could you please correct your data about Threats missed by other security vendors

Not to fuel the fire any, but I was under the assumption that Norton, McAfee and Trend made up about 60%-70% of the consumer market. But they seem to make up only about 17% of infections found. It's hard to believe that the disparity between the big three is that substantial over the other vendors.

Also, of the infections found: how many are later determined to be false positives by Prevx and how many infections found are on computers using out of date software (e.g.- license expired and no updates)? Also, as mentioned earlier, how many machines were infected as opposed to number of total infections?

 

Prevx probably has a much higher market share among the computer-savvy persons, and Norton and McAfee probably have a higher market share among the computernoobs as on a lot of PC's they are already preinstalled by the manufacturer, plus a lot of people dislike them, so that could have a great influence on the samples missed by Norton and McAfee, but I'm not sure if TM is also preinstalled.

 

PrevX is not a testing organization. Okay?

@acr1965
That was already answered by PrevXHelp (Joe).

 

If a user is currently running Eset on their PC, installs the paid version of Prevx today while maintaining the installation of Eset, and Prevx detects malware missed by Eset, then the count of “threats missed by other security vendors” for Eset is incremented -- which makes sense.

Now, what if the same user who is running both Eset and Prevx is infected with malware tomorrow morning (i.e., the threat was missed by both Eset and Prevx) and then later in the afternoon that same threat was detected by Prevx -- will the count of “threats missed by other security vendors” for Eset also be incremented despite the fact that the PC was protected by Prevx at the time of the attack?

Perhaps a simpler way of probing the issue: is every instance of a “threat missed by other security vendors” based only upon the detection scans by the free version of Prevx (which has no prevention capabilities)?

 

The chart might be for both free and paid version of PrevX.

 

And, if the “threats missed by other security vendors” chart is based upon data from both the paid and the free version of Prevx, then that is potentially very troublesome. Malware that is missed by both the paid version of Prevx and Eset (for example) and is downloaded/executed/installed, and is then later discovered by Prevx shouldn’t increment the count of “threats missed by other security vendors” for Eset unless it also increments a corresponding count for “threats missed by Prevx.”

So, the question remains: is every instance of a “threat missed by other security vendors” based only upon the detection scans by the free version of Prevx? The fact that the chart is described as representing “a total count of malicious programs found yesterday by Prevx products” (plural “products”) suggests that the data may in fact be based upon a combination of PCs running either the free or the paid version of Prevx.

 

"Threats missed by other security vendors" includes data on threats that are Active on the PC when Prevx is first installed - not files that also got past Prevx. It is irrelevant if Prevx is registered or not because the threats would already be active - we only count data from a first installation of a new user as that is when we'd be seeing the pre-existing infections, and we measure if the AV is reporting to the security center and enabled + up to date.

 

I was hopeful this would be the answer!

As a corollary, this implies that the total daily count of the “threats missed by other security vendors” across all vendors is an estimate of the total number of new Prevx users per day -- correct? (The estimate may be somewhat high, because more than one threat may be detected per PC upon the initial installation of Prevx.)

Additionally, when you say “we measure if the AV is reporting to the security center and enabled + up to date,” how do you define “up-to-date”?

 

It is a subset of all of the users of Prevx, not counting SafeOnline or any of our OEM deals or partners distributing Prevx.

There is a flag set in the security center information which AV products transmit that says "productUpToDate". It is maintained by the AV software itself but if the AV product is lying to the user, I suspect there are more issues involved than just detection

 

i think prevx takes the position that if something is flagged by prevx and there is another av installed, the other av missed it, and that that is how they get their statistics, prevx flagged something and so it must have been missed by the other av that was installed..

i think the vast majority of instances where prevx is supposedly flagging something that was missed by another av is when people use the eicar test file, to test prevx, and prevx counts that as prevx catching something that some other av missed..

 

This is incorrect - if you look at the pages under the charts, you can see the most popular filenames used: http://www.prevx.com/avgraph/2/Avast.html

I did a search through our database and eicar is not within the top 100,000 threats seen on a daily basis.

 

To clarify, does “active on the PC” mean that Prevx has detected installed malware -- or, that it has a detected the presence of a malicious file that has yet to be executed? (Thank you.)

 

It counts malware which is currently active (i.e. running in memory) or will become active (pointed to by a bootup registry entry, shortcut in the startup folder, etc.)

 

All companies display information to persuade people to buy their product. I think PrevX is better known by expert users than average users. Therefor expert users (we) will absolutely interpret the information right: the chart shows no product is perfect and you need a second-opinion/layer. But I agree that average users might interpret it wrong.
But like I said all companies use these types of charts, and PrevX does it in this way. It is a little questionable because PrevX also knows people might misinterpret it. But it is completely fair because PrevX explains the charts: if people don't read it it is not their mistake. Also the data will be true.
It will be fair to average consumers add the number of pc's (7000 missed samples on 1 million ESET pc's or on ten thousand?). But this is won't be fair since PrevX will be COMPARING the products of their concurrents then. Particularly because it are self-collected data which is can never be completely free of errors.

If all visitors of the PrevX site would click on the 'Explain this chart' button there is nothing PrevX is doing wrong.

But PrevXHelp: when I click on ESET I see you detect a lot of (missed) Cloaked Malware with PrevX. I don't really understand the category cloaked malware. What kind of malware does it contain?