Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Inactive Support Threads
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Security
Video Reviews - Security and Privacy
Homemade AV testing (a suggestion).
Message
<blockquote data-quote="Andy Ful" data-source="post: 1117663" data-attributes="member: 32260"><p>The condition <strong>[ M - Q</strong> <strong>< 0 ]</strong> from the previous example is not the strongest one. Using similar arguments one can derive a slightly stronger condition:</p><p></p><p><strong><span style="color: rgb(0, 168, 133)"><span style="font-size: 18px">M123 - Q < 0</span></span></strong></p><p></p><p>M123 = number of samples that bypassed at least one of the top AVs.</p><p>Q = number of samples that bypassed AV4.</p><p></p><p>It can explain some anomalous AV-Comparatives test results like:</p><p>[URL unfurl="true"]https://www.av-comparatives.org/tests/real-world-protection-test-july-october-2024/[/URL]</p><p>AV1, AV2, AV3 (Bitdefender, Kaspersky, Norton), AV4 (Microsoft Defender)</p><p></p><p>[ATTACH=full]287454[/ATTACH]</p><p></p><p>The condition [ M - Q < 0 ] does not hold, because M = 9 (Bitdefender + Kaspersky + Norton ) and Q = 8 (Microsoft Defender). It is too weak, so we cannot use it to conclude that Microsoft Defender is not a top AV in this test.</p><p>But, in this test, the number of missed samples by Kaspersky (6) is much bigger than usual. It is possible that two or 3 samples missed by Bitdefender or Norton were also missed by Kaspersky.</p><p>In such a case M123 < = 7 (which is a stronger condition compared to M = 9).</p><p>It is easy to see that the condition [ M123 - Q < 0 ] holds because M123 < = 7 and Q = 8.<img src="data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7" class="smilie smilie--sprite smilie--sprite130" alt="(y)" title="Thumbs up (y)" loading="lazy" data-shortname="(y)" /></p><p>So the conclusion in the AV-Comparatives report that Microsoft Defender is not a top AV in this test (MD is in the third cluster), can still be statistically significant.</p><p></p><p>Edit.</p><p>Although the explanation based on the condition [ M123 - Q < 0 ] is probable, there are also some other possibilities. Rarely, any top AV can get a significantly lower score by pure accident, due to choosing the pule of tested samples discriminating against that particular AV. We should remember that any top AV can miss hundreds of samples a day in the wild.</p></blockquote><p></p>
[QUOTE="Andy Ful, post: 1117663, member: 32260"] The condition [B][ M - Q[/B] [B]< 0 ][/B] from the previous example is not the strongest one. Using similar arguments one can derive a slightly stronger condition: [B][COLOR=rgb(0, 168, 133)][SIZE=5]M123 - Q < 0[/SIZE][/COLOR][/B] M123 = number of samples that bypassed at least one of the top AVs. Q = number of samples that bypassed AV4. It can explain some anomalous AV-Comparatives test results like: [URL unfurl="true"]https://www.av-comparatives.org/tests/real-world-protection-test-july-october-2024/[/URL] AV1, AV2, AV3 (Bitdefender, Kaspersky, Norton), AV4 (Microsoft Defender) [ATTACH type="full" width="253px" alt="1739712412480.png"]287454[/ATTACH] The condition [ M - Q < 0 ] does not hold, because M = 9 (Bitdefender + Kaspersky + Norton ) and Q = 8 (Microsoft Defender). It is too weak, so we cannot use it to conclude that Microsoft Defender is not a top AV in this test. But, in this test, the number of missed samples by Kaspersky (6) is much bigger than usual. It is possible that two or 3 samples missed by Bitdefender or Norton were also missed by Kaspersky. In such a case M123 < = 7 (which is a stronger condition compared to M = 9). It is easy to see that the condition [ M123 - Q < 0 ] holds because M123 < = 7 and Q = 8.(y) So the conclusion in the AV-Comparatives report that Microsoft Defender is not a top AV in this test (MD is in the third cluster), can still be statistically significant. Edit. Although the explanation based on the condition [ M123 - Q < 0 ] is probable, there are also some other possibilities. Rarely, any top AV can get a significantly lower score by pure accident, due to choosing the pule of tested samples discriminating against that particular AV. We should remember that any top AV can miss hundreds of samples a day in the wild. [/QUOTE]
Insert quotes…
Verification
Post reply
Top
