Austrian antivirus testing lab AV-Comparatives.org tests up to 20 antivirus technologies four times per year. The tests alternate between on-demand detection of current malware and retrospective detection that attempts to measure the product's ability to detect new threats. This week AV-Comparatives released results for its latest on-demand test, which used about 400,000 samples, none more than six months old.
With this test, AV-Comparatives switched from a fixed-threshold rating system to a system that clusters similar results. On a fixed threshold plan, a product that detects 94.9 percent of threats might rate lower than a product with the near-identical score of 95.0 percent. Clustering avoids this problem, putting threshold-change values in the gaps between clusters.
Products that pass the test rate STANDARD, ADVANCED, or ADVANCED+, depending on how well they did. A product that doesn't pass gets the rating TESTED. False positives (valid files identified as malicious) can drag down a product's rating by one level or even more.
Ratings Go Up and Down
Seven products attained the ADVANCED+ rating: Avira, BitDefender, eScan, F-Secure, Kaspersky, McAfee, and TrustPort. Kaspersky, Trustport, and McAfee all moved up, having rated ADVANCED in last August's on-demand test.
Avast!, ESET, G Data, and Panda would have received the same top rating, but false positives knocked them down to ADVANCED. Microsoft, Norton, and Sophos also rated ADVANCED. That's a step down for Symantec, which rated ADVANCED+ in the last test.
AVG and PC Tools passed the test, receiving a STANDARD rating; both scored better in the last test. Qihoo, which also rated STANDARD, doesn't have many users in this country, so PCMag hasn't reviewed it.
Surprising Failures
Three products failed to reach STANDARD: K7, Trend Micro, and Webroot. K7 simply scored low for detection; it achieved a STANDARD rating last time. Webroot, tested for the first time, also scored low, and suffered false positives to boot.
I was surprised that Webroot's results didn't track more closely with Sophos, since Webroot licenses Sophos technology. AV-Comparatives.org's Peter Stelzhammer briefly explained that "Webroot equals Sophos minus cloud." Webroot plans to incorporate that cloud technology within the next 60 days.
As for Trend Micro, their representatives have made it clear that they don't approve of these scheduled tests by AV-Comparatives, nor of my own tests for PCMag. Trend Micro doesn't participate in the retrospective tests at all. They argue that "independent test labs [should] source threats live from the Internet at the time of the test."
The odd thing is that Trend Micro's detection rate would have merited a score of ADVANCED. The problem was that it led the pack in false positives, naming 290 valid files as malicious. False positives, not poor detection, caused Trend Micro to fail this test.
AV-Comparatives also timed how fast each product scanned files. The fastest scanners, in descending speed order, were avast!, Panda, K7, and Webroot. Microsoft and PC Tools were the slowest of this bunch. You can view full test results in detail at the AV-Comparatives.org Web site.
Read the views of online Certification Experts, which provide the real questions and correct answer and explanation for the students / professionals who are seeking or enhancing their level of expertise. more at certkingdom.com
No comments:
Post a Comment