Which anti-virus has a better detection rate?

Discussion in 'other anti-virus software' started by ninja_style, Oct 13, 2004.

Thread Status:
Not open for further replies.
  1. ninja_style

    ninja_style Registered Member

    Joined:
    Oct 12, 2004
    Posts:
    41
    F-Secure or Kaspersky? and Wich is faster at scanning files? I know about Kaspersky, it takes pretty long to scan files, cause I have used it myself, but I am wandering if F-Secure is faster at scanning file or has a better detection.
     
  2. ninja_style

    ninja_style Registered Member

    Joined:
    Oct 12, 2004
    Posts:
    41
    oops, sorry, I posted on the wrong forum, mods please move it to "other anti-virus."

    thanks

    Mod Note - moved to other anti-virus forum as requested - snap ;)
     
    Last edited by a moderator: Oct 13, 2004
  3. tazdevl

    tazdevl Registered Member

    Joined:
    May 17, 2004
    Posts:
    837
    Location:
    AZ, USA
    Welcome to the forums... run a search, this topic has been covered. In general KAV has slightly better detection rates, though F-Secure actually uses KAV as one of its scanning engines. FSecure takes a bigger hit on your system because it is a multi-engine product. Also it uses backweb to update the app, something I and many other users are not too fond of. Both take a long time to scan which is due to their unpacking support. You want fast, get NOD32.
     
  4. ninja_style

    ninja_style Registered Member

    Joined:
    Oct 12, 2004
    Posts:
    41
    Thanks for reply, I am currently using Kaspersky, and this what I will continue to use. Seems like this is the best at detecting viruses and I am very happy so far :) .
     
  5. Firefighter

    Firefighter Registered Member

    Joined:
    Oct 28, 2002
    Posts:
    1,670
    Location:
    Finland
    To ninja style from Firefighter!

    About detecting rates: Without those "riskware malwares", F-secure beats Kaspersky but only a bit, because of three scanning engines. When we are talking about all kind of nasties, Kaspersky 5.0 with extended database scores better than F-secure.

    As a summary of detecting rates, the differencies between any KAV based scanners together, are smaller than the difference between any KAV based scanner and the best non KAV based scanner.

    Best regards,
    Firefighter!
     
  6. RejZoR

    RejZoR Registered Member

    Joined:
    May 31, 2004
    Posts:
    6,426
    Kaspersky is an elite in detection rates.

    Kaspersky 90%
    F-Secure 85%
    Dr.Web 74%
    NOD32 57%
    MKS_Vir 54%
    BitDefender 53%
    AntiVir 47%
    avast! 39%
    Norman 30%
    F-Prot 28%
    ClamAV 25%

    These results are estimated from Jotti scanner and they seem to show the most exact detection rate for all kinds of malware out there.
    I'm somehow dissapointed with F-Prot and Norman results, and very impressed with AntiVir. Others were as i expected. NOD32 showed the biggest difference between signature/signature-heuristic detection (10% difference in overall detection). Others had around 5% difference.

    So, i can say Dr.Web is the best alternative to KAV/F-Secure.
    Its speed and memory usage is also very nice,configuration level is high,very regular updates, strong heuristics (sorry,don't have any heuristic statistics for it).
     
  7. Stan999

    Stan999 Registered Member

    Joined:
    Sep 27, 2002
    Posts:
    566
    Location:
    Fort Worth, TX USA
    Any information if false positives may or may not be effecting the Dr.Web percentage results?

    Thanks,
     
  8. Sweetie(*)(*)

    Sweetie(*)(*) Registered Member

    Joined:
    Aug 10, 2004
    Posts:
    419
    Location:
    Venus
    Have a look at the Virus Bulletin 100% awards for a true comparison on the detection rates of AV scanners.

    Even the worst scanner will get 90%+ of the current viruses, the updates and scanning time do differ however.
     
  9. RejZoR

    RejZoR Registered Member

    Joined:
    May 31, 2004
    Posts:
    6,426
    BV100% doesn't show anything IMO. At least not for me.
     
  10. Firefighter

    Firefighter Registered Member

    Joined:
    Oct 28, 2002
    Posts:
    1,670
    Location:
    Finland
    To RejZoR from Firefighter!

    If your scanned infections in Jotti's online scan are really a result of RANDOMLY picked nasties of all kind, the results of F-Prot really surprises me.

