A personal opinion : AV rankings in order of net pop.

These are based on what I've seen in online tests in the past 6 months... No stats included... Only based on percentage of malware caught in various tests and user opinins accross various boards.
you may use this as ammo in your arguments, or punch a hole in my list (I'm no expert, am I?)...
this is based loosely on true stats. But it can't be taken as final evidence on anything (I guess you know that already)

Code:

[b]Top 5[/b] : Jostling for the best AV spots (loosely ordered)
    McAfee Virusscan Enterprise
    Kaspersky Antivirus (Personal/Personal Pro)
    eScan 2003		 ----->KAV based 	  
    Extendia AVK (or Pro) 	   -----> Dual engine AV - uses KAV
    GDATA   AVK (or Pro) 	   -----> Dual engine AV - uses KAV
    Trend Micro PcCillin
    F-Secure
    BitDefender Pro/Plus
    
    [b]5-10[/b] : Settling for slightly less in terms of percentage caught
    BitDefender Free   -----> Excellent backup AV (no RTS)
    eSan free		    -----> doesbn't clean infections, hence not in top5
    McAfee Pro
    Panda (Titanium/Platinum)
    Reliable AV		   -----> bought out by Microsoft!
    Norton Pro
    McAfee
 Symantec Corp	 -----> Can't deal with a LOT of tests (removal rate is nice for detected malware, though)
    Antivir PE			 -----> Free!
    ETrust EZ AV		-----> Free for 1 year! After that discount! [url="http://www.wilderssecurity.com/showthread.php?t=52565&highlight=etrust+free"]Click Here![/url]
 ETrust AV			 -----> Dual engine AV (now discontinued I [i]think[/i])
    [b]
    10-15[/b] : Average protection offered... must be compensated for in other areas.
    ETrust AV			 -----> Dual engine AV
 NOD32				 -----> Fails to reach 90% in most tests, but EXTREMELY fast and wonderful heuristics
 Dr.Web			 -----> Same as above (but clashes with parallel installs of other AV)
 F-Prot				 -----> many people love it. Low configurability. High speed. Low in tests.
 MKS_Vir			 -----> supposedly fast, but inconsistent scores
    
    [b]15-20[/b] : Need a lot of development
    Sophos				-----> Poor scores
    Norman			    -----> Always scores less than 75%
    AVG free			  -----> ditto
 ClamWin			 -----> Open Source, free, early stages of development, ratings vary, fast, based on Clam-AV (ported over from Linux/Unix - I forget which)
    Avast! Free

Feel free to reply here or to quote this on other posts.

Disclaimer : This is simply my personal opinion. Not results of statistical tests.

I hope to see replies from AV regulars to sort this list out (once and for all - that is, till 6 months later, when all AVs will need to be re-evaluated )

 

sophos is one of the best though, for networks that is

 

wonder how that came!

 

Since we're talking personal opinions, I'll offer mine.

@no13 - The list you provide looks to be a reasonably representative snapshot of what's floating out there. Not saying I necessarily agree with all of it, but it largely represents what I have also seen. With respect to me own feelings.....

• These are going out without influence of the latest av-comparatives.org results since they haven't appeared yet. Should appear this week. Waiting to see how things shape up.
• KAV (KAV 4.5 or 5.0 Personal/Personal Pro/Workstation) and KAV-based single or mutiple-engined AV's (Extendia/GDATA AVK; F-Secure; eScan; etc.). Best in class, now if they could just figure out how to drop the resource footprint a bit. I've adjusted my version of KAV 5.0 so it's not irritating anymore, but I'd sure like to squeeze it a bit more.
• NOD32 augmented with BOClean. I know, I've already pulled a fast one here - but this is a really sweet combination package in my opinion. Very light, very effective. In my own use challenges it is as effective as KAV in stopping infections. Doesn't quite reach the level of KAV yet since minor bits that BOClean handles may have left some nonfunctional flotsam about that KAV doesn't. As I recall, Stan999 and a few others mention this combo for gaming PC's. I agree, probably the best option in that case and an excellent option in any event.
• NOD32 alone. Although I run with BOClean - their home licensing scheme cannot be beat - NOD32 alone is getting formidable by any measure. Again, in very limited personal use testing with BOClean disabled, it has maintained this position in my personal arsenal.
• mks-vir 2004. Tested this extensively. Looks extremely good. Ran into an incompatibility on my system that we (me & mks) have been unable to trace connected to the realtime monitor. Waiting for the 2005 beta or commercial version to examine again. Memory footprint relatively high, although I never noticed a performance issue in use.
• F-Prot decent, just below NOD32 in my hands. Version 4 should be a major upgrade. Who knows how it will shape up in the long term.
• Dr. Web & Bitdefender. Have not really put Dr. Web or Bitdefender adequately through their paces. Very limited personal experience. Both look solid.

