Microsoft OneCare Last in Antivirus Tests

Juha-Matti Laurio writes "PC World has a story reporting that Microsoft's Windows Live OneCare came in dead last out of a group of 17 antivirus programs tested against hundreds of thousands of pieces of malware. The report of an Austrian antivirus researcher was released at the AV Comparatives Web site this week. Several free AV products were included in the test as well." While the top dog was able to find 99.5% of the malicious code, OneCare clocked in at 82.4%. Of course, there's no metric for the severity of the malware in the 17% gap.

It'll get better over time

[Rosco P. Coltrane]

The OneCare team has access to the Windows source code, that's got to give them an edge.

Re:It'll get better over time

[Gothmolly]

How many times have we heard this from Microsoft? Why do people still reward this sort of behavior with continued purchases? If its going to kind of suck out of the box, and get better over time, and you can get support, why not use RedHat Linux or Solaris ?

Re:

[rblancarte]

Are you serious? I mean, I am no Microsoft or Windows lover, but Linux is no alternative to Windows for Joe and Jane Average Computer user. Using my parents as a gauge (because I consider them pretty average computer users), having them using Linux as an OS would make zero sense. They are much more familiar with Windows products. They don't have to jump through hoops to send out documents that would be compatible with everyone else they communicate with (or to read the documents they get). They underst

Re:It'll get better over time

[Johann Lau]

So what you're actually saying is that nothing is an alternative to Windows for Joe and Jane Average Computer user, not just Linux. Which makes me wonder: how did people start using Windows? Weren't they too used to not using Windows to "relearn"? How did people learn to use cellphones, or to use number pads instead of dials before that? People don't stick with what they know, they stick with what everyone else uses and/or tells them to use. There is a difference.

Re:

[falsified]

Realistically, for home use, AND for most users (myself included) there WASN'T anything before Windows anyway. Yeah, MacOS, but if I remember correctly the first Macs weren't exactly priced for the casual user. DOS was dominant and Windows ran on top of it. It was a GUI a person could ease into while still duking it out on the more familiar command line.

As OS tasks shift to the Web (and I think that will happen), we'll see a shift to the more stable Linux OS because the casual user won't have to figure out

Re:

[falsified]

I agree with everything that you said but your timeline ends in 1993. By the time the computer became an item that you were just kind of supposed to have, Windows/DOS was dominant in the business arena and that had spilled over into what home use there was because of its familiarity. Once the home computer market exploded, Microsoft was there, rightly or wrongly.

Re:It'll get better over time

[suman28]

You are doing nothing but put your parents "in a box". I repair computers around my neighbourhood and when people tell me they lost their Windows CD or it didn't come with CDs or whatever, I tell them they can spend an extra 150 for their "Genuine" copy of Windows or use Linux. I cannot tell you how many people choose Linux. I tell them to give it a try, since most of them are not using it for anything more than Web browsing and photo viewing. If they don't like it (and some don't), they come back to me and spend an extra 150 or whatever. I have a few Average Computer users that use Linux and are quite satisfied. Thank you.

Re:

[DesertBlade]

If it is an OEM type of machine (like from Dell) the key is on the side of the box. There is no need to spend $150 on a new OS, just find the CD elsewhere. I am sure someone doing PC repairs has a Windows XP CD lying around or knows where to find one.

Linux has come a long ways, but it is still foriegn to a lot of people. When people use Windows at work, it is easier to use it at home.

Re:It'll get better over time

[mastershake_phd]

If it is an OEM type of machine (like from Dell) the key is on the side of the box. There is no need to spend $150 on a new OS, just find the CD elsewhere. I am sure someone doing PC repairs has a Windows XP CD lying around or knows where to find one.
 
Yes, but certain keys work with certain CDs. They unfortunately arent interchangeable. One PC I have wouldnt reboot after using the auto-upgrade feature to download SP2. So I got a SP2 CD, but it didnt like my old (legal) CD key. So I found a working key on the web, now I got that damn Windows Genuine Advantage thing popping up.

What are you supposed to do?

Re:

[skoaldipper]

> And because most users are familiar with their older products, they stick with what they know.

