A personal opinion : AV rankings in order of net pop.

Discussion in 'other anti-virus software' started by no13, Nov 29, 2004.

Thread Status:
Not open for further replies.
  1. no13

    no13 Retired Major Resident Nutcase

    Joined:
    Sep 28, 2004
    Posts:
    1,327
    Location:
    Wouldn't YOU like to know?
    These are based on what I've seen in online tests in the past 6 months... No stats included... Only based on percentage of malware caught in various tests and user opinins accross various boards.
    you may use this as ammo in your arguments, or punch a hole in my list (I'm no expert, am I?)...
    this is based loosely on true stats. But it can't be taken as final evidence on anything (I guess you know that already)
    Code:
    [b]Top 5[/b] : Jostling for the best AV spots (loosely ordered)
        McAfee Virusscan Enterprise
        Kaspersky Antivirus (Personal/Personal Pro)
        eScan 2003		 ----->KAV based 	  
        Extendia AVK (or Pro) 	   -----> Dual engine AV - uses KAV
        GDATA   AVK (or Pro) 	   -----> Dual engine AV - uses KAV
        Trend Micro PcCillin
        F-Secure
        BitDefender Pro/Plus
        
        [b]5-10[/b] : Settling for slightly less in terms of percentage caught
        BitDefender Free   -----> Excellent backup AV (no RTS)
        eSan free		    -----> doesbn't clean infections, hence not in top5
        McAfee Pro
        Panda (Titanium/Platinum)
        Reliable AV		   -----> bought out by Microsoft!
        Norton Pro
        McAfee
     Symantec Corp	 -----> Can't deal with a LOT of tests (removal rate is nice for detected malware, though)
        Antivir PE			 -----> Free!
        ETrust EZ AV		-----> Free for 1 year! After that discount! [url="http://www.wilderssecurity.com/showthread.php?t=52565&highlight=etrust+free"]Click Here![/url]
     ETrust AV			 -----> Dual engine AV (now discontinued I [i]think[/i])
        [b]
        10-15[/b] : Average protection offered... must be compensated for in other areas.
        ETrust AV			 -----> Dual engine AV
     NOD32				 -----> Fails to reach 90% in most tests, but EXTREMELY fast and wonderful heuristics
     Dr.Web			 -----> Same as above (but clashes with parallel installs of other AV)
     F-Prot				 -----> many people love it. Low configurability. High speed. Low in tests.
     MKS_Vir			 -----> supposedly fast, but inconsistent scores
        
        [b]15-20[/b] : Need a lot of development
        Sophos				-----> Poor scores
        Norman			    -----> Always scores less than 75%
        AVG free			  -----> ditto
     ClamWin			 -----> Open Source, free, early stages of development, ratings vary, fast, based on Clam-AV (ported over from Linux/Unix - I forget which)
        Avast! Free
    Feel free to reply here or to quote this on other posts.

    Disclaimer : This is simply my personal opinion. Not results of statistical tests.

    I hope to see replies from AV regulars to sort this list out (once and for all - that is, till 6 months later, when all AVs will need to be re-evaluated :D)
     
  2. synapse

    synapse Registered Member

    Joined:
    Oct 31, 2004
    Posts:
    50
    sophos is one of the best though, for networks that is
     
  3. eisefr

    eisefr Registered Member

    Joined:
    Nov 23, 2004
    Posts:
    153
    Location:
    Germany
    :eek:

    wonder how that came!
     
  4. BlueZannetti

    BlueZannetti Administrator

    Joined:
    Oct 19, 2003
    Posts:
    6,590
    Since we're talking personal opinions, I'll offer mine.

    @no13 - The list you provide looks to be a reasonably representative snapshot of what's floating out there. Not saying I necessarily agree with all of it, but it largely represents what I have also seen. With respect to me own feelings.....

