AntiVirus Detection Rate Thread

[Schadenfroh]

Created to discuss the detection rate of antivirus products. Special thanks to John and mechBgon for finding many of the links listed below.

NOTE ABOUT AVG AVG-Free Edition does not have the same detection rate as AVG AntiMalware (which is used in many of these tests). AntiMalware includes Ewido's engine and Free Edition lacks it, so AntiMalware's detection rate is higher than the Free Edition.

NOTE ABOUT FALSE POSITIVES It is also important to consider the number of false positives when looking at detection rate tests, pay close attention to how many false positives that are "detected" by each product.

Detection Rate tests:

• Forum member mechBgon's research:
  • Can be found here
• Virus.GR
  

• Originally posted by: John
  SunbeltBlog has posted the latest AV-Test.org test results of 29 anti-virus and anti-malware products, performed on Windows XP (English, SP2) using the on-demand scanner utility. All products were last updated at 2007-08-10 (8:00 h GMT).
  http://www.sunbelt-software.co...lwarereportjun3007.pdf

  
  AV-Test GmbH
  

  We tested all 29 scanners against a set of malware, including 68,864 backdoors, 47,891 bots (zombies), 407,487 Trojan Horses as well as 82,659 worms, so the total number of malware we tested against was 606,901 files. The best product detected 99.83% of our collection while the worst one was only able to identify 62.12% of the samples.

• AV-Comparatives
• VB100%
  

  Originally posted by: John
  VB100 update
  
  
  CA Anti-Virus, the home edition of CA's product, was recorded missing some 20 samples from the WildList collection, although the corporate version, eTrust, had no such difficulties. This anomaly has been found after further analysis to be due to an older version of the product's detection data files being submitted for the test, a submission error due in part to an office move coinciding with the deadline date. Real-world users with automated updates in operation should have had more comprehensive detection in place, and would thus have been protected from all the WildList threats.
  
  Kaspersky's product missed a single item from the WildList, in on-access tests only. This was due to a setting in the on-access mode avoiding scanning a particular file type, for performance reasons. According to Kaspersky Labs this setting has been adjusted to ensure this file type will be fully covered by the on-access scanner in future, but VB acknowledges that, were the sample to be fully executed, its malicious actions would have been blocked by other layers of protection included in the product.
  
  ESET's NOD32 was stated as missing a single sample from the polymorphic test set. Further checking has found this was in fact a corrupted file included in the test set in error, and ESET should have achieved the excellent score of 100% across all test sets. The appropriate corrections to online results will be made as soon as possible.
  
  12 December 2007
  
  ---
  
  Note: Please keep in mind that VB100 only means that an AV is capable of detecting all of the current viruses on the Wild List and generates no false positives. Vendors have come to realize the marketing significance of these tests, and the effort they put into their products to pass the VB100 tests may not reflect the effort they put into detecting viruses outside of those included in the VB100 test set. It's possible for an AV product to pass all the VB100 tests but still have mediocre virus detection.

• OITC Tests
  • Methodology
• ICSA Labs Certified Products
  • Monthly Testing Reports
• West Coast Lab "Checkmark" Certification Lookup
  • product test reports

• Originally posted by: John
  AVTest.org - Security suites 2008 under test (Q1/2008)

For hot deals on security products, see The Antivirus, Firewall, and AntiSpyware Deals Thread.

For more information about malware removal and prevention, please see the Security Resource Thread.

 

[doggyfromplanetwoof]

Thats a cool list and although i've tried Kaspersky before. I do not like it.

Avast! For life. Plus, its free!

 

[Sureshot324]

Wow AVG has improved a lot. It used to have a pretty bad detection rate.

 

[Schadenfroh]

Originally posted by: Sureshot324
Wow AVG has improved a lot. It used to have a pretty bad detection rate.

Basing results from the 2006 test (before the Ewido merger), AVG Free Edition (if that is what you are talking about) is roughly about 10% less than AVG AntiMalware (which has the Ewido scanning engine and is the reason for the increase).

 

[secretanchitman]

hmm, not saying that nod32's detection rate is bad, but i thought it would rank in the top 5 instead of being 11th.

 

[Schadenfroh]

Originally posted by: secretanchitman
hmm, not saying that nod32's detection rate is bad, but i thought it would rank in the top 5 instead of being 11th.

If one was to remove AntiVirus products that license Kaspersky's engine, NOD32 would be in the top 10.

 

[James Bond]

What is the best *free* one?

 

[Noema]

Originally posted by: Tizyler
What is the best *free* one?

AOL's Active Virus Shield, which is basically a lite version of Kaspersky.

And I'm glad to see Antivir is still in the top ten.

 

[Schadenfroh]

Originally posted by: Tizyler
What is the best *free* one?

[*]2K / XP would be the AOL AVS, see mechBgon's setup instructions
[*]Vista x32 would be AntiVir Personal Edition, see John's instructions on killing the popup

 

[microAmp]

Originally posted by: Tizyler
What is the best *free* one?

#3 is

 

[Mem]

Avast seems to be doing better then some of the big names like Norton,Panda etc.. not bad at all.
NOD32 seems to have fallen a bit.
I'm still using KAV 6(got a 2 year sub).

 

[Mem]

Originally posted by: Schadenfroh

Originally posted by: Tizyler
What is the best *free* one?

[*]2K / XP would be the AOL AVS, see mechBgon's setup instructions
[*]Vista x32 would be AntiVir Personal Edition, see John's instructions on killing the popup

For Vista x64 Avast free edition is probably best freebie ,until AOL AVS is released for Vista x64(supposed to be this month sometime).

