In a report compiled by AV-Test.org measuring proactive detection and response times Sophos consistently provided better protection than competitors such as Symantec and McAfee against the wildlist by proactively detecting 80 out of the 93 new threats added to the wildlist between July and September 2007.
The detection rates were measured using the recommended settings for the e-mail and web protection of the products (as the infiltration vector for most malware is the internet). In case of Sophos, the detection of suspicious files was enabled, but not the extensive scanning feature (which might give even better results)
Proactive detection means that there was no need to publish an update to protect against the new malware, effectively providing ‘zero day’ protection. The level of proactive protection is an important metric as it shows the effectiveness of our Behavioral Genotype technology. Providing the best protection for our customers is a combination of the best possible proactive detection and the fastest response to new threats and this sort of external test is one of the ways that we in SophosLabs measure our performance.
The wildlist only represents new viruses and worms that have appeared in the wild, whereas the vast majority of new malware are Trojans (which are not currently included in the Wildlist) but these results confirm both SophosLabs internal measurements as well as those of other third party tests such as Cascadia Labs.