AntiVirus Fightclub Results!
The results are in! Congrats to Kaspersky, ClamAV, and Norton for being our top performers. Unfortunately, some of the others didn’t do so well.
The test was pretty basic. We threw three sets of viruses at each virus engine to see what percentage was caught. The first set was a basic test set (from eicar.org) that is a universal virus test. The second set was the ‘in-the-wild’ test which we picked from my mailbox that I have received over the years in mass quantities. The third set was the user-submitted set, which ranged from pretty standard viruses to some bizarre stuff I couldn’t identify.
The expected results was that all vendors would catch all of atleast the first two sets (eicar + in-the-wild) because these are all very common viruses that have been around for some time. However, as we’ve seen before, many vendors struggled.
Only three (Clam, Kaspersky, Norton) call all of these. Three others (F-Prot, Sophos, Mcafee) missed a few ranging from an 80-90% catch rate – not very good considering these are all really common viruses, but certainly better than others. GlobalHauri and the gateway appliances (Sonicwall, Fortinet, Watchguard) all performed poorly – catching about 60% and less of these common viruses. Watchguard would only catch one virus (the eicar test virus), which is odd because I thought they used the ClamAV engine.
The overall results were similar, although harder to interpret because we weren’t sure what the user samples really were. I’m fairly confident some were newer “zero-day” viruses, and some were ‘custom’ viruses. Regardless, the vendors scored in a similar order. Kasperksy was the top performer, followed closely by the open source Clam and Norton. F-Prot, Sophos, and McAfee were still the next 3 performers although McAfee didn’t do quite as well on the user set. GlobalHauri, Fortinet, Sonicwall still performed poorly and Watchguard caught none of this set.
Conclusions
As always, we are surprised by how poor many of these solutions are performing. Contrary to many statements, Clam is a top performer, and also ran 10 times faster than many solutions. Kaspersky is clearly an excellent engine, and Norton also performed well although it consumed lots of resources on the test machine. The rest of the solutions, some of which are quite expensive, were mediocre to terrible.
This raises many questions… Why has no one publicized this? What is wrong with the way we are testing antivirus solutions? Why do some testing labs claim Clam does significantly worse than commercial solutions?
Our Goal
Our goal in this test was not to scare people, or even drive people away from some vendors. We simply want to encourage discussion. Tests like these need to be open and transparent. They need to be performed in the open so results can be verified and challenged. They need to be transparent for credibility. (In fact, one audience participant significantly improved one vendor’s performance, Sophos, by pointing out that I needed to add a command-line option. Others pointed out mistakes I made recording results.)
Think we aren’t credible? Good! Go here, download the test set we used and compare to the excel spreadsheet we used to track, and run the test yourself. Just make sure to let me know what you find!
70 Responses on AntiVirus Fightclub Results!
I’m not at all surprised to see Kapersky doing the best, every one who tested it in the last several months has rated it #1.
I’ve been using it for a couple of months.
Cheers,
Rich
Trend Micro Officescan 8 engine catches all but 1. It’s the engine inside PC cillin that should have the same results.
Hey Bob,
Thanks for the info!
If I should do this again, I’ll formerly add NOD32, BitDefender, TrendMicro, Panda, and AVG.
It’s nice to see a comparison without all the marketing garbage surrounding it.
If you happen to go again I’d request CA AntiVirus, Live OneCare and Webroot SpySweeper /w AntiVirus be tested.
Still i wonder why F-Secure was left out of the equation. They’ve had a linux scanner for years, surely one of the first to have something to call descent when all other were not interested.
Regards,
Joris
Congrats on this. I’m able to reproduce those results against our clamav cluster at work (including the 3 failures).
Would love to see Trend, Panda and AVG in there!
I’m all for open tests, but why publish the results in a proprietary format that require Microsoft Excel and Powerpoint?
What about Avast…?
^That would be my question. But I’m scared to run the test on my system
.
Would be interesting if the configuration for the GNU/Linux and the gateway products were published. Configurations like heuristics, file size to scan, etc. may affect results… – and not all AV gateways have the same options, so this would be interesting to see…
JD + Ash: I too would vote for Avast to be included. There’s not terribly many totally free but fully supported (as in daily updates with new patterns) anti-virus engines. AVG one, and it’s already on the list so it’d be a useful comparative result if Avast were there too.
