SlideShare a Scribd company logo

Antivirus Comparative junio 2014

D
Doryan Mathos

Comparativa de antivirus junio 2014

Technology
1 of 15
Download to read offline
Whole Product Dynamic “Real-World” Protection Test – (March-June 2014) www.av-comparatives.org - 1 - Whole Product Dynamic ““““Real-World”””” Protection Test March-June 2014 Language: English July 2014 Last revision: 15th July 2014 www.av-comparatives.org
Whole Product Dynamic “Real-World” Protection Test – (March-June 2014) www.av-comparatives.org - 2 - Content Introduction............................................................ 2 Content................................................................... 2 Test Procedure......................................................... 4 Settings.................................................................. 5 Preparation for every testing day .............................. 5 Testing Cycle for each malicious URL ......................... 5 Test Set .................................................................. 6 Tested products ....................................................... 7 Test Cases ............................................................... 8 Results ................................................................... 8 Summary Results (March-June) ................................. 9 Award levels reached in this test............................... 14 Copyright and Disclaimer.......................................... 15
Whole Product Dynamic “Real-World” Protection Test – (March-June 2014) www.av-comparatives.org - 3 - Introduction Malicious software poses an ever-increasing threat, not only due to the number of malware programs increasing, but also due to the nature of the threats. Infection vectors are changing from simple file- based methods to distribution via the Internet. Malware is increasingly focussing on users, e.g. by deceiving them into visiting infected web pages, installing rogue/malicious software or opening emails with malicious attachments. The scope of protection offered by antivirus programs is extended by the inclusion of e.g. URL-blockers, content filtering, reputation systems and user-friendly behaviour-blockers. If these features are perfectly coordinated with the signature-based and heuristic detection, the protection provided against threats increases. In this test, all protection features of the product can be used to prevent infection - not just signatures or heuristic file scanning. A suite can step in at any stage of the process – accessing the URL, downloading the file, formation of the file on the local hard drive, file access, file execution – to protect the PC. This means that the test achieves the most realistic way of determining how well the security product protects the PC. Because all of a suite’s components can be used to protect the PC, it is possible for a product to score well in the test by having e.g. very good behavioural protection, but a weak URL blocker. However, we would recommend that all parts of a product should be as effective as possible. It should be borne in mind that not all malware enters computer systems via the Internet, and that e.g. a URL blocker is ineffective against malware introduced to a PC via a USB flash drive or over the local area network. In spite of these new technologies, it remains very important that the signature-based and heuristic detection abilities of antivirus programs continue to be tested. Even with all the protection features available, the growing frequency of zero-day attacks means that some computers will inevitably become infected. As signatures can be updated, they provide the opportunity to recognize and remove malware which was initially missed by the security software. The newer, “non-conventional” protection technologies often offer no means of checking existing data stores for already-infected files, which can be found on the file servers of many companies. Those new security layers should be understood as an addition to good detection rates, not as replacement. The Whole-Product Dynamic “Real-World” Protection test is a joint project of AV-Comparatives and the University of Innsbruck’s Faculty of Computer Science and Quality Engineering. It is partially funded by the Republic of Austria. The methodology of our Real-World Protection Test has received the following awards and certifications, including: • Constantinus Award – given by the Austrian government • Cluster Award – given by the Standortagentur Tirol – Tyrolean government • eAward – given by report.at (magazine for Computer Science) and the Office of the Federal Chancellor • Innovationspreis IT – “Best Of” – given by Initiative Mittelstand Germany
Whole Product Dynamic “Real-World” Protection Test – (March-June 2014) www.av-comparatives.org - 4 - Test Procedure Testing dozens of antivirus products with hundreds of URLs each per day is a great deal of work, which cannot be done manually (as it would involve visiting thousands of websites in parallel), so it is necessary to use some sort of automation. Lab Setup Every potential test-case to be used in the test is run and analysed on a clean machine without antivirus software, to ensure that it is a suitable candidate. If the malware meets both of these criteria, the source URL is added to the list to be tested with security products. Any test cases which turn out not to be appropriate are excluded from the test set. Every security program to be tested is installed on its own test computer. All computers are connected to the Internet. Each system is manually updated every day, and each product is updated before every single test case. Each test PC has its own external IP address. We make special arrangements with ISPs to ensure a stable Internet connection for each PC, and take the necessary precautions (with specially configured firewalls etc.) not to harm other computers (i.e. not to cause outbreaks). Software The tests are performed under Microsoft Windows 7 Home Premium SP1 64-Bit, with updates as at 4th February 2014. Some further installed software includes: Vendor Product Version Vendor Product Version Adobe Flash Player ActiveX 12.0 Microsoft Office Home 2013 Adobe Flash Player Plug-In 12.0 Microsoft .NET Framework 4.5 Adobe Acrobat Reader 11.0 Mozilla Firefox 27.0 Apple QuickTime 7.7 Oracle Java 1.7.0.51 Microsoft Internet Explorer 11.0 VideoLAN VLC Media Player 2.1.2 The use of more up-to-date third-party software and an updated Microsoft Windows 7 64-Bit made it much harder to find exploits in-the-field for the test. This should also remind users always to keep their systems and applications up-to-date, in order to minimize the risk of being infected through exploits which use unpatched software vulnerabilities.
Whole Product Dynamic “Real-World” Protection Test – (March-June 2014) www.av-comparatives.org - 5 - Settings We use every security suite with its default settings. Our Whole-Product Dynamic Protection Test aims to simulate real-world conditions as experienced every day by users. If user interactions are required, we always choose “Allow” or equivalent. If the product protects the system anyway, we count the malware as blocked, even though we allow the program to run when the user is asked to make a decision. If the system is compromised, we count it as user-dependent. We consider “protection” to mean that the system is not compromised. This means that the malware is not running (or is removed/terminated) and there are no significant/malicious system changes. An outbound-firewall alert about a running malware process, which asks whether or not to block traffic form the users’ workstation to the Internet, is too little, too late and not considered by us to be protection. Preparation for every testing day Every morning, any available security software updates are downloaded and installed, and a new base image is made for that day. Before each test case is carried out, the products have some time to download and install newer updates which have just been released, as well as to load their protection modules (which in several cases takes some minutes). In the event that a major signature update for a product is made available during the day, but fails to download/install before each test case starts, the product will at least have the signatures that were available at the start of the day. This replicates the situation of an ordinary user in the real world. Testing Cycle for each malicious URL Before browsing to each new malicious URL we update the programs/signatures (as described above). New major product versions (i.e. the first digit of the build number is different) are installed once at the beginning of the month, which is why in each monthly report we only give the main product version number. Our test software monitors the PC, so that any changes made by the malware will be recorded. Furthermore, the recognition algorithms check whether the antivirus program detects the malware. After each test case the machine is reset to its clean state. Protection Security products should protect the user’s PC. It is not very important at which stage the protection takes place. It could be while browsing to the website (e.g. protection through URL Blocker), while an exploit tries to run, while the file is being downloaded/created or when the malware is executed (either by the exploit or by the user). After the malware is executed (if not blocked before), we wait several minutes for malicious actions and also to give e.g. behaviour-blockers time to react and remedy actions performed by the malware. If the malware is not detected and the system is indeed infected/compromised, the process goes to “System Compromised”. If a user interaction is required and it is up to the user to decide if something is malicious, and in the case of the worst user decision the system gets compromised, we rate this as “user-dependent”. Because of this, the yellow bars in the results graph can be interpreted either as protected or not protected (it’s up to each individual user to decide what he/she would probably do in that situation).
Whole Product Dynamic “Real-World” Protection Test – (March-June 2014) www.av-comparatives.org - 6 - Due to the dynamic nature of the test, i.e. mimicking real-world conditions, and because of the way several different technologies (such as cloud scanners, reputation services, etc.) work, it is a matter of fact that such tests cannot be repeated or replicated in the way that e.g. static detection rate tests can. Anyway, we log as much data as reasonably possible to support our findings and results. Vendors are invited to provide useful log functions in their products that can provide the additional data they want in the event of disputes. After each testing month, manufacturers are given the opportunity to dispute our conclusion about the compromised cases, so that we can recheck if there were maybe some problems in the automation or with our analysis of the results. In the case of cloud products, we can only consider the results that the products achieved in our lab at the time of testing; sometimes the cloud services provided by the security vendors are down due to faults or maintenance downtime by the vendors, but these cloud-downtimes are often not disclosed to the users by the vendors. This is also a reason why products relying too heavily on cloud services (and not making use of local heuristics, behavior blockers, etc.) can be risky, as in such cases the security provided by the products can decrease significantly. Cloud signatures/reputation should be implemented in the products to complement the other local/offline protection features, but not replace them completely, as e.g. offline cloud services would mean the PCs being exposed to higher risks. Test Set We aim to use visible and relevant malicious websites/malware that are currently out there, and present a risk to ordinary users. We usually try to include about 50% URLs that point directly to malware executables; this causes the malware file to be downloaded, thus replicating a scenario in which the user is tricked by social engineering into following links in spam mails or websites, or installing some Trojan or other malicious software. The rest are drive-by exploits - these are usually well covered by almost all major security products, which may be one reason why the scores look relatively high. We use our own crawling system to search continuously for malicious sites and extract malicious URLs (including spammed malicious links). We also search manually for malicious URLs. If our in-house crawler does not find enough valid malicious URLs on one day, we have contracted some external researchers to provide additional malicious URLs (initially for the exclusive use of AV-Comparatives) and look for additional (re)sources. In this kind of testing, it is very important to use enough test cases. If an insufficient number of samples is used in comparative tests, differences in results may not indicate actual differences in protective capabilities among the tested products1 . Our tests use about 30 times more test cases (samples) per product and month than any similar test performed by other testing labs. Because of the higher statistical significance this achieves, we consider all the products in each results cluster to be equally effective, assuming that they have a false-positives rate below the industry average. In total (including FP testing), about 150,000 test cases were executed, that is 4,003 malicious test cases and 2,000 clean test cases for each of the 23 products tested. 1 Read more in the following paper: http://www.av-comparatives.org/images/stories/test/statistics/somestats.pdf
