Slashdot Mirror

People have criticised the site and the report. I'll agree that nothing is perfect but it's the best I've seen.

http://www.av-comparatives.org/images/stories/test/summary/summary2009.pdf

Another vote for Avira here.

You may wish to have a look at these sites to help you decide:

http://www.av-comparatives.org/

http://www.av-test.org/

Mileage always vary. You may have speedier machine, a new one, or your client may be trying to get the last drop of juice from his 8-years-old Windows XP box. It may need to remove virus more often or will be better with a more reliable real-time detection. I suggest you to go to AV-Comparatives. They make nice (sometimes clever) tests and publish really extensive reports about them. Their tests are not limited to effectiveness (like the ability to detect viruses), but also to other aspects, as performance(meaning how AV affects system performance) or even "corporate reviews". Surprisingly to me, MS Security Essentials is doing quite well, according to their tests. Maybe an option for clueless users, as it's easy to use and nice to the system.

[citation needed]

Oh wait, heres a citation, and it says that MSSE performs AT LEAST as well as 90% of the others out there.

If you look at the PDF of the report that the article references you will see that many of the products were completely successful at identifying and at least neutralizing the tested malware. The reason why none of them rated "very good" is because some of the programs required you to reboot your computer to remove some specific malware programs while for others the use of a boot CD was required. The report also criticizes when some anti-virus programs leave some non-malicious components behind instead of eliminating 100% of the program.

The article gives the impression that the programs are failing to combat the malware, but the criticism is more about the convenience of the malware removal process. And yeah, I think it is a nice thing to completely remove a piece of malware but the report doesn't explain why it is so tragic if some anti-virus programs sometimes fail to remove some of the non-malicious components of the malware.

This is typical of AV-comparatives. They don't test every single product in every single comparative, see their testing methodology and conditions for participation; they test a select list of products that have passed certain criteria, generally no more than 16 per test, and their board chooses which products.

Note, they didn't test other popular AV software such as Trend Micro, CA Antivirus, F-Prot, Fortinet, Panda, ZoneAlarm, DriveSentry, Cisco Security Agent, nProtect, eSafe, in this test, either.

Also, the vendor has to choose to participate and have applied for inclusion. AV comparitives won't just take any AV products they see off the street and test them, the vendor participates in this, and signed an application and agreement with the vendor's seal. The vendor gets to provide software and license keys, pay some fees for using AV Comparitives logos, etc, and make some agreements regarding the exchange of missed virus/malware samples.

Also, see here

:

Qualified Candidates: At AV-Comparatives we limit the participants in our tests to about sixteen and where possible we include only good and reliable products/vendors. Due to this, we have devised various requirements in order to take part. One of these is the detection of a minimum percentage of SET A test set. We believe that even for new vendors this should be easy to pass, as long as they have a good engine (products included in the current main tests all scored between 97-100% over SET A). This also aids us identifying and filtering out rouge anti-virus vendors. Fulfilling this requirement does not necessarily mean that a product has good detection rates over SET B.

This is typical of AV-comparatives. They don't test every single product in every single comparative, see their testing methodology and conditions for participation; they test a select list of products that have passed certain criteria, generally no more than 16 per test, and their board chooses which products.

Note, they didn't test other popular AV software such as Trend Micro, CA Antivirus, F-Prot, Fortinet, Panda, ZoneAlarm, DriveSentry, Cisco Security Agent, nProtect, eSafe, in this test, either.

Also, the vendor has to choose to participate and have applied for inclusion. AV comparitives won't just take any AV products they see off the street and test them, the vendor participates in this, and signed an application and agreement with the vendor's seal. The vendor gets to provide software and license keys, pay some fees for using AV Comparitives logos, etc, and make some agreements regarding the exchange of missed virus/malware samples.

Also, see here

:

Qualified Candidates: At AV-Comparatives we limit the participants in our tests to about sixteen and where possible we include only good and reliable products/vendors. Due to this, we have devised various requirements in order to take part. One of these is the detection of a minimum percentage of SET A test set. We believe that even for new vendors this should be easy to pass, as long as they have a good engine (products included in the current main tests all scored between 97-100% over SET A). This also aids us identifying and filtering out rouge anti-virus vendors. Fulfilling this requirement does not necessarily mean that a product has good detection rates over SET B.

They tested Anti-virus software for malware

How about testing some malware removal programs? Malwarebytes, Adaware, Spybot?

