The best Home AV protection 2021-2022

Disclaimer

  1. This test shows how an antivirus behaves with certain threats, in a specific environment and under certain conditions.
    We encourage you to compare these results with others and take informed decisions on what security products to use.
    Before buying an antivirus you should consider factors such as price, ease of use, compatibility, and support. Installing a free trial version allows an antivirus to be tested in everyday use before purchase.

Andy Ful

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,593
kyros said:
Do you believe that it would be among the first if it would?
Click to expand...
Yes. It was in the previous comparison:
malwaretips.com

The best Home AV protection 2019-2020

Real-World tests include fresh web-originated samples. Malware Protection tests include older samples (several days old) usually delivered via USB drives or network drives. Real-World 2019-2020: SE Labs, AV-Comparatives, AV-Test (7659 samples in 24 tests) -------------------Missed samples...
malwaretips.com malwaretips.com
 
  • Like
  • Thanks
Reactions: Behold Eck, Nevi, [correlate] and 4 others
military

military

Level 4
Verified
Well-known
Aug 13, 2012
186
About Norton Security. It detects some good files as WS.Reputation. And for some malicious files, it shows a good file.
It's not that often. It's probably forgivable. Everyone decides for himself whether to forgive or not.

VirusTotal

VirusTotal
www.virustotal.com www.virustotal.com
Sent the file to their lab.
 

Attachments

  • 2023-01-28_192751.png
    2023-01-28_192751.png
    20.8 KB · Views: 230
  • Like
Reactions: Nevi, [correlate], vtqhtr413 and 2 others
Andy Ful

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,593
That is interesting malware. It has got a broken certificate, so it is not benign. It is not recognized as malicious by most of the top AVs, despite the fact that it is a few weeks old (created in the year 2021???). It is very probable that it is already "dead" (not harmful). It is also very probable that it could be blocked by Norton when it was not dead (too low prevalence and short time in the wild). Many malware samples are alive only for a short time, from several minutes to a few hours.

The VT info also suggests that truly malicious actions can be probably performed not by this executable but via DLL hijacking. In such a case, Norton would probably block the attack by blocking the malicious DLL.

There can be many similar cases when Norton might not detect the malware, but the user is protected anyway.
 
Last edited:
  • Like
Reactions: Nevi, [correlate], vtqhtr413 and 4 others
military

military

Level 4
Verified
Well-known
Aug 13, 2012
186
There are more detections on VT. Bitdefender and Symantec were added.
Updated from LiveUpdate. Just checked File Insight, file is safe. Performed a context scan, file is safe. Then automatic protection kicked in and deleted the file.
 

Attachments

  • 2023-01-30_142839.png
    2023-01-30_142839.png
    23.3 KB · Views: 203
Andy Ful

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,593
The file was a part of the attack (it is not a legal file), so even if it is already dead or not malicious itself (without a payload) then it should not be on the computer. The detection of Norton is not perfect. The protection is far better due to Download Insight.
Anyway, also reputation-based solutions are imperfect. I can imagine that a coin-miner malware that uses 30% of the CPU, can be installed on many computers (even intentionally) and bypass reputation-based protection. The same is true for some legal Adware.
 
Last edited:
  • Like
  • Wow
Reactions: Nevi, roger_m, simmerskool and 2 others
Andy Ful

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,593
Templarware said:
I've read in some articles that Microsoft Defender protects better if you use Edge and it's not the same with other browsers, even if you use the browser extension. Is that true?
Click to expand...
Yes, If you use Edge with SmartScreen + PUA enabled. If I correctly recall, the extension (Windows Defender Browser Protection) does not include PUA.
 
  • Like
  • Thanks
Reactions: Nevi, roger_m, simmerskool and 4 others
F

ForgottenSeer 97327

Andy Ful said:
Real-World tests include fresh web-originated samples.
Malware Protection tests include older samples (several days old) usually delivered via USB drives or network drives.

Real-World Triathlon 2021-2022: SE Labs, AV-Comparatives, AV-Test (7548 samples in 24 tests)

-------------------Missed samples
Norton 360..................12..... =
Avast...........................13..... +
Kaspersky....................18..... =
Microsoft...................*27.5.. =
McAfee ........................37.... +
Avira ............................43.... =

Comparison with the period 2019-2021:
  • no significant changes in protection ( = )
  • significant improvement in protection ( + )

Real-World Biathlon 2021-2022: SE Labs, AV-Comparatives, AV-Test (6748 samples in 16 tests)
-------------------Missed samples
Norton......................6
Bitdefender .............9
Avast........................10
Kaspersky................13
TrendMicro..............13
Microsoft...............*22.5
McAfee....................23
Malwarebytes.........26
Avira........................30


Malware Protection Biathlon 2021-2022: AV-Test, AV-Comparatives (270634 samples in 16 tests)

-------------------Missed samples
Norton 360.............1........ =
McAfee...................3....... +
Bitdefender.............5
Avast....................15........ +
Kaspersky.............28....... =
Microsoft............. 30....... =
Avira ....................45....... =
Malwarebytes.....173
TrendMicro ........623....... -

Comparison with the period 2019-2021:
  • no significant changes in detection ( = )
  • significant improvement in detection ( + )
  • significant decrease of detection ( - )

Why two years period?
The results of any single test made by SE Labs, AV-Test, or AV-Comparatives are useless for comparing AVs. In most cases, the statistical errors allow only saying that the group of 10 first AVs can be awarded. This follows from a too-small number of tested samples. I noticed that even a period of one year is not sufficient.


