Slashdot Mirror

← Back to Stories (view on slashdot.org)

Against Unknown Viruses, Avira AntiVir the Winner For Now

Posted by timothy on from the evolving-bleakosystem dept.

KingofGnG writes "AV-Comparatives, the Austrian team of experts dedicated to antivirus tests acknowledged as a reference point in the field, has published the second part of the mid-year comparative, an ideal addendum to the one already released last September. This time the aim is to evaluate the antimalware tools' effectiveness against unknown threats in a test scenario meant to prove the heuristic part and the generic markers of the on-demand scanning engines." The best in show (of 16 anti-malware packages evaluated), Avira AntiVir was able to find 71% of the unknown malware it was exposed to in the first week, dropping to 67% after the fourth.

35 of 170 comments (clear)

  1. mine is better by SoupGuru · · Score: 4, Funny

    My custom anti-virus solution is better. It blocks 100% of all known and unknown viruses. Just don't ask what its false positive rate is...

    --
    What doesn't kill you only delays the inevitable
    1. Re:mine is better by 77Punker · · Score: 3, Insightful

      I'm really glad the last sentence of that post was a joke instead of "I run Linux."

    2. Re:mine is better by Anonymous Coward · · Score: 5, Funny

      My custom anti-virus solution is better. It blocks 100% of all known and unknown viruses. Just don't ask what its false positive rate is...

      Sounds like my sex life: My anti-STD solution is great. It blocks 100% of all known and unknown STD's. Just don't ask what my human-to-human sexual encounter rate is... :(

    3. Re:mine is better by adisakp · · Score: 2, Interesting

      Komodo firewall has technology to only allow white-listed EXE's to run in a "paranoid" mode. It means you have to manually "approve" newly installed programs and updates (or go into installation mode during the update) but it works pretty well.

    4. Re:mine is better by Smidge207 · · Score: 3, Funny

      Just don't ask what my human-to-human sexual encounter rate is...

      Fair enough, but I am curious as to what your human-to-dog sexual encounter rate is?

      What? It's a fair question, he left it wide open to interpretation.

      =Smidge=

      --
      Is it just my observation, or is eldavojohn an idiot?
    5. Re:mine is better by Thelasko · · Score: 5, Informative

      This one comment demonstrates why the entire article is bogus. Thanks.

      If you actually read the fine article it goes on to note Avira's high rate of false positives and recommends NOD32 instead.

      --
      One of our competitors trademarked the term "hypothesis". From now on, we will call them "boneheaded ideas".
    6. Re:mine is better by Lord+Ender · · Score: 2, Insightful

      You must be new here.

      --
      A slashdotter who didn't build his own computer is like a Jedi who didn't build his own lightsaber.
    7. Re:mine is better by sveard · · Score: 3, Funny

      human-to-dog sexual encounter [...] Had that happen to me in Canada at a balmy -30 Celsius.

      Yikes!

    8. Re:mine is better by davester666 · · Score: 3, Insightful

      Ah, good old duct tape. Is there any problem it can't fix?

      --
      Sleep your way to a whiter smile...date a dentist!
    9. Re:mine is better by ClosedEyesSeeing · · Score: 3, Interesting

      Mine is better - remove the cat5 (or phone) cable. I'd like to see the chances of something getting in then! (from the Web, stupid users with viruses on portable media excluded from test results)

    10. Re:mine is better by Fozzyuw · · Score: 2, Interesting

      Is there a free version of NOD32? Antivir is still free (albeit with occasional ad pop-ups) for the home version. It also have a very small footprint. How's NOD32's footprint?

      --
      "The past was erased, the erasure was forgotten, the lie became truth." ~1984 George Orwell
    11. Re:mine is better by ushering05401 · · Score: 2, Informative

      There is no free version so far as I know.

      I have only been using NOD for a few weeks... so far so good.

      I was stuck with a Panda solution at work for a couple of years, NOD feels far advanced of that suite.

      The nicest thing I have noticed so far is the NOD interface and presentation of options, so my opinion basically boils down to YMMV.

      As far as footprints go, I rebooted this machine 29 hours ago according to task manager. The NOD kernel has utilized 28 seconds of processor time.

      I just spawned an on-demand scan, and popped back into VS2008.. minor speed hit on standard tasks. Much less that Panda from the feel of it. Nod32.exe (scanning process) is currently topping out at 13% CPU usage, and it doesn't do that annoying throttling garbage that some other AV systems do, NOD stays light on the flops.

