So i did test all free AV and was Surprised.

Are you surprised by the results conducted in my test?

  • Yes

    Votes: 11 28.2%
  • No

    Votes: 6 15.4%
  • Not on all programs

    Votes: 22 56.4%

  • Total voters
    39

Evjl's Rain

Level 47
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Apr 18, 2016
3,684
It's ironic because I do the exact opposite: Refuse to pay for protection. Paid products aren't guaranteed to protect me any better in a situation where I come in contact with malware (let's assume a brand new ransomware sample) than free products and if it does fail to protect me then not only are my files trashed but I'd also feel that I'd have wasted my money. Obviously I keep backups of all my important data and you could argue that these paid products don't cost much for what they offer but at the end of the day if the product does fail to protect me then that money could've been used elsewhere; arguably for a better purpose.
I completely agree. Paid products are not better than free products if we know what we are doing and find a good combo
for example, WD/avast/avira/BD free + Voodooshield free/comodo firewall => paid products = who are better, except lockdown products?
 

mekelek

Level 28
Verified
Well-known
Feb 24, 2017
1,661
It's ironic because I do the exact opposite: Refuse to pay for protection. Paid products aren't guaranteed to protect me any better in a situation where I come in contact with malware (let's assume a brand new ransomware sample) than free products and if it does fail to protect me then not only are my files trashed but I'd also feel that I'd have wasted my money. Obviously I keep backups of all my important data and you could argue that these paid products don't cost much for what they offer but at the end of the day if the product does fail to protect me then that money could've been used elsewhere; arguably for a better purpose.

In regards to the test: Without a video or screenshots I'll keep an open mind. I do find it incredibly hard to believe that Comodo's AV outperformed all of the others listed though.
so it's pointless to use a condom cause eventually it will break so you rather just vanish when you impregnate someone?
 

Arequire

Level 29
Verified
Top Poster
Content Creator
Feb 10, 2017
1,814
so it's pointless to use a condom cause eventually it will break so you rather just vanish when you impregnate someone?
No. The argument here would be why pay for condoms from a machine (we have machines in public bathrooms that dispense condoms for money here in the UK) when there's a respected and legitimate company giving away condoms that are of similar quality for free.
 

mekelek

Level 28
Verified
Well-known
Feb 24, 2017
1,661
Content edited (Inappropriate Language)
No. The argument here would be why pay for condoms from a machine when there's a respected and legitimate company giving away condoms that are the same quality for free.
but you do realize the free condom is made out of weaker materials so the chances of breaking is higher than the one that costs money.
 
Last edited by a moderator:

roger_m

Level 41
Verified
Top Poster
Content Creator
Dec 4, 2014
3,014
I agree with @cruelsister you need to ensure all the samples you use are actually malicious. For example, there are plenty of files I see in malware packs they are are either unwanted programs or installers which include unwanted extras. In both cases they are an annoyance, rather than being malicious. Because they're not malicious, often any antiviruses won't detect them.

If you can do your best to ensure all the samples are malicious, then at least you know that they are files that should be detected. Of course, ideally you would also launch any files that are not detected by scanning to see if they are detected by proactive protection.
 

Amelith Nargothrond

Level 12
Verified
Top Poster
Well-known
Mar 22, 2017
587
Slerion- If you will allow me to make some comments-

1). The most important thing to do when malware testing is to make absolutely positive that all samples to be used in the test are actually malicious. This is a very time consuming process and would be a burden for 20 samples, no less 800+. The issue is that so many malware repositories will include stuff like legitimate applications that use certain packers, things like keygens (with snappy tunes), hacktools, and many files that are essentially duplicates of the exact same thing. So although at first blush an extensive data set seems impressive, it may not be as pertinent as a 15 file set of verified malware working by differing mechanisms.

