Raymond.cc-Test

[markusg]

http://www.raymond.cc/forum/spyware-viruses/21574-testing-the-on-demand-detection-of-different-av-with-old-malwares.html

well done for immunet pro. and a good beginning for the pro version. i think we will see more and better results in the future.

[Pedersen]

Thats why we recommend all you to buy the pro version

[dallas7]

"...malwares are almost 2 years old... So, please take the results for informational purpose only. Please don't conclude anything."

 

Two years old? I'm not going to slog through the 100+ reader comments oh that site, but am I the only one who noticed this?

 

With the all-too-easy ability to grab current malwares for testing, I wonder what Raymond's agenda is.

 

With respect to the 100% versus the less-that-100% results, threats from that long ago have been neutralized by security upgrades to Windows and applications themselves. In the interest of efficiency, isn't it possible AV vendors have removed these threats from their protection/detection matrix? And why hammer the cloud for dead threats? Hitman Pro's and Immunet Free's scores would seem to back me up on this.

 

Maybe it's good Immunet Free resulted in what it did. As for Plus, BitDefender leases their engine(s) to a significant segment of the industry, so their inclusion of "detect everything" is in their interest. (I wonder what the result would be for BitDefender's own current AV2010?) In fact, there are several apps he tested in that list using BD...

 

"Remember I am not an expert. This is a amateur test only."

At least he's honest. It's more than can be said of those yoo-toob "reviewers."

 

Of course, I stand to be corrected if testing against age-old threats is relevant to current security strategy.

[dallas7]

Thats why we recommend all you to buy the pro version

And Pedersen is saving up for a Rolex.

[markusg]

you are right, this test is not representative or something like this, i only want to show it

[dallas7]

@markusg

 

I didn't mean you shouldn't have posted up the link to Raymond's blog. In fact, you provided an important topic deserving of discussion quite fitting the purpose of this forum.

 

Carry on!

[alfred]

"...malwares are almost 2 years old... So, please take the results for informational purpose only. Please don't conclude anything."

 

Two years old? I'm not going to slog through the 100+ reader comments oh that site, but am I the only one who noticed this?

 

With the all-too-easy ability to grab current malwares for testing, I wonder what Raymond's agenda is.

 

With respect to the 100% versus the less-that-100% results, threats from that long ago have been neutralized by security upgrades to Windows and applications themselves. In the interest of efficiency, isn't it possible AV vendors have removed these threats from their protection/detection matrix? And why hammer the cloud for dead threats? Hitman Pro's and Immunet Free's scores would seem to back me up on this.

 

Maybe it's good Immunet Free resulted in what it did. As for Plus, BitDefender leases their engine(s) to a significant segment of the industry, so their inclusion of "detect everything" is in their interest. (I wonder what the result would be for BitDefender's own current AV2010?) In fact, there are several apps he tested in that list using BD...

 

"Remember I am not an expert. This is a amateur test only."

 

 

Couple of things to note which I found of interest here.

 

1. We are less than a year old when it comes to a shipping product, we spend little to no time on historical malware processing so I am pretty impressed we caught malware in that collection at the rate we did. Our model is pretty tightly harnessed to what our users are seeing and to a lesser degree on *current* samples in trading networks.

 

2. Disparity between Clam AV for Windows and IMP:

 

On the 500 set:

 

Immunet free 414/500 (82.8%)

Clam Cloud 464/500 (92.8%)

 

On the larger set:

 

Immunet free 2469/5000 (49.38%)

Clam Cloud 2470/5000 (49.4%)

 

 

The kicker here is that this is the *same* engines so obviously IMP 2.0 Free has a bug on detection of large sample sets which is not in 1.0.26 (which is what the Clam tech is based on). I am going to hunt this down this week but I think it's related to the DNS code + SPERO which is causing some DNS lookup based convictions to choke.

 

 

>At least he's honest. It's more than can be said of those yoo-toob "reviewers."

>Of course, I stand to be corrected if testing against age-old threats is relevant to current security strategy.

 

Well, I do not think throwing malware on a disk ans scanning for it is really representative at all but it does have some relative merit. IMO testing should be for:

 

1. In field threats or recently in-field (maybe 4 - 6 mos?)

2. Geo specific threats. Threats being seen in your region, in your language.

 

 

However, that's really tough for people to do. I suppose scanning on disk makes sense, frankly I think going to known malware sites also has merit but less then a lot of people give it credit for.

 

al

[Pedersen]

And Pedersen is saving up for a Rolex.

 

Already bought, saving up to my penthouse and car

[Guest orlando]

EDITED BY PEDERSEN

 

 

This site has been reported as spam.

 

I report your post to the moderators. Unsecure site.

 

Regards,

Orlando