Archive

Archive for January, 2008

94% Proactive Detection

January 8th, 2008 14 comments

Recently AV-Test.org published its "Response Time Tests", which measures (in hours) how fast AV companies protect against new malware that makes it into the In-The-Wild list. The study takes into consideration the WildLists from July, August and September 2007. The detection rates were measured using the recommended settings for the e-mail and web protection of the products (as the infiltration vector for most malware is the internet). The results are very interesting and diverse between the entire industry (I've taken out some lesser known scanners and gateway products and concentrated on the desktop protections):

Scanner		TOTAL		July	August	September
=========================================================
Ikarus		3.16		2.35	5.04	2.71
Panda		6.04		0.78	12.68	6.44
Sophos		21.65		17.24	24.44	23.68
AVG		27.83		32.30	20.01	28.79
BitDefender	45.92		79.32	15.85	36.00
AntiVir		65.08		2.06	17.31	147.07
Trend Micro	82.52		120.42	111.59	33.00
Kaspersky	95.96		165.43	41.84	70.22
F-Secure	100.45		167.35	56.73	70.58
Nod32		126.20		162.22	73.87	127.54
Symantec	156.98		211.20	209.48	79.56
F-Prot		215.33		317.57	153.31	166.78
eTrust-VET	239.98		268.80	249.87	209.72
Avast!		306.18		526.62	182.44	195.44
McAfee		343.52		432.61	274.47	310.30
Microsoft	393.25		636.78	183.63	315.06
Norman		438.92		609.76	271.61	396.34
ClamAV		599.55		700.72	630.53	495.60
Dr Web		724.87		870.02	458.58	763.82
Average Response Times in hours including Proactive Detections, Copyright © 2007 AV-Test GmbH
Last update: 2007-12-19 (hp/am). (b) denotes beta signature updates.

The interesting data is the "TOTAL" column, which indicates the number of hours it takes each scanner to effectively protect customers against the new malware samples that make it into the WildList. In the case of Panda it only took us 1.84 hours to protect customers using our beta signatures and 6.04 hours to protect regular customers. The average between all scanners tested was 265 hours response time.

Proactive Protection

Of course the best results are always achieved when succesfully preventing rather than reacting to a threat. This is why Panda's results in these type of tests are very good. Our generic signatures and heuristic engines are capable of proactively protecting against most threats without having to wait for a signature update (94% detection rate using the beta signatures). Looking at the results from a "proactive protection" perspective the results are as follows. These porcentages mean the number of samples detected proactively at the time the sample initially appeared (of a total of 93):

Scanner		TOTAL	July 	August 	September
==================================================
Panda		91%	97%	78%	95%
AntiVir		87%	94%	74%	89%
Ikarus		87%	88%	78%	92%
Sophos		86%	94%	74%	87%
BitDefender	81%	75%	78%	87%
AVG		71%	59%	65%	84%
Kaspersky	69%	59%	61%	82%
Nod32		69%	56%	74%	76%
Trend Micro	68%	56%	57%	84%
F-Secure	67%	53%	61%	82%
Symantec	66%	53%	52%	84%
McAfee		55%	47%	61%	58%
Avast!		53%	31%	65%	63%
eTrust-VET	52%	44%	43%	63%
Dr Web		51%	41%	65%	50%
F-Prot		51%	28%	57%	66%
Microsoft	48%	25%	65%	58%
Norman		46%	44%	61%	39%
ClamAV		42%	28%	39%	55%
Categories: Heuristics, Stats Tags: