Well, Sonar blocks or consider as "malware" almost any file that is unknown or with bad reputation (not being actually malware), I can see this behavior when I run NPE in my tests... this way it is very easy to block 0 day, but also to get fps...
KSN + K with Application Control (in defaults), if unknown -> the file executes in Low Restricted, but still most of the cases the app will run...
It's impossible to compare those services, because are not the same!
Sonar with GDATA's BB and Kaspersky are the best on the market, in my opinion. About the three protections above, I get Kaspersky in first place, Kaspersky is the father of security... sonar second, , Avast is weak, I don't like the ones from this company, their focus is not always on security but on profit with data from users sold to third parties, like Chinese antivirus
Aforementioned, Norton's SONAR is very powerful, but very sensitive. With higher false positives, it offers higher protection rates. Any suspicious activity usually triggers it. As well, Norton Insight is very helpful in matters of helping you identify the origin and safety of a file.
Unlike SONAR, Kaspersky Security Network IS NOT a behaviour blocker. KSN is a cloud service which uses data and information retrieved from its users to build a complex threat database. The proper module to compare SONAR with is System Watcher. Both look after suspicious activity within files to classify them as either malicious or safe. This module is very efficient and smart, a bit more precise than Norton's, therefore with fewer false positives, which of course may lead to one or two misses. Anyways, Kaspersky's System Watcher ain't the strong point about the product, but the addition of it with KSN and Application Control.
Finally, Avast's CyberCapture is decent enough, but it's not as smart as it should be, considering their huge database. Avast's biggest strength are their signatures due to the amount of users they possess, and the amount of data they can gather. I'd say Avast's strong point is Hardened Mode and Sandbox (paid only).
they are not the same so it's hard and unfair to compare
in my opinion, it's more fair to compare:
1/ Blocking unknown programs (most powerful components):
- Norton's download insight - Very strong
- Avast hardened mode aggressive and CyberCapture - Super strong but not blocking msi and scripts
- Kaspersky' application control, set to block unknown programs (data from KSN) -> most restricted, almost non-bypassable
in overall, in terms of effectiveness and consistency, I rate Kaspersky better than the others.
I saw some PCs protected by Norton infected by simple malwares, including my PC -> I don't rate Norton
I also saw several Kaspersky PCs got infected heavily by Chinese PUPs, adwares in default settings, before the time Kaspersky enabled PUP detection
I haven't seen many PCs with Avast, but at least none of them got infected
Default protection: Kaspersky > Norton > Avast
Unleash full potential with settings and support tools: Kaspersky > Avast > Norton