Whole Product Dynamic “Real-World” Protection Test – (March-June 2014) www.av-comparatives.org - 7 - Comments Microsoft Security Essentials, which provides basic malware protection, can easily be installed from Windows Update, and is used as the basis of comparison for malware protection. Microsoft Windows 7 includes a firewall and automatic updates, and warns users about executing files downloaded from the Internet. Most modern browsers include phishing/URL-Filters and warn users about downloading files from the Internet. Despite the various build-in protection features, systems can become infected anyway. The reason for this is usually the ordinary user, who may be tricked by social engineering into visiting malicious websites or installing malicious software. Users expect a security product not to ask them if they really want to e.g. execute a file, but expect that the security product will protect the system in any case without them having to think about it, and despite what they do (e.g. executing unknown files). Tested products For this test we normally use the Internet security suite, as any protection features that prevent the system from being compromised can be used. However, a vendor can choose to enter their basic antivirus product instead, if they prefer. The main versions of the products tested in each monthly test run are shown below: Vendor Product Version March Version April Version May Version June AhnLab V3 Internet Security 8.0 8.0 8.0 8.0 Avast Free Antivirus 2014 2014 2014 2014 AVG Internet Security 2014 2014 2014 2014 Avira Internet Security 14.0 14.0 14.0 14.0 Baidu Internet Security 2014 2014 2014 2014 Bitdefender Internet Security 2014 2014 2014 2014 BullGuard Internet Security 14.0 14.0 14.0 14.0 Emsisoft Anti-Malware 8.1 8.1 8.1 8.1 eScan Internet Security 14.0 14.0 14.0 14.0 ESET Smart Security 7.0 7.0 7.0 7.0 F-Secure Internet Security 2014 2014 2014 2014 Fortinet FortiClient (with FortiGate)2 5.0 5.0 5.0 5.0 Kaspersky Internet Security 2014 2014 2014 2014 Kingsoft Internet Security 2013.SP6 2013.SP6 2013.SP6 2013.SP6 Lavasoft Ad-Aware Free Antivirus+ 11.1 11.1 11.2 11.2 McAfee Internet Security 2014 2014 2014 2014 Microsoft Security Essentials 4.4 4.5 4.5 4.5 Panda Cloud Free Antivirus 2.3 2.3 3.0 3.0 Qihoo 360 Internet Security 4.9 4.9 4.9 5.0 Sophos Endpoint Security 10.3 10.3 10.3 10.3 Tencent QQ PC Manager 8.9 8.10 8.10 8.10 ThreatTrack Vipre Internet Security 2014 2014 2014 2014 Trend Micro Titanium Internet Security 2014 2014 2014 2014 2 The cloud-based behaviour-analysis feature of Fortinet is only available to enterprises customers who also purchased a FortiGate.
Whole Product Dynamic “Real-World” Protection Test – (March-June 2014) www.av-comparatives.org - 8 - Test Cases Test period Test cases 4th to 28th March 2014 1264 2nd to 27th April 2014 1030 5th to 23rd May 2014 655 2nd to 30th June 2014 1054 TOTAL 4003 Results Below you can see an overview of the individual testing months3 . March 2014 – 1264 test cases April 2014 – 1030 test cases May 2014 – 655 test cases June 2014 – 1054 test cases We purposely do not give exact numbers for the individual months in this report, to avoid the minor differences of a few cases being misused to state that one product is better than the other in a given month and with a given test-set size. We provide the total numbers in the overall reports, where the size of the test-set is bigger, and differences that are more significant may be observed. 3 Interested users who want to see the exact protection rates and FP rates for every month can see the monthly updated interactive charts on our website: http://chart.av-comparatives.org/chart1.php
Whole Product Dynamic “Real-World” Protection Test – (March-June 2014) www.av-comparatives.org - 9 - Summary Results (March-June) Test period: March – June 2014 (4003 Test cases) Blocked User dependent Compromised PROTECTION RATE [Blocked % + (User dependent %)/2]4 Cluster5 Panda 3998 - 5 99,9% 1 Bitdefender 3996 - 7 99,8% 1 AVIRA 3991 - 12 99,7% 1 Emsisoft 3981 17 5 99,7% 1 Kaspersky Lab 3984 8 11 99,6% 1 Qihoo 3972 16 15 99,4% 1 ESET 3970 - 33 99,2% 1 Fortinet 3963 - 40 99,0% 1 F-Secure 3939 24 40 98,7% 1 McAfee 3920 - 83 97,9% 2 eScan 3822 149 32 97,3% 2 Sophos 3896 - 107 97,3% 2 Trend Micro 3799 193 11 97,3% 2 AVG 3876 26 101 97,2% 2 Avast 3883 - 120 97,0% 2 BullGuard 3758 197 48 96,3% 2 Tencent 3718 218 67 95,6% 2 Kingsoft 3761 116 126 95,4% 2 Baidu 3752 - 251 93,7% 3 ThreatTrack Vipre 3743 - 260 93,5% 3 Lavasoft 3694 - 309 92,3% 3 AhnLab 3552 1 450 88,7% 4 Microsoft 3550 - 453 88,7% 4 4 User-dependent cases are given half credit. For example, if a program blocks 80% by itself, and another 20% of cases are user-dependent, we give half credit for the 20%, i.e. 10%, so it gets 90% altogether. 5 Hierarchical Clustering Method: defining four clusters using average linkage between groups (Euclidian distance) based on the protection rate (see dendrogram on page 12).
Whole Product Dynamic “Real-World” Protection Test – (March-June 2014) www.av-comparatives.org - 10 - The graph below shows the overall protection rate (all samples), including the minimum and maximum protection rates for the individual months.
Whole Product Dynamic “Real-World” Protection Test – (March-June 2014) www.av-comparatives.org - 11 - Whole-Product “False Alarm” Test (wrongly blocked domains/files) The false-alarm test in the Whole-Product Dynamic “Real-World” Protection Test consists of two parts: wrongly blocked domains (while browsing) and wrongly blocked files (while downloading/installing). It is necessary to test both scenarios because testing only one of the two above cases could penalize products that focus mainly on one type of protection method, either URL filtering or on- access/behaviour/reputation-based file protection. a) Wrongly blocked domains (while browsing) We used around one thousand randomly chosen popular domains. Blocked non-malicious domains/URLs were counted as false positives (FPs). The wrongly blocked domains have been reported to the respective vendors for review and should now no longer be blocked. By blocking whole domains, the security products not only risk causing a loss of trust in their warnings, but also possibly causing financial damage (besides the damage to website reputation) to the domain owners, including loss of e.g. advertisement revenue. Due to this, we strongly recommend vendors to block whole domains only in the case where the domain’s sole purpose is to carry/deliver malicious code, and otherwise block just to the malicious pages (as long as they are indeed malicious). Products which tend to block URLs based e.g. on reputation may be more prone to this and score also higher in protection tests, as they may block many unpopular/new websites. b) Wrongly blocked files (while downloading/installing) We used around one thousand different applications listed either as top downloads or as new/recommended downloads from various download portals. The applications were downloaded from the original software developers’ websites (instead of the download portal host), saved to disk and installed to see if they are blocked at any stage of this procedure. Additionally, we included a few clean files that were encountered and disputed over the past months of the Real-World Protection Test. The duty of security products is to protect against malicious sites/files, not to censor or limit the access only to well-known popular applications and websites. If the user deliberately chooses a high security setting, which warns that it may block some legitimate sites or files, then this may be considered acceptable. However, we do not regard it to be acceptable as a default setting, where the user has not been warned. As the test is done at points in time and FPs on very popular software/websites are usually noticed and fixed within a few hours, it would be surprising to encounter FPs with very popular applications. Due to this, FP tests which are done e.g. only with very popular applications, or which use only the top 50 files from whitelisted/monitored download portals would be a waste of time and resources. Users do not care whether they are infected by malware that affects only them, just as they do not care if the FP count affects only them. While it is preferable that FPs do not affect many users, it should be the goal to avoid having any FPs and to protect against any malicious files, no matter how many users are affected or targeted. Prevalence of FPs based on user-base data is of interest for internal QA testing of AV vendors, but for the ordinary user it is important to know how accurately its product distinguishes between clean and malicious files.
Whole Product Dynamic “Real-World” Protection Test – (March-June 2014) www.av-comparatives.org - 12 - The below table shows the numbers of wrongly blocked domains/files: Wrongly blocked clean domains/files (blocked / user-dependent6 ) Wrongly blocked score7 AhnLab, Avast, ESET, Kaspersky Lab, Lavasoft, Microsoft - / - (-) - AVG, Baidu, Panda 1 / - (1) 1 BullGuard 1 / 1 (2) 1.5 AVIRA 3 / - (3) 3 Qihoo 3 / 1 (4) 3.5 Tencent 3 / 2 (5) 4 Emsisoft 5 / - (5) 5 Sophos 8 / - (8) 8 Kingsoft 9 / 1 (10) 9.5 Bitdefender, Fortinet 10 / - (10) 10 average (13) average (11) eScan 18 / - (18) 18 F-Secure 19 / 7 (26) 22.5 ThreatTrack Vipre 27 / - (27) 27 Trend Micro 24 / 57 (81) 52.5 McAfee 82 / - (82) 82 To determine which products have to be downgraded in our award scheme due to the rate of wrongly blocked sites/files, we backed up our decision by using statistical methods and by looking at the average scores. The following products with above-average FPs have been downgraded: eScan, F-Secure, McAfee, Trend Micro and ThreatTrack Vipre. 6 Although user dependent cases are extremely annoying (esp. on clean files) for the user, they were counted only as half for the “wrongly blocked rate” (like for the protection rate). 7 Lower is better.
Whole Product Dynamic “Real-World” Protection Test – (March-June 2014) www.av-comparatives.org - 13 - Illustration of how awards were given The dendrogram (using average linkage between groups) shows the results of the hierarchical cluster analysis. It indicates at what level of similarity the clusters are joined. The red drafted line defines the level of similarity. Each intersection indicates a group (in this case 4 groups). Products that had above- average FPs (wrongly blocked score) are marked in red (and downgraded according to the ranking system below). Ranking system Protection score Cluster8 4 Protection score Cluster 3 Protection score Cluster 2 Protection score Cluster 1 < ∅∅∅∅ FPs Tested Standard Advanced Advanced+ > ∅∅∅∅ FPs Tested Tested Standard Advanced The graph page 9 shows the test results compared to the average "out-of-box" malware protection in Microsoft Windows (red line). In Windows 8, this is provided by Windows Defender, which is pre-installed by default with the operating system. The equivalent in Windows 7 is Microsoft Security Essentials, which is not pre-installed, but can easily be added for free as an option via the Windows Update service. 8 See protection score clusters on page 9.
Whole Product Dynamic “Real-World” Protection Test – (March-June 2014) www.av-comparatives.org - 14 - Award levels reached in this test The awards are decided and given by the testers based on the observed test results (after consulting statistical models). The following awards9 are for the results reached in this Whole-Product Dynamic “Real-World” Protection Test: AWARD LEVELS PRODUCTS Panda Bitdefender AVIRA Emsisoft Kaspersky Lab Qihoo ESET Fortinet F-Secure* Sophos AVG Avast BullGuard Tencent Kingsoft McAfee* eScan* Trend Micro* Baidu Lavasoft ThreatTrack Vipre* AhnLab * downgraded by one rank due to the score of wrongly blocked sites/files (FPs); see page 12 Expert users who do not care about wrongly blocked files/websites (false alarms) are free to rely on the protection rates on page 9 instead of our awards ranking which takes FPs in consideration. 9 Microsoft security products are not included in the awards page, as their out-of-box protection is (optionally) included in the operating system and is therefore out-of-competition.
Whole Product Dynamic “Real-World” Protection Test – (March-June 2014) www.av-comparatives.org - 15 - Copyright and Disclaimer This publication is Copyright © 2014 by AV-Comparatives ®. Any use of the results, etc. in whole or in part, is ONLY permitted with the explicit written agreement of the management board of AV- Comparatives, prior to any publication. AV-Comparatives and its testers cannot be held liable for any damage or loss which might occur as a result of, or in connection with, the use of the information provided in this paper. We take every possible care to ensure the correctness of the basic data, but liability for the correctness of the test results cannot be taken by any representative of AV-Comparatives. We do not give any guarantee of the correctness, completeness, or suitability for a specific purpose of any of the information/content provided at any given time. No-one else involved in creating, producing or delivering test results shall be liable for any indirect, special or consequential damage, or loss of profits, arising out of, or related to, the use (or inability to use), the services provided by the website, test documents or any related data. For more information about AV-Comparatives and the testing methodologies please visit our website. AV-Comparatives (July 2014)

Recommended

Avc prot 2016a_en
Avc prot 2016a_enAvc prot 2016a_en
Avc prot 2016a_enAndrey Apuhtin
 
The AV-Comparatives Guide to the Best Cybersecurity Solutions of 2017
The AV-Comparatives Guide to the Best Cybersecurity Solutions of 2017The AV-Comparatives Guide to the Best Cybersecurity Solutions of 2017
The AV-Comparatives Guide to the Best Cybersecurity Solutions of 2017Jermund Ottermo
 
Avc prot 2013a_en
Avc prot 2013a_enAvc prot 2013a_en
Avc prot 2013a_enAnatoliy Tkachev
 
Avc fdt 201303_en
Avc fdt 201303_enAvc fdt 201303_en
Avc fdt 201303_enAnatoliy Tkachev
 
Windows 8 kasp1248
Windows 8 kasp1248Windows 8 kasp1248
Windows 8 kasp1248Anatoliy Tkachev
 
A study of anti virus' response to unknown threats
A study of anti virus' response to unknown threatsA study of anti virus' response to unknown threats
A study of anti virus' response to unknown threatsUltraUploader
 
5 howtomitigate
5 howtomitigate5 howtomitigate
5 howtomitigatericharddxd
 
Av is dead long live managed endpoint security
Av is dead long live managed endpoint securityAv is dead long live managed endpoint security
Av is dead long live managed endpoint securitySolarwinds N-able
 

Recommended

Avc prot 2016a_en
Avc prot 2016a_enAvc prot 2016a_en
Avc prot 2016a_enAndrey Apuhtin
 
The AV-Comparatives Guide to the Best Cybersecurity Solutions of 2017
The AV-Comparatives Guide to the Best Cybersecurity Solutions of 2017The AV-Comparatives Guide to the Best Cybersecurity Solutions of 2017
The AV-Comparatives Guide to the Best Cybersecurity Solutions of 2017Jermund Ottermo
 
Avc prot 2013a_en
Avc prot 2013a_enAvc prot 2013a_en
Avc prot 2013a_enAnatoliy Tkachev
 
Avc fdt 201303_en
Avc fdt 201303_enAvc fdt 201303_en
Avc fdt 201303_enAnatoliy Tkachev
 
Windows 8 kasp1248
Windows 8 kasp1248Windows 8 kasp1248
Windows 8 kasp1248Anatoliy Tkachev
 
A study of anti virus' response to unknown threats
A study of anti virus' response to unknown threatsA study of anti virus' response to unknown threats
A study of anti virus' response to unknown threatsUltraUploader
 
5 howtomitigate
5 howtomitigate5 howtomitigate
5 howtomitigatericharddxd
 
Av is dead long live managed endpoint security
Av is dead long live managed endpoint securityAv is dead long live managed endpoint security
Av is dead long live managed endpoint securitySolarwinds N-able
 
PHDays 9: new methods of Vulnerability Prioritization in Vulnerability Manage...
PHDays 9: new methods of Vulnerability Prioritization in Vulnerability Manage...PHDays 9: new methods of Vulnerability Prioritization in Vulnerability Manage...
PHDays 9: new methods of Vulnerability Prioritization in Vulnerability Manage...Alexander Leonov
 
IRJET- A Study on Penetration Testing using Metasploit Framework
IRJET- A Study on Penetration Testing using Metasploit FrameworkIRJET- A Study on Penetration Testing using Metasploit Framework
IRJET- A Study on Penetration Testing using Metasploit FrameworkIRJET Journal
 
Patch Management Best Practices
Patch Management Best Practices Patch Management Best Practices
Patch Management Best Practices Ivanti
 
Introduction to Metascan Client
Introduction to Metascan ClientIntroduction to Metascan Client
Introduction to Metascan ClientOPSWAT
 
Avc beh 201207_en
Avc beh 201207_enAvc beh 201207_en
Avc beh 201207_enAnatoliy Tkachev
 
Cyber Defense Forensic Analyst - Real World Hands-on Examples
Cyber Defense Forensic Analyst - Real World Hands-on ExamplesCyber Defense Forensic Analyst - Real World Hands-on Examples
Cyber Defense Forensic Analyst - Real World Hands-on ExamplesSandeep Kumar Seeram
 
Mac review 2012_en
Mac review 2012_enMac review 2012_en
Mac review 2012_enAnatoliy Tkachev
 
Better Security Testing: Using the Cloud and Continuous Delivery
Better Security Testing: Using the Cloud and Continuous DeliveryBetter Security Testing: Using the Cloud and Continuous Delivery
Better Security Testing: Using the Cloud and Continuous DeliveryGene Gotimer
 
An evaluation of two host based intrusion prevention systems
An evaluation of two host based intrusion prevention systemsAn evaluation of two host based intrusion prevention systems
An evaluation of two host based intrusion prevention systemsUltraUploader
 
OSB130 Patch Management Best Practices
OSB130 Patch Management Best PracticesOSB130 Patch Management Best Practices
OSB130 Patch Management Best PracticesIvanti
 
White Paper - Are antivirus solutions enough to protect industrial plants?
White Paper - Are antivirus solutions enough to protect industrial plants?White Paper - Are antivirus solutions enough to protect industrial plants?
White Paper - Are antivirus solutions enough to protect industrial plants?TI Safe
 
CyberCentral Summit 2018 in Prague
CyberCentral Summit 2018 in PragueCyberCentral Summit 2018 in Prague
CyberCentral Summit 2018 in PragueAlexander Leonov
 
IE Exploit Protection
IE Exploit ProtectionIE Exploit Protection
IE Exploit ProtectionKim Jensen
 
Understanding & Addressing OWASP’s Newest Top Ten Threat: Using Components wi...
Understanding & Addressing OWASP’s Newest Top Ten Threat: Using Components wi...Understanding & Addressing OWASP’s Newest Top Ten Threat: Using Components wi...
Understanding & Addressing OWASP’s Newest Top Ten Threat: Using Components wi...Sonatype
 
Accuracy and time_costs_of_web_app_scanners
Accuracy and time_costs_of_web_app_scannersAccuracy and time_costs_of_web_app_scanners
Accuracy and time_costs_of_web_app_scannersLarry Suto
 
PHDays 8: Vulnerability Databases. Sifting thousands tons of verbal ore
PHDays 8: Vulnerability Databases. Sifting thousands tons of verbal orePHDays 8: Vulnerability Databases. Sifting thousands tons of verbal ore
PHDays 8: Vulnerability Databases. Sifting thousands tons of verbal oreAlexander Leonov
 
Sa No Scan Paper
Sa No Scan PaperSa No Scan Paper
Sa No Scan Papertafinley
 
White Paper: 7 Security Gaps in the Neglected 90% of your Applications
White Paper: 7 Security Gaps in the Neglected 90% of your ApplicationsWhite Paper: 7 Security Gaps in the Neglected 90% of your Applications
White Paper: 7 Security Gaps in the Neglected 90% of your ApplicationsSonatype
 
How to adapt the SDLC to the era of DevSecOps
How to adapt the SDLC to the era of DevSecOpsHow to adapt the SDLC to the era of DevSecOps
How to adapt the SDLC to the era of DevSecOpsZane Lackey
 
Open-Source Security Management and Vulnerability Impact Assessment
Open-Source Security Management and Vulnerability Impact AssessmentOpen-Source Security Management and Vulnerability Impact Assessment
Open-Source Security Management and Vulnerability Impact AssessmentPriyanka Aash
 
Avc prot 2012b_en
Avc prot 2012b_enAvc prot 2012b_en
Avc prot 2012b_enAnatoliy Tkachev
 
Antivirus test-wholedynamic2010
Antivirus test-wholedynamic2010Antivirus test-wholedynamic2010
Antivirus test-wholedynamic2010nuttakorn nakkerd
 

More Related Content

What's hot

PHDays 9: new methods of Vulnerability Prioritization in Vulnerability Manage...
PHDays 9: new methods of Vulnerability Prioritization in Vulnerability Manage...PHDays 9: new methods of Vulnerability Prioritization in Vulnerability Manage...
PHDays 9: new methods of Vulnerability Prioritization in Vulnerability Manage...Alexander Leonov
 
IRJET- A Study on Penetration Testing using Metasploit Framework
IRJET- A Study on Penetration Testing using Metasploit FrameworkIRJET- A Study on Penetration Testing using Metasploit Framework
IRJET- A Study on Penetration Testing using Metasploit FrameworkIRJET Journal
 
Patch Management Best Practices
Patch Management Best Practices Patch Management Best Practices
Patch Management Best Practices Ivanti
 
Introduction to Metascan Client
Introduction to Metascan ClientIntroduction to Metascan Client
Introduction to Metascan ClientOPSWAT
 
Cyber Defense Forensic Analyst - Real World Hands-on Examples
Cyber Defense Forensic Analyst - Real World Hands-on ExamplesCyber Defense Forensic Analyst - Real World Hands-on Examples
Cyber Defense Forensic Analyst - Real World Hands-on ExamplesSandeep Kumar Seeram
 
Better Security Testing: Using the Cloud and Continuous Delivery
Better Security Testing: Using the Cloud and Continuous DeliveryBetter Security Testing: Using the Cloud and Continuous Delivery
Better Security Testing: Using the Cloud and Continuous DeliveryGene Gotimer
 
An evaluation of two host based intrusion prevention systems
An evaluation of two host based intrusion prevention systemsAn evaluation of two host based intrusion prevention systems
An evaluation of two host based intrusion prevention systemsUltraUploader
 
OSB130 Patch Management Best Practices
OSB130 Patch Management Best PracticesOSB130 Patch Management Best Practices
OSB130 Patch Management Best PracticesIvanti
 
White Paper - Are antivirus solutions enough to protect industrial plants?
White Paper - Are antivirus solutions enough to protect industrial plants?White Paper - Are antivirus solutions enough to protect industrial plants?
White Paper - Are antivirus solutions enough to protect industrial plants?TI Safe
 
CyberCentral Summit 2018 in Prague
CyberCentral Summit 2018 in PragueCyberCentral Summit 2018 in Prague
CyberCentral Summit 2018 in PragueAlexander Leonov
 
IE Exploit Protection
IE Exploit ProtectionIE Exploit Protection
IE Exploit ProtectionKim Jensen
 
Understanding & Addressing OWASP’s Newest Top Ten Threat: Using Components wi...
Understanding & Addressing OWASP’s Newest Top Ten Threat: Using Components wi...Understanding & Addressing OWASP’s Newest Top Ten Threat: Using Components wi...
Understanding & Addressing OWASP’s Newest Top Ten Threat: Using Components wi...Sonatype
 
Accuracy and time_costs_of_web_app_scanners
Accuracy and time_costs_of_web_app_scannersAccuracy and time_costs_of_web_app_scanners
Accuracy and time_costs_of_web_app_scannersLarry Suto
 
PHDays 8: Vulnerability Databases. Sifting thousands tons of verbal ore
PHDays 8: Vulnerability Databases. Sifting thousands tons of verbal orePHDays 8: Vulnerability Databases. Sifting thousands tons of verbal ore
PHDays 8: Vulnerability Databases. Sifting thousands tons of verbal oreAlexander Leonov
 
Sa No Scan Paper
Sa No Scan PaperSa No Scan Paper
Sa No Scan Papertafinley
 
White Paper: 7 Security Gaps in the Neglected 90% of your Applications
White Paper: 7 Security Gaps in the Neglected 90% of your ApplicationsWhite Paper: 7 Security Gaps in the Neglected 90% of your Applications
White Paper: 7 Security Gaps in the Neglected 90% of your ApplicationsSonatype
 
How to adapt the SDLC to the era of DevSecOps
How to adapt the SDLC to the era of DevSecOpsHow to adapt the SDLC to the era of DevSecOps
How to adapt the SDLC to the era of DevSecOpsZane Lackey
 
Open-Source Security Management and Vulnerability Impact Assessment
Open-Source Security Management and Vulnerability Impact AssessmentOpen-Source Security Management and Vulnerability Impact Assessment
Open-Source Security Management and Vulnerability Impact AssessmentPriyanka Aash
 

What's hot (20)

PHDays 9: new methods of Vulnerability Prioritization in Vulnerability Manage...
PHDays 9: new methods of Vulnerability Prioritization in Vulnerability Manage...PHDays 9: new methods of Vulnerability Prioritization in Vulnerability Manage...
PHDays 9: new methods of Vulnerability Prioritization in Vulnerability Manage...
 
IRJET- A Study on Penetration Testing using Metasploit Framework
IRJET- A Study on Penetration Testing using Metasploit FrameworkIRJET- A Study on Penetration Testing using Metasploit Framework
IRJET- A Study on Penetration Testing using Metasploit Framework
 
Patch Management Best Practices
Patch Management Best Practices Patch Management Best Practices
Patch Management Best Practices
 
Introduction to Metascan Client
Introduction to Metascan ClientIntroduction to Metascan Client
Introduction to Metascan Client
 
Avc beh 201207_en
Avc beh 201207_enAvc beh 201207_en
Avc beh 201207_en
 
Cyber Defense Forensic Analyst - Real World Hands-on Examples
Cyber Defense Forensic Analyst - Real World Hands-on ExamplesCyber Defense Forensic Analyst - Real World Hands-on Examples
Cyber Defense Forensic Analyst - Real World Hands-on Examples
 
Mac review 2012_en
Mac review 2012_enMac review 2012_en
Mac review 2012_en
 
Better Security Testing: Using the Cloud and Continuous Delivery
Better Security Testing: Using the Cloud and Continuous DeliveryBetter Security Testing: Using the Cloud and Continuous Delivery
Better Security Testing: Using the Cloud and Continuous Delivery
 
An evaluation of two host based intrusion prevention systems
An evaluation of two host based intrusion prevention systemsAn evaluation of two host based intrusion prevention systems
An evaluation of two host based intrusion prevention systems
 
OSB130 Patch Management Best Practices
OSB130 Patch Management Best PracticesOSB130 Patch Management Best Practices
OSB130 Patch Management Best Practices
 
White Paper - Are antivirus solutions enough to protect industrial plants?
White Paper - Are antivirus solutions enough to protect industrial plants?White Paper - Are antivirus solutions enough to protect industrial plants?
White Paper - Are antivirus solutions enough to protect industrial plants?
 
CyberCentral Summit 2018 in Prague
CyberCentral Summit 2018 in PragueCyberCentral Summit 2018 in Prague
CyberCentral Summit 2018 in Prague
 
IE Exploit Protection
IE Exploit ProtectionIE Exploit Protection
IE Exploit Protection
 
Understanding & Addressing OWASP’s Newest Top Ten Threat: Using Components wi...
Understanding & Addressing OWASP’s Newest Top Ten Threat: Using Components wi...Understanding & Addressing OWASP’s Newest Top Ten Threat: Using Components wi...
Understanding & Addressing OWASP’s Newest Top Ten Threat: Using Components wi...
 
Accuracy and time_costs_of_web_app_scanners
Accuracy and time_costs_of_web_app_scannersAccuracy and time_costs_of_web_app_scanners
Accuracy and time_costs_of_web_app_scanners
 
PHDays 8: Vulnerability Databases. Sifting thousands tons of verbal ore
PHDays 8: Vulnerability Databases. Sifting thousands tons of verbal orePHDays 8: Vulnerability Databases. Sifting thousands tons of verbal ore
PHDays 8: Vulnerability Databases. Sifting thousands tons of verbal ore
 
Sa No Scan Paper
Sa No Scan PaperSa No Scan Paper
Sa No Scan Paper
 
White Paper: 7 Security Gaps in the Neglected 90% of your Applications
White Paper: 7 Security Gaps in the Neglected 90% of your ApplicationsWhite Paper: 7 Security Gaps in the Neglected 90% of your Applications
White Paper: 7 Security Gaps in the Neglected 90% of your Applications
 
How to adapt the SDLC to the era of DevSecOps
How to adapt the SDLC to the era of DevSecOpsHow to adapt the SDLC to the era of DevSecOps
How to adapt the SDLC to the era of DevSecOps
 
Open-Source Security Management and Vulnerability Impact Assessment
Open-Source Security Management and Vulnerability Impact AssessmentOpen-Source Security Management and Vulnerability Impact Assessment
Open-Source Security Management and Vulnerability Impact Assessment
 

Similar to Antivirus Comparative junio 2014

Antivirus test-wholedynamic2010
Antivirus test-wholedynamic2010Antivirus test-wholedynamic2010
Antivirus test-wholedynamic2010nuttakorn nakkerd
 
AV Comparatives 2013 (Comparación de Antivirus)
AV Comparatives 2013 (Comparación de Antivirus)AV Comparatives 2013 (Comparación de Antivirus)
AV Comparatives 2013 (Comparación de Antivirus)Doryan Mathos
 
ANTIVIRUS
ANTIVIRUSANTIVIRUS
ANTIVIRUSfauscha
 
AV-Comparatives Performance Test
AV-Comparatives Performance TestAV-Comparatives Performance Test
AV-Comparatives Performance TestHerbert Rodriguez
 
From Code to Customer: How to Make Software Products Secure
From Code to Customer: How to Make Software Products SecureFrom Code to Customer: How to Make Software Products Secure
From Code to Customer: How to Make Software Products SecureKaspersky
 
Is Using Off-the-shelf Antimalware Product to Secure Your Medical Device a Go...
Is Using Off-the-shelf Antimalware Product to Secure Your Medical Device a Go...Is Using Off-the-shelf Antimalware Product to Secure Your Medical Device a Go...
Is Using Off-the-shelf Antimalware Product to Secure Your Medical Device a Go...Jose Lopez
 
Astaro Orange Paper Oss Myths Dispelled
Astaro Orange Paper Oss Myths DispelledAstaro Orange Paper Oss Myths Dispelled
Astaro Orange Paper Oss Myths Dispelledlosalamos
 
Penetration testing dont just leave it to chance
Penetration testing dont just leave it to chancePenetration testing dont just leave it to chance
Penetration testing dont just leave it to chanceDr. Anish Cheriyan (PhD)
 
Vulnerability , Malware and Risk
Vulnerability , Malware and RiskVulnerability , Malware and Risk
Vulnerability , Malware and RiskSecPod Technologies
 
Colby_Sawyer_white_paper final 2
Colby_Sawyer_white_paper final 2Colby_Sawyer_white_paper final 2
Colby_Sawyer_white_paper final 2Scott Brown
 
AV-Comparatives Real World Protection Test
AV-Comparatives Real World Protection TestAV-Comparatives Real World Protection Test
AV-Comparatives Real World Protection TestHerbert Rodriguez
 
How to automate your DevSecOps successfully
How to automate your DevSecOps successfullyHow to automate your DevSecOps successfully
How to automate your DevSecOps successfullyManuel Pistner
 
AV-Comparatives’ 2017 business software review
AV-Comparatives’ 2017 business software reviewAV-Comparatives’ 2017 business software review
AV-Comparatives’ 2017 business software reviewJermund Ottermo
 
It's Your Move: The Changing Game of Endpoint Security
It's Your Move: The Changing Game of Endpoint SecurityIt's Your Move: The Changing Game of Endpoint Security
It's Your Move: The Changing Game of Endpoint SecurityLumension
 
Malware Protection Week5Part4-IS Revision Fall2013 .docx
Malware Protection Week5Part4-IS Revision Fall2013 .docxMalware Protection Week5Part4-IS Revision Fall2013 .docx
Malware Protection Week5Part4-IS Revision Fall2013 .docxinfantsuk
 

Similar to Antivirus Comparative junio 2014 (20)

Avc prot 2012b_en
Avc prot 2012b_enAvc prot 2012b_en
Avc prot 2012b_en
 
Antivirus test-wholedynamic2010
Antivirus test-wholedynamic2010Antivirus test-wholedynamic2010
Antivirus test-wholedynamic2010
 
AV Comparatives 2013 (Comparación de Antivirus)
AV Comparatives 2013 (Comparación de Antivirus)AV Comparatives 2013 (Comparación de Antivirus)
AV Comparatives 2013 (Comparación de Antivirus)
 
Avc per 201304_en
Avc per 201304_enAvc per 201304_en
Avc per 201304_en
 
ANTIVIRUS
ANTIVIRUSANTIVIRUS
ANTIVIRUS
 
AV-Comparatives Performance Test
AV-Comparatives Performance TestAV-Comparatives Performance Test
AV-Comparatives Performance Test
 
Performance dec 2010
Performance dec 2010Performance dec 2010
Performance dec 2010
 
Avc per 201206_en
Avc per 201206_enAvc per 201206_en
Avc per 201206_en
 
From Code to Customer: How to Make Software Products Secure
From Code to Customer: How to Make Software Products SecureFrom Code to Customer: How to Make Software Products Secure
From Code to Customer: How to Make Software Products Secure
 
Is Using Off-the-shelf Antimalware Product to Secure Your Medical Device a Go...
Is Using Off-the-shelf Antimalware Product to Secure Your Medical Device a Go...Is Using Off-the-shelf Antimalware Product to Secure Your Medical Device a Go...
Is Using Off-the-shelf Antimalware Product to Secure Your Medical Device a Go...
 
Astaro Orange Paper Oss Myths Dispelled
Astaro Orange Paper Oss Myths DispelledAstaro Orange Paper Oss Myths Dispelled
Astaro Orange Paper Oss Myths Dispelled
 
Avc fdt 201209_en
Avc fdt 201209_enAvc fdt 201209_en
Avc fdt 201209_en
 
Penetration testing dont just leave it to chance
Penetration testing dont just leave it to chancePenetration testing dont just leave it to chance
Penetration testing dont just leave it to chance
 
Vulnerability , Malware and Risk
Vulnerability , Malware and RiskVulnerability , Malware and Risk
Vulnerability , Malware and Risk
 
Colby_Sawyer_white_paper final 2
Colby_Sawyer_white_paper final 2Colby_Sawyer_white_paper final 2
Colby_Sawyer_white_paper final 2
 
AV-Comparatives Real World Protection Test
AV-Comparatives Real World Protection TestAV-Comparatives Real World Protection Test
AV-Comparatives Real World Protection Test
 
How to automate your DevSecOps successfully
How to automate your DevSecOps successfullyHow to automate your DevSecOps successfully
How to automate your DevSecOps successfully
 
AV-Comparatives’ 2017 business software review
AV-Comparatives’ 2017 business software reviewAV-Comparatives’ 2017 business software review
AV-Comparatives’ 2017 business software review
 
It's Your Move: The Changing Game of Endpoint Security
It's Your Move: The Changing Game of Endpoint SecurityIt's Your Move: The Changing Game of Endpoint Security
It's Your Move: The Changing Game of Endpoint Security
 
Malware Protection Week5Part4-IS Revision Fall2013 .docx
Malware Protection Week5Part4-IS Revision Fall2013 .docxMalware Protection Week5Part4-IS Revision Fall2013 .docx
Malware Protection Week5Part4-IS Revision Fall2013 .docx
 

Recently uploaded

04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...HostedbyConfluent
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersThousandEyes
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksSoftradix Technologies
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Paola De la Torre
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxLBM Solutions
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxOnBoard
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 

Recently uploaded (20)

04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other Frameworks
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptx
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food Manufacturing
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptx
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 

