Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Inactive Support Threads
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Security
Malware Analysis
The peculiarity of EXE malware testing.
Message
<blockquote data-quote="Andy Ful" data-source="post: 979863" data-attributes="member: 32260"><p><span style="font-size: 18px"><strong>Can the "EXE error" be an excuse for poor AVs?</strong></span></p><p></p><p>One can think that this threat can be a convenient explanation for poor AVs. Such thinking is natural after seeing the test results as below:</p><p></p><p>AV-Comparatives + AV-Test, Consumer Malware Protection tests 2021</p><p>Missed samples - tested few-weeks-old prevalent samples: only <span style="color: rgb(65, 168, 95)"><strong>EXE files</strong></span>:</p><p>Avira ..................... <span style="color: rgb(41, 105, 176)">39</span></p><p>TrendMicro ......... <span style="color: rgb(41, 105, 176)">224</span></p><p></p><p>The guy in the OP claims that TrendMicro can still have similar capabilities of detecting/blocking EXE malware? He is possibly crazy or simply stupid.<img src="data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7" class="smilie smilie--sprite smilie--sprite109" alt=":)" title="Smile :)" loading="lazy" data-shortname=":)" /></p><p></p><p>But, look here:</p><p>AV-Comparatives + AV-Test, Consumer Real-World Protection tests 2021</p><p>Missed samples - tested 0-day samples: <strong><span style="color: rgb(0, 168, 133)">EXE files</span></strong>, <span style="color: rgb(85, 57, 130)"><strong>documents, scripts</strong></span>:</p><p>TrendMicro ...... <span style="color: rgb(41, 105, 176)">7</span></p><p>Avira ................ <span style="color: rgb(41, 105, 176)">27</span></p><p></p><p><strong>Something here is upside down, isn't it? </strong></p><p>So, No - the "EXE error" is not an excuse. It is a probable explanation only in specific situations, when one AV scores better in Real-World tests (tested EXEs, scripts, documents) and significantly worse in Malware Protection tests (tested only EXEs). If this AV has got good protection against scripts/documents and scores better for fresh samples (R-W tests), then it simply cannot have fewer capabilities to detect/block EXE files. So, Avira does not have more capabilities than TrendMicro to detect/block EXE files, and the same says the "EXE error".</p><p></p><p>In fact, there is a simple explanation. In the first example. Avira also had missed most of the samples missed by TrendMicro, but this had happened long before the test, via undetected documents and scripts. The difference is that Avira had missed these samples in the wild (some consumers had been infected), and TrendMicro missed them in the test (consumers were not infected). The test also shows that the TrendMicro consumers might be infected anyway if the attackers would bother to reuse these samples (payloads) in the wild. Furthermore, it shows that TrendMicro does not care much to add detections for such malware.</p></blockquote><p></p>
[QUOTE="Andy Ful, post: 979863, member: 32260"] [SIZE=5][B]Can the "EXE error" be an excuse for poor AVs?[/B][/SIZE] One can think that this threat can be a convenient explanation for poor AVs. Such thinking is natural after seeing the test results as below: AV-Comparatives + AV-Test, Consumer Malware Protection tests 2021 Missed samples - tested few-weeks-old prevalent samples: only [COLOR=rgb(65, 168, 95)][B]EXE files[/B][/COLOR]: Avira ..................... [COLOR=rgb(41, 105, 176)]39[/COLOR] TrendMicro ......... [COLOR=rgb(41, 105, 176)]224[/COLOR] The guy in the OP claims that TrendMicro can still have similar capabilities of detecting/blocking EXE malware? He is possibly crazy or simply stupid.:) But, look here: AV-Comparatives + AV-Test, Consumer Real-World Protection tests 2021 Missed samples - tested 0-day samples: [B][COLOR=rgb(0, 168, 133)]EXE files[/COLOR][/B], [COLOR=rgb(85, 57, 130)][B]documents, scripts[/B][/COLOR]: TrendMicro ...... [COLOR=rgb(41, 105, 176)]7[/COLOR] Avira ................ [COLOR=rgb(41, 105, 176)]27[/COLOR] [B]Something here is upside down, isn't it? [/B] So, No - the "EXE error" is not an excuse. It is a probable explanation only in specific situations, when one AV scores better in Real-World tests (tested EXEs, scripts, documents) and significantly worse in Malware Protection tests (tested only EXEs). If this AV has got good protection against scripts/documents and scores better for fresh samples (R-W tests), then it simply cannot have fewer capabilities to detect/block EXE files. So, Avira does not have more capabilities than TrendMicro to detect/block EXE files, and the same says the "EXE error". In fact, there is a simple explanation. In the first example. Avira also had missed most of the samples missed by TrendMicro, but this had happened long before the test, via undetected documents and scripts. The difference is that Avira had missed these samples in the wild (some consumers had been infected), and TrendMicro missed them in the test (consumers were not infected). The test also shows that the TrendMicro consumers might be infected anyway if the attackers would bother to reuse these samples (payloads) in the wild. Furthermore, it shows that TrendMicro does not care much to add detections for such malware. [/QUOTE]
Insert quotes…
Verification
Post reply
Top