Some thoughts about these results:
  • The entries with the same color cannot be differentiated due to statistical errors.
  • The differences between several AVs are very small and they can hardly be noticed by the home user.
  • In some cases, the differences can disappear by tweaking the AV settings.
https://malwaretips.com/threads/the-best-home-av-protection-2019-2020.106485/post-927440
https://selabs.uk/consumer/
https://www.av-comparatives.org/news-archive/
https://www.av-test.org/en/antivirus/home-users/
Click to expand...

When you intent this post as serious, I have some serious questions (the last being the most statistically relevant one : :p )
  • What do the color codes mean?
  • What does the asterix for Microsoft mean?
  • What is the difference between real world thriatlon and biatlon in your categories?
  • When biatlon means those AV-s took only part in 2 out of 3 on what criteria did you exclude missed samples of the AV;s mentioned in Thriatlon?
  • On what basis did you decide that the sample test set of two years testing is big enough to make them relevant for the total malware population in those two years?
When this post is to illustrate that we are basically completely in the dark about how well AV's are protectng and how small (statistically) the margins are between the top-ranking AV's (making discussing what is the best or better a non issue), I applaud your humor (y);)
 
Last edited by a moderator:
  • Like
Reactions: Nevi, vtqhtr413 and Andy Ful
Andy Ful

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,593
Max90 said:
When you intent this post as serious, I have some serious questions (the last being the most statistically relevant one : :p )
  • What do the color codes mean?
Click to expand...
It is explained in the OP. The same color means that the statistical error is probably greater than the differences in missed samples. So, on the basis of the data one cannot say which AV is better.

Max90 said:
  • What does the asterix for Microsoft mean?
Click to expand...
It comes from:
https://malwaretips.com/threads/the-best-home-av-protection-2021.112213/post-973591

* AV-Comparatives rejected the partial results in the test February-May 2021 due to incorrect Defender updates. So, the result of Microsoft Defender in the first half of the year was calculated as an average of other tests.

Max90 said:
  • What is the difference between real world thriatlon and biatlon in your categories?
Click to expand...
The number of AV labs.

Max90 said:
  • When biatlon means those AV-s took only part in 2 out of 3 on what criteria did you exclude missed samples of the AV;s mentioned in Thriatlon?
Click to expand...

The missed samples are added. So, the Biathlon does not include missed samples from SE Labs tests.

Max90 said:
  • On what basis did you decide that the sample test set of two years testing is big enough to make them relevant for the total malware population in those two years?
Click to expand...

It is explained in the results for the period 2019-2020:
https://malwaretips.com/threads/the-best-home-av-protection-2019-2020.106485/post-927440

:) (y)
 
  • Like
  • Applause
Reactions: Nevi, vtqhtr413, ForgottenSeer 97327 and 1 other person
show-Zi

show-Zi

Level 36
Verified
Top Poster
Well-known
Jan 28, 2018
2,464
blackice said:
At some point why bother using a PC at all...
Click to expand...
I interpreted this as a sacrifice of safety at the cost of convenience and fun living with computers.
A parked car is safe, but once it starts moving, there is no small risk of an accident. It is similar to that.:)🚗
legendcampos said:
So is an antivirus really necessary?
Click to expand...
It is necessary, but overconfidence is prohibited. In my opinion, it is too overprotective to the extent that it interferes with the use of online software.
 
  • Like
  • Applause
Reactions: Nevi, vtqhtr413, blackice and 3 others
F

ForgottenSeer 97327

Andy Ful said:
It is explained in the results for the period 2019-2020:
https://malwaretips.com/threads/the-best-home-av-protection-2019-2020.106485/post-927440

:) (y)
Click to expand...
On what basis did you decide two years is enough? The sample test has to be relevant to the number of malwares in the wild in that specific period. Since nobody knowns how much malware lives in the wild in a given month (you can't count what you don't detect), I am still in the dark about why 2 years is sufficient, why not four years or eight?

As posted earlier: it makes me smile about the passion MT-members debate qualities and advantages of specific AV's while you are saying the differences are irrelevant due to to small test sample sizes :) (y)
 
  • Applause
  • +Reputation
Reactions: Nevi, vtqhtr413 and Jan Willy
F

ForgottenSeer 97327

military said:
About Norton Security. It detects some good files as WS.Reputation. And for some malicious files, it shows a good file.
It's not that often. It's probably forgivable. Everyone decides for himself whether to forgive or not.

VirusTotal

VirusTotal
www.virustotal.com www.virustotal.com
Sent the file to their lab.
Click to expand...
Whatsapp malicious :) ?

