Andreas Clementi, who runs the web site av-comparatives.org, has released his latest report that looks at how well antivirus programs do against threats that have not yet been identified and included in standard AV signatures.
The test looked at 17 different products, including offerings from Symantec, McAfee, AVG, Kaspersky, and Microsoft, and tested how well releases dated February 2 (with no updates) fared against a swath of new malware—viruses, scripts, trojans, and other nasties—that were discovered between February 2 and May 2.
The winner of this antivirus sweepstakes was a product called Avira, which managed to detect and defeat 71 percent of the unknown malware. Right behind it was the equally-obscure NOD32, which swept away 68 percent of the threats. The more well-known commercial products fared more poorly. Norton Antivirus and McAfee tied at a mere 24 percent, while Microsoft's OneCare did even worse by only identifying 18 percent of the new threats. Resting at the bottom of the barrel were Kaspersky and eScan at nine percent, and AVG, which detected only eight percent of malicious software in addition to producing many false positives.
Most virus companies proudly promote the ability of their software to "preemptively" fight viruses that haven't been identified yet, but it is surprising how poorly most of the programs fared at this task. While the chances of being hit by a virus that hasn't been found is low, it does happen: a few years back I worked at an office that got hit by a virus on a Friday afternoon, and Norton didn't have an update ready until the following Monday. New viruses can be created easily by making minor modifications to existing code, and such mutant strains often fly under the radar of traditional signature-based scanners.
Clementi has been running comparative tests of antivirus software for some time: his first test was back in February 2004, doing tests on both known ("on-demand comparative") and unknown ("Retrospective/Proactive") threats. The last test for known malware was released in February, and the winner there was TrustPort AV from AEC which had an overall detection rate of 99.36 percent, with Norton at 96.83 percent, McAfee at 91.63 percent, and Microsoft OneCare achieving the lowest score at 82.4 percent.
Overall, the tests seem to indicate that for dealing with malware, the two leading programs (McAfee and Norton) are quite firmly in the middle of the pack in terms of effectiveness, and Microsoft evidently has some work to do to bring OneCare up to the level of its competitors.
Source:→ Ars TechnicaAnti Virus, Antivirus, Proframs, Software, Avira