Just in case anyone needs a link, it’s available, free for home use, from
http://avast.com
The request is of course *totally* unconnected to it being my personal domestic solution! :’)
From the reviews I’ve seen it’s as reliable as most paid for engines. It’s certainly more economical with machine resources than most other ‘real time protection’ solutions I’ve tried, though I do install it with only the file monitoring protection as invisible email, chat and web proxies would be one layer of cotton wool too many for me..
Dave J.
Sorry to follow up on self, but I just ran the test set past Avast, it deleted all but two of the non-encrypted files.
That’s something that deserves a mention in itself; there were encrypted zips, called ‘untangle*.zip’ in there that didn’t accept ‘a’ as the password. I assume they were duplicates.
The filenames of the two it failed to delete were ‘111_xxx.com’ and ‘107_Please-confirm-my-payment.eml’
Dave J.
EICAR is not a virus. Detection of EICAR says absolutely nothing about the ability of a product to detect real threats. The only reason to include EICAR in such a test is a lack of testing competence. 18 samples is far too small a set to draw any conclusions from. this is among the least competent tests ever performed.
I appreciate what you guys are trying to get at but you leave more question unanswered then not:
What software versions (consumer/corporate) and version number?
What engine versions (where applicable)?
What Updates/DAT level?
What patch levels?
What OS?
What were the actual run times?
Please run it again this is a great test but really dig in and give all the parameters and permutations.
Nice comparison. Although the conclusion does mention a few bits about speed and resource consumption, next time it would be nice to see some graphs on this too!
Respectfully, this test shouldn’t be taken seriously.
You might want to review Joe Wells’ seminal work on the subject of antivirus testing here:
http://www.sunbelt-software.com/ihs/alex/Pragmaticantivirustesting.pdf
And using eicar to test for virus detection is a very bad idea. I’ve written a bit on this issue here:
http://sunbeltblog.blogspot.com/2006/08/more-testing-silliness.html
I also have a very hard time believing that “ClamAV is a top performer”.
While I would agree that antivirus testing is by no means perfect (in fact, arguably far from perfect), I might refer to testing from outfits like av-test.org and av-comparatives.org as being a bit more accurate in their findings.
Alex Eckelberry
This test is laughable. If WatchGuard is using ClamAV in their product, and ClamAV came out among one of the winners of the competition, how is it that these results put WatchGuard in last place? What an embarassment! Wasn’t that your first indication that there was something wrong with your testing methodology? Clearly you ran a test in which WatchGuard’s anti-viral protection was turned off.
Obviously an actual fair and independent study of these products would turn up vastly different results. Perhaps they might even ensure that the anti-viral solution is engaged before running the tests!
You should really take a look at the results of testing labs that do this work day in and day out:
Test done by Av-Test.org – 606,901 malware samples:
http://www.pcmag.com/article2/0,1759,2135092,00.asp
http://www.av-comparatives.org/seiten/ergebnisse_2007_02.php
http://www.av-comparatives.org/seiten/ergebnisse/2ndgrouptest.pdf
The number of malware samples you used is a joke.
Cheers,
Eric S
G-Data AntiVirusKit found all of them. The only things that remained after extracting were the password encrypted zip files.
Thanks all for the comments – I’ll address them inline and probably produce a new post with some thoughts on what I’ve learned.
Randy, you are correct EICAR is not a virus, but one engine only blocked the EICAR virus, so it was my ‘control’ to show that each was working and capable of doing simple task like unzipping.
Madstu, All the information is in the presentation from the show.
(Except actual runtimes which were not recorded because some vendors didn’t have a command-line client)
To those concerned about the test set size. While this set is small in the number of unique samples it is large in that it all the viruses I received for years. The problem with testing 600,000 samples is that the results implicitly assume that each virus is of equal value, when in reality I only worry about viruses I will encounter.
If a virus catches 99% of the 600,000, but only half of the 18 samples I get by the thousands in my inbox – what good is the engine? One of the takeaways is that the way we are currently measuring antivirus effectiveness (with these huge sample sets) is that it has no bearing on real world performance.
