A new year... A new beginning... And the inevitable security solution smackdown. In this context, AV-Test has thrown together in the same arena no less than 24 antivirus products from the heavyweights of the security market. The security solutions were tested against in excess of 1 million malware samples from the last six months. According to Av-Test's Andreas Marx, the test involved only the top of the line, "'best' available Security Suite edition" from each vendor, last updated on January 7, 2008, and running on Windows XP SP2. And yes Microsoft's Windows Live OneCare 2.0 was tested, but no, it's not the best antivirus of 2008. Well, of the beginning of 2008, anyway...
"First, we checked the signature-based on-demand detection of all products against more than 1 Mio. samples we've found spreading or which were distributed during
the last six months (this means, we have not used any 'historic' samples.) We included all malware categories in the test: Trojan Horses, backdoors, bots, worm and viruses. Instead of just presenting the results, we have ranked the product this time, from 'very good' (++) if the scanner detected more than 98% of the samples to 'poor' (--) when less than 85% of the malware was detected," Marx revealed.
In terms of signature-based on-demand detection, Windows Live OneCare 2.0 held its own. Microsoft's security solution ended up detecting a total of 992,880 out of all the malware samples thrown against it, and accounting for a "Signature Detection" rate of 96.9%. This is nothing short of an excellent score for Windows Live OneCare, an antivirus that at the beginning of 2007 managed to occupy positions only towards the bottom of the security solution pack in early 2007. In the latest AV-Test "Signature Detection" test OneCare 2.0 came on top of F-Prot (986,961 – 96.3%), Panda (979,409 – 95.6%), McAfee (959,919 – 93.7%) and Nod32 (953,936 – 93.1%).
However, OneCare 2.0 was bested by the likes of AVK 2008 (1,022,418 – 99.8%); AntiVir (1,020,627 – 99.6%); Avast! (1,018,204 – 99.4%); Trend Micro (1,009,662 – 98.6%); Symantec (1,006,849 – 98.3%); AVG (1,005,006 – 98.1%); BitDefender (1,003,902 – 98.0%); Kaspersky (1,003,470 – 98.0%);
Sophos (1,001,655 – 97.8%) and F-Secure (999,806 – 97.6%). The complete results of the "Signature Detection" test from AV-Test can be accessed here, courtesy of Sunbelt Software.
"Secondly, we checked the number of false positives of the products have generated during a scan of 65,000 known clean files. Only products with no false positives received a 'very good' (++) rating. In case of the proactive detection category, we have not only focussed on signature- and heuristic-based proactive detection only (based on a retrospective test approach with a one week old scanner). Instead of this, we also checked the quality of the included behavior based guard (e.g. Deepguard in case of F-Secure and TruPrevent in case of Panda). We used 3,500 samples for the retrospective test as well as 20 active samples for the test of the 'Dynamic Detection' (and blocking) of malware," Marx added.
Windows Live OneCare 2.0 is among the few security solutions that have scored a ++ in the test for False Positives. This means that OneCare 2.0 has generated no false positives, a task also completed by the security solutions from Symantec, Nod32, and Fortinet. However, OneCare 2.0 was ranked as having only a poor proactive detection, and a very poor response time to new malware being issued (more than 8 hours). But at the same time, out of all the malicious code it had to go through, OneCare 2,0 only missed two rootkits. The Anti-virus comparison test of current anti-malware products, Q1/2008 can be accessed here.
"Furthermore, we checked how long AV companies usually need to react in case of new, widespread malware (read: outbreaks), based on 55 different samples from the entire year 2007. 'Very good' (++) AV product developers should be able to react within less than two hours. Another interesting test was the detection of active rootkit samples. While it's trivial for a scanner to detect inactive rootkits using a signature, it can be really tricky to detect this nasty malware when they are active and hidden. We checked the scanner's detection against 12 active rootkits," Marx said.
No comments:
Post a Comment