These are based on what I've seen in online tests in the past 6 months... No stats included... Only based on percentage of malware caught in various tests and user opinins accross various boards.
you may use this as ammo in your arguments, or punch a hole in my list (I'm no expert, am I?)...
this is based loosely on true stats. But it can't be taken as final evidence on anything (I guess you know that already)
Top 5 : Jostling for the best AV spots (loosely ordered)
McAfee Virusscan Enterprise
Kaspersky Antivirus (Personal/Personal Pro)
eScan 2003 ----->KAV based
Extendia AVK (or Pro) -----> Dual engine AV - uses KAV
GDATA AVK (or Pro) -----> Dual engine AV - uses KAV
Trend Micro PcCillin
F-Secure
BitDefender Pro/Plus

5-10 : Settling for slightly less in terms of percentage caught
BitDefender Free -----> Excellent backup AV (no RTS)
eSan free -----> doesbn't clean infections, hence not in top5
McAfee Pro
Panda (Titanium/Platinum)
Reliable AV -----> bought out by Microsoft!
Norton Pro
McAfee
Symantec Corp -----> Can't deal with a LOT of tests (removal rate is nice for detected malware, though)
Antivir PE -----> Free!
ETrust EZ AV -----> Free for 1 year! After that discount! Click Here! (http://www.wilderssecurity.com/showthread.php?t=52565&highlight=etrust+free)
ETrust AV -----> Dual engine AV (now discontinued I think)

10-15 : Average protection offered... must be compensated for in other areas.
ETrust AV -----> Dual engine AV
NOD32 -----> Fails to reach 90% in most tests, but EXTREMELY fast and wonderful heuristics
Dr.Web -----> Same as above (but clashes with parallel installs of other AV)
F-Prot -----> many people love it. Low configurability. High speed. Low in tests.
MKS_Vir -----> supposedly fast, but inconsistent scores

15-20 : Need a lot of development
Sophos -----> Poor scores
Norman -----> Always scores less than 75%
AVG free -----> ditto
ClamWin -----> Open Source, free, early stages of development, ratings vary, fast, based on Clam-AV (ported over from Linux/Unix - I forget which)
Avast! Free

Feel free to reply here or to quote this on other posts.

Disclaimer : This is simply my personal opinion. Not results of statistical tests.

I hope to see replies from AV regulars to sort this list out (once and for all - that is, till 6 months later, when all AVs will need to be re-evaluated :D)

sophos is one of the best though, for networks that is

{QUOTE-> NOD32 -----> Fails to reach 90% in most tests, but EXTREMELY fast and wonderful heuristics <-QUOTE}
:o

wonder how that came!

Since we're talking personal opinions, I'll offer mine.

@no13 - The list you provide looks to be a reasonably representative snapshot of what's floating out there. Not saying I necessarily agree with all of it, but it largely represents what I have also seen. With respect to me own feelings.....


These are going out without influence of the latest av-comparatives.org (http://www.av-comparatives.org/) results since they haven't appeared yet. Should appear this week. Waiting to see how things shape up.
KAV (KAV 4.5 or 5.0 Personal/Personal Pro/Workstation) and KAV-based single or mutiple-engined AV's (Extendia/GDATA AVK; F-Secure; eScan; etc.). Best in class, now if they could just figure out how to drop the resource footprint a bit. I've adjusted my version of KAV 5.0 so it's not irritating anymore, but I'd sure like to squeeze it a bit more.
NOD32 augmented with BOClean. I know, I've already pulled a fast one here - but this is a really sweet combination package in my opinion. Very light, very effective. In my own use challenges it is as effective as KAV in stopping infections. Doesn't quite reach the level of KAV yet since minor bits that BOClean handles may have left some nonfunctional flotsam about that KAV doesn't. As I recall, Stan999 and a few others mention this combo for gaming PC's. I agree, probably the best option in that case and an excellent option in any event.
NOD32 alone. Although I run with BOClean - their home licensing scheme cannot be beat - NOD32 alone is getting formidable by any measure. Again, in very limited personal use testing with BOClean disabled, it has maintained this position in my personal arsenal.
mks-vir 2004. Tested this extensively. Looks extremely good. Ran into an incompatibility on my system that we (me & mks) have been unable to trace connected to the realtime monitor. Waiting for the 2005 beta or commercial version to examine again. Memory footprint relatively high, although I never noticed a performance issue in use.
F-Prot decent, just below NOD32 in my hands. Version 4 should be a major upgrade. Who knows how it will shape up in the long term.
Dr. Web & Bitdefender. Have not really put Dr. Web or Bitdefender adequately through their paces. Very limited personal experience. Both look solid.

