引用:
原帖由 jijiasd 于 2008-10-11 09:37 发表 
继趋势之后
這篇文章很久的了....
Doctor Web: statement on Virus Bulletin comparative reviews
August 8, 2008
Given recent announcements in mass media and numerous questionsdirected to our partners concerning our decision to abandon thecomparative review of anti-virus products by Virus Bulletin we considerit necessary to issue our official statement on this subject.
Virus Bulletin is one of the most respected titles devoted toprevention, detection and removal of malware and spam naturallyknitting virtually all anti-virus developers; annual anti-virusconferences held by the magazine still remain a unique event wherecompetitiveness on the market loses its significance as vendors focuson pointing out new trends in the evolution of malware and work outmethods to protect users all over the world.
The comparative reviews of anti-viruses conducted by VirusBulletin every two months is an established event, almost a ritual.Dr.Web is one of the oldest participants with the successful historydating back to the second test in 1998. The testing always stood outamong others of its kind for its transparent methods, accuracy andunbiased assessment of products of all vendors and perfectcommunication with anti-virus companies.
However developments of the industry in last years make manyvendors question the comparative reviews. Though transparent andaccurate the testing methods fail to keep up with the evolution ofmalware as well as anti-virus applications. That’s why the longprestigious VB100% can no longer serve as a benchmark reflecting theactual quality of an anti-virus and which is worse is nowadays used tomanipulate opinion of users.
Doctor Web sees the issues of the comparative testing as follows:
- Testing of an anti-virus for VB100% is based on In-the-Wild set ofviruses which includes only malware capable of replicating itself whichsurely narrows the list of malicious programs used for the testing. Asestimated by Doctor Web the In-the-Wild collection includes only 10 percent of the total number of malware modern anti-viruses protectagainst.
- The above-mentioned criterion applied to In-the-Wildcollection leaves out the large segment of the present-day malware –Trojans. The same applies to one of the gravest IT security issues oflast 4-5 years, so called rootkits. No matter how good an anti-virus isat detecting Trojans which outnumber viruses manifold, mo matter whatare its rootkit counteraction capabilities it will only get the VB100%upon a successful detection of several thousands of samples from theIn-the-Wild collection. Alas, VB100% used as an ultimate benchmark bysome marketing specialists and industry experts won’t show a user if ananti-virus is really efficient against Trojans.
- In order to address new challenges Dr.Web is developing asall other AV products. AV vendors have to deal with new technologies ofvirus-writers on daily basis which makes constant bringing ofinnovations into an anti-virus a must. And here regular updates of avirus database are not enough. The testing for VB100% doesn’t comparetechnical innovations of anti-viruses developed to counteract maliciousprograms that are never included the In-the-Wild collection.
- It’s not a routine scan of a collection of files that showshow good an anti-virus is. It is a malicious attack when malware isattempting to get to a computer or a computer has already beeninfected. Recent years saw numerous proposals to create tougherconditions for testing anti-viruses and assess them by their ability tocope with an active infection. An anti-virus can show astoundingresults detecting samples from In-the-Wild collection but users willnever know if it is the same perfect when malware is running in the RAMand controls the system rather than stored on a hard drive. Neither thetest compares curing capabilities of anti-virus products.
Doctor Web considers these issues to have negative impact on theefficiency of the comparative reviews conducted by Virus Bulletin usingexisting testing methods. Results of the reviews don’t provide anyreasonable assessment of the quality of products in question, of theircapability to protect users against contemporary threats. The procedureis called the comparative review but in fact the testing by VirusBulletin doesn’t compare many features implemented in present-dayanti-viruses. Under the circumstances VB100% presented as ahigh-quality mark awarded to a successful participant in truth ismerely an evidence of passing a certain test that doesn’t have much todo with trying out capabilities of the software that are reallyrelevant for counteracting contemporary malware threats.
All these issues have led Doctor Web to stepping aside as aparticipant of the Virus Bulletin comparative reviews. However, we arewatching over the evolution of testing methods very closely and aresure to rejoin as soon as they are up to the present day requirementsfor anti-virus security.
