We all use (or at least we should all use) an Anti-Virus (AV) product on our computer to protect it from malware (yes, that includes you Mac and Linux users as well). Rogue Anti-Malware is on the increase and users should be wary of what they install, but if we do choose a big vendor and pay money for it, does it protect our machine from all threats?
Well the answer is no. No security product can be 100% secure, but how secure are they actually? There have been a number of recent surveys and their results show that things are probably improving, but there's still a significant gap. AV-Comparatives.org showed that in their tests, G Data was the best with a 99.8% detection rate of known malware, with Norman being the worst of the 16 at 84.8%. Known malware was taken to be malware from a period of one year that ended 8 months prior to the test. This is important to stress; these weren't new malware instances, these were old known malware that all vendors will have seen and had time to develop their product to combat.
There's another potential issue as well. What settings do you use on your AV product? Do you use the default settings? Several products do come with the highest protection set as default, but not all. Kaspersky, Symantec and Sophos, for example, don't have the highest security settings by default (although Sophos, to their credit, asked AV-Comparatives to test them with default settings, unlike the other two who asked to be tested with settings changed to high security). McAfee use a cloud-based technology called Artemis, which is on by default, but requires an internet connection. Their test scores come down from 98.7% detection rate when online to 92.6% when offline. So be wary about the settings that you use and the mode of use as well, as it can make a big difference.
AV-Test.org also performed similar tests with more current malware, with similar results. In their tests, Symantec came out top with a score of 98% malware detected and Trend Micro with 83.3%. I'll pick out a few big names so that I can give you average figures from both testing labs.
This isn't the full story though. The above tests are detected existing malware. There are two other metrics that we need to look at. The first of these is the removal or blocking rate. This is the percentage of malware instances that were blocked or removed by the AV product. The others will have infected the machine. AV-Test.org correctly point out that this is a much more important metric than detected malware, as if an AV product detects it but still allows it to install, then you are only marginally better off than if you didn't know about it at all - your machine is still infected. Their tests show that the blocking rates are a chunk down from the detection rates, with the best now being PC Tools at 94.8% and the worst being CA Internet Security at 73.5%. Blocking rate figures for the set of AV products are also given in the table above.
The final thing to consider is the detection rate of new malware that hasn't been seen before, i.e. from live attacks. Cyveillance performed a set of tests sending live attack malware through a set of the top AV products on a daily basis to see how they performed. In their tests, cloud-based McAfee came out top at 44% and VirusBuster bottom on 16%. AV-Comparatives performed a similar test and came out with slightly better results, ranging from AVIRA on 74% down to Norman on 32%. Again, I have averaged their figures to include in the table above.
Conclusion: you could use more than one AV product as long as they don't conflict. However, it is essential that you keep the product up-to-date at all times and configure it for maximum protection.
Well the answer is no. No security product can be 100% secure, but how secure are they actually? There have been a number of recent surveys and their results show that things are probably improving, but there's still a significant gap. AV-Comparatives.org showed that in their tests, G Data was the best with a 99.8% detection rate of known malware, with Norman being the worst of the 16 at 84.8%. Known malware was taken to be malware from a period of one year that ended 8 months prior to the test. This is important to stress; these weren't new malware instances, these were old known malware that all vendors will have seen and had time to develop their product to combat.
There's another potential issue as well. What settings do you use on your AV product? Do you use the default settings? Several products do come with the highest protection set as default, but not all. Kaspersky, Symantec and Sophos, for example, don't have the highest security settings by default (although Sophos, to their credit, asked AV-Comparatives to test them with default settings, unlike the other two who asked to be tested with settings changed to high security). McAfee use a cloud-based technology called Artemis, which is on by default, but requires an internet connection. Their test scores come down from 98.7% detection rate when online to 92.6% when offline. So be wary about the settings that you use and the mode of use as well, as it can make a big difference.
AV-Test.org also performed similar tests with more current malware, with similar results. In their tests, Symantec came out top with a score of 98% malware detected and Trend Micro with 83.3%. I'll pick out a few big names so that I can give you average figures from both testing labs.
| Product | Existing Detection | Blocking | Live Detection |
|---|---|---|---|
| Symantec | 98.2% | 92.8% | 35.5% |
| Kaspersky | 96.1% | 89.9% | 41.0% |
| McAfee | 93.0% | 86.7% | 45.5% |
| AVG | 93.1% | 84.2% | 40.0% |
| F-Secure | 91.9% | 80.2% | 42.0% |
This isn't the full story though. The above tests are detected existing malware. There are two other metrics that we need to look at. The first of these is the removal or blocking rate. This is the percentage of malware instances that were blocked or removed by the AV product. The others will have infected the machine. AV-Test.org correctly point out that this is a much more important metric than detected malware, as if an AV product detects it but still allows it to install, then you are only marginally better off than if you didn't know about it at all - your machine is still infected. Their tests show that the blocking rates are a chunk down from the detection rates, with the best now being PC Tools at 94.8% and the worst being CA Internet Security at 73.5%. Blocking rate figures for the set of AV products are also given in the table above.
The final thing to consider is the detection rate of new malware that hasn't been seen before, i.e. from live attacks. Cyveillance performed a set of tests sending live attack malware through a set of the top AV products on a daily basis to see how they performed. In their tests, cloud-based McAfee came out top at 44% and VirusBuster bottom on 16%. AV-Comparatives performed a similar test and came out with slightly better results, ranging from AVIRA on 74% down to Norman on 32%. Again, I have averaged their figures to include in the table above.
Conclusion: you could use more than one AV product as long as they don't conflict. However, it is essential that you keep the product up-to-date at all times and configure it for maximum protection.
Comments
Post a Comment