New Virus Test by GEGA IT-Solutions (av-test.org)

Discussion in 'other anti-virus software' started by Technodrome, Apr 5, 2003.

Thread Status:
Not open for further replies.
  1. Technodrome

    Technodrome Security Expert

    Joined:
    Feb 13, 2002
    Posts:
    2,140
    Location:
    New York
    Go here for complete list and results, http://www.pcmweb.nl/pcm/tabellen/antivirus.htm

    30 Virus scanners tested!

    Overall Virus/Trojan Detection*:

    Avast - 78.15 %
    AVG - 72.93%
    AVK – 99.75%
    AntiVir – 88.58%
    BitDefender – 95.06%
    Command AV – 96.79%
    DrWeb – 90 %
    EScan – 97.6%
    CA (Vet) – 81.55%
    F-Prot – 96.88%
    F-Secure – 99.70%
    KAV – 97.64%
    McAfee – 99.87%
    NOD32 – 88.90%
    Norman – 93.11%
    Norton – 99.08%
    Panda – 93.07%
    Pc-Cillin – 95.59%
    RAV – 98.82%
    Sophos – 95.74%

    *Windows XP Pro


    Technodrome
     
  2. Tinribs

    Tinribs Registered Member

    Joined:
    Mar 14, 2002
    Posts:
    734
    Location:
    England
    Hmmm, very interesting. :doubt:
    Thanks TD some suprising results there.
     
  3. Smokey

    Smokey Registered Member

    Joined:
    Apr 1, 2002
    Posts:
    1,513
    Location:
    Annie's Pub
    Indeed very interesting results! :p

    I think many girls and guys will be now very sad, because the winner of the test is fairly unexpected for them.... :D

    But IMO the winner is a right choise, and deserved the triumph without restrictions. :)
     
  4. From what I gather, it seems to me the Winner is McAfee, with AVK as a close second. Is that right? Norton is third.? Am I reading this right?
     
  5. LowWaterMark

    LowWaterMark Administrator

    Joined:
    Aug 10, 2002
    Posts:
    17,842
    Location:
    New England
    A lot of people swear by the power of McAfee, though at times in the past it has caused system conflict issues.

    Interesting results indeed. :eek:
     
  6. Couldn't agree more, LWM; :D.. My girlfriend had it on her computer, and it cleaned every virus she was getting, BUT the program itself drove both her and me NUTS!

    I bought the retail boxed version, (MIS 2003, version 5), I couldn't get my email on one of my email addresses.. Returned it and got my money back..
    I would have kept it.. It ran nicely and seemed to be POWERFUL.. and I even liked the firewall... It just wouldn't work..right...
     
  7. LowWaterMark

    LowWaterMark Administrator

    Joined:
    Aug 10, 2002
    Posts:
    17,842
    Location:
    New England
    I used McAfee for several years as my company provided it to me free, (before I retired), and I had no trouble with it, but, I had a very basic system configuration - Windows 95, Microsoft Office, Visio and a couple other basic utilities was all I needed to do my job. (Yeah, I made them keep me on Win 95 because I was comfortable with it. It wasn't until this past year that I took the time to learn XP. ;) And actually, I haven't looked back since.)
     
  8. RaLX

    RaLX Registered Member

    Joined:
    Jan 22, 2003
    Posts:
    50
    After exclude all the AV's failed 100% ITW and below 90% ZOO On Demand overall, these are the results:

    Total 71627 Viruses ZOO:

    01. 71598 99,96% F-Secure Anti-Virus
    02. 71584 99,94% AntiVirenKit (AVK)
    03. 71551 99,89% Kaspersky AV
    04. 71533 99,87% McAfee VirusScan Home
    05. 71396 99,68% Norton AV 2003
    06. 71274 99,51% Reliable AV (RAV)
    07. 70946 99,05% F-Prot for Windows
    ------------------------------------------ 99% ^
    08. 70907 98,99% Freedom
    09. 70056 97,81% Sophos Anti-Virus
    10. 69921 97,62% PC-cillin 2002
    11. 69750 97,38% BitDefender
    12. 69495 97,02% eTrust (CA Engine)
    ------------------------------------------ 97% ^
    13. 68895 96,19% Norman Virus Control
    14. 68693 95,90% AntiVir Personal Edition
    15. 68461 95,58% Panda AV Platinum
    ------------------------------------------ 95% ^
    16. 65956 92,08% Nod32
    17. 65387 91,29% eTrust (Vet Engine)
    ------------------------------------------ 90% ^

    Cya!
     
