AVLab.pl Summary of security tests in the year 2020 | Product of the year awards!

Disclaimer
  1. This test shows how an antivirus behaves with certain threats, in a specific environment and under certain conditions.
    We encourage you to compare these results with others and take informed decisions on what security products to use.
    Before buying an antivirus you should consider factors such as price, ease of use, compatibility, and support. Installing a free trial version allows an antivirus to be tested in everyday use before purchase.

Adrian Ścibor

From AVLab.pl
Thread author
Verified
Well-known
Apr 9, 2018
173

Attachments

  • malware sample count.png
    malware sample count.png
    38.4 KB · Views: 107
  • product of the year 2020 by avlab.png
    product of the year 2020 by avlab.png
    259.4 KB · Views: 94

ErzCrz

Level 21
Verified
Top Poster
Well-known
Aug 19, 2019
1,003
Dear MalwareTips Readers!

We have published the summary of 2020 for Advanced In The Wild Malware Test. In the report you can find a detailed information and awarded product.

Article: Summary of security tests in the year 2020 - AVLab

PDF report: https://avlab.pl/avlab-product-of-the-year-2020/
Great testing as always. These tests always end up bringing me back to Comodo :D I find WD tweaked with Hard_configurator for the most part just as effective so I bounce between the two.
 

Kongo

Level 35
Verified
Top Poster
Well-known
Feb 25, 2017
2,478
November-December report. CIS only blocked %19 of files with its signatures. What's the point of taking part in malware tests if your product basically blocks all unknown samples by default? That's something I didn't understand.

View attachment 253132
Comodo Endpoint protection has worse signatures than the IS version or what?
 

ErzCrz

Level 21
Verified
Top Poster
Well-known
Aug 19, 2019
1,003
Consistency does help and a big factor when choosing protection. There is the whole argument of age and source of of samples etc. with these sorts of tests which is why it's good there area number of them. The hardening approach with H_C is still my preferred way to go with things on the whole. It's just good these products get detected and Avlab's breaking down the test into types like macro and fileless is great.
 

mazskolnieces

Level 3
Well-known
Jul 25, 2020
117
What's the point of taking part in malware tests if your product basically blocks all unknown samples by default?
That's the whole point of Comodo's virtual container. Comodo only has signatures for old malware (more than a few days old). Everything else not rated as Safe is run inside the virtual container. That is how the product was designed to work.

No matter which solution a user chooses, if there is a failure, the user is at-fault - no matter what. Read any AV's or any security product's EULA. The end user is always responsible for an infection or security failure. And no security software publisher will ever offer a zero-infection guarantee. So your best bet, if you are the paranoid type and seriously initiated about your security, is to use default deny, learn what is required, and not rely completely upon software to make decisions for you.
 

Kongo

Level 35
Verified
Top Poster
Well-known
Feb 25, 2017
2,478
That's the whole point of Comodo's virtual container. Comodo only has signatures for old malware (more than a few days old). Everything else not rated as Safe is run inside the virtual container. That is how the product was designed to work.

No matter which solution a user chooses, if there is a failure, the user is at-fault - no matter what. Read any AV's or any security product's EULA. The end user is always responsible for an infection or security failure. And no security software publisher will ever offer a zero-infection guarantee. So your best bet, if you are the paranoid type and seriously initiated about your security, is to use default deny, learn what is required, and not rely completely upon software to make decisions for you.
He didn't question Comodo's functionality. He just said that it doesn't belong in such AV comparisons which are basically for the average consumer. The average consumer wants to be protected without checking the sandbox every time he/she runs a file. Comodo may protect from malware, but so does any default-deny software and it wouldn't be considered as the best protection, cause no average consumer would use or would even be able to deal with such programs.
 

mazskolnieces

Level 3
Well-known
Jul 25, 2020
117
He didn't question Comodo's functionality. He just said that it doesn't belong in such AV comparisons which are basically for the average consumer. The average consumer wants to be protected without checking the sandbox every time he/she runs a file. Comodo may protect from malware, but so does any default-deny software and it wouldn't be considered as the best protection, cause no average consumer would use or would even be able to deal with such programs.
AVLab has always included default deny products. Even in this one SecureAPlus is a default deny product.

