AV-Comparatives tests antivirus software proactive defenses

June 21, 2009 · Filed Under News, Security 

News - A succession of fresh, quality news, from inside and outside of the WebWith the usual punctuality from which I should learn something, at the end of May the Austrian labs of AV-Comparatives released the second part of the first antivirus comparative of 2009, comparing the previously tested security software with unknown threats for which there still is no specific signature. In such a scenery malware detection rates tend to drop drastically, and only the most advanced engines are able to succeed by obtaining the best results.

Being the continuation of the previous comparative, report n.22 examines the behaviour of the same antivirus software included in the February test except for a case. With the exclusion of Command Anti-Malware 5.0.8, the test bed of the new on-demand comparative includes the following products: avast! Professional Edition 4.8, AVG Anti-Virus 8.0, AVIRA AntiVir Premium 8.2, BitDefender Antivirus 2009, eScan Anti-Virus 10, ESET NOD32 Anti-Virus 3.0, F-Secure Anti-Virus 2009, G DATA AntiVirus 2009, Kaspersky Anti-Virus 2009, Kingsoft Antivirus 2009, McAfee VirusScan Plus 2009, Microsoft Live OneCare 2.5, Norman Antivirus & Anti-Spyware 7.10, Sophos Anti-Virus 7.6.4, Symantec Norton Anti-Virus 2009, TrustPort Antivirus 2.8.

The sixteen listed antivirus were tested with the same virus signatures updates of report n.21 (dating back to February 9) and with the same maximum detection settings, except for Sophos because of its tendency to excessively increase the number of false positives. The main purpose of report n.22 is to test the antivirus detection capabilities while scanning unknown malware, ie the samples collected by the Austrian experts during the week between the 9th and the 16th of February.

The comparative excluded whatever cloud computing defensive technology, the report says, because “if a malicious program is already detected ‘in-the-cloud’ it isn’t unknown/new malware“. According to AV-Comparatives, using those proactive systems which exploit the Internet connection to access a remote databasewould be unfair” to other software lacking this kind of functionality and unable to obtain normal signatures updates.

Restrained the opportunity to make use of always-on defenses, what remains is the most prominent proof of how much the antivirus programs are able alone, through a clever mix of generic markers, heuristic engines and on-the-fly analyses on the executable code to protect the system and the user’s data from unknown threats. And as already happened in the latest comparatives, Avira AntiVir performs better than any other product by detecting 69% of the more than 22,000 samples (viruses, worms, backdoors and others) used for the test.

AV-Comparatives - detection rates May 2009

The best antivirus of year 2008 outdistances by nine points the second comers Microsoft One Care and G DATA, and in the latter case it isn’t enough even to integrate the two different engines of BitDefender and Avast to near the German antivirus capabilities. ESET NOD32 gets the third place with 56% detection rates, followed by BitDefender, Kaspersky and eScan at fourth place (50%) and then by the others.

Avira AntiVir continues to be over the top compared to its competitors as of detection rates, but as already happened in April the antivirus is seriously penalized by the high number of false positives found in report n.21, absolutely legit software that are wrongly identified as malicious raising an alarm that could have, according to AV-Comparatives, the same negative effects of a true infection if the user wasn’t able to understand the difference by himself.

With the inclusion of the aforementioned false positives in the final balance, only OneCare, NOD32 and Kaspersky reached the certification level ADVANCED+. Avira together with G DATA, BitDefender, eScan, Sophos, Symantec/Norton and McAfee must be satisfied with level ADVANCED while the less performing products (or the ones even more penalized by false alarms) don’t go beyond the STANDARD level. Lastly Norman and KingSoft are unable to get any award.

AV-Comparatives - awards May 2009

Share this post!
  • Slashdot
  • Digg
  • Reddit
  • StumbleUpon
  • del.icio.us
  • Technorati

Related posts

Tags: , , , , ,

Comments

Leave a Reply