Virus Total service should not be used for AV comparisons

For years, I've found Virus Total to be an excellent service for gauging the near real-time frequency and severity associated with virus attacks.  I've often submitted leading edge samples where only just a few AV vendors had coverage. 

Over time, I've seen patterns of where a few AV companies have consistantly had protection in place before others.  This article encourages corporate users not to rely on this alone in choosing an AV vendor, but to use other criteria  and sources for comparions (e.g., VB Bulletin, AV-Comparisons, etc.). 

Some key reasons Virus Total should only be seen as a service include:

- Virus Total only uses command line versions of AV products (and the desktop versions are usually more advanced and behave differently).

- Desktop versions may interact with firewall or other security perimeter controls to better mitigate threats.

- Heuristics settings may be more aggressive in the Virus Total environment, as false positives are less of an issue when trying to identify a brand new threat.

Virus Total service should not be used for AV comparisons
http://blog.hispasec.com/virustotal/22

Virus Total.com Home Page
http://www.virustotal.com/en/indexf.html

QUOTE: Virus Total was not designed as a tool to perform AV comparative analyses, but as a tool that checks suspicious samples with several AV programs and helps AV labs by forwarding them the malware they failed to detect. Those who use VirusTotal to perform AV comparative analyses should know that they are making many implicit errors in the methodology.