That is the ninth edition of the “Advanced In The Wild Malware Test”, and fifth in 2020 in which we choose the best antivirus application for Windows 10. In September, 11 developers joined our tests, and the analysis was continued uninterrupted throughout September. Here is the full list of tested products:
- Avast Free Antivirus
- Avira Antivirus Pro
- Bitdefender Total Security
- Comodo Advanced Endpoint Protection
- Comodo Internet Security
- ESET Smart Security Premium
- G DATA Total Security
- Kaspersky Total Security
- mks_vir Internet Security
- SecureAPlus Pro
- Webroot Antivirus
- Windows Defender
The products and Windows 10 settings: daily test cycle
Tests are carried out in Windows 10 Pro x64. The user account control (UAC) is disabled because the purpose of the tests is to check the protection effectiveness of a product against malware, and not a reaction of the testing system to Windows messages. Other Windows settings remain unchanged.
Additionally, the Windows 10 system contains installed the following software: office suite, document browser, email client, and other tools and files that give the impression of a normal working environment.
Automatic updates of the Windows 10 system are disabled in a given month of the tests. Due to the complicated process and the possibility of a malfunction, Windows 10 is updated every few weeks under close supervision.
Security products are updated one time within a day. Before tests are run, virus databases and protection product files are updated. This means that the latest versions of protection products are tested every day. All antivirus applications had access to the Internet during the tests.
We have used 1187 malicious software samples for the test, consisting of, among others, banking trojans, ransomware, backdoors, downloaders, and macro viruses. In the contrast to well-known testing institutions, our tests are much more transparent because we share the full list of harmful software samples.
We use real working environments in a graphic mode, that is why the results of individual samples may differ from those presented by the VirusTotal service. We point that out because inquisitive users may compare our tests with the scan results on the VirusTotal website. It turns out that differences between real products installed on Windows 10 and scan engines on VirusTotal are significant.
Levels of blocking malicious software samples
We share checksums of malicious software for researchers and security enthusiasts by dividing them into protection technologies that have contributed to detect and stop a threat. According to independent experts, this type of innovative approach of comparing security will contribute to better understand differences between products available on the market.
Blocking of each malware sample by tested protection solution has been divided into few levels:
- Level 1 (L1): The browser level, i.e. a virus has been stopped before or after it has been downloaded onto a hard drive.
- Level 2 (L2): The system level, i.e. a virus has been downloaded, but it has not been allowed to run.
- Level 3 (L3): The analysis level, i.e. a virus has been run and blocked by a tested product.
- Failure (F): The failure, i.e. a virus has not been blocked and it has infected a system.
The result of blocking each sample are available at https://checklab.pl/en/recent-results in the table:
Solutions with the most effective protection in September 2020 (alphabetically and by the best result):
- Avast Free Antivirus (blocked 1187/1187)
- Bitdefender Total Security (blocked 1187/1187)
- Comodo Advanced Endpoint Protection (blocked 1187/1187)
- Comodo Internet Security (blocked 1187/1187)
- ESET Smart Security Premium (blocked 1187/1187)
- G DATA Total Security (blocked 1187/1187)
- Kaspersky Total Security (blocked 1187/1187)
- mks_vir Internet Security (blocked 1187/1187)
- SecureAPlus Pro (blocked 1187/1187)
- Webroot Antivirus (blocked 1187/1187)
- Windows Defender (blocked 1187/1187)
- Avira Antivirus Pro (blocked 1186/1187)
Detailed results are available at https://checklab.pl/en/recent-results
Only one solution, AVIRA Antivirus Pro has failed in one case at hand of the c600d2c2146cbdd5eb227252c58d50143bafe04d1b8b98efa1e3be2ec2f706d1 sample. The 1186 remaining samples of malware had been properly detected and blocked before infection of operating system has occurred. It is still a very good result, taking into account the testing scale of real threats. Generally, the AVIRA product must credit the superiority of other developers.
We want to thank all interested developers for their quick response to the reported technical details, and assistance in seamless automation of our tests with their antivirus products.
The best product of the year 2020
Already in November, we will start the last edition of the „Advanced In The Wild Malware Test”. Next, we will publish a summary in which we will select a leader (or ex aequo few winners) for the excellent results in blocking and detecting threats on the Internet.
Please follow our publications carefully because we want to give an additional award in the form of a unique certificate of PRODUCT OF THE YEAR 2020.