  9. Blackcat

    Blackcat Registered Member

    Joined:
    Nov 22, 2002
    Posts:
    4,007
    Location:
    Christchurch, UK
    What are the results for the individual scanners for just itw virus detection(not trojan)?
     
  10. edsod

    edsod Guest

    Sorry if I am missing something,the columnes are somewhat...
    http://www.pcmweb.nl/pcm/tabellen/antivirus.htm

    Are AVG and ANTIVIR in the second and third columnes
    and have both 100% at
    VIRUS DETECTION ITW ON-DEMAND
    and
    VIRUS DETECTON ITW ON-ACCESS ?
     
  11. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,312
    Location:
    Netherlands
    In fact they declared Bitdefender Home Edition best product.

    Regards,

    Pieter
     
  12. JacK

    JacK Registered Member

    Joined:
    Jun 20, 2002
    Posts:
    737
    Location:
    Belgium -Li?ge
    Hello,

    In fact, what matters is on access and on demand ITW detection
    What's the use scanning for virus which never lelft the laboratories ?

    AFM I could not less care about such malwares :D

    As far as my AV detects all ITW virus as fast as possible, everything is perfect.

    I am just surprised about the rather bad result of NOD32 about polymorphic virus in the zoo, I was expecting better on this area.

    Another big point is how fast is the DB updated when a new virus emerges.
    For instance BitDefender is often among the slower ones on the ball ...

    Rgds,
     
  13. Smokey

    Smokey Registered Member

    Joined:
    Apr 1, 2002
    Posts:
    1,513
    Location:
    Annie's Pub
    But the surprising winner of the test is: BitDefender... :D
     
  14. Firefighter

    Firefighter Registered Member

    Joined:
    Oct 28, 2002
    Posts:
    1,670
    Location:
    Finland
    To everyone from Firefighter!

    Before someone says this test a fake, I have to clarify that the test was very well statistically controlled, and when it is so, there is no room to say that test biased.

    There were somewhat high skewness on the right side but the reason was clear. There were too many Kaspersky "clones", I mean programs that had the same engine as KAV. When I removed the others but KAV and Command also, because of the F-Prot engine, the histogram pattern was even better than at first.

    The top 10 were very good against trojans too, only RAV detected 96.43 % and the others over 99 %.

    Look at the rankings, statistics and the picture below!


    av-test.org AV-test 3-2003

    Total 71627 Viruses ZOO:

    01. 71598 99,9595 % F-Secure Anti-Virus 5.41
    02. 71584 99,9400 % AntiVirenKit (AVK) 12
    03. 71551 99,8939 % Kaspersky AV 4.0.5.37
    04. 71548 99,8897 % eScan 2003 10.1      
    05. 71533 99,8688 % McAfee VirusScan Home 7.0.1.6000
    06. 71530 99,8646 % Power AV XP 11.0
    07. 71396 99,6775 % Norton AV 2003 9.05
    08. 71274 99,5072 % Reliable AV (RAV) 8.6.104
    09. 70946 99,0492 % F-Prot for Windows 3.12c
    10. 70912 99,0018 % Command AV 4.74
    ------------------------------------------ 99% ^
    11. 70907 98,9948 % ZK Freedom 4.1
    12. 70056 97,8067 % Sophos Anti-Virus 3.65
    13. 69921 97,6182 % PC-cillin 2002 9.03.1359
    14. 69819 97,4758 % MKS Vir 2.0
    15. 69802 97,4521 % BullGuard 3.1
    16. 69750 97,3795 % BitDefender 6.5
    17. 69495 97,0235 % eTrust (CA Engine) 6.0.1
    ------------------------------------------ 97% ^
    18. 68895 96,1858 % Norman Virus Control 5.50
    19. 68693 95,9038 % AntiVir Personal Edition 6.17
    20. 68461 95,5799 % Panda AV Platinum 7.03
    21. 68215 95,2364 % Avast 4 Home 148
    ------------------------------------------ 95% ^
    22. 67651 94,4490 % Ikarus 5.09
    23. 65956 92,0826 % Nod32 1.34.2
    24. 65666 91,6777 % DrWeb 4.29b
    25. 65387 91,2882 % eTrust (Vet Engine) 6.0.1
    ------------------------------------------ 90% ^
    26. 60052 83,8399 % AVG 6.0.437
    27. 58073 81,0770 % VirusBuster 4.0.13
    28. 55525 77,5197 % Hauri ViRobot Expert 4.0
    29. 53567 74,7860 % Ahnlab V3 Pro Deluxe 2002 5.0.2
    30. 50450 70,4343 % Quick Heal 6.0.8
    31. Failed    Proland Protector 7.2


    Histogram Mar-1-2003 av-test.org AV-test 3-2003

    Total number of scanned objects 71 627

    General Statistics: (Ungrouped sample data)
    Pts Plotted = 30 Offscale Pts = 0
    Mean = 94.01543 Std Dev (Sample) = 8.12537
    Kurtosis = 4.67101 Skewness = -1.68375
    3 Sigma Limits: 69.63934 TO 118.39153

    Process Capability Indices: (based on +/- 3 sigma)
    Process Capability = 48.7522
    USL = 100.
    CPU = 0.24551
    Z (USL) = 0.73653
    23.07% will be over the USL value of 100.
    Based on standard normal distribution (derived from sample values).


