我很认同。
另外,本次测试结论中末尾的两段话,我觉得读者在阅读结论时也应一并阅读:
In our Consumer Main-Test Series, products are tested with their default settings. In the Business Main-Test Series, vendors are allowed to configure the products as they see fit – as is common practice with business security products in the real world. However, precisely the same product and configuration is used for all the tests in the series. If we did not insist on this, a vendor could turn up protection settings or activate features in order to score highly in the Real-World and Malware Protection Tests, but turn them down/deactivate them for the Performance and False Positive Tests, in order to appear faster and less error-prone. In real life, users can only have one setting at once, so they should be able to see if high protection scores mean slower system performance, or lower false-positive scores mean reduced protection.
在我们的消费者主要测试系列中,产品以其默认设置进行测试。在商业主要测试系列中,允许供应商按照他们认为合适的方式配置产品--这是现实世界中商业安全产品的普遍做法。然而,在该系列的所有测试中,精确地使用相同的产品和配置。如果我们不坚持这一点,供应商可以提高保护设置或激活功能,以便在真实世界和恶意软件保护测试中获得高分,但在性能和假阳性测试中却把它们调低/停用,以便显得更快、更少出错。在现实生活中,用户只能同时拥有一个设置,所以他们应该能够看到高保护分数是否意味着更慢的系统性能,或者较低的假阳性分数是否意味着减少保护。
以及,
As some of the attack methods used in the test make use of legitimate system programs and techniques, it would be fairly easy for a vendor to stop such attacks e.g. simply by blocking the use of these legitimate processes. However, this would result in the product concerned being marked down for false positives, in the same way that a security program would be marked down for e.g. blocking all unknown executable program files. Likewise, in this test, preventing an attack e.g. by simply blacklisting used servers, files or emails originating from a particular domain name would not be allowed as a means of preventing a targeted attack. Similarly, we do not accept an approach which does not distinguish between malicious and non-malicious processes, but requires e.g. an admin to whitelist ones that should be allowed.
由于测试中使用的一些攻击方法是利用合法的系统程序和技术,供应商要阻止这种攻击是相当容易的,例如,只需阻止这些合法程序的使用。然而,这将导致有关产品因误报而被记分,就像一个安全程序因阻止所有未知的可执行程序文件而被记分一样。同样,在这个测试中,防止攻击,例如通过简单地将使用的服务器、文件或来自特定域名的电子邮件列入黑名单,将不被允许作为防止目标攻击的一种手段。同样,我们不接受不区分恶意和非恶意进程的方法,但要求例如管理员将应该允许的进程列入白名单。 |
楼主: anthonyqian
发表于 2021-11-13 02:58:25
avast+卡巴的引擎组合还是相当实惠,可惜GD不做了