Well looking at what it does by monitoring what you like on your friends/contacts posts and because it are your friends/contacts and your group memberships, it exactly knows your interests and preferences. Rumours say even pictures can be hashed on topic by AI/image recognition, so I am not surprised so many qualify this executable as malicious :)
 
Andy Ful

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,593
Max90 said:
On what basis did you decide two years is enough? The sample test has to be relevant to the number of malwares in the wild in that specific period. Since nobody knowns how much malware lives in the wild in a given month (you can't count what you don't detect), I am still in the dark about why 2 years is sufficient, why not four years or eight?
Click to expand...

The results from one year can be very different in the next year. This difference is significantly smaller when comparing the two-year periods. It is possible that a three-year period could also be OK.
Here is an example from the reference link:

Real-World: SE Labs, AV-Comparatives, AV-Test
-------------------------------2019----2020------
Avast Free...............26..............11
Microsoft................12..............25

The one-year results are totally different, but the two-year results are the same.
On the other side, the AV protection is changing in time. So, it would not be reasonable to increase the period above two years.
 
  • Like
Reactions: Nevi, vtqhtr413, simmerskool and 1 other person
F

ForgottenSeer 97327

Andy Ful said:
The results from one year can be very different in the next year. This difference is significantly smaller when comparing the two-year periods. It is possible that a three-year period could also be OK.
Here is an example from the reference link:

Real-World: SE Labs, AV-Comparatives, AV-Test
-------------------------------2019----2020------
Avast Free...............26..............11
Microsoft................12..............25

The one-year results are totally different, but the two-year results are the same.
On the other side, the AV protection is changing in time. So, it would not be reasonable to increase the period above two years.
Click to expand...
Yes you explained, but you did not answer my question.

I am just pulling your leg, I agree with your observation that the missed malware difference are only relevant when the size of "real world malware" is statistically a representative set of all malware in the wild for that reported month. Using the same logic I am challenging the two year period you used ;)

Fact is you don't know the population size (of active malware in a given month) you also don't know how much variation in results the AV-labs want to report. Therefore we don't know the statistocal relevance and representation of the sample sizes used by the AV-labs (for real world scenario testing for instance). The same applies to your two year period
 
Last edited by a moderator:
  • Like
Reactions: Nevi, Andy Ful and simmerskool
Andy Ful

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,593
Max90 said:
Yes you explained, but you did not answer my question.

I am just pulling your leg, I agree with your observation that the missed malware difference are only relevant when the size of "real world malware" is statistically a representative set of all malware in the wild for that reported month. Using the same logic I am challenging the two year period you used ;)

Fact is you don't know the population size (of active malware in a given month) you also don't know how much variation in results the AV-labs want to report. Therefore we don't know the statistocal relevance and representation of the sample sizes used by the AV-labs (for real world scenario testing for instance). The same applies to your two year period
Click to expand...


Yes, that is right. But we know that if the statistical fluctuations are big, then the number of tests is insufficient.
So, I do not use here any statistical model, but try to find empirically the minimum sensible set of tests that allows keeping the statistical fluctuations relatively small.
I do not think that the methods noted in your video (based on the known statistical models) can help much because there are too many hidden factors, like:
  1. We do not know how many samples were in the wild.
  2. We do not know how many never-before-seen samples were in the wild.
  3. We do not know how many never-before-seen samples were tested.
  4. We do not know how the AV Labs manage the morphed samples.
  5. etc.
It is possible that the AV labs could be able to find the right statistical model on the basis of all the data gathered in the tests. If you want more information, you can look here:
https://malwaretips.com/threads/randomness-in-the-av-labs-testing.104104/post-905376
https://malwaretips.com/threads/randomness-in-the-av-labs-testing.104104/post-905910
https://malwaretips.com/threads/randomness-in-the-av-labs-testing.104104/post-905991
https://malwaretips.com/threads/randomness-in-the-av-labs-testing.104104/post-909548
https://malwaretips.com/threads/randomness-in-the-av-labs-testing.104104/post-909620
https://malwaretips.com/threads/randomness-in-the-av-labs-testing.104104/post-917496
 
  • Like
  • Thanks
Reactions: Nevi, mlnevese, show-Zi and 3 others

Similar threads

Gandalf_The_Grey
    • Like
    • Thanks
    • Wow
AV-Comparatives Advanced Threat Protection (ATP) Test 2024
Replies
0
Views
635
Security Statistics and Reports
Gandalf_The_Grey
Gandalf_The_Grey
Gandalf_The_Grey
    • Like
    • Hundred Points
    • Applause
AV-Comparatives Fake-Shops Detection Test November 2024
Replies
2
Views
345
Security Statistics and Reports
Vitali Ortzi
Vitali Ortzi
Gandalf_The_Grey
    • Like
    • Thanks
    • +Reputation
AV-Comparatives Consumer Malware Protection Test September 2024
Replies
2
Views
642
Security Statistics and Reports
Sorrento
Sorrento

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top