In May 2020 the CheckLab.pl organization prepared subsequent list of popular solutions to protect computers: 7 specialized products were tested for home users, and 2 products for micro, medium, and large business.
The tests lasted uninterrupted throughout May. Here is the list of products in May comparison:
- Avast Free Antivirus
- Avira Antivirus Pro
- Check Point Endpoint Security
- Comodo Advanced Endpoint Protection
- Comodo Internet Security
- Emsisoft Business Security
- SecureAPlus Pro
- Trend Micro Maximum Security
- Webroot Antivirus
- Windows Defender
- ZoneAlarm Extreme Security
Levels of blocking malicious software samples
CheckLab is probably the first organization in the world that shows such detailed information from tests. For researchers and security enthusiasts, we share checksums of malicious software by dividing them into protection technologies that have contributed to detect and stop a threat. According to independent experts, this type of innovative approach of comparing security will contribute to better understanding of differences between available products for end customers.
The CheckLab employees are probably pioneers in this regard — they show more detailed diagnostic data than any other testing institution, including the largest such as AV-Comparatives.com and AV-Test.org.
Blocking of each malware sample by tested protection solution has been divided into few levels:
- Level 1 (L1): The browser level, i.e. a virus has been stopped before or after it has been downloaded onto a hard drive.
- Level 2 (L2): The system level, i.e. a virus has been downloaded, but it has not been allowed to run.
- Level 3 (L3): The analysis level, i.e. a virus has been run and blocked by a tested product.
- Failure (F): The failure, i.e. a virus has not been blocked and it has infected a system.
The result of blocking each sample are available at https://checklab.pl/en/recent-results in the table:
The products and Windows 10 settings: daily test cycle
Tests are carried out in Windows 10 Pro x64. The user account control (UAC) is disabled because the purpose of the tests is to check the protection effectiveness of a product against malware and not a reaction of the testing system to Windows messages. Other Windows settings remain the same.
Windows 10 system contains installed the following software: office suite, document browser, email client, and other tools and files that give the impression of a normal working environment.
Automatic updates of the Windows 10 system are disabled in a given month of the tests. Due to the complicated process and the possibility of a malfunction, Windows 10 is updated every few weeks under close supervision.
Security products are updated one time within a day. Before tests are run, virus databases and protection product files are updated. This means that the latest versions of protection products are tested every day. All solutions had Internet access during the tests.
We have used 1384 malicious software samples for the test, consisting of, among others, banking trojans, ransomware, backdoors, downloaders, and macro viruses. In the contrast to the well-known testing institutions, the CheckLab tests are much more transparent because the organization share the full list of malicious software samples.
The experts of CheckLab use real working environments in a graphic mode that is why the results of individual samples may differ from those presented by the VirusTotal service. The CheckLab organization points that out because inquisitive users may compare our tests with the scan results on the VirusTotal website. It turns out that differences between real products installed on Windows 10 and scan engines on VirusTotal are significant. We have explained these discrepancies in the article “How we test antivirus? The making of CheckLab.pl, a website dedicated to security tests”.
About CheckLab organization
The CheckLab organization was founded in July 2019 by the AVLab.pl company that has been operating since 2012 in the industry of cybersecurity. The primary objective of the CheckLab organization is to test the usefulness of workstations security, issue certificates confirming the protection effectiveness against malicious software, and also provide results to public information while ensuring the maximum transparency of the tests.