How to choose an antivirus solution in practice

(this article was originally written for Antivirus Direct)

Choosing antivirus protection can be very difficult. The market is highly competitive and the products are on the leading edge of information technology.

Antivirus vendors have both the knowledge (gained in day-to-day war with cybercriminals) and money to wage an epic brand battle on the field of the computer security. There are a lot of vendors and each of them is pushing dozens of features in their product to the market. How do you really choose between them? Let me try to go deep into this subject in this article.

Security is boring

Security is always in a conflict with usability. Whether you’re working with your documents, playing videogames or watching a movie, no security measures or procedures actually help you with your activity. On the contrary, they’re messing around – slowing down your computer, asking for different passwords, forcing you to chose an appropriate folder to save your files in and so on.

Yes, I understand the necessity; a security payload is the price for your safety, but it’s just no fun at all. Modern marketing tries to get people engaged, to have fun, to receive some kind of closure by using a product. What kind of closure can you expect from antivirus software?

The only thing you need from an antivirus solution is to shut up and remove the viruses. Thant’s why antivirus vendors never have a huge fan base. LOST has 7.5 million fans on Facebook, Symantec has 35 thousand.

To make matters worse, almost no security measure gives you a guarantee or any kind of psychological closure. Remember the movie “Mission Impossible”? There was a very well-protected computer and still Tom Cruise came and hacked it. With any antivirus product, there is always a possibility that the viruses still penetrate your defense. That’s just sad.

Race without end

Antivirus software developers are constantly in a war with cybercriminals and with each other.

There are a lot of ways to earn money on the Internet illegally – spam, prescription drug sales, pornography, gambling, identity theft, credit card fraud, and so on. And where the money is, bright (but devious) minds apply their knowledge to get it. Every day, criminals are trying to find a new way to infect your PCs.

When a new virus is created, it’s tested against the most important antivirus protections; they must not be able to detect it. Then it’s pushed “in the wild” and starts to do its dirty work. Antivirus software labs in the world are working 24x7x365 attempting to detect new viruses via “honey pots” and various other techniques. Normally, when they get an example, it’s not very hard to create a cure. Within hours (sometimes minutes) after detection, the software of this particular vendor can and will protect you against this virus. (The top antivirus brands also have proactive protection against yet unknown viruses. They try to analyze the behavior of any new program and define whether it’s a virus or not. But the intelligence of such programs is still not very good.)

Normally, all major antivirus labs in the world exchange information about the latest viruses with each other. So we can assume that all the antivirus products are very good at finding new viruses. The problem is that hundreds of new viruses are developed every day. You never know when somebody will make a mistake and let one go.

It looks like a Formula-1 race. We know that all the cars are good. They’re actually 99.99% close to perfect, and the drivers are geniuses. However, they have to compete with each other. Somebody will make a mistake and be “not-so-perfect” this time.

Antivirus vendors have to race every day, 24 hours per day on a Formula-1 track in order to prove their performance.

Size does matter

The first logical thought is to try to find the leaders on the market. Who’s selling more antivirus products in the world? Maybe they’re better at what they do and the “invisible hand” of the market has already picked the favorites.

According to http://www.softwaretop100.org/, the biggest companies are:

  • Symantec
  • McAfee
  • Trend Micro 
    (Kaspersky is aggressively reaching for 3rd place)

The rest are much smaller.

However, this doesn’t include so-called “free antivirus” software. This means a vendor is giving a basic version of their security software absolutely gratis and earns money on extended products or services. Free is a magic word, and according to some sources, free antivirus protection is installed on 50% to 60% of all computers in the world! The leaders of the free antivirus industry are:

  • avast!
  • AVG
  • Avira

All of them start with A, and all of them are European (Avira is German, avast! and AVG are from the Czech Republic)

Independent testing

There are independent labs that try to perform testing of the antivirus protection products to see how well they perform in the never-ending race. Let’s see if we can find which antivirus product is best.

http://www.av-test.org/

AV-Test tests 20+ products and releases a report every quarter. They give a score from 0 to 6 in three categories (protection, repair, usability) and the worst products don’t get “certified”.

Let’s see who got the top mark in protection:

  • 2010 Q2: AVG, G Data, Symantec, Panda
  • 2010 Q3: Kaspersky, PC Tools
  • 2010 Q4: BitDefender, BullGuard, Kaspersky, Panda
  • 2011 Q1: BitDefender

I don’t see any particular leader here. Some months some vendors are the best, another month another one is.

