All antivirus binary analysis results are provided via
'_www.virustotal.com_' (
http://www.virustotal.com/).
'_http://mtc.sri.com/live_data/av_rankings/_'
(
http://mtc.sri.com/live_data/av_rankings/)
"The antivirus programs used by *VirusTotal have limited disassembling
power*, and VirusTotal does not '_execute_'
(
http://www.vistax64.com/wiki/Execution_(computing)) the files for more
comprehensive analyses.
*Antiviruses used may not provide 100% accurate results*"
Since VirusTotal is a public service, malicious '_programmers_'
(
http://www.vistax64.com/wiki/Programmer) can submit samples of their
work to VirusTotal for analysis, and determine how to bypass detection
methods of new threats through trial and error
__________________
Its funny that trend Micro seems to score second Highest, when It has
the worst Malware detection rate, and Sophos scores the top slot when It
is by far the worst at malware detection. (both of these programs have
unacceptably high false positve detection rates, theat can result in
program/Windows instability.
I think these are like most "uncertified" lab tests, or "editor's
reviews, Amaturish, unprofessional tests that fail to meet the testings
standards, and have probably been paid by the vendors to promote what
are clearly subpar products.
'_http://www.pcworld.com/reviews/produ..._pro_2009.html_'
(
http://www.pcworld.com/reviews/produ..._pro_2009.html)
*--*“Trend Micro Internet Security Pro 2009 Review*--*
-*-*Jan 22, 2009 by Erik Larkin, PC World*-*-
-*-*::TREND MICRO'S SUITE FAILS AT THE MOST BASIC TASK OF DETECTING AND
BLOCKING MALICIOUS SOFTWARE. NOT RECOMMENDED.::*-*-
-*-*Trend Micro Internet Security Pro 2009 ($70 for three users as of
12/24/08 ) fails badly at any security suite's most important task:
Identifying malware before it can attack your PC. In tests for "Paying
for Protection," our 2009 roundup of nine security suites, Trend Micro's
newest offering didn't just come in last place in that crucial
category--its dismal 69.3 percent detection rate was a full 20
percentage points behind the next worst competitor. In AV-Test.org's
tests, which put each suite up against a huge array of bots, password
stealers, and other malware, top performers tagged about 99 percent of
the 654,914 samples--but Trend Micro's package let three out of every
ten pieces of malicious software go by untouched. That just doesn't cut
it for security software.*-*-
-*-*Trend Micro likewise fell flat in heuristic tests using
two-week-old signature files to simulate dealing with unknown threats,
and at catching annoying adware. It was dead last in both
categories.*-*-
-*-*The company says that it emphasizes proactive protection that
attempts to block threats before they can try installing malware (and
before the suite would have to recognize it). Trend Micro uses its own
Web crawlers, download tests, and user reports to maintain a database of
malicious Web sites, and will block those sites from loading on your PC.
It's a valid approach--one that could well supplement scanning for
malware on your PC--but it can't yet replace that core detection
task.*-*-
-*-*Trend Micro's package did shine when tasked with cleaning up an
existing infection. It removed all the files from nine out of ten
malware infections, a performance that only BitDefender matched. It was
almost as good in dealing with Registry changes, placing second in that
test.*-*-
-*-*The suite offers a few interesting features, such as a scan for
missing Windows patches that assigns a risk level for each one. You'll
also get a useful Wi-Fi advisor button in a browser toolbar that can
warn you if your wireless network lacks encryption--a smart tool placed
in a good location.*-*-
-*-*Trend Micro also did well with its user interface, and clearly took
time to provide good descriptions for features and options. Right away
we noticed the use of plain English throughout the program.*-*-
-*-*But the company went too far with its desire to simplify, as we saw
no pop-ups or warnings when it blocked our attempted Zango-adwre
download. We had to dig into the program logs to find out what was going
on. It's good to help people make informed decisions to protect their
computer, but it's also important to at least give users an idea that
something we just tried to do was potentially harmful. Without an alert,
a user might think that their browser simply had a problem, and they
might then try installing the dangerous software through another
browser--or even worse, on another PC. You can change the default
setting to display warnings when your PC encounters viruses or spyware,
but you shouldn't have to.*-*-
-*-*Trend Micro's suite has some good points, but there's no getting
around the fact that Internet Security Pro 2009 fails at detecting
malicious software, and therefore fails as a security program. We cannot
recommend buying it.”*-*-
*Computer magazines and ezine Antivirus Testing and Recommendations
(i.e., Editor's Pick Awards) *
*by Andrew J. Lee*
AVIEN Founding Member
'_http://www.avien.net_' (
http://www.avien.net/)
It is indisputable that any magazine can test and compare the
usability, the interface, the update method, the system performance
impact, the "user friendliness" and the features of respective products,
and, on that basis, many magazines have conducted good and fair reviews
of the anti-virus software included.
