In association with heise online

03 August 2007, 12:52

Sophos Threat Detection Test

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Sophos's Threat Detection Test is described as a test of the performance of installed antivirus software: the manufacturer advertises the product on its web page with the slogan "Is your anti-virus catching everything it should?". To test this, they offer a scaled-down on-demand virus scanner for free download that scans your whole PC for malware. It does not offer any configuration options though.

On its web page, Sophos claims the Threat Detection Test verifies the performance of products by other vendors such as Symantec, McAfee, Trend Micro, CA, Kaspersky and F-Secure: a list of manufacturers whose products have supposedly been checked to ensure that they don't choke on the background activities of the Sophos on-demand scanner.

However, by describing it like this Sophos's marketing team gives the wrong impression of the test. Every antivirus product, including that offered by Sophos, will occasionally miss a current malware sample: Virus makers optimise their products to such an extent that virus scanners can't detect them without updated signatures. In order to generate a signature, antivirus vendors first have to get their hands on the beast. In the interval between the release of the virus and the addition of the signature, users remain vulnerable.

On-demand scanners (which are available free in browser-based form from numerous antivirus software suppliers) may therefore occasionally detect malware on a PC despite a current antivirus product being deployed. However, this eventuality cannot be used to rate the performance of the installed antivirus software. The installed scanner could also quite possibly detect malware which the on-demand scanner misses – a scenario not covered by this test setup.

Antivirus products that use multiple virus scan engines generally score better in tests because the scan engines' detection rates actually complement each other. Therefore, although this Threat Detection Test is suitable for obtaining a second opinion if a system infection is suspected, it is not an appropriate basis for drawing conclusions about the performance of an existing virus scanner, which is what the Sophos marketing team seem to be suggesting.


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit