Ahn Lab coming first ...
so maybe I should be less annoyed at my employer forcing the AhnLab V3 security suite onto my computers. Still annoying though.
Fun fact: Ahn Cheol Soo came third in the last Korean presidential election.
Last month, German software testing laboratory AV-Test threw malware at 20 Android antivirus systems – and now the results aren't particularly great for Google. Its Play Protect system, which is supposed block malicious apps from running on your handheld, was beaten by every other anti-malware vendor. When exposed to recent …
It's a shame the testing didn't do zero-day malware testing as well. It should be possible for any well-connected/well-resourced company to get 100% in known malware detection. Detecting suspicious activity in apps that aren't yet flagged would be even more useful.
Perhaps the Google product tries to use heuristics rather than signatures to do most of its detecting and that is why is scores low in these tests?
Perhaps there is a terminology problem. AFAIK, "zero-day" means "not known by security researchers before it was seen in the real world in malicious activity", and is usually only applied to vulnerabilities. Malware writers don't send their creations to security researchers before using them on victims, so all malware in the wild could be described as zero-day, making the category meaningless.
I'm curious how you would go about doing a comparative test against malicious apps that aren't known to be malicious. If you check the details of AC Test's Real-World Testing, I think they have a good procedure to present the same current threats to all the software under test simultaneously.
Using a combination of techniques, including known malware definitions (signatures is a misleading term) and heuristics, is standard across anti-malware developers.
I've never understood why these tests don't show 100% for every vendor. If a piece of malware is known to the testing lab then why on earth is it not known to the AV vendors? If you're spending money then an AV product with anything less than 100% should *never* be purchased. They'd soon up their game.
I had suspected this. I have an Android emulator that I install malware laden apps on to and the silly "Play Protect" never says a word.
The truth of the matter is most of these so-called "antivirus" Android applications do nothing but scan all your files, videos, music, pictures, network, Bluetooth connections and browsing habits and in some cases your "Whatsapp" messages as well as become Device Administrators sending ALL of that data to their "affiliates".
The several I have tested are loaded with "analytic" engines and advertising SDK's which sometimes serve up fake virus warnings in the ads
.
2 of the "antivirus" apps I've tested aggregate and graph the users Facebook "likes" and Twitter #HASHTAGS by stealing the users access tokens.
And one well known and "respected" "antivirus" applications had a Java based SSH (JSch) hidden inside of it and when I questioned the company about it's function they lied.
I've been warning users about these so-called "antivirus" apps for some time and now that Google has silently pushed the same scam on to millions of users without asking or having the ability to remove it I now know Google is complicit.