BoraMurdar

Community Manager
Verified
Staff member
All tests were conducted in protected virtual environment. Due to the small number of samples used in this tests, you should take results with a grain of salt. MalwareTips doesn’t encourage readers to take this test as a proof that tested security product is good or bad as security products are dynamically changing. This test shows how the tested product behaves with certain malware samples, on unique circumstances in given period of time.

Product’s malware detection rate is not an equivalent of protection. This should not be mixed up. MalwareTips encourage you to compare these results with others and take informed decisions on what security products to use.

Document-page-001 (1).jpg

PDF

All credits to our AV Testers Team

Each security product's subforum will soon be updated with it's monthly report!

Sky is the limit, stay tuned with MalwareTips ;)
 

SHvFl

Level 35
Verified
Trusted
Content Creator
@BoraMurdar what a great idea for a new thread, this would be the most accurate of it's kind out there i would say. :)
This kind of report has issues. If not all test are done at the same date the static detection will vary a lot which will also break the dynamic stats for the program. So if a specific tester is a day late always or even a few hours it will affect the test a lot.
It's an interesting metric but not so sure about it's accuracy.
 

BoraMurdar

Community Manager
Verified
Staff member
This kind of report has issues. If not all test are done at the same date the static detection will vary a lot which will also break the dynamic stats for the program. So if a specific tester is a day late always or even a few hours it will affect the test a lot.
It's an interesting metric but not so sure about it's accuracy.
It will be improved over time, that's why there is a disclaimer above ;)
 

SHvFl

Level 35
Verified
Trusted
Content Creator
It will be improved over time, that's why there is a disclaimer above ;)
Yeah, i know that's why i said it's interesting.I for sure don't know how accurate it is and tbh none can say even if they checked all data times because you have no idea how signatures changed.
Anw at least it's not paid test using samples that will make products look good. Maybe in the future you ignore all reports that are 12 hours after VT report or something like that(you might already have done it)?
 
D

Deleted Member 3a5v73x

Please add infected rate to the graph. That's what we really want to know.
If all run samples are malware, and Windows Defender's Total Detection Rate is 64.70% then system infection rate wouldn't be 35.30% at that point? But over 12 or 24 hours infection rate would lower i guess when AV signatures gets updated and it finds those infections?
 

tim one

Level 21
Verified
Trusted
Malware Hunter
If all run samples are malware, and Windows Defender's Total Detection Rate is 64.70% then system infection rate wouldn't be 35.30% at that point? But over 12 or 24 hours infection rate would lower i guess when AV signatures gets updated and it finds those infections?
Please consider that some undetected malware may be corrupt, or dormant ( dynamic scan) because VM-aware.
It is not simple.
 

shmu26

Level 83
Verified
Trusted
Content Creator
Please consider that some undetected malware may be corrupt, or dormant ( dynamic scan) because VM-aware.
It is not simple.
I would add that there are native Windows security features that can stop the malware. For instance, it might fail to escalate privileges on a modern OS, but could succeed on Windows XP.
 

conceptualclarity

Level 21
Verified
Trusted
Content Creator
Very, very welcome. :D

This should be a boost to Malware Tips' profile.

Would really like to see not just the brand but the specific product(s) used listed in the chart, since with most of these brands there are three or more current products available.
 

tim one

Level 21
Verified
Trusted
Malware Hunter
I would add that there are native Windows security features that can stop the malware. For instance, it might fail to escalate privileges on a modern OS, but could succeed on Windows XP.
The problem is our testing environment, the virtual machine.
If a malware is not detected by the AV in testing because it has anti-vm routines, this malware is not producing processes in its execution because it goes into sleep mode.
Now the AV does not detect the malware but not because of a lack, but because the malware is inert: no malware in the eyes of the AV.
Perhaps the best solution would be Shadow Defender in this context.
@BoraMurdar is totally right in saying to take the tests as a grain of salt.
 

shmu26

Level 83
Verified
Trusted
Content Creator
The problem is our testing environment, the virtual machine.
If a malware is not detected by the AV in testing because it has anti-vm routines, this malware is not producing processes in its execution because it goes into sleep mode.
Now the AV does not detect the malware but not because of a lack, but because the malware is inert: no malware in the eyes of the AV.
Perhaps the best solution would be Shadow Defender in this context.
@BoraMurdar is totally right in saying to take the tests as a grain of salt.
that's the advantage of SD. The disadvantage is you can't do a reboot with the malware still present. I looks to me like some of our testers reboot and then run a scan, although you would know better than me.