10th edition of The Advanced In The Wild Test and announcement of summary of the year

15 December 2020

We have just published results of 10th edition of the “Advanced In The Wild Test”, the sixth time this year. The study lasted continuously throughout the month of November which allowed us identify the best antivirus software for Windows 10. 11 developers have signed up for the tests, and here is the full list of tested products (in alphabetical order):

  • Avast Free Antivirus
  • Avira Antivirus Pro
  • Comodo Advanced Endpoint Protection
  • Comodo Internet Security
  • Emsisoft Business Security
  • G DATA Total Security
  • SecureAPlus Pro
  • Webroot Antivirus
  • ZoneAlam Extreme Security

The products and Windows 10 settings: daily test cycle

Tests are carried out in Windows 10 Pro x64. The user account control (UAC) is disabled because the purpose of the tests is to check the protection effectiveness of a product against malware, and not a reaction of the testing system to Windows messages. Other Windows settings remain unchanged.

The Windows 10 system contains installed the following software: office suite, document browser, email client, and other tools and files that give the impression of a normal working environment.

Automatic updates of the Windows 10 system are disabled in a given month of the tests. Due to the possibility of a malfunction, Windows 10 is updated every few weeks under close supervision.

Security products are updated one time within a day. Before tests are run, virus databases and protection product files are updated. This means that the latest versions of protection products are tested every day. All antivirus applications had access to the Internet during the tests.

Malicious software

We have used 1343 malicious software samples for the test, consisting of, among others, banking trojans, ransomware, backdoors, downloaders, and macro viruses. In the contrast to well-known testing institutions, our tests are much more transparent – we share the full list of harmful software samples.

We use real working environments in a graphic mode, that is why the results of individual samples may differ from those presented by the VirusTotal service. We point that out because inquisitive users may compare our tests with the scan results on the VirusTotal website. It turns out that differences between real products installed on Windows 10 and scan engines on VirusTotal are significant.

Levels of blocking malicious software samples

We share checksums of malicious software for researchers and security enthusiasts by dividing them into protection technologies that have contributed to detect and stop a threat. According to independent experts, this type of innovative approach of comparing security will contribute to better understand differences between products available on the market.

Blocking of each malware sample by tested protection solution has been divided into few levels:

  • Level 1 (L1): The browser level, i.e. a virus has been stopped before or after it has been downloaded onto a hard drive.
  • Level 2 (L2): The system level, i.e. a virus has been downloaded, but it has not been allowed to run.
  • Level 3 (L3): The analysis level, i.e. a virus has been run and blocked by a tested product.
  • Failure (F): The failure, i.e. a virus has not been blocked and it has infected a system.

The result of blocking each sample are available at https://checklab.pl/en/recent-results in the table:

Advanced In The Wild Malware Test - November 2020.
Advanced In The Wild Malware Test - November 2020.

In November of 2020, most of the tested solutions to secure computers against malicious software deliver the most effective protection. Besides the G DATA Total Security product and ZoneAlarm Extreme Security from Check Point, all solutions have managed to block threats used in the test. The differences between each software can be seen in the level of detection of malicious software – that is why we mark them with levels.

During the test, already mentioned two solutions of developers from Germany and Israel have not been able to detect accordingly three (G DATA) and two samples (ZoneAlarm):

G DATA Total Security:

  • dac7b64601ffa3176296bc0647aa7cd30c50b95ea5002410000439ce506b5b9e
  • 3fabb267150a7c52c17c14be26ab87299b9738b043de7b555aeb73cfd56f3652
  • f2fcaa2ebfda230082ec5f649569674a249017cf0e09f3b7f3abcb23b3d2b05a

ZoneAlam Extreme Security:

  • e7b74c139f82a43576d35b1051eec059c40199e5bc8766f4ae584606c359869a
  • fdb73ab9b5f4787052f9218da37de907540ad1052f324fc5e050ec0c1fc73c4d

Despite this, the results for the G DATA and ZoneAlarm products are still very good, and they are respectively at the level of 99,998% and 99,999% effectivity. Nevertheless, developers of these applications this time must credit the superiority of competing solutions.

We want to thank all interested developers for their quick response to the reported technical details, and assistance in seamless automation of our tests with their antivirus products.


The best product of the year 2020

That was the last edition of The Advanced In The Wild Malware Test in the year 2020. For this reason, we will soon publish a summary in which we will select a leader (or ex aequo few winners) for the excellent results in blocking and detecting threats on the Internet in the year 2020.