AV-Test release latest results

Posted by   Virus Bulletin on   Sep 2, 2008

Major test of suite products completed

Independent testing body AV-Test.org has released the results of a major comparative of suite products, with many vendors' 2009 editions included in the results. The test covers a range of metrics, including detection rates over various types of malware including adware and spyware, false positive rates, scanning speed, proactive detection, and response times to outbreaks.

In terms of pure detection rates in on-demand scanning, a beta version of GDATA's AVK 2009 topped the charts for both 'malware' (measured against 1,164,662 samples) and 'ad- and spyware' (94,291 samples), with Avira's Premium Security Suite 2008 a close runner-up in the former category and F-Secure 2009 placing second in the latter. Secure Computing's Webwasher gateway product, based on the Avira engine with some in-house heuristics, came third in both categories.

Other areas analysed were scored on a five-point scale from very good to very poor. 'Proactive' protection included scanning of files discovered after the freezing of products, and executing unrecognised malware to test behavioural protection. Products rating 'good' or better in every category include Avira's premium suite (the popular free version has less complete spyware detection), AVK 2009, F-Secure's 2009 suite, Symantec's Norton I.S. 2009 (still in beta) and Sophos's Security Suite 2.5. All products taking part in the test managed to achieve a 'good' or better in at least one category.

The test also included keeping a record of the number of updates released over a four-week period. Of course, these numbers on their own cannot be used to measure the quality of the products involved, but were recorded out of interest. The most interesting data to emerge from this measurement was that the 2009 version of Norton topped the table with an impressive 6,202 incremental micro-updates, issued several times per hour, while Kaspersky came a distant second with a mere 696. Half of the 34 products tested had fewer than 100, including those from McAfee (21) and Trend Micro (30).

A summary of the major areas tested is printed below; hover over the product names to see full version information.

Productmalware on demandadware / spyware on demandfalse positivesscan speedproactive detectionresponse timesmalware on demandadware / spyware on demand
AntiVir (Avira)++++ (4)++++++99.8%99.0%
Avast! (Alwil)++++++oo99.3%98.3%
AVG+- (4)++oo95.8%87.0%
AVK 2008 (G Data) (1)++++o-+++99.2%99.1%
AVK 2009 (G Data) (2)++++++++++99.8%99.8%
BitDefender 2008+-+-+++97.7%87.8%
BitDefender 2009+-+o+++97.6%88.0%
CA-AV (VET)----++o---65.5%68.0%
ClamAV-o----++88.5%92.8%
Dr Web---oo+o84.9%89.6%
eScan++o-+++97.8%97.4%
Fortinet-GWo--o++++92.6%81.9%
F-Prot (Frisk)oo++oo94.8%92.6%
F-Secure 2008+++++o+++98.2%98.4%
F-Secure 2009++++++++++99.2%99.6%
Ikarus++++o+++99.5%98.6%
K7 Computingooo++-o92.1%94.0%
Kaspersky++++oo+++98.4%98.3%
McAfeeoo++o+-93.6%94.5%
Microsoft++++o--97.7%97.1%
Nod32 (Eset)oo+++++++94.4%94.7%
Norman+++o+o96.3%95.8%
Norton 2008 (Symantec)+o++++o97.8%94.6%
Norton 2009 (Symantec)++++++++++98.7%95.4%
Panda 2008-o++++o86.4%93.4%
Panda 2009o++++++91.8%95.6%
Rising----+ooo83.4%77.5%
Sophos+++++++97.5%95.0%
Trend Microo-++o+91.3%88.5%
TrustPort++++---++++99.5%98.4%
VBA32o-oo+o90.5%85.2%
VirusBuster--++oo89.0%85.8%
WebWasher-GW (3)++++o++++++99.7%99.2%
ZoneAlarm++oo+++97.8%97.7%
Indexmalware on demandadware / spyware on demandfalse positivesscan speedproactive detectionresponse timesmalware on demandadware / spyware on demand
++>98%>98%no FP< 2 h
+>95%>95%1-2 FP2 - 4 h
o>90%>90%3-4 FP4 - 6 h
->85%>85%5-6 FP6 - 8 h
--<85%<85%> 6 FP> 8 h

Notes
(1) AVK 2008 uses the Avast and Kaspersky scan engines
(2) AVK 2009 uses the Avast and BitDefender scan engines
(3) WebWasher uses the Avira engine and a self-developed heuristic engine
(4) the free (personal) edition does not include ad- and spyware detection, so the results would be --

Posted on 02 September 2008 by Virus Bulletin

twitter.png
fb.png
linkedin.png
googleplus.png
reddit.png

 

Latest posts:

VB2016 paper: Steam stealers: it's all fun and games until someone's account gets hijacked

Last year, Kaspersky Lab researcher Santiago Pontiroli and PwC's Bart Parys presented a VB2016 paper analysing the malicious threats faced by users of the Steam online gaming platform, and highlighting how organized criminals are making money with…

Research paper shows it may be possible to distinguish malware traffic using TLS

Researchers at Cisco have published a paper describing how it may be possible to use machine learning to distinguish malware command-and-control traffic using TLS from regular enterprise traffic, and to classify malware families based on their…

Is CVE-2017-0199 the new CVE-2012-0158?

After five years of exploitation in a wide variety of attacks, CVE-2012-0158 may have found a successor in CVE-2017-0199, which is taking the Office exploit scene by storm.

Review: BSides London 2017

Virus Bulletin was a proud sponsor of BSides London 2017 - Martijn Grooten reports on a great event.

VB2017: one of the most international security conferences

It is well known that the problem of cybersecurity is a global one that affects users worldwide - but it's also one that has some unique local flavours. With speakers representing at least 24 countries, VB2017 is one of the most international…