In order to provide feedback, MRG submitted a small, random sample of the malware used in the previous test to some vendors, therefore, we have not conducted further testing using this sample, but instead, used a fresh batch of 500 files.

The methodology used is the same as that employed in the last test, with the addition that traditional anti-malware applications were tested in VMs with a live internet connection at the same time as the cloud applications.

The products tested were:

• A-Squared
• AntiVir
• Bluepoint Security
• Hitman Pro
• Immunet Protect
• Microsoft Security Essentials
• NOD32
• Panda Cloud
• Prevx

The test was conducted on 05/11/09 and made use of the most current versions of the applications at that time. The malware used was 500 random samples which were new and received within12 hours of the test being conducted.

The testing was conducted using fully updated XP Pro SP3 VMs, with live internet connections.

The percentage of malware detected by each application was as follows:

1) Bluepoint Security = 61.6%
2) Hitman Pro = 57.0%
3) A-Squared = 52.2%
4) AntiVir = 51.6%
5) Microsoft Security Essentials 45.4%
6) NOD32 = 33.8%
7) Prevx = 21.0%
8) Panda Cloud = 13.0%*
9) Immunet Protect = 5.2%*

Please note, applications with * are beta products and this should be taken in to consideration when comparing results.

As mentioned in the previous test, it is important to remember that the samples used were very new and it is to be expected that the majority would be missed in an on demand scan as there can be no behavioural analysis etc, which would allow the applications to improve detection.

Some applications fare far better in detecting active samples and it is for this reason that we have decided to include a live component, alongside the on demand test, in our upcoming daily testing project.

We will run a follow up test on the above cohort using the same samples shortly to assess any improvement in detection.

Regards,

Chris

This data charted over time would be interesting, such as a 30 day or 7 day chart

1)

I agree .... (want to see .... 1 hour, 24 hours, 7 days, 30 days) .... good idea!


2)
In addition - I dont know if I understand clearly to philosophy of cloud antimalware software. This 21% percent detection (for examle PrevX) in Early Life Samples means, that every older samples (than 12 hours) should be successfully detected ???, And only super-new samples are sometimes not ???? ....