A new report from OPSWAT determined the market share for the top five antivirus vendors with RTP enabled. It includes: Avast – 21.4% Microsoft – 19.4% AVG – 8.6% Avira – 7.4% Symantec – 7.1% http://i.snag.gy/5gxJB.jpg More info: https://www.opswat.com/resources/reports/antivirus-and-compromised-device-january-2015
For a description of the data collection method and its limitations, see the data collection section of this report. OOPS ..... BS report!
Considering the top three - is it any wonder malware is such a big problem? What is strange is, I have metrics on 34,000 machines, and NONE Of them have any of those top 4 installed. It's all SEP, Trend, and Forticlients.
just because you steer them, doesn't mean they buy what you would prefer them to use - for many different reasons.
That's true, however if you have read a few posts of Mayahana you should know that his choices are quite coincidental with what he stated.
Anecdotes and personal experiences are not the way to talk about these products. If you're talking about my own experience I'd end up saying all of the top three are better than the fifth, but you do not see me making such a statement. In practise, MSE may be a bit lacking - but it's meant to provide only the most basic protection, while both Avast and AVG are competitive products. It isn't that difficult really to find a sample set where either product does better than the other, and a few miniscule percentage differences do not necessarily translate into real-world mediocrity (Again, I will reiterate that an AV that scores "Standard" in AV-C is already very good to begin with).
just because he has the info on those machines doesn't automatically mean he has advised/decided on the installation of the software on them
In most cases in fact, your 'steering' means little. Most companies we MSP for tend to have IT liaisons who make decisions in many cases, or there is a lengthy vetting/approval process to make changes. (running into the multiple years in some cases) My recommendations don't carry as much weight as you think for these clients.
If that was the case why bother with what you run anyway? Also, if that's the case, then detections should - in theory - be identical between products on raw malware scans. Which we know they aren't. I know Trend is largely proprietary, and unique, can you point to another AV vendor Trend shares it's DNA with? Sharing their DNA databases would be a competitive disadvantage for the product, and not a smart thing commercially.
They swap samples - this is for blacklisting purposes - they do not swap their whitelists. Modern cloud systems heavily rely on whitelists, that is a big reason why you see the differences you do. There are also other reasons, such as "x" company having an agreement with "y" but not with "z", and so on. In the end, each company does have a "link", but whether it is direct is another question. The next issue is one of resources: I can get all the samples in the world, but who's going to add them if I don't have the expertise and the manpower required to do that?
there was an agreement years ago for the main av companies to exchange malware samples,but as nowadays there are a fair number of companies around that weren't then I am not sure if it is still in play or whether the newer companies signed up to it,even if they don't exchange the data malware samples aren't what you would call top secret info,it's not having access to the samples that is important but how a company uses the info
Many of the technologies don't rely on samples in the sense of developing signatures. The technologies themselves are a closely guarded secret. In the case of something like Trend, the ability for them to DNA/Fingerprint tag malware - on the fly - is technology(and anything the technology discovers) that will not be shared. Even ASUS doesn't know what the technology is, and it's in their routers. So sharing some basic signatures may happen in some cases, but that doesn't impact the overall reputation/DNA/FiP technology behind the product - which are their strengths. Bit Defender has seemingly won the 'signature wars', but they seem to be quite a bit behind in more advanced technology. So naturally a lot of companies license BD signatures as a result, but then apply their own technologies to the back end. I have less interest these days in raw signatures then I do in more advanced detection methodologies. That's where the future is.
Bit not only does great in the signature wars, they also do very well in some heuristic / behavioral technologies. http://chart.av-comparatives.org/chart1.php That's why Bit shows better in testing overall than any of the many products that license their signatures and/or engine. And... That's why it was disappointing to me when Bit was so buggy on two different systems on which I tried it. MBAE, NVT EXE and others are working to go beyond signatures and address classes of threat that signature based and simple heuristics have challenges defending. But MBAE and NVT EXE and others... while getting more user friendly, still ask for a lot of information (whitelist validation...) from users. So like Mayahana, I think more advanced detection methodologies is where we need to be watching. Some AVs are developing these capabilities designed to be user friendly in their approach. This is key I think for the vast majority of the computer using public.
USA 320 million inhabitants = 23,6% share, Netherlands 17 million = 10.1 % share, Germany 80 million inhabitants = 5% share (of user base). Okay IT-usage per country may vary based on demographic differences. Some facts: Holland is located at German (west) border, most of Germany's largest (economic) cities are closer to Amsterdam than Berlin, so what is faulted with that 'representative' market research?
from data collected from users of OPSWAT GEARS a device security and management platform Several attributes inherent to the data collection methods may cause the results in this report to differ from real-world conditions OPSWAT is working to increase global usage of OPSWAT GEARS
Lets not turn this to A vs B and thread about technologies/detection capabilities please ___ In my opinion it is easy to understand that free AVs rule market share and there's nothing wrong about it. Better than nothing.
One thing missed here is regional difference. In my region I see exactly same tendency, most people use either McAfee, Symantec, or Trend tho I'm sure Mayahana is from other country. One difference is K7 which is quite popular here next to those big 3 but I believe they're not popular in the world, even in Asia where I live. I believe it's not all, partly. But actually I've been feeling signature tend to be disregarded in such security forum. The fact is the most part of threats (more than 50% of all blocked threats) are detected by signatures and at least some of them bypasses all other layers of the AV/IS. The fact signature itself is not enough doesn't mean other solution is better at least in current state.