    • These are going out without influence of the latest av-comparatives.org results since they haven't appeared yet. Should appear this week. Waiting to see how things shape up.
    • KAV (KAV 4.5 or 5.0 Personal/Personal Pro/Workstation) and KAV-based single or mutiple-engined AV's (Extendia/GDATA AVK; F-Secure; eScan; etc.). Best in class, now if they could just figure out how to drop the resource footprint a bit. I've adjusted my version of KAV 5.0 so it's not irritating anymore, but I'd sure like to squeeze it a bit more.
    • NOD32 augmented with BOClean. I know, I've already pulled a fast one here - but this is a really sweet combination package in my opinion. Very light, very effective. In my own use challenges it is as effective as KAV in stopping infections. Doesn't quite reach the level of KAV yet since minor bits that BOClean handles may have left some nonfunctional flotsam about that KAV doesn't. As I recall, Stan999 and a few others mention this combo for gaming PC's. I agree, probably the best option in that case and an excellent option in any event.
    • NOD32 alone. Although I run with BOClean - their home licensing scheme cannot be beat - NOD32 alone is getting formidable by any measure. Again, in very limited personal use testing with BOClean disabled, it has maintained this position in my personal arsenal.
    • mks-vir 2004. Tested this extensively. Looks extremely good. Ran into an incompatibility on my system that we (me & mks) have been unable to trace connected to the realtime monitor. Waiting for the 2005 beta or commercial version to examine again. Memory footprint relatively high, although I never noticed a performance issue in use.
    • F-Prot decent, just below NOD32 in my hands. Version 4 should be a major upgrade. Who knows how it will shape up in the long term.
    • Dr. Web & Bitdefender. Have not really put Dr. Web or Bitdefender adequately through their paces. Very limited personal experience. Both look solid.
    In my hands NOD32, mks_vir, F-Prot, Dr. Web, and Bitdefender are a cluster. I may view NOD32 at the lead, but it's a short performance step between them and I'd say that secondary features would drive selection. In my use it also seems to capture a few more things - which is somewhat at variance with a few tests - but the differences are relatively minor, so I'll say it's probably experimental noise. I like the NOD32 interface and use style, so it's at the head on my list.

    A couple of large players aren't on my list. By any objective measure McAfee is best in class on AV performance. It's right up there with KAV. I was turned off by the security center approach and, the last time I was a customer, by the constant wave of co-marketing other McAfee products. As is often the case, you're remembered for your last problem. It's a little irrational, but I have no desire to even test a McAfee product now. Similar comments apply to Symantec. Objective measures say it's an excellent AV. They really need to do something about the robustness of LiveUpdate. Why this module remains a constant source of pain for users is beyond me. A definite Achilles heel for this product.

    As for Trend Micro/Panda/AntiVir and the rest - I have no personal knowledge of these AV's, so I won't offer an opinion.

    Again, these are my personal and informal opinions, not backed by objective testing.

    Blue
     
  5. RejZoR

    RejZoR Registered Member

    Joined:
    May 31, 2004
    Posts:
    6,426
    AntiVir is a top free AV solution IMO. The problem is only lack of autoupdater and incrimental update system. And maybe they should at least integrate support for WinXP themes if they won't change the interface itself (it doesn't look too nice with Win9x style). I managed to do so,but there was some corruption due to hardcoded interface. Detection of new stuff by AntiVir (Jottis scanner stats) is much higher than ClamAV,avast!,Norman and even F-Prot.
    Also heuristics are pretty sensitive with low false positive number,so i'm quiet impressed. Memory usage is decent and if i'm precise its nearly the same as NOD32 memory usage.
     
  6. no13

    no13 Retired Major Resident Nutcase

    Joined:
    Sep 28, 2004
    Posts:
    1,327
    Location:
    Wouldn't YOU like to know?
    does that mean that its cumulative updates ALL the way?
     
  7. RejZoR

    RejZoR Registered Member

    Joined:
    May 31, 2004
    Posts:
    6,426
    Yup,around 1,5MB each VDF update. If you're on DSL/Cable,its no big deal (then its only autoupdate feature which AntiVir lacks) but if you're on dialup its a real pain to update it.
     
  8. Acadia

    Acadia Registered Member

    Joined:
    Sep 8, 2002
    Posts:
    4,048
    Location:
    SouthCentral PA
    Dumb question: I see so many tests where it is stated that abc and xyz anti-virus use the KAV engine. How did so many AV get the KAV engine, did KAV sell it to them or is it free for the taking? o_O Thanks.