That's a fair observation. But the real chin scratcher is why they continue purchasing AV software. I've been running butt naked wild on the net since at least win95 - never installing an AV rubber. Never got a trojan or virus either. Why? I don't open email attachments. I don't install software from untrusted sources. Etc. But those last two statements are common sense, right? People know that. And I

Re:

[nakkenakuttaja]

My father is 76 years old and has only used computer for the last 5 years or so. His first PC had Windows 98, but last year I updated his computer with new motherboard, harddisc etc. + I installed Kubuntu on it. He has been very satisfied with it using Linux. I don't think Linux is more difficult to use than Windows. OK, my father probably would not be able to install Kubuntu, but he probably he could not install Windows either.

Re:

[hdparm]

You're wrong - they will have heaps less trouble handling MS docs from Fedora 6 default install than from Vista w/MS Office 2007.

If they are going to "upgrade" to latest MS products, why do you think they won't be able to handle upgrade to modern Linux distribution? There is NOTHING too different in Gnome/KDE UI (apart from the fact that they'd get the additional benefit of customising desktop to their liking) that would take long adjustment period when switching from windowsXP.

Re:

[Phisbut]

They understand how to navigate the OS. Basically, the interface is a known to them. Windows continues to dominate the market from past domination. Plus the fact that most any computer you can buy comes with the latest version of Windows. And because most users are familiar with their older products, they stick with what they know.

Next time they buy a new computer and are faced with Vista with the bells and whistles enabled, and have to use Office 2007, and Internet Explorer 7, they'll prove that they can

Re:

[Ucklak]

Because Best Buy, Fry's, Circuit City, Dell, and any other retailer that matters don't have a demo unit setup nor do they advertise that is is sold.

Don't give me this BS that Dell offers Linux because if it isn't here [dell.com], it doesn't exist.

I'm about as anti-MS as one can get but I also reailze their importance in the marketplace.
MS is obviously crippling 3rd party malware protection yet their own package fails to make the mark even though they have the advantage.

I've consistently said that MS has crappy program

Re:

[ncc74656]

Because Best Buy, Fry's, Circuit City, Dell, and any other retailer that matters don't have a demo unit setup nor do they advertise that is is sold.

Fry's usually has one or two of its house-brand machines with Linux preloaded (typically with Linspire). These are out on display next to all of the Winboxen.

Re:

[Marcos Eliziario]

OK. Try developing something good when your boss' boss is throwing chairs in rage all around the campus.

Re:

[Turn-X Alphonse]

I run Linux on my main box but I still have a windows box for my games. If Linux ran games (I don't count Cedega, I refuse to support them due their policy on OSS stuff) then I would give up the Windows box, but until I can get my guild wars fix Windows is needed.

Re:

[jorghis]

Everyone keeps saying this and I dont understand the logic behind it.

Even if it were true that they had access to windows source, how would this help them? Everyone has claimed that it does, but noone has explained how.

Re:

[multipartmixed]

They will continue to design new viruses at a faster rate than Norton, McAfee and Grisoft combined!

Of course, the assumption here is that Microsoft's virus will be able to block the viruses they write. Sorta basic for a Virus Company, but we all know how good MS is at closing the loop..

Re:

[stewbacca]

Ok, I'll give it an oddball analogy. When I got out of the Army, they suspiciously kept my dental records (so I couldn't sue, probably). When I went to my new dentist for the first time as a civilian, they had to conduct "dental forensics" to recreate my dental history. Without the records, they had to poke and prod to figure what was going on, and what work I had done in the past. This took the better part of a day, with a follow up appointment or two.

With every new WinOS release, Norton and company h

Re:

[jorghis]

OK, so what aspect of Vista do you think needs to be reverse engineered? I'll grant you that reverse engineering may have been necessary a decade ago, but to my knowledge, it is not now.

Re:

[Cromac]

Sure it will get better over time, just look at this quote from the article:

"We are looking closely at the methodology and results of the test to ensure that Windows Live OneCare performs better in future tests," a Microsoft spokesperson said.

They're going to tweak the tool to do better in the test, maybe that means it will actually work better, maybe not, but you can bet it will do better in future tests.

Re:

[rtb61]

Most likely it is typical M$=B$ speak, there next version will work better, it will still be the worst performer but it will work slightly better than the last version, just weight for version five/2012/ultimate liveinfinite care, it will work, we promise.

15. WE MAKE NO WARRANTY.

We provide the service "as-is," "with all faults" and "as available." We do not guarantee the accuracy or timeliness of information available from the service. The Microsoft parties give no express warranties, guarantees or con

Re:

[skoaldipper]

Knock Knock.
Who's there?
Ballmer.
Ballmer who?
Ball more over giving me 200 for Vista and I'll chair your head.

Old Viruses

[Subbynet]

I have always had a problem with these "stats".

If Microsoft know 50% (for example) of viruses are so old and won't run on 2000/XP, and they then decide not to search for them during AV tests... Does that mean the AV missed it - or quite rightly the code is so old that MS no longer considered a threat?

Re:Old Viruses

[Anonymous Coward]

Just because a virus won't run doesn't mean it should be dismissed. Any machine can still be a vector of transmission for viruses that will infect others. Think about the AV products for Linux or Mac. Most of them clean Windows viruses out of files/emails so that they won't infect other machines, not because they want to protect themselves.

Re:

[Subbynet]

True...

But this is Microsoft, with a product made for Windows XP / Vista. Tell me why they should care about Macs and Linux?

There is that old saying - always look after yourself, and its one I adhere to with regards to Anti-Virus... Just because it was checked at the mail server does not mean I won't check it again.

So using that premise, why should OneCare look or care about Viruses which won't run on the platform?

Re:Old Viruses

[Llywelyn]

Its not that they should care about Macs or Linux, but one would think they would care about older versions of Windows.

The reasons are the same that Mac antivirus programs strip out windows viruses, and viruses from as far back as OS 6. Just because it cannot infect this system, does not mean it is not a threat in general.

Besides, what evidence do you have that what they missed were older viruses? While I admit this is a valid hypothesis, I see no evidence for it one way or another.

Re:

[alx5000]

Sorry to hit you again with the GP's point, but why should they care about older versions of Windows? Doesn't that undermine the get-your-new-shiny-omg-pretty-colors-OS-same-as-b e fore-but-with-round-corners philosophy?

We hear every day about MS dropping support from old OS's (something I would stand for, as long as those systems weren't as fucking widely used as W2K is); infecting them and not Vista/XP/Whatever makes the latter look more secure (and as Windows users go, they only way to move).

Feel free to

Re:

[jonbryce]

No, because email viruses are a nuisance in an Outlook 2007/Vista inbox even if they don't do anything other than take up space.

Re:

[jonbryce]

E mail viruses are a pain even if you are running linux, as you have to identify and delete them when looking for legit mail. That is why I have virus scanning as part of my spam filtering setup. I run the virus scan before the whitelist check, and run the spam analysis stuff afterwards.

Linux : Speaking of which...

[DrYak]

Think about the AV products for Linux or Mac. Most of them clean Windows viruses out of files/emails so that they won't infect other machines

Speaking of which, it is a pity that the opensource world wasn't represented :
ClamAV [clamav.net] is a very good solution, it also has a Windows client [clamwin.com] which may lack real-time on-access scan, but has numerous plugins (like, for example, built-in for Outlook, or downloadable for FireFox [mozilla.org]) and few hacks for on-access scanning [winpooch.free.fr].
It has been regularly touted for its fast response time [heise-security.co.uk] a

Re:

[linhux]

They do remove some old viruses from these tests. The report mentions that they no longer count DOS viruses.

Re:

[KingMotley]

Of course, the places where One Care got dinged was for malware detection. That's what windows defender is for.

In other news... Large SUV's scored highest in best car. Lamborghini scored lowest. See details below:
Horse Power / Number of Seats / Game Console in back seat / Over all Score
SUV 95 (25%) / 8 (100%) / 1 (100%)

Re:

[Stewie241]

But didn't it say somewhere that Defender only detected about half of malware? That's worse than this onecare stuff!

