Which Antivirus Is Best? Tough Test Separates Winners and Losers
These days you don't have to download a Trojan to get infested by malware. Drive-by downloads and other sneaky techniques can infest your computer just because you surfed to a malicious or hacked site. To evade detection, the bad guys often configure their nasty code so it doesn't attack every visitor. It might attack one visitor in ten, or only trigger once for a given block of IP addresses. Researchers atDennis Technology Labs take these tactics into account when testing antivirus software with a test system that ensures each product gets hit by precisely the same attack. It's meant to be as close as you can come to a real user's experience.
Every day for two months, the researchers select newly-discovered malicious sites and use a capture/replay system to present each of ten antivirus products with the exact same scenario. The number of products is low because this test is seriously labor-intensive. After two months of testing, they collect and analyze the results to produce a quarterly report.
Nine products remain the same from quarter to quarter (though Webroot replacesBitdefender starting this quarter). The tenth slot goes to a rotating guest product. For the first quarter of 2015, Panda Free Antivirus was the guest.
Scoring Protection
The best antivirus protection stops the attack before it ever reaches your computer—this kind of complete defense earns three points. If the malware launches but then gets detected and cleaned up, that's still worth a point. And if the cleanup is complete, with no dangerous traces left, that's worth another point. A product that fails to detect the malware, or lets it damage the test system, loses five points. With 100 samples, the possible scores range from 300 to minus 500.
The best antivirus protection stops the attack before it ever reaches your computer—this kind of complete defense earns three points. If the malware launches but then gets detected and cleaned up, that's still worth a point. And if the cleanup is complete, with no dangerous traces left, that's worth another point. A product that fails to detect the malware, or lets it damage the test system, loses five points. With 100 samples, the possible scores range from 300 to minus 500.
Final certification ratings incorporate both the detection test and a separate very detailed test that examines how successfully the antivirus products refrain from blocking or warning about valid programs. The false positives test takes into account each sample's prevalence and also distinguishes degrees of bad behavior. Wiping out a valid program and reporting it as malware is worse than asking the user whether to block or allow it, for example. For full details, see the Dennis Technology Labs website.
0 comments:
Post a Comment