对vb100怀疑

ray1106

Eugene Kaspersky said:
..the tests conducted by VirusBulletin (an industry publication) - I am sure that if I didn't include this, readers would ask why the tests and the resulting VB100% award hadn't been mentioned. Sadly, these tests are far from perfect. The test standards were developed in the mid-1990s and have barely changed since then. Antivirus products are tested using a collection of files infected by ITW viruses. The award is given on the basis of the test results. However, the ITW collection only contains between two to three thousand files - fewer malicious programs than appear in the wild in the space of a single month. Therefore, a VB100% award doesn't necessarily mean that a product really provides protection against all types of malware. It simply means that the product copes well with VirusBulletin's ITW collection, nothing more

Doctor Web sees the issues of the comparative testing as follows:

1. Testing of an anti-virus for VB100% is based on In-the-Wild set of viruses which includes only malware capable of replicating itself which surely narrows the list of malicious programs used for the testing. As estimated by Doctor Web the In-the-Wild collection includes only 10 per cent of the total number of malware modern anti-viruses protect against.
2. The above-mentioned criterion applied to In-the-Wild collection leaves out the large segment of the present-day malware – Trojans. The same applies to one of the gravest IT security issues of last 4-5 years, so called rootkits. No matter how good an anti-virus is at detecting Trojans which outnumber viruses manifold, mo matter what are its rootkit counteraction capabilities it will only get the VB100% upon a successful detection of several thousands of samples from the In-the-Wild collection. Alas, VB100% used as an ultimate benchmark by some marketing specialists and industry experts won’t show a user if an anti-virus is really efficient against Trojans.
3. In order to address new challenges Dr.Web is developing as all other AV products. AV vendors have to deal with new technologies of virus-writers on daily basis which makes constant bringing of innovations into an anti-virus a must. And here regular updates of a virus database are not enough. The testing for VB100% doesn’t compare technical innovations of anti-viruses developed to counteract malicious programs that are never included the In-the-Wild collection.
4. It’s not a routine scan of a collection of files that shows how good an anti-virus is. It is a malicious attack when malware is attempting to get to a computer or a computer has already been infected. Recent years saw numerous proposals to create tougher conditions for testing anti-viruses and assess them by their ability to cope with an active infection. An anti-virus can show astounding results detecting samples from In-the-Wild collection but users will never know if it is the same perfect when malware is running in the RAM and controls the system rather than stored on a hard drive. Neither the test compares curing capabilities of anti-virus products.


就像卡巴斯基本人说的一样，VB100的测试方法很久没有变过，vb100测试的是被ITW感染的文件作为测试样本的
就像A2这次miss 700+，其实这些文件都是来自一个家族，700多文件都是都是被一个文件感染的，个人认为这种方法是不科学的
关闭时断网，关闭IDS，hips 无法发挥软件的最大保护性能，只测试on-demand
VB100测试是不全面的

righac

再怎么评测都会有怀疑，相信自己用的经验就好，a2是按风险来计数的，显示一个风险可能包含很多文件

juhone

国外的什么评比和测试，不要去相信，仅作参考，因为并不适合中国
本论坛的国外区或者其他区的某些人还特别推崇什么评比的，在病毒区的成绩不怎么样，却“安慰”自己，在国外某某评测中的成绩有多好，呵呵，悲哀！

wellofsouls

回复 1# ray1106
只看VB100的通过与否是不全面的，但VB100也有测试整体查杀率，要看详评中的RAP测试……

VB100是否通过总要有一个标准，A2/IK整体查杀率很高，但对变型病毒的查杀率不理想，所以才会因为漏过一个变型病毒母体而漏掉700多个变型体……

对于变型病毒来说，不能说是一个家族就算一个miss，漏杀母体肯定会漏杀变型体，但即使能杀掉母体也不一定能杀掉变型体，所以700+个变型体就要按700+个miss来算……

LiZhen

如果vb100真的过时了,就不会有如此多厂商抢着参加测试了

luoyou1988117

仅作参考，也不是完全没有说服力

bbs2811125

就跟用考试成绩来判断一个学生学习能力高低一样~
总会有弊端的

107

参考而已

悠柚

AVC和PCSL才是正道......不要光看查杀率，要看综合水平（不过番茄最近有点偷懒，测评有段时间没有出来了）

中国崛起

VB100毕竟也代表着一种方向，测试一定是会有不足的，要不然也不会有那么多种测试了。不过不管什么测试，也只是一个参考，全信不可，也不能因噎废食。