Anti-virus comparison test of current anti-malware products, Q1/2008
Copyright � 2008 AV-Test GmbH, Last Update: 2008-01-22
Signature Detection False Positives Proactive Detection Response Times Rootkit detection   Details for the "Signature Detection" results
(on-demand) (negative) (incl. HIPS/BB) (to new widespread malware) (active samples)   (see column B)
             
# Test cases 1024381 65000 3520 55 12   Numer of Samples 1024381  
                   
AntiVir ++ + + ++ +   AntiVir 1020627 99.6%
Avast! ++ o o + +   Avast! 1018204 99.4%
AVG ++ + o o +   AVG 1005006 98.1%
AVK 2008 ++ o + ++ -   AVK 2008 1022418 99.8%
BitDefender ++ o ++ + +   BitDefender 1003902 98.0%
ClamAV -- - - ++ --   ClamAV 791505 77.3%
Command -- + - o --   Command 729233 71.2%
Dr Web o o + o +   Dr Web 887736 86.7%
eTrust-VET -- ++ - -- +   eTrust-VET 566161 55.3%
Fortinet + -- ++ + n/a (gateway product)   Fortinet 957558 93.5%
F-Prot + + - o o   F-Prot 986961 96.3%
F-Secure + + ++ + ++   F-Secure 999806 97.6%
Ikarus + - + + o   Ikarus 1002894 97.9%
K7 Computing -- o - - --   K7 Computing 571329 55.8%
Kaspersky ++ o + ++ +   Kaspersky 1003470 98.0%
McAfee + ++ + - +   McAfee 959919 93.7%
Microsoft + ++ - -- o   Microsoft 992880 96.9%
Nod32 + + ++ + +   Nod32 953936 93.1%
Norman + + + o o   Norman 962191 93.9%
Panda + o ++ o ++   Panda 979409 95.6%
QuickHeal - o o o -   QuickHeal 862919 84.2%
Rising + o o o o   Rising 962674 94.0%
Sophos + + ++ + +   Sophos 1001655 97.8%
Symantec ++ ++ + o ++   Symantec 1006849 98.3%
Trend Micro ++ + + + ++   Trend Micro 1009662 98.6%
VBA32 o o + o o   VBA32 885313 86.4%
VirusBuster -- + - o o   VirusBuster 693944 67.7%
WebWasher ++ o ++ ++ n/a (gateway product)   WebWasher 1023742 99.9%
         
Index: ++ = very good (98%+) ++ = very good (no false positives) ++ = very good ++ = very good (less than 2 hours) ++ = very good (all rootkits detected)
+ = good (90%+) + = good (one false positive) + = good + = good (around 2 to 4 hours) + = good (all but one rootkit detected)
o = satisfactory (85%+) o = satisfactory (two false positives) o = satisfactory o = satisfactory (around 4 to 6 hours) o = satisfactory (two rootkits missed)
- = poor (80%+) - = poor (three false positives) - = poor - = poor (around 6 to 8 hours) - = poor (three rootkits missed)
-- = very poor (less than 80%) -- = very poor (more than three false positives) -- = very poor -- = very poor (more than 8 hours) -- = very poor (more than three rootkits missed)