Against Unknown Viruses, Avira AntiVir the Winner For Now

KingofGnG writes "AV-Comparatives, the Austrian team of experts dedicated to antivirus tests acknowledged as a reference point in the field, has published the second part of the mid-year comparative, an ideal addendum to the one already released last September. This time the aim is to evaluate the antimalware tools' effectiveness against unknown threats in a test scenario meant to prove the heuristic part and the generic markers of the on-demand scanning engines." The best in show (of 16 anti-malware packages evaluated), Avira AntiVir was able to find 71% of the unknown malware it was exposed to in the first week, dropping to 67% after the fourth.

Now If only . . .

[Cyberllama]

. . . someone could find a way to get rid of its horrible "zomg hackers are after you, give us some monies" pop-up that comes up at 10:30 every tonight and alt-tabs me out of anything else I might be doing. I realize the free version is free, and apparently that pop-up ad justifies, but *must* it also alt-tab me out of games? That's pretty obnoxious.

Re:Missing some market leaders

[girlintraining]

It could be because Trend Microsystems has gone after people who have tried to benchmark their software in the past, claimed to have exclusive patents to the very concept of antivirus scanning, etc. They don't exactly have a great reputation for supporting fair marketing and being open about how their product works... Witness how many legitimate products get flagged as "hacker tools" (like Angry IP Scanner), while their commercial counterparts are ignored (ostensibly after paying them off to get off their little black list).

I say, it could be.

Re:Now If only . . .

[clone53421]

That's enough to ensure that I will never install it.

Re:mine is better

[adisakp]

Komodo firewall has technology to only allow white-listed EXE's to run in a "paranoid" mode. It means you have to manually "approve" newly installed programs and updates (or go into installation mode during the update) but it works pretty well.

Re:My antivirus research for my IT department

[St. Alfonzo]

"[...]it's the de-facto number one scanner in Russia and surrounding area (you know, where all the viruses come from?)."

Ignoring the assumption that all viruses come from Russia, wouldn't that make it more likely that the virus developers would make sure their viruses can evade detection under it?

Bogus rehash - don't bother.

[lancejjj]

Do we really need yet another analysis that talks about the same exact products on the same exact platforms?

Instead of a focus on complete information security, this kind of analysis, once again, ignores BlackBerry and Macintosh and Linux - some very common platforms that are growing in both the enterprise and home markets. How a repeated focus on the most commonly discussed platform helps anyone is a mystery. It just continues to say "all these products are different, we rank them according to our exclusive analysis." Are you going to switch AV vendor given their unconvincing analysis? Not likely.

In the end, the analysis sounds hollow; "My AV software isn't on the top of their list". Given their strategy, who cares?

The self-declared "security experts" completely miss the point by completely ignoring platforms other than Windows. Sure, perhaps the BlackBerry is only found in 70% of corporate environments, and the Mac only has 7% market penetration, and Linux is perhaps only 20% of back-end servers - but I'd fathom that nearly 95% of the businesses out there use one of these platforms and need them to be SECURE - in order to keep their corporate (or personal) data and networks safe.

All these "security experts" are failing their potential customers by rehashing the same discussion, instead of analyzing products and methods that address the mostly unhandled attack vectors of other mission-critical platforms.

Re:mine is better

[ClosedEyesSeeing]

Mine is better - remove the cat5 (or phone) cable. I'd like to see the chances of something getting in then! (from the Web, stupid users with viruses on portable media excluded from test results)

Re:mine is better

[Fozzyuw]

Is there a free version of NOD32? Antivir is still free (albeit with occasional ad pop-ups) for the home version. It also have a very small footprint. How's NOD32's footprint?

Re:My antivirus research for my IT department

[swb]

Ha! I work for Kaspersky reseller, and while I find it to be much more effective than other products, it still has problems.

The default settings want to do CriticalArea and StartupItem scans when you boot your machine, and this makes the icky Windows-is-slow-at-startup even worse. We've also had a couple of problems with updates crippling the client, and worse, the Exchange product.

The first couple of client problems were with older 6.x clients not taking updates, we updated them to newer application versions and it fixed the updating problem. This summer there was an update that literally crippled the client; Kaspersky came out with a fix, but by that time I'd already just removed and reinstalled.

The Exchange AV product has had bad updates that cause it to shut down store.exe. This is a huge show stopper, naturally, and its happened more than once.

The AdminKit is a hot mess, too.

I'd like to see us do some NOD32 installs, I seem to hear good things about it.

Re:My antivirus research for my IT department

[Khopesh]

I got so entangled in defending my joke assumption that I forgot one of the real reasons I liked Kaspersky's headquartering in Russia: It's not in America or any of its corporation-friendly, overprotective, terrorist-fearing peers, and it's not in a nation that is easily bullied by America, its peers, or corporations.

This means it doesn't need some "Homeland Security" back-door, it doesn't need to turn a blind eye to corporate root-kits and other DRM-enforcers, and it can be harsh on corporate spyware.

Re:Why so low?

[I)_MaLaClYpSe_(I]

Okey, I will take the time to explain it to you.

1. Set up a honeypot. Catch any number of relatively new viruses with these.

2. Use an AV product with signature files from a date before you started to capture the new viruses.

3. Tadaaa...

4. Of course... profit!

Now, was that so hard to come up with by yourself?

Re:mine is better

[lysergic.acid]

still, i think a better (more useful) test would be conducted by:

1. enlisting a 100 or so test subjects from various non-technical (in terms of computer knowledge) backgrounds.
2. give each one of the 9 best-selling anti-virus solutions to 10 different volunteers.
3. give the last 10 volunteers a 2-week course on basic computer security and malware-prevention.
4. subject all 100 subjects to the same gauntlet of viruses/trojans/malware over a 6-month period. (perhaps 4-5 viruses a week, for a total of around 120 threats tested)
5. note how many infections per person each group averaged, how many false-positives each group reported, and how much time/productivity was lost due to the threats & false-positives--for instance, time spent on reboots, reformats, dealing with virus alerts, waiting for anti-virus updates, etc.
6. lastly, measure the cost-effectiveness of the anti-virus solution used in each of the 10 groups.

i suspect that preventative education/training is probably the most effective method of combating viruses & malware. and though it might not be cost-effective in the short-term, it might be cheaper to train long-term employees how to avoid viruses/malware than to pay for yearly-subscriptions and still suffer down-time and loss of productivity from infections.