12
返回列表 发新帖
楼主: anthonyqian
收起左侧

[杀软评测] 【AV-C】2021年高级威胁防护测试(原增强真实世界测试)

[复制链接]
bbs2811125
发表于 2021-11-13 02:58:25 | 显示全部楼层
avast+卡巴的引擎组合还是相当实惠,可惜GD不做了
zwl2828
发表于 2021-11-13 13:14:44 | 显示全部楼层
PanzerVIIIMaus 发表于 2021-11-10 21:01
我对比了去年的成绩,感觉BD个人版从去年开始就对由Spearphishing(鱼叉式网络钓鱼)思路展开的攻击比较弱 ...

我很认同。

另外,本次测试结论中末尾的两段话,我觉得读者在阅读结论时也应一并阅读:

In our Consumer Main-Test Series, products are tested with their default settings. In the Business Main-Test Series, vendors are allowed to configure the products as they see fit – as is common practice with business security products in the real world. However, precisely the same product and configuration is used for all the tests in the series. If we did not insist on this, a vendor could turn up protection settings or activate features in order to score highly in the Real-World and Malware Protection Tests, but turn them down/deactivate them for the Performance and False Positive Tests, in order to appear faster and less error-prone. In real life, users can only have one setting at once, so they should be able to see if high protection scores mean slower system performance, or lower false-positive scores mean reduced protection.


在我们的消费者主要测试系列中,产品以其默认设置进行测试。在商业主要测试系列中,允许供应商按照他们认为合适的方式配置产品--这是现实世界中商业安全产品的普遍做法。然而,在该系列的所有测试中,精确地使用相同的产品和配置。如果我们不坚持这一点,供应商可以提高保护设置或激活功能,以便在真实世界和恶意软件保护测试中获得高分,但在性能和假阳性测试中却把它们调低/停用,以便显得更快、更少出错。在现实生活中,用户只能同时拥有一个设置,所以他们应该能够看到高保护分数是否意味着更慢的系统性能,或者较低的假阳性分数是否意味着减少保护。

以及,

As some of the attack methods used in the test make use of legitimate system programs and techniques, it would be fairly easy for a vendor to stop such attacks e.g. simply by blocking the use of these legitimate processes. However, this would result in the product concerned being marked down for false positives, in the same way that a security program would be marked down for e.g. blocking all unknown executable program files. Likewise, in this test, preventing an attack e.g. by simply blacklisting used servers, files or emails originating from a particular domain name would not be allowed as a means of preventing a targeted attack. Similarly, we do not accept an approach which does not distinguish between malicious and non-malicious processes, but requires e.g. an admin to whitelist ones that should be allowed.


由于测试中使用的一些攻击方法是利用合法的系统程序和技术,供应商要阻止这种攻击是相当容易的,例如,只需阻止这些合法程序的使用。然而,这将导致有关产品因误报而被记分,就像一个安全程序因阻止所有未知的可执行程序文件而被记分一样。同样,在这个测试中,防止攻击,例如通过简单地将使用的服务器、文件或来自特定域名的电子邮件列入黑名单,将不被允许作为防止目标攻击的一种手段。同样,我们不接受不区分恶意和非恶意进程的方法,但要求例如管理员将应该允许的进程列入白名单。
MaxLen
发表于 2021-11-13 21:45:57 | 显示全部楼层
anthonyqian 发表于 2021-11-10 01:11
说明BD技术在过去一年里面没啥长进,而别家进步速度快~

比较有趣的是Avast送测各大评测机构的都是用他 ...

确实是,Avast一直给我一种和其它杀软不在一个次元的感觉
看了一下各大机构似乎都没有最新的付费版的测试数据
zxc_dream
发表于 2021-11-18 21:35:43 | 显示全部楼层
卡巴算老牌了,也很稳定。
fuguo
发表于 2021-11-30 17:27:21 | 显示全部楼层

感谢分享,谢谢楼主~
ikochina
头像被屏蔽
发表于 2021-12-13 15:42:02 | 显示全部楼层
咖啡竟然有一个见面杀,咖啡家庭版都是云杀和执行扫描,很少见到有见面杀的啊。感觉双a现在好强悍,免费版感觉要秒好多收费版的样子了
您需要登录后才可以回帖 登录 | 快速注册

本版积分规则

手机版|杀毒软件|软件论坛| 卡饭论坛

Copyright © KaFan  KaFan.cn All Rights Reserved.

Powered by Discuz! X3.4( 沪ICP备2020031077号-2 ) GMT+8, 2024-12-22 12:03 , Processed in 0.083513 second(s), 15 queries .

卡饭网所发布的一切软件、样本、工具、文章等仅限用于学习和研究,不得将上述内容用于商业或者其他非法用途,否则产生的一切后果自负,本站信息来自网络,版权争议问题与本站无关,您必须在下载后的24小时之内从您的电脑中彻底删除上述信息,如有问题请通过邮件与我们联系。

快速回复 客服 返回顶部 返回列表