Encouraging companies to overemphasize tests

[jorghis]

"We are looking closely at the methodology and results of the test to ensure that Windows Live OneCare performs better in future tests," a Microsoft spokesperson said.

Thats the danger with tests like this. Companies like MS see them and instead of thinking "how can we use this data to make our product better?" they are focused on just making it look better for the test. I'm not trying to single MS out here, video card manufacturers do this sort of thing all the time, hell it may be that the top performers on this test did it too.

Incidentally, why all the MS hate? Why focus on the company on the bottom, if it was any other company the headline would have been "Norton at top of antivirus heap in tests". The companies at the top are much bigger in this area and their software more widely deployed so I would think their performance would be more relevent regardless of who scored where.

Re:Encouraging companies to overemphasize tests

[TrappedByMyself]

Incidentally, why all the MS hate?

1) Pretty much all these viruses/malware target Microsoft's own software

2) Microsoft has more resources than all the other companies combined.

3) People are going with Microsoft's solution assuming that it is the best one

So basically, Microsoft's half-assed software made antivirus software a requirement in the first place. Instead of using their vast resources to fix the underlying problems, they build more half-assed software as part of their big money grab.

Re:

[Guppy06]

"People are going with Microsoft's solution assuming that it is the best one"

Actually, because it's cheapest. $40 retail for av and firewall for 3 PCs for one year.

Re:

[vertinox]

1) Relevent to OneCare how? Its completely different software, its not like OneCare is targeted. Shouldnt we evaluate these individual products on their merits?

Umm... Because Microsoft makes the operating system which allows the virus problems in the first place. Just because they make a different product doesn't mean that that particular software team is completely isolated from the rest of Microsoft (well to be fair the MS Entourage team was apparently banned from looking at the code that Outlook uses to

Re:

[jorghis]

1) Umm... Because Microsoft makes the operating system which allows the virus problems in the first place. Just because they make a different product doesn't mean that that particular software team is completely isolated from the rest of Microsoft (well to be fair the MS Entourage team was apparently banned from looking at the code that Outlook uses to talk with Exchange servers but I digress).

Several other people have responded to me that they think the team working on OneCare has an advantage because the

Re:

[jonbryce]

A new computer I looked at recently, from Toshiba, had Norton installed with Vista, not OneCare.

Re:

[Mateo_LeFou]

"The companies at the top are much bigger in this area and their software more widely deployed..."

For now.

Re:

[Linkreincarnate]

Incidentally, why all the MS hate? Why focus on the company on the bottom, if it was any other company the headline would have been "Norton at top of antivirus heap in tests". The companies at the top are much bigger in this area and their software more widely deployed so I would think their performance would be more relevent regardless of who scored where.

That's not true though. If it was one of the free antivirus programs no one would have batted an eye. The problem here is that it is an antivirus software that millions of people will end up buying. 17 Percent of a million is a lot of lost revenue and time spent repairing computers that would not have been infected had MS not been slack.

Re:

[stewbacca]

Why focus on the company on the bottom,

Because Microsoft is easily 10x bigger than all the other companies combined, and Microsoft creates the OS, so their results could stand to be a little better.

Re:

[jorghis]

"Because Microsoft is easily 10x bigger than all the other companies combined, and Microsoft creates the OS, so their results could stand to be a little better."

People keep making these two arguments and I just dont thiknk they make sense.

1)"Microsoft is easily 10x bigger than all the other companies combined"

MS may be bigger than all they other companies across all their business groups but it isnt like all that money goes into one product. Do you really believe that they are funding OneCare with

Re:

[stewbacca]

If MS funded every product they make with billions of dollars they would go bankrupt pretty fast. Generally speaking, in areas where they are not the market leader their product is not as well funded as that of their competitors.

And this is precisely why every Microsoft product is so damned mediocre. They do a lot of things, but they don't do any one thing well (other than make money).

2) "Microsoft creates the OS" OK, I have to ask: What advantage do you think they gain by this?

You don't agree that be

Re:

[jorghis]

"You don't agree that being the creators of the source-code would give you at least a slight advantage?"

No, I dont. Say for the sake of argument that your claim that OneCare developers have windows source in front of them is true. Explain to me how it would help.

