Antivirus Detection Rate results updated – October 5, 2014

05. October 2014 Security 2

With quite a few AV products improving their detection rates steadily and (mostly) consistently, it’s time to raise the bar a little. Previously, the results PDF showed 4 categories:
Category 1 – The best AV products with a detection rate of 90% or higher.
Category 2 – AV Products with a detection rate of 60-90%.
Category 3 – AV Products with a detection rate of 60% or lower.
Category 4 – AV Products that were excluded from testing.

These categories have been changed and are now:
Class A The best AV products with a detection rate of 95% or higher.
Class B AV Products with a detection rate of 95-85%.
Class C AV Products with a detection rate of 85-75% or lower.
Class D AV Products with a detection rate of 75% or lower.
Class F AV Products that were excluded from testing.

This seems like a very high bar but then again, why not expect the best of the products that claim they protect us? I will also attempt to release updates on a set schedule.
Class A Updated every month or as new samples become available.
Class B– Updated every two months.
Class C Updated every three months.
Class D Updated every six months.
Class F Updated every year or not at all.

In some cases excluded products are simply too old and will no longer run. Other cases include the manufacturer not being willing to provide a test license or having asked to be excluded. For the ones that remain, if possible, updates will occur once a year. Spreading out the AV over these classes with different update intervals also makes updating the test much easier for me to do.

All available software updates were installed on the VM’s, including the Bash update.
Flash player, java and all browsers were updated.

A new AV was added called Norman. At first I was a little disappointed this was just another Bitdefender clone but I tested it anyway to see if they used the same database as well.
Norman seems to use the same database but it leaves a lot more files to be cleaned by the user. It failed to delete or even quarantine them. Overall the detection rate is better than the free Bitdefender you can get from the App Store and the same as the $30 Bitdefender Plus from the App Store.
With Norman running fine in the virtual environment and the results being roughly the same, I moved the App Store version of Bitdefender to the excluded list. Norman will represent all three products, users can expect the same results. The version of BitDefender you can purchase from their website will remain active in the test for now. If I find it has the same or similar results as it’s App Store versions or Norman I will remove it.

Some more trace files were added to the list and though I have a few samples of the recently reported XSLCmd backdoor (OSX.XSLCmd), I have not found any yet that properly infect the VM. Because of this the samples were not included in this test. More MD5 hashes were added too where possible. The latest iWorm backdoor reported by Dr.Web (same name as the 2009 iWorm but not related) has also been added to the test in samples and trace files, including the compromised installer reported on by Thomas Reed. Apple rolled out an XProtect update last night that appears to block two of the variants but on my infected system none of the samples or trace files were blocked yet.

I was informed of a new AV in the Mac App Store “Sentinel Pro – Premium Virus Scanner”. I reached out to them several weeks ago to see if I could get a redeem code and include them in the test. I never heard back and probably never will. This product has no reputation, no product website, no support yet they still want $10 for the product. Seems a bit shady but I may be wrong. If any of you have experience with this product/company feel free to leave a comment.

Intego’s VirusBarrier 2013 was retired from testing. In the last test I was unable to update the product to the latest version (10.7.8) without being forced to upgrade to 10.8. Malware definitions also did not offer updates past 06/06/2013. Using an old saved snapshot from the last test with outdated software and missing the latest infection files would not have had a reliable result. Intego VirusBarrier X8 now remains the only Intego product active in the test.

I never heard back from Kromtech (MacKeeper) about whether they wanted to stay in the test and provide a test license or be excluded. As I do not have a license to test with and they have not responded in 3 months, MacKeeper will be excluded from further testing. I have always found MacKeeper to be shady at best and have never recommended anyone to use the software. However their product included an antivirus so I gave them a fair shot like all other AV products.

MacScan has been excluded from future testing as well. The product has never been able to keep up with most of the antivirus products available. It’s focus is on spyware and spyware, compared to adware and other malware, makes up a very small fraction of samples out there. Antivirus solutions that are free or cheaper will offer much better protection in all kinds of malware. Give MacScan a try if you want but seriously consider spending your money elsewhere.

Norton has made quite an impressive comeback from 67.9% to 88.3%. Most of the improvement comes from the 2004-2013 sample detection so we’ll have to see if they finally woke up and stick with it or of this was a one time thing. Don’t go spending your money just yet, give it some time to see if they stay consistent. Real-Time results will be added in the next test.

As always, the latest results PDF can be downloaded here.

2 thoughts on “Antivirus Detection Rate results updated – October 5, 2014”

Leave a Reply

Your email address will not be published. Required fields are marked *


This site uses Akismet to reduce spam. Learn how your comment data is processed.