AV-Comparatives Security Survey 2011

MidnightCowboy · 10. Apr 2011, 01:16 PM

If you download the PDF from this page it makes interesting reading.

http://www.av-comparatives.org/en/resources/surveys

In particular is the answer to a question about what to do with a downloaded file after receiving a system or security software alert.

42% said they would execute it anyway
31% said they would trust the file
27% said they would delete it

This is a remarkable 73% of users who would execute a file after receiving a warning about it. No wonder there are so many infected machines and networks.

maplichen · 10. Apr 2011, 06:55 PM

I read this survey when they first published it, and the whole thing was actually pretty interesting. If I have it right, the question that you are talking about it actually reads: If your AV product or your operating system asks you if you trust a file that you downloaded on purpose from the Internet, how do you usually answer? Honestly, I leave Vista's UAC on and it, as well as comodo firewall, pretty much pops up with a warning for any installer execution. If I purposely downloaded the file and trust the vendor, which is more than 95% or the time, I definitely execute the file. Maybe this is the reason those percentages are so high.

One part that I found particularly interesting was where 16% of people would consider using an AV with no on demand scanning feature. My first reaction was that the AV would be lacking a critical component of it's function here. But, in reality, I haven't had a piece of malware make it past my browser sandbox in over a year and not past the active protection of AV and UAC in over 3 years. It feels weird to say it, but having the on demand scanning capability might actually be unnecessary for some people, myself included.

wdhpr · 10. Apr 2011, 08:08 PM

Quote:

Originally Posted by MidnightCowboy

If you download the PDF from this page it makes interesting reading.

http://www.av-comparatives.org/en/resources/surveys

In particular is the answer to a question about what to do with a downloaded file after receiving a system or security software alert.

42% said they would execute it anyway
31% said they would trust the file
27% said they would delete it

This is a remarkable 73% of users who would execute a file after receiving a warning about it. No wonder there are so many infected machines and networks.

Quote:

From the av-comparative link
If your AV product or your operating system asks you if you trust a file
that you downloaded on purpose from the Internet, how do you usually answer?

I use winxp and I get a "do you trust this software" question every time I go to install the software I just downloaded. I know I can disable that pop-up but I decided to keep it active so I at least think about it at the time of install.
Anyway you can count me in the 73% group because I'm picky about where I download my software and hope my AV saves me if things go badly. I guess to be on the safe side I should run a on-demand scan with something like SuperAntiSpyware

bo.elam · 10. Apr 2011, 09:54 PM

I think the question is terrible, even they admit that it is kind of
confusing. After analyzing it carefully, I cant figure to what piece
of the pie I belong to. Maybe I don't belong to any since I use
Firefox and I am not using a real time AV.

Bo.

J_L · 10. Apr 2011, 09:57 PM

HIPS and the like are useless for normal users it seems.

Also, they prefer on-demand tests, which are ineffective in the real world. Protection is much more important than detection.

MidnightCowboy · 10. Apr 2011, 10:06 PM

Some good observations

I guess at the end of the day I'm always hoping that folks like AV_C will be helping to promote "the cause" but in reality not only have they helped the confusion here, but actually encouraged it with the format of their question.

Whichever way you look at it though it does demonstrate quite a level of consumer apathy.

bo.elam · 10. Apr 2011, 10:35 PM

I always tell friends that if they don't want to have an infection again
all they have to do is read 3 hours for 30 days about security and the
rest will happen on its own. Most don't care any about me saying it
and are still getting infected.
Thanks for posting this, MC.
Bo

eyeb · 11. Apr 2011, 12:22 PM

open it in a sandbox is what I do...

actually I open everything in sandbox first time I get something, if it's worth keeping I keep it and open it without sandbox next time since it was clean first time in sandbox

I do force all my pdf/movie/music/word documents into sandbox though since those are your traditional file extensions that include virus.

edit: but it does depend on what I'm opening also. I like to download software to test and if the virus alert goes off, more likely than not, I'll delete the file and not even try opening it. But if it's a file from someone I know/site I trust I'll open it sandbox because I get false alerts off my own programs so I know when to kind of expect false alerts. IE I'm collaborating with someone and already have idea what's in the file

