Reaction time

http://www.kaspersky.com/news.html?id=146126048

"Russian antivirus service tops the tables in independent German study


Virus threats on the Internet are steadily increasing. Given this, the speed at which antivirus developers react to new viruses is a crucial factor in the effectiveness of any information security system. There have been several massive virus attacks since the start of 2004, each more destructive than any seen before.

In connection with this, a well-known research group from Magdeburg University, AV-Test.org conducted independent research to establish the reaction time of antivirus developers to new malicious code. This research was designed to discover the average time taken to release an anti-virus database update from the moment a new virus is first detected. The recent notorious viruses, Dumaru.y, Mydoom.a, Bagle.a and Bagle.b, which are all detected using heuristics, were used as controls.

This analysis is more objective than traditional comparative testing carried out by IT publications and research centres. Such tests use collections of older viruses, detected over a month prior to the start of testing, to determine the efficacy of antivirus products. This means that the most important factor in the quality of an anti-virus solution is overlooked: reaction time. It is this specific feature which determines the reliability of protection against new threats. The research carried out by the group from Magdeburg University clearly illustrates the actual quality of antivirus systems, which in turn determines the level of information security as a whole.

For maximum accuracy in analysing the speed at which antivirus database updates are released, the researchers used dedicated script programs. These scanned the developers' servers every 5 minutes for new updates. The mean results of all data received showed that Kaspersky Labs was the quickest in responding to new virus threats.

The results of the experiment ranked antivirus developers as follows:

1. Kaspersky Labs
2. Bitdefender
3. Virusbuster
4. F-Secure
5. F-Prot RAV
6. AntiVir
7. Quickheal
8. InoculateIT-CA
9. IkarusšAVG
10. Avast
11. Sophos
12. Dr. Web
13. Trend Micro
14. Norman
15. Command
16. Panda
17. Esafe
18. A2
19. McAfee
20. Symantec
21. InoculateIT-VET

In addition to the above, Kaspersky Labs was also praised for the frequency with which standard antivirus database updates are released. Users of Kaspersky Anti-Virus can automatically receive updates via the Internet every three hours, round the clock, thereby providing them with greater security.

The data presented below confirms the undisputed right of Kaspersky Labs to the victor's crown:

Standard regular update release intervals.š

AntiVir (H+BEDV) 5 - 6
Avast! (Alwil) 2
AVG (Grisoft) 2
BitDefender 3 - 4
Command 2
Dr.Web 6
eSafe (Aladdin) 5
eTrust (CA) 4 - 5
F-Prot (Frisk) 4 - 5
F-Secure 6-7 6 - 7
Ikarus 4
Kaspersky Labs about 20*
McAfee/NAI 1
Norman 2
Panda 7
Quickheal 4
Sophos 4 - 5
Symantec 1 - 2
Trend Micro 2 - 3
VirusBuster 4 - 5


*data for December 2003. Since December 2003 the number of regular updates per week is 56.

Kaspersky Labs' leadership is significantly strengthened by the introduction of Rapid Virus Response, a new antivirus database update release technology. This was launched in December 2003, and since then Kaspersky Anti-Virus users have had access to 56 regular updates a week. This figure does not include urgent updates which contain a cure for new viruses judged to be of maximum danger.

It should be noted that all Kaspersky Labs antivirus database updates undergo complex testing for compatibility with a wide range of operating systems and configurations prior to release. Many antivirus developers provide their users with beta-versions of antivirus database updates, which have not been tested for compatibility and which can seriously damage system performance. All in all, Kaspersky Labs is not only the fastest when it comes to reacting to new viruses, but users are also offered maximum protection."

Well, it's as expected.

 

Are the vendors missing from list missing because they didn't update at all or missing because they weren't tested?
Steve

 

I think they were just not tested. Or are even better? When I remember the timings for Baggle worm detection some weeks ago (which I think is based on the same source here) NOD32 was missing because it didn't needed a special detection signature due to NOD32's heuristic which made NOD32 the fastest of course.

wizard

 

And the ESET?

 

And dont that is the answer really(although for the viruses mentioned NOD would be fastest) the list is supposed to take into account regular updates,if certain vendors are not included its seems another way that test results can be "massaged" in favour of certain products.I know KAV are very speedy with updates but so are NOD :-looking at that list you'd think they didn't bother at all!
I remember years ago in GB that a certain speaker manufacturer(Proac/Celef:-one of the very best!) stopped letting certain Hi-Fi mags review there products because they thought/knee reviews were being written to favour certain other products because of 1)Magazine revenue from advertising(Proac rarely advertised)
2)Brainwashing(loosely used) of certain reviewers
I can see a similar trend hapenning in computing where certain reviewers favour the same vendor time after time no matter what the catagory(look at editor choice over at CNET
:- Norton cant seem to put a foot wrong!
(there I've got that of my chest!!)
Steve