"average person will come across malware about once every 2 years on the average."
Does this not apply to the testing organisations also.
You have just stated yourself in the above quote,so why take these tests seriously if your average user will only come across malware once every 2 years.
Incidentally,how have you come to that figure?
Thanks.