Antivirus Comparative junio 2014

  • 1. Whole Product Dynamic “Real-World” Protection Test – (March-June 2014) www.av-comparatives.org - 1 - Whole Product Dynamic ““““Real-World”””” Protection Test March-June 2014 Language: English July 2014 Last revision: 15th July 2014 www.av-comparatives.org
  • 2. Whole Product Dynamic “Real-World” Protection Test – (March-June 2014) www.av-comparatives.org - 2 - Content Introduction............................................................ 2 Content................................................................... 2 Test Procedure......................................................... 4 Settings.................................................................. 5 Preparation for every testing day .............................. 5 Testing Cycle for each malicious URL ......................... 5 Test Set .................................................................. 6 Tested products ....................................................... 7 Test Cases ............................................................... 8 Results ................................................................... 8 Summary Results (March-June) ................................. 9 Award levels reached in this test............................... 14 Copyright and Disclaimer.......................................... 15
  • 3. Whole Product Dynamic “Real-World” Protection Test – (March-June 2014) www.av-comparatives.org - 3 - Introduction Malicious software poses an ever-increasing threat, not only due to the number of malware programs increasing, but also due to the nature of the threats. Infection vectors are changing from simple file- based methods to distribution via the Internet. Malware is increasingly focussing on users, e.g. by deceiving them into visiting infected web pages, installing rogue/malicious software or opening emails with malicious attachments. The scope of protection offered by antivirus programs is extended by the inclusion of e.g. URL-blockers, content filtering, reputation systems and user-friendly behaviour-blockers. If these features are perfectly coordinated with the signature-based and heuristic detection, the protection provided against threats increases. In this test, all protection features of the product can be used to prevent infection - not just signatures or heuristic file scanning. A suite can step in at any stage of the process – accessing the URL, downloading the file, formation of the file on the local hard drive, file access, file execution – to protect the PC. This means that the test achieves the most realistic way of determining how well the security product protects the PC. Because all of a suite’s components can be used to protect the PC, it is possible for a product to score well in the test by having e.g. very good behavioural protection, but a weak URL blocker. However, we would recommend that all parts of a product should be as effective as possible. It should be borne in mind that not all malware enters computer systems via the Internet, and that e.g. a URL blocker is ineffective against malware introduced to a PC via a USB flash drive or over the local area network. In spite of these new technologies, it remains very important that the signature-based and heuristic detection abilities of antivirus programs continue to be tested. Even with all the protection features available, the growing frequency of zero-day attacks means that some computers will inevitably become infected. As signatures can be updated, they provide the opportunity to recognize and remove malware which was initially missed by the security software. The newer, “non-conventional” protection technologies often offer no means of checking existing data stores for already-infected files, which can be found on the file servers of many companies. Those new security layers should be understood as an addition to good detection rates, not as replacement. The Whole-Product Dynamic “Real-World” Protection test is a joint project of AV-Comparatives and the University of Innsbruck’s Faculty of Computer Science and Quality Engineering. It is partially funded by the Republic of Austria. The methodology of our Real-World Protection Test has received the following awards and certifications, including: • Constantinus Award – given by the Austrian government • Cluster Award – given by the Standortagentur Tirol – Tyrolean government • eAward – given by report.at (magazine for Computer Science) and the Office of the Federal Chancellor • Innovationspreis IT – “Best Of” – given by Initiative Mittelstand Germany
  • 4. Whole Product Dynamic “Real-World” Protection Test – (March-June 2014) www.av-comparatives.org - 4 - Test Procedure Testing dozens of antivirus products with hundreds of URLs each per day is a great deal of work, which cannot be done manually (as it would involve visiting thousands of websites in parallel), so it is necessary to use some sort of automation. Lab Setup Every potential test-case to be used in the test is run and analysed on a clean machine without antivirus software, to ensure that it is a suitable candidate. If the malware meets both of these criteria, the source URL is added to the list to be tested with security products. Any test cases which turn out not to be appropriate are excluded from the test set. Every security program to be tested is installed on its own test computer. All computers are connected to the Internet. Each system is manually updated every day, and each product is updated before every single test case. Each test PC has its own external IP address. We make special arrangements with ISPs to ensure a stable Internet connection for each PC, and take the necessary precautions (with specially configured firewalls etc.) not to harm other computers (i.e. not to cause outbreaks). Software The tests are performed under Microsoft Windows 7 Home Premium SP1 64-Bit, with updates as at 4th February 2014. Some further installed software includes: Vendor Product Version Vendor Product Version Adobe Flash Player ActiveX 12.0 Microsoft Office Home 2013 Adobe Flash Player Plug-In 12.0 Microsoft .NET Framework 4.5 Adobe Acrobat Reader 11.0 Mozilla Firefox 27.0 Apple QuickTime 7.7 Oracle Java 1.7.0.51 Microsoft Internet Explorer 11.0 VideoLAN VLC Media Player 2.1.2 The use of more up-to-date third-party software and an updated Microsoft Windows 7 64-Bit made it much harder to find exploits in-the-field for the test. This should also remind users always to keep their systems and applications up-to-date, in order to minimize the risk of being infected through exploits which use unpatched software vulnerabilities.
  • 5. Whole Product Dynamic “Real-World” Protection Test – (March-June 2014) www.av-comparatives.org - 5 - Settings We use every security suite with its default settings. Our Whole-Product Dynamic Protection Test aims to simulate real-world conditions as experienced every day by users. If user interactions are required, we always choose “Allow” or equivalent. If the product protects the system anyway, we count the malware as blocked, even though we allow the program to run when the user is asked to make a decision. If the system is compromised, we count it as user-dependent. We consider “protection” to mean that the system is not compromised. This means that the malware is not running (or is removed/terminated) and there are no significant/malicious system changes. An outbound-firewall alert about a running malware process, which asks whether or not to block traffic form the users’ workstation to the Internet, is too little, too late and not considered by us to be protection. Preparation for every testing day Every morning, any available security software updates are downloaded and installed, and a new base image is made for that day. Before each test case is carried out, the products have some time to download and install newer updates which have just been released, as well as to load their protection modules (which in several cases takes some minutes). In the event that a major signature update for a product is made available during the day, but fails to download/install before each test case starts, the product will at least have the signatures that were available at the start of the day. This replicates the situation of an ordinary user in the real world. Testing Cycle for each malicious URL Before browsing to each new malicious URL we update the programs/signatures (as described above). New major product versions (i.e. the first digit of the build number is different) are installed once at the beginning of the month, which is why in each monthly report we only give the main product version number. Our test software monitors the PC, so that any changes made by the malware will be recorded. Furthermore, the recognition algorithms check whether the antivirus program detects the malware. After each test case the machine is reset to its clean state. Protection Security products should protect the user’s PC. It is not very important at which stage the protection takes place. It could be while browsing to the website (e.g. protection through URL Blocker), while an exploit tries to run, while the file is being downloaded/created or when the malware is executed (either by the exploit or by the user). After the malware is executed (if not blocked before), we wait several minutes for malicious actions and also to give e.g. behaviour-blockers time to react and remedy actions performed by the malware. If the malware is not detected and the system is indeed infected/compromised, the process goes to “System Compromised”. If a user interaction is required and it is up to the user to decide if something is malicious, and in the case of the worst user decision the system gets compromised, we rate this as “user-dependent”. Because of this, the yellow bars in the results graph can be interpreted either as protected or not protected (it’s up to each individual user to decide what he/she would probably do in that situation).
  • 6. Whole Product Dynamic “Real-World” Protection Test – (March-June 2014) www.av-comparatives.org - 6 - Due to the dynamic nature of the test, i.e. mimicking real-world conditions, and because of the way several different technologies (such as cloud scanners, reputation services, etc.) work, it is a matter of fact that such tests cannot be repeated or replicated in the way that e.g. static detection rate tests can. Anyway, we log as much data as reasonably possible to support our findings and results. Vendors are invited to provide useful log functions in their products that can provide the additional data they want in the event of disputes. After each testing month, manufacturers are given the opportunity to dispute our conclusion about the compromised cases, so that we can recheck if there were maybe some problems in the automation or with our analysis of the results. In the case of cloud products, we can only consider the results that the products achieved in our lab at the time of testing; sometimes the cloud services provided by the security vendors are down due to faults or maintenance downtime by the vendors, but these cloud-downtimes are often not disclosed to the users by the vendors. This is also a reason why products relying too heavily on cloud services (and not making use of local heuristics, behavior blockers, etc.) can be risky, as in such cases the security provided by the products can decrease significantly. Cloud signatures/reputation should be implemented in the products to complement the other local/offline protection features, but not replace them completely, as e.g. offline cloud services would mean the PCs being exposed to higher risks. Test Set We aim to use visible and relevant malicious websites/malware that are currently out there, and present a risk to ordinary users. We usually try to include about 50% URLs that point directly to malware executables; this causes the malware file to be downloaded, thus replicating a scenario in which the user is tricked by social engineering into following links in spam mails or websites, or installing some Trojan or other malicious software. The rest are drive-by exploits - these are usually well covered by almost all major security products, which may be one reason why the scores look relatively high. We use our own crawling system to search continuously for malicious sites and extract malicious URLs (including spammed malicious links). We also search manually for malicious URLs. If our in-house crawler does not find enough valid malicious URLs on one day, we have contracted some external researchers to provide additional malicious URLs (initially for the exclusive use of AV-Comparatives) and look for additional (re)sources. In this kind of testing, it is very important to use enough test cases. If an insufficient number of samples is used in comparative tests, differences in results may not indicate actual differences in protective capabilities among the tested products1 . Our tests use about 30 times more test cases (samples) per product and month than any similar test performed by other testing labs. Because of the higher statistical significance this achieves, we consider all the products in each results cluster to be equally effective, assuming that they have a false-positives rate below the industry average. In total (including FP testing), about 150,000 test cases were executed, that is 4,003 malicious test cases and 2,000 clean test cases for each of the 23 products tested. 1 Read more in the following paper: http://www.av-comparatives.org/images/stories/test/statistics/somestats.pdf
