Latest anti-malware tests

[Katz]

I'm continuing this discussion from the last thread.

Opinions should be pesented with appropriate background. Saying that one had bad experiences with a product several years ago is fine but that ignores what has happened recently. Norton is a perfect example. Several years ago it pretty much took over many systems. That last couple of releases are very much improved in the "weight" on a system. If anyone continues to bash performance based on old, outdated data then that is doing a huge disservice to our users.
Joe

Which is what I did. I've worked with too many hundreds of computers to just offer an opinion because "I had a bad experience. " Citing unbiased sources such as VBulletin is not "Brand advocacy," as if I were trying to sell soap or corn flakes. I feel a discussion of VBulletin's results compared to Matousec's are in order:

http://www.virusbtn....display=summary

http://www.matousec....nge/results.php

[jscher2000]

I feel a discussion of VBulletin's results compared to Matousec's are in order:

http://www.virusbtn.com/vb100/archiv...isplay=summary

http://www.matousec.com/projects/pro...ge/results.php

The Matousec "proactive" tests are interesting because rather than asking how many malware samples the software recognizes, they focus on functions related to protecting the system (especially the registry) from changes, preventing the security software from being shut down, and inbound/outbound firewall protection. This suite of tests helps answer the question: "what would happen if I run some malware before my product is updated to detect and block it?"

(I didn't register to view the other document.)

[Katz]

This suite of tests helps answer the question: "what would happen if I run some malware before my product is updated to detect and block it?"

Would that be why Norton failed so miserably? Are their updates slow in coming?

Interesting, aren't they? I was made aware of Matousec by a young member of another forum who's really on the ball. He's made his personal selection of security programs based on their tests.

[jscher2000]

This suite of tests helps answer the question: "what would happen if I run some malware before my product is updated to detect and block it?"

Would that be why Norton failed so miserably? Are their updates slow in coming?

No, quite the opposite. The tests themselves are undetectable as malware, so Matousec is looking at whether the software is proactively protecting the system, for example, by locking out registry changes. The test suite rewards programs that detect and block suspicious behaviors, rather than known threats. The relevance of this type of evaluation depends on the user's behavior and overall security environment. For example, if the user is generally cautious about downloading files, opening attachments, etc., avoids questionable web sites, and keeps his or her software very up-to-date, then the nightmare scenario covered by the Matousec tests isn't that likely to be an issue. Risk takers, on the other hand, should definitely take a closer look. Or perhaps I should say, if you're the tech support for a risk taker, then you should take a look.

[JoeP517]

I'm continuing this discussion from the last thread.
Citing unbiased sources such as VBulletin is not "Brand advocacy," as if I were trying to sell soap or corn flakes. I feel a discussion of VBulletin's results compared to Matousec's are in order:

http://www.virusbtn....display=summary

http://www.matousec....nge/results.php

Thanks for starting another thread. The main thrust of my prior post was to those who continue to bash Norton & McAfee for system performance reasons. They have not paid attention to what has happened with the efficiency of the suites from the large security vendors.

Their effectiveness is another question and a valid one.

Joe

[Katz]

And one of the points of my post was another member here who insists that all anti-malware programs who pass a series of tests are equal.

[Doc Brown]

I have had many years of disappointment in using both McAfee and Symantec products. This is both professionally and personally. Additionally, Symantec's tech support has been horrendous. I have spent countless hours on the phone with them, and waited many months for resolution. Joe, that makes it very difficult for me and a lot of other techs to not bash, and certainly I don't recommend either product. That said, the last release of Endpoint is the best they've put out in many years. We haven't had any A/V related performance issues in several months at work. I can only surmise that the Norton product is working equally as well since they have the same core architecture.

Over time, I have personally used Norton, McAfee, Panda, AVG, F-Prot, and most recently Kasperky. Professionally I have used McAfee and Symantec. Panda was a resource hog and typically rates lower than most other popular packages. I stopped using AVG when it couldn't remove a virus that F-Prot had no difficulty with. F-Prot was fine, but they do not offer an Internet Suite.

Last year I got a free copy of Kasperky and I'm pretty happy with it. The interesting thing is that every time I look at a rating list, they are climbing the ladder. Some have rated it a bit of a resource pig, but I haven't really seen any issues with it. My only beef with it is that it's so comprehensive, it could be overwhelming for a novice. Then again, most default setting work just fine for daily use.

[JoeP517]

I understand the feelings about McAfee & Symantec. I had bad experiences with both at work but that was almost a decade ago. There are members here who have had very good experiences with the more recent versions of McAfee & Symantec products. So, I've had to curb my tongue as I've realized that my experiences then may not have any bearing on the products & companies now.

