Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Inactive Support Threads
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Security
Security Statistics and Reports
Malware Protection Test March 2020
Message
<blockquote data-quote="MacDefender" data-source="post: 875020" data-attributes="member: 83059"><p>False alarm testing is interesting too, detailed breakdown at: <a href="https://www.av-comparatives.org/tests/false-alarm-test-march-2020/" target="_blank">False Alarm Test March 2020 | AV-Comparatives</a></p><p></p><p>Personally, I think almost every product here did well against false alarms. It is not stated how many total samples there were so we don't know what the rate is. But that aside, here's some things I noticed:</p><p></p><ul> <li data-xf-list-type="ul">Almost no false alarms are on digitally signed packages (highlighted as orange in their table above), and honestly most legitimate software in circulation these days are digitally signed. Windows already makes you jump through so many hoops when installing digitally signed software</li> <li data-xf-list-type="ul">Some of the false positives are in other AV engine installation packages -- this seems more excusable that seeing another AV engine or signature DB might trigger a false positive</li> <li data-xf-list-type="ul">Some of the false positive samples are controversial at best -- for example WildTangent is frequently considered ad-ware/PUA over its lifespan. Maybe it's better now, but I honestly would not be mad if my AV flagged WildTangent... Also, NortonLifeLock flagged TeamViewer as a trojan. TeamViewer does seem to be used as a RAT backdoor quite often, so perhaps this is an intentional choice on the vendor side</li> <li data-xf-list-type="ul">The vast vast majority of the detections are on unsigned packages/installers, which tend to exhibit suspicious behaviors -- they unpack files, they install things to various places on the system, etc etc etc.</li> <li data-xf-list-type="ul">Some of the prevalences seem questionable at best. For example, "Microsoft Encarta Package" had the 2nd highest prevalence, which means "probably several tens of thousands of users". The last version of Microsoft Encarta was 2008. Maybe tens of thousands of users is correct, but I find it hard to believe that this is common.</li> </ul><p>Overall I dislike this test. When the bulk of the hits are unsigned installer packages, this isn't the kind of false alarm that keeps me up at night. My worst nightmare is that one day my AV updates its hourly signatures and then suddenly decides a Windows system file or a Microsoft Office library is malware, automatically removes it, and renders my machine unbootable. Is this test saying "that won't happen"? Or simply that they didn't include that in their testing library?</p><p></p><p>I'd encourage going through that whole list of false positives and seeing how many of those pieces of software you've heard of, or know of someone who uses it. It's not a ton....</p></blockquote><p></p>
[QUOTE="MacDefender, post: 875020, member: 83059"] False alarm testing is interesting too, detailed breakdown at: [URL='https://www.av-comparatives.org/tests/false-alarm-test-march-2020/']False Alarm Test March 2020 | AV-Comparatives[/URL] Personally, I think almost every product here did well against false alarms. It is not stated how many total samples there were so we don't know what the rate is. But that aside, here's some things I noticed: [LIST] [*]Almost no false alarms are on digitally signed packages (highlighted as orange in their table above), and honestly most legitimate software in circulation these days are digitally signed. Windows already makes you jump through so many hoops when installing digitally signed software [*]Some of the false positives are in other AV engine installation packages -- this seems more excusable that seeing another AV engine or signature DB might trigger a false positive [*]Some of the false positive samples are controversial at best -- for example WildTangent is frequently considered ad-ware/PUA over its lifespan. Maybe it's better now, but I honestly would not be mad if my AV flagged WildTangent... Also, NortonLifeLock flagged TeamViewer as a trojan. TeamViewer does seem to be used as a RAT backdoor quite often, so perhaps this is an intentional choice on the vendor side [*]The vast vast majority of the detections are on unsigned packages/installers, which tend to exhibit suspicious behaviors -- they unpack files, they install things to various places on the system, etc etc etc. [*]Some of the prevalences seem questionable at best. For example, "Microsoft Encarta Package" had the 2nd highest prevalence, which means "probably several tens of thousands of users". The last version of Microsoft Encarta was 2008. Maybe tens of thousands of users is correct, but I find it hard to believe that this is common. [/LIST] Overall I dislike this test. When the bulk of the hits are unsigned installer packages, this isn't the kind of false alarm that keeps me up at night. My worst nightmare is that one day my AV updates its hourly signatures and then suddenly decides a Windows system file or a Microsoft Office library is malware, automatically removes it, and renders my machine unbootable. Is this test saying "that won't happen"? Or simply that they didn't include that in their testing library? I'd encourage going through that whole list of false positives and seeing how many of those pieces of software you've heard of, or know of someone who uses it. It's not a ton.... [/QUOTE]
Insert quotes…
Verification
Post reply
Top
