Malware detection - 'Real-life' Conditions
The tests carried out by the AV-Comparatives and AV-Test research centers have their shortcomings, one of which is that the antivirus software capabilities are checked against collections of relatively old files (gathered over the preceding six months). Furthermore, it is the results of on-demand scans that are analyzed, whereas the real-life situation of a user receiving malicious files by downloading them from the Internet or as an attachment in an email would provide a more realistic setting for real-time antivirus scans.
Specialists from the UK magazine PC Pro have tried to overcome these problems by only using samples of malicious code detected over the preceding two weeks and sending traffic via servers at the company MessageLabs. MessageLabs is one of the largest providers of filtration services for different types of traffic and the collection of malicious code provided by the company reflects the current situation on the network at the time of testing. During testing the specialists from PC Pro imitated everyday user actions such as downloading mail with infected attachments. They also created a script that simulated the downloading of infected files from the Internet. This type of test is closer to real-life conditions and, as can be seen, the detection level is not as high as for the on-demand scans.
Even under these more demanding test conditions Kaspersky Anti-Virus still achieved the best results.