AV-Comparatives: Real-World Protection Test - October 2017

bribon77

Level 35
Thread author
Verified
Top Poster
Well-known
Jul 6, 2017
2,392
AV-Comparatives - Independent Tests of Anti-Virus Software - Real World Protection Test Overview

slimjet_2017-11-15_15-51-31.png
 
L

Local Host

Microsoft (Windows Defender) unbelievable: 99,1% (with 0.9% user dependant). I remember (in Windows 7) days when MSE was shown as baseline often with a lower bloack rate of 60%
Quite honestly as an experienced user Windows Defender would be more than enough for me, but due to it's Performance hit, I rather use Kaspersky that doesn't seem to affect my system Performance at all.

I have no doubt it has improved since MSE days either, but I still wouldn't recommend it for average users, this tests are hardly accurate in terms of Security overall.
 

RoboMan

Level 34
Verified
Top Poster
Content Creator
Well-known
Jun 24, 2016
2,399
ESET......worse and worse :rolleyes:
As a matter of fact, ESET has never shined because of its default settings (settings independent testers mostly use). ESET has never shined either by detecting threats in the moment, despite they update their databases pretty quick.
As an ESET user, i can affirm that anybody that has medium knowledge on the field, and understands what informatic keywords mean, can tweak ESET well enough to outplay almost any of the above software. ESET is no miracle nor is perfect. It's not the best out there but it's a solid product if handed carefully and wisely. For example, my ESET uses a lockdown configuration, warning me about every single inbound and otubound connection, and about every actions taking place on my system (HIPS interactive mode), blocking everything by default. Adding lots of network protection options and an amazing PUP blocker, i only need VoodooShield just in case and i have a nice fortress on my system.
 

Windows_Security

Level 24
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Mar 13, 2016
1,298
The samples used are old by today's standards.

So you are telling me that Windows Defender does not has improved, but the test has declined in relevance :unsure:.

When that is true, than the other AVs would also have benefitted of these older samples and also show improved results. This contradicts with the fact that Microsoft has gained on other AV's (now in the middle of the pack).
 

Azure

Level 28
Verified
Top Poster
Content Creator
Oct 23, 2014
1,712

zzz00m

Level 6
Verified
Well-known
Jun 10, 2017
248
I think it is also important to recognize that the AVC 'Real World Protection Test' is all about protection against malicious URLs.
Real-World Protection Test - AV-Comparatives

https://www.av-comparatives.org/wp-content/uploads/2017/11/avc_factsheet2017_10.pdf

The results are based on the test set of 316 live test cases (malicious URLs found in the field),
consisting of working exploits (i.e. drive-by downloads) and URLs pointing directly to malware. Thus
exactly the same infection vectors are used as a typical user would experience in everyday life. The
test-cases used cover a wide range of current malicious sites and provide insights into the protection
given by the various products (using all their protection features) while surfing the web.

The latest AVC 'Malware Protection Test' results can be found here, and differs somewhat from the methodology of the real world test.
Malware Protection Test - AV-Comparatives

https://www.av-comparatives.org/wp-content/uploads/2017/10/avc_mpt_201709_en.pdf

The Malware Protection Test assesses a security program’s ability to protect a system against infection
by malicious files before, during or after execution. The methodology used for each product tested is
as follows. Prior to execution, all the test samples are subjected to on-access and on-demand scans by
the security program, with each of these being done both offline and online. Any samples that have
not been detected by any of these scans are then executed on the test system, with Internet/cloud
access available, to allow e.g. behavioural detection features to come into play. If a product does not
prevent or reverse all the changes made by a particular malware sample within a given time period,
that test case is considered to be a miss. If the user is asked to decide whether a malware sample
should be allowed to run, and in the case of the worst user decision system changes are observed, the
test case is rated as “user-dependent”.

I suppose you would want your AV to do well in both tests. ;)

ESET and some others did better on the 'Malware Protection Test'.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top