Andreas Clementi, who runs the web site av-comparatives.org, has released his latest report that looks at how well antivirus programs do against threats that have not yet been identified and included in standard AV signatures. The test looked at 17 different products, including offerings from Symantec, McAfee, AVG, Kaspersky, and Microsoft, and tested how well releases dated February 2 (with no updates) fared against a swath of new malware—viruses, scripts, trojans, and other nasties—that were discovered between February 2 and May 2.

The winner of this antivirus sweepstakes was a product called Avira, which managed to detect and defeat 71 percent of the unknown malware. Right behind it was the equally-obscure NOD32, which swept away 68 percent of the threats. The more well-known commercial products fared more poorly. Norton Antivirus and McAfee tied at a mere 24 percent, while Microsoft's OneCare did even worse by only identifying 18 percent of the new threats. Resting at the bottom of the barrel were Kaspersky and eScan at nine percent, and AVG, which detected only eight percent of malicious software in addition to producing many false positives.

Most virus companies proudly promote the ability of their software to "preemptively" fight viruses that haven't been identified yet, but it is surprising how poorly most of the programs fared at this task. While the chances of being hit by a virus that hasn't been found is low, it does happen: a few years back I worked at an office that got hit by a virus on a Friday afternoon, and Norton didn't have an update ready until the following Monday. New viruses can be created easily by making minor modifications to existing code, and such mutant strains often fly under the radar of traditional signature-based scanners.