[Full-Disclosure] Hi! Antiviruses Comparison - A Little Research Results

From: Feher Tamas (etomcat_at_freemail.hu)
Date: 04/16/04

  • Next message: Steve Ames: "Re: [Full-Disclosure] OT microsoft "feature""
    To: full-disclosure@lists.netsys.com
    Date: Fri, 16 Apr 2004 15:49:37 +0200 (CEST)


    >Just wanted to say to all of you that Mcafee(Pro 8) seems to be
    >the best antivirus around out of norton 2004, panda and mcafee.

    If you are a lamer in the AV area, then please don't fool others! There
    are at least 12 major players in the AV arena, each with diverse
    weaknesses and strong points.

    Size-wise number one and two players McAfee and NAV are US
    companies known to cooperate with Uncle Sam (will not dare to detect
    Magic Lantern and the like if one appears in the future). McAfee and
    NAV are huge, but not so strong outside the USA and it's colonies.
    Maybe lack of good local support and not trusting them fully are among
    the factors causing it. I don't know if McAfee still requires reboot after
    every signature update.

    Russia's Kaspersky AV has undoubtedly the best capabilities in terms of
    dissecting file internals (supports exploding the widest range of
    archivers, exe-packers, macro insides, etc.) and detecting known
    exploit methods, backdoors, rootkits, spyware, adware, etc., not just
    strictly viruses/worms. They are usually the fastest to react to new
    malware. Their inherently modular signature update technology is the
    most advanced one, but requires considerable care to work properly.
    Their quality control is not always the best and their users' manuals are
    a little cryptic. But a lot of NAV users migrate to KAV in Europe and they
    bash NAV a lot for failing them.

    Only finnish F-Secure and american CA has Windows/Linux AV products
    with multiple independent virus scanning engines. This gives protection
    against false positives, but requires more system resources.

    F-Secure's central management is probably the most advanced and
    detailed, but it is so heavily standards based, that its use feels artifical
    and often against common logic. NAV management is very hard to set
    up. KAV management does not scale. Some AV makers sell central
    managent for extra money, some include this important feature in the
    base price. Some central management solutions simply suck or do not
    scale, others are hard to install or monitor.

    Spanish Panda AV has problems with boot-time protection. Put the
    eicar.com in the autoexec.bat and it will run. Most other AV prevent this.

    Sophos and Sybari are mostly unknown in other than gateway AV.
    Worldwide no.3 player, the japanese-taiwanese-american Trend Micro
    company is also very, very strong in gateway level AV as well as having
    an OK homeuser and workstation AV market share, especially in
    Europe. Support can be kind of bureaucratic and their central
    management tool is awkward.

    Czech-Slovak made Eset NOD32 wins all tests ever, but they do not
    detect backdoors, droppers and other merged threats, just
    straightforward virus and worm items. Tests like the famous VB100%
    award do not include stuff that would fail them.

    Hungarian VirusBuster has become mainstrame grade virus catcher
    during the past two years.

    Microsoft will likely become a player in the AV arena soon, even if they
    deny it now. Bill Gates bought the romanian RAV firm, which was selling
    incredibly cheap and reasonable Linux gateway AV products. Although
    most crew bailed out and ended up with KAV, Microsoft is still a
    potential dark horse competitor for the future.

    There is so much more about AV, including availability of localized
    language software for home and desktop users, built-in personal
    firewall included with AV software, vendor's prices for multiple-year
    support policies, tiered customer relations, etc. that would need to be
    considered carefully. It could make a book, not just the disorganized
    mess of text I wrote above.

    Sincerely: Tamas Feher from Hungary.

    Full-Disclosure - We believe in it.
    Charter: http://lists.netsys.com/full-disclosure-charter.html

  • Next message: Steve Ames: "Re: [Full-Disclosure] OT microsoft "feature""