- Feb 7, 2014
- 1,540
- Content source
- http://www.pcmag.com/article2/0,2817,2482246,00.asp
Smacking down viruses, Trojans, and ransomware is important, but it's not the only task for an antivirus. Leaving valid programs alone is also a big deal. In the latest test results from Dennis Labs, the very best products balanced both of these tasks.
Dennis Technology Labs take these tactics into account when testing antivirus software with a test system that ensures each product gets hit by precisely the same attack. It's meant to be as close as you can come to a real user's experience.
Every day for two months, the researchers select newly-discovered malicious sites and use a capture/replay system to present each of ten antivirus products with the exact same scenario. The number of products is low because this test is seriously labor-intensive. After two months of testing, they collect and analyze the results to produce a quarterly report.
Nine products remain the same from quarter to quarter (though Webroot replacesBitdefender starting this quarter). The tenth slot goes to a rotating guest product. For the first quarter of 2015, Panda Free Antivirus was the guest.
Scoring Protection
The best antivirus protection stops the attack before it ever reaches your computer—this kind of complete defense earns three points. If the malware launches but then gets detected and cleaned up, that's still worth a point. And if the cleanup is complete, with no dangerous traces left, that's worth another point. A product that fails to detect the malware, or lets it damage the test system, loses five points. With 100 samples, the possible scores range from 300 to minus 500.
Final certification ratings incorporate both the detection test and a separate very detailed test that examines how successfully the antivirus products refrain from blocking or warning about valid programs. The false positives test takes into account each sample's prevalence and also distinguishes degrees of bad behavior. Wiping out a valid program and reporting it as malware is worse than asking the user whether to block or allow it, for example. For full details, see the Dennis Technology Labs website.
Certification Levels
Depending on their performance in the two halves of this test, products can earn certification at five levels: AAA, AA, A, B, or C. Panda squeaked by with C-level certification. Kaspersky, Norton, ESET, Avast, and Trend Micro managed AAA. Of all the products tested, only Microsoft didn't earn at least a C.
Webroot hasn't been officially included before, but in a test commissioned last year it took AAA certification. It is worth noting that Webroot's handling of new, unknown malware differs from most. If a process isn't recognized as good or bad, Webroot journals all its actions and submits them for cloud analysis. Later, if this analysis reveals the process is malicious, Webroot uses the journal to reverse everything the process did. Alas, at the last minute Dennis Labs researchers determined they hadn't fully accounted for this unusual detection style in the current test, so Webroot's results had to be pulled.
As always, I salute the researchers that perform these onerous tests in order to help consumers determine just which antivirus is the most effective. I only wish this particular test could include more of the popular antivirus utilities.
Dennis Technology Labs take these tactics into account when testing antivirus software with a test system that ensures each product gets hit by precisely the same attack. It's meant to be as close as you can come to a real user's experience.
Every day for two months, the researchers select newly-discovered malicious sites and use a capture/replay system to present each of ten antivirus products with the exact same scenario. The number of products is low because this test is seriously labor-intensive. After two months of testing, they collect and analyze the results to produce a quarterly report.
Nine products remain the same from quarter to quarter (though Webroot replacesBitdefender starting this quarter). The tenth slot goes to a rotating guest product. For the first quarter of 2015, Panda Free Antivirus was the guest.
Scoring Protection
The best antivirus protection stops the attack before it ever reaches your computer—this kind of complete defense earns three points. If the malware launches but then gets detected and cleaned up, that's still worth a point. And if the cleanup is complete, with no dangerous traces left, that's worth another point. A product that fails to detect the malware, or lets it damage the test system, loses five points. With 100 samples, the possible scores range from 300 to minus 500.
Final certification ratings incorporate both the detection test and a separate very detailed test that examines how successfully the antivirus products refrain from blocking or warning about valid programs. The false positives test takes into account each sample's prevalence and also distinguishes degrees of bad behavior. Wiping out a valid program and reporting it as malware is worse than asking the user whether to block or allow it, for example. For full details, see the Dennis Technology Labs website.
Certification Levels
Depending on their performance in the two halves of this test, products can earn certification at five levels: AAA, AA, A, B, or C. Panda squeaked by with C-level certification. Kaspersky, Norton, ESET, Avast, and Trend Micro managed AAA. Of all the products tested, only Microsoft didn't earn at least a C.
Webroot hasn't been officially included before, but in a test commissioned last year it took AAA certification. It is worth noting that Webroot's handling of new, unknown malware differs from most. If a process isn't recognized as good or bad, Webroot journals all its actions and submits them for cloud analysis. Later, if this analysis reveals the process is malicious, Webroot uses the journal to reverse everything the process did. Alas, at the last minute Dennis Labs researchers determined they hadn't fully accounted for this unusual detection style in the current test, so Webroot's results had to be pulled.
As always, I salute the researchers that perform these onerous tests in order to help consumers determine just which antivirus is the most effective. I only wish this particular test could include more of the popular antivirus utilities.
