Top 10 Anti-Virus products

...

As I have mentioned before, it seems to me that in the typical portion as described above, all top antivirus programs preform very well.

Personally, I think the real time "av shield" is more important, and one other ability that may be even harder to test. That would be, how easily is the A/V shut down, deactivated, overwhelmed, lock-up...however you want to put it.

So what do we do? Test what is easy to test, and not what is most important. Then make decisions based on the test results! You gotta love number crunchers!

You saw this coming. I think Norton has very good performance in the real time protection and a cool head "under fire".


- HandsOff

 

Thanks for the explanation. I did look on the site but did not see the FAQ - have now found it. Sometimes you look and you don't see!

 

I do that on a daily basis, just don't quote me on that ...

Blue

 

I agree, this is generally true and, off-hand )) I can't recall an example in which it wasn't true. The other general comment I'd make, VB100 is another test that is often cited, at least with respect to it's pass/fail ratings. If is critical to understand whether a fail rating is due to a missed sample or a false positive since either occurrence yields a rating of failed.

If you look at how AV tests are performed, this test is a pragmatic impossibility for a reasonably sized test set. The implicit presumption is that if an AV recognizes a malware sample on scanning, the realtime component will flag it prior to access or execution. As has may be inferred from a discussion elsewhere, that implicit presumption may or may not be true.

I view the proactive/retrospective testing under controlled conditions as a first and significant step away from this ethic. In general, you comment is correct. Aside from that, one if left to anecdotal experience as a casual guide. Beyond pure anecdotal experience, one can assess the programs which are present in HJT log files posted on security sites requesting aid. There are some programs which you never see in the running process list. Coincidence? Maybe, maybe not

Although I no longer use NAV, you get no argument from me on that count. It's a very capable option.

Blue

 

To the extent that this is true, then A/V's should include the option to "Scan my computer" with only the virus definitions that have been downloaded since they last on demand "Scan my computer". Think how much quicker such a scan would run!

Funny, I don't seem to see any A/V's confident enough of their real time scanning to offer this high speed scan option - hmmm maybe I should e-mail Kaspersky and see it sounds good to him.


To the extent that it is not true (and I don't believe that it is) the tests are not adequate. I would go so far as to say it tests a much easier function. Just my opinion.

Don't get me wrong. The tests are very important in one respect. If a product can not perform well at the on demand scan, there is virtually no chance that it would perform well in the real time test.

This is significant when you consider for a long time there was pretty much no test for adware/spyware performance. when some tests were run the vast majority detected almost nothing and fixed even less.

The exceptions were the one's we hear about here, spybots, ad-aware, webroot's spysweeper(?)...and some lesser known, but still, the point is most of them did nothing! Luckily the same is not true for A/V's.


-HandsOff

 

HandsOff,

You've swept a lot under the rug here, including the frequency and extent of an on-demand scan and how that could provide significant backup to realtime performance, and the details of how a programmer would implement this feature in a specific AV. In part KAV 5.0 has implemented it under both iStreams and iChecker technologies. I guess you know that, although it's a little unclear from your comments.

I don't believe anyone believes that these tests are an end-all analysis.

These tests monitor a trait that can be reasonably measured. As you say, poor performance in the demand case signals major problems all around while success in the demand case means only that. It may or may not provide a good predictive statistic for the realtime context. Anecdotally the correlation seems to be there, but that's a global average. Specific examples may not adhere to the correlation.

Blue

 

Hello Blue,

I think you may have misunderstood my intent. I was not proposing a revolutionary new tactic, I was trying to point out something, and put it in a joking way.

More plainly, what I meant is that most A/v's recommend a full system scan once a week (they exact parameters will vary, of course). My thought was this. If your scan detects something, then why was it not caught when the infected file was introduced to the computer? Of course it could be a new definition, or an improved scanning engine or many other things. But a certain percentage of the time, maybe most of the time, it is not because the virus is new. For some reason it simply did not catch the virus at the time that it infected the computer.

