2007 WildList Proactive Detection
Andreas Marx from AV-Test has just finished WildList Proactive Detection and Response Time Testing for Q4 2007. You might remember I published the Q3 2007 results, where we achieved a 94% detection rate of the new malware included in the WildList proactively (meaning that Panda customers were protected from the moment the malware appeared for the first time). I'm happy to report that our proactive detection rate of WildList malware has improved to 98% during Q4-2007, which means that we detected 60 out of 61 new additions to the WildList proactively, without requiring any signature updates.
So if we take the WildList Proactive Detection Rates from April to December 2007 this is what the results look like: 
Some disclaimers about the data:
- The testbed consists of new additions to the WildList, which is a collection of "in-the-wild" self-replicating viruses, worms and some trojans. The WildList does not include non-replicating malware such as spyware, adware, trojans, rootkits, etc. but that's another discussion we'll have someday.
As you can see there's a difference in the proactive detections of our BETA signatures and our REGULAR signatures. All our commercial products automatically download and use BETA signatures transparently between regular daily update intervals, so the protection rate shown as BETA is the one that actually applies to all our customers alike.EDIT: this applies only to certain products and BETA signatures.- The table does not show other AV vendors' BETA signatures as per request from AV-Test.
- I've also separated results from endpoint engines and gateway engines as these are not comparable.
UPDATE:
A couple of very important clarifications from AV-Test on how to read this data:
"Please note that term "proactive" doesn't necessarily indicate a heuristic or generic detection, but it will just say that a malware was detected *before* it was reported to the WildList of the specific month."
"A WildList malware could already be spreading in April 2007, for example, but when it was first added to the June 2007 WildList, we just checked for the proactive detections on June 1, 2007. So the values doesn't show the proactive detections from the time the malware first appeared "in the wild", but from the time the malware first appeared on the WildList. That's a big difference."
Where does the 98% figure for Q4 2007 come from? I am not able to correlate it from the data presented in the listed spreadsheet.
Yes wookieeb. The 98% is not an average of the different monthly figures (100-88-100) but of the total of Q4 figures. During Q4 a total of 61 new threats were added to the wildlist as “spreading and circulating”. Out of these we detected 60 proactively without any need for signature update. That is 98.36% to be more exact. If you want the monthly figures these are 34 new threats added in October, 8 in November and 19 in December.
Excuse me.
Was it a “Heuristics” detection rate or “Execute” protect rate?
And Panda used TruPrevent or heuristics?
We should diferentiate between 3 main types of detection: signatures, heuristics, and behavioral. TruPrevent is behavioral. In this study only signatures and heuristics were tested.
Of course the test is only as good and as significant as its assumptions and the environment are realistic. Anyway I trust Panda! I´ve never had any problems with it! Not so Antivir! The most threats on my former computer were detected in Antivir itself! That was quite an adventure for me!