MaximumPC Internet Security Comparatives

[Signal2Noise]

Fwiw, the May issue of Maximum PC has an internet security comparative round up. I've summarized the heirarchy here with base 10 score in brackets. An asterix (*) denotes free. For complete test methods and descriptions check out the magazine or wait until it's online. I found some of the results suprising, especially Norton's position. I'm not sure why Kaspersky was not included although the author stated any missing suites could be reviewed separately in future publications.

ESET Smart Security 4 (9)
McAfee Internet Security 2010 (8)
Microsoft Security Essentials* (8)
Norton Internet Security 2010 (7)
Bitdefender Internet Security 2010 (7)
Panda Internet Security 2010 (7)
Comodo Internet Security Pro (6)
Avira Antivir Free Edition* (6)
Avast! Internet Security (5)
Trend Micro Internet Security Pro 3.0 (4)

In a nutshell, the article went on to say that ESET continues to be the favorite, McAfee finally redeems itself, MSE is great for cheapskates, and Trend Micro just plain sucks.

I use Norton IS, MSE, and Kaspersky IS on seven machines @ home and am happy with all of them. I currently run ESET for Mac beta on my Mac Mini and seems slow for scanning but it is of course only beta still.

[LarkStarr]

whurr's AVG and F-secure?

[MrDiaz]

Been using Avira for 5 years, since beta times. Best thing out there!

[SKYMTL]

Hold on. No Kaspersky, AVG or F-secure? Come on.

[Deviant]

Quote:

Originally Posted by MrDiaz

Been using Avira for 5 years, since beta times. Best thing out there!

+1. 99.3% detection rate while scans remain fast and FPs have dropped significantly over the last year. Free version works fine as well. But how'd it get a 6?

ESET on the other hand is doing poorly IMO. While everyone improved, they remained stagnant in terms of new implementations and their last good product was NOD32 v2. v3 did worse and subsequently succeeded by v4. Nonetheless, NOD32 did manage to score 97.x% in the latest av-comparatives comparison.

[MrDiaz]

It got a 6 because most of the other variations have added features and such. I still wouldn't replace Avira even if they give it a rating of 2!

[Deviant]

Quote:

Originally Posted by MrDiaz

It got a 6 because most of the other variations have added features and such. I still wouldn't replace Avira even if they give it a rating of 2!

Well, that's just silly. I suppose those "new features" make the other AVs better than Avira...*sarcasm...and it seems like Avira didn't send a big enough of a cheque. Oh well. I'm still sticking by Avira especially with v10 looking better.

[DCCV44.2223]

Quote:

Originally Posted by Deviant

Well, that's just silly. I suppose those "new features" make the other AVs better than Avira...*sarcasm...and it seems like Avira didn't send a big enough of a cheque. Oh well. I'm still sticking by Avira especially with v10 looking better.

I'd like to see the methodology used in the MaximumPC test first but when it included one AV that hasn't been certified by ICSA nor WestCoast labs and highly rank another that doesn't scan HTTP traffic, doesn't have HIPS/behaviour blocker and only update once a day, then it doesn't look good...

There are not that many organizations out there that can test AVs properly, and those that can often are paid by the vendors to test their products, e.g., AV-Comparatives, Virus Bulletin.

Many tests are still based on "static" tests of how many samples are detected by the AV during a "on demand" scan. While signature based detection is a major component of AV and still important for detecting known malware, most of the better AVs nowadays have some form of HIPS or behaviour blocker that can block unknown malware.

Both AV-Comparative and Virus Bulletin have "proactive" tests where they test the ability of AVs to detect malware samples collected during the week *after* the definition database was released. Detection rate usually falls drastically to the <70% range.

There is always a time lag before AV vendors can get signature updates to users -- anywhere from 4-8+ hours, sometimes it can take days -- the AV I use average 5,000 new signatures a day and increasing. So in a real world environment the detection rate from the signature based file scanner will more likely be those <70% rates seen in "proactive" tests rather the >95% rates seen in the "static" tests.

The lower detection rate is not just due to known samples, but also because with most AV the "on-demand" scanner is configured to use the most thorough settings, whereas the "on-access" and HTTP scanners -- the ones that are on the front line in the real world -- are usually configured to be less thorough to minimize impact on performance.

With malware that are missed by signature detection, HIPS and behaviour blockers come into play. Testing organizations have started to run "dynamic" tests:

AV-Comparative
AV-Comparatives - Independent Tests of Anti-Virus Software - Dynamic Test

AV-Test
Maximum Security: 2010 Internet Security Suites - PCWorld

NSS Labs (registration required)
Consumer Anti-Malware*-*nsslabs.com

Personally, nowadays I'm more interested in the performance of non-signature based detection/blocking and other "cloud based" technology than the performance of the classic signature based detection.

[bushwhacker]

Excellent post DCCV44.2223. Much appreciated - especially when verifiable links are included.

[MrDiaz]

Very interesting indeed. Avira kicking butt as always! :)