Andreas Marx from AV-Test has just finished WildList Proactive Detection and Response Time Testing for Q4 2007. You might remember I published the Q3 2007 results, where we achieved a 94% detection rate of the new malware included in the WildList proactively (meaning that Panda customers were protected from the moment the malware appeared for the first time). I'm happy to report that our proactive detection rate of WildList malware has improved to 98% during Q4-2007, which means that we detected 60 out of 61 new additions to the WildList proactively, without requiring any signature updates.

So if we take the WildList Proactive Detection Rates from April to December 2007 this is what the results look like:

Some disclaimers about the data:

  • The testbed consists of new additions to the WildList, which is a collection of "in-the-wild" self-replicating viruses, worms and some trojans. The WildList does not include non-replicating malware such as spyware, adware, trojans, rootkits, etc. but that's another discussion we'll have someday.
  • As you can see there's a difference in the proactive detections of our BETA signatures and our REGULAR signatures. All our commercial products automatically download and use BETA signatures transparently between regular daily update intervals, so the protection rate shown as BETA is the one that actually applies to all our customers alike. EDIT: this applies only to certain products and BETA signatures.
  • The table does not show other AV vendors' BETA signatures as per request from AV-Test.
  • I've also separated results from endpoint engines and gateway engines as these are not comparable.

A couple of very important clarifications from AV-Test on how to read this data:
"Please note that term "proactive" doesn't necessarily indicate a heuristic or generic detection, but it will just say that a malware was detected *before* it was reported to the WildList of the specific month."

"A WildList malware could already be spreading in April 2007, for example, but when it was first added to the June 2007 WildList, we just checked for the proactive detections on June 1, 2007. So the values doesn't show the proactive detections from the time the malware first appeared "in the wild", but from the time the malware first appeared on the WildList. That's a big difference."