How should we define "malware?" AV-Comparatives.org chose (for now) not to include "adware, spyware, dialers, tools and rogue programs" (which they define as "Potentially Unwanted Applications"). They do include viruses, trojans, backdoors, rootkits, exploits, DDoS, flooders, sniffers, and nukers (from their "methodology" pdf file).

Also, their "Removal-Test" page makes it clear that they are testing "Anti-Virus" products. I guess they are using the term "malware" because we expect "anti-virus" products to detect/remove more than just viruses (e.g. trojans, rootkits, etc.)

They tested Anti-virus software for malware

How about testing some malware removal programs? Malwarebytes, Adaware, Spybot?

How should we define "malware?" AV-Comparatives.org chose (for now) not to include "adware, spyware, dialers, tools and rogue programs" (which they define as "Potentially Unwanted Applications"). They do include viruses, trojans, backdoors, rootkits, exploits, DDoS, flooders, sniffers, and nukers (from their "methodology" pdf file).

Also, their "Removal-Test" page makes it clear that they are testing "Anti-Virus" products. I guess they are using the term "malware" because we expect "anti-virus" products to detect/remove more than just viruses (e.g. trojans, rootkits, etc.)

I'd recommend Antivir. If "AV Comparatives" is to be believed, it has the second highest detection rate of known viruses (just below "G DATA Antivirus", but G DATA does not seem to have a free edition for personal use). It also is leaps and bounds ahead of the rest in proactive detection. Having used both AVG and antivir, the scan speed and resources consumed is far better in Antivir. It also has a linux version.

One caveat, when using the proactive scanner, it does have a higher false positive rate. This isn't too bad if you know what you are doing, but for people that do not have a high level of computer skills it can make them distrust the antivirus and ignore warnings.

I'd recommend Antivir. If "AV Comparatives" is to be believed, it has the second highest detection rate of known viruses (just below "G DATA Antivirus", but G DATA does not seem to have a free edition for personal use). It also is leaps and bounds ahead of the rest in proactive detection. Having used both AVG and antivir, the scan speed and resources consumed is far better in Antivir. It also has a linux version.

One caveat, when using the proactive scanner, it does have a higher false positive rate. This isn't too bad if you know what you are doing, but for people that do not have a high level of computer skills it can make them distrust the antivirus and ignore warnings.

I'd recommend Antivir. If "AV Comparatives" is to be believed, it has the second highest detection rate of known viruses (just below "G DATA Antivirus", but G DATA does not seem to have a free edition for personal use). It also is leaps and bounds ahead of the rest in proactive detection. Having used both AVG and antivir, the scan speed and resources consumed is far better in Antivir. It also has a linux version.

One caveat, when using the proactive scanner, it does have a higher false positive rate. This isn't too bad if you know what you are doing, but for people that do not have a high level of computer skills it can make them distrust the antivirus and ignore warnings.

Yes, any anti-virus is better than no anti-virus, but it won't take long before malware authors discover how to circumvent the Microsoft tool.

Microsoft bought out an antivirus company a couple of years ago. This is simply the rebranding and current version of that company's software.

And you know that virus-writers have figured out how to circumvent more expensive antivirus programs like McAfee, Norton, and PC-Cillin, right? This is why you update the virus database... so that it detects viruses that can disable your antivirus before they get that chance.

Give MS a chance. They could actually have stumbled onto a good product, and it could be something that actually helps the world at large.

I won't be installing it myself, but that's because I'm quite happy with the Avast that I have running. I'll wait for the next report over at av-comparatives before I pass judgement on it. Interesting to note that for the last several reports, several free options have been in the top 5 and occupied the top spot over all. In the latest report (August 2009), AntiVir had a 99.4% trap rate, Avast has a 98.0% trap rate. (Norton and McAfee had 98.7% and 98.4% trap rates, by comparison) But here's the rub... Avast had the lowest false positive rate of any of the top 5 antivirus programs. Norton had almost 3x as many false positives as Avast. AntiVir had more than 4x as many. And McAfee had more than 8x as many false positives. Out of the top 4 antivirus solutions, I'll stick with Avast.

But they do those tests on a regular basis, and you have no idea how well Microsoft's offering will fare in the next one. It could actually do very well. I wouldn't hold my breath, though... on the most recent testing, while MS's pay-for service tied Avast in false positives, it had a pretty lousy 90% trap rate... Still, that's nowhere near the worst offering out there.

