Virus Bulletin
Copyright © 2018 Virus Bulletin
Anti-virus has long stopped being the sole layer of defence against malware attacks. Given its more subtle role, it is all the more important that users and organizations can rely on their endpoint solutions to satisfy a minimum standard.
For more than two decades, Virus Bulletin has set a minimum standard for anti-virus (or anti-malware) products, checking whether products live up to expectation and providing those that do with the VB100 'stamp of approval'.
This report details the performance of 29 of such products from 27 different vendors during November and December 2018.
In the VB100 test, a copy of the product to be tested is installed on two platforms: Windows 10 and Windows 7. On each platform, and at three different times in the test, the product is asked to scan both the latest version of the WildList1 and a selection of clean files taken from Virus Bulletin's own set of files belonging to widely used legitimate software.
A legitimate file that is blocked at least once is considered a false positive, while a WildList file that isn't blocked is considered a miss.
A product achieves a VB100 certification if:
and
For full details, we refer to the VB100 methodology on the Virus Bulletin website: https://www.virusbulletin.com/testing/vb100/vb100-methodology/vb100-methodology-ver1-1/. This test used version 1.1 of the VB100 methodology.
The malware part of the VB100 certification uses the WildList, a regularly updated list of extremely well vetted malware samples, guaranteed to have been spotted in the wild multiple times. This makes them very suitable for a certification test like VB100.
The 'Diversity Test' looks at products' detection of another set of recent malware samples, to acknowledge the fact that products detect malware samples beyond a standard set of samples, and provides a measure of that detection.
Products were allowed to download updates during the course of the test. The version numbers listed in the results that follows refer to those at the start of the test.
| Windows 7 version | 9.0.49.2 |  |
| Windows 10 version | 9.0.50.5 | |
| WildList detection | 100.0% | |
| False positive rate | 0.000% | |
| Diversity test rate | 100.00% |
| Windows 7 version | 2018.11.05 | |
| Windows 10 version | 2018.11.06 | |
| WildList detection | 100.0% | |
| False positive rate | 0.000% | |
| Diversity test rate | 100.00% |
| Windows 7 version | 18.7.2354 | |
| Windows 10 version | 18.7.2354 | |
| WildList detection | 100.0% | |
| False positive rate | 0.000% | |
| Diversity test rate | 99.49% |
| Windows 7 version | 18.7.3069 | |
| Windows 10 version | 18.7.3069 | |
| WildList detection | 100.0% | |
| False positive rate | 0.000% | |
| Diversity test rate | 99.49% |
| Windows 7 version | 15.1.0112 | |
| Windows 10 version | 15.1.0112 | |
| WildList detection | 100.0% | |
| False positive rate | 0.000% | |
| Diversity test rate | 99.69% |
| Windows 7 version | 2018.10.0.9018 | |
| Windows 10 version | 2018.10.0.9018 | |
| WildList detection | 100.0% | |
| False positive rate | 0.000% | |
| Diversity test rate | 100.00% |
| Windows 7 version | 14.0.1400.2029 | |
| Windows 10 version | 14.0.1400.2029 | |
| WildList detection | 100.0% | |
| False positive rate | 0.000% | |
| Diversity test rate | 100.00% |
| Windows 7 version | 12.0.27.0 | |
| Windows 10 version | 12.0.27.0 | |
| WildList detection | 100.0% | |
| False positive rate | 0.000% | |
| Diversity test rate | 100.00% |
| Windows 7 version | 3.0.1.3 | |
| Windows 10 version | 3.0.1.3 | |
| WildList detection | 100.0% | |
| False positive rate | 0.000% | |
| Diversity test rate | 100.00% |
| Windows 7 version | 2.2.0.57 | |
| Windows 10 version | 2.2.0.57 | |
| WildList detection | 100.0% | |
| False positive rate | 0.001% | |
| Diversity test rate | 99.90% |
| Windows 7 version | 4.12.3102.401 | |
| Windows 10 version | 4.12.3102.401 | |
| WildList detection | 100.0% | |
| False positive rate | 0.008% | |
| Diversity test rate | 100.00% |
| Windows 7 version | 27.30.4 | |
| Windows 10 version | 27.30.4 | |