    I've picked over 3 000 nasties of all kind except pure old DOS viruses from over 20 different sites and they represent about the same prevalence of all infections that DrWeb had ranked among the most common infected categories in their recent signature updates. My scanning results are very close to AV-Comparatives.org, VirusP 8-2004, and the latest av-test.org with those scanners that I've scanned. Command AV, that has F-Prot engine, was in my tests always in the closest top, about the same scoring as DrWeb has, I just can't believe that F-Prot sucks so much in real life, never.

    Best regards,
    Firefighter
     
  11. Stan999

    Stan999 Registered Member

    Joined:
    Sep 27, 2002
    Posts:
    566
    Location:
    Fort Worth, TX USA
    Again, I would have to inquire if false positives may be inflating Dr.Web's percentage results as compared to some other AVs?

    Thanks,
     
  12. VikingStorm

    VikingStorm Registered Member

    Joined:
    Jun 7, 2003
    Posts:
    387
    It may be the fact that a lot of the samples people are submitting are packed files.
     
  13. se7engreen

    se7engreen Registered Member

    Joined:
    Feb 6, 2004
    Posts:
    369
    Location:
    USA
    In my (limited) experience with dr.web and from what I've read from others, false positives very much reduced with the latest engine.

    Also I don't think Jotti's statistics are the way to measure av performance and I doubt that they're meant to do so. You never know what kind of garbage and archaic viruses people upload that would affect statistics.
     
  14. Ailric

    Ailric Guest

  15. Open Source

    Open Source Registered Member

    Joined:
    Jun 12, 2003
    Posts:
    50
    Location:
    The Net
  16. Technodrome

    Technodrome Security Expert

    Joined:
    Feb 13, 2002
    Posts:
    2,140
    Location:
    New York
    Wow. Jotti’s scanner can’t be use to compare AVs detection rate.
    I am amazed that somebody actually is using it to do so. Rejzor?

    Look at this very simple example:

    Eicar.com file archived with winrar version 3.10. Norman and Antivir missed it. Problem? I don’t think so.
    Archive support it’s not a big priority to Norman developers. But we can’t say Norman failed to detect eicar.com because it’s not true. Grade Norman’s detection performance based on this would be totally BS.

    F-Prot is another av with rather poor archive and packers support. But no matter what your statistics suggesting ,F-prot is and will be a top performer.



    tECHNODROME
     

    Attached Files:

  17. RejZoR

    RejZoR Registered Member

    Joined:
    May 31, 2004
    Posts:
    6,426
    No? Well if AV can detect files in bad/difficult conditions, then it can also detect it in its default form. Thats the whole point. This should be considered as On-Demand test. Ofcourse i take it with some reserve,but for me it shows better ratio than tests on predefined sets of malware. And results are as i expected,so i don't see anything wrong with it. Kaspersky scores the best as expected,NOD32 and Norman show biggest potential in Heuristics/Sandboxing and so on...
     
  18. Technodrome

    Technodrome Security Expert

    Joined:
    Feb 13, 2002
    Posts:
    2,140
    Location:
    New York
    Not really. Rating AVs by using Jotti’s web site is totally misleading. But if you insist be my guest.


    tECHNODROME
     
  19. hbkh

    hbkh Registered Member

    Joined:
    Jan 15, 2004
    Posts:
    128
    Location:
    Ohio, USA
    I think its very misleading hense the reason he removed the percentages... Heres why, I wanted to test for consistancy in the scanners (ie. Jotti's use of the f-prot engine (linux) vs my own personal copy of F-Prot for Windows 3.15b), Using the jpeg exploit recently posted as a measure, F-Prot detected the exploit perfectly in on-demand and in the RTM, but when i tested the identical file with Jotti's service it said no viruses detected. So, if there should no difference in results, why did it detect on my machine but not for Jotti's? Keeping in mind its the same virus and same program (only his version is linux and mine is windows). :doubt:

    hbkh

    PS. It is still a good judge of infection, but you should ignore the statistics. imho.
     
  20. RejZoR

    RejZoR Registered Member

    Joined:
    May 31, 2004
    Posts:
    6,426
    Eh you don't understand me(the same reason why Jordi removed statistics). Forget about what i said in this thread.
     
