Comments on: What a "Tangled" Web…

By: jeffs

jeffs — Mon, 14 Jan 2008 22:59:30 +0000

I think it’s amazing that McAfee took all this time to say “we still don’t know”. Don’t they have the resources to simply pick any number of samples and do their own test? Surely they have done that already. And surely they would have mentioned it here… but only if it showed that ClamAV was *not* more effective !

By: Ffoeg

Ffoeg — Thu, 20 Dec 2007 05:28:52 +0000

I’ve been using AVG free edition and Spybot S & D for a few years and haven’t ever detected a single virus with either of them because I DON’T DOWNLOAD AND RUN THEM TO BEGIN WITH!!! Who cares what AV you use or which one works 2% better. If you pay for one it will cost more. If you download every stupid thing your friends send you and open every file you can find your computer is going to get hosed regardless!

By: agus budianto

agus budianto — Thu, 15 Nov 2007 05:50:53 +0000

hi, i am using mcafee in my office, and it works with all the virus so far, so i have no disappointment with mcafee at all, just for information.

By: Beto

Beto — Sat, 13 Oct 2007 22:58:24 +0000

Well.. I have a conclusion: Kaspersky and NOD32 are the best antivirus.

McAfee used to be good in the V4.0.3 times… now is bloatware, with low detection rates…

By: Dave

Dave — Sat, 29 Sep 2007 13:32:58 +0000

McAfee’s inability to detect viruses is why I no longer use Mcafee. So much got through that my Windows operating system was corrupted to the point that it was useless. I scanned all my documents with Clamav, backed up any that weren’t infected, formatted the drive, reinstalled Windows, partitioned the drive and installed Linux Fedora. I just don’t let Windows have any internet access. To make sure I unplug the cable when I use it. Since then no problem. Unfortunately there are a couple programs I still need Windows for. Those are Sonic Foundry’s Acid and Windows Video Maker (just for ease of use). I’m sure there are programs out there that do similar things but I have many Acid files that I still need to edit and I haven’t found a Linux video program that allows me to edit the audio track as easily.

By: idbeholda

idbeholda — Sat, 29 Sep 2007 07:24:39 +0000

There are several problems with the aforementioned logic. I will now systematically pwn all vendors for everyone’s enjoyment.

Blatantly False Results (lol) – Anyone can run results on an arbitrary archive, and the results will always be different. This is precisely why all test fail under the scrutiny of logic 101. If memory serves me correctly, the idea was to have a *RANDOM* sampling of a few files submitted by the audience as a whole. To an extent, this is a statistically better idea, as it keeps the vendors on their feet to the fact that at some point in time, no two archives or submissions will be identical. Theoretical Practice. When developers understand this, they’ll stop failing so hard.

As for the password protected or 0-byte files. This can be counteracted in two ways. Skip the 0-byte files to begin with unless the filesystem on that particular install allows (and has enabled) resource forking like the ADS for NTFS on windows NT based systems. Password protection? Not an actual threat because in order for the files to be extracted one has to know the password to begin with. Problem is, no security vendor will decide to add in brute force password cracking on protected archives because of the so-called “ethics” behind it.

I believe the euphamism you’re looking for is “in order to defeat hackers, you must think and act as one of their own.” This cannot be argued.

Biased Samples (zLOL)- Look into the idea of honeypotting/honeynetting. These are more accurate representation of a statistical enumerations of a large population than it is of an archive. Remember, no two archives are identical. Lest we forget Mr. Bontchev’s article regarding the pitfalls of “in the wild” lists. That was something even I have said for years and nobody else listened. In any regard to that, any sort of sampling submission is ultimately flawed and biased *TOWARDS* the particular vendor providing the samples.

Comparing the Wrong Products (facepalm.jpg)- Like everyone is going to have the same operating system installed? TRY AGAIN. Databases should be interpreted/factored to the same degree on any system regardless of what is installed.

Misconfigurations of Vendorâ€™s Products (lmfao… sophos sure got told, didn’t they?) – This is why vendors need to fully publish the requirements of command-line arguments for their scanners. If you don’t fully disclose any critical information regarding a scanner functions, how can you reasonably expect it to work flawlessy in an arbitrary test?

Conflict of Interest (????)- The samples were taken from audience members. If you don’t consider each audience member as a statistical third, fourth, fifth, etc party, how can you be expected to pass basic math? At this point, somebody needs to buy a vowel from Pat Sajak.

Improper Handling & Distribution of Viruses (PROFIT)- You’ve not only managed to misquote the CFAA, but you’ve simultaneously managed to misquote it out of context, and then further compounded the issue by discrediting the entire test by basically quoting the metaphorical fine print after the fact. Secondly, since the samples were provided by audience members, the beginning parameter of the argument invalidates itself by default. Since the “public” was the audience, exactly how does the public endanger itself?

Further more, if one were to actively search for the link, that would inherently imply that they are security and technologically savvy to begin with, provided they’re not a script kiddie looking for an easy way to “distribute malware”, which again, defeats the purpose altogether, as there are several well known sites (basically the entire internet) that in some way, shape, or form allows public access to said material in the first place. Putting a lock on a glass display case is pointless, as the glass itself can be broken: Learn first before you start touching.

To misquote the CFAA out of context is completely inexcusable, and shows not only a blatant disregard for logic, but also education, basic reading comprehension, and a complete understanding of fantasy .vs. reality. It also does nothing more than imply that the detractors involved are nothing more than racketeers themselves, and ultimately are no better than the malevolent users they are trying to stop. Some information may be slightly dangerous to the wrong individual, but if everyone knows the same information, the threat will “mysteriously” vanish.

As a final note, this is not simply directed at one company/vendor, but all of them. I say this, because I can guaruntee at least 5-10 years (maybe more) down the road, I will ultimately be proven right. Do we have any bets on this?

By: dp

dp — Mon, 24 Sep 2007 04:54:15 +0000

The methods are published – we can decide how valid they are as well as you can. We may not agree with you as you might suspect. You lost in this test – get over it. Go find somebody else’s test that has published methodologies and see how you do, but quitcher bitchin.

By: bobo

bobo — Sat, 22 Sep 2007 14:46:10 +0000

LOL!??!?!?? is there someone who still buys something from McAfee??!?!?!?!?!?!?
haahah

By: ooo

ooo — Sat, 22 Sep 2007 06:51:43 +0000

5 Linux, 2 Windows, and 3 Gateway products.

By: g0d0t

g0d0t — Thu, 20 Sep 2007 13:03:46 +0000

http://www.clamav.net/ has something to say about that :

http://www.clamav.org/2007/09/20/different-views-on-av-testing-methodology/

Quote :
“While the methodology in this test has been debated, we believe that all tests should be as open to review as the Untangle test was!”

Indeed it seems funny to criticise a methodology used in a test (even justified) while not pubishing detailed methodology for your own tests.