In my hands NOD32, mks_vir, F-Prot, Dr. Web, and Bitdefender are a cluster. I may view NOD32 at the lead, but it's a short performance step between them and I'd say that secondary features would drive selection. In my use it also seems to capture a few more things - which is somewhat at variance with a few tests - but the differences are relatively minor, so I'll say it's probably experimental noise. I like the NOD32 interface and use style, so it's at the head on my list.

A couple of large players aren't on my list. By any objective measure McAfee is best in class on AV performance. It's right up there with KAV. I was turned off by the security center approach and, the last time I was a customer, by the constant wave of co-marketing other McAfee products. As is often the case, you're remembered for your last problem. It's a little irrational, but I have no desire to even test a McAfee product now. Similar comments apply to Symantec. Objective measures say it's an excellent AV. They really need to do something about the robustness of LiveUpdate. Why this module remains a constant source of pain for users is beyond me. A definite Achilles heel for this product.

As for Trend Micro/Panda/AntiVir and the rest - I have no personal knowledge of these AV's, so I won't offer an opinion.

Again, these are my personal and informal opinions, not backed by objective testing.

Blue

AntiVir is a top free AV solution IMO. The problem is only lack of autoupdater and incrimental update system. And maybe they should at least integrate support for WinXP themes if they won't change the interface itself (it doesn't look too nice with Win9x style). I managed to do so,but there was some corruption due to hardcoded interface. Detection of new stuff by AntiVir (Jottis scanner stats) is much higher than ClamAV,avast!,Norman and even F-Prot.
Also heuristics are pretty sensitive with low false positive number,so i'm quiet impressed. Memory usage is decent and if i'm precise its nearly the same as NOD32 memory usage.

{QUOTE-> ...lack of...incrimental update system... <-QUOTE}
does that mean that its cumulative updates ALL the way?

Yup,around 1,5MB each VDF update. If you're on DSL/Cable,its no big deal (then its only autoupdate feature which AntiVir lacks) but if you're on dialup its a real pain to update it.

Dumb question: I see so many tests where it is stated that abc and xyz anti-virus use the KAV engine. How did so many AV get the KAV engine, did KAV sell it to them or is it free for the taking? ??? Thanks.

Acadia

Hi,

I agree and MY PERSONAL Opinion is that McAFee Enterprise 8i is on the list TOP...Great Product.....Great,

Thank you,

Acadia,Kaspersky Labs is licensing their kernel engine to other companies.
Its nothing unusual really. eXtendia Antivirus uses Kaspersky engine and BitDefender engine,Bullguard for example uses only BitDefender engine.
F-Secure uses F-Prot engine and Kaspersky engine,Command Antivirus uses modified F-Prot engine... and so on...

Its the same with this example (i'm really good with car examples ;) ):
Volkswagen (germany car manufacturer) is creating car engines for Seat (Spain car manufacturer) and Skoda (Czech car manufacturer) cars.
Seat and Skoda just creates the car design,while engine is imported from Volkswagen. They probably found out that its cheaper to impliment already completed technology,rather then designing it from scratch (same applies to antiviruses).

I don't know but think that McAfee has our proper engine...I not Kaspersky, Is not BitDefender and F-Prot...is differente and great.

ESET,McAfee,Symantec,SOPHOS,H+BEDV,Alwil Software,Frisk,GeCAD,GriSoft,Norman,Panda Software,SoftWin,Kaspersky Labs and Trend Micro are using their own scan engine (plus some mentioned in above posts). All others are using licensed engines or are not so important or known to normal users.

{QUOTE-> All others are using licensed engines or are not so important or known to normal users. <-QUOTE}You forgot MKS_VIR 2004, very good overall detecting rate, among the absolute top 5 scanning engine if the commonness of infections has a priority (Trojans & Backdoors, TrojanDownloaders, TrojanDroppers, Worms etc.), not so unknown in here at Wilders Forum anymore. Actually, only KAV engined av:s can detect more trojanlike nasties than this MKS, when we are not talking about runtime packed nasties of course.

Best regards,
Firefighter!

Yes,i forgot MKS. Fine peace of software. Too bad its not so known as others.

{QUOTE-> Too bad its not so known as others. <-QUOTE}In my mind it's only a plus, not very known av:s are not very common targets as well to virus writers.

Best regards,
Firefighter!

MKS don't score so well on recent tests. Comments.