Let’s see how the 3 obvious market leaders ( Symantec, McAfee, Trend Micro) are doing in this test:

  • Symantec: 5.5,5.0,5.0,5.5 (almost top scores)
  • McAfee:5.0,3.5,3.5,3.0 (not good)
  • Trend Micro:2.5,4.0,4.5,3.5 (not good at all)

http://www.av-comparatives.org

AV-Comparatives tests around 20 products almost every month and has a number of tests to show performance in antivirus protection.
Almost all the leaders detect more than 90% of viruses, but there are those that detect close to 100%. Let’s see who is the best in on-demand detection:

  • Feb 2010: G Data, Avira, Panda
  • Aug 2010: G Data, TrustPort, McAfee
  • Feb 2011: G Data, TrustPort, avast!

G Data is obviously doing very well. Strange that it’s not always the best according to AV-Test.
Let’s monitor the market leaders by their position in the top 20:

  • Symantec: 7,6,12 (medium positions)
  • McAfee: 5,3,10 (close to the top)
  • Trend Micro: 18,13,13 (almost always close to the bottom)

“Bottom” in this case means >90% detection; We’re talking about 90% of thousands of newest and the most dangerous virus threats, so I guess it’s good enough anyway.

http://www.virusbtn.com/

Virus Bulletin is the most advanced site, measuring the widest range of vendor products and giving the most extensive results. They have plenty of historical data on antivirus product performance. Let’s take their RAP (Reactive and Proactive) test from October 2010 to April 2011:

The best vendors were: Trustport, Coranti, Avira, G Data, Kaspersky.

How are the leaders doing?

  • Symantec: ~90%-80% (definitely top quadrant)
  • McAfee: ~ 75%-75% (average results)
  • Trend Micro has been boycotting this test for 3 years (hmm)

What can be said about antivirus protection, if it’s tested by independent sources?

– The results don’t match. Completely different vendors come to the top and fall to the bottom without any indication of why
– Top sales vendors are average or below average in their protection level and the best places are awarded to small companies
– The same vendor can show a perfect result on the same test in 2010 and drop down a year later
– Websites of the antivirus vendors are filled with certifications obtained from one of these three labs. Each of the 52 vendors has at least one. I’m not sure how to compare them based on this information.

Power of the fourth estate

There are a lot of computer magazines. And they’re issued every month. Marketing research says the advice from computer news sources is one of the most important factors in the decision making of antivirus product customers.

Let’s look at some comparison charts from different sources:
Dennis Technology Labs, “PC Total Protection Suites 2011,” February 2011

PassMark Software, “Consumer Security Products Performance Benchmarks (Edition 3 Feb. 2011),” February 2011.


http://www.consumersearch.com/antivirus-software

Best Choices: Norton AntiVirus 2011, Internet Security 2011, avast! Free Antivirus 5, Sophos Anti-Virus for Mac

http://anti-virus-software-review.toptenreviews.com/



http://www.antiviruscompare.net/



http://www.pcmag.com/reviews/antivirus



http://www.cnet.com/topic-reviews/antivirus.html?liaview=l&tag=lia;rcol

I could continue posting dozens of screenshots, but I think I’ve made my point. Pick any of the 52 vendors and there will be an IT magazine that will rank it number 1.

What do vendors say about themselves?

Marketers are telling stories. Inside many antivirus vendors there is a marketing instrument called a “battlecard”. It’s a list of the features of their product and comparison with the competition.

This is of course not public information, but it’s available more-or-less openly to software sales channel partners – distributors and resellers. You can Google a bit and find examples of research and comparative tables issued by the vendors themselves.

(Disclaimer: this information is provided as is and the way I’ve obtained it – via Google – is subject to critique.)

AVG battlecard http://www.slideshare.net/AVGShare/avg-row-smb-is-battle-card-a4-102809v
Symantec battlecards http://kateshay.com/post/1044478500/these-battle-cards-were-made-for-internal-use-at
Collection of Kaspersky battlecards http://query.zeus.com.au/content/apollo-home-downloads.cfm
Sophos battlecardhttp://www.sinetcomm.com/common/Sophos/Endpoint%20Security%20and%20Control%208.0%20competitive%20positioning%20battlecard.pdf

What to do?

Choosing an antivirus product is like choosing a car. Everybody has their preferences, and vendor marketing machines spend millions in order to change our opinions. But there are no Ferraris or Porsches among the antivirus products, just a huge row of mid-size sedans.

You do need one, for sure.

But if you need to choose among antivirus software – don’t! Select the one you’re using today or the one that your engineer friend likes. Or the one recommended by the IT department of your company. If one of the products is causing you performance problems, choose another one. If you have 5 PCs at home and the subscription becomes pricey, choose a cheaper one.

 

You can leave a response, or trackback from your own site.
  • Caroline90

    Fortunately many companies offer a free trial or a demo to test the software out and see if it meets our expectations and needs. Few weeks ago, when I have purchased a new computer I needed a new security software as well and I decided to test few programs out. Eventually I have decided on getting a program called Impedio Security (https://impedio-security.com/). Even though it is quite new, it is very well constructed and protects against any ransomware effectively.

Sorry, no posts matched your criteria.