PC Matic Breaks Virus Detection Record on VB100’s RAP Test

vb100rap590px1
PC Pitstop is proud to announce that PC Matic has achieved the best proactive score ever on Virus Bulletin’s RAP test. PC Matic scored 92.8% and the next best score was 87.8% a full 5% behind PC Matic. This result represents independent third party validation that PC Matic’s white list is superior to the traditional black list and heuristic approaches of other products. To be clear, PC Matic’s 92.8% sets a new record for virus detection on the Virus Bulletin RAP test.

The white list feature in PC Matic was introduced in January 2011. Since its inception, the white list is updated daily through crowd sourcing. When a file is blocked because it is not on the white list, a sample is uploaded to our servers. That sample is analyzed by our research team within 24 hours to determine whether 1) it is a new strain of virus or 2) our white list must be updated. Using this approach over the last 3 years, we believed our white list had reached a critical mass so that it would stand the challenges of Virus Bulletin’s RAP test.

In October 2013, On Access security was introduced into PC Matic’s Super Shield. The default protection mode for PC Matic is On Execute which means that PC Matic checks each file when it executes to verify if it is a virus or a legitimate file. With On Access, PC Matic checks every file the operating system touches independent on whether it will be executed or not. For our users, On Access represents an additional layer of security but it comes at the price of performance. This feature was necessary, however, for Virus Bulletin to run the millions of good and bad files through our white list engine without having to execute each one.

The one minus is that PC Matic also failed the Virus Bulletin false positive test. A false positive is when PC Matic identifies a good file as bad. In our case, Virus Bulletin had about one million good files, and PC Matic incorrectly identified about a thousand. This represents a .1% error rate or 99.9% white list accuracy rate.

99.9% accuracy is rather good, but the false positive rate our customers experience is better.

1. Our white list is over three years old and is representative of the files that our users execute. Virus Bulletin does not share files with us, nor should they, but we believe that some of the files are outdated and no longer being executed by real customers.

2. PC Matic’s customer base is predominantly consumer. Our internal correspondence with Virus Bulletin confirms that some of the missed good files are related to large enterprises, which our users are unlikely to see.

3. When PC Matic blocks a potentially good file, the sample goes to our research team, and it is re-categorized in less than 24 hours. So in the unlikely event of a false positive, it effects one and only one customer.

The security industry including the testing houses such as Virus Bulletin, place a higher value on not blocking good files (false positives) than accurately identifying bad files (false negatives). In the Virus Bulletin methodology, there is zero tolerance for false positives. If a product has one false positive out of a million, then the product fails certification. On the other hand, the exact same product can misidentify hundreds if not thousands of bad files as good with little consequence on ratings and certification.

PC Matic employs a black list for scan and clean, and the white list for real time protection. In the event of a false positive, this architecture minimizes the customer impact. The good process is not allowed to run, but it is not erased from the hard drive. The customer can then allow the process to run by entering advanced mode, or placing the process on a local white list. Additionally, as mentioned above, the process has been uploaded to our servers for analysis within 24 hours. In PC Matic’s architecture, a false positive is a one time inconvenience. Compare that to the consequence of allowing a bad file to run. It is far more inconvenient and stressful to allow any bad file to run.

In conclusion, the Virus Bulletin RAP result is independent proof that PC Matic provides superior protection from modern viruses. We, however, are not completely satisfied with the result and have resubmitted to improve our Reactive and Proactive scores on the RAP test. We believe we can set another record with Virus Bulletin, results due out in October 2014.

Below is a graph of all of PC Matic’s historic Virus Bulletin test results.  By clicking on the graphed plots, you will be directed to each individual report.  The reports are also available via the table below, by clicking on the month/year to access the full report. The table also shows the exact RAP score for each test. 

PC Matic Historic Virus Bulletin RAP Test Results

Date of TestRAP ScoreRAP AverageRAP HighRAP LowPC Matic Proactive ScoreRAP Proactive Average
April 201495.8087.7095.8066.2092.0078.92
August 201495.9890.8898.2040.8089.6080.55
December 201486.8982.4391.6322.5072.2869.72
April 201592.7983.2394.7914.8487.4976.85
August 201592.5275.5692.5225.1086.1065.72
October 201590.7187.3195.9564.386.4778.56
December 201593.4284.9993.5067.7089.8070.57
April 201687.0777.9087.4031.5087.7063.94
August 201699.9081.0399.9041.9099.9066.60
December 201699.9082.6699.9063.399.9064.35

Stop Responding to Threats.
Prevent Them.

Want to get monthly tips & tricks?

Subscribe to our newsletter to get cybersecurity tips & tricks and stay up to date with the constantly evolving world of cybersecurity.

Related Articles