My quest to select a good Antivirus for the year 2008
June 05, 2008
The anti-virus provider community seems to change their standing every year on who is the best and the anti-virus that was good for the last year seems ineffective the next year. I used to rely on the famous computer magazines to select the anti-virus to use since each year they seem to write a review on the security products and were generally informative. But the trouble begins when two different magazine provide different results and anti-virus products on one's top 3 list does not even appear on other review list. Who to believe?
I love my firewall but not the anti-virus
I use a security suite from Agnitum called Outpost security suite which other that their excellent firewall product includes a moderate performing anti-virus and ad and spyware protection as well. I am really a fan of this Outpost firewall, in my opinion the only other firewall that comes close to it is the freely available Comodo personal firewall, everything else I tried is poor and probably not in the same league and believe I tried many. In a nutshell even though I love the firewall I was just not satisfied with the anti-virus protection that I was getting. So I decided to look for a decent anti-virus protection and as usual I looked for the reviews of the famous computer magazines and got lost in a jungle of irrelevant or no information. Not only there was very little information available the trend of misinformation seems to have gotten worse.
Firewall Related post : Controlling Windows Firewall using C# (actually COM)
Looking for information
As always I jumped to Google's sea of links and went looking for information. The first good place to look was the VB100 site. These guys have been testing anti-virus for many years and they award a VB100 certificate to the vendors who pass their barrage of virus and other malware thrown to the anti-virus products. You can find their recent results at http://www.virusbtn.com/vb100/archive/results?display=summary but you might need to register to see it. It is a table showing different products and who passed or failed. The anti-virus that came with the security suite that I have, failed last two test iterations. When I drill down to see why it failed, I can see that it failed to detect 4 wildlist samples. Imagine my confidence level after finding that!!
Now it was a time to be surprised, big names like McAfree failed that last test, the only one that passed the recent test are Symantec Anti-virus , Eset NOD32 ANti-virus, Grisoft's AVG, CA eTrust. Now something is definitely wrong there! I have used Norton Anti-Virus for a long time before and in my experience, although it is reliable it really is a sluggish thing that slows my PC down significantly and I am not going to install it. So now I need more information on speed as well ...
Treasure cove of test information
Then I stumbled on this blog from sunbelt software and Walla! It has links to very detailed information on many different products with numbers! What?Numbers?! Can this really be happening! Some real human being among the six billion (now reaching seven) horrible humanoids on the face of this blue planet has been kind enough to share the test information with rest of us! It seems that there is a site called http://www.av-test.org/ and they receive virus samples from all over the world and they have over 5 million virus samples and in this year they acquired more that 1 million samples. So these guys (who wrote the blog) ran tests with samples on different product and published their findings. They did not stop there, they also graded the systems with A,B,C,D,F on various criterions like performance, rootkit detection etc. I was in heaven ... so I decided to look into it!
Here is grade sheet http://www.sunbelt-software.com/ihs/alex/Results_2D2008m3b_US.htm with lettered grades
Here is the malware detection rate http://www.sunbelt-software.com/ihs/alex/Results_2D2008m3b_US.xls_detection2.htm with numbers
Here is the super detailed excel sheet with all information http://www.sunbelt-software.com/ihs/alex/Results_2D2008m3.xls
Too much information
Now this is too much information for me, I needed find a solution that has high detection rate at high speed with good rootkit detection and preferably good malware and and adware detectio. Looking at the gradesheet I had the following contenders left
Malware | Adware - Spyware | False positives | Performance | Unknowns | Response time | Active root kit | Cleaning | |
AntiVir (Avira) | A | A (*1) | B | A | B | A | B | B |
AVK (G Data) | A | A | C | F | B | A | F | D |
BitDefender | B | A | C | D | A | B | B | C |
F-Secure | B | C | B | C | A | B | A | B |
Ikarus | A | A | C | B | B | B | C | C |
Kaspersky | B | C | C | D | B | A | B | B |
McAfee | B | A | A | C | B | C | B | A |
Nod32 (Eset) | B | B | A | A | A | B | B | B |
Norton (Symantec) | B | A | A | A | B | C | A | A |
Sophos | A | A | B | B | A | B | B | B |
Trend Micro | A | B | B | B | B | B | A | B |
TrustPort | A | A | D | F | A | A | F | F |
WebWasher-GW | A | A | C | A | A | A | n/a (*2) | n/a (*2) |
The decision
I gave up McAfee, Symantec, Nod32, Kapersky, Bitdefenderfor getting a B in detection, then had to eliminate AVK, F-Secure, Ikarus, Trustport, Sophos, TrendMicro for getting a B or less in performance. I ended up with Avira, WebWasher. When I went to web washer's site it was hard to find a download link. Then I chose Avira, because they had a free personal edition, which these testers have tested. Only flaw was that the free version did not have ad-ware or spyware protection. I already had that protection in the security suite that I own. So I selected Avira ... and I am quite happy, specially because I did not have to spend a single dime.
So, if you are a developer who is looking for a good anti-virus then I hope I have been able to narrow down your search. If you are someone who wants to test the anti-virus themselves then you can go and download the samples from www.av-test.org and test it yourself, although I cannot guarantee that your PC wont be infected you can try that as well. Good luck on finding a good solution. :)