{QUOTE-> MKS don't score so well on recent tests. Comments. <-QUOTE}If you mean the latest VirusP test. I don't care less about the old DOS viruses where MKS was poor.

Best regards,
Firefighter!

err... what's "VirusP tests"?

{QUOTE-> MKS don't score so well on recent tests. Comments. <-QUOTE}

MKS scores well enough to satisfy me and performs well on my comp. No noticeable drag from the RTS. The heuristics are very good.
I monitor JOTTI'S sight and it seems to perform as well if not better than some of the others (Kaspsersky being the one true exception). I do not know the percentages, I just randomly view it about 10 times per day.
Bottom line, it works well on my comp and I use eXtendia AVK single KAV engine as my on demand and scheduled scanner. I do not choose an AV based on all the various tests, although they do to a small extent weigh in on my decision, I choose to use an AV because it is effective, light, ease of settings and how it performs on my box. I am a very satisfied user of MKS in that respect. I do take into account other users posts about their experience with an AV.
It does not have the best detection rates but between MKS and common sense it is the best AV for me.
MKS 2005 is going to add a registry monitor or so it has been reported.

{QUOTE-> I choose to use an AV because it is effective, light, ease of settings and how it performs on my box. <-QUOTE}
That's the prize-winner as far as I'm concerned

{QUOTE-> err... what's "VirusP tests"? <-QUOTE} VirusP AKA virus.gr.

http://www.virus.gr/english/fullxml/default.asp?id=67&mnu=67

Btw, MKS scanning engine was the second best against backdoors & trojans, 95.71 %, also in here, just after those Kaspersky engined av:s.

Best regards,
Firefighter!

Checking out most tests, McAfee is second only to KAV (and those that use the KAV engine). McAfee runs real smooth while I always find some "drag" using KAV. McAfee updates using ActiveX. The ActiveX module must only be installed once. ActiveX cannot be installed without your permission (or unless you change the IE default settings) so I could never see what the big worry is about it. The security center is a non-issue... you don't even have to see it if you don't want to.

Some don't like the security center because they consider it "pimpin' their warez" whatever that means. I don't reside in "the hood."

Kaspersky Anti-Virus
83.21% / 83.25%*

mks_vir
41.35% / 50.10%*

Norman Virus Control
17.90% / 35.76%*

* (detection with heuristics/Sandbox)

Please also take these numbers with a decent dose of reserve.
These numbers pretty much show how good is antivirus in detecting new or unknown stuff. Notice the giant leap between normal and Sandbox in Norman score? Looks like Sandbox is pretty effective for new stuff.
Almost all antiviruses with a decent heuristics have a 10% improvement over normal detection. Exception is AntiVir with a bit under 10%,but they have just implimented them,so there is still time for improvements.
It is also interesting to see Kaspersky score. Kaspersky guys are nuts (in a good way :) ). They have almost everything covered by signatures. Do they ever sleep?

{QUOTE-> Kaspersky Anti-Virus
83.21% / 83.25%*

mks_vir
41.35% / 50.10%*

Norman Virus Control
17.90% / 35.76%*

* (detection with heuristics/Sandbox) <-QUOTE}Can you say if MKS_VIR is using the best heuristics available in here, the advanced heuristics? Overall the samples tested in here represent something else than randomly picked samples. What do I do with a virus scanner when it's best detection rate is 35.76?

As a heuristics detection of 50.1 %, it's such good that I've not seen so high scores anywhere else.

Btw, 83.25 % is so high detecting rate against new infections, that it will be scored only by very quick updates. In this case almost all agree that KAV is superior in feedback to new threats.

PS. If you want to declare how randomly samples these tested infections are, it will help if you classified these samples to different categories like I have done for instance. They have to be somewhat like it was in DrWeb's update category volumes in the beginning this year.

Best regards,
Firefighter!

Well the samples are totally random. If the same sample is submited twice its not added to the database (and not in calculations of %).
Also 35% for Norman doesn't mean it sucks. Jotti recieves mainly new/modified stuff so it shows how AV covers uncommon stuff. Also heuristics score is not a heuristics score only,but signatures+heuristics score. So you get around 10% difference over signatures only.
I belive Jotti is using highest settings possible for all AVs.

{QUOTE-> Well the samples are totally random.

Jotti recieves mainly new/modified stuff so it shows how AV covers uncommon stuff. <-QUOTE}If the both are true, then we have a bit different point of view to that RANDOM samples.

