Latest anti-malware tests

Topic

New Reply

I’m continuing this discussion from the last thread.

Opinions should be pesented with appropriate background. Saying that one had bad experiences with a product several years ago is fine but that ignores what has happened recently. Norton is a perfect example. Several years ago it pretty much took over many systems. That last couple of releases are very much improved in the “weight” on a system. If anyone continues to bash performance based on old, outdated data then that is doing a huge disservice to our users.
Joe

Which is what I did. I’ve worked with too many hundreds of computers to just offer an opinion because “I had a bad experience. ” Citing unbiased sources such as VBulletin is not “Brand advocacy,” as if I were trying to sell soap or corn flakes. I feel a discussion of VBulletin’s results compared to Matousec’s are in order:

http://www.virusbtn….display=summary

http://www.matousec….nge/results.php

Reply | Quote

Replies

I feel a discussion of VBulletin’s results compared to Matousec’s are in order:

http://www.virusbtn.com/vb100/archive/results?display=summary

http://www.matousec.com/projects/proactive-security-challenge/results.php

The Matousec “proactive” tests are interesting because rather than asking how many malware samples the software recognizes, they focus on functions related to protecting the system (especially the registry) from changes, preventing the security software from being shut down, and inbound/outbound firewall protection. This suite of tests helps answer the question: “what would happen if I run some malware before my product is updated to detect and block it?”

(I didn’t register to view the other document.)

Reply | Quote

This suite of tests helps answer the question: “what would happen if I run some malware before my product is updated to detect and block it?”

Would that be why Norton failed so miserably? Are their updates slow in coming?

Interesting, aren’t they? I was made aware of Matousec by a young member of another forum who’s really on the ball. He’s made his personal selection of security programs based on their tests.

Reply | Quote

This suite of tests helps answer the question: “what would happen if I run some malware before my product is updated to detect and block it?”

Would that be why Norton failed so miserably? Are their updates slow in coming?[/quote]
No, quite the opposite. The tests themselves are undetectable as malware, so Matousec is looking at whether the software is proactively protecting the system, for example, by locking out registry changes. The test suite rewards programs that detect and block suspicious behaviors, rather than known threats. The relevance of this type of evaluation depends on the user’s behavior and overall security environment. For example, if the user is generally cautious about downloading files, opening attachments, etc., avoids questionable web sites, and keeps his or her software very up-to-date, then the nightmare scenario covered by the Matousec tests isn’t that likely to be an issue. Risk takers, on the other hand, should definitely take a closer look. Or perhaps I should say, if you’re the tech support for a risk taker, then you should take a look.

Reply | Quote

I’m continuing this discussion from the last thread.
Citing unbiased sources such as VBulletin is not “Brand advocacy,” as if I were trying to sell soap or corn flakes. I feel a discussion of VBulletin’s results compared to Matousec’s are in order:

http://www.virusbtn….display=summary

http://www.matousec….nge/results.php

Thanks for starting another thread. The main thrust of my prior post was to those who continue to bash Norton & McAfee for system performance reasons. They have not paid attention to what has happened with the efficiency of the suites from the large security vendors.

Their effectiveness is another question and a valid one.

Joe

--Joe

Reply | Quote

And one of the points of my post was another member here who insists that all anti-malware programs who pass a series of tests are equal.

Reply | Quote

And one of the points of my post was another member here who insists that all anti-malware programs who pass a series of tests are equal.

I think I resemble that remark! I did not exactly say they are equal. I said it does not matter that they are not equal, as all which pass realistic testing are adequate to most home users’ needs. Rankings are very fluid, and they seem to change every time a new list is published, even by the same author. If something works for you, just stick with it unless there’s a credible report that your product is failing more recent testing. (This is why a few years ago I switched from Zone Alarm to Comodo Firewall.) Avast may not be the top ranked AV right now in the Maximum PC list, but it is adequate for most users, when used with a good firewall.

BTW, Matousec is not objective. They accept money from companies who submit their products for evaluation. Comodo’s Forums have had several scathing comments by Mehli (Comodo CEO) about the shortcomings of the Matousek Firewall Challenge. And he’s not the only one who has complained. Symantec and McAfee claim that in order to “isolate” the firewalls in their suites, Matousek deliberately turned off some of the other protections, thus rendering the suites ineffective. In a suite, everything must be enabled and everything works together. Which is why I do not like suites — very little flexibility. This sort of criticism has never been adequately answered by the folks at Matousek.

[Edit:] On the other hand, Matousec does offer some insight into the relative strengths and weaknesses of many third-party firewalls.

-- rc primak

Reply | Quote

I have had many years of disappointment in using both McAfee and Symantec products. This is both professionally and personally. Additionally, Symantec’s tech support has been horrendous. I have spent countless hours on the phone with them, and waited many months for resolution. Joe, that makes it very difficult for me and a lot of other techs to not bash, and certainly I don’t recommend either product. That said, the last release of Endpoint is the best they’ve put out in many years. We haven’t had any A/V related performance issues in several months at work. I can only surmise that the Norton product is working equally as well since they have the same core architecture.

