Antivirus detection rate list updated, some changes in rank

04. September 2013 Security 16

Rates
A shuffle in rankings for the AV applications that tested with an 80% or better detection rate. I won’t list them all, just check out the PDF but the biggest changes are Panda Antivirus dropping 6 places, Intego VirusBarrier 2013 climbing to 3rd place with Avira climbing to 4th place. MacKeeper and iAntivirus are no longer with us as they dropped below the 80% detection rate threshold. Dr.Web refuses to let me register a new trial license even when installed in a clean VM using completely different credentials so until a solution has been found it’s results have not been updated either. Also, Intego VirusBarrier X6 has been excluded from future testing as it simply performs worse every time samples are added. Updating virus definitions means you have to upgrade to VirusBarrier 2013.

I gave ClamXav another run against all the samples and it unfortunately lost almost 5% of it’s detection capabilities as it didn’t recognize most of the new samples. Old samples that were not found before were re-scanned and they went undetected still meaning little to no work has been done on it’s definitions database.

Of course all samples (old and new) were clicked, double-clicked and right-click-opened to see if OS X’s own XProtect had improved but as expected it will not protect you like an antivirus application will. One RSPlug sample, a new FkCodec sample, a new Okaz sample and a new Yontoo sample were blocked since the last test but that’s all.

Sophos or Avast are still the best when it comes to detecting malicious files from the sample pool but when it comes to finding malicious files hidden throughout the system Intego’s VirusBarrier 2013 outperforms them both.I’ll be working to fill most of the gaps over the next few days to make the chart more complete and the review for the new Sophos V9 is alsmost done as well.

UPDATE: F-Secure results have been updated too, the PDF reflects the latest changes.


16 thoughts on “Antivirus detection rate list updated, some changes in rank”

  • 1
    Aliki on September 7, 2013 Reply

    Why do you think they are not keeping up with the latest viruses?

    • 2
      Jay on September 7, 2013 Reply

      Not sure really. I believe McAfee once said their clients are mostly corporate so they have to be a lot more careful with false positives. If their antivirus detects something as malicious and it isn’t, the implications are much more serious as there will be a lot of corporate users freaking out. While I understand that reasoning I do not find it an excuse for performing so poorly. If this really is their reasoning then they are being way to cautious as stuff that is obviously malware is not detected by them.

      I was also in contact with someone from ClamXav and was told that their detection rate is “only ever going to be as good as the samples that get submitted to the ClamAV team”. This is surprising as you can not rely on submitted samples, as an AV you have to get out there and find whatever samples you can to make sure the end users are as protected as possible, not wait for samples to appear in your inbox. I understand ClamXav is a handful of people doing this as a hobby and doing this takes up a lot of time and while I can respect what they do, it is simply not enough. To always be a few steps behind the latest malware due to lack of time or manpower while stating the product can keep you virus free will give it’s users a false sense of protection.

      I personally believe that other companies are simply in it for the money only. They make sure their product is able to catch the most popular malware and use that to advertise their product. Not so popular malware will not be detected and hardly any work is done until the next malware threat hits the media that they can use to advertise. I’ve seen this a lot in cases where MacDefender and Flashback were detected but not much else was.

      In the end it’s tests like the one I do that really show the user what’s worth investing time and possibly money in. There are other tests out there but they are not all as extensive. Thomas Reed has a good comparison on his website but AV Comparatives recently did a test which I had high expectations of but it turned out to be really disappointing. Don’t just trust one test but always compare 🙂

      • 3
        Aliki on September 8, 2013 Reply

        Thanks for your reply.

      • 4
        TED on October 3, 2013 Reply

        From what I know about the Clam AV team,( Nothing to do with the program ClamXav) they don’t really care about Mac malware. Mark, the the developer of ClamXav was giving definitions to the Clam AV team himself. I think he and a couple other guys completely outside the Clam AV team are the only ones who write the Mac definitions. Otherwise nothing gets done with Mac malware definitions.

        • 5
          Jay on October 5, 2013 Reply

          Hi TED, thanks for your feedback. That’s what I understood as well. They try their best but there is too much work and not enough people to do it.

  • 6
    TED on October 3, 2013 Reply

    Jay, excellent work!! Just wondering how much time did you spend on this test?
    Many many thanks for a nice laid out HUGE pdf. Well done!!

    Is there a way you could run a short test on Fortenet Client for Mac? NO ONE was a good test on it.

    http://www.fortinet.com/resource_center/product_downloads.html

    Any ideas on why Intego X6 is not catching new malware. I called Intego and they said they send the same definitions to all their programs. Is this still the case on VirusBarrier X6 version 10.6.20?

    Again, great work, many thanks!!!

    • 7
      Jay on October 5, 2013 Reply

      I’ll check out Fortinet, thanks for the pointing it out I had not considered them before. I have listed X6 as excluded from future testing, while the product still runs on the latest OS and can be purchased via third parties the definitions refuse to update. In my testing I was prompted to upgrade to a newer product instead. With the definitions so far out of date and not being able to update them I’d recommend any X6 user to upgrade to the latest product version.

      • 8
        TED on October 5, 2013 Reply

        Now that you bring it up about the X6 prompting to upgrade, Intego had a lot of fervent X6 users who refused to upgrade. Me being one of them. I had a couple back and forth emails with Intego’s CEO about how they dumbed down 2013 and they threw the power users under the bus who want all the goodies X6 has to offer. It looks if you uninstall and reinstall you then get a prompt to ask if you don’t want to see the 2013 nag screen. I think then the new definitions are able to load by the X6 program. Did you ever get the screen prompt that asked to not show the 2013 nag screen? That may be the key. Or do you still think it is time to reload 2013 to get those missing definitions??

        I have been told that there is “something” in the works to to satisfy the power users, they are keeping it tight lipped. Intego 2013 just doesn’t cut it for anyone who is a power user and had X6 installed before. X6 logging capabilities are what ANY AV should strive for. You just can’t get anything like it anywhere. And they killed it for 2013. What a shame.

        When 2013 came out and I saw how dumbed down it was I about fainted. I was expecting X7 to be this awesome advanced God like program that it COULD of been.

  • 9
    TED on October 5, 2013 Reply

    Jay,

    Is there a way you could put the AV’s name at the “bottom” of the excel file. The pdf IS SO BIG when you are at the bottom of the pdf you have to scroll to the top to see which AV name you are looking at. To bad there is not a way to add an abbreviation inside the colored box so you know what AV you are looking at.

    • 10
      Jay on October 5, 2013 Reply

      Good idea, will do 🙂

  • 11
    TED on October 5, 2013 Reply

    Jay,

    If you use a different router you will get a different IP address. As an example: Comcast uses the MAC address or your router to give you a IP address. If you use a different router or change your routers MAC address you will most likely get Dr Web to work. They are looking at your IP address I think.

    • 12
      Jay on October 5, 2013 Reply

      I had figured as much as that was the only thing that I could not change. Since then they were kind enough to provide me with a license key so I can resume the testing of their product 🙂 Their detection results will be up to date in the next PDF, this may not be until after OS X 10.9 has been released.

  • 13
    blasev on October 7, 2013 Reply

    could you please test forticlient if you have time?

    thanks in advance

    • 14
      blasev on October 9, 2013 Reply

      thanks for testing forticlient, the number is looking bad for them 🙂

      and also I admire your dedication to update the test frequently.

Leave a Reply

Your email address will not be published. Required fields are marked *

*

This site uses Akismet to reduce spam. Learn how your comment data is processed.