Just recently, AV-Test, an independent German testing lab best known for evaluating the effectiveness of antivirus software released their most recent test results of commercially available antivirus software in the market. The result: 3 out of the 25 products they tested failed to get an antivirus certification (Windows 7).
The three products are: AhnLab: V3 Internet Security 8.0, PC Tools: Internet Security 2012 and Microsoft: Security Essentials 4.1.
Those who pass the test are: Avast: Free AntiVirus 7.0 / AVG: Anti-Virus Free Edition 2013 / AVG: Internet Security 2013/ Avira: Internet Security 2013 / Bitdefender: Internet Security 2013 / BullGuard: Internet Security 13.0 / Check Point: ZoneAlarm Free Antivirus + Firewall 10.2 & 11.0 / ESET: Smart Security 5.2 / F-Secure: Internet Security 2013 / Fortinet: FortiClient Lite 4.3/ G Data: InternetSecurity 2013 / GFI: VIPRE Internet Security 2013 / Kaspersky: Internet Security 2013 / Lavasoft: Ad-Aware Pro Security 10.3 & 10.4 / McAfee: Internet Security 2013 / Norman: Security Suite Pro 9.0 / Panda Security: Cloud Antivirus FREE 2.0 / 360 Antivirus 4.0 / Symantec: Norton Internet Security 2013 / Tencent: PC Manager 6.6 / Trend Micro: Titanium Maximum Security 2013 / Webroot: SecureAnywhere Complete 8.0.
The three that failed to pass the test garnered the following scores ( 6 being the highest): AhnLab: V3 Internet Security 8.0 (3.0 for protection / 2.0 for repair / 3.5 for usability), PC Tools: Internet Security 2012 (4.5 for protection / 1.0 for repair / 4.5 for usability), and Microsoft: Security Essentials 4.1 (1.5 for protection / 3.0 for repair / 5.5 for usability).
AV-Test’s review looks at three key areas of security software, including protection, reparability, and usability of the whole computer based on the security software’s impact. PROTECTION – Protection against malware infections (such as viruses, worms or Trojan horses). REPAIR – Cleaning and repair of a malware-infected computer. USABILITY – Impact of the security software on the usability of the whole computer (lower values indicate better results).
Among the three, Microsoft: Security Essentials 4.1 scored the lowest in as far as protection is concerned (1.5 out of 6.0). PC Tools: Internet Security 2012 scored the lowest in as far as repair is concerned (1.0 out of 6.0). AhnLab: V3 Internet Security 8.0 scored the lowest in terms of usability (3.5 out of 6.0).
Microsoft disputed AV-Test’s results. Joe Blackbird, program manager at Microsoft’s Malware Protection Center pointed out the following in a blog post:
1. AV-Test reports on samples hit/missed by category. Microsoft report (and prioritize their work) based on customer impact.
2. AV-Test’s test results indicate that Microsoft products detected 72 percent of all “0-day malware” using a sample size of 100 pieces of malware. Microsoft know from telemetry from hundreds of millions of systems around the world that 99.997 percent of Microsoft customers hit with any 0-day did not encounter the malware samples tested in this test.
3. AV-Test’s test results indicate that Microsoft products missed 9 percent of “recent malware” using a sample size of 216,000 pieces of malware. Microsoft know from telemetry that 94 percent of these missed malware samples were never encountered by any of our customers.
Let me just say that I have yet to hear a company agreeing to any reports that are not in favor of their products – I think Microsoft’s reaction is expected and but normal.
Independent organizations like AV-Test is serving its purpose – and that is to guide users as to the real worth, effectivity and efficiency of one product. AV-Test also serves as a check and balance to security providers to somehow comply with certain standards in as far as product quality is concern.
Security applications are unlike desktop publishing or office productivity offerings. Security application comes with a lot of responsibility. When a company decides to acquire and implement one security application, they are not just investing money in this endeavor but they are also giving their trust to the company – trust that they are buying a good product and trust that the company behind the product knows what they are doing. That the application they bought will protect their most important company asset – their DATA.
For efficient security implemention, I always say that it requires the proper hardware, software, and people. Security is a process. But if a security software fails to do its very purpose then it will be hard to achieve this process. Back to the drawing board guys, because in the area of security – there’s should really be no room for failure here.
(Article written by Jerry Liao)