    Histogram Mar-1-2003 av-test.org AV-test 3-2003; "clones" removed

    Total number of scanned objects 71 627

    General Statistics: (Ungrouped sample data)
    Pts Plotted = 25 Offscale Pts = 0
    Mean = 92.8723 Std Dev (Sample) = 8.46055
    Kurtosis = 3.86964 Skewness = -1.45844
    3 Sigma Limits: 67.49065 TO 118.25394

    Process Capability Indices: (based on +/- 3 sigma)
    Process Capability = 50.76329
    USL = 100.
    CPU = 0.28082
    Z (USL) = 0.84246
    19.98% will be over the USL value of 100.
    Based on standard normal distribution (derived from sample values).


    "The truth is out there, but it hurts!"

    Best Regards,
    Firefighter!
     

    Attached Files:

  15. edsod

    edsod Guest

    I agree with this and maybe my previous question was naive or for something that for you is self-evident but
    someone of you guys with more experience can answer it
    (blackcat's question is also relevant).
    :D
     
  16. Technodrome

    Technodrome Security Expert

    Joined:
    Feb 13, 2002
    Posts:
    2,140
    Location:
    New York
    Not in detection contest.



    Technodrome
     
  17. Firefighter

    Firefighter Registered Member

    Joined:
    Oct 28, 2002
    Posts:
    1,670
    Location:
    Finland
    To Wilder's "antivirus" site administrators!

    We have seen recently 4 different large av-tests from 3 independent testers (Saso Badovinac, 2 x VirusP and av-test.org 3-2003). When it is time to update your av-rankings on the Wilder's "antivirus" site?

    I think if there were a clear top 5 or 6 to detecting what ever in those tests, there is something to count in the future! :eek:

    "The truth is out there, but it hurts"

    Best Regards
    Firefighter!
     
  18. JacK

    JacK Registered Member

    Joined:
    Jun 20, 2002
    Posts:
    737
    Location:
    Belgium -Li?ge
    Hello,

    As for Blackcat's question, you will find the answer in the result.

    A lot of AV get 100 % détection for ITW virus on access and on demand.
     
  19. Paul Wilders

    Paul Wilders Administrator

    Joined:
    Jul 1, 2001
    Posts:
    12,472
    Location:
    The Netherlands
    One of them here ;)

    Yup - I've seen the tests.

    As always: we do rely on our own tests. As soon as those have been performed, and the results are reason to change our ratings, we'll do so.

    Thanks for your thoughts on the matter.

    ..only on rare ocassions :D

    regards.

    paul
     
  20. Firefighter

    Firefighter Registered Member

    Joined:
    Oct 28, 2002
    Posts:
    1,670
    Location:
    Finland
    To Everyone from Firefighter!

    Here are the false positives results of that av-test.org 3-2003 test. If there are errors in the table, Please correct me!

    False positives from 20 000 clean files:


    1.    0 0,000 % eTrust AV (CA engine)
    2.    2 0,010 % McAfee VirusScan Home
    3. 3 0,015 % Ahnlab Expert V3 Pro Deluxe 2002
        3 0,015 % Norton AV 2003
    5.    4 0,020 % Norman Virus Control
        4 0,020 % PC-cillin 2002
    7.    5 0,025 % Reliable AntiVirus (RAV)
        5 0,025 % Sophos Anti-Virus
    ----------------------------------------------------------------------- 0,025 %
    9.    7 0,035 % eScan 2003
        7 0,035 % F-Prot 3.12c
        7 0,035 % Kaspersky 4.0.5.37
        7 0,035 % Power AV XP
    13.    8 0,040 % eTrust AV (VET engine)
    14.    9 0,045 % Hauri ViRobot
    9 0,045 % ZeroKnowledge Freedom
    16.    10 0,050 % Command AV
    --------------------------------------------------------------------- 0,050 %
    17.    14 0,070 % AntiVirenKit 12
    18.    16 0,080 % Avast 4 Home
        16 0,080 % AVG 6.0
        16 0,080 % F-Secure Anti-Virus 5.41
        16 0,080 % QuickHeal
    22.    19 0,095 % Antivir PE
    ---------------------------------------------------------------------- 0,100 %
    23.    24 0,120 % Panda AV Platinum
    24.    44 0,220 % BitDefender
    25.    53 0,265 % VirusBuster
    26.    56 0,280 % DrWeb 4.29b
    27.    57 0,285 % NOD32
    28.    58 0,290 % BullGuard
    --------------------------------------------------------------------- 0,300 %
    29.    92 0,460 % Ikarus Virus Utilities
    30.   216 1,080 % MKS Vir