  • 7. Whole Product Dynamic “Real-World” Protection Test – (March-June 2014) www.av-comparatives.org - 7 - Comments Microsoft Security Essentials, which provides basic malware protection, can easily be installed from Windows Update, and is used as the basis of comparison for malware protection. Microsoft Windows 7 includes a firewall and automatic updates, and warns users about executing files downloaded from the Internet. Most modern browsers include phishing/URL-Filters and warn users about downloading files from the Internet. Despite the various build-in protection features, systems can become infected anyway. The reason for this is usually the ordinary user, who may be tricked by social engineering into visiting malicious websites or installing malicious software. Users expect a security product not to ask them if they really want to e.g. execute a file, but expect that the security product will protect the system in any case without them having to think about it, and despite what they do (e.g. executing unknown files). Tested products For this test we normally use the Internet security suite, as any protection features that prevent the system from being compromised can be used. However, a vendor can choose to enter their basic antivirus product instead, if they prefer. The main versions of the products tested in each monthly test run are shown below: Vendor Product Version March Version April Version May Version June AhnLab V3 Internet Security 8.0 8.0 8.0 8.0 Avast Free Antivirus 2014 2014 2014 2014 AVG Internet Security 2014 2014 2014 2014 Avira Internet Security 14.0 14.0 14.0 14.0 Baidu Internet Security 2014 2014 2014 2014 Bitdefender Internet Security 2014 2014 2014 2014 BullGuard Internet Security 14.0 14.0 14.0 14.0 Emsisoft Anti-Malware 8.1 8.1 8.1 8.1 eScan Internet Security 14.0 14.0 14.0 14.0 ESET Smart Security 7.0 7.0 7.0 7.0 F-Secure Internet Security 2014 2014 2014 2014 Fortinet FortiClient (with FortiGate)2 5.0 5.0 5.0 5.0 Kaspersky Internet Security 2014 2014 2014 2014 Kingsoft Internet Security 2013.SP6 2013.SP6 2013.SP6 2013.SP6 Lavasoft Ad-Aware Free Antivirus+ 11.1 11.1 11.2 11.2 McAfee Internet Security 2014 2014 2014 2014 Microsoft Security Essentials 4.4 4.5 4.5 4.5 Panda Cloud Free Antivirus 2.3 2.3 3.0 3.0 Qihoo 360 Internet Security 4.9 4.9 4.9 5.0 Sophos Endpoint Security 10.3 10.3 10.3 10.3 Tencent QQ PC Manager 8.9 8.10 8.10 8.10 ThreatTrack Vipre Internet Security 2014 2014 2014 2014 Trend Micro Titanium Internet Security 2014 2014 2014 2014 2 The cloud-based behaviour-analysis feature of Fortinet is only available to enterprises customers who also purchased a FortiGate.
  • 8. Whole Product Dynamic “Real-World” Protection Test – (March-June 2014) www.av-comparatives.org - 8 - Test Cases Test period Test cases 4th to 28th March 2014 1264 2nd to 27th April 2014 1030 5th to 23rd May 2014 655 2nd to 30th June 2014 1054 TOTAL 4003 Results Below you can see an overview of the individual testing months3 . March 2014 – 1264 test cases April 2014 – 1030 test cases May 2014 – 655 test cases June 2014 – 1054 test cases We purposely do not give exact numbers for the individual months in this report, to avoid the minor differences of a few cases being misused to state that one product is better than the other in a given month and with a given test-set size. We provide the total numbers in the overall reports, where the size of the test-set is bigger, and differences that are more significant may be observed. 3 Interested users who want to see the exact protection rates and FP rates for every month can see the monthly updated interactive charts on our website: http://chart.av-comparatives.org/chart1.php
  • 9. Whole Product Dynamic “Real-World” Protection Test – (March-June 2014) www.av-comparatives.org - 9 - Summary Results (March-June) Test period: March – June 2014 (4003 Test cases) Blocked User dependent Compromised PROTECTION RATE [Blocked % + (User dependent %)/2]4 Cluster5 Panda 3998 - 5 99,9% 1 Bitdefender 3996 - 7 99,8% 1 AVIRA 3991 - 12 99,7% 1 Emsisoft 3981 17 5 99,7% 1 Kaspersky Lab 3984 8 11 99,6% 1 Qihoo 3972 16 15 99,4% 1 ESET 3970 - 33 99,2% 1 Fortinet 3963 - 40 99,0% 1 F-Secure 3939 24 40 98,7% 1 McAfee 3920 - 83 97,9% 2 eScan 3822 149 32 97,3% 2 Sophos 3896 - 107 97,3% 2 Trend Micro 3799 193 11 97,3% 2 AVG 3876 26 101 97,2% 2 Avast 3883 - 120 97,0% 2 BullGuard 3758 197 48 96,3% 2 Tencent 3718 218 67 95,6% 2 Kingsoft 3761 116 126 95,4% 2 Baidu 3752 - 251 93,7% 3 ThreatTrack Vipre 3743 - 260 93,5% 3 Lavasoft 3694 - 309 92,3% 3 AhnLab 3552 1 450 88,7% 4 Microsoft 3550 - 453 88,7% 4 4 User-dependent cases are given half credit. For example, if a program blocks 80% by itself, and another 20% of cases are user-dependent, we give half credit for the 20%, i.e. 10%, so it gets 90% altogether. 5 Hierarchical Clustering Method: defining four clusters using average linkage between groups (Euclidian distance) based on the protection rate (see dendrogram on page 12).
  • 10. Whole Product Dynamic “Real-World” Protection Test – (March-June 2014) www.av-comparatives.org - 10 - The graph below shows the overall protection rate (all samples), including the minimum and maximum protection rates for the individual months.
  • 11. Whole Product Dynamic “Real-World” Protection Test – (March-June 2014) www.av-comparatives.org - 11 - Whole-Product “False Alarm” Test (wrongly blocked domains/files) The false-alarm test in the Whole-Product Dynamic “Real-World” Protection Test consists of two parts: wrongly blocked domains (while browsing) and wrongly blocked files (while downloading/installing). It is necessary to test both scenarios because testing only one of the two above cases could penalize products that focus mainly on one type of protection method, either URL filtering or on- access/behaviour/reputation-based file protection. a) Wrongly blocked domains (while browsing) We used around one thousand randomly chosen popular domains. Blocked non-malicious domains/URLs were counted as false positives (FPs). The wrongly blocked domains have been reported to the respective vendors for review and should now no longer be blocked. By blocking whole domains, the security products not only risk causing a loss of trust in their warnings, but also possibly causing financial damage (besides the damage to website reputation) to the domain owners, including loss of e.g. advertisement revenue. Due to this, we strongly recommend vendors to block whole domains only in the case where the domain’s sole purpose is to carry/deliver malicious code, and otherwise block just to the malicious pages (as long as they are indeed malicious). Products which tend to block URLs based e.g. on reputation may be more prone to this and score also higher in protection tests, as they may block many unpopular/new websites. b) Wrongly blocked files (while downloading/installing) We used around one thousand different applications listed either as top downloads or as new/recommended downloads from various download portals. The applications were downloaded from the original software developers’ websites (instead of the download portal host), saved to disk and installed to see if they are blocked at any stage of this procedure. Additionally, we included a few clean files that were encountered and disputed over the past months of the Real-World Protection Test. The duty of security products is to protect against malicious sites/files, not to censor or limit the access only to well-known popular applications and websites. If the user deliberately chooses a high security setting, which warns that it may block some legitimate sites or files, then this may be considered acceptable. However, we do not regard it to be acceptable as a default setting, where the user has not been warned. As the test is done at points in time and FPs on very popular software/websites are usually noticed and fixed within a few hours, it would be surprising to encounter FPs with very popular applications. Due to this, FP tests which are done e.g. only with very popular applications, or which use only the top 50 files from whitelisted/monitored download portals would be a waste of time and resources. Users do not care whether they are infected by malware that affects only them, just as they do not care if the FP count affects only them. While it is preferable that FPs do not affect many users, it should be the goal to avoid having any FPs and to protect against any malicious files, no matter how many users are affected or targeted. Prevalence of FPs based on user-base data is of interest for internal QA testing of AV vendors, but for the ordinary user it is important to know how accurately its product distinguishes between clean and malicious files.
  • 12. Whole Product Dynamic “Real-World” Protection Test – (March-June 2014) www.av-comparatives.org - 12 - The below table shows the numbers of wrongly blocked domains/files: Wrongly blocked clean domains/files (blocked / user-dependent6 ) Wrongly blocked score7 AhnLab, Avast, ESET, Kaspersky Lab, Lavasoft, Microsoft - / - (-) - AVG, Baidu, Panda 1 / - (1) 1 BullGuard 1 / 1 (2) 1.5 AVIRA 3 / - (3) 3 Qihoo 3 / 1 (4) 3.5 Tencent 3 / 2 (5) 4 Emsisoft 5 / - (5) 5 Sophos 8 / - (8) 8 Kingsoft 9 / 1 (10) 9.5 Bitdefender, Fortinet 10 / - (10) 10 average (13) average (11) eScan 18 / - (18) 18 F-Secure 19 / 7 (26) 22.5 ThreatTrack Vipre 27 / - (27) 27 Trend Micro 24 / 57 (81) 52.5 McAfee 82 / - (82) 82 To determine which products have to be downgraded in our award scheme due to the rate of wrongly blocked sites/files, we backed up our decision by using statistical methods and by looking at the average scores. The following products with above-average FPs have been downgraded: eScan, F-Secure, McAfee, Trend Micro and ThreatTrack Vipre. 6 Although user dependent cases are extremely annoying (esp. on clean files) for the user, they were counted only as half for the “wrongly blocked rate” (like for the protection rate). 7 Lower is better.
  • 13. Whole Product Dynamic “Real-World” Protection Test – (March-June 2014) www.av-comparatives.org - 13 - Illustration of how awards were given The dendrogram (using average linkage between groups) shows the results of the hierarchical cluster analysis. It indicates at what level of similarity the clusters are joined. The red drafted line defines the level of similarity. Each intersection indicates a group (in this case 4 groups). Products that had above- average FPs (wrongly blocked score) are marked in red (and downgraded according to the ranking system below). Ranking system Protection score Cluster8 4 Protection score Cluster 3 Protection score Cluster 2 Protection score Cluster 1 < ∅∅∅∅ FPs Tested Standard Advanced Advanced+ > ∅∅∅∅ FPs Tested Tested Standard Advanced The graph page 9 shows the test results compared to the average "out-of-box" malware protection in Microsoft Windows (red line). In Windows 8, this is provided by Windows Defender, which is pre-installed by default with the operating system. The equivalent in Windows 7 is Microsoft Security Essentials, which is not pre-installed, but can easily be added for free as an option via the Windows Update service. 8 See protection score clusters on page 9.
  • 14. Whole Product Dynamic “Real-World” Protection Test – (March-June 2014) www.av-comparatives.org - 14 - Award levels reached in this test The awards are decided and given by the testers based on the observed test results (after consulting statistical models). The following awards9 are for the results reached in this Whole-Product Dynamic “Real-World” Protection Test: AWARD LEVELS PRODUCTS Panda Bitdefender AVIRA Emsisoft Kaspersky Lab Qihoo ESET Fortinet F-Secure* Sophos AVG Avast BullGuard Tencent Kingsoft McAfee* eScan* Trend Micro* Baidu Lavasoft ThreatTrack Vipre* AhnLab * downgraded by one rank due to the score of wrongly blocked sites/files (FPs); see page 12 Expert users who do not care about wrongly blocked files/websites (false alarms) are free to rely on the protection rates on page 9 instead of our awards ranking which takes FPs in consideration. 9 Microsoft security products are not included in the awards page, as their out-of-box protection is (optionally) included in the operating system and is therefore out-of-competition.
  • 15. Whole Product Dynamic “Real-World” Protection Test – (March-June 2014) www.av-comparatives.org - 15 - Copyright and Disclaimer This publication is Copyright © 2014 by AV-Comparatives ®. Any use of the results, etc. in whole or in part, is ONLY permitted with the explicit written agreement of the management board of AV- Comparatives, prior to any publication. AV-Comparatives and its testers cannot be held liable for any damage or loss which might occur as a result of, or in connection with, the use of the information provided in this paper. We take every possible care to ensure the correctness of the basic data, but liability for the correctness of the test results cannot be taken by any representative of AV-Comparatives. We do not give any guarantee of the correctness, completeness, or suitability for a specific purpose of any of the information/content provided at any given time. No-one else involved in creating, producing or delivering test results shall be liable for any indirect, special or consequential damage, or loss of profits, arising out of, or related to, the use (or inability to use), the services provided by the website, test documents or any related data. For more information about AV-Comparatives and the testing methodologies please visit our website. AV-Comparatives (July 2014)