Here is my review of AV software AVP, NOD32 and Norton 2002
![[PaX]'s profile photo](https://lh3.googleusercontent.com/a/default-user=s40-c)
[PaX]
yup without exact details of the set up of the tests as with other tests
it's worthless...
Dalt
Nick FitzGerald
> I used a test bed of 3101 viruses, ...
You confirmed that each and every one was capable of recursively
replicating, didn't you?
And through skilled research and your extensive experience with such
things, you independently confirmed that each was a sample of a
different virus?
> ... and let the above 4 AV software do
> their best.... and here are my findings.....
>
> NOD32 v1.213 update 17.02.02
> Standard scan found 2625...
> Deep scan found 2637
>
> Kaspersky v4.0 update 17.02.02
> detected virus bodies 2987
>
> Norton Antivirus 2002 update 17.02.02
> detected virus bodies 2898
>
> Kaspersky v3.5 update 17.02.02
> detected virus bodies 3100.
>
>
> Would ppl care to comment on these results....
If you did not do both of the above, there are several possible high
probability explanations...
Perhaps the "viruses" you downloaded were not all viruses at all.
Typically 15-30% of files in freely accessible "virus collections"
on the web are "crud" -- non-viral, but in a sense "virus related"
files (bodged disinfections, bodged infections, "defanged" samples
non-working droppers, etc, etc). Some products detect lots of
these files (because the products' authors know many people will
do stupid "tests" and thus are likely to be swayed by their stupid
results) whereas others correctly refuse to on purist gounds (these
are, afterall non-viral files and mostly entirely non-functional as
well), while yet others only add detection of such files they are
"forced" to (usually by a big customer asking "why don't you detect
this 'virus' that <product of the first type> detects?" *and* the
customer is too stupid to accept that "because it is not a virus
and if we add detection of such crud to the scanner it slows it
down" as an acceptable answer.
Or, perhaps they are all viruses, but you have about 150 samples of
just three or four rare, new and not in the wild viruses. Because
of NAV's and NOD32's heuristics, several samples of each virus are,
in fact, detected but most are not. The detection "shortfall"
between those products is thus not in the 15-20% range but actually
about 0.01%.
There are many, many other subtle features of your testing methods
that could have led you to similarly wrong conclusions, and while
individually few of those is likely to account for the differences
you mention *alone*, in combination a few of them could really
screw your results.
In short, there's much more to a useful virus detection test than
you have reported, so until you report the full details, we are
left guessing and your "results" are pretty meaningless. However,
that you seem unaware of these issues suggests an increased
probability that at least the first of the major flaws outlined
above applies to your tests.
--
Nick FitzGerald
rod
<thO...@thOrac.net> wrote in message
news:d9mh7u0kjjutn5g7s...@4ax.com...
>
> i asked for comments and all you lot reply with is snide comments.
"snide comments" ???
ROFL
Your tests were crap!
Several people told you so ... and why.
If you're too big-headed to learn from it then learn to live with it, and
quit your whining.
Frank S
> NOD32. v1.213 and Norton AV 2002...
> Would ppl care to comment on these results....
Why didn't you rate... performance hit on system, ease of updating
definition files, comprehensiveness of configuration, price, speed,
capability to manage from a central location, support, ease of use, ability
to update definition files while not logged onto the machine, automatic
engine update capability, etc, etc. Do you think that the only criteria for
choosing an AV app is detection rate? It's not.
Then there is the issue of the validity of the detection rate tests
anyway.... more than I want to comment on.
-Frank
Frederic Bonroy
> Why didn't you rate... performance hit on system, ease of updating
> definition files, comprehensiveness of configuration, price, speed,
> capability to manage from a central location, support, ease of use, ability
> to update definition files while not logged onto the machine, automatic
> engine update capability, etc, etc. Do you think that the only criteria for
> choosing an AV app is detection rate? It's not.
Very true. But ease of use, performance hit and so on depend on the
user, the computer etc. It's not easy to test.
That's probably why most AV companies offer evaluation versions for
download.
Frank S
> depend on the user, the computer etc. It's not easy to test.
> That's probably why most AV companies offer evaluation
> versions for download.
Agreed! And that is often (always, to me) more important than a few
percentage points one way or the other in detection rates.
-Frank
Robert Moir
<thO...@thOrac.net> wrote in message
news:d9mh7u0kjjutn5g7s...@4ax.com...
> i asked for comments and all you lot reply with is snide comments.
>
> in this n/g again
>
> if you guys can do better, then do it. At least try and confirm that
> the AV software u have/and are discussing is doing what it states and
> not what the software writer claims.
*whoosh*
that was the sound of the point, not to mention some clues, passing RIGHT
over your head.
Snide comments? Ever consider that we may have a point? Or could it just be
you who doesn't have any answers?
FromTheRafters
<thO...@thOrac.net> wrote in message
news:d9mh7u0kjjutn5g7s...@4ax.com...
> i asked for comments and all you lot reply with is snide comments.
>
> i shall know better than to ask for worthwhile comments/suggestions
> in this n/g again
You asked for, and received, comments.
Don't shoot the messenger just because
you don't like the message. Okay maybe
some of the comments sounded a little
harsh. The politically correct terms for
'crap' and 'brain dead' should have been
used. Nick gave you good information
with his post (and his unique delivery
style). If he sounded a little condescending
it is only because he is better versed than
you are in this subject. Professional AV
tests are somewhat less worthless than
yours, and their shortcomings are sometimes
also discussed in this group.
Mathijs Kok (LAGO)
I did some tests on how fast cars are.
My results:
Car A is faster than car B.
Car B is slower than car A.
I would like you all to comment on this and to compare it with the
performance of your own car. Please do not make snide comments as I am not
able to understand completely why my test is not worth very much.
Kev Page
everywhere how good it is before suddenly switching to car A.
;-)
"Melissa" <willkayakforf...@gmx.net> wrote in message
news:3c7a6b5b$0$30...@fountain.mindlink.net...
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On Mon, 25 Feb 2002 13:34:15 GMT, "Mathijs Kok \(LAGO\)"
> <mk...@simflight.com(removethis)> wrote:
>
> > My results:
> > Car A is faster than car B.
> > Car B is slower than car A.
>
> I would like to add that, during a different speed test, car B was
> faster than car A.
>
> > I would like you all to comment on this and to compare it with the
> > performance of your own car.
>
> My car wasn't tested against car A and car B, but I'm sure my car was
> either faster or slower than either car A or car B. Or not.
>
> - --
> Melissa
>
> PGP public keys:
> mailto:pgp_...@gmx.co.uk?subject=PGP_Keys_9&Body=Please%20send%20keys
>
> -----BEGIN PGP SIGNATURE-----
>
> iD8DBQE8emaAKgHVMc6ouYMRAn9+AKCyeATradC8R52hisJZbQs3i0R63QCeI01+
> VyHX7Nf2TrzDZ/83TJreixg=
> =Axgb
> -----END PGP SIGNATURE-----
>
rod
"Kev Page" <kev.pag...@ntlworld.com> wrote in message
news:C%ue8.9669$eT4.1...@news6-win.server.ntlworld.com...
>
> I like the sound of car B,in fact for the next few weeks I shall spout
> everywhere how good it is before suddenly switching to car A.
BoomBoom!
(Too bad shillman is too stupid to pick up on it.)
Bill Clark
> Your tests were crap!
> Several people told you so ... and why.
A Lambdin reincarnate?
--
Growing old is compulsory... Growing up is optional...