The average consumer cannot handle even Windows Defender. It's their fault. Not anyone else's. In this day and age, an individual being IT illiterate is unacceptable to society. The thinking that people are not capable nor fully responsible for their own security because they cannot handle it is obsolete mode of thinking about users. The malware problem shall never be solved by merely installing software and letting it make decisions for people. The security industry has tried for nearly 40 years to make automation work for security, and all you have to do is look at the click-baity IT security news released any day within the past 20 years to see that security software is an utter failure. Even the industry itself has basically written off AV software as a completely inadequate solution.
 

blackice

Level 38
Verified
Top Poster
Well-known
Apr 1, 2019
2,730
AVLab has always included default deny products. Even in this one SecureAPlus is a default deny product.

The average consumer cannot handle even Windows Defender. It's their fault. Not anyone else's. In this day and age, an individual being IT illiterate is unacceptable to society. The thinking that people are not capable nor fully responsible for their own security because they cannot handle it is obsolete mode of thinking about users. The malware problem shall never be solved by merely installing software and letting it make decisions for people. The security industry has tried for nearly 40 years to make automation work for security, and all you have to do is look at the click-baity IT security news released any day within the past 20 years to see that security software is an utter failure. Even the industry itself has basically written off AV software as a completely inadequate solution.
I think life is a bit more nuanced for those that aren’t security enthusiasts. It’s a spectrum of people like any other area.
 

Nagisa

Level 7
Verified
Jul 19, 2018
341
AVLab has always included default deny products. Even in this one SecureAPlus is a default deny product.
SecureAPlus is not a default-deny product in a way Comodo is. When you find a new file, it has to be undetected by all cloud AV vendors and local APEX AI for it becomes fully unknown to you. And on new versions it automatically allows some programs.


On Comodo you will much more often encounter unknown programs and all you will have is bad signatures, inadequate BB and virtualization.

The average consumer cannot handle even Windows Defender. It's their fault. Not anyone else's. In this day and age, an individual being IT illiterate is unacceptable to society. The thinking that people are not capable nor fully responsible for their own security because they cannot handle it is obsolete mode of thinking about users. The malware problem shall never be solved by merely installing software and letting it make decisions for people. The security industry has tried for nearly 40 years to make automation work for security, and all you have to do is look at the click-baity IT security news released any day within the past 20 years to see that security software is an utter failure. Even the industry itself has basically written off AV software as a completely inadequate solution.

Kaspersky is working well for people though.
 

SomeRandomCat

Level 3
Well-known
Dec 23, 2020
124
Honestly, any properly coded default-deny security-software such as SecureAPlus, Comodo, Kaspersky - they are all going to be extremely easy to use for the average person. The reason I say this, is because the average person won't be downloading anything that isn't already in said product's white-list, so they won't have to answer prompts or check the sandbox.

I think its good these test include such software, especially since it is the default configuration when installing them. It has always been absolutely insane to me that so many AntiVirus companies depend on blacklisting. There are always going to be 0-day threats and for both the experienced PC user and novice alike, those are the real problem.

For a couple hundred bucks just about anyone can pay an experienced coder to whip a reliable RAT up and bypass signature detection (even more so now days, than 20 years ago). The average user isn't going to have heuristics on high, and even if they did, most products still wouldn't be likely to properly detect something properly packed with a cert.

I do think it's a bit scary though that they all trust certificates signed by certain companies by default, but I guess those are more rare cases.


SecureAPlus is not a default-deny product in a way Comodo is. When you find a new file, it has to be undetected by all cloud AV vendors and local APEX AI for it becomes fully unknown to you. And on new versions it automatically allows some programs.


On Comodo you will much more often encounter unknown programs and all you will have is bad signatures, inadequate BB and virtualization.



Kaspersky is working well for people though.
I played around with SecureAPlus a couple weeks ago, and I thought default-deny was setup out of the box, but maybe I remember wrong and had to set it to that.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top