10. Apr 2011, 01:16 PM	#1 (permalink)
MidnightCowboy Site Manager Join Date: Aug 2008 Location: South American Banana Republic, third bunch from the left Posts: 9,250	AV-Comparatives Security Survey 2011 If you download the PDF from this page it makes interesting reading. http://www.av-comparatives.org/en/resources/surveys In particular is the answer to a question about what to do with a downloaded file after receiving a system or security software alert. 42% said they would execute it anyway 31% said they would trust the file 27% said they would delete it This is a remarkable 73% of users who would execute a file after receiving a warning about it. No wonder there are so many infected machines and networks. __________________ Knows nothing and cares even less

10. Apr 2011, 06:55 PM	#2 (permalink)
maplichen Full Member Join Date: Jun 2010 Posts: 36	I read this survey when they first published it, and the whole thing was actually pretty interesting. If I have it right, the question that you are talking about it actually reads: If your AV product or your operating system asks you if you trust a file that you downloaded on purpose from the Internet, how do you usually answer? Honestly, I leave Vista's UAC on and it, as well as comodo firewall, pretty much pops up with a warning for any installer execution. If I purposely downloaded the file and trust the vendor, which is more than 95% or the time, I definitely execute the file. Maybe this is the reason those percentages are so high. One part that I found particularly interesting was where 16% of people would consider using an AV with no on demand scanning feature. My first reaction was that the AV would be lacking a critical component of it's function here. But, in reality, I haven't had a piece of malware make it past my browser sandbox in over a year and not past the active protection of AV and UAC in over 3 years. It feels weird to say it, but having the on demand scanning capability might actually be unnecessary for some people, myself included. __________________ The big yellow one is the sun

10. Apr 2011, 10:06 PM	#6 (permalink)
MidnightCowboy Site Manager Join Date: Aug 2008 Location: South American Banana Republic, third bunch from the left Posts: 9,250	Some good observations I guess at the end of the day I'm always hoping that folks like AV_C will be helping to promote "the cause" but in reality not only have they helped the confusion here, but actually encouraged it with the format of their question. Whichever way you look at it though it does demonstrate quite a level of consumer apathy. __________________ Knows nothing and cares even less

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode

10. Apr 2011, 09:54 PM	#4 (permalink)
bo.elam Senior Member Join Date: Nov 2009 Posts: 1,224	I think the question is terrible, even they admit that it is kind of confusing. After analyzing it carefully, I cant figure to what piece of the pie I belong to. Maybe I don't belong to any since I use Firefox and I am not using a real time AV. Bo.

10. Apr 2011, 09:57 PM	#5 (permalink)
J_L Co-Author, Best Free Security List Join Date: Dec 2008 Posts: 1,475	HIPS and the like are useless for normal users it seems. Also, they prefer on-demand tests, which are ineffective in the real world. Protection is much more important than detection.

10. Apr 2011, 10:35 PM	#7 (permalink)
bo.elam Senior Member Join Date: Nov 2009 Posts: 1,224	I always tell friends that if they don't want to have an infection again all they have to do is read 3 hours for 30 days about security and the rest will happen on its own. Most don't care any about me saying it and are still getting infected. Thanks for posting this, MC. Bo

11. Apr 2011, 12:22 PM	#8 (permalink)
eyeb Senior Member Join Date: Sep 2010 Location: Planet X Posts: 487	open it in a sandbox is what I do... actually I open everything in sandbox first time I get something, if it's worth keeping I keep it and open it without sandbox next time since it was clean first time in sandbox I do force all my pdf/movie/music/word documents into sandbox though since those are your traditional file extensions that include virus. edit: but it does depend on what I'm opening also. I like to download software to test and if the virus alert goes off, more likely than not, I'll delete the file and not even try opening it. But if it's a file from someone I know/site I trust I'll open it sandbox because I get false alerts off my own programs so I know when to kind of expect false alerts. IE I'm collaborating with someone and already have idea what's in the file