Random picked samples consists in my mind mainly already known samples supplemented with the newest samples (or the rebased and repacked one's). This kind of zoo collection represents in my mind "the universe of nasties" in a miniature example.

Best regards,
Firefighter!

Hey, how about assigning weightages to different categories of performance of an AV?
I mean resource usage, percentage detection of malware (on a per category basis) by both on demand and on access components?
you think we need a new thread for that discussion? or should we assign such weightages ourselves and apply them to previous studies like virus.gr and av-comparatives.org on this thread only?

{QUOTE-> Dumb question: I see so many tests where it is stated that abc and xyz anti-virus use the KAV engine. How did so many AV get the KAV engine, did KAV sell it to them or is it free for the taking? ??? Thanks.

Acadia <-QUOTE}Yes, I have wondered the same thing. :-\

Licensing regime. KAV engine is tremendously popular (they've contributed).

{QUOTE-> Kaspersky Anti-Virus
83.21% / 83.25%*

mks_vir
41.35% / 50.10%*

Norman Virus Control
17.90% / 35.76%*

* (detection with heuristics/Sandbox)
<-QUOTE}

RejZoR, do you know the statistics for Nod32 ? Could you please past it here (or in a private message if you find it more convenient) ? Based on my observations, of jotti's website I'd say that they are probably pretty good, but I'd like to have the figures.

Another question : does Jotti make statistics on which scanners picked these "pieces of malware no vendor used knew about at the time of uploading" ? Do you have access to it ?

NOD32
40.67% / 53.55%*

After latest heuristics engine update few days ago,the heuristic score jumped by 3-4%.

This score may not represent the real detection rate,so take it with good dose of reserve :) The same applies to all other antiviruses at Jotti.

{QUOTE-> NOD32
40.67% / 53.55%*

After latest heuristics engine update few days ago,the heuristic score jumped by 3-4%. <-QUOTE}Is that the reason why I had with NOD and Advanced Heuristics only (so without signatures) a bit confusing scanning results in here post 104?

http://www.wilderssecurity.com/showthread.php?t=14186&page=5

I thought that the scanning engine 2.12.3 was the same during these both tests.

Best regards,
Firefighter!

{QUOTE-> Hey, how about assigning weightages to different categories of performance of an AV?
I mean resource usage, percentage detection of malware (on a per category basis) by both on demand and on access components?
you think we need a new thread for that discussion? or should we assign such weightages ourselves and apply them to previous studies like virus.gr and av-comparatives.org on this thread only? <-QUOTE}
err... I know I'm the "Resident Nutcase", but I thought that this particular idea was nice. I feel sad seeing no comments. :(

{QUOTE-> Hey, how about assigning weightages to different categories of performance of an AV?
I mean resource usage, percentage detection of malware (on a per category basis) by both on demand and on access components?
you think we need a new thread for that discussion? or should we assign such weightages ourselves and apply them to previous studies like virus.gr and av-comparatives.org on this thread only? <-QUOTE}

Good idea! I think the hard part would be coming to a concensus as to what weight to assign to each category. As many varying opinions as there are for which AV is the best. :)

Let's make FF a temp mod for our discussions (he's completely impartial between AVs AFAICT) and he's one of the "premier" AV testers.

Can someone answer to my last question, Please? That's really irritating me without an answer. :(

Best regards,
Firefighter!

Firefighter,i belive that 2.12.3 is just a program version number. You have many sub-versions for specific modules like Advanced Heuristics

Here is my info from NOD32:
NOD32 Antivirus System information
Virus signature database version: 1.936 (20041130)
Dated: 30. november 2004
Virus signature database build: 5017

Information on other scanner support parts
Advanced heuristics module version: 1.011 (20041126)
Advanced heuristics module build: 1067
Internet filter version: 1.002 (20040708)
Internet filter build: 1013
Archive support module version: 1.024 (20041125)
Archive support module build version: 1104

Information on installed components
NOD32 For Windows NT/2000/XP/2003 - Base
Version: 2.12.3
NOD32 For Windows NT/2000/XP/2003 - Internet support
Version: 2.12.3
NOD32 for Windows NT/2000/XP/2003 - Standard component
Version: 2.12.3

Operating system information
Platform: Windows XP
Version: 5.1.2600 Service Pack 2
Version of common control components: 5.82.2900
RAM: 512 MB
Processor: AMD Athlon(tm) XP 2800+ (2254 MHz)

See the text marked with red color... thats Advanced Heuristics engine version

{QUOTE-> NOD32
40.67% / 53.55%*

After latest heuristics engine update few days ago,the heuristic score jumped by 3-4%.

