Building upon the comments of Macstorm (see post #161 in this thread), I applaud Prevx’s openness to sharing information about “threats that your current security products missed” on the home page of their website. Nonetheless, there are several aspects of the reported statistics that raise questions. If you examine the list of threats that each security vendor “missed,” there appears to be significant overlap across vendors. It is possible that the same threat might be missed by Eset, by F-Secure, by Kaspersky, by Panda and by Symantec—but, it does not seem probable. The combined resources of all these major companies are substantial and their methods are independent. To believe that each and every one of these vendors is failing to detect the threats identified by Prevx is questionable. Prevx does not report the number of PCs scanned for which there are no identified threats by vendor, although it clearly must be in possession of that information. I encourage Prevx to post these data as well, in order to present a more complete analysis of the situation. If you accept that the list of “threats that your current security products missed” on the Prevx website is accurate, then it still does not logically follow that Prevx would have prevented the installation of this malware for the same users under the same circumstances. The distinction is one between detection versus prevention, and numbers reported on the Prevx website are only applicable to the former. The counts of the “threats that your current security products missed” on Prevx website appears to be a count of suspicious files found—not a count of the number of threats detected. Since a single threat will most likely involve multiple files, the numbers are “exaggerated.” I encourage Prevx to consider correcting the labeling of their chart from “threats that your current security products missed” to “suspicious files that your current security products missed.” The counts of the “threats that your current security products missed” on Prevx website may, to an unknown degree, be residual traces of malware that the security vendor has disabled but has not completely deleted. As the consequence, these counts reported by Prevx may, to some degree, represent inactive threats with no risk to the user. The counts of the “threats that your current security products missed” on Prevx website may, to an unknown degree, be false positives. It is typically the case that products with the highest detection rates (e.g., G DATA and AVIRA) also have the highest false positive rates (see Anti-Virus Comparative No. 21, February 2009). I encourage Prevx to participate in the Anti-Virus Comparative (and in other independent anti-virus ratings) so that users can better understand the strengths and weaknesses of its product versus the competition. I welcome comments, clarifications and corrections from forum members as well as from Prevx on these points.