Anyway... do your research before you decide that something is automatically bad just because it comes from Microsoft. Even if it just ties the other software, a 90% trap rate on viruses is better than a 0% from not having antivirus at all. And suggesting that it won't be long before virus writers figure out how to circumvent the software is completely ignoring the fact that virus writers figured out, a long time ago, how to circumvent commercial offerings like Norton and McAfee, and that hasn't actually hurt their trap rates at all.

"The workaround is to disable the real-time scanner."

Or switch to a better AV product. For a while I was satisfied with AVG, but gave up after other false positive problems with it. Avira does a better job (check out http://www.av-comparatives.org/) and still has a free version.

Yes, the most recent report is at http://www.av-comparatives.org/images/stories/test/ondret/avc_report22.pdf

Microsoft practically won it.

> It may help against old viruses spreading, but it is unlikely to help much against new ones.

You refer to heuristic scanning, or pro-active security. This means that the software is able to discover new unknown viruses based on their behavior or properties.

You might be surprised but MS Security Essentials has been found to have the best heuristics (60%) in retroactive tests (outdated definitions, therefore, unknown viruses) with by far the least number of false positives (which is crucial for good heuristics).

They even overtook the former leader, NOD32 (and often even in performance).

Source for heuristics (2009):
http://www.av-comparatives.org/images/stories/test/ondret/avc_report22.pdf

AV-Comparatives recently released their May 2009 Corporate AV Report, which sounds like it may be right up your alley.

It's fairly large, but reviews a large number of AV products with a corporate focus, contains lots of screenshots, and even grades them on their appropriateness for Small, Medium and Large networks. Sounds like it would definitely be worth a look in your case.

I have had to install AV for company and part of my task was figuring out which one was the most effective. Take a look at http://www.av-comparatives.org/ which is an excellent comparison site for AV products. Avira enterprise always came out on top. They have a enterprise client with centralized management etc etc and it works well. Of coarse I personally dislike windows a ton but it's part of the job. If you want a centrally managed AV solutions keep clamav on the mail server, install clam through squid for web access and disable the cdrom and usb disks in windows. Thats the best you can probably do since just about everything in the windows world costs an arm and a leg.

As much I would like to bash Microsoft from time to time. latest AV-Comparatives report has them up there with ESET NOD32. With Microsoft you never know if that included some sums of money, but yeah.

According to a-v comparatives:
http://www.av-comparatives.org/comparativesreviews/corporate-reviews

Microsoft's AV software is very good. It has low false-positives and generally scored quite well. If the same capability is free, I don't see a reason not to recommend its use. I certainly don't work for a-v comparatives, but they were around before Microsoft was in AV business, and their top rated software changes pretty freqeuntly. I'd call them reasonably unbiased, but judge for yourself.

ClamAV has terrible detection rates, last I checked. I use this to shop for AV products.

I won't disagree that NOD32 is an excellent scanner... but AVG is certainly not "the worst". I don't know where you get your data from, but at http://www.av-comparatives.org/seiten/home.html (follow Comparatives, then On-demand to get to the chart) you can see that AVG got 94.3% detection. Avast was slightly better than that at 97.3%. NOD32, interestingly enough, got a 93.0% detection. I'm not saying AVG or Avast is better, but with that information you can't say it's "the worst" either.

I've had far better experiences with AVG and Avast on my machines, as well as my customer's computers, than McAfee (84.4%) or Trend, for example. I've only experienced 1 virus in the recent past (a rootkit, no less) that was not cleanable by AVG/Avast... had to do that manually. On that machine, the virus got in past McAfee... for what it's worth.

Anyway, so with the data above... what's your reference for saying that AVG is "the worst"?

You could simply disable the linkscanner (and then tell it's panel that it's "ok" that it's not on) or not-install it during the custom installation process. It doesn't bother me anymore! Besides that, I can't stand Avast's interface... it's just plain confusing and annoying. What's with the "VCR" style panel?!

That being said, I have used AVG on many machines, and it works pretty well. I also disable the automatic daily scan, as it seems rather unnecessary to do this daily. What's more, it prevented me from getting bitten by the recent issue of a false-positive detection of a windows file. Keep in mind, most free virus scanners seem to have high false-positive rates.

