AV Test MalwareTips Cumulative Report - November 2016

  • This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn more.

BoraMurdar

Super Moderator
Staff member
Aug 30, 2012
5,874
23,221
Operating System
Windows 10
Installed Antivirus
Emsisoft
#1
All tests were conducted in protected virtual environment. Due to the small number of samples used in this tests, you should take results with a grain of salt. MalwareTips doesn’t encourage readers to take this test as a proof that tested security product is good or bad as security products are dynamically changing. This test shows how the tested product behaves with certain malware samples, on unique circumstances in given period of time.

Product’s malware detection rate is not an equivalent of protection. This should not be mixed up. MalwareTips encourage you to compare these results with others and take informed decisions on what security products to use.

Document-page-001 (1).jpg

PDF

All credits to our AV Testers Team

Each security product's subforum will soon be updated with it's monthly report!

Sky is the limit, stay tuned with MalwareTips ;)
 

SHvFl

Level 32
Content Creator
Verified
Nov 19, 2014
2,161
16,402
Operating System
Windows 10
Installed Antivirus
Emsisoft
#4
@BoraMurdar what a great idea for a new thread, this would be the most accurate of it's kind out there i would say. :)
This kind of report has issues. If not all test are done at the same date the static detection will vary a lot which will also break the dynamic stats for the program. So if a specific tester is a day late always or even a few hours it will affect the test a lot.
It's an interesting metric but not so sure about it's accuracy.
 

BoraMurdar

Super Moderator
Staff member
Aug 30, 2012
5,874
23,221
Operating System
Windows 10
Installed Antivirus
Emsisoft
#5
This kind of report has issues. If not all test are done at the same date the static detection will vary a lot which will also break the dynamic stats for the program. So if a specific tester is a day late always or even a few hours it will affect the test a lot.
It's an interesting metric but not so sure about it's accuracy.
It will be improved over time, that's why there is a disclaimer above ;)
 

SHvFl

Level 32
Content Creator
Verified
Nov 19, 2014
2,161
16,402
Operating System
Windows 10
Installed Antivirus
Emsisoft
#8
It will be improved over time, that's why there is a disclaimer above ;)
Yeah, i know that's why i said it's interesting.I for sure don't know how accurate it is and tbh none can say even if they checked all data times because you have no idea how signatures changed.
Anw at least it's not paid test using samples that will make products look good. Maybe in the future you ignore all reports that are 12 hours after VT report or something like that(you might already have done it)?
 

davisd

Level 10
Feb 2, 2016
464
4,833
Operating System
Windows 10
Installed Antivirus
Panda
#15
Please add infected rate to the graph. That's what we really want to know.
If all run samples are malware, and Windows Defender's Total Detection Rate is 64.70% then system infection rate wouldn't be 35.30% at that point? But over 12 or 24 hours infection rate would lower i guess when AV signatures gets updated and it finds those infections?
 

tim one

Level 20
Verified
AV-Tester
Jul 31, 2014
985
9,852
Operating System
Windows 10
Installed Antivirus
F-Secure
#16
If all run samples are malware, and Windows Defender's Total Detection Rate is 64.70% then system infection rate wouldn't be 35.30% at that point? But over 12 or 24 hours infection rate would lower i guess when AV signatures gets updated and it finds those infections?
Please consider that some undetected malware may be corrupt, or dormant ( dynamic scan) because VM-aware.
It is not simple.
 

shmu26

Level 57
Jul 3, 2015
4,670
14,867
Operating System
Windows 10
Installed Antivirus
Default-Deny
#17
Please consider that some undetected malware may be corrupt, or dormant ( dynamic scan) because VM-aware.
It is not simple.
I would add that there are native Windows security features that can stop the malware. For instance, it might fail to escalate privileges on a modern OS, but could succeed on Windows XP.
 

conceptualclarity

Level 18
Content Creator
Verified
Aug 23, 2013
886
2,580
Installed Antivirus
ESET
#18
Very, very welcome. :D

This should be a boost to Malware Tips' profile.

Would really like to see not just the brand but the specific product(s) used listed in the chart, since with most of these brands there are three or more current products available.
 

tim one

Level 20
Verified
AV-Tester
Jul 31, 2014
985
9,852
Operating System
Windows 10
Installed Antivirus
F-Secure
#19
I would add that there are native Windows security features that can stop the malware. For instance, it might fail to escalate privileges on a modern OS, but could succeed on Windows XP.
The problem is our testing environment, the virtual machine.
If a malware is not detected by the AV in testing because it has anti-vm routines, this malware is not producing processes in its execution because it goes into sleep mode.
Now the AV does not detect the malware but not because of a lack, but because the malware is inert: no malware in the eyes of the AV.
Perhaps the best solution would be Shadow Defender in this context.
@BoraMurdar is totally right in saying to take the tests as a grain of salt.
 

shmu26

Level 57
Jul 3, 2015
4,670
14,867
Operating System
Windows 10
Installed Antivirus
Default-Deny
#20
The problem is our testing environment, the virtual machine.
If a malware is not detected by the AV in testing because it has anti-vm routines, this malware is not producing processes in its execution because it goes into sleep mode.
Now the AV does not detect the malware but not because of a lack, but because the malware is inert: no malware in the eyes of the AV.
Perhaps the best solution would be Shadow Defender in this context.
@BoraMurdar is totally right in saying to take the tests as a grain of salt.
that's the advantage of SD. The disadvantage is you can't do a reboot with the malware still present. I looks to me like some of our testers reboot and then run a scan, although you would know better than me.