|
28. Sep 2010, 12:22 PM
|
#1 (permalink) |
|
Site Manager
Join Date: Aug 2008
Location: South American Banana Republic, third bunch from the left
Posts: 9,250
|
How Important is Update Frequency?
IMO this is a good example of how important the frequency of AV updates is to the malware protection process.
http://www.youtube.com/watch?v=EGbO_h6h6cc In this test by languy99 the MSE 2.0 Beta achieves a perfect score. You can tell by his double-double follow up with the Emsisoft scanner that he couldn't really believe it himself either  Just after this though he makes the point that during another test the night before MSE did let some malware through. So there are two contributory factors to these differing results, first the links themselves and second the updates. In making an objective comparison you would also have to consider the small sample number. This is better explained by AV-Comparatives here in the reference to their "Whole Dynamic" test methodology. "We are not focusing on zero day exploits/malware, but on current and relevant malware that is out there and problematic to users. We are trying to include about 40-50% URLs pointing directly to malware. As example, if the user is tricked by social-engineering to follow links in spam mails or websites or if the user is tricked to install some Trojan or other rogue software. The rest/bigger part are exploits / drive by downloads. Those seem to be usually well covered by security products. In this kind of testing, it is very important to use enough test cases. Doing the test with only 20 or 50 cases may deliver quite random and statistically invalid results. We think that a minimum of 100 cases is a must. If an insufficient number of samples are used in comparative tests, differences in results may not indicate actual differences among the tested products. Some statistics on the next page illustrates why". In fairness I think you could pretty well replicate the languy99 results with most other products if using the same sample numbers, i.e. one good day and another bad day. What you would see though over time is consistently better results for programs which update more frequently than just once a day. This has to be a mathematical certainty if ignoring other factors such as risk (surfing habits)and pure chance. This also makes some of the so called poorer detectors a more attractive option if they happen to update more frequently, such as Comodo. This test published by Bright Hub has already been lambasted to hell and back on the Comodo forum as you might expect, but it still demonstrates a detection rate of 95% will all it's flaws. This for a free AV with frequent updates is pretty good. http://www.brighthub.com/computing/s...les/88397.aspx There is also some speculation if this might be the same "Donna" who waged an Anti-Comodo campaign some time back and if you like to see fanboys pulling their hair out and enjoy a whiff of scandal, then check out the Comodo forum thread too http://forums.comodo.com/news-announ...-t62490.0.html
__________________
Knows nothing and cares even less |
|
|
|
28. Sep 2010, 05:44 PM
|
#2 (permalink) |
|
Senior Member
Join Date: Sep 2010
Location: Planet X
Posts: 487
|
hm, interesting. I used to update manually every few hours but that was just because I like to keep things updated, not for security lol.
Anyways because Avira only updates once a day, I just now added it to the schedule tasks to run the update.exe hourly. This should work better than the built in daily updater. I'll see if it does update this way by tommorrow. |
|
|
|
|
28. Sep 2010, 05:57 PM
|
#3 (permalink) | |
|
Senior Member
Join Date: Apr 2010
Posts: 177
|
Quote:
As for this Brighthub test i have to say that Comodo fanboys have their rights on this matter. First of all, i didn't know that if you choose to install only the AV part of Comodo' suite you can have also Defense+ and the sandbox, i thought they only came with the firewall. This is great news for people like me who are not interested in Comodo (or any other 3rd party) firewall. Now,choosing to disable the HIPS and sandbox and testing only the detection rate of the AV is like testing some other software, not Comodo. It isn't Comodo's fault if they use superior technology than their competitors, it's the other way around. On the other hand, one thing that Comodo's fanboys, or the security freaks  over at Wilders, or people in this forum who are interested a little bit more about security, seem to forget is that AV vendors target to the famous "average user". And by this we don't mean some guy who bought his computer yesterday, but people who actually use internet for years but... they just don't like to be bothered. The majority of the users could not tolerate having to deal with a HIPS or a sandbox. And also they expect for their security software to tell them what is good and what is bad, and make the decisions for them. Only signature-based applications can do that, and that is why i believe classic AVs are gonna be around for quite sometime.P.S. I'm very dissapointed from PandaCloud. I had high expectations for this app and had it in my mind as the first alternative if i'd choosed to dumb Avira, but lately i'm seeing some very bad results. On the contrary, PC Tools really shines on this test! I thought it had poor detection rates. Makes you wonder |
|
|
|
|
28. Sep 2010, 09:51 PM
|
#4 (permalink) | |
|
Member
Join Date: Apr 2010
Location: Dublin
Posts: 25
|
Quote:
I wonder if this could have something to do with Symantec's acquisition of PC Tools - does the latter now have access to Norton's large user-base data on malware? |
|
|
|
|
|
28. Sep 2010, 11:31 PM
|
#5 (permalink) | |
|
Site Manager
Join Date: Aug 2008
Location: South American Banana Republic, third bunch from the left
Posts: 9,250
|
Quote:
PC Tools was in front of Avast! but behind both Avira and AVG in the AV Comparatives "whole dynamic" test but not by a lot and these are being averaged out over the next few months. The really interesting thing about this test was that although Norton did slightly better overall, it required user intervention to achieve this which PC Tools did not so maybe the co-operation should be the other way around?
__________________
Knows nothing and cares even less |
|
|
|
|
|
29. Sep 2010, 02:40 AM
|
#6 (permalink) | |
|
Senior Member
Join Date: Nov 2009
Posts: 1,224
|
Quote:
all apps did well including Comodo. It was fair, as far as I can tell. Bo Last edited by bo.elam; 29. Sep 2010 at 02:47 AM. |
|
|
|
|
 |
| Thread Tools | |
| Display Modes | |
|
|
Linear Mode
