Recently AV-Test.org published its "Response Time Tests", which measures (in hours) how fast AV companies protect against new malware that makes it into the In-The-Wild list. The study takes into consideration the WildLists from July, August and September 2007. The detection rates were measured using the recommended settings for the e-mail and web protection of the products (as the infiltration vector for most malware is the internet). The results are very interesting and diverse between the entire industry (I've taken out some lesser known scanners and gateway products and concentrated on the desktop protections):
Scanner TOTAL July August September ========================================================= Ikarus 3.16 2.35 5.04 2.71 Panda 6.04 0.78 12.68 6.44 Sophos 21.65 17.24 24.44 23.68 AVG 27.83 32.30 20.01 28.79 BitDefender 45.92 79.32 15.85 36.00 AntiVir 65.08 2.06 17.31 147.07 Trend Micro 82.52 120.42 111.59 33.00 Kaspersky 95.96 165.43 41.84 70.22 F-Secure 100.45 167.35 56.73 70.58 Nod32 126.20 162.22 73.87 127.54 Symantec 156.98 211.20 209.48 79.56 F-Prot 215.33 317.57 153.31 166.78 eTrust-VET 239.98 268.80 249.87 209.72 Avast! 306.18 526.62 182.44 195.44 McAfee 343.52 432.61 274.47 310.30 Microsoft 393.25 636.78 183.63 315.06 Norman 438.92 609.76 271.61 396.34 ClamAV 599.55 700.72 630.53 495.60 Dr Web 724.87 870.02 458.58 763.82 Average Response Times in hours including Proactive Detections, Copyright © 2007 AV-Test GmbH Last update: 2007-12-19 (hp/am). (b) denotes beta signature updates.
The interesting data is the "TOTAL" column, which indicates the number of hours it takes each scanner to effectively protect customers against the new malware samples that make it into the WildList. In the case of Panda it only took us 1.84 hours to protect customers using our beta signatures and 6.04 hours to protect regular customers. The average between all scanners tested was 265 hours response time.
Proactive Protection
Of course the best results are always achieved when succesfully preventing rather than reacting to a threat. This is why Panda's results in these type of tests are very good. Our generic signatures and heuristic engines are capable of proactively protecting against most threats without having to wait for a signature update (94% detection rate using the beta signatures). Looking at the results from a "proactive protection" perspective the results are as follows. These porcentages mean the number of samples detected proactively at the time the sample initially appeared (of a total of 93):
Scanner TOTAL July August September ================================================== Panda 91% 97% 78% 95% AntiVir 87% 94% 74% 89% Ikarus 87% 88% 78% 92% Sophos 86% 94% 74% 87% BitDefender 81% 75% 78% 87% AVG 71% 59% 65% 84% Kaspersky 69% 59% 61% 82% Nod32 69% 56% 74% 76% Trend Micro 68% 56% 57% 84% F-Secure 67% 53% 61% 82% Symantec 66% 53% 52% 84% McAfee 55% 47% 61% 58% Avast! 53% 31% 65% 63% eTrust-VET 52% 44% 43% 63% Dr Web 51% 41% 65% 50% F-Prot 51% 28% 57% 66% Microsoft 48% 25% 65% 58% Norman 46% 44% 61% 39% ClamAV 42% 28% 39% 55%