Which method of testing yields more accurate results? At Shadowserver I believe the AV's run up to date signatures and are graded on how well the perform at detecting new malware on a daily basis. The typical proactive test involves using signatures that are out of date by a week or more and grading detection on new malware that came in over the time period that the signatures were held constant. I think Shadowserver has a better idea simply because we run our AV's up to date in real life. Letting one's signatures get a week (or more) out of date is not a good practice. It might demonstrate some technical superiority, but not necessarily in the area of preventing real world threats. What do the rest of the members around here have to say about this?