Jump to content
Sign in to follow this  
markusg

Raymond.cc-Test

Recommended Posts

"...malwares are almost 2 years old... So, please take the results for informational purpose only. Please don't conclude anything."

 

Two years old? I'm not going to slog through the 100+ reader comments oh that site, but am I the only one who noticed this?

 

With the all-too-easy ability to grab current malwares for testing, I wonder what Raymond's agenda is.

 

With respect to the 100% versus the less-that-100% results, threats from that long ago have been neutralized by security upgrades to Windows and applications themselves. In the interest of efficiency, isn't it possible AV vendors have removed these threats from their protection/detection matrix? And why hammer the cloud for dead threats? Hitman Pro's and Immunet Free's scores would seem to back me up on this.

 

Maybe it's good Immunet Free resulted in what it did. As for Plus, BitDefender leases their engine(s) to a significant segment of the industry, so their inclusion of "detect everything" is in their interest. (I wonder what the result would be for BitDefender's own current AV2010?) In fact, there are several apps he tested in that list using BD...

 

"Remember I am not an expert. This is a amateur test only."

At least he's honest. It's more than can be said of those yoo-toob "reviewers."

 

Of course, I stand to be corrected if testing against age-old threats is relevant to current security strategy. :)

Share this post


Link to post
Share on other sites

@markusg

 

I didn't mean you shouldn't have posted up the link to Raymond's blog. In fact, you provided an important topic deserving of discussion quite fitting the purpose of this forum.

 

Carry on! :)

Share this post


Link to post
Share on other sites

"...malwares are almost 2 years old... So, please take the results for informational purpose only. Please don't conclude anything."

 

Two years old? I'm not going to slog through the 100+ reader comments oh that site, but am I the only one who noticed this?

 

With the all-too-easy ability to grab current malwares for testing, I wonder what Raymond's agenda is.

 

With respect to the 100% versus the less-that-100% results, threats from that long ago have been neutralized by security upgrades to Windows and applications themselves. In the interest of efficiency, isn't it possible AV vendors have removed these threats from their protection/detection matrix? And why hammer the cloud for dead threats? Hitman Pro's and Immunet Free's scores would seem to back me up on this.

 

Maybe it's good Immunet Free resulted in what it did. As for Plus, BitDefender leases their engine(s) to a significant segment of the industry, so their inclusion of "detect everything" is in their interest. (I wonder what the result would be for BitDefender's own current AV2010?) In fact, there are several apps he tested in that list using BD...

 

"Remember I am not an expert. This is a amateur test only."

 

 

Couple of things to note which I found of interest here.

 

1. We are less than a year old when it comes to a shipping product, we spend little to no time on historical malware processing so I am pretty impressed we caught malware in that collection at the rate we did. Our model is pretty tightly harnessed to what our users are seeing and to a lesser degree on *current* samples in trading networks.

 

2. Disparity between Clam AV for Windows and IMP:

 

On the 500 set:

 

Immunet free 414/500 (82.8%)

Clam Cloud 464/500 (92.8%)

 

On the larger set:

 

Immunet free 2469/5000 (49.38%)

Clam Cloud 2470/5000 (49.4%)

 

 

The kicker here is that this is the *same* engines so obviously IMP 2.0 Free has a bug on detection of large sample sets which is not in 1.0.26 (which is what the Clam tech is based on). I am going to hunt this down this week but I think it's related to the DNS code + SPERO which is causing some DNS lookup based convictions to choke.

 

 

>At least he's honest. It's more than can be said of those yoo-toob "reviewers."

>Of course, I stand to be corrected if testing against age-old threats is relevant to current security strategy. :)

 

Well, I do not think throwing malware on a disk ans scanning for it is really representative at all but it does have some relative merit. IMO testing should be for:

 

1. In field threats or recently in-field (maybe 4 - 6 mos?)

2. Geo specific threats. Threats being seen in your region, in your language.

 

 

However, that's really tough for people to do. I suppose scanning on disk makes sense, frankly I think going to known malware sites also has merit but less then a lot of people give it credit for.

 

al

Share this post


Link to post
Share on other sites
Guest orlando

EDITED BY PEDERSEN

 

 

This site has been reported as spam.

 

I report your post to the moderators. Unsecure site.

 

Regards,

Orlando

Edited by Pedersen
Removed the quote

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
Sign in to follow this  

×
×
  • Create New...