AV-TEST Delves Into Latest Windows 7 Antivirus Tests

[Janl1992l]

why they are still testing 360 antivirus version 5, while the latest version is 360 total security 8.8

its the chinese version, not the version we use.

 

[Wave]

MS is catching up in Signature based Detection. AV-Test must test new samples using cloud based solutions found in all AVs.

Microsoft is performing better than a majority of people really think, there is a lot of security already embedded within Windows by-default but a lot of inexperienced users just pass it off as useless because they don't understand how it is supposed to work and why they are still becoming infected - just check a lot of the newer threads on the Security Configuration area, a lot of new members tend to have UAC disabled because they do not understand how it really works, and sometimes they even ignore the suggestions, which is of course down to them at the end of the day.

For starters, we have User Account Control and it's been integrated into Windows since Windows Vista days. Over time it's improved a lot since it used to have a lot more flaws than it currently does (e.g. on older OS versions before patch updates it could be exploited pretty easily) however it is much more stable and secure these days. It does it's job properly - if UAC is enabled then it can prevent programs from performing actions which can effect the system overall, such as modifying AutoRun entries for the local machine, performing modifications to protected folders (e.g. Program Files), and some other things related to process protection (e.g. a standard process by default won't have permission to access an admin process which will prevent it from injecting into it, etc) - however a lot of inexperienced users believe it is there to automatically protect you from malware and therefore believe it is a pile of rubbish, since it is not designed to do this and thus if the user allows malware to run as administrator, it will defeat the purposes of the feature in it's entirety.

User Account Control is supposed to be used while keeping your eyes open - you allow programs to run with the administrator privileges only if you trust the program and if you do not trust the program you do not allow it to gain those administrator privileges... Unless you have been affected with a zero-day browser exploit, an exploit executed from a removable disk (e.g. AutoRun on a removable disk) or have allowed execution to a program which isn't running as admin which may execute code to exploit UAC (and exploits are usually patched quite quickly when it comes to UAC and finding new ones can be quite a difficult process which may/may not involve reversing UAC), which is rare at the least since it will all still require user-interaction (e.g. if you visit a suspicious website which executes a zero-day browser exploit which then executes shell-code which will be responsible for a UAC exploit then it is your own fault for being click-happy), then minding what you grant privileges to/run in the first place has the potential to keep you protected.

Secondly, we have SmartScreen (Windows 8/8.1-10 for the Desktop version) and on older OS versions it is integrated into the web browser (Internet Explorer only). Is it any good? If it is used correctly then yes, it is good. The same logic applies to what I said earlier about UAC really... If you are going to ignore the alerts when it is disabled and allow an untrusted program (e.g. no code signing authenticity) to run regardless of SmartScreen letting you know it is untrusted then you cannot complain about Windows security because it was the user at the end of the day who decided to ignore the alert and aimlessly run the program.

Thirdly, we have PatchGuard on x64 systems which is less known and referenced too however it's main job is to protect against unsigned rogue device drivers being installed on the system. Within PatchGuard/linked to this, we have KPP (Kernel Patch Protection) which will prevent kernel-mode patching techniques, also common for rootkits to help conceal evidence of malicious software being present on the system. However if you willingly enable Test Mode via bcdedit.exe/or an external tool and allow software to load an unsigned device driver at your own descretion then it is your fault and not Windows as to why you became infected.

Most of the Windows protection with the exception of built-in Windows Defender (which if enabled will automatically block depending on the settings once it finds something harmful) is based on the user keeping their eyes open and being careful.

Microsoft has had great protection built-into Windows for a long time, however it only works if it's used correctly and responsibly. If a user disables it because he/she believes it doesn't work right because they want to be spoon-fed 100% security (which doesn't exist) then it is their loss.

PS: This post wasn't aimed at @Vasudev but I just saw the oppertunity for this post based on what he said about Microsoft so I decided to post this. I am aware it may be a little off-topic since this thread evolves around AV-TEST and Windows 7 supported security products however hopefully this post is allowed.

Stay safe,
Wave.

 

[rosendalek]

why they are still testing 360 antivirus version 5, while the latest version is 360 total security 8.8

I believe Vendors submit their products to avtest. so Qihoo must have submitted an old version

 

[jamescv7]

Well I have no questions to Kaspersky cause definitely proven to have balance protection at all but for Bitdefender and Trend Micro is something varies at all.

It should down to such numerous test to prove the consistency of result.

 

[novocaine]

I only trust Malware Hub. I hope there would be more AVs get involved in Malware Hub.

 

[Sundaram999]

It's a shame they didn't include Sophos in their testing as it would have been interesting to know where it would place.

it's interesting for me too

 

[Vasudev]

@Wave : This is a very detailed and clear cut explanation about security in MS products esp. Windows. One point I could add is, Secure Boot functionality which is common in today's PC and Phones/Tabs.

 

[ttto]

I don't know how these top 3 AV have better performance results than Avira, ESET or Norton..

 

[siren05]

Kaspersky is one of the best and so is Bitdefeneder. But i certainly dont believe the performance results for kaspersky more so for bitdefender.

I hardly see anyone using Trendmicro these days.

Top rated is subjective and might vary from pc-pc.

 

[Sr. Normal 2.0]

Voted no

With 3 bottles of wine perhaps it would vote ... No. sure I would vote no

Those who know me know that I love Zonealarm. Only if i transfer my limit of coherency, could say that ZoneAlarm is better than Eset, Emsisoft ...

To access these test makes me think about the price of free. In this case it is misinformation. It's just my opinion, I put the case I know best, since I have been using ZoneAlarm many years, EAM for one year and another year Eset. There are things that lack all logic. Again, it´s just my opinion

 

[rosendalek]

ZoneAlarm is better than Eset, Emsisoft

essentially a very watered down version of kaspersky antivirus in malware and anti-phishing, the firewall is a very very good default-deny product though

 

[Sr. Normal 2.0]

essentially a very watered down version of kaspersky antivirus in malware and anti-phishing, the firewall is a very very good default-deny product though

The firewall is great (for me the best free firewall), although free version lacks some important features, I have used for some time the highest version (Extreme) and is a Frankenstein monster, because all products are third party joined in a suite. The free version is poor in features. It's a good suite for those who do not download many programs and browsing secure pages. But with MBAE, and VoodooShield is a big defense, but ... alone it is not really good.