are consistent with the APC detection quality unlike avast.
Avira protection cloud might not be able to immedialy identify PUA, because they don't contain any malicious code. Heur APC cloud is their heuristical module. In the malware pack you used for testing there were a few clean files, so don't worry.. https://malwaretips.com/threads/16-04-2016-9.58273/
 
Last edited:

soccer97

Level 11
Verified
May 22, 2014
517
Webroot doesn't participate because their rank is has always been inconsistent - sometimes towards the top, sometimes towards the bottom.

Webroot only participates in AV lab tests that will rank it high.

Webroot says "No one understands how Webroot SecureAnywhere works" and AV lab testing is "inapplicable because of the way WSA works."

Users report potential security holes and they never get fixed. Webroot thinks in "real-world scenarios" these security holes are extremely unlikely.

For example, execute malicious script that deletes entire drive with Webroot installed and see what happens...

Any of the reports that Webroot participated in that I saw were not so great. Overall, this chart shows that most companies are continuously improving - which is awesome. ESET still did pretty well. I expected Kaspersky to do a little better - but no one is perfect. I am sure that they are working on it. Still happy with the software(s) I use.
 

Solarquest

Moderator
Verified
Staff Member
Malware Hunter
Well-known
Jul 22, 2014
2,525
I still don't understand why Emsisoft detection is not higher than Bitdefender's.
According to Emsisoft ()March +July 2015) most of the malware infections is caused by Pups and 70+% of PUPs is detected by Emsi's engine/signature.
Emsisoft uses Bitdefender's engine and signatures....
Are the AV test companies not testing (enough) PUPs (so the samples used not representative of the " real malware world"), are PUPs not prevalent as stated, is Emsi's Pup detection not so good or/and Bitdefender's BB is so stellar?
...just a doubt...
 
  • Like
Reactions: Der.Reisende

Solarquest

Moderator
Verified
Staff Member
Malware Hunter
Well-known
Jul 22, 2014
2,525
Umbra,

Thank you for yor input.
Since Emsi uses Bitdefender's engine and signatures (and heuristic)+Emsi's ones, why isn't Emsi malware detection higher than Bitdefender's(file detection test)?

For the real world test it might be because of Bitdefender's active control, IDS....what do you think?
 
  • Like
Reactions: Der.Reisende

CMLew

Level 23
Verified
Well-known
Oct 30, 2015
1,251
Umbra,

Thank you for yor input.
Since Emsi uses Bitdefender's engine and signatures (and heuristic)+Emsi's ones, why isn't Emsi malware detection higher than Bitdefender's(file detection test)?

For the real world test it might be because of Bitdefender's active control, IDS....what do you think?

It's just like you were given a set of model answer of 1200 objective qn. and you/machine are required to mark the paper. So what are the chances you/machine will miss some? Sometimes it just do. All other times they're good to use.
 
  • Like
Reactions: Der.Reisende

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top