| WildList detection | 100.0% | |
| False positive rate | 0.000% | |
| Diversity test rate | 100.00% |
| Windows 7 version | 5.6.2.1117 | |
| Windows 10 version | 5.6.2.1117 | |
| WildList detection | 100.0% | |
| False positive rate | 0.000% | |
| Diversity test rate | 99.90% |
| Windows 7 version | 25.5.0.2 | |
| Windows 10 version | 25.5.0.2 | |
| WildList detection | 100.0% | |
| False positive rate | 0.000% | |
| Diversity test rate | 99.90% |
| Windows 7 version | 2.19.14 | |
| Windows 10 version | 2.19.14 | |
| WildList detection | 100.0% | |
| False positive rate | 0.001% | |
| Diversity test rate | 99.90% |
| Windows 7 version | 15.1.0345 | |
| Windows 10 version | 15.1.0345 | |
| WildList detection | 100.0% | |
| False positive rate | 0.000% | |
| Diversity test rate | 99.69% |
| Windows 7 version | 11.0.0.6499 | |
| Windows 10 version | 11.0.0.6499 | |
| WildList detection | 100.0% | |
| False positive rate | 0.000% | |
| Diversity test rate | 100.00% |
| Windows 7 version | 1.0.134.89835 | |
| Windows 10 version | 1.0.134.89835 | |
| WildList detection | 100.0% | |
| False positive rate | 0.000% | |
| Diversity test rate | 99.90% |
| Windows 7 version | 3.0.0.83 | |
| Windows 10 version | 3.0.1.14 | |
| WildList detection | 100.0% | |
| False positive rate | 0.000% | |
| Diversity test rate | 65.27% |
| Windows 7 version | 2.0.1430 | |
| Windows 10 version | 2.0.1430 | |
| WildList detection | 100.0% | |
| False positive rate | 0.000% | |
| Diversity test rate | 100.00% |
| Windows 7 version | 5.0.0.57 | |
| Windows 10 version | 5.0.0.57 | |
| WildList detection | 100.0% | |
| False positive rate | 0.006% | |
| Diversity test rate | 99.90% |
| Windows 7 version | 1.0.105328 | |
| Windows 10 version | 1.0.129712 | |
| WildList detection | 100.0% | |
| False positive rate | 0.000% | |
| Diversity test rate | 100.00% |
| Windows 7 version | 12.3.26589.901 | |
| Windows 10 version | 12.3.26590.901 | |
| WildList detection | 100.0% | |
| False positive rate | 0.000% | |
| Diversity test rate | 100.00% |
| Windows 7 version | 4.9.36 | |
| Windows 10 version | 4.9.36 | |
| WildList detection | 99.8% | |
| False positive rate | 0.006% | |
| Diversity test rate | 98.36% |
| Windows 7 version | 9.0.0.747 | |
| Windows 10 version | 9.0.0.747 | |
| WildList detection | 100.0% | |
| False positive rate | 0.000% | |
| Diversity test rate | 100.00% |
| Windows 7 version | 11.0.0.775 | |
| Windows 10 version | 11.0.0.775 | |
| WildList detection | 100.0% | |
| False positive rate | 0.000% | |
| Diversity test rate | 100.00% |
| Windows 7 version | 11.0.3.20 | |
| Windows 10 version | 11.0.3.20 | |
| WildList detection | 100.0% | |
| False positive rate | 0.000% | |
| Diversity test rate | 100.00% |
| Windows 7 version | 8.7.98 | |
| Windows 10 version | 8.8.0 | |
| WildList detection | 100.0% | |
| False positive rate | 0.000% | |
| Diversity test rate | 41.19% |
| Windows 7 version | 6.6.4.68 | |
| Windows 10 version | 6.6.4.68 | |
| WildList detection | 100.0% | |
| False positive rate | 0.000% | |
| Diversity test rate | 100.00% |
Cyren failed to achieve VB100 certification in this test due to a technical issue with the scanner that affected the first testing part; the issue has since been resolved. Cyren told us that only on-access protection was affected, and users would have been protected by other layers of defence.
Technical and other issues can render the data we collect insufficient or otherwise unsuitable for accurate reporting. In such cases, the methodology allows us to discard the affected test part and record the event below. Two healthy test parts out of three are required for the certification to be issued.
No test parts had to be excluded for any product.
The WildList contained 3,091 samples. The set of clean files used for the false positive test contained 100,000 files, of which 29,071 were portable executable (PE) files. The set used for the Diversity Test contained 976 samples.
1 The WildList is an extremely well-vetted set of malware recently observed in the wild by researchers: http://www.wildlist.org/.
