Can You Trust Anti-Virus Rankings?

Slatterz writes "It seems nobody can agree on a universal set of tests for rating anti-virus software, with Eugene Kaspersky the latest to weigh in on the topic, criticizing the well-known Virus Bulletin 100. Kaspersky is one of several big anti-virus brands to fall foul of the VB100 tests, reportedly failing to pass a recent test of security software on Windows Server 2008, along with F-Secure and Computer Associates. At Kaspersky, bloggers have pointed out that they don't focus on detecting PoCs, calling it a 'dead end,' and saying their anti-virus database focuses on 'real threats and exploits.' 'I don't want to say it's rubbish,' Kaspersky told PC Authority. 'But the security experts don't pay attention to these tests. It doesn't reflect the real level of protection.'"

No more....

[TheNecromancer]

than I can trust the hackers that write these damn viruses that keep infecting my PC! Yeah, standards in this industry would be a start in the right direction, but right now ANY virus protection software is better than none!

I use Norton Internet Security, and while it is passable, I find that it's a resource hog. I know there are other products out there that are less "intrusive", but I just don't want to take the chance (or time) with another product.

Re:No more....

[kimvette]

Would you consider using ZoneAlarm for your software firewall (or get a "hasbro" level appliance for home if you don't have one and don't bother with a software firewall if the PC isn't mobile), and then a F/OSS AntiVirus package that does AntiVirus and ONLY antivirus? If so, then check out Moon Secure AntiVirus. I run it on my Vista installation (which exists for gaming).

On Linux, I don't worry about it. In fact, I submit bug reports to malware authors complaining that their crapware doesn't run on WINE and I feel left out. OH WOE IS ME!

Re:No more....

[JustinOpinion]

Norton is ... ALMOST IMPOSSIBLE TO REMOVE.

Which I found especially hilarious/frustrating when I was required to upgrade the version of Norton on a bunch of lab computers. The upgrade wouldn't work, and told me I had to uninstall the previous version. Turns out uninstalling the previous version was unbelievably difficult. The auto-uninstall didn't work. The Norton removal tool didn't work. Finally I had to follow a series of manual step-by-step instructions about what files to delete and what registry keys to modify.

And after all this pain and suffering to remove Norton... I had to install a new version. (That I knew would be a pain to eventually uninstall or upgrade.)

Needless to say I now avoid Norton like the plague. Yet I would argue that Norton/Symantec is widespread not only because of default installs--but because they seem to do a good job marketing to the higher-ups. They win large-scale deployment contracts, where the software annoys end users and many admins, but looks good and secure on paper, I guess.

Comment removed

[account_deleted]

Comment removed based on user account deletion

Comment removed

[account_deleted]

Comment removed based on user account deletion

That's why I

[svendsen]

I have different Anti virus product on each of my machines at home. I figure the gap of what they won't detect is smaller then what just having one product will detect.

Bullet proof? Of course not.

So far with Avast, AVG, (mind you one virus product per computer only) ZoneAlarm, FireFox, and some basic sense I haven't been hit.

My only issues (sad enough) is when a windows update broke Zone Alarm and when AVG detected Zone Alarm as a virus (cause a new version came out) and shut it down.

Now that i really think of it all the products designed to protect me have been the ones giving me all the trouble. HAHAHA (as I cry)

Re:That's why I

[Ilgaz]

The new version of Kaspersky and couple of other vendors who spends money to development instead of animated ads tries to go with "white list" approach.

For example, while it does very suspicious things (due to its function), Zonealarm is very known to the AV solution and once it is surely the ZA it trusts, it won't bother with it too much UNLESS it starts doing things which it isn't known to do. It adds lot to the performance and Kaspersky is the last vendor to blame about heuristics since its early versions. If they didn't do a lot of heuristics against unknown threats, they wouldn't be blamed for making it "slower" than free AVG and robbing the users.

I can understand why Mr. Kaspersky is particularly touched by the claim of the test and the products failure against imaginary threat. Kaspersky was one of the first AV solutions to run a small virtual machine and emulate things before giving them go. It is also running way deeper than many on the market (ring 0) so that is why it may create horrible slowness with hypervisor, emulation type of Windows. E.g. on Virtual PC 7, it is plain suicide to run it.

Why start from the back?

[AnalPerfume]

Why stick to an OS which is fully virus compatible? I know Microsoft try their hardest to be incompatible with everyone else to lock people into their systems but they do have the market sewn up on malware compatibility.

The whole anti-malware market exists to fit one purpose.....to plug the holes Microsoft's incompetence leaves behind.

The moral of the story is that if you insist on (or have to because of some proprietary software you need) using Windows you're never gonna be secure, no matter how many anti-malware programs you use because the underlying OS is a piece of shit.

Switching away from Windows to UNIX / Linux / OSX will give you a huge head start on security before you even start thinking of what else you can do to stay secure.

It's like choosing the back row as your starting point in a race, knowing you don't have a snowballs chance in hell of catching the pack, let alone overtaking them.

Re:No.

[_Sprocket_]

Indeed; nor should we expect them to. The vast majority of computer users want to use the computer in the same way that they use any other appliance; and frankly, they /should/ be able to. Unfortunately, the only way to give them that experience is to a) line up all malware authors and shoot them; or b) provide them with locked-down machines that can only run Authorized Content in an Approved Manner.

The problem with that is we've just spent the last 20+ years going through massive innovation because there's no particular approval to how this tech is used. Bolting on Approval could have ugly effects. Unless, of course, that approval is from the end user. Which puts us in the same place we are now.

The other issue is that we're not dealing with a toaster. Nobody expects their toaster to also become a calculator, telephone, and TV on demand. We're dealing with a complex and powerful machine. A computer is not a toaster (or a truck - but I digress).

That doesn't mean we shouldn't be trying to simplify the tech. After all, an automobile is also a pretty advanced piece of machinery as well. But the key to this is making really intelligent and sufficiently paranoid choices on how to go about doing this so the end user doesn't have to. Part of the problem is that some aspects of the industry like to portray their products as toasters while making poor design choices; a customer base of monkeys with machineguns.

Re:My favorite AV software:

[mcgrew]

You are correct; as I just told another guy, a trojan will work on any platform, and the only unhackable computer is a broken computer.

Backdoors, trojans, and DoSes are not "technically" viruses any more than a window is not "technically" a door and a screw is not "technically" a nail. And I doubt very seriously that Linux has 300 back doors; I'd be surprise dit it had one. If your source calls a trojan a "backdoor" your source is ignorant.

And yes, it's prudent to be vigilant. But with Windows, vigilance isn't enough. A Windows computer can be compromised before it can even be patched.

I see someone modded it "overrated", but there are a lot of microsoft employees on slashdot. I expected some asshat to mod it "flamebait" or "troll".