Against Unknown Viruses, Avira AntiVir the Winner For Now

KingofGnG writes "AV-Comparatives, the Austrian team of experts dedicated to antivirus tests acknowledged as a reference point in the field, has published the second part of the mid-year comparative, an ideal addendum to the one already released last September. This time the aim is to evaluate the antimalware tools' effectiveness against unknown threats in a test scenario meant to prove the heuristic part and the generic markers of the on-demand scanning engines." The best in show (of 16 anti-malware packages evaluated), Avira AntiVir was able to find 71% of the unknown malware it was exposed to in the first week, dropping to 67% after the fourth.

Unknown?

[girlintraining]

Okay, how does it detect something that's unknown? I think it would be better phrasing to say "this scanning engine has the best heuristic pattern matching algorithms amongst those products tested." But perhaps that's too techie and we should go with "zomg! finds viruses and kills zem dead! nom nom nom." :)

In either event, I have yet to have any antivirus product I use detect anything using its built-in heuristic scanner. But it sure does slow the machine down, as I'm sure many techies out there reading this from work will know by the curse word "Norton." And if I were a virus writer, I would have every antivirus product in my lab running to test against before releasing it as a matter of course. Could it be this thing is only effective because most virus writers haven't heard of it?

Re:mine is better

[77Punker]

I'm really glad the last sentence of that post was a joke instead of "I run Linux."

Re:mine is better

[Lord+Ender]

This one comment demonstrates why the entire article is bogus. Thanks.

Missing some market leaders

[nicolaiplum]

This is an interesting test, but some market leaders are missing, notably Trend (El Reg quotes Gartner saying Trend has 13.8% market share, third after Symantec and McAfree). If I am to use this research to pick a solution or to pick a better solution, the chances are high that someone in the management is going to "suggest" (try to make me use...) "Trend" because they've heard of it; if they suggest "McAfee" I can use this research to shoot that down, but not Trend.
Meanwhile, to bang the open source drum, they also didn't test Clam AV. I don't know Clam's market share, but I have to say I like it a lot for its ease of integration into my UNIXy infrastructure compared to the commercial ones I've tried, and I consider it worth testing because of its different development methodology with undoubtedly different strengths and weaknesses compared to the big commercial AV vendors.
So it's all very interesting but not entirely useful to me.

Re:Missing some market leaders

[Psychotria]

Meanwhile, to bang the open source drum, they also didn't test Clam AV. I don't know Clam's market share, but I have to say I like it a lot for its ease of integration into my UNIXy infrastructure compared to the commercial ones I've tried...

I also like ClamAV (see my post above). I use it from my linux machines to scan my Windows machines when they're "offline". Had to write a script to get it to work how I wanted... but that's the beauty of the command line.

I believe that there's a GUI front-end for ClamAV as well (klamav I think it's called). I haven't tried it and I think it's still in early development, but I guess I'll check it out one day just for interests sake.

More evidence for a white list.

[khasim]

I'm still waiting for one of the anti-virus vendors to just start implementing a white list to cut down on the false positives.

It's not really a "virus detector" if it hits more often on non-viruses on your system. It's a "new software is being installed" detector.

Re:mine is better

[Lord+Ender]

You must be new here.

Re:mine is better

[davester666]

Ah, good old duct tape. Is there any problem it can't fix?