As to why WatchGuard only caught the EICAR virus (even though it uses clam) – I have no idea. I tried for hours to tinker with unrelated settings to see if they had any effect. No one could figure it out. I asked audience to help and we reviewed the configuration of the box live during the show to see if we could figure it out. Firmware is up-to-date, Updates are installed.
If anyone has a Watchguard box – I would love if someone could run the test independently.
DrWeb (which is available for Linux and other Unix’es) also detected all viruses.
It’s available here: http://download.drweb.com/
Just out of interest, were the encrypted zips within the zip of the testset *meant* to be inaccessible? The password ‘a’ won’t do the job and I don’t think I’ve missed a readme..
Is it correct to assume they were just duplicates in a different format?
Dave J.
ZoneAlarm caught 18.
If and when you do this again I would like to see how this Anti-Virus program would do against the others.
http://www.personalfirewall.comodo.com/
I find the results of the PCMAG.COM study hard to believe. Day in and day out I reinstall malware infested XP boxes, and most run Norton or Mcafee. On some of these boxes I install Avast first and run a boot time scan, and it picks up lots that the major vendors missed. This is real world stuff, not in the lab.
You may want to check out this study by the AusCERT … it’s from last summer, but likely as applicable today. It throws the PCMAG.COM study upside down!
http://www.zdnet.com.au/news/security/soa/Eighty-percent-of-new-malware-defeats-antivirus/0,130061744,139263949,00.htm
I personally use F-PROT and have for a number of years. I have faith in this product, enough that I have purchased it for my family and have recommended it to others.
Another AV product I recommend is Nod32. I have been told from sources that I trust that Nod32 has caught 100% of “in the wild” viruses in independant testing by Virus Bulletin for 7 straight years. I would tend to trust their testing methodology more than yours. I found it interesting and disappointing that Nod32 was not included in the products you tested.
Based on what I have seen so far I have little faith in your work as a reasonable measure of AV software.
Actually, the PCMAG.COM study:
http://www.pcmag.com/article2/0,1759,2135092,00.asp
had NOD32 way down the list behind Norton, AVG and Trend Micro. That’s why I think the study is crap. NOD32 is, at the moment, my #1 choice for malware protection. Having said that, I certainly do not rely on one product to protect Windows from malware. MSIE has hooks into the NT Kernel. Use Firefox instead. Use Mcafee Site Advisor to warn you of potentially malicious sites. And block javascript and flash from running (Firefox NoScript plugin) on all sites other than the ones you trust. If you take a multi-layered approach to security, you are far safer than relying on some product. Besides, antivirus technology has not changed all that much in the past 15 years, and the malware problem is getting worse. It’s clearly not working.
Dirk,
I have, like several other security professionals in this thread, serious objections to your methodology. As I’ve seen your results received uncritically in a number of places, I’m going to address them elsewhere, but pass you a copy, as I appreciate your willingness to receive critical input. I want to raise immediately an issue you may not have thought through, however.
I appreciate that you’ve made your sample set available from a desire to be honest and open and allow others to reproduce your results. But by doing so you’ve put yourself into the position of being a malware distributor, albeit in a very small way. I guess that as an amateur tester you don’t feel bound by the same ethical codes as a professional AV researcher, and may not even have thought of it as an ethical issue, so I won’t preach at you. But in doing so, it occurs to me that you may have put yourself in breach of legislation applicable in your jurisdiction: you may also be in breach of the requirements of your web and/or connection providers. So I’d suggest that you check, if you haven’t already, that you haven’t exposed yourself to some sort of legal or other punitive action. But I’m not a lawyer: I wouldn’t presume to advise you on whether this might be the case.
That said, while I feel that your test in its present form is severely compromised, I do think that you may have done us all a service by highlighting the gap between the way the security industry looks at testing and the way the rest of the world does, and I commend your obvious willingness to listen to suggestions for improving your own methods.
> Randy, you are correct EICAR is not a virus,
I should think so. Randy wrote a couple of definitive papers on using the EICAR test file.
> it was my ‘control’ to show that each was working
> and capable of doing simple task like unzipping.
But EICAR doesn’t tell you anything about detection (except of the test file) and virtually nothing about configuration. Which is rather important, since the balance of probability in this case is that WatchGuard was misconfigured rather than incapable.