Along the same lines, what is the first thing many people do after their active scanner detects and removes a virus? They do a system scan.

I could be drawing all the wrong conclusions, and maybe I am taking something for granted, but I've always imagined that success rate of a real time scanner catching a virus, is going to be smaller than the rate of detection of a virus that is in a file or folder that is being scanned by the on demand scan.

I mean, if your weekly scan finds a virus, then it did get by the realtime scanner.

I am sweeping a lot under the rug, as you say. But only because I assumed it was an obvious truth. Now, after thinking about it, I have to admit that that is just an unsubstanciated guess.

But IFF it is the case that the realtime scanner has a lower rate of success, and IFF it is true that all top A/V are almost perfect performers in the on demand scan, then it would follow, that the difference in performance of the real time sheild is much more likely to impact the success or failure of an A/V to perform.

It's just idle speculation...I shouldn't have presented as anything more.

I never really even wrote to Kaspersky...on the other hand if he should come to me for advice I am always willing to share my ideas on the subject


-HandsOff

 

I can think of five AV's that should've been on that list. ArcaVir 2005, VBA32, Dr. Web, NOD32 and avast! Those are better then almost any of those that are on the list.

 

For the Dutch/Flemish:

Personal Computer Magazine (May, page 60) has a mass test of AV products as well as Security Suites. Details will be published later on the PCM website.
Cheers,

Gerard

 

Hi Maxx, Those are very highly regarded AV's. This ranking, as you know, is based on the reported usage figures for AV's. The implication is that the most popular A/V's are the best A/V's. People have argued that the reported figures are not accurate to start with. The biggest problem I have with the assumption that the most popular are the best is that probably only a tiny minority of the test group have even tried one of the five that you name. How can that person's decision be considered equal to a person that has used a dozen or more different A/V's.


Still, I will have to admit that I tend to believe that all ten are fairly effective. From the comments I have heard here, I wish I had tried some, in particular, NOD32 because I will use a program a lot more often if it is fast and effective, than if it is only effective.

In fact, I am getting that download urge even as I type


- HandsOff

 

HandsOff,

OK - I see where you're coming from now. No problem, I must have had my serious hat on and it was a little tight around the head

Along the points you made..., the current production release of NOD32 does allow one to flag "Potentially Dangerous Applications" with the scanner but not the realtime monitor - this is one case where something undesired could leak though (I've had that happen). I don't have NOD32 2.5 beta active right now, but I recall that facility is now in the realtime monitor. One could also have a fairly loose configuration realtime and tighten it up substantially for the scanner to balance performance. Again, allowing for some leakage of malware into the system in the realtime context could occur, more by configuration employed than intrinsic weakness.

In any event, I'd also be more than willing to share my ideas with Kaspersky et al.. They haven't been breaking down my door to talk to me either

Blue

 

Hi,

I'm not a scaner engine with signatures partisan but even if i defend a prevention approach, i also think they're necessary.
In a special thread about the subject, i've said that we can't really specify which antivirus is the best:

https://www.wilderssecurity.com/showthread.php?t=65983

There is just a well known list of about ten exellent AVs, and choosing this one or that one would not make a big difference.

If i suppose that somone has the best antivirus, then it does not mean that the line defense is totally unbypassed.
An AV is just a part of a security system.

As said Bruce Scneier: "Software is not security".
In the heart of any security system (at home or in a corporate environment), the competence of the Man/Woman does often signify the quality of the security.

Therefore, taking a little time to learn how threats works is more interesting than searching which AV/AT/AS/Firewall is the best.

Regards

 

As said Bruce Scneier: "Software is not security".

I agree, that says alot. there are different aspects of security, and it pays to at least attempt to tackle as many as possible. Especially if there are whole areas of security that you are completely unfamiliar with. Sometimes all you get are hints. Hint - Wilders has an encryption forum. Does that suggest anything?

to Mr. Z, no problem. Sometimes I get wrapped up in some single aspect of a question and just flog it to death. I like to describe it as being focussed. Other people have more colorful descriptions for it.