 

[40sTheme]

I love AntiVir.
Now I can feel even better about it's excellent detection rate.

 

[John]

6 out of the top 10 use a KAV engine. Norton seems a little too low on the list IMO. VirusP @ virus.gr uses certain AV scanners as "reference" scanners, so if they don't detect a sample it is discarded. At least that is what I make out of it. Read more: http://www.wilderssecurity.com/showthread.php?t=174299

A few weeks ago PC World published their AV comparative put together by av-test.org using close to 900,000 samples. AV-test is one of the largest and most respected labs in the business.

Antivirus Software - Side-by-Side Comparison

AV-comparatives.org also shows Norton to have a respectable detection rate that is "as good" as Kaspersky. They are also extremely credible.

I think I am going to ditch my KIS 6.0 and switch to Abacre version 1.4

 

[flashbacck]

Originally posted by: JohnAV-comparatives.org also shows Norton to have a respectable detection rate that is "as good" as Kaspersky. They are also extremely credible....

The system slowdown measurements there are very interesting. I don't understand why BitDefender gets an 84 (very good), when there's a 187% and 124% slowdown with firefox2 and MS Office, respectively. I would drop them 20 points for such system load.

 

[Ultralight]

Depending on who you read and who is doing the testing, in comparison, the results are never the same. Though I find this interesting, and to a degree informative, I take all of these types of testing with the proverbial "Grain of Salt." Though with Kaspersky I can see them leading the pack because it is that good.

 

[mechBgon]

Originally posted by: Ultralight
Depending on who you read and who is doing the testing, in comparison, the results are never the same. Though I find this interesting, and to a degree informative, I take all of these types of testing with the proverbial "Grain of Salt." Though with Kaspersky I can see them leading the pack because it is that good.

My 2 cents' worth is that it's not just how many of X number of viruses the product detects in such a test, but response time. Kaspersky updates 24 times a day. The other guys...?

Email worms are an example. My mom used to have a Win2000 system with Norton AntiVirus 2003, all options maxed including heuristics. She got an email, she tried to follow the instructions and open the funny attachment (she's total noOb), and she infected her system with a MyDoom variant. Two days later, Norton had virus defs available for that variant. Too late.

So in the case of a very fast-spreading threat, such as an IM worm, I sure don't want my antivirus software to be using virus defs that are 12-18 hours old. Granted, I don't rely just on reactive protection (such as antivirus software) but many of you do, so consider reaction time when you're deciding what to use.

 

[WT]

There must be some mistake ... I don't see MS OneCare anywhere on the list .. ohhh wait ... maybe down around the 70's or 80's possibly ??

 

[Smilin]

Wait a second. What the hell does this mean:

The 174770 virus samples were chosen using VS2000 according to Kaspersky, F-Prot, Nod32, Dr.Web, BitDefender and McAfee antivirus programs.

???

 

[BladeVenom]

Originally posted by: WT
There must be some mistake ... I don't see MS OneCare anywhere on the list .. ohhh wait ... maybe down around the 70's or 80's possibly ??

In the article notes,"Windows Live OneCare, BKAV, PC Tools kept crashing while scanning the samples."

 

[WT]

Hah ... well, I had high hopes for NoneCare, errr, I mean OneCare, as the backup feature was absolutely a selling point in my book, but the rest of its features are well below my usual standards. Needless to say, I will not be renewing my 3 pack subscription next year.

OTOH, the Windows Home Server beta has been a totally painfree setup for me for quite some time. It does a much better job backing up than OneCare, so I have absolutely no reason to renew OneCare. A full backup for each networked PC is my most important priority at this point, so peace of mind in regards to your data is very nice to achieve.

 

[Schadenfroh]

Originally posted by: WT
Hah ... well, I had high hopes for NoneCare, errr, I mean OneCare, as the backup feature was absolutely a selling point in my book, but the rest of its features are well below my usual standards. Needless to say, I will not be renewing my 3 pack subscription next year.

OTOH, the Windows Home Server beta has been a totally painfree setup for me for quite some time. It does a much better job backing up than OneCare, so I have absolutely no reason to renew OneCare. A full backup for each networked PC is my most important priority at this point, so peace of mind in regards to your data is very nice to achieve.

Would you mind terribly writing about your experience using One Care's backup utility in this thread? I will add it to the OP with credit to you, I did not use it when I had it installed.

 

[Ultralight]

Originally posted by: mechBgon My 2 cents' worth is that it's not just how many of X number of viruses the product detects in such a test, but response time. Kaspersky updates 24 times a day. The other guys...?

Granted, I don't rely just on reactive protection (such as antivirus software) but many of you do, so consider reaction time when you're deciding what to use.

I fully agree. I myself have NOD32 and though they don't update 24 times a day I can personally atest to the fact that they upgrade 3 to 4 times a day at least. I haven't had one issue since installing NOD32.

 

[Smilin]

Originally posted by: Smilin
Wait a second. What the hell does this mean:

The 174770 virus samples were chosen using VS2000 according to Kaspersky, F-Prot, Nod32, Dr.Web, BitDefender and McAfee antivirus programs.

???

???

Anyone?

 

[Schadenfroh]

Originally posted by: Smilin

Originally posted by: Smilin
Wait a second. What the hell does this mean:

The 174770 virus samples were chosen using VS2000 according to Kaspersky, F-Prot, Nod32, Dr.Web, BitDefender and McAfee antivirus programs.

???

???

Anyone?

Poor translation maybe?