Kaspersky ranks well in both performance and proactive threat detection tests by PassMark
As new viruses appear daily and hourly, regular updates provided by your Anti-virus software is not enough to defeat new malware. A small time lag between the moment a new and unknown to your anti-virus software virus reaches you computer and a software update installation may become crucial. Kaspersky, for example, is known for their hourly updates releases which ensure that their users are protected against the latest malware.
Interestingly, regular updates are not the only way your antivirus software fights new malware. Antivirus software today is also able to defend against unknown threats using some generic techniques like passive heuristics. While generic scanners are the main defense anti-viruses offer today against unknown threats, some antivirus products use an extra layer of protection like behavior analysis and blocker, HIPS.
In their latest test on Proactive/retrospective effectiveness of Anti-virus software, PassMark evaluated generic detection by antivirus products against unknown/new malware.
Panda, G Data (based on Kaspersky technology) and Kaspersky were ranked the top 3 with Kaspersky and G Data not only demonstrating above average quality of detection capabilities, but also producing low level of false positive alarms.
Considering the results of the latest Anti-virus software performance test conducted by PassMark in February, it appears that Kaspersky ranks well in both categories – resource performance of the machine as well as proactive threat detection.
To see how your Anti-virus scored on the latest Proactive/retrospective effectiveness test by PassMark, check out their latest report.
Although the test demonstrated that most antivirus products are able to detect some quantity of unknown malware proactively even without executing malware, at the top end of generic techniques to detect unknown viruses, 60% is the high end which suggests that 40% of unknown malware goes undetected. At the lower end of the proactive detection of new malware companies like Trend Micro can detect only 25% of new malware, with 75% passing undetected. This suggests that the majority of new threats, unless categorized and updated, go undetected and account for the large number of malware that pass undetected by Antivirus.
The median average of Antivirus programs can detect 85% of known threats and from this report on average, 40% of unknown threats. These numbers are in stark contrast to Antivirus claims that they have high proactive and standard detecting capabilities, far higher those reached in this test.
Virtual Private Networks in conjunction with Antivirus appear to have much better results in protection against known and unknown threats. As there is an additional layer of defense between the user and his computer, VPN makes it much more difficult for known threats to locate specific target machines. As some VPN services have firewalls at their servers, many threats are blocked there and since IP addresses are assigned, malware cannot specifically target known IP addresses. Further if a VPN service also provides Antivirus as well as Firewall, the risk drops appreciably, particularly if the antivirus utilized at the server is different than that at the users’ machine as each Antivirus relies on different generic techniques for dealing with new threats. In this case, the risk of known viruses can drop to as low as 2.5% and unknown threats to between 10-20%, far better than the current 15% and 50% by using a standalone Antivirus program.
Antivirus and protected data
An area in which Antivirus has limited value is to protect data that leaves the machine to make numerous hops through unknown routers on the way to its final destination. The data packets composing the data are completely vulnerable to theft and manipulation and Antivirus has no role to play here. Although Antivirus products often claim that their software protect data on the Internet, in fact once the data passes onto the open internet, it can be seen by third parties, stolen, manipulated, collected, stored or made to vanish. Antivirus has absolutely no protective value online and it is estimated by the Federal Trade Commission that over 65% of users ID details are stolen online notwithstanding Antivirus’ claims that their programs are effective online.
VPN is more effective at protecting your online data.
It appears that a properly encrypted VPN provides complete protection against online data threats. If the VPN’s service provides real 128 bit or 256 bit encryption, the data is effectively off limits to third parties trying to scan, sniff or steal data packets. For data that is not on the machine but traveling across routers, this appears to be the only effective protection.
Add Firewalls and Antivirus at the VPN server and the overall threat profile drops dramatically.