SE Labs Home Anti-Malware Protection - January - March 2019

[a1nn]

Executive Summary

• The security software products were generally effective at handling general threats from cyber criminals...

Most products were largely capable of handling public web-based threats such as those used by criminals to attack Windows PCs, tricking users into running malicious files or running scripts that download and run malicious files.

• .. and targeted attacks were prevented in many cases.

Many products were also competent at blocking more targeted, exploit-based attacks. However, while some did very well in this part of the test, others were very much weaker. Products from K7 and G-Data were notably weaker than the competition.

• False positives were not an issue for most products

Most of the products were good at correctly classifying legitimate applications and websites. The vast majority allowed all of the legitimate websites and applications. eScan’s was the least accurate in this part of the test.

• Which products were the most effective?

Products from McAfee, Symantec (Norton), ESET, F-Secure and Microsoft achieved extremely good results due to a combination of their ability to block malicious URLs, handle exploits and correctly classify legitimate applications and websites.

[Note: "The web browser used in this test was Google Chrome. When testing Microsoft products Chrome was equipped with the Windows Defender Browser Protection browser extension (Windows Defender Browser Protection)."]

Exact percentages, methodology, and much more detail in the specifics of each program was scored based on how they handed each piece of malware can be found in the full report: https://selabs.uk/download/consumers/epp/2019/jan-mar-2019-home.pdf

 

[amico81]

Gdata with their new Deep Ray just 66%? Whats going wrong? Dual-engine, strong behavior blocker and falls behind Bullguard :emoji_cold_sweat:

 

[shmu26]

McAfee and Eset do well, while Kaspersky does poorly. Bitdefender doesn't even want to participate in the test. It's the opposite of the usual results.
There is a difference in methodology:
"Each product was exposed to the same threats, which were a mixture of targeted attacks using well-established techniques and public email and web-based threats that were found to be live on the internet at the time of the test."
It's a much tougher test than the other companies do.
Windows Defender is among the better products, but not at the top.

 

[harlan4096]

Weird, Kaspersky this time not so good, it usually did great in this test

 

[Captain Awesome]

Avast's 92%
AVG's 87%
While both use same virus database..

 

[omidomi]

hmmm WD >> Kaspersky & TrendMicro
come on

Gdata with their new Deep Ray just 66%? Whats going wrong? Dual-engine, strong behavior blocker and falls behind Bullguard :emoji_cold_sweat:

and also weaker than WD

 

[harlan4096]

It seems They used 2 versions in all the products to performs the tests, K2018 in some tests:

K2018 was released in August of 2017...

 

[Deletedmessiah]

Strange seeing Kaspersky that low.

 

[omidomi]

It seems They used 2 versions in all the products to performs the tests, K2018 in some tests:

View attachment 214645

K2018 was released in August of 2017...

They test OutDated version of all softwares It just an outdated test

 

[Andy Ful]

All tests use only a very small sample of threats in the wild. Also, the attack techniques used in the test are not comprehensive (they cannot be). Bearing this in mind, anyone can toss the ranks of 10 first AVs which will be as reliable as the results which were published. Here is an example of how reliable it can be:

For this test you need three identical chairs, packaging for three anti-virus products ... and an open window on a high floor of a building. The methodology of this test is as follows:

1. Tape each of the boxes to a chair. Do so carefully, such that each is fixed in exactly the same way.
2. Throw each of the chairs out of the window, using an identical technique.
3. Examine the chairs for damage and write a comparative report, explaining the differences found.
4. Conclude that the best product was the one attached to the least damaged chair.
   
   The problem with this test is obvious: the conclusions are not based on any useful reality.
   
   If someone thinks that the above are my words, then it is not true. This is a fragment from the report we are talking about, in this thread.
   
   So, is this test useless?
   No, if you compare it with 10 previous tests and make an average.
   Negative test results (missed samples, false positives) can be also useful for AV vendors to improve their products.

 

[shmu26]

All tests use only a very small sample of threats in the wild. Also, the attack techniques used in the test are not comprehensive (they cannot be). Bearing this in mind, anyone can toss the scorings of 10 first AVs wich be as reliable as the results which were published. Here is an example of how reliable can it be:

For this test you need three identical chairs, packaging for three anti-virus products ... and an open window on a high floor of a building. The methodology of this test is as follows:

1. Tape each of the boxes to a chair. Do so carefully, such that each is fixed in exactly the same way.
2. Throw each of the chairs out of the window, using an identical technique.
3. Examine the chairs for damage and write a comparative report, explaining the differences found.
4. Conclude that the best product was the one attached to the least damaged chair.
   
   The problem with this test is obvious: the conclusions are not based on any useful reality.
5. 
   
6. 
   
7. 
   

LOL

 

[Andy Ful]

LOL

You are too fast with reading. ... or I am too slow with writing.

 

[shmu26]

You are too fast with reading. ... or I am too slow with writing.

Sorry, but I am still laughing...

 

[upnorth]

Sorry, but I am still laughing...

Same here.

 

[alakazam]

What about Nano Antivirus?

 

[uduoix]

hmmm WD >> Kaspersky & TrendMicro
come on


and also weaker than WD

You won't believe but WD is amazing AV. Better then most paid security packs

 

[Andy Ful]

You won't believe but WD is amazing AV. Better then most paid security packs

There is no real difference in real-world protection among many good AVs. WD just improved a lot to join them. Please note, that if the user does not use Edge (SmartScreen) then "Windows Defender Browser Protection" extension has to be installed (like in this test for Chrome).

 

[Mahesh Sudula]

Kaspersky low in the charts. I can bet " Yesterday i tested a latest ransom (Sordino) just after 24 hrs in WILD"
Results:
Mcafee: INET Connected. Caught (JTI/Suspect). Offline- Encrypted the system (Real protect slept)
Symantec: Sonar caught offline. ONLINE :Heur.adv.ML.B .Executed the quarantined sample ..Real time and Sonar caught as Trojan.Gen.2
Kaspersky : Caught it BB. ONLINE : UDS
GData: Deepray caught it (ONLINE). Offline: BB after 3 files were encrypted.
Quick heal: Adv BB caught it.
Eset, Avira, F Secure,K7 failed miserably

 

[Andy Ful]

Kaspersky low in the charts. I can bet " Yesterday i tested a latest ransom (Sordino) just after 24 hrs in WILD"
Results:
Mcafee: INET Connected. Caught (JTI/Suspect). Offline- Encrypted the system (Real protect slept)
Symantec: Sonar caught offline. ONLINE :Heur.adv.ML.B .Executed the quarantined sample ..Real time and Sonar caught as Trojan.Gen.2
Kaspersky : Caught it BB. ONLINE : UDS
GData: Deepray caught it (ONLINE). Offline: BB after 3 files were encrypted.
Quick heal: Adv BB caught it.
Eset, Avira, F Secure,K7 failed miserably

This is usually the case, when the ranks of most AVs in the test (also in your quick test) are close to random.
Anyway, your quick test is very different from SE Labs test. You have run the ransomware on the computer. In SE Labs test this will happen rarely, because the phishing URL will be blocked (by web filtering or blocking malicious spam attachment).

 

[Divine_Barakah]

Has Mcafee improved that much? Very interesting.