If you go over to the Threatfire site there is a bar graph showing the incremental detection Threatfire gives to several AV programs. Most significant are that Trend, Symantec and McAfee were tested, representing over 80% of the paid AV market. My view is the sample set for this test consists of malware detcterd by Threatfire and missed by signature AV's. It is likely that Threatfire users submit malware that was missed by Threatfire and detected by a signature AV, but that would likely be excluded. In some cases the exclusion may be justified as older forms of malware may be adequately addressed by signature AV's. I also suspect there has been no analysis to determine if any samples are Threatfire false alarms as this is labor intensive. What I don't understand is how little additional benefit McAfee obtains from Threatfire as I was not aware that McAfee used behavioral detection. Furthermore, Symantec usually tests a little better than McAfee on known malware. AV-Comparatives shows the two to be roughly equal in proactive detection. The results for Trend Micro do not amaze me as an AV that misses 12% has 6 times more missed samples than one that misses 2%, and missed samples are what this is about. Without attempting to reach a conclusion of A is better than B, can anyone offer an explanation for the results between Symantec and McAfee? The only conclusion I can safely reach is McAfee does better on proactive detection of the type Threatfire is capable of, but there may be other classes of Malware Threatfire misses, and the performance of either AV on those items is unknown.