The Comparison itself might be wrong :
Let me say how this works :
SW works for certain actions to get triggered
Modification of start up, Encrypt few files, then rolls back all the malicious actions to a previous state (With a Restart)
SW intelligence lies in Rollback System
DG: DG intercepts and reacts faster in most cases. It just BLOCKS the actions. All the remnants will remain on the system.
SONAR : Above SW in capability. Catches some highly sophiscated malware than other Behavior blockers. But in some rare cases Analysis takes a bit more time, before a verdict is reached. Works with Heuristics( R.T) protection. Removal depends upon the threshold level of malicious Behavior.
From the above, it is clear phenomena of work differs. Some react late but later result is Clean, some react faster but System remains Not clean.
Moreover all BB require constant updates to trace the behaviors with time. If a BB fails against a simple malware, but catches a Highly sophiscated one,, then -------.
Constant development, User threat statiatics is vital for any BB ( Vendor) for effective working.
I say "NO VOTE" because no one situation can trigger the effectiveness of any BB, but as per tests I pick SONAR, SW. (Only based on tests)*