This score may not represent the real detection rate,so take it with good dose of reserve :) The same applies to all other antiviruses at Jotti. <-QUOTE}

Thank you for this information. Something interesting : this score is almost similar to the one obtained by NOD at the latest av-comparatives.org test. Probably because Jotti's scanner receives a lot of very new malware. Conversely, KAV's impressive detection rate is due to their incredible reactivity when it comes to adding new samples to the signature database.

{QUOTE-> Firefighter,i belive that 2.12.3 is just a program version number. You have many sub-versions for specific modules like Advanced Heuristics

Here is my info from NOD32:
NOD32 Antivirus System information
Virus signature database version: 1.936 (20041130)
Dated: 30. november 2004
Virus signature database build: 5017

Information on other scanner support parts
Advanced heuristics module version: 1.011 (20041126)
Advanced heuristics module build: 1067
Internet filter version: 1.002 (20040708)
Internet filter build: 1013
Archive support module version: 1.024 (20041125)
Archive support module build version: 1104

<-QUOTE}Thank you! I just wonder where is the limit of heuristics detecting that false positives begin to disturb the everyday use of PC?

That 37 % detecting rate against the "Common PC Protection" samples what I got with NOD Advanced Heuristics only, is already quite impressive.

Best regards,
Firefighter!

@FF...
What about the wightage system?
What do you think... is it possible to do it?

{QUOTE-> @FF...
What about the wightage system?
What do you think... is it possible to do it? <-QUOTE}If you mean the weighting of different infection categories by multiplying those average category detecting numbers with certain priority factor in all categories separately and dividing the sum result with a weighted total sample size.

I think that it's quite hard work, because at least I haven't that data to do these weightings properly. All that I remember with DrWeb's definition category stakes was about 80 % were trojanlike nasties, 5 - 10% worms etc. But because everybody has their own needs, it's best that we check only those category detectings as an absolute detecting percents. So, everyone can make a conclusion of his own against his needs.

Best regards,
Firefighter!

well, i mean assigning wightages to EVERYTHING....
from detection in various categories to resource usage to "cleaning" of virii (which NAV is unable to EVER do)....
What about assigning credit based on ranks in categories like IBK, and then assigning weightages to each category?

{QUOTE-> well, i mean assigning wightages to EVERYTHING....
from detection in various categories to resource usage to "cleaning" of virii (which NAV is unable to EVER do).... <-QUOTE}I'm not so fond of fixing detecting results or those factors that are also coming to everyone's sight concerning anti-viruses. You just can't say the average priority to update procedure. If you have a fast cable or (A)DSL connection, it doesn't have a high priority, but by using a dial-up connectection, it has almost the highest priority. The same with memory consumption. I don't care less about av's memory consumption, if I have a brand new 3.2 GHz AMD what so ever PC with 1536 Megs RAM, but with a 200 MHz PC with 48 Megs RAM, it has also almost the highest priority.

As a summary, we all have so unique needs, that it is impossible to make all possible factor's of an av to any honest order, the order is always in front of each customer.

Best regards,
Firefighter!

~~~UPDATED ~~~ PLEASE RECHECK
Rokop.de's test translated to english (as best as I could)
here's a screenshot.

~~~UPDATED: PLEASE RECHECK~~~~
I can't understand properly what has been highlighted as yellow.
here's the excel file....
Just rename to .xls

{QUOTE-> Rokop.de's test translated to english (as best as I could)
here's a screenshot. <-QUOTE}I think that we have to change places with runtime packers and verbr. trojaner, or shall we say just common trojans.

Best regards,
Firefighter!

Shit... you're right FF....
changing...

{QUOTE-> Shit... you're right FF....
changing... <-QUOTE}S..t happens. ;D

No problem.

Best regards,
Firefighter!

Forgot to add a "Thank You" to www.google.com
I don't know any german (save a couple of words that we picked up in 8th grade... ;) )
I'd say it's a decent job at it, no?
BTW: I'm working on an updated list like the one at the start of the thread - one for AVs and one for Security software in general. I hope you will enjoy the ensuing discussions... ;D

{QUOTE-> Forgot to add a "Thank You" to www.google.com
I don't know any german (save a couple of words that we picked up in 8th grade...) ;) <-QUOTE}I'm not so good either in german. When I read 3 years german at school and it was at last time to the final test, my school-ma'am said to me: "Save me from misery, don't participate to this test". I answered to her: "Thank you very much, it is the most honorable gift I ever have got". ;)

Best regards,
Firefighter!