AV-test.org issues latest figures

Posted by   Virus Bulletin on   Mar 13, 2008

In-depth testing covers multiple factors.

Independent testing body AV-Test.org has released its latest set of results, with a large group of products tested against a number of criteria including proactive detection, spotting and removing active infections, and outbreak response times, as well as simple detection rates.

The results show how companies and their products fare against the latest range of samples arriving at AV-Test, with results of checking new arrivals used to determine the accuracy of heuristics and the efficacy of behavioural detection systems. Updates were also monitored over the test period to determine when companies added detection for new items not spotted using heuristics or generic detection. Detection and effective removal of active malware, including rootkits, is also measured, as is the impact on system performance.

As in AV-Comparatives' recent figures, multi-engine products such as AEC's Trustport, G DATA's AVK and the gateway scanning product WebWasher all performed very strongly in the pure detection test, with Avira's AntiVir also achieving very high scores in both malware and 'potentially unwanted' categories.

The multi-engine products showed their weakness when it came to scanning times and false positives however, and also fared poorly against rootkits, while Avira did well across the board, ranking 'good' or 'very good' in all categories. The only other product to achieve this feat was Sophos, with Symantec and Panda let down only by their response times to outbreaks, marked as merely 'Satisfactory', and McAfee also failing to excel in scanning speed.

The results of the tests are shown in full below.

Overall results


Productmalware on demandadware / spyware on demandfalse positivesscan speedproactive detectionresponse timesrootkit detectioncleaning
AntiVir (Avira)++++ (*1)++++++++
Avast! (Alwil)+++++o+oo
AVG+++ (*1)++oo+o
AVK (G Data)++++o--+++---
BitDefender+++o-++++o
ClamAV--------++----
Dr Weboooo+o++
eScan+oo-+++----
eTrust / VET (CA)----++o---+++
Fortinet-GWoo--++++n/a (*2)n/a (*2)
F-Prot (Frisk)+o++-ooo
F-Secure+o+o++++++
Ikarus++++o+++oo
K7 Computing----o-------
Kaspersky+oo-+++++
McAfee+++++o+o+++
Microsoft+o++o---o++
Nod32 (Eset)+++++++++++
Normanoo+-+ooo
Norton (Symantec)++++++++o++++
Panda++++++o++o
QuickHeal (CAT)--oooo-o
Risingo++oooo+
Sophos+++++++++++
Trend Micro++++++++++
TrustPort++++---++++----
VBA32-ooo+oo+
VirusBuster----+o-oo+
WebWasher-GW++++o++++++n/a (*2)n/a (*2)
ZoneAlarm+oo-++++o

Index
++ = very good> 98%> 98%no FP  < 2 h  
+ = good> 95%> 95%1 FP  2 - 4 h  
o = satisfactory> 90%> 90%2 FP  4 - 6 h  
- = poor> 85%> 85%3 FP  6 - 8 h  
-- = very poor< 85%< 85%> 3 FP  > 8 h  

Notes
(1) the free (personal) edition does not include ad- and spyware detection, so the results would be "--"
(2) not available (this is a gateway product)

Detection rates for malware, adware and spyware


ProductMalware samplesAdware and Spyware
AntiVir (Avira)99.3%99.1%
Avast! (Alwil)98.8%97.9%
AVG96.3%98.6%
AVK (G Data)99.9%99.9%
BitDefender97.8%98.8%
ClamAV84.8%82.4%
Dr Web90.4%92.8%
eScan96.7%92.1%
eTrust / VET (CA)72.1%56.5%
Fortinet-GW92.4%91.2%
F-Prot (Frisk)96.7%92.0%
F-Secure96.8%93.5%
Ikarus98.0%98.8%
K7 Computing65.5%59.5%
Kaspersky97.2%92.0%
McAfee95.6%98.6%
Microsoft97.8%91.5%
Nod32 (Eset)97.8%96.3%
Norman92.8%91.9%
Norton (Symantec)95.7%98.6%
Panda95.6%95.6%
QuickHeal (CAT)85.7%86.7%
Rising94.1%95.9%
Sophos98.1%98.8%
Trend Micro98.7%95.1%
TrustPort99.6%99.8%
VBA3289.9%92.1%
VirusBuster76.2%77.8%
WebWasher-GW99.9%99.9%
ZoneAlarm96.4%94.5%
Number of samples113055683054

Full testing methodology is here.

Posted on 13 March 2008 by Virus Bulletin

 Tags

AV-Test testing
twitter.png
fb.png
linkedin.png
googleplus.png
reddit.png

 

Latest posts:

Paper: How It Works: Steganography Hides Malware in Image Files

A new paper by CYREN researcher Lordian Mosuela takes a close look at Gatak, or Stegoloader, a piece of malware that was discovered last year and that is controlled via malicious coded embedded in a PNG image, a technique known as steganography.

Paying a malware ransom is bad, but telling people to never do it is unhelpful advice

The current ransomware plague is one of the worst threats the Internet has seen and it is unlikely to go away any time soon. But telling people to never pay the ransom is unhelpful advice.

VB2015 paper: VolatilityBot: Malicious Code Extraction Made by and for Security Researchers

In his VB2015 paper, Martin Korman presented his 'VolatilyBot' tool, which extracts malicious code from packed binaries, leveraging the functionality of the Volatility Framework.

VB2016 programme announced, registration opened

We have announced 37 papers (and four reserve papers) that will be presented at VB2016 in Denver, Colorado, USA in October. Registration for the conference has opened; make sure you register before 1 July to benefit from a 10% early bird discount.

New tool helps ransomware victims indentify the malware family

The people behind the MalwareHunterTeam have released a tool that helps victims of ransomware identify which of more than 50 families has infected their system, something which could help them find a tool to decrypt their files.