Antivirus Combinatorial Performance Analysis
Reviewed • 1 review • security, anti virus • oitc.com
Introduction
Want to know how much additional protection results from checking with more than one antivirus? This website allows you to select from one to four combinations of antivirus (33 difference antivirus brands) to see how well they do in total against malware.
Above shows that the combined detection rates of AVG and Antivir is 64%. Antivir alone is 59% (not shown in image). You can add many more combinations with practically every major and minor antivirus (and some antispyware) products. The stats are constantly updated as well..
The detection rate tends to be lower than what you typically find in results on say av-comparatives.org [av-comparatives.org] where they typically score at least 90% but this is because the test samples used are new , near zero day infections rather than known malware.
More details
The data itself is based on Castlecops MIRT (Malware incident reporting and Termination) data. Human analysis is done to ensure that all samples are really malware and they are then submitted to virustotal for checking by the 30+ antivirus engines (listed in the options here).
As such the statistics are based on 100% malware and are "representative of the ability of each antivirus system's ability to deal with early (near-0 day) infection outbreaks."
In other words these malware tend to be new (either brand new malware or new variants), that is why they have being brought to the attention of MIRT. As such "the statistics available are radically different than those that assess an antivirus system's performance against a reference database or malware".(E.g. anti-comparatives.org)
In plain language it means that the size of the database is less important, but the strength of heuristics in detecting unknown variants is more important because most of the samples are totally unknown and new. This explains the good results of Antivir, Bitdefender, Panda ,esafe (all well known for heuristics) over KAV which usually triumphs in traditional on demand tests where most malware is not as new. Traditionally KAV strength is in size of database not heuristics though it is quite strong there too.
The drawback of the results shown is that because all samples are malware, the most "suspicious" antiviruses tend to score the best. However this might come at the cost of false positives which are not measured here.
Want to know how much additional protection results from checking with more than one antivirus? This website allows you to select from one to four combinations of antivirus (33 difference antivirus brands) to see how well they do in total against malware.
Above shows that the combined detection rates of AVG and Antivir is 64%. Antivir alone is 59% (not shown in image). You can add many more combinations with practically every major and minor antivirus (and some antispyware) products. The stats are constantly updated as well..
The detection rate tends to be lower than what you typically find in results on say av-comparatives.org [av-comparatives.org] where they typically score at least 90% but this is because the test samples used are new , near zero day infections rather than known malware.
More details
The data itself is based on Castlecops MIRT (Malware incident reporting and Termination) data. Human analysis is done to ensure that all samples are really malware and they are then submitted to virustotal for checking by the 30+ antivirus engines (listed in the options here).
As such the statistics are based on 100% malware and are "representative of the ability of each antivirus system's ability to deal with early (near-0 day) infection outbreaks."
In other words these malware tend to be new (either brand new malware or new variants), that is why they have being brought to the attention of MIRT. As such "the statistics available are radically different than those that assess an antivirus system's performance against a reference database or malware".(E.g. anti-comparatives.org)
In plain language it means that the size of the database is less important, but the strength of heuristics in detecting unknown variants is more important because most of the samples are totally unknown and new. This explains the good results of Antivir, Bitdefender, Panda ,esafe (all well known for heuristics) over KAV which usually triumphs in traditional on demand tests where most malware is not as new. Traditionally KAV strength is in size of database not heuristics though it is quite strong there too.
The drawback of the results shown is that because all samples are malware, the most "suspicious" antiviruses tend to score the best. However this might come at the cost of false positives which are not measured here.