Over time, I have personally used Norton, McAfee, Panda, AVG, F-Prot, and most recently Kasperky. Professionally I have used McAfee and Symantec. Panda was a resource hog and typically rates lower than most other popular packages. I stopped using AVG when it couldn’t remove a virus that F-Prot had no difficulty with. F-Prot was fine, but they do not offer an Internet Suite.

Last year I got a free copy of Kasperky and I’m pretty happy with it. The interesting thing is that every time I look at a rating list, they are climbing the ladder. Some have rated it a bit of a resource pig, but I haven’t really seen any issues with it. My only beef with it is that it’s so comprehensive, it could be overwhelming for a novice. Then again, most default setting work just fine for daily use.

Reply | Quote

I understand the feelings about McAfee & Symantec. I had bad experiences with both at work but that was almost a decade ago. There are members here who have had very good experiences with the more recent versions of McAfee & Symantec products. So, I’ve had to curb my tongue as I’ve realized that my experiences then may not have any bearing on the products & companies now.

I think we must all remember that these companies do not stand still. To survive they invest time & money into their products. Effectiveness and efficiency can change dramatically from release to release.

Joe

--Joe

Reply | Quote

I understand the feelings about McAfee & Symantec. I had bad experiences with both at work but that was almost a decade ago. There are members here who have had very good experiences with the more recent versions of McAfee & Symantec products. So, I’ve had to curb my tongue as I’ve realized that my experiences then may not have any bearing on the products & companies now.

I think we must all remember that these companies do not stand still. To survive they invest time & money into their products. Effectiveness and efficiency can change dramatically from release to release.

Joe

I guess I’m a little bit with you on this, and a little bit not. What I go by most is a consistent history. My recent (within the past 3 years at two different companies) experiences with Symantec have been worse than those I had 10 years ago. I’m not going to into the details of our issues, suffice to say that one update brought down nearly our entire enterprise in January of this year. They fixed it, and things have been good since February. We hope it stays that way. But their fix doesn’t really say to me they are reliable. Only that they knew they had a lot of ticked off business customers. Until they are able to build a history of reliability, I’m still not going to give them too much credit. That said, if others are happy with Symantec or McAfee, that’s great. Its usually best to stick with what works and works well. I’m certainly not going to talk someone into changing products.

Reply | Quote

I understand the feelings about McAfee & Symantec. I had bad experiences with both at work but that was almost a decade ago. There are members here who have had very good experiences with the more recent versions of McAfee & Symantec products. So, I’ve had to curb my tongue as I’ve realized that my experiences then may not have any bearing on the products & companies now.

I think we must all remember that these companies do not stand still. To survive they invest time & money into their products. Effectiveness and efficiency can change dramatically from release to release.

Joe

I’ll continue to bash them day and night because they deserve it. I have uninstalled Norton Suite from two systems in the last six months that were unable to accomplish basic web surfing. After removing Norton, the systems were responsive and the users were happy.

I support a school district that uses McAfee Virusscan Enterprise v8 and they call me in when they are unable to remove McAfee and reinstall it successfully. I have spent hours working on scripts to try to rip out all the McAfee junk and do a clean install and I’m just amazed at the poor quality of the software design. And we all learned this week that McAfee has no quality control on their updates. Their DAT update from Wednesday (I believe it was 5958) was not tested on Windows XP SP3. It identified svchost.exe as malware and removed the file, causing tens of thousands of systems to reboot continuously. Techs have to visit each machine in person to restore the svchost.exe file. Stores were closed and companies were rendered helpless as their IT staff ran around to each machine.

I don’t need anymore information than I have to know that Norton/Symantec and McAfee/Network Associates are marketing driven companies. The fact that neither company can come up with a single name for themselves shows that they buy technology, they don’t develop it and this has been true for decades. End of story. Nothing but woe awaits those who use these products.

Reply | Quote

I don’t need anymore information than I have to know that Norton/Symantec and McAfee/Network Associates are marketing driven companies. The fact that neither company can come up with a single name for themselves shows that they buy technology, they don’t develop it and this has been true for decades.

Symantec acquired Norton more than 15 years ago, and McAfee merged with Network Associates more than 10 years ago. To assert that the products have stood still since that time because neither Symantec nor McAfee actually does any development is absurd. You certainly can argue that at times each has suffered from misplaced priorities in the features and functionality it brought to market, but neither Symantec nor McAfee is a “marketing” company that simply rebrands third party products. Both of them are “all in” on the security business.

(I don’t see any problem with maintaining separate Norton and Symantec brands for the consumer and enterprise markets, respectively, but I agree that the McAfee/Network Associates name changes have been a bit mysterious.)

Reply | Quote

Aha.

Actually I don’t use suites either, but the less knowledgeable ask me to recommend something to them.

Reply | Quote

I prefer the Tests, especially the “Retrospective/proactive” One,
performed by the Independent Researchers at
http://www.av-comparatives.org .

Reply | Quote

I prefer the Tests, especially the “Retrospective/proactive” One,
performed by the Independent Researchers at
http://www.av-comparatives.org .

