AV market share (new OPSWAT report )

Discussion in 'other anti-virus software' started by LagerX, Jan 30, 2015.

  1. LagerX

    LagerX Registered Member

    Joined:
    Apr 16, 2008
    Posts:
    540
  2. anon

    anon Registered Member

    Joined:
    Dec 27, 2012
    Posts:
    4,097
    For a description of the data collection method and its limitations, see the data collection section of this report.

    :isay:

    OOPS ..... BS report!
     
  3. Mayahana

    Mayahana Banned

    Joined:
    Sep 13, 2014
    Posts:
    2,220
    Considering the top three - is it any wonder malware is such a big problem?

    What is strange is, I have metrics on 34,000 machines, and NONE Of them have any of those top 4 installed. It's all SEP, Trend, and Forticlients.
     
  4. xxJackxx

    xxJackxx Registered Member

    Joined:
    Oct 23, 2008
    Posts:
    4,050
    Location:
    USA
    Nope, I'm not surprised. You get what you pay for.
     
  5. SweX

    SweX Registered Member

    Joined:
    Apr 21, 2007
    Posts:
    6,429
    Not strange at all, as those are products that you prefer over anything else.
     
  6. phalanaxus

    phalanaxus Registered Member

    Joined:
    Jan 19, 2011
    Posts:
    499
    Don't you steer your clients to the software you want them to use?
     
  7. webyourbusiness

    webyourbusiness Registered Member

    Joined:
    Nov 16, 2004
    Posts:
    2,640
    Location:
    Throughout the USA and Canada
    just because you steer them, doesn't mean they buy what you would prefer them to use - for many different reasons.
     
  8. phalanaxus

    phalanaxus Registered Member

    Joined:
    Jan 19, 2011
    Posts:
    499
    That's true, however if you have read a few posts of Mayahana you should know that his choices are quite coincidental with what he stated.
     
  9. Firecat

    Firecat Registered Member

    Joined:
    Jan 2, 2005
    Posts:
    7,927
    Location:
    The land of no identity :D
    Anecdotes and personal experiences are not the way to talk about these products. If you're talking about my own experience I'd end up saying all of the top three are better than the fifth, but you do not see me making such a statement.

    In practise, MSE may be a bit lacking - but it's meant to provide only the most basic protection, while both Avast and AVG are competitive products. It isn't that difficult really to find a sample set where either product does better than the other, and a few miniscule percentage differences do not necessarily translate into real-world mediocrity (Again, I will reiterate that an AV that scores "Standard" in AV-C is already very good to begin with).
     
  10. steve1955

    steve1955 Registered Member

    Joined:
    Feb 7, 2004
    Posts:
    1,384
    Location:
    Sunny(in my dreams)Manchester,England
    just because he has the info on those machines doesn't automatically mean he has advised/decided on the installation of the software on them
     
  11. Mayahana

    Mayahana Banned

    Joined:
    Sep 13, 2014
    Posts:
    2,220
    In most cases in fact, your 'steering' means little. Most companies we MSP for tend to have IT liaisons who make decisions in many cases, or there is a lengthy vetting/approval process to make changes. (running into the multiple years in some cases) My recommendations don't carry as much weight as you think for these clients.
     
  12. The Hammer

    The Hammer Registered Member

    Joined:
    May 12, 2005
    Posts:
    5,619
    Location:
    Toronto Canada
    The companies all share their samples anyway.
     
  13. Mayahana

    Mayahana Banned

    Joined:
    Sep 13, 2014
    Posts:
    2,220
    If that was the case why bother with what you run anyway? Also, if that's the case, then detections should - in theory - be identical between products on raw malware scans. Which we know they aren't. I know Trend is largely proprietary, and unique, can you point to another AV vendor Trend shares it's DNA with? Sharing their DNA databases would be a competitive disadvantage for the product, and not a smart thing commercially.
     
  14. The Hammer

    The Hammer Registered Member

    Joined:
    May 12, 2005
    Posts:
    5,619
    Location:
    Toronto Canada
    Well Inspector Clouseau has said in the past that they do swap samples.
     
  15. Firecat

    Firecat Registered Member

    Joined:
    Jan 2, 2005
    Posts:
    7,927
    Location:
    The land of no identity :D
    They swap samples - this is for blacklisting purposes - they do not swap their whitelists. Modern cloud systems heavily rely on whitelists, that is a big reason why you see the differences you do.

