[AV-TEST] Windows 10, Home User, October 2017

[Arequire]

The results do typically contain notices that the performance (such as detection) is exclusive to the test. If you check the reports for AV-C you'll see their notices stating that products that detect 100% do not actually detect 100% of malicious software, but only 100% of the samples used in the test.

The notices are there but they're generally in places where most people wouldn't look. Like you said, AVC has their notice under the results in their reports, but I'm betting a large percentage of people never see those reports and only see the fancy bar graph. I feel the notices should be way more visible to the general public who may end up being misled by only seeing "X product achieved 100% detection" and believing their bulletproof by using said product.

There's even rumours that a vendor pays more to get better results.

Yeah, I don't believe this either. The PR nightmare a vendor would face if it were exposed for attempting to bribe a testing lab into falsifying results could do serious damage to the company as a whole. I refuse to believe a vendor would risk the reputation of their company on some shiny test results that at best can be used as marketing material for them.

 

[Andy Ful]

I prefer to see antivirus tested on Youtube by someone or on malwarehub then see on this av-moneYTest sites. In my opinion if you put half on those antivirus vs. nonpetya ransomware those antivirus will fall.

In the real world, even sophisticated ransomware is not dangerous for the home users. Due to the cloud detection, the signatures are available very quickly after the first infection, so only a few users are infected. The quicker cloud response the better security. The AV tests do not measure the cloud response time, so their results for real world 0-day protection are pretty useless for the home users. Such results are only interesting for Companies/Enterprises due to the danger of targetted attacks and the local network structure.
When you want to see something valuable for the home users in AV tests, then the better indicator is the detection of malware samples discovered in the last 4 weeks. And surprisingly, you can see minimal differences here. For example, Kaspersky will have 100% detection and Quihoo (Avira+Bitdefender) the second worst on the list will have 99.8% .
.
Edit
To be more precise, there are two important factors related to the cloud efficiency:

• cloud response time
• the number of users sending the information to the cloud

The second factor is obvious, the more members the less probability to be the first infected. Actually the clouds of Microsoft, Avast and Eset are the first three in the ranking. Here are the results for non Microsoft AVs:
Anti-malware vendors: global market share 2017 | Statistic
The Microsoft cloud has the shortest response time because of the massive telemetry sent by Windows to Microsoft servers and advanced Artificial Intelligence algorithms.

 

[Deleted member 65228]

I prefer to see antivirus tested on Youtube by someone then see on this av-moneYTest sites. In my opinion if you put half on those antivirus vs. nonpetya ransomware those antivirus will fall.

1. Emsisoft can protect the Master Boot Record (although they are not included in this AV-Test)
2. Kaspersky IS which has Application Control should be able to handle NotPetya
3. Possible F-Secure would protect the MBR but I do not know

It was either NotPetya or BadRabbit which checked for Kaspersky presence and didn't take the original route/do anything if it was installed as well.

I don't know about the other vendors. Maybe Qihoo would flag MBR attack attempts too.

 

[SUPRA]

They are quite good I think but they have a tad too many false positive detection's sometimes... They have a dual engine scanner because they combine Bitdefender signatures with their own (Bitdefender come top a lot of the time in tests because they have great focus on good signatures - many vendors use their SDK for this reason to boost themselves up to the top quicker) and they focused on dynamic a lot a few years ago and their hard work is finally paying off in amazing ways (their DeepGuard component is really good).

They also dipped themselves into anti-rootkit by trying new ways to detect hidden processes and what-not. Some of the things F-Secure have done were extremely creative in this area... They once took advantage of logged data within csrss.exe to catch out hidden processes which was a really brilliant idea

They aren't perfect because no vendor is but they do try hard and they provide good work. I don't use them (never have properly) and can never see myself doing so because my needs are different but many people use them because they provide quality content

They remind me of Norton which is a good thing because Norton are spectacular (I neither use Norton but I believe they are good and they likely have one of the biggest malware intelligence DBs in the world)

So what antivirus you prefer other than the test result I am currently on ESET Internet Security and thinking to change it because license will be expiring soon. So share some thoughts.

 

[Prorootect]

So what antivirus you prefer other than the test result I am currently on ESET Internet Security and thinking to change it because license will be expiring soon. So share some thoughts.

Some thoughts?
- I think that this topic is about delayed, retarded software.
Don't make big company games: start using serious defenses like anti-scripts... ContentBlockHelper, ScriptSafe, Script Blocker for Chrome, Policeman... NoScript... RequestPolicy Continued... and other HIPS, anti-exe... etc.

 

[ForgottenSeer 58943]

Some thoughts?
- I think that this topic is about delayed, retarded software.
Don't make big company games: start using serious defenses like anti-scripts... ContentBlockHelper, ScriptSafe, Script Blocker for Chrome, Policeman... NoScript... RequestPolicy Continued... and other HIPS, anti-exe... etc.

Right on.. For those without them, RIP. My Fortigate Appliance has blocked multiple XSS attempts this week, so I'd be fearful just running an AV without what you mention these days. Especially without a UTM on the network.

 

[Deleted member 65228]

So what antivirus you prefer other than the test result I am currently on ESET Internet Security and thinking to change it because license will be expiring soon. So share some thoughts.

If you're comfortable with ESET (e.g. trust them and like their software) and have been happy with its performance during the time you've used it then I would recommend you to renew your subscription and stick with them. Less hassle and more convenient for you, ESET are a good vendor.

