2007-11-24

How effective is AV?

To see how effective AV engines are at detecting threats some malware samples were sent to Virustotal for analysis.

Samples used were binaries which would end up on victim's computer by exploiting vulnerabilities in web browsers or addons/controls associated with browsers.

Upto %65 of the submitted executables were obtained from fall of last year to spring of this year and checked by AV this month. Others are mainly from this summer.

%Found #Total #Missed AV
------------------------------------------------------
29.00 369 264 FileAdvisor
33.00 369 249 eTrust-Vet
45.00 369 203 ClamAV
45.00 369 204 TheHacker
45.00 369 206 AhnLab-V3
46.00 369 201 Ewido
46.00 369 202 VirusBuster
48.00 369 195 Norman
49.00 369 190 McAfee
51.00 369 182 Authentium
58.00 348 147 Prevx1
58.00 369 156 Sunbelt
60.00 350 141 Rising
60.00 369 148 F-Prot
61.00 369 146 Microsoft
62.00 364 139 Symantec
62.00 369 143 Fortinet
67.00 368 124 Avast
68.00 369 119 eSafe
68.00 369 120 VBA32
69.00 369 115 Panda
69.00 369 117 Sophos
70.00 369 112 Kaspersky
71.00 361 107 DrWeb
71.00 364 107 F-Secure
71.00 368 107 NOD32v2
72.00 369 105 AVG
72.00 369 107 CAT-QuickHeal
74.00 369 96 Ikarus
74.00 369 99 BitDefender
79.00 378 81 AntiVir
84.00 354 59 Webwasher-Gateway