      Barely noticeable really. Of course, I don't really know how good a job it is doing.

    12. Re:mine is better by lysergic.acid · · Score: 4, Interesting

      still, i think a better (more useful) test would be conducted by:

      1. enlisting a 100 or so test subjects from various non-technical (in terms of computer knowledge) backgrounds.
      2. give each one of the 9 best-selling anti-virus solutions to 10 different volunteers.
      3. give the last 10 volunteers a 2-week course on basic computer security and malware-prevention.
      4. subject all 100 subjects to the same gauntlet of viruses/trojans/malware over a 6-month period. (perhaps 4-5 viruses a week, for a total of around 120 threats tested)
      5. note how many infections per person each group averaged, how many false-positives each group reported, and how much time/productivity was lost due to the threats & false-positives--for instance, time spent on reboots, reformats, dealing with virus alerts, waiting for anti-virus updates, etc.
      6. lastly, measure the cost-effectiveness of the anti-virus solution used in each of the 10 groups.

      i suspect that preventative education/training is probably the most effective method of combating viruses & malware. and though it might not be cost-effective in the short-term, it might be cheaper to train long-term employees how to avoid viruses/malware than to pay for yearly-subscriptions and still suffer down-time and loss of productivity from infections.

  2. MalwareBytes? by oahazmatt · · Score: 4, Informative

    I'm surprised MalwareBytes isn't on the list. We've come to depend on it for removing zlob from problematic PCs.

    --
    Those who believe the Internet is private,
    find their privates are on the Internet.
  3. Unknown? by girlintraining · · Score: 4, Insightful

    Okay, how does it detect something that's unknown? I think it would be better phrasing to say "this scanning engine has the best heuristic pattern matching algorithms amongst those products tested." But perhaps that's too techie and we should go with "zomg! finds viruses and kills zem dead! nom nom nom." :)

    In either event, I have yet to have any antivirus product I use detect anything using its built-in heuristic scanner. But it sure does slow the machine down, as I'm sure many techies out there reading this from work will know by the curse word "Norton." And if I were a virus writer, I would have every antivirus product in my lab running to test against before releasing it as a matter of course. Could it be this thing is only effective because most virus writers haven't heard of it?

    --
    #fuckbeta #iamslashdot #dicemustdie
    1. Re:Unknown? by spinkham · · Score: 5, Informative

      Try NOD32. The scanner that actually got top ratings in this test, for finding the highest number of viri without ungodly number of false positives. I've used it for a few years, and it's fast and has a good track record on virus tests. Can't recommend enough.

      --
      Blessed are the pessimists, for they have made backups.
  4. Missing some market leaders by nicolaiplum · · Score: 3, Insightful

    This is an interesting test, but some market leaders are missing, notably Trend (El Reg quotes Gartner saying Trend has 13.8% market share, third after Symantec and McAfree). If I am to use this research to pick a solution or to pick a better solution, the chances are high that someone in the management is going to "suggest" (try to make me use...) "Trend" because they've heard of it; if they suggest "McAfee" I can use this research to shoot that down, but not Trend.
    Meanwhile, to bang the open source drum, they also didn't test Clam AV. I don't know Clam's market share, but I have to say I like it a lot for its ease of integration into my UNIXy infrastructure compared to the commercial ones I've tried, and I consider it worth testing because of its different development methodology with undoubtedly different strengths and weaknesses compared to the big commercial AV vendors.
    So it's all very interesting but not entirely useful to me.

    --
    "For a successful technology, reality must take precedence over public relations, for Nature cannot be fooled"
    1. Re:Missing some market leaders by girlintraining · · Score: 3, Interesting

      It could be because Trend Microsystems has gone after people who have tried to benchmark their software in the past, claimed to have exclusive patents to the very concept of antivirus scanning, etc. They don't exactly have a great reputation for supporting fair marketing and being open about how their product works... Witness how many legitimate products get flagged as "hacker tools" (like Angry IP Scanner), while their commercial counterparts are ignored (ostensibly after paying them off to get off their little black list).

      I say, it could be.

      --
      #fuckbeta #iamslashdot #dicemustdie
    2. Re:Missing some market leaders by Psychotria · · Score: 2, Insightful

      Meanwhile, to bang the open source drum, they also didn't test Clam AV. I don't know Clam's market share, but I have to say I like it a lot for its ease of integration into my UNIXy infrastructure compared to the commercial ones I've tried...