    On the Wilder's "free tools" site was a warning about Avast 4 Home's and AntiVir's many false positives. How about then with NOD32 or DrWeb 4.29b compared to these two? About DrWeb 4.29b the result was no surprice for me but I can't remember any warnings about NOD32's false positives there on the Wilder's site!

    Can someone say how NOD32 could have so many full 100% results in VirusBulletin, when it is so sensitive to false positives? As I remember right, it was not the first time I have seen results like this! :eek:

    "The truth is out there, but it hurts!"

    Best Regards,
    Firefighter!
     
  21. spy1

    spy1 Registered Member

    Joined:
    Dec 29, 2002
    Posts:
    3,139
    Location:
    Clover, SC
    False positives are something I can live quite well with - what I can't live with is real malware being missed (something I've never had a problem with during my use of NOD32 for the last two years).

    As long as you don't have your AV set up to automatically start "fixing" things upon an alert, a false positive is nothing more than an annoyance that needs to be cross-checked via an online scan or two of some sort to verify its' validity - followed by notification of the AV vendor if it does, indeed, turn out to be a false positive (in which case eSet also excels due to the rapidity in which they respond to such notification).

    I appreciate all the work you've put into this, Firefighter. Pete
     
  22. Firefighter

    Firefighter Registered Member

    Joined:
    Oct 28, 2002
    Posts:
    1,670
    Location:
    Finland
    To Spy1 from Firefighter!

    I'm not sure what do you mean with "real" malwares. In that av-test.org 3-2003 test 70 % of those 30 av-programs were capable to detect totally over 95 % of all objects (viruses, trojans, backdoors etc.). Still there is something that irritates me. Programs like DrWeb 4.29b or NOD32 are not within that 70 % and they were quite poor against other malwares than viruses, which in my mind have better to keep outside of my PC. :eek:


    "The truth is out there, but it hurts!"

    Best Regards,
    Firefighter!
     
  23. spy1

    spy1 Registered Member

    Joined:
    Dec 29, 2002
    Posts:
    3,139
    Location:
    Clover, SC
    Firefighter - I'm really not sure how many times it is has to be stated that NOD32's primary purpose/reason for being is virus detection.

    I don't expect it to excel at detecting anything else (I have an AT specific program on here - a specific anti-worm/script defense program, specific programs for spyware of various types - see sig).

    With the current rage being "one program does it all", about all I see coming from that is

    (a) a massive duplication of effort for all parties involved

    (b) dilution of the primary purposes for which the programs were designed to start with (read: missing more things that they were designed to deal with to start with)

    (c) increased system-wide vulnerability resulting from any exploit targetted at a specific brand of "do-it-all" software

    (d) program bloat for all software involved in the current "do-it-all" rage.

    I could go on, but I'm pretty sure it would be pointless. You either subscribe to the "specialization" theory - or you don't.

    The only "truth" out there that can hurt is that there will likely never be one program out there that can "do it all" perfectly.

    I'm outta here. Pete
     
  24. Paul Wilders

    Paul Wilders Administrator

    Joined:
    Jul 1, 2001
    Posts:
    12,472
    Location:
    The Netherlands
    I second that, Pete.

    A dedicated ITW antivirus is designed to do just that; coping with In The Wild viruses. "Zoo viruses" are of no importance; they aren't "out there", thus no threath. Layered defense is what it all comes down to. For that reason I always have been a firm believer in using separate top notch security apps for different purposes: a top notch ITW antivirus, a top notch antitrojan, etc. This way, at least one isn't totally defenseless when some sort of malware has targetted just one installed security app succesfully.

    regards.

    paul
     
  25. RaLX

    RaLX Registered Member

    Joined:
    Jan 22, 2003
    Posts:
    50
    Well, I second Firefighter opinion because Viruses, Trojans, Backdoors, etc... are all Malware that I think can be detected by a Top AV Software, and test like this reflects the true possibility of do that, i.e. KAV (and KAV based AV's), McAfee and even ZK Freedom AV (Command AV based) do it very well!.
     
Loading...
Thread Status:
Not open for further replies.