In my hands NOD32, mks_vir, F-Prot, Dr. Web, and Bitdefender are a cluster. I may view NOD32 at the lead, but it's a short performance step between them and I'd say that secondary features would drive selection. In my use it also seems to capture a few more things - which is somewhat at variance with a few tests - but the differences are relatively minor, so I'll say it's probably experimental noise. I like the NOD32 interface and use style, so it's at the head on my list.

A couple of large players aren't on my list. By any objective measure McAfee is best in class on AV performance. It's right up there with KAV. I was turned off by the security center approach and, the last time I was a customer, by the constant wave of co-marketing other McAfee products. As is often the case, you're remembered for your last problem. It's a little irrational, but I have no desire to even test a McAfee product now. Similar comments apply to Symantec. Objective measures say it's an excellent AV. They really need to do something about the robustness of LiveUpdate. Why this module remains a constant source of pain for users is beyond me. A definite Achilles heel for this product.

As for Trend Micro/Panda/AntiVir and the rest - I have no personal knowledge of these AV's, so I won't offer an opinion.

Again, these are my personal and informal opinions, not backed by objective testing.

Blue

 

AntiVir is a top free AV solution IMO. The problem is only lack of autoupdater and incrimental update system. And maybe they should at least integrate support for WinXP themes if they won't change the interface itself (it doesn't look too nice with Win9x style). I managed to do so,but there was some corruption due to hardcoded interface. Detection of new stuff by AntiVir (Jottis scanner stats) is much higher than ClamAV,avast!,Norman and even F-Prot.
Also heuristics are pretty sensitive with low false positive number,so i'm quiet impressed. Memory usage is decent and if i'm precise its nearly the same as NOD32 memory usage.

 

does that mean that its cumulative updates ALL the way?

 

Yup,around 1,5MB each VDF update. If you're on DSL/Cable,its no big deal (then its only autoupdate feature which AntiVir lacks) but if you're on dialup its a real pain to update it.

 

Dumb question: I see so many tests where it is stated that abc and xyz anti-virus use the KAV engine. How did so many AV get the KAV engine, did KAV sell it to them or is it free for the taking? Thanks.

Acadia

 

Hi,

I agree and MY PERSONAL Opinion is that McAFee Enterprise 8i is on the list TOP...Great Product.....Great,

Thank you,

 

Acadia,Kaspersky Labs is licensing their kernel engine to other companies.
Its nothing unusual really. eXtendia Antivirus uses Kaspersky engine and BitDefender engine,Bullguard for example uses only BitDefender engine.
F-Secure uses F-Prot engine and Kaspersky engine,Command Antivirus uses modified F-Prot engine... and so on...

Its the same with this example (i'm really good with car examples ):
Volkswagen (germany car manufacturer) is creating car engines for Seat (Spain car manufacturer) and Skoda (Czech car manufacturer) cars.
Seat and Skoda just creates the car design,while engine is imported from Volkswagen. They probably found out that its cheaper to impliment already completed technology,rather then designing it from scratch (same applies to antiviruses).

 

I don't know but think that McAfee has our proper engine...I not Kaspersky, Is not BitDefender and F-Prot...is differente and great.

 

ESET,McAfee,Symantec,SOPHOS,H+BEDV,Alwil Software,Frisk,GeCAD,GriSoft,Norman,Panda Software,SoftWin,Kaspersky Labs and Trend Micro are using their own scan engine (plus some mentioned in above posts). All others are using licensed engines or are not so important or known to normal users.

