Network News

X My Profile
View More Activity

Ranking Response Times for Anti-Virus Programs

Anti-virus researcher Andreas Marx of Av-Test.org has concluded an annual round of testing to see how well the various anti-virus programs responded to recent outbreaks of viruses and worms. The results appear to show that while the major anti-virus products are still having trouble keeping up with the massive glut of new malware, most are starting to do a better job.

Marx measured how quickly the anti-virus products responded with updates enabling them to detect variants of the largest 16 Windows worm outbreaks of 2005, including "Bagle," "Bobax," "Bropia," "Fatso," "Kelvir," "Mydoom," "Mytob," "Sober" and "Wurmark."

Average Response Time    --   Product Name
Between 0 and 2 hours------>Kaspersky
Between 2 and 4 hours------>BitDefender, Dr. Web, F-Secure, Norman, Sophos
Between 4 and 6 hours------>AntiVir, Command, Ikarus, Trend Micro
Between 6 and 8 hours------>F-Prot, Panda
Between 8 and 10 hours----->AVG, Avast, eTrust-INO, McAfee, VirusBuster
Between 10 and 12 hours---->Symantec
Between 12 and 14 hours---->[none]
Between 14 and 16 hours---->[none]
Between 16 and 18 hours---->[none]
Between 18 and 20 hours---->eTrust-VET
More than 20 hours----------->[none]

For the record, here were the response times from similar tests Marx conducted last year:

Average Response Time
  --    Product Name
Between 0 and 2 hours------->[none]
Between 2 and 4 hours------->BitDefender, Kaspersky
Between 4 and 6 hours------->AntiVir, Dr. Web, F-Secure, Panda, RAV
Between 6 and 8 hours------->Quickheal, Sophos
Between 8 and 10 hours------>AVG, Command, F-Prot, Norman, Trend Micro, VirusBuster
Between 10 and 12 hours---->Avast, eTrust-CA
Between 12 and 14 hours---->Ikarus, McAfee
Between 14 and 16 hours---->eTrust-VET, Symantec

The research shows improvements by several anti-virus makers, including Kaspersky, Dr. Web, F-Secure, Norman, Symantec, Sophos, F-Prot, Avast, McAfee and VirusBuster. Anti-virus products that fared worse in this year's test include Panda and eTrust-VET (the latter being the same virus engine used by Zonelabs Antivirus).

It is also interesting to note that some of the free anti-virus software out there (AntiVir, Avast, AVG, e.g.) actually fared better than some of the more widely used products, like McAfee and Symantec. The notable exception was the free anti-virus engine eTrust VET, which again ranked among the slowest for the second year running.

Response times are, of course, just one measurement of the quality of an anti-virus product. The amount of system resources consumed by each anti-virus product, and the number of false positives (raising the alarm on something that turns out to be innocuous) also are very important factors for many companies and consumers in deciding which product to use.

Marx noted that corporations are extremely intolerant of false-positives, so Symantec, McAfee and other vendors widely used in corporate environments tend to have a more complex quality-assurance process to weed out false positives; this often results in the companies taking longer to get virus definitions in place. On the other hand, smaller anti-virus companies, he said, tend to have more problems with false positives.

Regardless of the strengths and weaknesses of various anti-virus products, it is important to note for Windows users that using any anti-virus product is far safer than having no anti-virus software installed.

By Brian Krebs  |  December 21, 2005; 11:45 AM ET
Categories:  From the Bunker  
Save & Share:  Send E-mail   Facebook   Twitter   Digg   Yahoo Buzz   Del.icio.us   StumbleUpon   Technorati   Google Buzz   Previous: Daily Data Breaches
Next: Instant Message Worms Get Mean

Comments

Symantec is pretty low on this list and seem to react slower than most of the other AV vendors on responding to new viruses. What is even worse is the fact that they don't have a single word about this latest problem with their own software! There are millions of systems all over the world using their software to protect themselves from viruses and worms yet Symantec doesn't even mention it in their own advisories. I think this is totally unacceptable. Servers and workstations alike are vulnerable now. Symantec should be quicker on at least putting something on their advisory page saying they are looking into it and include directions for workarounds (such as disabling scanning of .RAR attachments). Your average user doesn't know how to do that.

