Are you surprised by the results conducted in my test?

  • Yes

    Votes: 11 28.2%
  • No

    Votes: 6 15.4%
  • Not on all programs

    Votes: 22 56.4%
  • Total voters
    39

Amelith Nargothrond

Level 12
Verified
No problem :) actually thought avira would go around 740 detections ... but its rather weak as it seems....vs the others
My advice: you should not consider any antivirus weak or strong based on incomplete test methods. An AV is not just about signatures, although an important initial part of malware assessment. Make no mistake, I am not defending Avira or any other AVs, I uninstalled Avira because of other issues a few days ago and said this out loud (so you or anybody else can verify it).
I cannot consider this a decision making test, no matter how many hours you have spent performing it (but again, i appreciate your efforts). For me, all it matters is you get infected or not, if you dynamically test the samples (you execute them), like a normal user would do. If you get infected with all the technologies implemented, you might consider these results as results for default AV settings. Still this is not enough for me, there are plenty of other settings in an AV I usually configure in order to achieve what I consider "the best protection".

What you did here is static "signature" testing, where indeed Avira scored low (and it's good to know but I'm not particularly happy or sad about it), but malware are smarter than this and easily circumvent these methods.

Anyway, keep up the good work! And never forget this: "trust but verify" (including what I bark about on this forum).
 
Last edited:

BugCode

Level 10
Verified

E: My few wisdoms: (not sure is it correctly translated in my language to english, but here goes nothing: ) "live and learn" & "You don't have to be wise to sound like one, disguise it!" :p
 
Last edited:

Amelith Nargothrond

Level 12
Verified
E: My few wisdoms: (not sure is it correctly translated in my language to english, but here goes nothing: ) "live and learn" & "You don't have to be wise to sound like one, disguise it!" :p
If we disguise our "wisdom", "knowledge" or "experience", what's the point of a public forum? (if i understood correctly the quote).
We should all be able to filter and analyze information we get on the internet and not believe everything blindly. There is plenty of misinformation, interpreting and misused perception of things anyways.
 

Spawn

Administrator
Verified
Staff member
To be honest, that's why I refuse to use free antivirus products - they just do not offer the protection paid products i.e., Kaspersky. They aren't the best/win awards (then the left say it's fake news, they pay off review companies, but is there 100% proof of that?) for no reason.
You're kidding right?

Paid Protection won't guarantee you 99% detection and prevention against threats, you actually have to use your brain to deflect most scams.

Not all movies win Oscars, but they still are excellent and enjoyable movies to watch. Or a $10,000 car is better than a $100 bike.
 

DJ Panda

Level 29
Verified
IMO it would have been better to upload the samples that were undetected to the vendors.. You could have used a throwaway email. As long as you purposely didn't put any documents or anything, it wouldn't have been traceable.
 

Evjl's Rain

Level 45
Verified
Trusted
Content Creator
Malware Hunter
I have a doubt that according to your avira screenshot, your malware files have an extension of .file => I doubt this may affect the detection rate of some AVs

could to try to test WD again with extension .exe?
 

Slerion

Level 3
I have a doubt that according to your avira screenshot, your malware files have an extension of .file => I doubt this may affect the detection rate of some AVs

could to try to test WD again with extension .exe?
Just tried it . no difference

Btw i made sure the AV didnt filter by extensions i made them scann all files

+ they allways scanned 862 files
 
Last edited:

cruelsister

Level 37
Verified
Trusted
Content Creator
Slerion- If you will allow me to make some comments-

1). The most important thing to do when malware testing is to make absolutely positive that all samples to be used in the test are actually malicious. This is a very time consuming process and would be a burden for 20 samples, no less 800+. The issue is that so many malware repositories will include stuff like legitimate applications that use certain packers, things like keygens (with snappy tunes), hacktools, and many files that are essentially duplicates of the exact same thing. So although at first blush an extensive data set seems impressive, it may not be as pertinent as a 15 file set of verified malware working by differing mechanisms.

2). If the Comodo AV was as impressive as your results show, I would be posting this over and over (in BOLD CAPS, CAPITALIZED) until Jack banned me from MT until this Universe winked out. As an example, I just tried a pack of 13 (Bakers Dozen) malware against both Comodo Internet Security and Qihoo Total Security. Twelve of the samples were from the past 12 hours, one was from 2016. The results:

a. CIS- using an on-demand scan, the Comodo AV detected 1/13 (the old sample, needless to say). On running the remaining samples another was detected by the Cloud AV; all the other were contained and dismissed by the Sandbox.

b. Qihoo Total Security (with BD Engine enabled)- 11/13 were detected and deleted by on on-demand scan. On running the undetected 2 files, one was blocked mechanistically, and the other, a new Cerber, trashed the machine.

So- although I (and I'm sure everyone else) appreciates the time you put in to this project, my suggestion would be using a small number of verified quality malware over sheer numbers of unknowns (quality over quantity); and if the results seem to be incorrect, they probably are.
 

Arequire

Level 25
Verified
Content Creator
To be honest, that's why I refuse to use free antivirus products - they just do not offer the protection paid products i.e., Kaspersky. They aren't the best/win awards (then the left say it's fake news, they pay off review companies, but is there 100% proof of that?) for no reason.
It's ironic because I do the exact opposite: Refuse to pay for protection. Paid products aren't guaranteed to protect me any better in a situation where I come in contact with malware (let's assume a brand new ransomware sample) than free products and if it does fail to protect me then not only are my files trashed but I'd also feel that I'd have wasted my money. Obviously I keep backups of all my important data and you could argue that these paid products don't cost much for what they offer but at the end of the day if the product does fail to protect me then that money could've been used elsewhere; arguably for a better purpose.

In regards to the test: Without a video or screenshots I'll keep an open mind. I do find it incredibly hard to believe that Comodo's AV outperformed all of the others listed though.
 
Last edited:
Top