A good reference for AV detection rates is http://www.av-comparatives.org/

Witness how many legitimate products get flagged as "hacker tools" (like Angry IP Scanner)

A port scanner is a hacker tool. Of course you can use it for legitimate purposes as you can with many other tools. I can even use a malicious virus as a tool for testing my AV engines. But it is still a virus. If you are in the position to legitimately use a port scanner you obviously should also be in the position to get this program on your machine from being excluded by the corporate antivirus.

Apart from that, if I would discover some of my users to use such a tool without entitlement and the AV engine would not detect it, I would demand for a signature to be added by the AV vendor.

Apart from that the last time I checked they mentioned that not every AV vendor is used for comparison because they have to fullfill certain minimal requirements. But as a matter of fact I just checked again and concerning Trend they say:

TrendMicro may be tested separatly in 2008 and will be included in future

Oh, and:

[...]while their commercial counterparts are ignored (ostensibly after paying them off to get off their little black list).

Do you notice how I am much less likely to submit potential evil software for inclusion in the next signature update if it is commercial sw, as my users (and supposedly many hackers) are more likely to use the freely available software to piss me off?

http://www.av-comparatives.org/seiten/ergebnisse_2008_08.php
http://www.av-comparatives.org/seiten/ergebnisse_2008_11.php

The tables are in a horrible colors for some reason.

http://www.av-comparatives.org/seiten/ergebnisse_2008_08.php
http://www.av-comparatives.org/seiten/ergebnisse_2008_11.php

The tables are in a horrible colors for some reason.

Avira Antivir gets my vote. It works on XP and Vista, very small memory footprint, daily updates, consistent performance (check out http://www.av-comparatives.org/ and it's free. Available at http://www.avira.com/

Sorry, their free version is still the best in terms of quality. It's small, fast and has the best detection rates pretty consistently. Too many things I've seen get past any of the others that Avira catches, and I don't use anything but it anymore as a result.

AVG is nice though, I still like it. Avast! as well. Thankfully it's not a disaster for me when the Avira pop-up shows up when the daily definitions update occurs, but I can see how for some people it could be a real problem depending on what they're doing at the time.

Choose your antivirus from one of these http://www.av-comparatives.org/, and firewall from these http://www.matousec.com/projects/firewall-challenge/results.php. Hope it helps

I'd also like to mention http://www.av-comparatives.org/ which seems to be very thorough in their tests, and gives good explanations of their graphs. Their research includes thousands of viruses, worms, malware, and legitimate software to calculate virus detection rate vs false positive rate. They also do some speed calculations, for those interested.

http://av-comparatives.org/ provides pretty decent testing. The most recent results are as follows:

Advanced +
AVIRA
GDATA
Symantec
McAfee (with Artemis)
Avast
TrustPort
Kaspersky
AVG

Advanced
ESET
BitDefender
F-Secure
eScan
Sophos
Norman

Standard
Microsoft
McAfee (without Artemis)

No Award
VBA32

This new technology (Artemis) looks for suspicious PE files [EXEs, DLLs, etc], and when found it sends some kind of checksum (with no personal/sensitive data) to a central database server hosted by McAfee AVERT Labs. The central database server is constantly updated with new discovered malware, and is McAfee's malware queue for which no official DATs have been created so far. If a match is found in the central database, the scanner will report and handle the malware detection. The files in McAfee's queue have not been[sic] undergone any analysis, but they are crosschecked by McAfee's huge whitelists to avoid false alarms.

By having a remotely maintained blacklist it may be able to provide faster protection to new malware than vendors which release signature updates many times at[sic] day to cover the high amounts of new malware appearing every hour.

...

Update (May 2008): we re-tested Artemis over our clean-set in May 2008 and now that McAfee has expanded its whitelists, Artemis still produces relatively many false alarms, but at least no longer on very important/critical files.

What could go wrong?

is AVG still a good free AVG prog? And I dont mean just because of this controversy, they made good on it and responded. I mean the long haul.

It's not the antivirus that I'd recommend. Along with Norton and McAfee it features heavily on HijackThis log postings on malware removal forums all over the internet. AVG Antispyware (originally ewido) is a good antispyware product and is incorporated into the AVG 8.0 product so it's not all bad.

AV product assessments are a difficult area but consistently good performance over time would be what I'd look for. Most opinions are highly emotional and based on limited experience of "I got [insert name of nasty] and the AV I had missed it, but [insert name of AV product] fixed it up".

AV Comparatives do keep post their test results and previous test results are available.

