Anti-Malware Scanner Comparison Test

21 Malware scanners tested against a-squared Malware samples

In order to discover the detection rate of a-squared in comparison to other products we have performed our own tests. We tested 21 security programs using our new Malware files gathered between April 1 and April 15, 2009. We deliberately omitted Malware samples from publicly accessible sources, such as virustotal.com or jotti.org, in order to gain a better impression of how well the various protection programs deal with brand new dangers in everyday use.

The candidates

In addition to the most popular Anti-Virus programs, we also decided to test a number of dedicated Anti-Spyware applications, most of which now also contain Anti-Virus modules.

• a-squared Anti-Malware 4.0.0.79
• avast! Professional Edition 4.8.1335
• AVG Anti-Virus Professional Edition 8.5.287 Build 1483
• Avira AntiVir Premium 9.0.0.420
• BitDefender AntiVirus 2009 Build 12.0.12.0
• ClamWin Free Antivirus 0.95.1
• Comodo Internet Security 3.8.65951.477
• Dr.Web 5.00.1.04130 for Windows
• eScan Antivirus Edition 10.0.946.341
• Eset Nod32 Antivirus 4.0.417
• F-Secure Anti-Virus 9.00.149
• G-Data Antivirus 2010 20.0.1.1
• Kaspersky Anti-Virus 2009 8.0.0.506
• Malwarebytes Anti-Malware 1.36
• McAfee VirusScan Plus 2009 13.3.117
• Norton AntiVirus 2009 16.5.0.134
• Sophos Anti-Virus 7.6.4
• Spy Emergency 6.0.305
• Spy Sweeper with Antivirus 6.1.0.110
• Spyware Doctor with Antivirus 6.0.1.441
• SuperAntiSpyware Professional 4.26.1000
• Vipre Antivirus + Antispyware 3.1.2710

Test methodology

To ensure a fair comparison, all test candidates were updated on April 26, 2009, between 8 PM and 9 PM GMT. At this testing time the oldest Malware samples were already 26 days old and the newest samples were 11 days old.

The test environment was a Windows XP system with Service Pack 3.

All scanners had to scan our Malware collection, consisting of a total of 39,332 dangerous files. In accordance with the current usual distribution of threats, the test set consisted mainly of Trojans/Backdoors, Worms and Bots but also included all other types of Malware such as Viruses, Spyware, Adware, Rootkits, Keyloggers, Dialers, etc. All detected files were deleted in order to find out how many samples remained undetected. Please see the list of detected malware names by a-squared and the list of MD5 hashes of all samples for more details about tested files.

Comparison test results

Interpretation

A less than surprising result was that the top performers produced results very closely matching the figures published by independent testing agencies. This once again confirms the fact that the level of quality in the Anti-Virus sector is generally very high.

Another conclusion is that the dedicated Anti-Spyware products are still far away from comprehensive recognition of all types of Malware, even when advertised as having "+Anti-Virus" features, and they cannot really provide timely protection against new dangers. The detection performance of the lower third of these candidates a few months after the testing date cannot be deduced from these results.

Note

This test was an Emsi Software internal comparison and does not represent an objective assessment of the detection performance of a-squared Anti-Malware. It stands to reason that our own in-house product will produce the best detection rate against our own Malware samples. After an in-depth analysis some files were rated as harmless in the meantime. That's why a-squared Anti-Malware did not reach 100%.