    There are also other reasons, such as "x" company having an agreement with "y" but not with "z", and so on. In the end, each company does have a "link", but whether it is direct is another question. The next issue is one of resources: I can get all the samples in the world, but who's going to add them if I don't have the expertise and the manpower required to do that? :)
     
  16. steve1955

    steve1955 Registered Member

    Joined:
    Feb 7, 2004
    Posts:
    1,384
    Location:
    Sunny(in my dreams)Manchester,England
    there was an agreement years ago for the main av companies to exchange malware samples,but as nowadays there are a fair number of companies around that weren't then I am not sure if it is still in play or whether the newer companies signed up to it,even if they don't exchange the data malware samples aren't what you would call top secret info,it's not having access to the samples that is important but how a company uses the info
     
  17. Mayahana

    Mayahana Banned

    Joined:
    Sep 13, 2014
    Posts:
    2,220
    Many of the technologies don't rely on samples in the sense of developing signatures. The technologies themselves are a closely guarded secret. In the case of something like Trend, the ability for them to DNA/Fingerprint tag malware - on the fly - is technology(and anything the technology discovers) that will not be shared. Even ASUS doesn't know what the technology is, and it's in their routers. So sharing some basic signatures may happen in some cases, but that doesn't impact the overall reputation/DNA/FiP technology behind the product - which are their strengths. Bit Defender has seemingly won the 'signature wars', but they seem to be quite a bit behind in more advanced technology. So naturally a lot of companies license BD signatures as a result, but then apply their own technologies to the back end.

    I have less interest these days in raw signatures then I do in more advanced detection methodologies. That's where the future is.
     
  18. Frank the Perv

    Frank the Perv Banned

    Joined:
    Dec 16, 2005
    Posts:
    882
    Location:
    Virginia, USA

    Bit not only does great in the signature wars, they also do very well in some heuristic / behavioral technologies.
    http://chart.av-comparatives.org/chart1.php

    That's why Bit shows better in testing overall than any of the many products that license their signatures and/or engine.

    And... That's why it was disappointing to me when Bit was so buggy on two different systems on which I tried it.

    MBAE, NVT EXE and others are working to go beyond signatures and address classes of threat that signature based and simple heuristics have challenges defending.

    But MBAE and NVT EXE and others... while getting more user friendly, still ask for a lot of information (whitelist validation...) from users.

    So like Mayahana, I think more advanced detection methodologies is where we need to be watching.

    Some AVs are developing these capabilities designed to be user friendly in their approach. This is key I think for the vast majority of the computer using public.
     
  19. Impet

    Impet Registered Member

    Joined:
    May 5, 2013
    Posts:
    895
    ... but all of them are free. ;)
     
  20. Windows_Security

    Windows_Security Registered Member

    Joined:
    Mar 2, 2013
    Posts:
    3,082
    Location:
    Netherlands
    USA 320 million inhabitants = 23,6% share, Netherlands 17 million = 10.1 % share, Germany 80 million inhabitants = 5% share (of user base). Okay IT-usage per country may vary based on demographic differences. Some facts: Holland is located at German (west) border, most of Germany's largest (economic) cities are closer to Amsterdam than Berlin, so what is faulted with that 'representative' market research?
     
  21. anon

    anon Registered Member

    Joined:
    Dec 27, 2012
    Posts:
    4,097
    from data collected from users of OPSWAT GEARS a device security and management platform
    :isay:

    Several attributes inherent to the data collection methods may cause the results in this report to differ from real-world conditions
    :isay:

    OPSWAT is working to increase global usage of OPSWAT GEARS
    :isay:
     
  22. ArchiveX

    ArchiveX Registered Member

    Joined:
    Apr 7, 2014
    Posts:
    1,016
    Market Share is one thing
    while
    Protection
    is another one...
     
    Last edited: Jan 31, 2015
  23. LagerX

    LagerX Registered Member

    Joined:
    Apr 16, 2008
    Posts:
    540
    Lets not turn this to A vs B and thread about technologies/detection capabilities please :)

    ___

    In my opinion it is easy to understand that free AVs rule market share and there's nothing wrong about it. Better than nothing.
     
  24. Yuki2718

    Yuki2718 Registered Member

    Joined:
    Aug 15, 2014
    Posts:
    1,257
    One thing missed here is regional difference. In my region I see exactly same tendency, most people use either McAfee, Symantec, or Trend tho I'm sure Mayahana is from other country.
    One difference is K7 which is quite popular here next to those big 3 but I believe they're not popular in the world, even in Asia where I live.
    I believe it's not all, partly.

    But actually I've been feeling signature tend to be disregarded in such security forum. The fact is the most part of threats (more than 50% of all blocked threats) are detected by signatures and at least some of them bypasses all other layers of the AV/IS.
    The fact signature itself is not enough doesn't mean other solution is better at least in current state.
     
Loading...