You’ve misrepresented EICAR as a virus by including it in your test set. I presume you’ve used all four of the EICAR instances from the EICAR web site, which makes your real sample set even smaller. In fact, by lumping them together with your so-called Wild test set, that set would be effectively invalidated, even if you’d validated any other samples in that set.
> To those concerned about the test set size. While this set is small in the number of unique samples it is large in that it all the viruses I received for years.
That’s meaningless, because you haven’t made any attempt to validate your samples. How do you know they’re viruses at all? Because a mail scanner told you they were? That’s not validation. And if the scanner in question is also one of those you tested, you’ve invalidated your whole test by biasing it in favour of one scanner without validation or addressing the risk of false positives.
And look at it this way. Let’s assume (purely for the sake of argument) that all your 18 samples are valid, ItW viruses (clearly they’re not, but bear with me) and that your methodology is perfect (ahem.) What have you proved? That some scanners catch more of your samples than others. How many viruses are ItW at this moment? According to the latest WildList, 525. What, on the basis of your test, can you tell us about how well each of those scanners performed on the other 507? Nothing whatsoever…
> The problem with testing 600,000 samples is that the results implicitly assume that each virus is of equal value,
That’s not what competent testing organizations do. You either haven’t looked at any, or you haven’t understood their methodology.
> when in reality I only worry about viruses I will encounter.
But you can’t know what viruses (or, more to the point, malware) you will encounter. That’s why commercial AV tries to detect -all- known (and some unknown) malware, not just what is in the wild. (Apart from the fact that there is a significant difference between “in the wild” and in your personal mailbox.)
> If a virus catches 99% of the 600,000, but only half of the 18 samples I get by the thousands in my inbox – what good is the engine?
That depends on how valid your samples are.
> One of the takeaways is that the way we are currently measuring antivirus effectiveness (with these huge sample sets) is that it has no bearing on real world performance.
There are problems with antivirus testing even from the best testing organizations. But that isn’t one of them. Generally, competent testers test ItW detection -and- zoo detection, and may also look at false positive rates and some other stuff like TtU and retrospective testing that I won’t bore you with, though not necessarily in the same test. Some may even look at usability, but that’s an even bigger can of (ahem) worms.
Dirk, and anyone else who’s interested, I’ve put up a white paper at http://www.smallblue-greenworld.co.uk/AV_comparative_guide.pdf with my more detailed thoughts on this comparative.
As someone who works with systems every day, but who is not a security specialist (and make no claim to be!) the result of all the responses to the claims and counter claims here have just served to confuse.
It seems that there are a number of ‘prima donnas’ in the security field who, if the results of a published set of tests do not agree with their own thinking set out to rubbish them.
Come on guys, think of the people in the real world who have to use these products every day. Stop trying to score points of each other, and do something that makes all of us safer. After all, the original test was conducted openly, the results were published and responses invited, now it’s your turn to help, not hinder the development of a really good anti-virus/spyware/other nasty product. If all the manufacturers could produce a good product then we would buy based on cost/ease of use etc. After all, most cars do the job for which they were designed, and we all buy the one we like without rubbishing the others.
> Come on guys, think of the people in the real world
> who have to use these products every day.
Simon, that’s the whole point. A poor test does no-one any favours. This isn’t about knocking ClamAV, which does have its place, it’s about information versus misinformation.
I would like to see Panda AV and AVG run the next time you do this. I read the posts talking about test results and knocking your methodology. Okay, points taken. However, those who knock the methodology (either rightly or wrongly) often fail to present concrete examples of how it should be done, and what exactly their gripe is. Folks, feel free to point out errors in the methodology AS LONG AS YOU EXPLAIN the correct methodology and provide examples – otherwise I, among others will look at your responses as if they are a burp in a hurricane – insignificant. Don’t get me wrong, I for one would like to see more detail in a great number of studies. However, I find myself looking askance at many responses to posts because those who respond with such vehemence really provide little content to back their rants. Sorry folks – you want me to pay attention to your response? Put some meat in it! Don’t just whine about how it was done, provide some real ideas on how to do it properly – otherwise – shut up.
why wasn’t eset’s nod32 included in the test, considering that it is a widely used antivirus product?
