Jump to content

How Well Does Eset Protect Versus Its VirusTotal Competitors Using This Criteria ...........


itman

Recommended Posts

 

Quote

This page shows the relative performance of the Antivirus solutions hosted by VirusTotal. We rank antivirus performance in 2 dimensions: The severity of the kind of Malware they are able to detect, and how well they are able to detect any Malware.

  • The severity is our estimate of what class of malware was detected. If it is spyware or an undesirable application, its severity is low. If it is a Bot designed to hijack your computer, ransomware or any type of malware which will compromise your data, it is ranked 100.
  • The detection rate is calculated over all malware reported in this period. This measures of how effective each vendor is with respect to the others.

 

https://research.metaflows.com/stats/antivirus_vendors/

Note the following in regards to the test results:

1. Yellow colored bubble denote solutions with high false positive rates.

2. The only solution to score higher than Eset in this testing was Dr. Web. Checkpoint had the same ranking as Eset.

Edited by itman
Link to comment
Share on other sites

Since I have already received one comment about this test, a further clarification is needed on how this test differs from comparative AV product test scoring done by the AV labs.

In the tests done by AV labs, all malware has equal status as far as missed detection is concerned. That is a potentially unwanted app non-detection has the same ranking as ransomware for example. A few AV labs such as Malware Research Group will break out malware detection by category such as ransomware sample detection, but no attempt is made to "weight" non-detection by malicious status. 

Link to comment
Share on other sites

  • ESET Moderators

Hello,

Although it is a few years old, the following blog post by VirusTotal may be of interest: https://blog.virustotal.com/2012/08/av-comparative-analyses-marketing-and.html

I would be very cautious of trying to extrapolate the efficacy of any security product based solely on VirusTotal results.


Regards,

Aryeh Goretsky

Link to comment
Share on other sites

1 hour ago, Aryeh Goretsky said:

I would be very cautious of trying to extrapolate the efficacy of any security product based solely on VirusTotal results.

Looks like you made the same assumptions @SeriousHoax did.

The reference to VirusTotal was only to AV vendors that are listed there. The organization that produces this analysis uses their own malware samples harvested from their client installations and performs its own testing including detailed sandbox analysis. Think along the lines of Hybrid-Analysis, any.run, etc..

Edited by itman
Link to comment
Share on other sites

  • ESET Moderators

Hello,

From the description on their website:
 

Quote

 

How it works
Metaflows appliances monitor the transmission of all notable files (.exe, .dll, .pdf, .zip, Microsoft Office formats, etc.) transmitted on your network. The digest of each file is passed to the Network Antivirus system, which consists of 55+ Antivirus solutions provided by Virus Total giving us the broadest possible base of signatures to use for Malware Detection. All files that test positive on 3 or more Antivirus solutions generate high-priority alerts. Any host involved in the transmission of such files can be safely blocked and taken off the network because it is mot likely compromised.

Content which is unknown to Virus Total is executed in our proprietary sandbox available as a cloud based or on premise solution. A mix of proprietary and open source tools analyze the behavior of the content as it is executed/opened to determine whether it is well behaved. If the behavior is consistent with dangerous Malware, the sandbox issues a high priority alert with a detailed report of why the content is bad.

 

Source: https://www.metaflows.com/features/antivirus/

Regards,

Aryeh Goretsky

 

Link to comment
Share on other sites

5 hours ago, Aryeh Goretsky said:

From the description on their website:

Somehow I missed the first paragraph you posted. As such, you are correct they are basing their statistical analysis on VT results.

On the other hand, I still believe the analysis has merit since high impact malware should be detected rather quickly by signature by AV solutions. Of course there are other factors involved such as frequency of the malware and its geographic dispersion which would influence submission frequency to VT. Also as you noted, not all security mechanisms are implemented for select products at VT and sandbox scan time is limited.

Edited by itman
Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...