  21. mrtwolman

    mrtwolman Eset Staff Account

    Joined:
    Dec 5, 2002
    Posts:
    613
    IMHO, Kaspersky detect most malware, they simply add all the trash to their databases. Even harmless text files dropped by virus or trojan...
     
  22. steve1955

    steve1955 Registered Member

    Joined:
    Feb 7, 2004
    Posts:
    1,384
    Location:
    Sunny(in my dreams)Manchester,England
    Strange how some folk try to misrepresent good(best!)detection rates,I know it is hard to accept(for some people)but Kav does detect more than NOD,sorry but its a(for some an unpalatable)fact of life!
    And before anybody "goes off on one" I use both and am willing to accept the relative weaknesses of each:-Kav being a bit system heavy,Nod having a poorer(overall)detection rate,and dont come back with"Nods just meant to be an anti-virus"even eset dont use that line anymore!
    The original question was "which anti-virus has the better detection rate?"
    the answer from my experience is Kav(but I haven't tried ALL of them!)
     
  23. RejZoR

    RejZoR Registered Member

    Joined:
    May 31, 2004
    Posts:
    6,426
    *.txt file left behind might be trash to you,but why shouldn't be cleaned? Even if its only a harmless part dropped by some malware?
     
  24. Jotti

    Jotti Registered Member

    Joined:
    Oct 15, 2004
    Posts:
    11
    Location:
    The Netherlands
    Hello all,

    Speculate all you want about detection rates etc., I just want to clarify some things.
    That might currently be the case. Ever since I 'hid' the statistics, I haven't spent any time correcting the db for false positives. I don't have time....
    I'm developing a new version that will (hopefully) take these into account in a better way.
    Indeed. A lot of files I receive are packed and -hence- not detected by the majority of AV's
    I concur.
    Yes and no.
    Yes, because they are a real indication of which scanner detected a particular piece of malware and which scanner didn't.
    No, because it's different from other tests 'out there'.
    Most offline tests are based on malware archives with the majority of samples being older than a month. My service often receives (about half of the time actually) brand new malware. Heck, I receive approximately 2 malicious files per day that aren't known to ANY scanner at the time of uploading!
    Whenever I perform a rescan a week later, every scanner performs better. Much better. My statistics are merely an indication of how fast AV companies are responding to threats ITW (I receive these files from multiple sources, worldwide, so if you ask me, these things are ITW). They are not a score of how many viruses etc. a particular scanner detects overall!
    The results are not to be interpreted in the way results are mostly interpreted, indeed.
    Why not? It's malicious (not this example, but you get the point) and it's "hidden" inside a widely used archive format.
    Which part of "No viruses found" is to be misunderstood here?
    Isn't it harmless because the 'on access part will undoubtedly detect it'?
    Then what are 'on-demand' scans for? They're supposed to scan inside archives!
    That is correct.
    I sincerely disagree with that. They lack generic signatures, they lack unpackers, they lack er... a lot. They try though, which I respect.
    I place a couple of IP bans every week because people are trying to 'fabricate' false positives.
    This could be one of two things:

    - You uploaded the file before I upgraded F-Prot to their latest engine version, which detects the JPEG exploit (F-Prot are on my automatic-mailing service, yet I had to be informed by someone else there was a new version available).
    - The linux engine version differs from the Windows version.

    Neither of these are my service's fault really. I understand your frustration, but I can't be held responsible for AV companies' policies.
    Other OS implies 'not the same program', but I understand where you're going. I explicitly state on the website that differences with Windows versions may occur. Especially because AV vendors often 'forget' to inform me they have a new version that doesn't come with the auto-update.
    VBS scripts are not harmless text files. And it's a nice "touch" to remove text files dropped by malware along the way. They weren't there before you got the infection, so they can be safely removed.

    For the record: it is not my intention to kick anyone's butt. It's not my intention to imply my service is perfect. It's not. The statistics were never meant to be judged as a 'this AV detects X% and that AV sucks!' ratio. This is my personal opinion. Feel free to respond. Just don't expect a reply within an hour.
     
  25. Don Pelotas

    Don Pelotas Registered Member

    Joined:
    Jun 29, 2004
    Posts:
    2,257
    Thank you for clarifying Jotti. Nice to see you joining. :)

    No need for encouragement. The moment someone mention's Kav or Nod plus detection, and of we go. ;) :D

    Regards
     
Loading...
Thread Status:
Not open for further replies.