|
Compare Proactive Detection
Which security product stops
the most zero-day threats?
When new viruses, worms and
other malicious attacks strike, traditional
signature-based technology is insufficient. Every
minute you wait for an update is another minute that
your comptuer and network are vulnerable to damage,
infection, or identity theft. ThreatSense Heuristics
closes the window of vulnerability by safely
identifying and stopping malware as it runs on your
computer.
NOD32 has consistently been rated as the best
protection against zero-day outbreaks and attacks by
the world's leading antivirus testing organizations.
AV-Comparatives
The independent testing institution AV-Comparatives.org
is an antivirus research project coordinated by
Andreas Clementi with the support of the Innsbrucker
Kompetenzzentrum / Computernotdienst. The AV-Comparatives.org
“Retrospective/Proactive Test” compared 11 different
antivirus products’ abilities to proactively
identify the increasing complexity and zero-day
nature of today’s threats. The stringent testing
used recent In-the-Wild samples and a variety of
other malware, Trojans, viruses and worms affecting
Windows and other operating systems. To effectively
test the products for proactive detection, the
organization used new malware samples, and tested
them against the products without updating the
antivirus signature.
The November study revealed
that of the eight new viruses that have been
released In-the-Wild in the preceding three months,
customers of Symantec, Trend Micro and Kaspersky had
proactive detection for none of these threats,
leaving them at risk until the vendors could provide
a signature update. McAfee customers were only
protected from a single virus without updating.
ESET’s NOD32 customers were protected four times
more often against new viruses, and 95% more often
across all new samples used in the test, including
In-the-Wild threats, backdoors, Trojans and other
malware. This is the second study conducted by
AVComparatives.org on this topic in 2005. Over the
course of both studies,
NOD32 proactively detected
50 out of 59 In-the-Wild samples used, or 85%. More
details can be found at http://www.av-comparatives.org/
The graph shows the accuracy of heuristic-based
detection and the performance of several antivirus
vendors' products. The data is derived by
determining whether or not a given antivirus product
detects a new virus without requiring a signature
update. If it does, then heuristic detection has
succeeded (note: in some cases, well-written
signatures can detect future variants).
VirusTotal.com
This independent consulting firm
based in Spain performs real-time analysis of
malware outbreak detection across a wide range of
antivirus vendors. And as you can see from the graph
below, NOD32 has by far the highest detection rate,
and the fastest performance (tested separately by
Virus Bulletin). In fact, NOD32 is on average, 2-10
times faster than the competition.
See the table
below for complete accounting of how antivirus
vendors products detected major worm outbreaks.
| Worm
Outbreaks |
ESET NOD32 |
Kaspersky |
McAfee |
Norman |
Panda |
Symantec |
Trend Micro |
| Proactive Detection
Rate (%) |
87%
|
13%
|
33%
|
60%
|
53%
|
7%
|
0%
|
| Number Detected out of
15 |
13
|
2
|
5
|
9
|
8
|
1
|
0
|
| Win32/Bagle.AH
(2004-07-19) |
X
|
|
|
X
|
|
|
|
| Win32/Bagle.AI
(2004-08-09) |
X
|
NA
|
X
|
X
|
X
|
NA
|
|
| Win32/MyDoom.T
(2004-08-16) |
X
|
|
X
|
X
|
|
|
|
| Win32/Bagle.AJ
(2004-09-01) |
|
|
X
|
X
|
X
|
X
|
|
| Win32/Netsky.B1
(2004-10-13) |
X
|
X
|
|
X
|
|
|
|
| Win32/Bagle.AS
(2004-10-29) |
X
|
|
|
|
|
|
|
| Win32/Bagle.AU
(2004-10-29) |
X
|
|
|
|
|
|
|
| Win32/Sober.I
(2004-11-19) |
|
|
|
|
|
|
|
| Win32/Pawur.A
(2004-11-22) |
X
|
|
|
|
|
|
|
| Win32/Zafi.D
(2004-12-14) |
X
|
|
X
|
|
X1
|
NA
|
|
| Win32/Bagle.AW
(2005-01-27) |
X
|
|
|
X
|
X1
|
|
|
| Win32/Bagle.AX
(2005-01-27) |
X
|
|
|
X
|
X1
|
|
|
| Win32/MyDoom.R.MEW
(2005-02-16) |
X
|
X
|
|
X
|
X1
|
|
|
| Win32/Sober.O
(2005-05-02) |
X
|
|
X
|
X
|
X1
|
NA
|
|
| Win32/Zotob (2005-8-29) |
X
|
|
|
|
X
|
|
|
Source: www.VirusTotal.com, aggregated statistics
through August 29, 2005. Performance data based on
Virus Bulletin testing of the Windows 2003 Advanced
Server (Virus Bulletin, October 2005).
X Detected by Heuristics (Global Threat)
X1 Stopped by Behavior Blocker (cannot be used on
email servers)
NA Product didn't participate on the report
(*) Panda TruPrevent is included on the reports
since December 2004 |
