那个Microsoft-prevalence-based analysis of the File Detection Tests是由微软委托的,而且样本影响数据也来自微软。测试文档里有说明。。
防护测试是3月份的文件扫描测试结果,另外的测试是根据杀毒软件miss的样本造成的影响进行加分或者减分,微软的意思是这样的测试更能体现真实世界。
测试文档中举了一个例子
Let us imagine that Product A detects 99% of malware samples in the test, but that the 1% of samples not detected are very widespread, and that the average user is quite likely to encounter them. Product B, on the other hand, only detects 98% of samples, but the samples missed are not as prevalent. In this case, users would probably be more at risk using Product A, as it misses more of the malware that is likely to present a threat to them. AV-Comparatives has for many years focused on using prevalent samples in its tests, as mentioned in our reports and also in a Microsoft blog2. Furthermore, same sample variants (e.g. polymorphic malware) are clustered into families to avoid a disproportional testset3. AV-Comparatives makes uses of telemetry data from various sources, not just Microsoft, as the test-set must remain independent and not based solely on data provided by one specific vendor or organisation. Therefore, minor discrepancies between one vendor’s data and our independently sorted combination are possible. The original File-Detection Test in March 2016 used a malware set sorted using various telemetry sources; however, the analysis in this supplementary report is based solely on Microsoft’s data
必应翻译:
让我们想象一下产品 A 检测 99%的恶意软件样本,在测试中,但未检测到的样品的 1%是很广泛,和一般的用户是很可能会遇到他们。产品 B,另一方面,只检测到 98%的样本,但错过了的样品不一样普遍。在这种情况下,用户可能会使用产品 A 的风险更大,因为它错过更多的是可能会对他们构成威胁的恶意软件。AV 比较级已多年专注地利用流行样品在其测试中,刚才在我们的报告,亦在 Microsoft blog2。此外,同一样品变形 (如多态恶意软件) 都聚集到家庭,以避免不成比例的 testset3。Av-comparatives 利用遥测数据从各种来源,而不仅仅是微软,作为测试集必须保持独立和不依据的只是由一个特定的供应商或组织提供的数据。因此,一个供应商的数据和我们独立排序的组合之间的微小差异是可能的。原始文件检测测试在 2016 年 3 月使用恶意软件集进行排序使用各种遥测来源;然而,本补充报告中的分析只基于微软的数据 |