Measured Antivirus Effectiveness

I wanted to share with you some insight from the data that originated from our customers’ networks last week. This time, we wanted to provide some information on how different antivirus vendors perform on the .exe, .dll, .pdf, and .zip files seen around the world.

This table shows the relative hit ratio of all the antivirus vendors hosted by Virus Total on 697 confirmed bad files. You will notice that 43% of the time none of the antivirus products detected anything. The top performer is McAfee-GW-Edition with a 37% detection rate.

Looking at the types of samples detected, one can also consider which Antivirus Vendors were able catch the worst malicious code. We assigned an Average Priority of 1 to spyware or unwanted software and an Average Priority of 100 to known Trojans or unclassified malware.  Then, we multiplyed the Average Priority by the Detection Rate, giving rise to the Severity column. This column shows which Antivirus Vendors found the most dangerous code. This week Arcabit wins with a Detection Rate of 29%, an Average Priority of 30.17, and a Severity of 8.96.

Antivirus VendorTrue PositivesAverage Priority Detection RateSeverity
None3000.430416 (mss)
Arcabit20730.170.2969878.96
F-Secure19228.840.2754667.95
ESET-NOD3220524.180.2941187.11
AVG12937.070.1850796.86
Avast20023.770.2869446.82
Qihoo-36020722.520.2969876.69
GData22320.090.3199436.43
McAfee-GW-Edition26416.750.3787666.34
CAT-QuickHeal16227.280.2324256.34
VIPRE17223.450.2467725.79
Cyren20119.720.2883795.69
Panda8546.420.1219515.66
F-Prot16024.510.2295555.63
ClamAV6263.270.0889535.63
Fortinet10529.290.1506464.41
McAfee11725.540.1678624.29
Avira21012.790.3012913.85
Bkav8330.820.1190823.67
MicroWorld-eScan16215.060.2324253.50
BitDefender16115.140.2309903.50
Emsisoft16015.230.2295553.50
CMC24100.000.0344333.44
Kaspersky8627.480.1233863.39
TrendMicro6337.140.0903873.36
Ad-Aware14016.560.2008613.33
Ikarus20910.950.2998573.28
AVware9523.930.1362983.26
Comodo6926.830.0989962.66
Sophos7720.290.1104732.24
Rising1957.090.2797701.98
Tencent5024.760.0717361.78
ALYac1089.250.1549501.43
Microsoft2536.640.0358681.31
K7AntiVirus1095.540.1563850.87
DrWeb1343.960.1922530.76
Malwarebytes2221.890.3185080.60
K7GW1203.480.1721660.60
Antiy-AVL745.010.1061690.53
Symantec1611.610.2309900.37
VBA32534.740.0760400.36
nProtect1613.380.0229560.31
NANO-Antivirus762.300.1090390.25
SUPERAntiSpyware383.610.0545190.20
Jiangmin383.610.0545190.20
Zillya1311.000.1879480.19
ByteHero425.750.0057390.15
Baidu-International831.000.1190820.12
AhnLab-V3801.000.1147780.11
Agnitum571.000.0817790.08
ViRobot121.000.0172170.02
AegisLab91.000.0129120.01
TotalDefense21.000.0028690.00
Zoner11.000.0014350.00
Alibaba11.000.0014350.00

Our sandbox was able to detect the remaining samples (the missing 43%).

antivirus

The bubble graph above illusrates the Severity (Detection Rate * Average Priority) verses the Prevalence (Detection Rate * Total Priority). The detection rate is encoded in color and the size of the bubble is proportional to how many customers saw the malware.


If you are curious about more statistics like this, you can visit https://www.metaflows.com/stats/ (best viewed on a desktop) for a ton of additional information. If you want a quick fix, watch some of our videos at https://www.metaflows.com/saas/.

Leave a Reply

Your email address will not be published. Required fields are marked *