Hands-On Malware Blocking
Those independent labs can devote far more resources to testing than I can, but I still like to do some hands-on testing, exposing each antivirus product to a collection of various malware samples. Kaspersky and Bitdefender are the first products I've tested since converting all of my virtual machines to Windows 8.1 and swapping in a new collection of samples.
As soon as I opened the folder containing my samples, Kaspersky got to work, quickly wiping out 69 percent of them. I proceeded to launch those that survived this massacre, noting just how Kaspersky handled them. In all, it detected 83 percent of the samples. Its overall score of 7.9 points reflects the fact that a few of the samples managed to place executable files on the test system despite being detected by the antivirus.
Kaspersky Anti-Virus (2015) Malware Blocking Chart
Bitdefender did a little better than Kaspersky, with 86 percent detection and an overall score of 8.4. You can see that some products tested with my previous collection managed higher scores. However, there's a possibility that those tested most recently gained an advantage due to the increasing age of the older samples. And when the independent labs put a product at the top, I give less weight to my own hands-on tests.
Malicious URL Blocking
As noted, my fixed set of samples may become easier to detect over time. Not so the feed of malicious URLs kindly supplied by MRG-Effitas. These URLs are extremely new, rarely more than four hours old.
Running this test is simple, if time-consuming. I simply try to launch each URL and record how the antivirus reacts. If it blocks all access to the URL, that's great. If the malicious executable managed to download but was then wiped out by antivirus, that's fine too. Sometimes, though, the download finishes with no response from the antivirus. I keep trying until I have data for about 100 working URLs. It almost goes without saying that I turn off the browser's own protection against malicious URLs.
Kaspersky managed to block access to 10 percent of the URLs, but it didn't eliminate any downloaded files. That's quite a bit below the current average of 33 percent blocking. At 18 percent, Bitdefender also came in low. Of the two dozen products I've put through this test, the surprise winner is avast! Free Antivirus 2014, with 79 percent blocked.
It's true that this test only exercises the antivirus's ability to detect malicious URLs and detect malware by signature. Many of the independent lab tests exercise all of the product's features.
Impressive Phishing Detection
Matching a URL against a list of known malware-hosting sites is simple. Detecting fraudulent (phishing) websites is another story. Phishing sites generally remain active for just a few days, or even just a few hours; by the time they get on a list, they may be gone. An effective antiphishing filter needs to check website content, looking for signs that the site is a fraud.
My antiphishing test is simple enough. I gather a collection of very fresh suspected phishing URLs from sites that track such things. I attempt to launch each URL in several different browsers, including one protected by the product in question and one protected by Norton, a consistent antiphishing success story. If any of the browsers can't connect, I discard that URL. And if there's no blatant attempt to steal user credentials, once again I discard it.
Starting with Bitdefender and Kaspersky, I've expanded this test to include the built-in phishing protection of Internet Explorer, Firefox, and Chrome. As time goes on, the chart of results will include more browser-specific information.
Kaspersky Anti-Virus (2015) Antiphishing Chart
Among recent programs, 90 percent lagged behind Norton in their phishing detection rate, some of them abysmally. Kaspersky is one of the rare programs with a detection rate better than Norton's, by a single percentage point. It beat Chrome by 3 points, Firefox by 9 points, and Internet Explorer by 26 points. That's an impressive showing!
Webroot SecureAnywhere Antivirus (2014) managed a detection rate 2 percentage points better than Norton's, and Bitdefender tops the list, ahead by 5 points. It's true that the actual phishing URLs are different every time, but they're always the very newest.