After 37 yrs in programming, I've found that it's a moving target and no single company has a lock on the protection, avoidance or recovery necessary today. Some of the names you site are very 'old school' which means (to me) they will continue to stretch out the capabilities of their existing products as long as possible. For example, Finger Printing detection is old and nearly useless as infections are no longer 'insert the infection' and await for it to be triggered.
Modern malware comes in multi-staged portions from multiple sources and is not easily found by just scanning the disk. One such attach has five sequential steps to complete the infection and when completed, it's invisible to scanning!! We have 'secure boot' systems and yes, they get infected too and are not scanned. There is code now being executed in the GPU - - and no product today can detect nor protect from them.
[I'll rant] once again as you may not be aware: there are two fundamental types of antivirus' (
AV)
- Reactive, where the HD code is scanned and corrected (if possible)
- Proactive, where the effort is taken to avoid letting the code get modified in the first place.
There are few of the latter and obviously I much prefer these. The
email is scanned before it is allowed into the INBOX and thus no contaminated Word, Excel, Adobe files are saved. The other is
scanning of webpage links that lead to active, realtime actors to infect a system when one is clicked.
As I'm on a laptop where battery life is precious, scanning the HD is very wasteful use of scanning, rescanning and yet still more scanning when launching every program.
[/rant off]
Infections come from 'susceptible vectors';
- poorly written code
- I/o overflow of buffers
- stack overrun
- heap overrun
- hidden back doors
- failure to validate user inputs
- the logical 'man-in-the-middle' which can take on various forms of external operations such as a proxy, tor and SSL interception.
- unvalidate/untested browser add-ons and extensions
It should be clear that a reactive AV product can not address several of the above. The modern AV must detect code behavior(s).