David Harley:
“I have, like several other security professionals in this thread”
A self-proclaimed security expert is gracing us with his e-presence.
“I guess that as an amateur tester. . .”
“. . .in breach of legislation applicable in your jurisdiction”
You point out he is an “amateur tester”, and in the same breath offer “amateur” law advice.
“But I’m not a lawyer”
The first productive comment you’ve made.
“you may have done us all a service by highlighting the gap between the way the security industry looks at testing and the way the rest of the world does”
You clearly believe yourself to be part of the elite security industry. But must you put others down in order to make yourself feel higher?
I would have commented on your other writings, but I’m feeling sick. If your intention was to provide productive criticism, why couldn’t you leave out all the fluff that makes you feel better about yourself. Clearly stating your points in a more efficient manner would have been much more compelling. Instead you use punishing language in an aggressive manner, against someone who put in a lot of time, effort, and energy into this test, and provided all the results openly.
I don’t believe he stated this test to be the most unbiased and controlled anti-virus test in existence (clearly only you know that one). Besides, the “usefulness” of the test results is dependent on the reader. Just because the results were not what you had hoped for, in no way makes them useless. Be intelligent, draw whatever useful information you can from the results while keeping in mind the conditions of the test, and move on.
Oh, I forgot one funny comment which should lighten the mood in this now dim AV discussion
“What have you proved?”
I’m surprised you are an IT editor (maybe you’re an amateur editor), much less founder of smallblue-greenworld. “What have you proven” is the correct form. Proved is more appropriately used as an adjective before a noun – a theory proved impractical in practice. But keep at it, I “commend your obvious willingness to” be an editor.
>>It’s nice to see a comparison without all the marketing garbage surrounding it.
That’s all this whole test is: a marketing ploy.
Since this has degenerated from a discussion into a series of personal attacks, I’m unlikely to comment here again, but I can’t let that grammatical misconception pass. “Proved” is the regular past participle of “prove”. Strictly, proven comes from “preve”, a Middle English form which survived in Scotland after it died out in England. Hence “not proven” in Scots law. Up to quite recently, “proved” was formally preferred in England (by Fowler, for instance), but both are generally accepted now, though proven is probably used more often adjectivally.
David, I saw that too on dictionary.com, under the usage notes for `proved`. I personally think proven is correct.
> I personally think proven is correct.
As a modifier? Yes, I agree.
What do you think about the following ongoing study by CastleCops MIRT which shows ClamAV as detecting only 15% of the new malware caught?
http://winnow.oitc.com/avcentral.html
Also, you only tested signature detection. What about heuristics, behaviour blocking and analysis, sandboxing and other technologies normally included in “normal” products? What’s the point of this study?
Thanks all for the comments.
To clear up some confusion:
The ‘in-the-wild’ sample set came from an live email honeypot where all emails with attachments were stored (no virus scanners were used during the collection of samples). The verified malware was used in the ‘in-the-wild’ test. While I would have loved to throw more samples into this set, actively seeking out new samples would have compromised the ‘real world’ nature of this set. This was not a coverage test, but a real world datapoint – it would have been irresponsible of me to add samples that did not come from a honeypot as they would not have reflected the real world performance of each participant. Futhermore, all the samples in this set are documented malware which can be downloaded from the site and contains information on each sample.
Congrats to ClamAV on the sourcefire deal!
anon, great questions and points: read the other blog posts or presentation for the answers. I actually really like the oitc approach although I consider it to have one major flaw for what we are trying to measure – which I’ll talk about in an upcoming post!
Hello, Avira AntiVir PersonalEdition Classic (Free for WIndows and Linux / FreeBSD / Solaris) is quite good also. I used it on Windows XP with ZoneAlarm Personal Edition and almost never had any problem since then, with the help of Firefox). Now I use Xubuntu
, but I’ve just decided to install Avira AntiVir PersonalEdition Classic and ClamAV.