The malware epidemic out there is not going to be stopped any time soon by antivirus software. In general it seems to be stuck in a bit of a time warp in some ways and I'm not convinced that any method of testing is any sort of proof, given that testing has to be against known exploits/risks/malicious software.

Isn't it time people start boycotting _all_ commercial antivirus programs?

Since this article is about a print article in German, you may want to check out the site http://www.av-comparatives.org/

Malware is an arms race, and the comments about AV software being useless are bull. It just isn't a panacea either. Schneier says security is a trade-off. Average users don't want to be inconvenienced by things like applying the principle of least privilege. Personally I use SudoWn and Runasspc with my XP Pro system when I need to elevate something to admin, and a combination of Avira/Spybot-SD and Firefox with NoScript. That's the software side. The most important thing I do for my security is to mistrust everything by default. I don't install stuff that's likely to be infected. Even if I think something is safe, I scan it manually before I run it with admin privs. I've been virus/malware free since I put this system together back in March of this year, and I've probably installed nearly 100 applications in that time.

PS: The later versions don't seem to work for me, but version 2.0 of SudoWn does, and it requires .Net 2.0.
Hopefully this is helpful to at least one person.

Arguably she's right.

http://www.av-comparatives.org/

What's she's actually done is give your opinion a vote of no confidence (or take someone else's opinion over yours).

She probably sees you as someone who's interested in tech (a fair assumption given you're posting here) and that you have time to fiddle with things. She may well believe AVG is great for YOU. However, if she's like most she doesn't want to spend time trying out 6 products to find one that works best. She probably thinks that if it's being sold at a major store it's more mainstream and will suit her better. I'd bet that someone else she knows or has spoken to uses it and that they don't have a techy background. Again arguably her thinking isn't far off. If everyone she knew was using AVG I bet she wouldn't go out and buy McAfee.

http://www.av-comparatives.org/ http://www.av-comparatives.org/seiten/ergebnisse_2007_05.php http://www.av-comparatives.org/seiten/ergebnisse_2007_08.php

http://www.av-comparatives.org/ http://www.av-comparatives.org/seiten/ergebnisse_2007_05.php http://www.av-comparatives.org/seiten/ergebnisse_2007_08.php

http://www.av-comparatives.org/ http://www.av-comparatives.org/seiten/ergebnisse_2007_05.php http://www.av-comparatives.org/seiten/ergebnisse_2007_08.php

Especially in view of these results, where Microsoft's "OneCare" detected only 90% of new malware thrown at it:
http://www.av-comparatives.org/seiten/ergebnisse_2007_08.php

Those results are in improvement. The March results had them finding only 82%. Meanwhile, much more viable commercial products are around 99+%. Still, even for them, letting 50 out of every thousand bugs in doesn't say much about their security, even if OneCare is so much worse.

To back up what RootWind said, here's the official reply (on ClamWin, which is pretty much a Win32 compile + gui for ClamAV):

ClamWin better than Norton? No, you can not look at number of signatures to know who detects more. If you look on how ClamAV performs in independent tests (e.g. AV-Test.de) you see that it score around 49%, while Norton 99% (I would get very similar results). ClamAV is good to use e.g. at mail servers, but I would not suggets to use for other places, as there are better options available.

link

Actually, every major AV product still relies on signature scanning for detection on client machines. You're right that observation on a honeypot or even VM sandbox is often used to characterize the behavior initially, but this is distinct from a roll-out of detection to the client, which is what I believe everyone's talking about here.

As for signature scanning going the way of the dodo, there are really only 3 choices at present: signature scanning, run in a VM sandbox, or try to detect heuristically without resorting to a VM. The last two are similar, but not identical.

There's already malware that won't run when inside a VM, so 'running in a virtual sandbox' provides no real solution. (And if someone suggests that we solve that by making it impossible to tell whether or not you're running in a VM -- which likely means processor changes -- think about what that will do to being able to detect a rootkit that loads your whole environment into a VM.)

If you take a look at AV-comparatives.org, heuristic scanners don't seem to do very well vs. signature based detection. The very best proactive (heuristic) detection of 'unknown' malware (viruses, trojans, worms, etc.) seems to run about 60%. The very best signature based detection seems to run around 99.9%. (Moreover, the rate of false positives with heuristic detection tends to be much higher.)

60% vs 99.9%? That's a big, big difference. Signature-based detection isn't going away anytime soon.

