Main Area and Open Discussion > General Software Discussion

Is it time to start a new AntiVirus/Internet Security Suite review thread?

<< < (7/17) > >>

Paul Keith:
Problem with benchmarks is that it cannot take account for 0 day malwares. That's why in my uneducated opinion, many quality antiviruses are slipping up and down on charts.

Anytime an AV program prepares for a new release, their detection quality suffers that's why many recommend Dr. Web's CureIt as the best on demand scanner based on their upgrade models and even that is just delaying the storm of next gen security suites like cloud-based behaviour blockers and shadow virtualization.

city_zen:
Problem with benchmarks is that it cannot take account for 0 day malwares. That's why in my uneducated opinion, many quality antiviruses are slipping up and down on charts.
-Paul Keith (December 02, 2008, 09:42 PM)
--- End quote ---

I'm not sure I understand what you mean, Paul, but if you're talking about the kind of benchmarks AV Comparatives and other organizations do, they can (and, in at least the case of AV Comparatives, actually do) take into account 0-day malware, i.e. "unknown" malware. In fact, the test I mentioned in my previous post is precisely that: a test to see how each AV performs against a number of previously unknown (to their signature databases) malware. This kind of tests allows us to see how well each program uses heuristics to detect this 0-day malware.

I also wish there were proper benchmarks done to see how AVs really affect a machine, nothing I've seen is really comprehensive enough...
-nontroppo (December 02, 2008, 04:03 PM)
--- End quote ---

There have been tests done to see how various ISS's affected a machines boot time, but I can't find that particular site ATM - although it was last year, (or early this year), I think.
-4wd (December 02, 2008, 06:56 PM)
--- End quote ---

I think you're talking about the same article I remember, 4wd. Is it this one?: What Really Slows Windows Down
In any case, if it wasn't it, this article is well worth reading. It's a little outdated now (written in 2006) but very informative.

Paul Keith:
I know heuristics can detect 0-day malware but I doubt they can detect every 0-day malware unlike a HIPS that monitors every changes and lately it seems malware has been improving at a much more rapid rate. It always seems to be a single virus that slips through AV guards especially if you forget to update from one version to another.

At least I have no other explanation for how viruses can still pass quality guards especially with their improved heuristics.

J-Mac:
I know heuristics can detect 0-day malware but I doubt they can detect every 0-day malware unlike a HIPS that monitors every changes and lately it seems malware has been improving at a much more rapid rate. It always seems to be a single virus that slips through AV guards especially if you forget to update from one version to another.

At least I have no other explanation for how viruses can still pass quality guards especially with their improved heuristics.
-Paul Keith (December 03, 2008, 02:13 AM)
--- End quote ---

This is one of those "Anything is possible" things. Sure, you can always get hit with a zero-day infection. Of course it is possible I can get struck by lightning every time I go out in an electrical storm.

I take my chances with NOD32's heuristics and I backup, backup, backup. To a few different locations. I am very fortunate that I have not been infected in all the years I have been using computers - and that is more than a few years! As in almost everything I do, I take the best precautions that I can while still maintaining a balance in keeping it all real - and usable.

It has worked for me for quite a long time. And if it goes bad, I have all the recovery options in place that I can reasonably have.

At this point, I have stopped worrying!

Jim

Paul Keith:
While that is good advice J-mac, it ignores the context of this thread.

I mean theoretically everything can be safe if you have a backup irregardless of your security settings and it might help improve your security settings if you have the correct attitude in dealing with these but this ignores people who have different habits as well as people who don't have the technical knowledge to rely on anything but their antiviruses.

Navigation

[0] Message Index

[#] Next page

[*] Previous page