    Acadia
     
  9. larouse

    larouse Registered Member

    Joined:
    Sep 26, 2004
    Posts:
    157
    Hi,

    I agree and MY PERSONAL Opinion is that McAFee Enterprise 8i is on the list TOP...Great Product.....Great,

    Thank you,
     
  10. RejZoR

    RejZoR Registered Member

    Joined:
    May 31, 2004
    Posts:
    6,426
    Acadia,Kaspersky Labs is licensing their kernel engine to other companies.
    Its nothing unusual really. eXtendia Antivirus uses Kaspersky engine and BitDefender engine,Bullguard for example uses only BitDefender engine.
    F-Secure uses F-Prot engine and Kaspersky engine,Command Antivirus uses modified F-Prot engine... and so on...

    Its the same with this example (i'm really good with car examples ;) ):
    Volkswagen (germany car manufacturer) is creating car engines for Seat (Spain car manufacturer) and Skoda (Czech car manufacturer) cars.
    Seat and Skoda just creates the car design,while engine is imported from Volkswagen. They probably found out that its cheaper to impliment already completed technology,rather then designing it from scratch (same applies to antiviruses).
     
  11. larouse

    larouse Registered Member

    Joined:
    Sep 26, 2004
    Posts:
    157
    I don't know but think that McAfee has our proper engine...I not Kaspersky, Is not BitDefender and F-Prot...is differente and great.
     
  12. RejZoR

    RejZoR Registered Member

    Joined:
    May 31, 2004
    Posts:
    6,426
    ESET,McAfee,Symantec,SOPHOS,H+BEDV,Alwil Software,Frisk,GeCAD,GriSoft,Norman,Panda Software,SoftWin,Kaspersky Labs and Trend Micro are using their own scan engine (plus some mentioned in above posts). All others are using licensed engines or are not so important or known to normal users.
     
  13. Firefighter

    Firefighter Registered Member

    Joined:
    Oct 28, 2002
    Posts:
    1,670
    Location:
    Finland
    You forgot MKS_VIR 2004, very good overall detecting rate, among the absolute top 5 scanning engine if the commonness of infections has a priority (Trojans & Backdoors, TrojanDownloaders, TrojanDroppers, Worms etc.), not so unknown in here at Wilders Forum anymore. Actually, only KAV engined av:s can detect more trojanlike nasties than this MKS, when we are not talking about runtime packed nasties of course.

    Best regards,
    Firefighter!
     
  14. RejZoR

    RejZoR Registered Member

    Joined:
    May 31, 2004
    Posts:
    6,426
    Yes,i forgot MKS. Fine peace of software. Too bad its not so known as others.
     
  15. Firefighter

    Firefighter Registered Member

    Joined:
    Oct 28, 2002
    Posts:
    1,670
    Location:
    Finland
    In my mind it's only a plus, not very known av:s are not very common targets as well to virus writers.

    Best regards,
    Firefighter!
     
  16. no13

    no13 Retired Major Resident Nutcase

    Joined:
    Sep 28, 2004
    Posts:
    1,327
    Location:
    Wouldn't YOU like to know?
    MKS don't score so well on recent tests. Comments.
     
  17. Firefighter

    Firefighter Registered Member

    Joined:
    Oct 28, 2002
    Posts:
    1,670
    Location:
    Finland
    If you mean the latest VirusP test. I don't care less about the old DOS viruses where MKS was poor.

    Best regards,
    Firefighter!
     
  18. no13

    no13 Retired Major Resident Nutcase

    Joined:
    Sep 28, 2004
    Posts:
    1,327
    Location:
    Wouldn't YOU like to know?
    err... what's "VirusP tests"?
     
