IT security and control firm Sophos has been found to be superior to McAfee, Microsoft, Symantec and almost 30 other anti-virus products in protecting proactively against unknown malware attacks, in a study published by Sophos today.
Sophos detected more new unknown malware reported to the independent AVIEWS mailing list in a four month period than any other vendor. AVIEWS is the Anti-Virus Information & Early Warning System, an online community that shares information about breaking malware threats between anti-virus vendors, researchers, security experts, and system administrators.
In the four month study Sophos was found to proactively detect 80% of all unknown malware reported to the mailing list, higher than any other vendor, compared to 50% for Microsoft, 35% for Symantec and 30% for McAfee.
Some anti-virus products failed to find any of the unknown malware during the four month testing period, leaving customers at considerable risk of infection.
Please note: This analysis was carried out based on alerts posted to AVIEWS and was not a test carried out by AVIEWS.
"Most anti-virus reviews only examine products' ability to detect known malware, rather than determining who does the best job at protecting proactively against zero-day threats and unknown viruses. It's becoming more and more important to have an industrial strength defense against both known and unknown malware as virus writers and hackers step up their attempts to steal money and identities with targeted attacks," said Guy Edsall, product manager at Sophos. "We're obviously delighted to find that we provide a higher level of protection against unknown malware than our competitors - but we won't be resting on our laurels, and customers can expect to see us continuing to work hard to enhance our detection of unknown threats even further."
Sophos better than Symantec and McAfee at detecting zero-day attacks
Last week, in a separate review conducted by independent testers Cascadia Labs, Sophos clearly outperformed Symantec and McAfee in detection of new, unknown viruses, spyware and Trojan horses. Sophos successfully intercepted 86% of the malware tested against prior to execution, compared to 43% for McAfee and 51% for Symantec. In addition, Sophos's run-time HIPS protection detected further malware samples at execution raising proactive detection of zero-day threats to an "impressive" 97% in Cascadia Labs' anti-virus tests.
According to Cascadia Labs, McAfee's overall effectiveness was disappointing and Symantec's protection against zero-day attacks was found to often come too late in the infection cycle.
"While Sophos's HIPS protection significantly increased detection rates, we were unable to identify any significant impact of Symantec's behavioral or HIPS-based protection component," said the Cascadia Labs report. "[Symantec] doesn't match Sophos in terms of day-zero effectiveness, usability, or scanning performance... [Sophos is] a natural choice for enterprises looking for a well integrated endpoint security suite that is effective against day-zero threats."
Symantec 11 upgrade "painful and time-consuming"
The independent study also reported that Symantec users may face difficulties upgrading to Symantec Endpoint Protection 11.0, confirming Sophos's view that it is easy to switch from Symantec to Sophos.
"Users of previous Symantec products will face a painful and time consuming migration process moving to Symantec Endpoint Protection 11.0," said the Cascadia Labs report. "Given the workload involved in migrating to SEP 11, because of the extensive architecture changes, administrators will have difficulty choosing whether to migrate or perform a fresh install"
Sophos is headquartered in Boston, US and Oxford, UK. More information is available at www.sophos.com.