Some years ago we witnessed what became to be known as the “War of Numbers”. At that time, antivirus companies struggled to keep up with the amount of new malware that was appearing and much importance was given to the number of samples that a company could detect.
In recent months, the war has commenced again, with the publication in the media and on blogs of articles referring to the detection capacity of various security firms. Sophos, McAfee and F-Secure are among those who have been publishing figures regarding the number of malicious codes they can detect through the signature files in their products.
F-Secure, for example, claimed it could detect 900,000 threats, McAfee offered figures of between 400,000 and 10 million by the end of the year, Sophos talked of 4,600,000 and Symantec 1,122,000. At Panda Security, we have been providing these figures for some time now. We currently detect 13,225,535 threats.
However, the total number of threats that a solution claims to detect does not reflect its true capability for stopping malware, as the figures cannot simply be weighed up against each other. It is like comparing pears with apples. Everything depends on the way detections are calculated.
For example, one company could say that its product detects four samples and another could say that it detected eight, yet the first product could be more effective. How? Because in the first case we could be talking about generic detections that group hundreds of malicious codes, while in the second case we could simply be looking at eight individual detections.
The main difference to concentrate on in this ‘war of numbers’ is the malware status and the security technologies. Bear in mind that these much talked about numbers refer only to threats detected by a solution’s signature file, and say nothing about the proactive detection capacity of the solution, that is, its ability to detect unknown threats. Yet this type of detection is essential in a context in which every day thousands of new malicious codes appear, and security laboratories are unable to keep up with the creation of vaccines needed for this new malware -leaving numerous computers infected even though they have an antivirus installed. Because of this, the products of a company with a low number of signature-file detections could be better than those of a firm publishing much higher numbers, simply because the latter does not have sufficient proactive detection. So a good antivirus must have effective proactive technology in addition to signature files.
In fact, there is a need for continuous development of new technologies to counter this avalanche of malware. Recently, Eva Chen, CEO of Trend Micro claimed her company was developing technology using intelligence in-the-cloud to make scanning faster and more effective. At Panda we have always seen ourselves as visionaries, and it is largely due to situations like this: we have been operating for many months with the technology which Trend Micro wants to start to develop. As our slogan says: We are always “One step ahead”.
We have called this technology “Collective Intelligence”. This new security model provides the easiest, most effective way to ensure user protection and allows Panda Security solutions to detect much more malware than any other existing solution. In essence, it is an online, automatic threat-management system based on leveraging the knowledge gathered from the user community and other sources, and correlating and delivering the knowledge from our infrastructure.
Panda Security’s collective intelligence network currently comprises more than 4 million computers. The knowledge accumulated in the system is composed of 13 million malware samples, with more than 100 million programs analyzed.
In fact, with this technology we can ensure that Panda detects more than our competitors, regardless of the published numbers of malware detected -which always varies depending on the parameters used to calculate them.
Luis Corrons
Technical Director of PandaLabs
