App Review Avast vs ESET vs Kaspersky vs Emsisoft Detection Test

It is advised to take all reviews with a grain of salt. In extreme cases some reviews use dramatization for entertainment purposes.
Status
Not open for further replies.
W

Wave

@Wave

About AV signature updates, ..some vendors do not care about my local viruses I saw this before.. and I do not care about detecting a malware which is written for Antartica :D ..day by day..updates coming and sitting on my drive Why? I just accepts antivirus brings usability if you are using default deny. But many of times, AV signatures detects legit files as malware.. I pissed off from these senarios of antivirus.
But at the end of the day, what do we know? We are just self-proclaimed experts in most peoples view, but one day people will think back and wish they paid more attention and listened more than ignore :D
 

kiric96

Level 19
Verified
Well-known
Jul 10, 2014
917
We are in 2016 now and we're going into 2017 - believe me, signatures and URL protection are definitely not the 'most important part of an AV' these days, but maybe back in 2012 a few years ago. Signature detection can still be useful because as you said, 'signatures are one of the first layer of security that AV can have to protect a given user, since I WOULD prefer a file detected before it can do something than while running', but the most important? Not a chance, especially these days. Malware authors are improving more and more, a majority of them are familiar with what "packing"/"obfuscation" is, which helps avoid a lot of static detection alone.

Static heuristics are quite important compared to signatures... Therefore, checking the imported functions (and what libraries they are from), checking the exports, scanning the PE File Header for any interesting characteristics, scanning for strings within the binary, checking the resources, even using an unpacking engine to attempt to unpack the packed sample being scanned (if packing has been identified) to scan it properly (since packing techniques will end up concealing things like imported functions).

Regardless, it's incredibly easy for malware authors to avoid signature detection and have their URL undetected (for first launch of their malware at least)...

It doesnt matter if we are in 2020 or 2012, most of the countries we live in (me included) are not connected to internet (always), most of the times AV relies their engine to cloud to properly work (norton, avast as many others) they are pretty much useless without internet so, it doesnt matter how many modules you use, if those modules cant work without internet then it is nonsense to have them, then againg signatures are the first layer of defense against malware. Also please keep in mind that at least in my country is much likely to be infected via usb than while online.

I am not saying that your point is wrong, i do agree that heuristic and other types of detection are very important... but as said before we would rather prefer a file detected by signature than by any other modules, as there are few AV that their hueristic or B-have modules dont rely on the cloud
 

BoraMurdar

Community Manager
Verified
Staff Member
Well-known
Aug 30, 2012
6,598
Proactive technologies are important but reactive technology will always be more "popular". Why? Because very little percent of people know what they are doing on the internet. Very little percent of people know what AV actually is, how it works, what a Firewall is, what is UAC or Smart Screen, an AdBlocker.
About HIPS, Antiexecutables, Sandboxing and Virtualization I will not even talk.

A vast majority of people need a usability with almost no interaction. Because they are not knowledgeable, and you cannot blame them as they didn't need such information in their memory. They need a product that will keep their system clean of the malware, they don't need a product that will warn about every new software they want to install. Many people are using premium phones just for Facebook, Instagram and texting for God's sake. They don't even know what megapixel is with their Carl Zeiss camera on their smartphone. They don't want to think. And why they should, when other can think for them, an AV that will tell them who is the good guy and who is the bad guy.

That's why I always try to educate people instead of installing some "for their view complicated software" to protect them.

And if you can take a survey, although cannot be conducted properly, to ask people who had been infected with malware, how did they got infected.
I would really like to see the percent of machines infected by malware without user interaction. And by that I mean (example malware downloaded from the internet) :
  • An updated browser didn't warned the user of low reputation app being downloaded
  • AV signatures didn't detect the malware
  • The malware is selfexecuted (very unlikable) , a zero-day exploit or vulnerability?
  • Your Smart Screen didn't warn you about the app
  • You let UAC to elevate the privileges needed or asked by malware
Then I cannot blame you. It's not your fault. But in any other case it is your fault.
In real world people got infected by cracking a game, patching a software they don't want to pay, watching online movies and videos with outdated browser and without adblocker, clicking next next next, ok , I agree, and BOOM an annoying asktoolbar is there, not updating Windows because it will "slow down" their computer or MS servers will find out that they cracked Windows, sharing infected USB drives between computers with no protection at all, clicking on mail attachment saying "YOU Won 1 000 000$", etc etc...

Just look sometimes at our Malware Removal Section that is a tiny tiny fraction of people infected by malware. Things will be more clearer after that.
 

DJ Panda

Level 30
Verified
Top Poster
Well-known
Aug 30, 2015
1,928
Like the test! Avast hasn't failed me yet! I don't even have to use an adblocker while surfing either. :p

Edit: If you could do Avast vs Windows Defender (More AV products if you choose) that would be great. I really wonder if I could get by with all MS security enabled with Zemana for scanning. :p
 
Last edited:

jamescv7

Level 85
Verified
Honorary Member
Mar 15, 2011
13,070
Although signatures are obsolete, but still remains to be practical and efficient no matter what since its been totally verified thoroughly.

In such novice users, detection is nothing but he/she believes that it can exert maximum protection. You cannot really blame if security companies have different responsive time for gathering new threats.
 

Fritz

Level 11
Verified
Top Poster
Well-known
Sep 28, 2015
543
Y'all got a point there, but I think you're coming down a bit harsh on the OP. He's volunteering to do in his spare time what folks ask for. No harm in that.

Yes, sigs may not be No. 1 any longer, but I sure as hell like my AV to be familiar with as many as possible. No harm in that either.

Just my USD 0.02, though.
 

Solarquest

Moderator
Verified
Staff Member
Malware Hunter
Well-known
Jul 22, 2014
2,525
lets say you are right, however signatures are one of the first layer of security that AV can have to protect a given user, since I WOULD prefer a file detected before it can do something than while running (it may be possible that some sort of damage can be caused) so this is why no matter how many modules certain AV uses, signatures are the most important part of an AV along with URL protection

thx @safe1st for the nice video as always awesome!
+1!
All what is detected by signature does not need to be executed, no risk BB, Hips etc might miss it.
AV that do their "homework" should have a better detection rate.
Dynamic test is as important as static since we all want to know what's the AV total defence capability, if it is able to detect what signatures missed.
 
Last edited:
Status
Not open for further replies.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top