Re:

[mysticgoat]

"We are looking closely at the methodology and results of the test to ensure that Windows Live OneCare performs better in future tests," a Microsoft spokesperson said.

Thats the danger with tests like this. Companies like MS see them and instead of thinking "how can we use this data to make our product better?" they are focused on just making it look better for the test.

That's a problem with an aspect of the Microsoft corporate culture, not with the test.

The problem is a vicious meme that destroys the ability to properly think through engineering problems by replacing one of the solid postulates of design theory with a faulty postulate. It can be summarized as "Design For The Showroom (Not For The Work)". Unfortunately, this is an infectious and virulent meme; it is absorbed through the eyes of susceptible readers and passed on through their keyboard fingerings.

Many

Re:

[arth1]

jorghis (1000092) wrote:

Thats the danger with tests like this. Companies like MS see them and instead of thinking "how can we use this data to make our product better?" they are focused on just making it look better for the test.

Ah. The no virus-killer left behind act. *Nod, nod*.

Regards,
--
*Art

Re:

[account_deleted]

Comment removed based on user account deletion

Re:

[itwerx]

"teaching to the test"

I'm sure you're right - for example look at Symantec's score on those tests compared to how it does in the real world, (abysmally).

How about some constructive news?

[Anonymous Coward]

The only people who give a crap about OneCare coming in "last" are idiots who have nothing better to do than bitch and moan and laugh at Microsoft.

A good news story would be about who came in *first* in these tests. You know, information that actually might be useful to people. But that wouldnt get nearly as many page hits, I suspect.

Re:

[ip_freely_2000]

Too bad you entered this as AC. I would have given you +1 Insightful.

I guess it's easier for people to take a cheap shot than actually help them improve their systems. Slashdot is so sadly predictable.

Re:

[uradu]

I don't know what you guys are bitching about. Slashdot is the National Enquirer of the geek world, it offers up EXACTLY the kind of sh!t we come here for.

Re:

[stewbacca]

Considering how much hype Microsoft has created to improve their image as being extraordinarily lame in security, I think the last place finish IS the story. Whoopy doo, a bunch of boring utility programs going head to head, mostly doing the same things equally well....except Microsoft, the multi-billion dollar corporation that controls the OS.

This is just another indictment of the corporate culture of Microsoft...money first, customers somewhere near the bottom. Microsoft includes a bunch of half-asse

Re:

[jorghis]

"The sad thing is OneCare is just another "check-the-block" feature, and average Joe won't know how awful it is or even care. They'll see it has security software bundled in and think that's all they need."

I responded to one of your posts above. Maybe the problem you are having is just that you dont understand the situation. OneCare is not bundled with windows as you are claiming in this post.

Frankly, based on your comments I would think that the average Joe's judgement of how "awful" a product is would b

Re:

[JebusIsLord]

I installed OneCare myself during the beta period, and was impressed with how well it integrated into Windowsm and didn't try to sell me anything else once in there (Are you listening, McAfee??) Resource usage was also much better than Norton.

I'm disappointed that it performed so poorly. However, I'm not running it anymore anyhow, since I switched to Vista 64-bit and OneCare doesn't work on 64-bit platforms :|

Re:

[stewbacca]

OneCare is a product offered by Microsoft. I didn't say it was bundled with Windows, I said OneCare offers bundled security software. It is a half-assed attempt to make sure they can at least say "yes, we have virus protection in our system". You are correct that I don't understand exactly how it works, because I don't use it. I'm merely using data from TFA and 12 years of anecdotal evidence of this sort of corporate culture coming from Microsoft to support my point.

Interestingly enough, you don't se

Re:

[jorghis]

I'm not denying it because I am not a huge fan of OneCare. It will likely get better over time, its a new product. But right now I certainly wouldnt buy it. MS has some good products, I use the ones I like, I use alternatives when I dont, I am not a zealot on either side. But I often come across as an MS fanboy here because I respond when I see arguments against them that I think are flawed, such as yours.

