Anti-Virus industry lacking when it comes to detection says report.

[ceyfer]

A detection rate study of 13 known anti-Virus vendors by cyber intelligence firm Cyveillance shows an initial detection rate of just 19-percent. After thirty-days, the detection rate jumps to 62-percent. This trend, Cyveillance says, shows that traditional anti-Virus vendors lag behind the criminals when it comes to detecting and protecting.

The initial testing placed ESET (Nod32) at the top, with a day one detection rate of 37-percent. They were followed by F-Secure, Kaspersky, McAfee, Symantec, Sophos, and AVG. After 30-days, the detection rates are all over the place. Symantec, who had an initial detection of 21-percent on day one, increased the detection to 47-percent by the end of the test. Yet that jump is minor compared to AVG, who started with a 13-percent detection rate, and climbed 93-percent on day thirty.

Cyveillance Malware Detection report | PDF.

• http://www.thetechherald.com/article...on-says-report.
  
• http://www.cyveillance.com/web/news/...2010-08-04.asp

Responses:

• How to Screw Up and Skew a Test | ESET Blog.
  
• A Closer Look at AV Detection Lag-times | Cyveillance.

[leofelix]

I have to say that ESET has very good points in my opinion (even if a reaction it was expeted, of course)

@ Ceyfer: I cannot reach the second Cyveillance link, can you please fix it? If I type http://www.cyveillance.com/ I can only view their main page

[noaccount]

I have to say i agree with ESET on this one.

@leo: no problem here, are you still beta testing ClearCloud DNS?

@ceyfer: thanks for heads up.

[leofelix]

/OT
@ noaccount
I use ClearCloud DNS only in my latptop with Windows 7 home premium x64.
I can change DNS in a while thanks to DNS Jumper anyhow
/End OT

[safeguy]

I can't vote for either one as both sides are right and wrong in their own ways....realizing that the difference lies only in which aspect they are focusing upon.

Eset's focus here is in questioning the reliability of the methodology used by Cyveillance and Eset is indeed right in doing so. The test was "fundamentally flawed" in the sense that the files were not examined based "on what it does" to confirm whether they are really malicious but instead relies on "on the leading brands in the industry to say what is and isn’t malware".

However, Cyveillance is also right in defending their choice of methodology used as suitable as they are not recognized as an antivirus company. Furthermore, their main focus/point in conducting the study isn't about whether a file is really malicious or to make comparisons among different AV companies/brands - instead it is to see/analyze how long each company takes to identify/recognize a piece of sample as malware based on each brand's own sets of recognition methods (heuristics, further manual analysis by the team underhood, etc) and not of the competitor's.

Simple analogy here is:

Eset says:
"Is it right to say that the apple does not taste bad simply because 3 guys said it was nice?"

while

Cyveillance says:
"We're just analyzing how long it takes for a person to make a decision and say whether that piece of apple tastes good/bad. We didn't taste it for ourselves as others may not recognize us as reliable taste testers. Furthermore, each tester has different taste-buds and we're not here to compare between the various testers. That's not our focus here."

Understand now? Both parties have valid points...

[noaccount]

Disagree with that, but their conclusion is La Palice, so ya, you are right (being wrong )

Regardless of the difference of opinion in the methodology used, as mentioned in the article, the conclusions in the report are on target – you can’t rely solely on signature based protection for today’s Internet threats.

[safeguy]

That conclusion doesn't require a research/study to be made....it's pretty well-known among most of us here by now

[Ande]

When has it been when criminals aren't ahead of the police? Police have rules, standards, paperwork, etc.
Criminals have tools. Are tools. Shoot the suckers!

[safeguy]

That's why they say sometimes you have to think like the enemy in order to counter-attack against their actions.

But come to think of it, without criminals, the police won't have their pockets and stomach filled. Same goes for security software companies. It's a 2-way thing - each can't live without the other despite their differences/motives.