      I also like ClamAV (see my post above). I use it from my linux machines to scan my Windows machines when they're "offline". Had to write a script to get it to work how I wanted... but that's the beauty of the command line.

      I believe that there's a GUI front-end for ClamAV as well (klamav I think it's called). I haven't tried it and I think it's still in early development, but I guess I'll check it out one day just for interests sake.

  5. Now If only . . . by Cyberllama · · Score: 3, Interesting

    . . . someone could find a way to get rid of its horrible "zomg hackers are after you, give us some monies" pop-up that comes up at 10:30 every tonight and alt-tabs me out of anything else I might be doing. I realize the free version is free, and apparently that pop-up ad justifies, but *must* it also alt-tab me out of games? That's pretty obnoxious.

    1. Re:Now If only . . . by clone53421 · · Score: 2, Interesting

      That's enough to ensure that I will never install it.

      --
      Alexander Peter Kristopeit bought his basement from his mommy for one dollar.
    2. Re:Now If only . . . by monkeyfromx · · Score: 3, Informative

      How about this? http://www.tipsfor.us/2007/08/15/make-avira-antivir-free-edition-more-usable/

  6. Re:Direct Link to results by girlintraining · · Score: 2, Funny

    The site seems to block direct linking...and gives you a 404. Now that's fucking stupid.

    I second that motion. Let bombing begin in 10 minutes.

    --
    #fuckbeta #iamslashdot #dicemustdie
  7. TFA paints a more complete picture by floodo1 · · Score: 5, Informative

    It's worth pointing out that when you take false positives into account Eset Nod32 becomes the only AV solution to achieve the "Advanced+" rating. Apparently it detects 20% fewer "unknown" threats but had only 7 false positives, compared with 17 for AntiVir. This places AntiVir in the same category ("Advanced") as Kaspersky, Mircosoft, Symantec, McAfee, and GData. Hopefully people bother to read the TFA, and not just this /. article

    --
    I KUT J00 M4NG!!!
    1. Re:TFA paints a more complete picture by street+struttin' · · Score: 4, Funny

      Why read the article? You just told us what we'd miss if we didn't.

  8. More evidence for a white list. by khasim · · Score: 3, Insightful

    I'm still waiting for one of the anti-virus vendors to just start implementing a white list to cut down on the false positives.

    It's not really a "virus detector" if it hits more often on non-viruses on your system. It's a "new software is being installed" detector.

  9. False positives by Thelasko · · Score: 3, Informative
    The summary left out some important information. From TFA:

    ...the samples detection rates are only one of the two elements evaluated for the antivirus final classification, being the number of false positives the other. Rising a false alarm about a malware on a legit software can cause as much troubles like a real infection, the report states, and it is for this reason that AVIRA, Kaspersky and other products, even if they have obtained very good results in identifying samples, have been penalized with a lower classification.

    So the certification level ADVANCED+ has been achieved by ESET NOD32 only, that has detected 20% less of the samples that AVIRA AntiVir has discovered but has triggered only 7 false alarms.

    --
    One of our competitors trademarked the term "hypothesis". From now on, we will call them "boneheaded ideas".
  10. I can do 100% by gsgriffin · · Score: 3, Funny

    I don't know, my computer has never had a virus and never will. This TRS-80 Model I Level II runs like a dream. Just have to get the hang of loading and saving programs with the tape cassette player/recorder.

    --
    jsut athnoer menagiensls ltitle psrhae for you to dcoede. Why do we wtsae our tmie dnoig tihs?
  11. My antivirus research for my IT department by Khopesh · · Score: 2, Informative

    We use Kaspersky for Windows systems at work (and ClamAV on Linux for mail, though that might change to Kaspersky as I believe we have a license for it). When employees ask if they can use our licenses for their personal machines, I point them at Avira AntiVir because it's about as good and it's FREE FOR PERSONAL USE (although the free version has less spyware detection). It blows AVG out of the water.

    Here are some useful links from my research, which included the above site:

    From the Wikipedia links and other research that I didn't bother to note to my colleagues (who were also doing this research), I determined that Kaspersky's software was among the most efficient and CPU-friendly. It's only downside was a less-than-optimal user interface, especially on the administrative side for the corporate product. We didn't mind its UI flaws in the free trial period, so we purchased it. We're still happy with it several months later.