Re:

[stewbacca]

Your credibility takes a small hit though, when you say there are MS products that you use over other alternatives. The only MS product I can think of that doesn't have a better alternative is MS Excel. Even Excel has its flaws (the stats plugins are terrible), but there simply is no competitor. Even when MS wins, it is only because there is no competition.

If my argument is flawed, then feel free to provide examples to the contrary.

Re:

[Anonymous Coward]

The news isn't that MS came in last, it's that MS was anything but first place in protecting their own OS. Then again I guess that isn't new... OK, you're right.

Re:

[Stewie241]

People seem to miss the fact that in order to write virus detection software one needs to know about viruses, rather than about the operating system. There is a huge barrier to entry because Symantec, Norton and other folks have a large database and amount of knowledge about existing viruses. Microsoft had to start from a lower amount of knowledge.

This product will sell, nonetheless. I no longer use Windows, but my parents have used both McAfee and Norton. Both had their issues and problems and caused w

Re:How about some constructive news?

[MSG]

The only people who give a crap about OneCare coming in "last" are idiots who have nothing better to do than bitch and moan and laugh at Microsoft.

I disagree. Certainly, it is important to note which package came in at the top, as advice on what users should use. However, since OneCare is Microsoft's own service, and may be more accessible and better marketed to PC users, I would argue that it is in fact more important to note how badly it scored so that users know what not to use.

If all of the products being evaluated were equally marketed and accessible, then I would back your argument. However, because I don't believe that to be the situation, I disagree.

Re:

[HomelessInLaJolla]

only people...crap..."last"...idiots...nothing better...bitch and moan...laugh at Microsoft.

The vendor of the story, pcworld.com, deserves the vitriol.

I suspect

Why abuse Slashdot? How did you get modded from AC to 5?

Hell, MS Onecare detector was effective on me...

[BrentRJones]

it detected some virus MAKING software I had swiped from some guys in Moscow, turned me in with the Genuine Advantage program and now I am paying "royalties" to some WISE GUYS in Tel Aviv who threatened to post my bank account numbers in Nigeria, put me in the Homeland Security database as a terrorist, and take me off the Do-Not-Call list.

It may be 17% behind the leader, but it is damned effective.

No love for open source, ClamAV

[HTMLSpinnr]

There's no mention of ClamAV's performance in these tests. Granted, it probably isn't designed to be as "complete" as some of the other packages noted, it'd be interesting to see how it fares for those of us who use it on mail gateways and servers.

Besides, it'd have to be better than Microsoft's OneCare!

It actually wasn't "good enough"

[RootWind]

The software has to detect 85% or more to be considered for the on-demand test. MS OneCare was only included for the first time most likely due to the reputation of the former RAV. OneCare will be dropped from the test if they don't improve to 85%.

Re:No love for open source, ClamAV

[Southpaw018]

To back up what RootWind said, here's the official reply (on ClamWin, which is pretty much a Win32 compile + gui for ClamAV):

ClamWin better than Norton? No, you can not look at number of signatures to know who detects more. If you look on how ClamAV performs in independent tests (e.g. AV-Test.de) you see that it score around 49%, while Norton 99% (I would get very similar results). ClamAV is good to use e.g. at mail servers, but I would not suggets to use for other places, as there are better options available.

link [av-comparatives.org]

Re:

[flyingfsck]

I've been using ClamAV for 4 years on a busy mail server and no virus got through it in this time. So, these guy's tests are rather suspect in my book.

Coherence

[syylk]

Imagine what happened if it placed first.

Could you hear the whining from AV companies? "It's unfair! They have access to the OS, so they will put us out of business".

Which they will do, obviously: it's just matter of time. But in the meanwhile, the AV corps could still sell some copy of their rig crippling tools^W^W^Wsecurity enhancement programs.

Re:

[El_Muerte_TDS]

If your businessplan relies on the failure of an other party you have no right to complain when said party finally manages to reduce their failures.

Re:

[Bert64]

But MS are not fixing the actual problem, they are just selling their own bandaid addon like other companies have been doing for years, only theirs is inferior to the ones already available.
This can only be bad for the consumer... MS now have a conflict of interest between improving the security of windows, or leaving it poor to encourage sales of onecare... Their product will also end up widely used despite the lack of quality, it will sell just like every other MS product simply because it gets pushed alo

Re:

[Stewie241]

IMO the reason that Linux does so well in terms of virus is partly due to enhanced security, but also because main distributions use a whitelist approach to applications. Ubuntu has all its applications in repositories, and all those applications are known safe.

