AV-Test.Org Releases Real-World Malware Protection Report - Friendly Computers

Magdeburg-based research lab AV-Test.org today released the results of a lengthy real-world malware protection study. This test challenged a dozen major security suites to protect Internet-connected physical computers against up-to-the-minute threats. Each day for 60 days, researchers released 10 fresh threats on the test systems and analyzed each product's ability to detect the threat and to fully block its installation. They also checked for false alarms--valid programs reported as malware. All of the suites did a decent job, though some were significantly better than others. - Friendly Computers

Read more below…

The report notes that modern security suites include many layers of protection, including "URL filtering, web reputation services, exploit blocking, 'in-the-cloud' scanning as well as behavior-based protection mechanisms." A test that only challenges the product's on-demand scanner is not representative of real-world performance. The current test simply evaluated whether the product detected each malware sample, without regard for which security component handled the detection. Afterward, the team used in-house analysis software to determine whether the malware attack was successfully blocked.




This kind of dynamic testing is much more labor intensive than simply running a static collection of malware past an on-demand scanner. An automated static file test can process millions of samples without human intervention. By contrast, tracking the 600 malware samples and 400 clean files took all of AV-Test's resources. "Our entire lab with 14 full-time employees and up to 150 PCs and server systems were involved in this project."

Norton Internet Security 2010 scored highest at malware detection, at 98.0 percent. Even the least successful of the twelve, Trend Micro Internet Security 2010, detected 83.3 percent. Of course, detecting a threat doesn't always mean successfully preventing the attack. The top scorer for actual malware blocking was PC Tools Internet Security 2010, at 94.8 percent. CA Internet Security 2010 brought up the rear with 73.5 percent. Here are the full results:

MALWARE DETECTION RATES AND WARNING MESSAGES (FALSE ALARMS)



Tested Product Malware Detected False Alarms
Symantec Norton Internet Security 2010 98.0% almost none
Kaspersky Internet Security 2010 97.5% few
PC Tools Internet Security 2010 95.8% almost none
AVG Internet Security 9.0 92.2% few
G Data Internet Security 2010 90.0% many
Panda Internet Security 2010 90.0% almost none
Avira Premium Security Suite 9.0 87.7% many
McAfee Internet Security 2010 87.2% few
CA Internet Security 2010 86.7% few
F-Secure Internet Security 2010 85.8% almost none
BitDefender Internet Security 2010 84.3% few
Trend Micro Internet Security 2010 83.3% few




MALWARE BLOCKING RATES AND WARNING MESSAGES (FALSE ALARMS)



Tested Product Malware Blocked False Alarms
PC Tools Internet Security 2010 94.8% none
Symantec Norton Internet Security 2010 92.8% none
Kaspersky Internet Security 2010 89.8% few
Panda Internet Security 2010 88.7% none
Avira Premium Security Suite 9.0 87.2% none
McAfee Internet Security 2010 86.7% none
AVG Internet Security 9.0 84.2% few
G Data Internet Security 2010 83.0% few
Trend Micro Internet Security 2010 81.3% few
F-Secure Internet Security 2010 80.2% none
BitDefender Internet Security 2010 77.8% none
CA Internet Security 2010 73.5% none




This kind of dynamic testing is the wave of the future. It's hard to do, but it's the only way to really evaluate a product's ability to protect against malware.

Source: http://blogs.pcmag.com/securitywatch/2009/12/av-testorg_releases_real-world.php#more