- HandsOff

 

Hmm,
Since I didn't see my anti-virus on that list should i upgrade to something bigger and better ..i have windows xp sp2, AVG RrEE Edition. No known anti-trojans on my pc either. Well THanks a Mill.

 

""China is the third largest market, just after European Union and USA. I wonder, which av:s do they use in China?""


Stolen.

 

Well here in my country, Most ppl have a stolen NAV/NIS license on their PCs. I have seen few people running McAfee and Trend, and few people I talk to even know of the other brands like Kaspersky, Eset, BitDefender etc.

I purchased all my licenses legally and am happy with that. I get the support that I need at times, I get to curb software piracy by sending cracks to software companies so an effective crack protection can be developed.

Yes, I get to do good, to do whats right, by buying real software

 

I do sometimes the same...cause I don't like it when people steal from me and hate it when people steal the things I am paying for...

 

You'll be very busy doing all that..........and what do you do about all the big companies/governments stealing from us every day, week, month, year etc. etc.?

Putin

 

I am not doing this all the time it just happend sometimes hence my relationship with software coders/friends/...

what do I do with the big companies?...I pay my taxes, I try to be correct with everyone...I do not have any probs with the Belgian Governement (sic) stealing from me...cause I protect myself from that to a certain degree

Andy

 

by the way avast is every day better!
norton , i bought and for me sucks

 

Mantra,

Agree with you fully on Avast, gets better day by day.

 

I don't pretend to understand the motivations of big business, but I make the following assumption: Norton has always had the capability to negate piracy, and has chosen instead to 'manage piracy'. You can pretend not to see the inconsistancies in a company specializing in network security, firewall, ad-blocking, anti-virus, ect...putting very weak protection on their products if you like. At the same time you can pretend that there are not better protections that they could apply any time they so desire.

You (the hypothetical you, not the actual you) say that Norton is the most pirated AV because it is number 1. I say Norton is number 1 because it is the number 1 most pirated AV. I could give you blatant examples of companies promoting their products this way, but of course, it is all accidental, and they are furious!

I like Diamond CS because of the free services they supply, and access to the customers seems to indicate a real desire to make the web a better place. Their reputation in the micro-community of security aware computer user's is excellent. I only wish they had weaker authentication methods. Come on guys, you been in the lab too long! Get your name out there! Weaken those protections! The rewards will be great, and I'll have some new programs to play with*!


-HandsOff





* The tremendous influx of cash will allow them to develope many new products. What did you think I meant?

 

The extent to which any software gets pirated is related to simple economics. That is supply and demand. Demand is simply that people want it for whatever reason. it can be garbage or great, but they want it. Supply in this case is related to how well the product is protected and how interested the crackers are in making available keygens or stolen keys. There seems to be a lot of hatred for any application using product activation, so crackers seem to put these at the top of their priority list. They also seem to like to attack large publishers first so that more users get to see their "product".

Anything like Norton AV which is widely used, heavily promoted and not protected with a scheme where passwords are checked against a list of valid list maintained on a server, is going to be widely pirated. It is possible for AV vendors to cut down on piracy by checking passwords against a central database, but it requires the purchaser to deal directly with the publisher on a non anonymous basis. There is some purchaser resistance to this, and it also does not work for shrink wrap sales. Publishers who use this system stay quite busy blacklisting keys and serials. If yours is stolen and blacklisted, you are out of luck. This sort of system seems to be used by Eset, Trend Micro and Dr. Web.

 

Kingsoft, Rising, Jiangmin are the most popular av in China. Meanwhile, advanced users who visit security forum regularly also choose the avs, mentioned in wilderssecurity, such as kav, drweb, pcc, mcafee, nav, panda, nod, bitdefender, fsecure, to make a try.

 

my 2cents worth..<removed> Beating Piracy is like a needle in a haystack..Its to far gone now like the music stuff...MD

Edited to remove product name. Ron