App Review Avast Free Antivirus vs. Ransomware (TSPC)

[shmu26]

Maybe title should be changed to "Avast BB vs Ransomware"?
The test is fascinating and valid, but the title leads the casual reader to a over-generalized conclusion that is not completely correct.

 

[Ink]

YouTubers testings are not good for example they do not test the products at the same time with the same pack, they always use different packs and url and then compare the av's!!

Some, not all, post crap to YouTube for views and subs. They can't build their own user base so they leech of websites/forums, they don't care about their flawed testing methodology, because sub count and ad revenue is more important. That's why Malware Blocker YT requested to remove his account.

Off-Topic post.

That's why it's important to evaluate how the reviewer tests products, and ask yourself, is it plausible and realistic.

 

[Orion]

This is why you shouldn't be taking such home grown tests or any tests at face value especially not when testers have no idea how the product works.

 

[AtlBo]

Agree that the title of the video should be different. Overall, this video seems different than Leo's normal videos which aren't so pointed to one specific element of a program. Maybe he was out of his element and maybe that's why he made the mistake with the title that was used.

I think the title and the fact that this video is different than Leo's normal videos are the main sources of disagreement about the results. With these two things someone could easily get the wrong impression about the product, and that is a serious concern and something Leo should correct I feel. Still, it's not a bad thing to know that avast BB is questionable in a standalone role.

 

[hirudora56]

It is true that every tester will have slightly different results for different products. And that is absolutely not the point here. A while back, TPSC did a review which concluded Avast free av had a detection ratio over 99% with a malware sample containing quite a lot zero day threats. Even MRG Effitas concluded that same thing. But my point is the ransomware module. Nowadays every av company worth it's salt creating a ransomware module, even separately. Kaspersky's system shield works well. So as BD's. My point is the reaction speed. It's not that Avast missed the threat, because of no file shield. It detected the threat but was slow to do anything. I think this is something Avast needs to work on. Avast has the biggest market share, a large portion of which is the free AV, something collects data as unashamedly as Microsoft. The can fix this in no time, if they want to.

 

[S3cur1ty 3nthu5145t]

It is true that every tester will have slightly different results for different products. And that is absolutely not the point here. A while back, TPSC did a review which concluded Avast free av had a detection ratio over 99% with a malware sample containing quite a lot zero day threats. Even MRG Effitas concluded that same thing. But my point is the ransomware module. Nowadays every av company worth it's salt creating a ransomware module, even separately. Kaspersky's system shield works well. So as BD's. My point is the reaction speed. It's not that Avast missed the threat, because of no file shield. It detected the threat but was slow to do anything. I think this is something Avast needs to work on. Avast has the biggest market share, a large portion of which is the free AV, something collects data as unashamedly as Microsoft. The can fix this in no time, if they want to.

The amount of samples and obvious file renames in most of his videos, allows one with just enough experience to know those are large groups of files pulled down from Virussign, and from experience, maybe if your lucky per pack, you may find 8 or 9 fresher samples, these are not zero-day.

You can not base a detection ratio off of older sample mixes and even resemble accurate.

 

[hirudora56]

The amount of samples and obvious file renames in most of his videos, allows one with just enough experience to know those are large groups of files pulled down from Virussign, and from experience, maybe if your lucky per pack, you may find 8 or 9 fresher samples, these are not zero-day.

You can not base a detection ratio off of older sample mixes and even resemble accurate.

I am not exactly talking about the private tester's pov but MRG Effitas 360 assessment test.

 

[cruelsister]

Wow! I have to confess that I am not a big watcher of Security Videos on Utube (as I don't want to be influenced), but are tests like this typical? I would think that someone producing a video would be familiar enough with the malware used in the test so as not to be surprised when something does not run, and would be cognizant enough of how things work so as to not to run different samples concurrently instead of executing them sequentially.

I was always curious as to why there were so many critics of Utube security productions, but now I think I am finally answered...

 

[_CyberGhosT_]

Wow! I have to confess that I am not a big watcher of Security Videos on Utube (as I don't want to be influenced), but are tests like this typical? I would think that someone producing a video would be familiar enough with the malware used in the test so as not to be surprised when something does not run, and would be cognizant enough of how things work so as to not to run different samples concurrently instead of executing them sequentially.

I was always curious as to why there were so many critics of Utube security productions, but now I think I am finally answered...

Now you see why many of us cling so tightly to our cruelsister ?
It's scary out there lady

 

[Game Of Thrones]

Wow! I have to confess that I am not a big watcher of Security Videos on Utube (as I don't want to be influenced), but are tests like this typical? I would think that someone producing a video would be familiar enough with the malware used in the test so as not to be surprised when something does not run, and would be cognizant enough of how things work so as to not to run different samples concurrently instead of executing them sequentially.

