Microsoft's OneCare improves antivirus test ranking
But top-dog NOD32 detects nearly five times more new threats than 14th-place OneCare
Andreas Cleminti's AV Comparatives latest test pitted the top antivirus software against the 20,000-some threats that debuted during the last three months to measure how well each could finger unknown exploits. Cleminti stopped updating each product's virus database, or "signature," Feb. 2, but continued to probe their defenses with every newly discovered virus, malicious script, worm, Trojan, or backdoor until May 2.
"Even if most antivirus products provide daily or hourly [signature] updates, without heuristic/generic methods [of detection] there is always a time frame where the user is not protected," Cleminti said in the report issued today.
Cleminti tallied the number of threats each program detected without the benefit of new signatures, as well as totaled the "false positives," the term for when antivirus software flags an innocent, legitimate file, and timed how long it took the software to scan the test PC's hard drive.
Only one program, ESET LLC's NOD32 AntiVirus was pegged by Cleminti with the highest-possible "Advanced+" label. NOD32 correctly identified 68% of 20,522 new threats that appeared in the three months. Avira GmbH's AntiVir PE Premium and Fortinet Inc.'s FortiClient actually detected more threats -- each spotted 71% -- but high numbers of false positives downgraded the final ranking of both.
Behind NOD32 were AEC Ltd.'s TrustPort AV WS, which detected 58% of the malware, and BitDefender's same-named BitDefender Professional Plus, at 48%. GriSoft Inc.'s AVG Anti-Malware posted an 8% detection rate to rank last.
Microsoft's OneCare, which placed 17th out of 17 in March when Cleminti tested signature-updated software against nearly half a million pieces of malware, fared better this time. Although it detected only 18% of the new exploits, that was good enough for 14th place.
After Cleminti released the March report that said OneCare held last place, Microsoft conceded that their antivirus software's performance was "not stellar" and promised it would make changes to boost its rankings. Today, however, when asked what the company's anti-malware team thought of its slight climb from 14th to 17th, a spokeswoman e-mailed a stock statement that representatives had used before.
"We are looking closely at the methodology and results of the test to ensure that Windows Live OneCare performs better in future tests and determine whether any learnings from these tests can be used to improve our services," the spokeswoman said.
Symantec Corp.'s Norton AntiVirus, which detected 24% of the new threats, was the only product of the 17 tested that raised no false alarms. "Norton was again [for the third time] the only antivirus product in this test which had no false positives," the report said. "This is an indication of high quality assurance tests before the release of updates in order to avoid false positives."
The praise was poorly timed, as Symantec released a signature a week ago that mistook critical Windows files for a Trojan, and after falsely quarantining the files, crippled thousands, perhaps millions, of PCs in China.
Cleminti's report is available online (click on "Comparatives" in the nav bar, then report #14).
Read more about Security in Computerworld's Security Topic Center.
- Best iPhone, iPad Business Apps for 2014
- 14 Tech Conventions You Should Attend in 2014
- 10 Desktop Apps to Power Your Windows PC
- How to Add New Job Skills Without Going Back to School
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- The 12 PCI DSS 3.0 requirements addressed by Peer 1 Hosting This handy quick reference outlines the 12 PCI DSS 3.0 requirements, who needs to be compliant and how Alert Logic solutions address the...
- Defense Throughout the Vulnerability Life Cycle This whitepaper provides insight into how to leverage threat and log management technologies to protect your IT assets throughout their vulnerability life cycle.
- Alert Logic for PCI DSS Compliance To achieve PCI DSS compliance, you must identify and remediate all critical vulnerabilities detected during PCI scans. Threat Manager streamlines this process by...
- Cybersecurity Imperatives Reinvent Your Network Security With Palo Alto Networks The Rise of CyberSecurity
- Live Webcast On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy...
- Live Webcast Endpoint Backup & Restore: Protect Everyone, Everywhere Arek Sokol from the bleeding-edge IT team at Genentech/Roche explains how he leverages cross-platform enterprise endpoint backup in the public cloud as part...
- Streamline Software Asset Management, Compose a software Management Symphony Keeping track of your organization's software is easy with effective software management solutions from CDW. View the videos in our software solutions channel
- Druva inSync: Endpoint Data Protection & Governance CLICK HERE to watch this video about protecting corporate data on laptops and mobile devices, sponsored by Druva. All Security White Papers | Webcasts