2). If the Comodo AV was as impressive as your results show, I would be posting this over and over (in BOLD CAPS, CAPITALIZED) until Jack banned me from MT until this Universe winked out. As an example, I just tried a pack of 13 (Bakers Dozen) malware against both Comodo Internet Security and Qihoo Total Security. Twelve of the samples were from the past 12 hours, one was from 2016. The results:

a. CIS- using an on-demand scan, the Comodo AV detected 1/13 (the old sample, needless to say). On running the remaining samples another was detected by the Cloud AV; all the other were contained and dismissed by the Sandbox.

b. Qihoo Total Security (with BD Engine enabled)- 11/13 were detected and deleted by on on-demand scan. On running the undetected 2 files, one was blocked mechanistically, and the other, a new Cerber, trashed the machine.

So- although I (and I'm sure everyone else) appreciates the time you put in to this project, my suggestion would be using a small number of verified quality malware over sheer numbers of unknowns (quality over quantity); and if the results seem to be incorrect, they probably are.

You have a particular way with words... Very nicely, elegantly explained.
It's not enough, when dealing with people, to "be an entire wikipedia db and know a bunch of stuff", but also to express the things you would like people to understand, and attract them so that they actually react to what you are saying. I got so much to learn...
 

Arequire

Level 29
Verified
Top Poster
Content Creator
Feb 10, 2017
1,814
made out of weaker materials so the chances of breaking is higher
That's unproven though. I've seen malware walk right past paid products just as I've seen malware walk right past free products. None are guaranteed to protect you 100% of the time so I don't see why I would spend money on something when it's literally just a gamble that it will protect you. That's why your stacking argument doesn't hold water; stacking can increase your protection substantially in terms of security. The whole condom comparison just doesn't work.

Know that I'm not arguing against the existence of paid-for products. If they didn't exist then the vendors behind them wouldn't exist and that would be bad for the entire security industry. If you're happy with paying for your security then all power to you. I just question the validity of the claim that paid-for products offer better protection than free products because consumers are required to pay for said protection.
 
Last edited:
  • Like
Reactions: Schank873 and AtlBo

Slerion

Level 5
Thread author
Verified
Well-known
Feb 24, 2016
238
I agree with @cruelsister you need to ensure all the samples you use are actually malicious. For example, there are plenty of files I see in malware packs they are are either unwanted programs or installers which include unwanted extras. In both cases they are an annoyance, rather than being malicious. Because they're not malicious, often any antiviruses won't detect them.

If you can do your best to ensure all the samples are malicious, then at least you know that they are files that should be detected. Of course, ideally you would also launch any files that are not detected by scanning to see if they are detected by proactive protection.
they are all malicious like 10% are only adware / PUA the rest are all Ransomware virus / malware. i had a nice circus when i did run them all on a unprotected VM
 
  • Like
Reactions: askmark

Slerion

Level 5
Thread author
Verified
Well-known
Feb 24, 2016
238
It's ironic because I do the exact opposite: Refuse to pay for protection. Paid products aren't guaranteed to protect me any better in a situation where I come in contact with malware (let's assume a brand new ransomware sample) than free products and if it does fail to protect me then not only are my files trashed but I'd also feel that I'd have wasted my money. Obviously I keep backups of all my important data and you could argue that these paid products don't cost much for what they offer but at the end of the day if the product does fail to protect me then that money could've been used elsewhere; arguably for a better purpose.

In regards to the test: Without a video or screenshots I'll keep an open mind. I do find it incredibly hard to believe that Comodo's AV outperformed all of the others listed though.
and again . i can send you the Malware pack its around 650mb uncompressed and compressed 511 mb with a password.

then you can happily see yourself :)
 
  • Like
Reactions: askmark

Slerion

Level 5
Thread author
Verified
Well-known
Feb 24, 2016
238
This i don't believe. You couldn't run 800+ samples without ruining your unprotected vm after a few dozen runs, especially ransomware.
Its a vm... Reset this #####... i made run just to see what they would do it was fun to watch lol ( actually it froze pretty fast ... )

fun fact one file comodo classified as "Porntool Gua gua.a" i found this extremely fun i dont know why... but porn and gua gua sounds really weird xD
 
