AV-Comparatives' November 2009 report has been released and there are eight winners. The other eight products didn't do so well.

By Emil Protalinski

Following its October 2009 removal report, AV-Comparatives has released its November 2009 retrospective/proactive comparative. This is actually the second part of the August 2009 comparative, where 16 products, last updated on August 10 (new samples were taken between August 11, 2009 and August 17, 2009), were set on the same highest detection settings (except for Sophos and F-Secure) and put to the test. The results of the second part are only available now as they required a bit more work and analysis.

To recap, there were two sets of malware: Set A, which contains malware from December 2007 to December 2008 (of which most products could detect over 97 percent), and Set B, which contains malware from the last seven months (1.6 million samples). The set included the following categories of malware: Trojans (69.5 percent), Backdoors/Bots (20.7 percent), Worms (6.1 percent), other malware (1.5 percent), and Windows viruses (0.4 percent).

This test focused on malware being detected proactively, without being executed, using complex generic signatures, behavior analysis, heuristics, and so on. The idea is to see how well new malware can be caught without having to download new signatures, which is meant for filling in the gaps. That said, here are the proactive detection results (rounded to the nearest percent):

»arstechnica.com/security/news/20···pare.ars