Update Frequency of Anti-Virus Software

Interesting stats:
http://anti-malware.net/index.php?menue=7&lang=0

 

Norton AV 2009 wins it

http://anti-malware.net/index.php?menue=7&lang=0&program=symantec2009

 

The problem with the stats is we don't know how many detections are in those updates.

Norton could update every second but only add 1 detection while avira could update once in a day and have billions of detections.

And i like norton so don't say im bashing .

 

The whole point behind it is faster response to unknown malware.

 

It looks funny that norton is 800 updates ahead .
I guess pulse updates does fix that problem.

 

erm spybot isnt an antivirus product so why is it on the list?
mcafee 6 updates bit small isnt it?

 

Eh, looks like another pissing contest to me, seriously. If you need updates every five minutes then you should throw away your computer and never touch it again since you must behave like complete fool.

 

you just don't get it do you. The more often you get updates the more likely you are to have definitions against the newest malware going around. Why would I wait several hours or even a day to get updates, in that amount of time you could already be infected with a new piece of malware you haven't gotten defs for.

 

As long as those updates do not cause performance issues, why not? The sooner definitions are on the PC, the sooner the PC is protected from an outbreak.

Hell, follow that logic to its conclusion: There's plenty of people who know how to secure a PC without ANY AV. If you need to have an AV on your machine, you must behave like a complete fool...

 

After Symantec updates its product to V2009, suddenly response time, speed and resource usage becomes very most important in AV world (highlighted in various tests)
I also waiting that day when Norton win Matousec contest, HIPS will then be very most and must to have highlighted feature of all...

 

Don't know where you've been, but I can see posts going back over a year discussing performance...

 

Yes on wilders, not on mainstream (paid) tests etc.
there was many "if you wanna best protection, you must sacrifice speed and resource for it" kinda comments...

 

That's true, but some argue that if the AV has strong heuristics, generic detections, behaviour-blocking, HIPS, whitelisting or any of the other technologies now available, they too should help against malware in between signature database releases. At least, that has been the thinking behind using these methods.

There have been discussions here and elsewhere about the need for other technologies as regular signatures cannot keep up with the rising amount of malware. At one time, most AVs delivered definitions monthly, but that changed to weekly as the malware landscape changed. Now most AVs deliver daily updates with a small number offering hourly updates.

Symantec have obviously raised the bar by offering pulse updates even though it may only be 1 or 2 signatures per update or perhaps a tweak to an existing one. I should imagine it won't be long before some of the competing products do something similar, but this will be dependent on whether they have the infrastructure to do so.

I actually switched to Kaspersky several years ago because of the hourly signature updates as well as the quality of the detection/removal routines. I don't envisage moving to another AV just because they have more timely database updates; I look at a product's protection capabilities as a whole, and for me, KL have a number of other technologies in place that satisfy my needs.

If vendors start switching to more frequent updates at x number of minute intervals, that supports the view signatures aren't dead, and may question whether there's a need for some of the other technologies.

 

I would like to know wether symmantec are actually holding back some updates so it appears to be a constant feed rather than issueing them as they are perhaps made available.
You cant fault the improvement though and im glad they`ve raised the bar.

 

faster updates = great detection and prevention

so its important to update very frequent

 

Instead of releasing a BIG def update every day they spread them out in other words when they are available they are pushed to the update server. instead of Queuing them for later.

 

This is a very cool test Should be real-time release of updates, to help eliminate the '0-day' virii.

 

Totally agree with you.
Norton tries to deleiver fast updates to protect very well against every threat which is fine, but it would be nice to count the number of viruses added also.

 

OneCare wasn't on the list (just the online scanner) so I checked my monthly report and it mentions that in the last month there were 66 updates which comes out roughly to 9.5 updates a week.

[EDIT: And with this post I just graduated to VFP ]