 

You forgot MKS_VIR 2004, very good overall detecting rate, among the absolute top 5 scanning engine if the commonness of infections has a priority (Trojans & Backdoors, TrojanDownloaders, TrojanDroppers, Worms etc.), not so unknown in here at Wilders Forum anymore. Actually, only KAV engined av:s can detect more trojanlike nasties than this MKS, when we are not talking about runtime packed nasties of course.

Best regards,
Firefighter!

 

Yes,i forgot MKS. Fine peace of software. Too bad its not so known as others.

 

In my mind it's only a plus, not very known av:s are not very common targets as well to virus writers.

Best regards,
Firefighter!

 

MKS don't score so well on recent tests. Comments.

 

If you mean the latest VirusP test. I don't care less about the old DOS viruses where MKS was poor.

Best regards,
Firefighter!

 

err... what's "VirusP tests"?

 

MKS scores well enough to satisfy me and performs well on my comp. No noticeable drag from the RTS. The heuristics are very good.
I monitor JOTTI'S sight and it seems to perform as well if not better than some of the others (Kaspsersky being the one true exception). I do not know the percentages, I just randomly view it about 10 times per day.
Bottom line, it works well on my comp and I use eXtendia AVK single KAV engine as my on demand and scheduled scanner. I do not choose an AV based on all the various tests, although they do to a small extent weigh in on my decision, I choose to use an AV because it is effective, light, ease of settings and how it performs on my box. I am a very satisfied user of MKS in that respect. I do take into account other users posts about their experience with an AV.
It does not have the best detection rates but between MKS and common sense it is the best AV for me.
MKS 2005 is going to add a registry monitor or so it has been reported.

 

That's the prize-winner as far as I'm concerned

 

VirusP AKA virus.gr.

http://www.virus.gr/english/fullxml/default.asp?id=67&mnu=67

Btw, MKS scanning engine was the second best against backdoors & trojans, 95.71 %, also in here, just after those Kaspersky engined av:s.

Best regards,
Firefighter!

 

Checking out most tests, McAfee is second only to KAV (and those that use the KAV engine). McAfee runs real smooth while I always find some "drag" using KAV. McAfee updates using ActiveX. The ActiveX module must only be installed once. ActiveX cannot be installed without your permission (or unless you change the IE default settings) so I could never see what the big worry is about it. The security center is a non-issue... you don't even have to see it if you don't want to.

Some don't like the security center because they consider it "pimpin' their warez" whatever that means. I don't reside in "the hood."

 

Kaspersky Anti-Virus
83.21% / 83.25%*

mks_vir
41.35% / 50.10%*

Norman Virus Control
17.90% / 35.76%*

* (detection with heuristics/Sandbox)

Please also take these numbers with a decent dose of reserve.
These numbers pretty much show how good is antivirus in detecting new or unknown stuff. Notice the giant leap between normal and Sandbox in Norman score? Looks like Sandbox is pretty effective for new stuff.
Almost all antiviruses with a decent heuristics have a 10% improvement over normal detection. Exception is AntiVir with a bit under 10%,but they have just implimented them,so there is still time for improvements.
It is also interesting to see Kaspersky score. Kaspersky guys are nuts (in a good way ). They have almost everything covered by signatures. Do they ever sleep?

 

Can you say if MKS_VIR is using the best heuristics available in here, the advanced heuristics? Overall the samples tested in here represent something else than randomly picked samples. What do I do with a virus scanner when it's best detection rate is 35.76?

As a heuristics detection of 50.1 %, it's such good that I've not seen so high scores anywhere else.

Btw, 83.25 % is so high detecting rate against new infections, that it will be scored only by very quick updates. In this case almost all agree that KAV is superior in feedback to new threats.

PS. If you want to declare how randomly samples these tested infections are, it will help if you classified these samples to different categories like I have done for instance. They have to be somewhat like it was in DrWeb's update category volumes in the beginning this year.

Best regards,
Firefighter!

 

Well the samples are totally random. If the same sample is submited twice its not added to the database (and not in calculations of %).
Also 35% for Norman doesn't mean it sucks. Jotti recieves mainly new/modified stuff so it shows how AV covers uncommon stuff. Also heuristics score is not a heuristics score only,but signatures+heuristics score. So you get around 10% difference over signatures only.
I belive Jotti is using highest settings possible for all AVs.