Home

 

Compare Technology

Compare Products

 

 
 

Compare Proactive Detection

 

Which security product stops the most zero-day threats?

When new viruses, worms and other malicious attacks strike, traditional signature-based technology is insufficient. Every minute you wait for an update is another minute that your comptuer and network are vulnerable to damage, infection, or identity theft. ThreatSense Heuristics closes the window of vulnerability by safely identifying and stopping malware as it runs on your computer.

NOD32 has consistently been rated as the best protection against zero-day outbreaks and attacks by the world's leading antivirus testing organizations.

AV-Comparatives
The independent testing institution AV-Comparatives.org is an antivirus research project coordinated by Andreas Clementi with the support of the Innsbrucker Kompetenzzentrum / Computernotdienst. The AV-Comparatives.org “Retrospective/Proactive Test” compared 11 different antivirus products’ abilities to proactively identify the increasing complexity and zero-day nature of today’s threats. The stringent testing used recent In-the-Wild samples and a variety of other malware, Trojans, viruses and worms affecting Windows and other operating systems. To effectively test the products for proactive detection, the organization used new malware samples, and tested them against the products without updating the antivirus signature.

Eset

The November study revealed that of the eight new viruses that have been released In-the-Wild in the preceding three months, customers of Symantec, Trend Micro and Kaspersky had proactive detection for none of these threats, leaving them at risk until the vendors could provide a signature update. McAfee customers were only protected from a single virus without updating. ESET’s NOD32 customers were protected four times more often against new viruses, and 95% more often across all new samples used in the test, including In-the-Wild threats, backdoors, Trojans and other malware. This is the second study conducted by AVComparatives.org on this topic in 2005. Over the course of both studies,

NOD32 proactively detected 50 out of 59 In-the-Wild samples used, or 85%. More details can be found at http://www.av-comparatives.org/ The graph shows the accuracy of heuristic-based detection and the performance of several antivirus vendors' products. The data is derived by determining whether or not a given antivirus product detects a new virus without requiring a signature update. If it does, then heuristic detection has succeeded (note: in some cases, well-written signatures can detect future variants).


 

VirusTotal.com
This independent consulting firm based in Spain performs real-time analysis of malware outbreak detection across a wide range of antivirus vendors. And as you can see from the graph below, NOD32 has by far the highest detection rate, and the fastest performance (tested separately by Virus Bulletin). In fact, NOD32 is on average, 2-10 times faster than the competition.
 


Eset
 

See the table below for complete accounting of how antivirus vendors products detected major worm outbreaks.

Worm Outbreaks ESET NOD32 Kaspersky McAfee Norman Panda Symantec Trend Micro
Proactive Detection Rate (%)
87%
13%
33%
60%
53%
7%
0%
Number Detected out of 15
13
2
5
9
8
1
0
Win32/Bagle.AH (2004-07-19)
X
 
 
X
 
 
 
Win32/Bagle.AI (2004-08-09)
X
NA
X
X
X
NA
 
Win32/MyDoom.T (2004-08-16)
X
 
X
X
 
 
 
Win32/Bagle.AJ (2004-09-01)
 
 
X
X
X
X
 
Win32/Netsky.B1 (2004-10-13)
X
X
 
X
 
 
 
Win32/Bagle.AS (2004-10-29)
X
 
 
 
 
 
 
Win32/Bagle.AU (2004-10-29)
X
 
 
 
 
 
 
Win32/Sober.I (2004-11-19)
 
 
 
 
 
 
 
Win32/Pawur.A (2004-11-22)
X
 
 
 
 
 
 
Win32/Zafi.D (2004-12-14)
X
 
X
 
X1
NA
 
Win32/Bagle.AW (2005-01-27)
X
 
 
X
X1
 
 
Win32/Bagle.AX (2005-01-27)
X
 
 
X
X1
 
 
Win32/MyDoom.R.MEW (2005-02-16)
X
X
 
X
X1
 
 
Win32/Sober.O (2005-05-02)
X
 
X
X
X1
NA
 
Win32/Zotob (2005-8-29)
X
 
 
 
X
 
 


Source: www.VirusTotal.com, aggregated statistics through August 29, 2005. Performance data based on Virus Bulletin testing of the Windows 2003 Advanced Server (Virus Bulletin, October 2005).

X Detected by Heuristics (Global Threat)
X1 Stopped by Behavior Blocker (cannot be used on email servers)
NA Product didn't participate on the report
(*) Panda TruPrevent is included on the reports since December 2004