[Full-Disclosure] Hi! Antiviruses Comparison - A Little Research Results
From: Feher Tamas (etomcat_at_freemail.hu)
To: firstname.lastname@example.org Date: Fri, 16 Apr 2004 15:49:37 +0200 (CEST)
>Just wanted to say to all of you that Mcafee(Pro 8) seems to be
>the best antivirus around out of norton 2004, panda and mcafee.
If you are a lamer in the AV area, then please don't fool others! There
are at least 12 major players in the AV arena, each with diverse
weaknesses and strong points.
Size-wise number one and two players McAfee and NAV are US
companies known to cooperate with Uncle Sam (will not dare to detect
Magic Lantern and the like if one appears in the future). McAfee and
NAV are huge, but not so strong outside the USA and it's colonies.
Maybe lack of good local support and not trusting them fully are among
the factors causing it. I don't know if McAfee still requires reboot after
every signature update.
Russia's Kaspersky AV has undoubtedly the best capabilities in terms of
dissecting file internals (supports exploding the widest range of
archivers, exe-packers, macro insides, etc.) and detecting known
exploit methods, backdoors, rootkits, spyware, adware, etc., not just
strictly viruses/worms. They are usually the fastest to react to new
malware. Their inherently modular signature update technology is the
most advanced one, but requires considerable care to work properly.
Their quality control is not always the best and their users' manuals are
a little cryptic. But a lot of NAV users migrate to KAV in Europe and they
bash NAV a lot for failing them.
Only finnish F-Secure and american CA has Windows/Linux AV products
with multiple independent virus scanning engines. This gives protection
against false positives, but requires more system resources.
F-Secure's central management is probably the most advanced and
detailed, but it is so heavily standards based, that its use feels artifical
and often against common logic. NAV management is very hard to set
up. KAV management does not scale. Some AV makers sell central
managent for extra money, some include this important feature in the
base price. Some central management solutions simply suck or do not
scale, others are hard to install or monitor.
Spanish Panda AV has problems with boot-time protection. Put the
eicar.com in the autoexec.bat and it will run. Most other AV prevent this.
Sophos and Sybari are mostly unknown in other than gateway AV.
Worldwide no.3 player, the japanese-taiwanese-american Trend Micro
company is also very, very strong in gateway level AV as well as having
an OK homeuser and workstation AV market share, especially in
Europe. Support can be kind of bureaucratic and their central
management tool is awkward.
Czech-Slovak made Eset NOD32 wins all tests ever, but they do not
detect backdoors, droppers and other merged threats, just
straightforward virus and worm items. Tests like the famous VB100%
award do not include stuff that would fail them.
Hungarian VirusBuster has become mainstrame grade virus catcher
during the past two years.
Microsoft will likely become a player in the AV arena soon, even if they
deny it now. Bill Gates bought the romanian RAV firm, which was selling
incredibly cheap and reasonable Linux gateway AV products. Although
most crew bailed out and ended up with KAV, Microsoft is still a
potential dark horse competitor for the future.
There is so much more about AV, including availability of localized
language software for home and desktop users, built-in personal
firewall included with AV software, vendor's prices for multiple-year
support policies, tiered customer relations, etc. that would need to be
considered carefully. It could make a book, not just the disorganized
mess of text I wrote above.
Sincerely: Tamas Feher from Hungary.
Full-Disclosure - We believe in it.