AV-Comparatives AV-Comparatives - Real-World Protection Test February-May 2020

Disclaimer
  1. This test shows how an antivirus behaves with certain threats, in a specific environment and under certain conditions.
    We encourage you to compare these results with others and take informed decisions on what security products to use.
    Before buying an antivirus you should consider factors such as price, ease of use, compatibility, and support. Installing a free trial version allows an antivirus to be tested in everyday use before purchase.

Gandalf_The_Grey

Level 76
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
6,505
Introduction

Malicious software poses an ever-increasing threat, not only due to the number of malware programs increasing, but also due to the nature of the threats. Infection vectors are changing from simple file-based methods to distribution via the Internet. Malware is increasingly focusing on users, e.g. by deceiving them into visiting infected web pages, installing rogue/malicious software or opening emails with malicious attachments. The scope of protection offered by antivirus programs is extended by the inclusion of e.g. URL-blockers, content filtering, cloud reputation systems, ML-based static and dynamic detections and user-friendly behavior-blockers. If these features are perfectly coordinated with the signature-based and heuristic detection, the protection provided against threats increases.

In this test, all protection features of the product can be used to prevent infection – not just signatures or heuristic file scanning. A suite can step in at any stage of the process – accessing the URL, downloading the file, formation of the file on the local hard drive, file access and file execution – to protect the PC. This means that the test achieves the most realistic way of determining how well the security product protects the PC. Because all of a suite’s components can be used to protect the PC, it is possible for a product to score well in the test by having e.g. very good behavioral protection, but a weak URL blocker. However, we would recommend that all parts of a product should be as effective as possible. It should be borne in mind that not all malware enters computer systems via the Internet, and that e.g. a URL blocker is ineffective against malware introduced to a PC via a USB flash drive or over the local area network.

In spite of these technologies, it remains very important that also conventional and non-cloud features such as the signature-based and heuristic detection abilities of antivirus programs continue to be tested. Even with all the protection features available, the growing frequency of zero-day attacks means that some computers will inevitably become infected. As signatures can be updated, they provide the opportunity to recognize and remove malware which was initially missed by the security software. Other protection technologies often offer no means of checking existing data stores for already-infected files, which can be found on the file servers of many companies. Those security layers should be understood as an addition to good detection rates, not as a replacement.

The Real-World Protection test is a joint project of AV-Comparatives and the University of Innsbruck’s Faculty of Computer Science and Quality Engineering. It is partially funded by the Republic of Austria.
 

RoboMan

Level 34
Verified
Top Poster
Content Creator
Well-known
Jun 24, 2016
2,399
Oh no Kaspersky missed 1 sample :cry: :cry: :cry: :cry:

Worst AV in the world, I feel scammed!!!!!!!!!!!!!!!!!!!!!

SIKE

----------------

On all seriousness, the only thing that really surprises me is the quickly Microsoft's AV climbed through the bottom to the top in... what, a few years? Microsoft is #commited, I respect that.
 

fabiobr

Level 12
Verified
Top Poster
Well-known
Mar 28, 2019
561
Norton and F-secure did well, but too many FPs :(

Norton has TOO many FPs on these tests, but never experienced one using it.

Bitdefender could be better, has a good web filter. Kaspersky went great as usual.

What impressed me was Panda with good block, but we can't say anything with just one test.

All these which received Advanced+ deserves it, great suites.
 
Last edited:

marcopaone

Level 7
Verified
Well-known
Jul 15, 2016
321
1592232355267.png

What a joke.
A missed sample is worse than a false positive.
 

EndangeredPootis

Level 10
Verified
Well-known
Sep 8, 2019
461
Oh how fun, they have started testing totalav, as it seemed like they needed more attention then they deserve...
Also, how does F secure fare better than avira altough using the avira engine?
 
Last edited:

MacDefender

Level 16
Verified
Top Poster
Oct 13, 2019
779
Norton and F-secure did well, but too many FPs :(

Norton has TOO many FPs on these tests, but never experienced one using it.