I use Watchguard and can attest that the virus detection can be spotty. However without knowing what model Firebox and software version was used as well as how GAV/IPS was configured, there is no way to say what is occuring. However the core and peak series units running WFS and Fireware are impacted in their ability to detect viruses in the HTTP proxy by allowing “range requests through unmodified”. Since WG only checks AV in proxy services, the transmission of files through filters rather than proxies or through proxies that are not GAV integrated would comprise a unfair test. Regarding range requests, this option is included on many configations for end-user functionality requirements and the resultant trade-off is the standard security vs. usability argument.
Nor is it good practice to compare gateway appliances to desktop applications. They are meant to be used in conjunction with each other, not in place of each other.
Thank you, Dirk, for looking out for us little people. Your intentions remind me of your first blog entry–your love for us little people: http://blog.untangle.com/?p=1.
Thank you for the study. I’m not a Statistician or a Security Professional. I’m just a web/email user. This study made me think about what I’m entitled to demand from the software products that I purchase.
I bought anti-virus software for about $60, on a 2-year subscription. I uninstalled it after 4 months because it slowed down my computer. I should have demanded a refund, but I didn’t. I have no clue how many viruses the software caught or didn’t catch. I do know that I need to install some anti-virus software on my laptop.
Piszcie coÅ› po polsku co jest wstydzicie siÄ™ polskiego???
All the comments seem to me to miss a basic point — why-the-hell don’t at least the mega-players catch ALL of the viruses on such a relatively “simple” test?!!! (OK, I’ll exclude not catching EICAR. After reading the thread, and links, I know a lot more about it but still don’t understand it.) Especially McAffee. I just switched ISP’s; my new one give free McAffee. The tech who came out for the installation noticed I had Norton and recommended I keep it. (Maybe he’d read your study.) Really, McAffee ought to be explaining this. At a minimum, all of them should have a copy of the others’ products, and be reverse-engineering the updates to help identify ones they’ve missed. That way, all of them would be catching everything the others can, it would just be a question of timing. There’s no excuse for any of them not to have found viruses that have been around for so long.
From time to time I run one of the various free web-based scans, although have always felt sort of silly doing so since I never found anything very bad. And, I wondered why they would be giving away the milk for free. Here’s my theory — nobody is catching all the viruses. So, people who find something with a free scan will assume that product is better than the one they had, and switch — not knowing whether the new one will actually catch a higher percentage at all.
Because (if you would have read the __whole__ story) you would have seen that the scanners were **not** properly configured.
David Harley makes some interesting — and valid — points regarding the imperfections in Dirk’s methodology, but it’s unfortunate he had to adopt such a superior tone in doing so. His implicit message that we of the common herd should trust the professionals sounds a lot like the political message we in the U.S. are getting from our government, and I respond in kind.
David cautions us about looking for the hidden financial motive behind the tester–well and good. How about the hidden financial motive of the critic, who happens to be a consultant offering “technical authoring and editing services, IT security consultancy and training” according to his own website?
The best insurance against the obvious and reasonable mistrust leveled at any given tester, is openness. If the “pros” want to be taken more seriously in the market, they have got to make their methodology as open to public scrutiny and critique as poor Dirk has done. . .I haven’t seen that yet, have you? You want me to trust you, don’t just prove why the other guy is wrong: prove to me why you’re right.
But however flawed Dirk’s methodology may have been from a scientific or statistical point of view, it addresses one point the professional AV companies nor David acknowledge: Many of us have seen up-to-date, highly-rated antivirus programs fail to protect our own computers. We have NOT seen the “professional antivirus community” address those failures in anything resembling an open and forthright way. This makes tests like Dirk’s a whole lot easier to believe because, however flawed they may be, they ring true as they parallel our own painful, if limited, experience.
I’m sure I won’t be using any AV products of McAfee and Symantec again. They made my 1,8 Ghz Pentium 4 with 512 MB RAM feels like my old 1,2 Ghz Pentium III with 256 MB RAM. And they didn’t catch *most* of local (Indonesian) worms –but this is understandable.
Maybe out-of-topic but need some enlightening comments:
Why AVs nowadays just delete worms they caught? I suppose they should *try* to “disinfect” files, not just deleting them rightaway. If this is the way law enforcers work, then all hostages are dead.
I know that it is impossible to disinfect some, but a local AV (PC-MAV) successfuly “disinfect” hundreds of my MS Word documents that big name AVs would just delete (luckily I had backups — worm infected but useful).