Let's imagine that Company X has developed a behavioral antivirus AVX, which detects 100% of current malicious programs. So what will the hackers do? Of course, they will invent new types of malicious programs. And then of course it will be necessary to update the behavioral rules. And then update them again, because the hackers and virus writers aren't going to give up that easily. And then update them again and again and again. At the end of the day, we arrive at a signature scanner, except the signatures will be behavioral, and not pieces of code.

This conclusion also applies to the heuristic analyser, another proactive protection method. As soon as hackers perceive that antivirus technologies are preventing them from reaching their victims, they invent new virus technologies which will be used to evade proactive detection. As soon as a product with advanced heuristics and/ or behavior blocking is widely used, the 'advanced' technologies employed will cease working.

This means that 'reinvented' proactive technologies are only effective for a relatively short length of time. Where junior hackers need a few weeks or a couple of months to get round proactive protection, professional hackers will need one or two days, or, in the worst case, a few minutes or hours.

Actually, every major AV product still relies on signature scanning for detection on client machines. You're right that observation on a honeypot or even VM sandbox is often used to characterize the behavior initially, but this is distinct from a roll-out of detection to the client, which is what I believe everyone's talking about here.

As for signature scanning going the way of the dodo, there are really only 3 choices at present: signature scanning, run in a VM sandbox, or try to detect heuristically without resorting to a VM. The last two are similar, but not identical.

There's already malware that won't run when inside a VM, so 'running in a virtual sandbox' provides no real solution. (And if someone suggests that we solve that by making it impossible to tell whether or not you're running in a VM -- which likely means processor changes -- think about what that will do to being able to detect a rootkit that loads your whole environment into a VM.)

If you take a look at AV-comparatives.org, heuristic scanners don't seem to do very well vs. signature based detection. The very best proactive (heuristic) detection of 'unknown' malware (viruses, trojans, worms, etc.) seems to run about 60%. The very best signature based detection seems to run around 99.9%. (Moreover, the rate of false positives with heuristic detection tends to be much higher.)

60% vs 99.9%? That's a big, big difference. Signature-based detection isn't going away anytime soon.

Let's imagine that Company X has developed a behavioral antivirus AVX, which detects 100% of current malicious programs. So what will the hackers do? Of course, they will invent new types of malicious programs. And then of course it will be necessary to update the behavioral rules. And then update them again, because the hackers and virus writers aren't going to give up that easily. And then update them again and again and again. At the end of the day, we arrive at a signature scanner, except the signatures will be behavioral, and not pieces of code.

This conclusion also applies to the heuristic analyser, another proactive protection method. As soon as hackers perceive that antivirus technologies are preventing them from reaching their victims, they invent new virus technologies which will be used to evade proactive detection. As soon as a product with advanced heuristics and/ or behavior blocking is widely used, the 'advanced' technologies employed will cease working.

This means that 'reinvented' proactive technologies are only effective for a relatively short length of time. Where junior hackers need a few weeks or a couple of months to get round proactive protection, professional hackers will need one or two days, or, in the worst case, a few minutes or hours.

They should follow suit with testing bodies such as http://www.av-comparatives.org/ They have a Retrospective test which is kind of like what Consumer Reports is trying to accomplish, but is makes more sense. Basically, what they do is regress the detection database six months, and test the detection of new malware collected during the last six months. All detections will be from heuristics or generic signatures. Seems much better to do a real-world test than a sloppy create-your-own-virus test which will most likely make the antivirus companies look better. Remember, malware writers release malware that they know will specifically not be caught, whereas CR is just randomly modifying.

Seriously, Nod32 owns... owns, owns, owns.

Kaspersky is pretty good too.

But who in their right mind, that knows *anything* about security, uses Symantec or McAfee anti-virus products?

Check out these: http://www.av-comparatives.org/index.html?http://w ww.av-comparatives.org/seiten/comparatives.html

And if you have a VirusBtn login, the 100% awards are alright indicators of virus scanner quality, but nowhere near as good as av-comparatives IMO.

Funny enough, according to the latest on demand scanning test from this site, Norton Anti-Virus scored a very high grade in this test (better even than AntiVir and Avast!) and the highest possible mark (100%) in detection of polymorphic viruses.

Actually, not to be contrary, the site lists G DATA Security's AntiVirusKit to be the best (in the most recent test), with a report and explanation of the rankings available at http://www.av-comparatives.org/seiten/ergebnisse/r eport09.pdf/.

I would say according to this comparison, AntiVir is the best...and of course, this is the only comparison that really matters...