A Comparative Analysis of VirusTotal and Desktop Antivirus Detection Capabilities

VirusTotal has been widely used and being adopted by researchers mainly for the classification of files as malicious or not. Unfortunately, it is not well understood how reliable the results from the antivirus engines on VirusTotal are, especially compared to their desktop counterparts. In this paper, we shed light on the blackbox testing functionality of VirusTotal by evaluating the detection results of VirusTotal antivirus engines and their equivalent desktop versions. Based on our results, we arrive to the conclusion that there are discrepancies between the engines on VirusTotal and the desktop engines. In general, the malware detection rate of the engines on VirusTotal is lower compared to desktop products. This is mainly attributed to the fact that VirusTotal engines do not take advantage of cloud-based detection deteriorating their performance.