Vista Forums - View Single Post - Which Internet Security Suite to get included with new computer?

**rive0108** · 05-31-2009

Westcoast. Sorry bout that-typo.

I dont "test" av apps myself, I leave that to certified Labs and professionals in the industry. Amature tests are of no value thats the problem.

VB100 [Trend Micro Vendor Results]
Virus Bulletin : VB100 results - Trend Micro

AV-Comparatives
Retrospective/Heuristic testing [May 2009]
http://www.av-comparatives.org/image...c_report22.pdf
On-Demand Testing [Feb 2009]
http://www.av-comparatives.org/image...c_report21.pdf

Computer magazines and ezine Antivirus Testing and Recommendations (i.e., Editor's Pick Awards)

by Andrew J. Lee
AVIEN Founding Member
http://www.avien.net

It is indisputable that any magazine can test and compare the usability, the interface, the update method, the system performance impact, the "user friendliness" and the features of respective products, and, on that basis, many magazines have conducted good and fair reviews of the anti-virus software included.

However, on the basis of their stated methodology for testing the virus detection functionality of the scanners, they often have not. The idea that a magazine will be able to test any virus scanner with their own "quarantined" virus collection is at best foolish and at worst dangerous.

Let me put it simply. When it comes to Scanner testing such magazines usually do not know what they are doing. This is proved by telling us how their test was conducted. It is simply wrong to assume that they can test a scanner just by seeing if it detects the viruses that they have. If it detects them they have proved nothing, except that there are some files they suspect of being viruses that it detects, you cannot extrapolate any further conclusion. If it does not detect, they have no way of telling why.

This is because they don't know whether their samples are viable* either fully or in part, nor whether the samples they have are mutations or variants (i.e. someone or something has made changes to it). The major criticisms that I have of such methodologies are these:

They do not define and publish the sample set used - listing by family, variant and type.
They have not tested the ability to replicate, (the definition of a virus), of each member of that sample set.
They do not publish the methodology of testing, which must be consistent for each product, i.e. how they set it up, were the files tested against in their natural state (as they would appear in the wild) etc.
They do not state whether they have distinguished viruses from Trojans or other non viral malware.
They often state disinfection or healing as a benefit, when it is far from agreed that it is of any benefit.
They often do not state the update or engine level of each product, nor the platforms on which they tested.

Therefore such tests have proved nothing, and are of little value in making a purchasing judgement.

For reliable results check the tests done by respected independent bodies in the field, you will often see that their testing contradicts such arbitrary magazine test results. See these links for some real tests :

http://www.av-test.org/index.php3?lang=en
http://www.virusbtn.com/100
http://agn-www.informatik.uni-hamburg.de/vtc/
ftp://agn-www.informatik.uni-hamburg.de/pub/texts/tests/pc-av/2001-07/0xecsum.txt
http://www.uta.fi/laitokset/virus/
http://www.check-mark.com/cgi-bin/redirect.pl
http://www.icsalabs.com/html/communities/antivirus/certifiedproducts.shtml

Real world anti-virus scanner testing is carried out using thousands of verified viruses under strictly controlled conditions. They are also carried out, at least the recognized tests, by experts in the field, who understand not only the implications of the results, but who are able to correctly interpret the results. Any tests a computer magazine have conducted in the manner described earlier are immediately invalidated by the non scientific method.

*Viable here means able to replicate and infect other files.

Read more...
Source: http://www.claymania.com/scannertest.html

Heuristic and On-Demand

Hueristic testing is when they use old signature definitions for malware (i.e., 6 month old virus signatures), and then introduce "new" malware, and the program Instead of looking for specific signatures, Is forced to use heuristic scanning looking for certain instructions or commands within a program that are not found in typical application programs. As a result, a heuristic engine is able to detect potentially malicious functionality in new, previously unexamined software such as the replication mechanism of a virus, the distribution routine of a worm or the payload of a trojan.

Heuristic detection capabilities-
Look at it this way, If a new polymorphic backdoor trojan/Trojan downloader, and/or keylogger was released tomorrow (and they take screenshots nowadays too-i.e, Spy Lantern Keylogger ), that captures your Credit cards, Online bank account and log-in passwords and transmits the data daily to some remote server in Russia (or Nigeria), or a self replicating Virus that has the ability to overwrite Windows directories, documents or emails was released, do you want to have a program that stops it cold, or lets it run amuck on your pc damaging it for a week before a definition for it is released? At that point the damage is done, even if it is then detected and removed you are left with corrupted documents, pictures, files, or even a system that will not boot or crashes constantly, and If you didnt have the foresight to backup or image the pc beforehand, the data is irretrievably lost, and Windows has to be painstakingly reinstalled along with all the programs, etc.

Regarding the High detection, and high false Alarms of AV's
“To better evaluate the quality of the detection capabilities, the false alarm rate has to be taken into account too. A false alarm (or false positive) is when an antivirus product flags an innocent file to be infected when it is not. False alarms can sometimes cause as much trouble [just] like a real infection.”
Most will assume it is a legit virus, worm, trojan and let the antivirus app "clean" or remove it. This can in itself cause data/Windows/Program corruption, thus causing the same damage as if it were a real malware infection. Leading to Windows/Program Instability or crashes and damaged/corrupted data that becomes useless.

Source:Whats the Best Antivirus/ Security Suite??