Many users don't know how to determine if an application they are going to install is safe. There are ways to do this, and so most knowledgeable users can avoid this.

The best solution to the antivirus problem is to:
a. fix exploits in the Windows co

How about tests on older versions?

[schwit1]

I'm curious if older AV versions with current signatures are less capable.

I use McAfee v7.1 because the overhead compared to the newer versions is much lower.

Re:

[Jarnis]

It depends.

If you just use them to scan executables/emails before opening anything, for that an older one with up to date signatures should do fine.

But the old engines tend to lack defenses against 0wnage of the system via different holes. Major reason why new AV clients are so heavy on the system is because they actively try to stop any 'nasty' stuff from happening to the system - even against unknown threats using heuristics.

Older AV software also does not usually do anything against spyware and other cra

OneCares Results

[Anonymous Coward]

Here are the tests and the results for one care.

Windows viruses 95,02%
Macro viruses 99,30%
Script viruses/malware 67,55%
Worms 89,21%
Backdoors 82,18%
Trojans 78,71%
other malware 58,38%
OtherOS viruses/malware 55,02%

And a bit more

Detection of over 222000 dialers excellent
Detection of over 130000 PUP's mediocre
Detection of over 230000 DOS viruses very high
Detection of polymorphic viruses 4 of 12

High scores for Norton

[Beryllium Sphere(tm)]

Norton showed up near the top in several categories. Other large studies have shown the same thing.

The highly consistent feedback from people in the trenches has been along the lines of "I removed the viruses, then to make sure the machine ran OK I removed Norton Antivirus, then I installed Kaspersky and all has been well".

Anyone got a hypothesis to account for the difference?

Re:High scores for Norton

[Aladrin]

You mean something like: "Kaspersky has a higher % on that chart, AND it doesn't screw up the system?"

Norton, when it goes bad, is a nightmare to remove. And that's your only option, as you can't just fix the installation once it gets that bad. If you've already gone through the pain to remove it, why not just recommend the better solution and be done with it?

Personally, I like AVG, but that chart doesn't say great things about it. I'm disappointed in its performance. I'm seriously considering seeking a better solution.

Re:

[Lord_Sintra]

Yeah, I have serious trouble getting rid of Norton. It crashed half way through the uninstall, an them became impossible to delete. I had to go into Linux and manually remove it. Kaspersky seems better, but occasionally takes up 98%CPU, for no reason I can see.

Re:

[GIL_Dude]

I agree that norton can be a pig both while running and to uninstall. But symantec does have a utility on their web site that will rip it out for you if the uninstall is jacked up. It makes it pretty easy if you just try the uninstall and it fails - go straight to their utility and Norton will be gone.

Re:

[York the Mysterious]

Norton has (particularly Internet Security from around 2004/2005) have a really hard time removing themselves. It seems like LiveUpdate changes the files and doesn't update the uninstaller. It's pretty pathetic of such a major company. The problem is so widespread that Symantec developed a removal too available on their website that searches for all of their recent products and wipes them off your hard drive. I like to run it after any Norton uninstall because they never go smoothly. I've worked at a U

What's wrong with AVG?

[brunes69]

I use AVG as well. Just wondering why you were 'disappointed' by the report?

At 96.37%, IMO they did very well. Especially when you consider the cost ($0).

 

Re:

[Aladrin]

It wasn't the overall score that disappointed me, but the specific scores. "89,04%" for Windows viruses? Ouch! "67,20%" for script viruses/malware? Double-ouch! (Other malware is a different category, which also performs poorly. I don't use it for anti-malware, but I expect it to catch the viral ones.)

Re:

[Anonymous Coward]

These tests only report how well the AV software detects viruses etc. Not how bloated the AV sofware is, nor how much it clogs up the rest of your machine's workings.