However, on the basis of their stated methodology for testing the virus
detection functionality of the scanners, they often have not. The idea
that a magazine will be able to test any virus scanner with their own
"quarantined" virus collection is at best foolish and at worst
dangerous.
Let me put it simply. When it comes to Scanner testing such magazines
usually do not know what they are doing. This is proved by telling us
how their test was conducted. It is simply wrong to assume that they can
test a scanner just by seeing if it detects the viruses that they have.
If it detects them they have proved nothing, except that there are some
files they suspect of being viruses that it detects, you cannot
extrapolate any further conclusion. If it does not detect, they have no
way of telling why.
This is because they don't know whether their samples are viable*
either fully or in part, nor whether the samples they have are mutations
or variants (i.e. someone or something has made changes to it). The
major criticisms that I have of such methodologies are these:
- They do not define and publish the sample set used - listing by
family, variant and type.
- They have not tested the ability to replicate, (the definition of a
virus), of each member of that sample set.
- They do not publish the methodology of testing, which must be
consistent for each product, i.e. how they set it up, were the files
tested against in their natural state (as they would appear in the
wild) etc.
- They do not state whether they have distinguished viruses from
Trojans or other non viral malware.
- They often state disinfection or healing as a benefit, when it is
far from agreed that it is of any benefit.
- They often do not state the update or engine level of each product,
nor the platforms on which they tested.
Therefore such tests have proved nothing, and are of little value in
making a purchasing judgement.
For reliable results check the tests done by respected independent
bodies in the field, you will often see that their testing contradicts
such arbitrary magazine test results. See these links for some real
tests :
'_http://www.av-test.org/index.php3?lang=en__'
(
http://www.av-test.org/index.php3?lang=en)
'_http://www.virusbtn.com/100_' (
http://www.virusbtn.com/100/)
'_http://agn-www.informatik.uni-hamburg.de/vtc/_'
(
http://agn-www.informatik.uni-hamburg.de/vtc/)
'_ftp://agn-www.informatik.uni-hamburg.de/pub/texts/tests/pc-av/2001-07/0xecsum.txt_'
(
ftp://agn-www.informatik.uni-hamburg...07/0xecsum.txt)
'_http://www.uta.fi/laitokset/virus/_'
(
http://www.uta.fi/laitokset/virus/)
'_http://www.check-mark.com/cgi-bin/redirect.pl_'
(
http://www.check-mark.com/cgi-bin/redirect.pl)
'_http:/www.icsalabs.com/html/communities/antivirus/certifiedproducts.shtml_'
(
http://www.icsalabs.com/html/communi...products.shtml)
Real world anti-virus scanner testing is carried out using thousands of
verified viruses under strictly controlled conditions. They are also
carried out, at least the recognized tests, by experts in the field, who
understand not only the implications of the results, but who are able to
correctly interpret the results. Any tests a computer magazine have
conducted in the manner described earlier are immediately invalidated by
the non scientific method.
*Viable here means able to replicate and infect other files.
*Read more...*
*Source:* '_http://www.claymania.com/scannertest.html_'
(
http://www.claymania.com/scannertest.html)
--
rive0108
'::_-Win_$500_With_Vista_Forums-_::'
(
http://www.vistax64.com/competitions..._more_info-_::
Similar Threads
Linear Mode
