Heuristic Analysis Efficiency
Mutual comparisons of detection abilities accompany antiviruses from the beginning. Comparison tests are often aimed at the effectiveness of scanners (on-demand and on-access) and thus do not evaluate other product attributes, e.g. user-friendly control, services, etc. The comparative scanner tests compare the two most relevant factors — detection effectiveness and speed. Under quality we understand detection rate by percentage. It is a ratio of the number of detected malicious codes to the total number of all malicious codes. But scanners should also be tested on a large collection of harmless files.
Virus Bulletin 100% Award Results
A high-quality scanner should not only unfailingly detect malware, but also minimize a number of false alarms, both in the shortest possible time. The tests are usually performed separately on a collection of “In The Wild” and “Zoo” viruses. The former include real-time threats spreading across the Internet - i.e. those on the “PC Viruses In The Wild” list. The latter include a huge mixture of malicious codes, while many of them represent no real threat. The detection rate of the ITW threats is thus considered very carefully and each result below 100% is regarded as negative. The effectiveness in detection of the “Zoo” collection is not that strictly judged.
Heuristic analysis test
Retrospective / proactive test of the In-The-Wild category
Lowest Resource Utilization
NOD32 is by far one of the smallest applications in the industry, especially for providing protection against such a wide range of threats. The NOD32 v2.5 installer is just 8.6 MB. The program utilizes approximately 15 to 22 MB of RAM. This, along with intelligent caching reduces disk access and memory paging, adding to performance.
Source: Scott Brown, Colby Sawyer Case Study, November 2004
Mutual comparisons of detection abilities accompany antiviruses from the beginning. Comparison tests are often aimed at the effectiveness of scanners (on-demand and on-access) and thus do not evaluate other product attributes, e.g. user-friendly control, services, etc. The comparative scanner tests compare the two most relevant factors — detection effectiveness and speed. Under quality we understand detection rate by percentage. It is a ratio of the number of detected malicious codes to the total number of all malicious codes. But scanners should also be tested on a large collection of harmless files.
Virus Bulletin 100% Award Results
Source: Virus Bulletin , www.virusbtn.com, results from January 1998 till February 2007
A high-quality scanner should not only unfailingly detect malware, but also minimize a number of false alarms, both in the shortest possible time. The tests are usually performed separately on a collection of “In The Wild” and “Zoo” viruses. The former include real-time threats spreading across the Internet - i.e. those on the “PC Viruses In The Wild” list. The latter include a huge mixture of malicious codes, while many of them represent no real threat. The detection rate of the ITW threats is thus considered very carefully and each result below 100% is regarded as negative. The effectiveness in detection of the “Zoo” collection is not that strictly judged.
Heuristic analysis test
Retrospective / proactive test of the In-The-Wild category
Source: VirusTotal.com, 2005
Lowest Resource Utilization
NOD32 is by far one of the smallest applications in the industry, especially for providing protection against such a wide range of threats. The NOD32 v2.5 installer is just 8.6 MB. The program utilizes approximately 15 to 22 MB of RAM. This, along with intelligent caching reduces disk access and memory paging, adding to performance.
