Following its October 2009 removal report, AV-Comparatives has released its November 2009 retrospective/proactive comparative. This is actually the second part of the August 2009 comparative, where 16 products, last updated on August 10 (new samples were taken between August 11, 2009 and August 17, 2009), were set on the same highest detection settings (except for Sophos and F-Secure) and put to the test. The results of the second part are only available now as they required a bit more work and analysis.

To recap, there were two sets of malware: Set A, which contains malware from December 2007 to December 2008 (of which most products could detect over 97 percent), and Set B, which contains malware from the last seven months (1.6 million samples). The set included the following categories of malware: Trojans (69.5 percent), Backdoors/Bots (20.7 percent), Worms (6.1 percent), other malware (1.5 percent), and Windows viruses (0.4 percent).

This test focused on malware being detected proactively, without being executed, using complex generic signatures, behavior analysis, heuristics, and so on. The idea is to see how well new malware can be caught without having to download new signatures, which is meant for filling in the gaps. That said, here are the proactive detection results (rounded to the nearest percent):

AVIRA AntiVir Premium 9.0.0.446: 74 percent G DATA Antivirus 20.0.4.9: 66 percent Kaspersky AntiVirus 9.0.0.463: 64 percent ESET NOD32 Antivirus 4.0.437.0: 60 percent F-Secure Antivirus 10.00.246: 56 percent Microsoft Security Essentials 1.0 beta: 56 percent Avast Professional Edition 4.8.1348: 53 percent BitDefender Antivirus 13.0.13.254: 53 percent eScan AntiVirus 10.0.997.491: 53 percent AVG Antivirus 8.5.406: 49 percent Trustport Antivirus 2.8.0.3017: 49 percent McAfee VirusScan Plus 13.11.102: 47 percent Symantec Norton Antivirus 17.0.0.136: 36 percent Sophos Antivirus 7.6.10: 34 percent Norman Antivirus & AntiSpyware 7.10.02: 32 percent Kingsoft Antivirus 2009.08.05.16: 32 percent

After taking these results into consideration, while also looking at the fact that some products detected three to 15 false alarms (BitDefender, eScan, F-Secure, Microsoft, Avast, AVG, Kaspersky, G Data, ESET, and Symantec) and others detected over 15 false alarms (AVIRA, Sophos, McAFee, TrustPort, Norman, and Kingsoft), AV-Comparatives rated the security companies from best to worst in three categories:

Advanced+: G DATA, Kaspersky, ESET, F-Secure, Microsoft, Avast, BitDefender, eScan

Advanced: AVIRA, AVG, Symantec

Standard: McAfee, TrustPort, Sophos, Norman, Kingsoft

It's worth noting that AV-Comparatives also said Windows Live OneCare would have scored the same as Microsoft Security Essentials. In the more recent removal test last month, MSE fared better than OneCare. OneCare went the way of the dodo in June 2009, meaning Redmond essentially left the market for paid consumer security solutions. MSE, the company's free real-time consumer antimalware solution, arrived in September 2009, and AV-Comparatives has yet to put the final release through its paces (only beta versions have been tested so far).