  19. Honyak

    Honyak Registered Member

    Joined:
    Jul 19, 2004
    Posts:
    346
    Location:
    Deep South
    MKS scores well enough to satisfy me and performs well on my comp. No noticeable drag from the RTS. The heuristics are very good.
    I monitor JOTTI'S sight and it seems to perform as well if not better than some of the others (Kaspsersky being the one true exception). I do not know the percentages, I just randomly view it about 10 times per day.
    Bottom line, it works well on my comp and I use eXtendia AVK single KAV engine as my on demand and scheduled scanner. I do not choose an AV based on all the various tests, although they do to a small extent weigh in on my decision, I choose to use an AV because it is effective, light, ease of settings and how it performs on my box. I am a very satisfied user of MKS in that respect. I do take into account other users posts about their experience with an AV.
    It does not have the best detection rates but between MKS and common sense it is the best AV for me.
    MKS 2005 is going to add a registry monitor or so it has been reported.
     
  20. no13

    no13 Retired Major Resident Nutcase

    Joined:
    Sep 28, 2004
    Posts:
    1,327
    Location:
    Wouldn't YOU like to know?
    That's the prize-winner as far as I'm concerned
     
  21. Firefighter

    Firefighter Registered Member

    Joined:
    Oct 28, 2002
    Posts:
    1,670
    Location:
    Finland
    VirusP AKA virus.gr.

    http://www.virus.gr/english/fullxml/default.asp?id=67&mnu=67

    Btw, MKS scanning engine was the second best against backdoors & trojans, 95.71 %, also in here, just after those Kaspersky engined av:s.

    Best regards,
    Firefighter!
     
  22. Ailric

    Ailric Guest

    Checking out most tests, McAfee is second only to KAV (and those that use the KAV engine). McAfee runs real smooth while I always find some "drag" using KAV. McAfee updates using ActiveX. The ActiveX module must only be installed once. ActiveX cannot be installed without your permission (or unless you change the IE default settings) so I could never see what the big worry is about it. The security center is a non-issue... you don't even have to see it if you don't want to.

    Some don't like the security center because they consider it "pimpin' their warez" whatever that means. I don't reside in "the hood."
     
  23. RejZoR

    RejZoR Registered Member

    Joined:
    May 31, 2004
    Posts:
    6,426
    Kaspersky Anti-Virus
    83.21% / 83.25%*

    mks_vir
    41.35% / 50.10%*

    Norman Virus Control
    17.90% / 35.76%*

    * (detection with heuristics/Sandbox)

    Please also take these numbers with a decent dose of reserve.
    These numbers pretty much show how good is antivirus in detecting new or unknown stuff. Notice the giant leap between normal and Sandbox in Norman score? Looks like Sandbox is pretty effective for new stuff.
    Almost all antiviruses with a decent heuristics have a 10% improvement over normal detection. Exception is AntiVir with a bit under 10%,but they have just implimented them,so there is still time for improvements.
    It is also interesting to see Kaspersky score. Kaspersky guys are nuts (in a good way :) ). They have almost everything covered by signatures. Do they ever sleep?
     
  24. Firefighter

    Firefighter Registered Member

    Joined:
    Oct 28, 2002
    Posts:
    1,670
    Location:
    Finland
    Can you say if MKS_VIR is using the best heuristics available in here, the advanced heuristics? Overall the samples tested in here represent something else than randomly picked samples. What do I do with a virus scanner when it's best detection rate is 35.76?

    As a heuristics detection of 50.1 %, it's such good that I've not seen so high scores anywhere else.

    Btw, 83.25 % is so high detecting rate against new infections, that it will be scored only by very quick updates. In this case almost all agree that KAV is superior in feedback to new threats.

    PS. If you want to declare how randomly samples these tested infections are, it will help if you classified these samples to different categories like I have done for instance. They have to be somewhat like it was in DrWeb's update category volumes in the beginning this year.

    Best regards,
    Firefighter!
     
    Last edited: Nov 30, 2004
  25. RejZoR

    RejZoR Registered Member

    Joined:
    May 31, 2004
    Posts:
    6,426
    Well the samples are totally random. If the same sample is submited twice its not added to the database (and not in calculations of %).
    Also 35% for Norman doesn't mean it sucks. Jotti recieves mainly new/modified stuff so it shows how AV covers uncommon stuff. Also heuristics score is not a heuristics score only,but signatures+heuristics score. So you get around 10% difference over signatures only.
    I belive Jotti is using highest settings possible for all AVs.
     
Loading...
Thread Status:
Not open for further replies.