Actually, Matousec is a 3rd rate company that largely relies on self-promotion to generate business. Their firewall testing methodology is fatally flawed, and since they potentially obtain revenue by testing products they review, that's just another nail in the coffin for their credibility.

The best analysis of Matousec's methodology is found here. Can we have a show of hands for those who remember the Kobe worm? Yeah, I didn't think there'd be many, since it wasn't a memorable threat except in the opinion of Matousec. According to Matousec, Kobe (sometimes known as Earthquake) could bypass all conventional AV software. The End of the World was nigh! Fortunately, Matousec had a product that would block Kobe. Other AV publishers either dismissed the threat as unrealistic, already incorporated methodologies to prevent the exploit, or both.

Of course it turned out that all other AV vendors (all other meaning everyone but Matousec) was correct. The threat was essentially non-existent. See one of the points that Matousec failed to mention in their description of this deadly worm was that introducing it into a system required direct physical access to the computer, and an administrative account. It couldn't be executed remotely; somebody had to sit down and run it. Given those constraints, it was possible that Kobe could bypass many AV programs, but in practice it was a total non-event.