AV-Test.Org Releases Real-World Malware Protection Report

Magdeburg-based research lab AV-Test.org today released the results of a lengthy real-world malware protection study. This test challenged a dozen major security suites to protect Internet-connected physical computers against up-to-the-minute threats. Each day for 60 days, researchers released 10 fresh threats on the test systems and analyzed each product's ability to detect the threat and to fully block its installation. They also checked for false alarms--valid programs reported as malware. All of the suites did a decent job, though some were significantly better than others.The report notes that modern security suites include many layers ofprotection, including "URL filtering, web reputation services, exploitblocking, 'in-the-cloud' scanning as well as behavior-based protectionmechanisms." A test that only challenges the product's on-demandscanner is not representative of real-world performance. The currenttest simply evaluated whether the product detected each malware sample,without regard for which security component handled the detection.Afterward, the team used in-house analysis software to determine whetherthe malware attack was successfully blocked.This kind of dynamic testing is much more labor intensive than simply running a static collection of malware past an on-demand scanner. An automated static file test can process millions of samples without human intervention. By contrast, tracking the 600 malware samples and 400 clean files took all of AV-Test's resources. "Our entire lab with 14 full-time employees and up to 150 PCs and server systems were involved in (continue reading...)