Bitdefender could be better, has a good web filter. Kaspersky went great as usual.

What impressed me was Panda with good block, but we can't say anything with just one test.

All these which received Advanced+ deserves it, great suites.

Same experiences with Norton and F-Secure -- surprised that both test high in false positives, that doesn't match my personal experience using them.
 

PotentialUser

Level 1
May 28, 2020
35
Haha-hey! WD did extremely well this test; it's the first time I've seen it get the highest award (Advanced+). Never really thought I'd see the day. That's awesome! Good on Microsoft for continuously improving their product. I consider myself a pretty cautious user and using @Andy Ful's rules for beefing up WD's protection has kept me safe but for the general not-so-cautious user, Microsoft's improvement is definitely a good sign.
 

Ink

Administrator
Verified
Staff Member
Well-known
Jan 8, 2011
22,361
WD haters don't click on link
Actually it makes sense to use Microsoft Defender scores be a baseline for any tested security product. And "Real-Real-World" results will fluctuate on an daily basis, so anyone who distrusts Defender should not be triggered by the results. Neither should readers be disgruntled against AV-Comparatives or other professional testing labs' sites.

Most people using Microsoft Defender don't look for reasons for it to be detecting 100% of samples, or the AV that it uses 3 MB of RAM, so that the remaining 32 GB can be spared on staring at the desktop.
 

MacDefender

Level 16
Verified
Top Poster
Oct 13, 2019
779
F-Secure has Deep Guard
Not just DeepGuard, F-Secure has:

Avira+APC
F-Secure Online (in house sandbox cloud scanner)
DeepGuard (in house behavior blocker)
Lynx (in house certificate based whitelister)
Hydra (in house scripting and VBS macro virus heuristic scanner)

It’s more interesting that piling on 5 engines does just slightly better than the underlying Avira signature engine, but any improvement is good.
 

RoboMan

Level 34
Verified
Top Poster
Content Creator
Well-known
Jun 24, 2016
2,399
Not just DeepGuard, F-Secure has:

Avira+APC
F-Secure Online (in house sandbox cloud scanner)
DeepGuard (in house behavior blocker)
Lynx (in house certificate based whitelister)
Hydra (in house scripting and VBS macro virus heuristic scanner)

It’s more interesting that piling on 5 engines does just slightly better than the underlying Avira signature engine, but any improvement is good.
My godness, those modules names look so promising, +10 to marketing team
 

MacDefender

Level 16
Verified
Top Poster
Oct 13, 2019
779
My godness, those modules names look so promising, +10 to marketing team
lol yeah tell me about it. They all sound so menacing!

They used to have "Orion, Pegasus, Gemini, Draco, Libra, Blacklight" and all of those sound pretty scary too. Glad to see their performance improve recently (primarily thanks to the switch to Avira IMO), as I've always been a fan of their approach, ever since the 90's when it was F-PROT and AVP based.... but their real world performance in that 2010-2018 era did not really impress.
 

Lenny_Fox

Level 22
Verified
Top Poster
Well-known
Oct 1, 2019
1,120
Just for reference I admin about 10 family members who are concerned about security because they don't understand information technology and malware threats.

I think they qualify for average illeterate pc users and I know for sure that they don't install applications. The only softeare they might install are browser extensions and some (say 1 or 2) have once installed an app from the Windows apps store.

So I am really interested in what real world scenarios average pc users install software.

The reason I am so 100 percent sure about those average pc users not installing software is the fact that I have afded a deny execute ACL for Everyone to the downloads folder and told them when they ever ran into a problem to call me. This to prevent click happy PC users to unintentionally install software

With configure defender on high and simple windows hardening (and the deny execute ACL on downloads) no one has ever phoned me having trouble installing software simply because they don't

Is my experience with those 10 family members so extraordinary that @Andy Ful labels them as non standard/a everage PC users?
 
Last edited:

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top