I was always curious as to why there were so many critics of Utube security productions, but now I think I am finally answered...

exactly I'm talking about this flaws in this kind of tests. from sample selection to this kind of problems.

 

[ZeroDay]

Wow! I have to confess that I am not a big watcher of Security Videos on Utube (as I don't want to be influenced), but are tests like this typical? I would think that someone producing a video would be familiar enough with the malware used in the test so as not to be surprised when something does not run, and would be cognizant enough of how things work so as to not to run different samples concurrently instead of executing them sequentially.

I was always curious as to why there were so many critics of Utube security productions, but now I think I am finally answered...

The PC security Channel run by Leo is shocking in my opinion. He doesn't seem to spend any time getting to know the product before testing it and he clearly lacks the knowledge needed to be making reviews.

 

[Game Of Thrones]

The PC security Channel run by Leo is shocking in my opinion. He doesn't seem to spend any time getting to know the product before testing it and he clearly lacks the knowledge needed to be making reviews.

you and our cruel sister said what I say every time to many people but they do not listen. I believe when you have the audience you should know coding, writing your own code so you can write your own malware or in lower level understand how a software works. you only find these things in testing labs. telemetry data for in wild malware's, coding, sample filtering for duplicates, and many other you just find them in testing labs.

 

[Azure]

The weakness of YouTube testing can also be their advantage in comparison to industry-level testing companies. Experts and/or experience users can easily identified issues with the testing procedure (disabling security components/ using outdated products/ not confirming whether the malware samples are actually malicious).

In big testing companies, you might be able to find and read what methodology they used, but whose to say it is accurate? You can't see a video of how the testing was done.


Obviously, both can have their issues.

 

[S3cur1ty 3nthu5145t]

Independent/individual testing can give viewers a glimpse of how products work by design, and can also help identify bugs and issues within the product, as well as short comings in protection, when approached correctly.

- Gathered samples need vetted for age, working correctly "non corrupted", and more importantly, whether it is in the wild.

-self coded samples work as well when the user doing so has enough knowledge to do do so, and understands the difference between "proof of concept" and actual threats.

The problem is, most YouTube testers can care less about testing properly, and are only concerned about pushing videos out fast enough to keep that traffic flowing. They do not take time to become intimate with the product, nor its ability to run and test properly in a containment, including issues with cloud assisted products.

They use large amounts of files to test with, and from experience, knowing they can not vet that many samples and push out a video in the same day, let alone several a week.

All this said, independent testing allows the tester to wrap the test around the product instead of having a "one size fits all methodology", which will produce more accurate results as opposed to the latter method.

 

[kamla5abi]

in all research studies, every study must undergo a research ethics board review before it is allowed.
This research ethics board looks at the proposed research, method of research, etc etc to ensure many things.
One of those things is that the method of testing is fair, unbiased and can be duplicated (scientific method).

The majority of youtube videos for AV testing is just like those other "entertainment vlogs" that "youtube celebrities" put out (either 2 video per week, 1 per week, etc). Their main reason for putting out the videos is to make revenue from them, NOT to make sure they are doing things properly. They just want their market share to grow, so AV software is just another market of potential viewers they can cash in on. When ransomware like wannacry gets sensationalized so much in the media, its probably a safe bet to say 95% of average computer users know about ransomware now. note: they only KNOW about it, and that it screws up their files until they pay the ransom to be able to use their files again. They don't know anything more. So thats what ppl like this are trying to capitalize on: by writing "avast" and "ransomware" they know they will hit many searches that average computer users may use. They don't clutter the name with technical jargon too much (othrwise ppl might just skip their video cuz it looks "too hard" or "too technical" so they think they won't understand it anyways, so they look for other "simple looking" videos to watch...). This is because average people don't spend 5+ hours a day on their computer. They have limited time, and try to find simple/easy stuff to read/watch so they can make a somewhat informed decision. The problem is, these videos are usually biased in some way and that isn't always obvious...

 

[jamescv7]

Well the purpose for sure of a development team in any antivirus is to avoid trigger happy when a secondary components act alone, since it will not rely on traditional aspect like signatures and generic detection thus dangerous on the part where may lead on major flaws.

That is the reason why all components are connected to each other in order to optimize and have a balance detection.

Before any reviews began, it should be carefully consulted to the developers on how a structure of an AV works on their components.

 

[Game Of Thrones]

It's so good to have you guy's here, nice posts. Completely agree.

 

[TheMalwareMaster]

Wasn't Leo working for Emsisoft?