Re:

[DragonTHC]

I have seen the same thing.

norton doesn't find any viruses unless you actively scan.

what I've discovered in every situation is, the admin sets norton with the default settings, doesn't bother to schedule a scan or an update.

everytime I've seen it, there's an expired license for norton. This completely disables updates.

I install kaspersky and never have any more problems, except with the user.

Re:

[flyingfsck]

The scanner is only as good as its update system. I use ClamAV - a fast update response, means a small window of vulnerability. Also, most importantly, ClamAV doesn't fsck up your system. It just works.

An outdated, fscked up Norton doesn't provide any protection...

Kaspersky for Free

[bogie]

Kaspersky has always been rated highly and for those of you that don't know AOL, yes that AOL, has repackaged it for Free. I've personally been using it for a while and can whole heartedly recommend it without any hesitation.

http://www.activevirusshield.com/antivirus/freeav/ index.adp [activevirusshield.com]?

Not suprising

[Monoman]

Companies that venture beyond their core skill set rarely get things right the first couple of times. Sometimes they never get it right but they don't care because it is all about making more money and/or keeping control.

Companies like MS, Cisco, IBM, et. al. typically don't want to coexist with complementary companies. It just goes against their greedy nature. They usually try to buy them or drive them out of business through competition.

There must be a theory that states this is good for consumers but we

Does not matter if it is not the best!

[codepunk]

It does not matter in the least if anything they bundle is not the best. They own the platform and can bundle whatever they wish to eliminate the competition.

ermmmm...

[IT 073571]

It does not really matter whether the microsoft came in last because their product is still adequate enough to be used. We should not rely too much on the antivirus anyway. Sure they detect malware and stuff, but by the time that happens it just a little too late in term of security concern. If a user really concerns about security, then the first step to be taken should be getting to know the networks and systems vulnerabilities and how to prevent hackers and malware related from taking advantage of the

Re:

[evilneko]

I think you downplay the importance of effective anti-virus too much. As much as we may not like to admit it, vulnerabilities in the browser (no matter which browser) and infected ads will be with us for a long time. Human error and complacency will be with us forever.

That's how my dad's system was owned, and he wasn't even using Internet Explorer. A good AV would've stopped the infection cold. A firewall (outbound control) would've prevented it getting any worse, but wouldn't have stopped it completely.

Poor wine guys

[JohnboyHolmes]

This will be a sad day for the wine guys. Even when Microsoft try not to they can still run 17% of malware, last time I saw someone try to run malware through wine they couldn't get any of test apps to run 100% perfect :-) What a strange world we live in when Microsoft who doesn't want something to work can't stop it, and the wine guys who would feel complete if it did run can't get it to. Wouldn't it almost be in Microsoft's interest to contribute to wine to get malware working 100% on linux.

At what cost performance?

[bitbucketeer]

I'd like to know which of the highly rated products won't "Norton" the performance of my system... My ideal AV would be lean as well as mean. Who in their right mind wants a 99% sol'n that halves the performance of their system?

Kaspersky and Etrust

[adiposity]

I use E-trust at work, it's fine and not a hog. Interesting that it and Kaspersky have identical scores! Anyone know the reason for this?

-Dan

Re:

[adiposity]

oops, that was eScan...eTrust is not included.

Re:

[RLaager]

I think it's the first point where you're off... Microsoft gets slammed for having a buggy OS and insecurity software that make virus propegation easy. Adding anti-virus software has never been a good solution... it's just a band-aid.

Re:

[RelaxedTension]

MS gets slammed for not having AV in the OS.

No, they get slammed for making everyone need it in the first place by making their OS's so insecure.

MS puts one in and gets slammed for trying to 'squeeze' out the big AV players.

No, they get slammed for trying to lock out competitors (again)

If MS makes their AV great than they get sued by Norton and McAfee.

If it ever happens that they make something "great", we'll see what happens. We haven't had enough experience of that happening yet to say.

Re:

[TSR Wedge]

I'll leave you to find the irony in that.

Re:

[n0dna]

On the shelf at BestBuy where it belongs.

Re:

[TaoPhoenix]

Their first one came in dead last. Then they posted a $4000 patch.