05-31-2009	#13 (permalink)
rive0108 Vista Ultimate X64 SP2 2,073 posts	Re: Which Internet Security Suite to get included with new computer? Westcoast. Sorry bout that-typo. I dont "test" av apps myself, I leave that to certified Labs and professionals in the industry. Amature tests are of no value thats the problem. VB100 [Trend Micro Vendor Results] Virus Bulletin : VB100 results - Trend Micro AV-Comparatives Retrospective/Heuristic testing [May 2009] http://www.av-comparatives.org/image...c_report22.pdf On-Demand Testing [Feb 2009] http://www.av-comparatives.org/image...c_report21.pdf Computer magazines and ezine Antivirus Testing and Recommendations (i.e., Editor's Pick Awards) by Andrew J. Lee AVIEN Founding Member http://www.avien.net It is indisputable that any magazine can test and compare the usability, the interface, the update method, the system performance impact, the "user friendliness" and the features of respective products, and, on that basis, many magazines have conducted good and fair reviews of the anti-virus software included. However, on the basis of their stated methodology for testing the virus detection functionality of the scanners, they often have not. The idea that a magazine will be able to test any virus scanner with their own "quarantined" virus collection is at best foolish and at worst dangerous. Let me put it simply. When it comes to Scanner testing such magazines usually do not know what they are doing. This is proved by telling us how their test was conducted. It is simply wrong to assume that they can test a scanner just by seeing if it detects the viruses that they have. If it detects them they have proved nothing, except that there are some files they suspect of being viruses that it detects, you cannot extrapolate any further conclusion. If it does not detect, they have no way of telling why. This is because they don't know whether their samples are viable* either fully or in part, nor whether the samples they have are mutations or variants (i.e. someone or something has made changes to it). The major criticisms that I have of such methodologies are these: They do not define and publish the sample set used - listing by family, variant and type. They have not tested the ability to replicate, (the definition of a virus), of each member of that sample set. They do not publish the methodology of testing, which must be consistent for each product, i.e. how they set it up, were the files tested against in their natural state (as they would appear in the wild) etc. They do not state whether they have distinguished viruses from Trojans or other non viral malware. They often state disinfection or healing as a benefit, when it is far from agreed that it is of any benefit. They often do not state the update or engine level of each product, nor the platforms on which they tested. Therefore such tests have proved nothing, and are of little value in making a purchasing judgement. For reliable results check the tests done by respected independent bodies in the field, you will often see that their testing contradicts such arbitrary magazine test results. See these links for some real tests : http://www.av-test.org/index.php3?lang=en http://www.virusbtn.com/100 http://agn-www.informatik.uni-hamburg.de/vtc/ ftp://agn-www.informatik.uni-hamburg.de/pub/texts/tests/pc-av/2001-07/0xecsum.txt http://www.uta.fi/laitokset/virus/ http://www.check-mark.com/cgi-bin/redirect.pl http://www.icsalabs.com/html/communities/antivirus/certifiedproducts.shtml Real world anti-virus scanner testing is carried out using thousands of verified viruses under strictly controlled conditions. They are also carried out, at least the recognized tests, by experts in the field, who understand not only the implications of the results, but who are able to correctly interpret the results. Any tests a computer magazine have conducted in the manner described earlier are immediately invalidated by the non scientific method. Viable here means able to replicate and infect other files. Read more...* Source: http://www.claymania.com/scannertest.html Heuristic and On-Demand Hueristic testing is when they use old signature definitions for malware (i.e., 6 month old virus signatures), and then introduce "new" malware, and the program Instead of looking for specific signatures, Is forced to use heuristic scanning looking for certain instructions or commands within a program that are not found in typical application programs. As a result, a heuristic engine is able to detect potentially malicious functionality in new, previously unexamined software such as the replication mechanism of a virus, the distribution routine of a worm or the payload of a trojan. Heuristic detection capabilities- Look at it this way, If a new polymorphic backdoor trojan/Trojan downloader, and/or keylogger was released tomorrow (and they take screenshots nowadays too-i.e, Spy Lantern Keylogger ), that captures your Credit cards, Online bank account and log-in passwords and transmits the data daily to some remote server in Russia (or Nigeria), or a self replicating Virus that has the ability to overwrite Windows directories, documents or emails was released, do you want to have a program that stops it cold, or lets it run amuck on your pc damaging it for a week before a definition for it is released? At that point the damage is done, even if it is then detected and removed you are left with corrupted documents, pictures, files, or even a system that will not boot or crashes constantly, and If you didnt have the foresight to backup or image the pc beforehand, the data is irretrievably lost, and Windows has to be painstakingly reinstalled along with all the programs, etc. Regarding the High detection, and high false Alarms of AV's “To better evaluate the quality of the detection capabilities, the false alarm rate has to be taken into account too. A false alarm (or false positive) is when an antivirus product flags an innocent file to be infected when it is not. False alarms can sometimes cause as much trouble [just] like a real infection.” Most will assume it is a legit virus, worm, trojan and let the antivirus app "clean" or remove it. This can in itself cause data/Windows/Program corruption, thus causing the same damage as if it were a real malware infection. Leading to Windows/Program Instability or crashes and damaged/corrupted data that becomes useless. Source:Whats the Best Antivirus/ Security Suite??
My System Specs