One of my clients showed me this website http://mtc.sri.com/live_data/av_rankings/ and wanted to know why I'm recommending NOD32 when it finishes at the bottom of the pile.

I looked at this site and I'm suspect of it. It throws out MD5 hashes as the binaries and I'm wondering if NOD32 is geared to be detecting their method of testing.

I pull the VBNet results which show NOD32 at the top and now it's a game to debunk one result to another.

Certainly AVG cannot be the top AV out there as according to this website.

For starters, you should read this article:
http://www.prevx.com/blog/106/Why-using-VirusTotal-for-AV-testing-is-a-bad-idea.html

Secondly, can we be sure that all their samples represent actual malware?

I can write a program that flags every file as malware, thereby achieving a 100% detection rate. This is why false positive analysis is important.

{QUOTE-> For starters, you should read this article:
http://www.prevx.com/blog/106/Why-using-VirusTotal-for-AV-testing-is-a-bad-idea.html

Secondly, can we be sure that all their samples represent actual malware?

I can write a program that flags every file as malware, thereby achieving a 100% detection rate. This is why false positive analysis is important. <-QUOTE}

Interesting article. I knew something was up with that listing showing NOD32 at the bottom. Thanks for the clarification.