Woody Leonhard at his Windows Patch Watch site has posted a link to the Virus Bulletin results, as reported in an article at the Sophos web site. I was pleasantly surprised at how well Avast did. And MSE, for that matter.

@RochelleP —

I looked at the PDF versions of the reports for the most recent tests at the site Robin Taylor so kindly posts here. There are two types of tests. One PDF was about detection of “known” samples, while the other PDF reported “new samples” This last test report is for Advanced Heuristics Detection, which unfortunately is only in its infancy in consumer AV products. For “known” samples, most of the products got in the high-90% range, which is very good. But for “new samples” the best products only catch about half of previously unknown malware samples. This is also true in the Virus Bulletin results.

So, the take-home lesson is that if a piece of malware is too new to be in the AV database, no existing consumer product will catch it with any degree of certainty. That is just the “state of the art” in heuristics detection right now. But I did notice that MSE and Avast were both highly rated in both the AV-Comparatives and the Virus Bulletin tests. Avira also did very well. Many of the paid products were much less successful in all testing at both sites. If I read correctly, Malwarebytes was not tested by AV-Comparatives.

-- rc primak

Reply | Quote

You’re forgiven, Bob. It was a bit OT, and I guess you didn’t have time to craft your words more carefully.

Thanks, Robin, for the AVC tests. Why are the percentages so low for every A-V? Am I misunderstanding something?

Reply | Quote

Thanks, Robin, for the AVC tests. Why are the percentages so low for every A-V? Am I misunderstanding something?

As discussed in other threads, the AV Comparatives “prospective” tests — testing how AV products do against new malware if the user stops updating the software for 7 days — is an interesting data point, but I suggest that because AV software is updated so frequently, it is only one way of measuring effectiveness.

Reply | Quote

Hi everyone,

Just a quick note to throw my two cents into the ring. Effectiveness and performance as pertaining to antivirus software indeed seems to be cyclical. In the past 20 years, our IT Support business has moved to and from Norton products several times due to failure to identify and remove viral infections and/or especially performance issues (early Norton 360 products anyone?). Panda Security has become our ‘go to’ product for any newer computers. The 2010 version is even proving to be less of a processing hog than older versions. We have a 105 user network, running 3 shifts a day, that are all utilizing Panda as their security package except for a dozen ‘older’ computers that we are running Symantec Endpoint on (to reduce the performance drain). So in acknowledging that Endpoint utilizies less processing time as compared to the Panda product, we still feel better about the Panda product because in the last two years the only computers that suffered from virus intrusions were the units running the Endpoint protection. Panda’s hueristics for day zero infections have proven desirable. A network admin colleague of mine swears by Kaspersky (which he has been utilizing for several years now), but has found with this latest release a real slowdown on network drive access that Kaspersky’s support staff have been unable to resolve. He feels he must move away from the product for now. Again, that cyclical nature. Finally, just in case I have sounded like an advert for Panda… I only currently use their product on workstations in unmanged mode, because their server admin/protection software causes incremental loss of performance necessitating a server restart every 2 to 3 days. The lesson of the day seems to be… evaluate each and every product as an individual product and not guilty by association to previous products from the same company.

Cheers!

Reply | Quote

Hi Rochelle ( and Others ) :

When it comes to “Advanced Heuristics” Detection that Bob Primak
makes reference to, that seems to be in the domain of “HIPS”
( Hosts based Intrusion Prevention System ) and/or “sandbox”
type programs . For the best info on those types of programs, I have
used the Wilders Security Forums, especially the “other anti-malware
software” forum ( http://www.wilderssecurity.com/forumdisplay/?f=35 ),
though they also have a “sandboxing & virtualization” forum .
Several months ago when I spent several hours on those forums, I
was impressed with what I read about “Defensewall” available at
http://www.softsphere.com ; I was equally impressed that its Developer,
Ilya Rabinovich, appears to be a “regular” Poster on those Forums .

Reply | Quote

Hi Rochelle ( and Others ) :

When it comes to “Advanced Heuristics” Detection that Bob Primak
makes reference to, that seems to be in the domain of “HIPS”
( Hosts based Intrusion Prevention System ) and/or “sandbox”
type programs . For the best info on those types of programs, I have
used the Wilders Security Forums, especially the “other anti-malware
software” forum ( http://www.wilderssecurity.com/forumdisplay/?f=35 ),
though they also have a “sandboxing & virtualization” forum .
Several months ago when I spent several hours on those forums, I
was impressed with what I read about “Defensewall” available at
http://www.softsphere.com ; I was equally impressed that its Developer,
Ilya Rabinovich, appears to be a “regular” Poster on those Forums .

I don’t know which methods are used by Avast in its heuristics, but with Comodo Defense Plus, I agree that they use HIPS primarily. Comodo in its new Version 4 also does a certain amount of sandboxing, but I don’t know how effective this sandboxing feature is. When scanning, the term “advanced heuristics scanning” (Malwarebytes) seems to involve something else.

Great reference to Wilders Security! I was not aware that they have a special area for sandboxing and virtualization. Definitely worth a visit whenever I get the time.

-- rc primak

Reply | Quote