ESET provide a feeling which I rarely get with other vendors (as in, a sense of protection). They usually feel lightweight and non-intrusive, they have good real-time and a configurable HIPS. Not to mention that they are reputable and I trust them. The only thing I dislike is that I'd rather they go down a BB route instead of HIPS (flagging for actions which are likely actually malicious automatically like Emsisoft does). But ESET do have a great memory scanner...That is my thoughts about them.

ESET have a large malware database and many customers, they've been in the business for as long as I can remember. In my eyes they are at the top with vendors like Avast, Bitdefender, Emsisoft and Kaspersky.

 

[mlnevese]

Regarding tests any test directed to the public always should be performed using default settings. That's what over 90% of any AV user base will use anyway. Those who tweak their protection are a minority.

 

[roger_m]

AhnLabs is very good. Unfortunately, availability is not.

You can buy it with international shipping from Korean retailer Gmarket.
Gmarket - V3／internet／security／9.0

 

[SUPRA]

If you're comfortable with ESET (e.g. trust them and like their software) and have been happy with its performance during the time you've used it then I would recommend you to renew your subscription and stick with them. Less hassle and more convenient for you, ESET are a good vendor.

ESET provide a feeling which I rarely get with other vendors (as in, a sense of protection). They usually feel lightweight and non-intrusive, they have good real-time and a configurable HIPS. Not to mention that they are reputable and I trust them. The only thing I dislike is that I'd rather they go down a BB route instead of HIPS (flagging for actions which are likely actually malicious automatically like Emsisoft does). But ESET do have a great memory scanner...That is my thoughts about them.

ESET have a large malware database and many customers, they've been in the business for as long as I can remember. In my eyes they are at the top with vendors like Avast, Bitdefender, Emsisoft and Kaspersky.

Thank you very much I will stick to it.

 

[ForgottenSeer 58943]

Looking at their web site, it looks more for the business market and not home.

When I look at features is had a heading that reads, "Complete Date Wipe" Umm they should at least get a spell check.

I don't care what it costs, business or home, I will buy it. But they aren't selling apparently. I've sent them 2-3 inquiries over the last year with no response.

 

[ForgottenSeer 58943]

You can buy it with international shipping from Korean retailer Gmarket.
Gmarket - V3／internet／security／9.0

Already tried that. There is no localization of the product. In fact, it won't even install on a US computer system. I have a copy sitting right here.

 

[TrinitronMSDOS]

McAfee as good in protection as Kaspersky and Norton ? Eset 2nd heaviest ? Every time i see one of those tests, especially AV-Test, it's far from what I've experienced (and I've tested lots of AVs on lots of different systems). It's also nothing like what users report in various forums and comments. Weird...

 

[roger_m]

Already tried that. There is no localization of the product. In fact, it won't even install on a US computer system. I have a copy sitting right here.

As an alternative, you could use V3 365 Clinic. It does install in English.

 

[Deleted member 178]

McAfee as good in protection as Kaspersky and Norton ? Eset 2nd heaviest ? Every time i see one of those tests, especially AV-Test, it's far from what I've experienced (and I've tested lots of AVs on lots of different systems). It's also nothing like what users report in various forums and comments. Weird...

because their methodology isn't real world, just extrapolations. if you want a perfect real world test it wil be too costly and time consuming.

 

[Deletedmessiah]

As an alternative, you could use V3 365 Clinic. It does install in English.

A former MT user installed it successfully, there was a thread. Now that user is banned for some reason I don't know.

 

[roger_m]

A former MT user installed it successfully, there was a thread. Now that user is banned for some reason I don't know.

I've installed it too in the past. You can buy it from Gmarket, and it is shipped from Korea. You can't buy it as a download.
Gmarket - V3／365／Clinic／V3／Vaccine

 

[upnorth]

Possible F-Secure would protect the MBR but I do not know

Good question and got me curious so after a quick search I found this.

Quote : " After seeing the video, it looks like the method of the testing is not reflective of how ransomware enters the users' computer in the real world. And I'm emphasizing this because the malware's method of entry into the user's system is also part of how our detections work. Typical ransomware nowadays come in via spam emails. A minority is also propagated via exploit kits, malvertising and other web-related infection vectors. So if there are files that are coming in from those potential infection vectors, our detection layers have an extra layer of suspicion that is attributed to that file and it will most likely be detected.

That being said, the testing done in the video started with the file already in the system. The infection vector is not in the picture anymore and as such, all our network, web traffic and additional data for our Deepguard, is not available anymore. And in the real world, these ransomware files will not just appear that way. So in this testing, the only parts of the products that are tested are the file detection layers, and some parts of Deepguard. So in a way, this is not our product's full potential in protecting users against ransomware in the real world.

That being said, I've had a quick discussion with some of our engine developers, and we will still schedule an investigation into how we can load the product early enough without sacrificing performance. But of course we will also balance this if having this will truly give real protection for our users, or if the existing layers of protection are already sufficient when a ransomware arrives into the system via the channels it uses. "

Source : When can we expect "Boot Time Protection"? - F-Secure Community - 91139

Missed out on this comment from F-Secure and it's interesting IMO on several points. Have no clue if they added something in any updates or upcoming versions but I would still suggest the use of Talos MBR Filter as one of several security layers.

MBR Filter - Cisco Talos

 

[Evjl's Rain]

kaspersky products can also protect against MBR ransomwares using System Watcher, no need application control

I tried to use kaspersky antiransomware tool, it has a weaker version of system watcher. I disabled the internet so it wasn't able to connect to KSN => no signature. Then, I executed several petya, nonpetya and a few more MBR ransomwares, they all got blocked

 

[HarborFront]

ESET's Performance Test is great!

https://www.av-comparatives.org/wp-content/uploads/2017/10/avc_per_201710_en.pdf