    The main arguments for our switching from Trend Micro were that it was slow, had poor performance, missed several viruses, we wanted to boycott it, and we were tied to a very old version (since it out-performs the newer ones in reviews). Arguments for switching to Kaspersky included: it doesn't feel bloated (remember when that was the norm?), great performance, well received across the board in reviews, dirt cheap (new licenses are 70% the current renewal cost of Trend Micro, which is an ever-growing target), we liked the UI that prevented reviewers from giving it a perfect score, and it's the de-facto number one scanner in Russia and surrounding area (you know, where all the viruses come from?). Kaspersky is also growing rapidly in deployments; you can now get computers installed with it.

    --
    Use my userscript to add story images to Slashdot. There's no going back.
    1. Re:My antivirus research for my IT department by St.+Alfonzo · · Score: 3, Interesting

      "[...]it's the de-facto number one scanner in Russia and surrounding area (you know, where all the viruses come from?)."

      Ignoring the assumption that all viruses come from Russia, wouldn't that make it more likely that the virus developers would make sure their viruses can evade detection under it?

    2. Re:My antivirus research for my IT department by swb · · Score: 2, Interesting

      Ha! I work for Kaspersky reseller, and while I find it to be much more effective than other products, it still has problems.

      The default settings want to do CriticalArea and StartupItem scans when you boot your machine, and this makes the icky Windows-is-slow-at-startup even worse. We've also had a couple of problems with updates crippling the client, and worse, the Exchange product.

      The first couple of client problems were with older 6.x clients not taking updates, we updated them to newer application versions and it fixed the updating problem. This summer there was an update that literally crippled the client; Kaspersky came out with a fix, but by that time I'd already just removed and reinstalled.

      The Exchange AV product has had bad updates that cause it to shut down store.exe. This is a huge show stopper, naturally, and its happened more than once.

      The AdminKit is a hot mess, too.

      I'd like to see us do some NOD32 installs, I seem to hear good things about it.

    3. Re:My antivirus research for my IT department by Khopesh · · Score: 2, Interesting
      I got so entangled in defending my joke assumption that I forgot one of the real reasons I liked Kaspersky's headquartering in Russia: It's not in America or any of its corporation-friendly, overprotective, terrorist-fearing peers, and it's not in a nation that is easily bullied by America, its peers, or corporations.

      This means it doesn't need some "Homeland Security" back-door, it doesn't need to turn a blind eye to corporate root-kits and other DRM-enforcers, and it can be harsh on corporate spyware.

      --
      Use my userscript to add story images to Slashdot. There's no going back.
  12. Bogus rehash - don't bother. by lancejjj · · Score: 2, Interesting

    Do we really need yet another analysis that talks about the same exact products on the same exact platforms?

    Instead of a focus on complete information security, this kind of analysis, once again, ignores BlackBerry and Macintosh and Linux - some very common platforms that are growing in both the enterprise and home markets. How a repeated focus on the most commonly discussed platform helps anyone is a mystery. It just continues to say "all these products are different, we rank them according to our exclusive analysis." Are you going to switch AV vendor given their unconvincing analysis? Not likely.

    In the end, the analysis sounds hollow; "My AV software isn't on the top of their list". Given their strategy, who cares?

    The self-declared "security experts" completely miss the point by completely ignoring platforms other than Windows. Sure, perhaps the BlackBerry is only found in 70% of corporate environments, and the Mac only has 7% market penetration, and Linux is perhaps only 20% of back-end servers - but I'd fathom that nearly 95% of the businesses out there use one of these platforms and need them to be SECURE - in order to keep their corporate (or personal) data and networks safe.

    All these "security experts" are failing their potential customers by rehashing the same discussion, instead of analyzing products and methods that address the mostly unhandled attack vectors of other mission-critical platforms.

  13. Your married... by Hurricane78 · · Score: 4, Informative

    What about my married?

    Because I can't see your married. Where did you hide it?

    -- A formed babby

    --
    Any sufficiently advanced intelligence is indistinguishable from stupidity.
  14. Re:Why so low? by I)_MaLaClYpSe_(I · · Score: 2, Interesting

    Okey, I will take the time to explain it to you.

    1. Set up a honeypot. Catch any number of relatively new viruses with these.

    2. Use an AV product with signature files from a date before you started to capture the new viruses.

    3. Tadaaa...

    4. Of course... profit!

    Now, was that so hard to come up with by yourself?