Perhaps I would be a bum by now if AVs just deleted years of my work.
Wow. Ego stroking. Negative commentary without much clarification on how to fix the test process.
OK. What this test does, more than anything else, is show the disconnect many of us security professionals in the field have with published tests.
Most of those tests do not reflect what I’ve observed over the last 14 years of working in IT. This test may not be perfect, but it’s a fairer shake than I’ve seen in a while and somewhat closer to what I’ve observed.
My favorite commercial solution did not fair as well as I’d thought, but still seems to have performed quite well in this test.
And yes, I’ve seen ClamAV stop virii that DID get past other solutions I’d worked with.
Good God, people. Instead of getting personal, try giving the guy suggestions for his next test.
The test is not representative with such a low number of samples. And who can guarantee me that those “user submitted” samples were not chosen by you to alter the result of the test? You also have an interest in the result of this test. This does not square with saying that “Tests like these need to be open and transparent”. I think that it is in fact a scandal to publish something like this.
Then what would make a good sampling?
And what conflict of interest did the author have?
Like I said, instead of tearing the guy down, offer advice to make what he attempted better. Or better yet, join him and help him improve it.
Should this be taken conclusively? No. But it’s open. And it’s a start.
I have found that over the years, There is no ‘best’ antivirus program. Antivirus programs depend on definitions to catch virii. To update definitions the vendor has to receive a sample of the virus, develop the removal instructions, and publish the updates.
One product may be excellent for 6 months and horribly late in updates the next, with the internet and email speeding distribution of virii, 0 day Virii is my biggest problem. because if you wait for a few days, most virus scanners will catch it. But by then if you are infected, the virii can disable the scanner making things difficult. ( actually thats the first thing i check when i sit in front of a computer to fix )
The effort by Dirk is commendable, more real life samples would have given a better result.
I personally use 2 products one on the desktop and another on the Gateway, I know a company who uses 4 products on their gateway.
a bit over the top but it works.
That way if one scanner misses it the other catches it.
What about Avira, Avast?
I liked the test… so well done!
I am curious about one thing though… given how poorly Global Hauri performed… why include it in the Professional Package?
Why Avast , Avira , AVG not included ?
These AVs are very popular (available free for public).
Any so-called “real-world” test would have include these
3 AVs .
Or is this just another disguised marketing ploy ?
Comparison among all anti-virus software by adding other major anti-virus software like Avast, Avira, AVG, NOD 32, BitDefender, TrendMicro, Panda, ZoneAlarm. It will need more works and efforts. But the result is more valuable and everyone would appreciate it.
Would love to see Avast antivirus in there!
You can download it here http://wsdcent.com/freeware/download-tag-1-IDS-1964.html
That’s a good list but few antivirus softwars are missing. Like NOD 32 . AVG , Macafe etc.. These are good programe to kill any virus. these should be included in the liist. I am not happy with norton antivirus because it took lots of resources and your system is slowing down.
As an Untangle MSP and a HUGE fan of NOD32, I’d really like to see how ESET NOD32 performs.
I run it at home and recommend it to every client I have.
I am pretty confident that it will perform well, and, it is one of the rare anti virus programs that consume very little resources.
I was disappointed to see you had not included Avira Antivir, as personally I class this AV way above Clam, Kaspersky and Norton or others in this test. But maybe if you run this test again at some point in the future you will include Avira and be extremely impressed by the results.
Not sure I would recommend Norton anymore. Too clunky on resources and way too extra files installed.
i still use my symantec.pretty good working.
I use the free version of AVG and in my opinion this is the best free anti virus software. I am pretty confident with it.
I like mcafee,and will still use it
Kaspersky, Avira has proven its advantage in their own uniqueness. I like Kaspersky because of the virus detection rates simply the highest based on experience i been using it since version 6.0 and Avira use in my office. The good thing about avira is the usage of system (memory) resources is at minimal level. So it doesn’t bother your multi-tasking on computers even when it is active scanning in the background or updating.
I am happy with Nod32 ..:)
Bonjour,
Je vous conseille de lire un site qui parle de mutuelle
Leave a comment on AntiVirus Fightclub Results!
RSS feed for comments on this post · TrackBack URI