[????]???24??????? ???????????
???:
<https://www.metroradio.com.hk/news/details.aspx?NewsId=20260528155807>


--

@~@ Simplicity is Beauty! Remain silent! Drink, Blink, Stretch!
/ v \ May the Force and farces be with you! Live long and prosper!!
/( _ )\ https://sites.google.com/site/changmw/
^ ^ https://github.com/changmw/changmw


--- PyGate Linux v1.5.15
* Origin: Dragon's Lair, PyGate NNTP<>Fido Gate (3:633/10)

On 28/05/2026 15:02, Mr. Man-wai Chang wrote:

<snip rubbish>


You have always been an eejit, and always will be. Now, F-Off.


--- PyGate Linux v1.5.15
* Origin: Dragon's Lair, PyGate NNTP<>Fido Gate (3:633/10)

On 5/28/2026 11:13 PM, occam wrote:

On 28/05/2026 15:02, Mr. Man-wai Chang wrote:

<snip rubbish>

You have always been an eejit, and always will be. Now, F-Off.

Not sure if the report had an English translation...

--

@~@ Simplicity is Beauty! Remain silent! Drink, Blink, Stretch!
/ v \ May the Force and farces be with you! Live long and prosper!!
/( _ )\ https://sites.google.com/site/changmw/
^ ^ https://github.com/changmw/changmw

--- PyGate Linux v1.5.15
* Origin: Dragon's Lair, PyGate NNTP<>Fido Gate (3:633/10)

On Thu, 5/28/2026 9:02 AM, Mr. Man-wai Chang wrote:

[????]???24??????? ???????????
???: <https://www.metroradio.com.hk/news/details.aspx?NewsId=20260528155807>

[Metro Radio] Consumer Council?s 24 Internet Security Software
Microsoft?s built-in anti-virus software is inferior
See full text

"The Consumer Council tested 24 paid and free Internet security software to
compare protection effectiveness, resource usage and ease of use. Many samples
performed well, including some free software, but Microsoft's built-in anti-virus
software performed less well, with only 3.5 points.

The test was coordinated by the International Consumer Research and
Testing Organization, and 16 models were applicable to the Windows operating system
and 8 were applicable to the macOS operating system. In the malware protection
performance test, Microsoft's built-in anti-virus software had many misjudgments,
which may have prevented users from downloading normal files. The overall performance
of the remaining samples was satisfactory, with the successful detection rate of
most samples reaching 97% or above.

In addition, Microsoft's built-in anti-virus software did not provide any phishing
protection for the Chrome browser during the test, so it only scored 1 point. It
also did not activate the ransomware protection function by default. During the
test, many files were maliciously encrypted.

The Consumer Council recommends that members of the public develop good habits and
regularly back up important data. If the main purpose is to surf the Internet or
do document processing, avoid operating as a system administrator for a long time
to prevent hackers from taking advantage of the situation.

Generative AI Created Content Disclaimer | Intellectual Property Rights Statement | User Responsibilities
"

*******

Well, to start with, they likely should not have tested 24 of them, as
it is unlikely that 24 of them are any good :-) A lesser number are good.
Very few products have recognized heuristic protection.

Try looking for the AV-Comparatives Heuristic Detection report, and that
will give you some idea what products might be worth paying money for.

30% of AV products cannot scan anything (as they do not have the 30 unpacker modules to unpack executables to carry out a scan). A number of products
do signature scanning only. And very few products have heuristic protection, and are capable of detecting a "new threat for which a signature has not
been generated yet".

If you download an executable, and it is protected with *two* levels
of packers, like UPX and something else, that is an attempt to deceive you
and the product should immediately be thrown in the trash. You can run
these on Virustotal.com (a Google company), to get the details. Zero packers
or one packer, would be acceptable on incoming materials. Multiple packers means the executable is attempting to slip past the weaker AV products.

AV Comparatives detected a drop in Microsoft quality, some time ago, and
even the "best" AV product can have a bad year. This is one reason you
should study the report of more than one year of competitive AV products,
as a single report does not tell you everything you should know.

Paul

--- PyGate Linux v1.5.15
* Origin: Dragon's Lair, PyGate NNTP<>Fido Gate (3:633/10)

On 5/28/2026 11:57 PM, Paul wrote:

Well, to start with, they likely should not have tested 24 of them, as
it is unlikely that 24 of them are any good :-) A lesser number are good. Very few products have recognized heuristic protection.

Try looking for the AV-Comparatives Heuristic Detection report, and that
will give you some idea what products might be worth paying money for.

I think heuristic are also based on pattern recognition, but focused on
CPU or operating system instruction sets kind of things....

--

@~@ Simplicity is Beauty! Remain silent! Drink, Blink, Stretch!
/ v \ May the Force and farces be with you! Live long and prosper!!
/( _ )\ https://sites.google.com/site/changmw/
^ ^ https://github.com/changmw/changmw

--- PyGate Linux v1.5.15
* Origin: Dragon's Lair, PyGate NNTP<>Fido Gate (3:633/10)

On Sat, 5/30/2026 11:22 AM, Mr. Man-wai Chang wrote:

On 5/28/2026 11:57 PM, Paul wrote:

Well, to start with, they likely should not have tested 24 of them, as
it is unlikely that 24 of them are any good :-) A lesser number are good.
Very few products have recognized heuristic protection.

Try looking for the AV-Comparatives Heuristic Detection report, and that
will give you some idea what products might be worth paying money for.

I think heuristic are also based on pattern recognition, but focused on CPU or operating system instruction sets kind of things....

To give an example, if the AV software noticed some "stack smashing" activity, that requires specific code to check.

Another place you can look, is at the cryptographics random number generator the OS provides, and an excess of calls to that can indicate a problem. You can use the mouse movement of the user, as a "seed" or a "provider of randomness" when building a CRNG. The CRNG should "block" if it runs out of random numbers. OS companies which are closed source, do not usually explain how theirs works.

These examples, require procedural code, so no patterns need be noted. I know about the first one, because Firefox has its own private copy of stack smashing protection. Some of the multiple Firefox processes are designed to "exit" if there is trouble, like the process that plays movies can exit, if a "specially crafted movie" is detected. The main task on Firefox can continue to run,
while the movie one exits. And no, I haven't read all the Firefox source,
for some reason some source file opened to that place and there it was
(I keep a few tarballs).

Heuristic detection is a tightly held secret, as the White Hats have
enough trouble without their defenses being exposed.

Microsoft has in the past made claims that it has "jigglers". For one of them, the claim was, "if a certain activity is detected, we can shut down the OS in 10usec".
And such an event does not have an entry in Eventvwr.msc either. That would take
too long. The problem for us as users, is actually seeing things like this happen in the field. It is one thing for Microsoft to claim these exist,
quite another to reproduce it.

Paul

--- PyGate Linux v1.5.15
* Origin: Dragon's Lair, PyGate NNTP<>Fido Gate (3:633/10)