ProActive Tests


As many of you know shows tests conducted on Antiviruses, ProActive and On demand. As I was looking through the results on ProActive I saw that Avast and all the others AVs are doing bad in the ProActive. So then I was wondering what were the conditions of the ProActive test ? Are the Malwares running in memory or just inactive on the hard drive ?



It is actually a Retrospective/ProActive Test.

As far as I’m aware this is leaving the AV without updating the signatures for three months and then running the tests to see how an AV might deal with viruses not covered by previous signatures. Those with heuristics, etc. are likely to do better this would be what many would consider ProActive.

** = new malware samples received during the 7th August and the 7th November that were new to all tested scanners This test shows the pure proactive ON-DEMAND detection capability that the scanners had 3 months ago (7th August 2006) with best possible detection settings.

Personally I’m unsure of this tests worth as I would have though your average user would keep their AV signatures up to date. This is I feel especially true of the avast auto update and incremental signature updates to keep the process quick.

Almost all of the AVs in the test take a hit when compared to the on-demand tests, so I guess it shows the importance of keeping your signatures up to date.

Unfortunately, although most users, from your average user to those of the avast! evangelist calibre, would keep their AV signatures up to date, there are too many who would not think to do such a thing, any more than they would update their screen-savers. :cry:

Automatic updates are truly a blessing!

I believe the test is intended to see how many new viruses not in the definitions file an AV will detect by heuristics alone, not how well the AV copes if the user doesn’t update the definitions file. With malware writers now producing new variants of Trojans and viruses every hour, even the quickest virus definitions update will not keep up with new variants, which is where heuristics comes in. Good heuristics will stand a good chance of catching the new variant, even where the latest definitions might miss it.

EDIT: Typo.

Which in a backhand sort of way sort of the same thing about the use of the test.

Those most in need of the nudge to keep their signatures updated are hardly likely to be reading the report or these forums. For many Ignorance is bliss, and until they get a serious infection one that has outward signs (not a hidden bot-net zombie) will they get religion and keep their security system up to date.

They are also unlikely to have a multi-level/application approach towards protection, for some there is little hope until they get seriously hit and then we will be preaching to the converted.