Av comparatives and Av test .org never seem to agree that much..Is it worth believing either? For instance..Norton aces protection on AVTest and fails on comparatives
These comparative tests are powerful marketing tools. Those on top of the charts attract new subscribers and those who will be renewing their subscriptions. I would not take singular outcomes from these labs as gospel. If I did, Windows Defender would be submerged as of yesterday. Machine/software configurations and user behaviors vary enormously. You can read the pdfs on the test methods, maybe that's why there's discrepancy. One thing of value to me is the subset of zero day/financial malware testing. Older malware--well, just about everybody should detect malware 30 days old or get humiliated. If you really want to depend on a comparative outcome, look at MRG Effitas results on Norton for a third opinion. . https://www.mrg-effitas.com/wp-content/uploads/2017/05/MRG-Effitas-360-Assessment-2017-Q1_wm.pdf If nothing else, these comparatives have entertainment value. Forum conversation fodder.
If you're using safe computing habits and then estimate what's likelihood to get into situation where AM would save you from infection, you'll see that those results are not that important. Difference in protection levels which reputable AMs are offering for regular user is IMO minimal. So you don't have to worry too much about results.
Word of advice: You're better off using products that are doing "average" on most of the popular testing sites. Because those products are neither benefiting from the methodology, nor are they influencing/sponsoring tests. Certain products also have in the past worked to game the comparatives results. I of course am not having the disclosure rights for the same.
Doing well on a test does not mean one cheated. Neither does sponsoring one. Someone has to pay for these tests. It would not take long for someone that was giving false results to be found out and shamed out of the business. Everyone thinks someone cheated when their favorite product does not do well. The best thing to do it find a product you like, make sure it runs well on your machine, and have a good backup solution. Nothing detects everything. Be prepared. Nothing catches everything and recovery will need to be your next plan when your first one fails.
I say use what works best for you.I and some others have always had a few niggles with these tests.See: https://www.wilderssecurity.com/thr...on-test-march-2017.393327/page-2#post-2671569
Someone mention Beer? Seriously, just read their copyright/disclaimer on their testing sites, where in very little letters they explain they can not ever claim to test completely/properly, and these tests should be used for pretty much nothing but a glimpse. As for methodology or samples, read these as well. If they tested with very fresh "within 24 hours to complete FUD samples", you would not see 98% to 100% test scores going on, which i find misleading myself.
I view them in much the way I view the vehicle 'MOT' certificate here in the UK. Face value and mandatory requirement. Once you lift the bonnet, or hood, everything is different case by case and as said by posters time and time again, your own browsing habits will in 99% of cases dictate your threat/risk level. Run a sandbox or snapshotted VM for browsing, AV/MBAM sort of thing for the rare occasions when/if you forget or plug a USB drive in!
I never bother looking at them, this 1/4's number one will be next 1/4's number three or whatever..The real test is the end users experience, did their AV let them down...There is no 100% efficient AV probably never will be, how many times does your AV kick in with a warning each week?....I haven't had an unexpected warning for over 6 years.