I think we must all remember that these companies do not stand still. To survive they invest time & money into their products. Effectiveness and efficiency can change dramatically from release to release.

Joe

[Doc Brown]

I understand the feelings about McAfee & Symantec. I had bad experiences with both at work but that was almost a decade ago. There are members here who have had very good experiences with the more recent versions of McAfee & Symantec products. So, I've had to curb my tongue as I've realized that my experiences then may not have any bearing on the products & companies now.

I think we must all remember that these companies do not stand still. To survive they invest time & money into their products. Effectiveness and efficiency can change dramatically from release to release.

Joe

I guess I'm a little bit with you on this, and a little bit not. What I go by most is a consistent history. My recent (within the past 3 years at two different companies) experiences with Symantec have been worse than those I had 10 years ago. I'm not going to into the details of our issues, suffice to say that one update brought down nearly our entire enterprise in January of this year. They fixed it, and things have been good since February. We hope it stays that way. But their fix doesn't really say to me they are reliable. Only that they knew they had a lot of ticked off business customers. Until they are able to build a history of reliability, I'm still not going to give them too much credit. That said, if others are happy with Symantec or McAfee, that's great. Its usually best to stick with what works and works well. I'm certainly not going to talk someone into changing products.

[bobprimak]

And one of the points of my post was another member here who insists that all anti-malware programs who pass a series of tests are equal.

I think I resemble that remark! I did not exactly say they are equal. I said it does not matter that they are not equal, as all which pass realistic testing are adequate to most home users' needs. Rankings are very fluid, and they seem to change every time a new list is published, even by the same author. If something works for you, just stick with it unless there's a credible report that your product is failing more recent testing. (This is why a few years ago I switched from Zone Alarm to Comodo Firewall.) Avast may not be the top ranked AV right now in the Maximum PC list, but it is adequate for most users, when used with a good firewall.

BTW, Matousec is not objective. They accept money from companies who submit their products for evaluation. Comodo's Forums have had several scathing comments by Mehli (Comodo CEO) about the shortcomings of the Matousek Firewall Challenge. And he's not the only one who has complained. Symantec and McAfee claim that in order to "isolate" the firewalls in their suites, Matousek deliberately turned off some of the other protections, thus rendering the suites ineffective. In a suite, everything must be enabled and everything works together. Which is why I do not like suites -- very little flexibility. This sort of criticism has never been adequately answered by the folks at Matousek.

[Edit:] On the other hand, Matousec does offer some insight into the relative strengths and weaknesses of many third-party firewalls.

[Katz]

Aha.

Actually I don't use suites either, but the less knowledgeable ask me to recommend something to them.

[SpiritWind]

I prefer the Tests, especially the "Retrospective/proactive" One,
performed by the Independent Researchers at
http://www.av-comparatives.org .

[Katz]

You're forgiven, Bob. It was a bit OT, and I guess you didn't have time to craft your words more carefully.

Thanks, Robin, for the AVC tests. Why are the percentages so low for every A-V? Am I misunderstanding something?

[bobprimak]

I prefer the Tests, especially the "Retrospective/proactive" One,
performed by the Independent Researchers at
http://www.av-comparatives.org .

Woody Leonhard at his Windows Patch Watch site has posted a link to the Virus Bulletin results, as reported in an article at the Sophos web site. I was pleasantly surprised at how well Avast did. And MSE, for that matter.

@RochelleP --

I looked at the PDF versions of the reports for the most recent tests at the site Robin Taylor so kindly posts here. There are two types of tests. One PDF was about detection of "known" samples, while the other PDF reported "new samples" This last test report is for Advanced Heuristics Detection, which unfortunately is only in its infancy in consumer AV products. For "known" samples, most of the products got in the high-90% range, which is very good. But for "new samples" the best products only catch about half of previously unknown malware samples. This is also true in the Virus Bulletin results.

So, the take-home lesson is that if a piece of malware is too new to be in the AV database, no existing consumer product will catch it with any degree of certainty. That is just the "state of the art" in heuristics detection right now. But I did notice that MSE and Avast were both highly rated in both the AV-Comparatives and the Virus Bulletin tests. Avira also did very well. Many of the paid products were much less successful in all testing at both sites. If I read correctly, Malwarebytes was not tested by AV-Comparatives.

[jscher2000]

Thanks, Robin, for the AVC tests. Why are the percentages so low for every A-V? Am I misunderstanding something?

As discussed in other threads, the AV Comparatives "prospective" tests -- testing how AV products do against new malware if the user stops updating the software for 7 days -- is an interesting data point, but I suggest that because AV software is updated so frequently, it is only one way of measuring effectiveness.