  • Like
Reactions: AtlBo

Amelith Nargothrond

Level 12
Verified
Top Poster
Well-known
Mar 22, 2017
587
Just tried it . no difference

Btw i made sure the AV didnt filter by extensions i made them scann all files

+ they allways scanned 862 files

So you did not use default settings after all. You see, these little things makes you wonder what else did you do :)
 

Slerion

Level 5
Thread author
Verified
Well-known
Feb 24, 2016
238
So here for everyone that dont want to believe me .

Comodo scan
from 0% to 100%
this time it found 7 less probably due the fact standard Cloud time out is set to 2500MS probably some did time out.

any one want to see one other AV ? only One then iam gone of this thread. lol
 

Attachments

  • Screenshot_1.jpg
    Screenshot_1.jpg
    73.7 KB · Views: 405
  • Screenshot_2.jpg
    Screenshot_2.jpg
    79.5 KB · Views: 371
  • Screenshot_3.jpg
    Screenshot_3.jpg
    83.6 KB · Views: 392
  • Screenshot_4.jpg
    Screenshot_4.jpg
    81.6 KB · Views: 407
  • Screenshot_5.jpg
    Screenshot_5.jpg
    75.4 KB · Views: 388
  • Screenshot_6.jpg
    Screenshot_6.jpg
    78.7 KB · Views: 424
  • Screenshot_7.jpg
    Screenshot_7.jpg
    55.1 KB · Views: 359

Slerion

Level 5
Thread author
Verified
Well-known
Feb 24, 2016
238
So you did not use default settings after all. You see, these little things makes you wonder what else did you do :)
i made Only sure that they scanned all files. nothing else all other stuff is stated. like at avast " Enabled pua like all others "

But whatever. iam out of this thread.

if you guys dont want to believe me. do it. if you want do it. whatever it was actually just a test for me. but somehow i had a feeling i wanted to share it here .

i will stay after all with avast its right after comodo and got better features.

( screenshots of comodo scanning the pack from 0% to 100% are one comment above this )
 
  • Like
Reactions: AtlBo

Amelith Nargothrond

Level 12
Verified
Top Poster
Well-known
Mar 22, 2017
587
i made Only sure that they scanned all files. nothing else all other stuff is stated. like at avast " Enabled pua like all others "

But whatever. iam out of this thread.

if you guys dont want to believe me. do it. if you want do it. whatever it was actually just a test for me. but somehow i had a feeling i wanted to share it here .

i will stay after all with avast its right after comodo and got better features.

( screenshots of comodo scanning the pack from 0% to 100% are one comment above this )

My friend, you expect us (me included) to judge, to classify, to rank a product based on things you did.
There are people here who try to explain what you did good and what you did wrong, in a more elegant way (or being blunt, like me), doesn't matter.

Try to learn something from them (ignore me, by all means). Be smarter than just to ignore them (because you don't like what you read). There is valuable info on your thread, you could learn a lot from a lot of people.

Trust is earned, not bought, not sold, not taken by force.
 
Last edited:

cruelsister

Level 42
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 13, 2013
3,133
Slerion- PLEASE don't leave!!! As I said before, I'm sure everyone here is appreciative of your efforts, and even more appreciative for your starting an interesting discussion (God! My topics never generate 3 pages!!!!). But if I may expand on Spawn's comments, it's important to differentiate those products (like FortiClient) which solely rely on AV detection from products like AVAST which will have some sort of BB (or whatever) mechanism as an adjunct protection module.

For instance, if something like AppGuard decided to use a really substandard AV module in addition to the main product an on-demand scan may show 0/200 for malware; but on actually running the stuff one would see a perfect 200/200. So for products that utilize multiple mechanisms it really is a Zero Sum Game- a deficiency in one methodology may be more than made up for by a second.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top