Wake up Symantec. Your customers need help!

Posted by: Symantec User | December 21, 2005 12:09 PM | Report abuse

I dumped Symantec software long-ago for ESET NOD32, NORTONs is notoriously bloated and takes forever to perfomr full systems scans.

The one thing I liked about ESETS product is its network scans, not sure if NORTONs does that and a UNIX package.

Cheers.

Posted by: LANgeeek | December 21, 2005 7:05 PM | Report abuse

its lovely product

Posted by: Norton internet security 2006 | December 21, 2005 7:37 PM | Report abuse

Hallo.

What about Nod32?!

Posted by: Leo. | December 22, 2005 7:57 AM | Report abuse

Hmmm... "Marx noted that corporations are extremely intolerant of false-positives, so Symantec, McAfee and other vendors widely used in corporate environments tend to have a more complex quality-assurance process to weed out false positives"
We use McAfee and had a lot of false positives this year. Perl scripts that dissapear, executables, setup-files...
And slow that my system@work is... unbelievable

Posted by: WIvern | December 22, 2005 11:11 AM | Report abuse

I am glad to see the product I use (AVG) is ranked higher then $ymantec.

Now I'm worried that $ymantec will buy AVG like they did Sygate and discontinue the product and I will have to find something else.

Posted by: MR. Fab | December 22, 2005 12:52 PM | Report abuse

I guess Symantec has updated their virus definitions to detect the .rar exploit....at least until they can come up with a fix for the decompression dll...

http://securityresponse.symantec.com/avcenter/security/Content/2005.12.21b.html

Posted by: Mike | December 22, 2005 2:41 PM | Report abuse

I find it very strange that a leading researcher doesn't include NOD32 in his tests.....

Posted by: HJ McKenna | December 22, 2005 6:29 PM | Report abuse

nothing works bether for me than ESET NOD32

Posted by: Big T | December 23, 2005 5:51 AM | Report abuse

What about ClamAV?

Posted by: Nigel Horne | December 29, 2005 11:16 AM | Report abuse

I like china antivirus software.

jiangmin antivirus kv2006.you know

Posted by: bush | December 29, 2005 10:25 PM | Report abuse

One point the article missed is that some of the products detected proactively. I asked Andreas Marx about this and his response was:
"With "proactively" we indicate an AV detection which was in place for at least one week (better two weeks) BEFORE (caps are mine) the threat was first seen. This means, the user was protected *BEFORE* (caps are mine)the virus or worm was spreading. No response (and no new signature files) were required."
NOD32 was one of the proactive detectors in one instance. The full report is here: http://www.av-test.org/down/ms05-039.zip.
Andreas' company is tesing 150,000 downloaded updates from 2005, so there will be more. http://www.av-test.org (No, I have nothing to do with the company)

Posted by: howiem | January 9, 2006 12:24 PM | Report abuse

Looks like AOL Anti-Virus (now offered free to the public) is head and shoulders above the rest ,according to this review .I'm glad I'm getting it . DF Van.,B.C.Canada

Posted by: DONALD H FRASER | August 8, 2006 5:51 PM | Report abuse

I already used Kaspersky I.S. 6.0 as it best software also kept update every hourly also anti-virus are great as much stronger - firewall also very good as stronger -- highly recommend for the Russian software than others... I already dumped McAfee for Kaspersky few weeks ago and very much happy with KIS 6.0

Posted by: Martin - UK | August 13, 2006 3:10 PM | Report abuse

i dont want this i don sai i want pager ispanish please how remove this pager thank you

Posted by: rosapena05@optonline.net | September 8, 2006 7:55 PM | Report abuse

kaspersky looks best, should be the 1st chosen.

Posted by: daniel li | September 16, 2006 11:27 PM | Report abuse

I am unable to uninstall active virus shield.It has brought me some problems on my pc.And no matter what I have tried I cannot unistall it.

Posted by: olgaslasten@sbcglobal.net | October 2, 2006 4:42 AM | Report abuse

I am unable to uninstall active virus shield.It has brought me some problems on my pc.And no matter what I have tried I cannot unistall it.

Posted by: olgaslasten@sbcglobal.net | October 2, 2006 4:42 AM | Report abuse

I am unable to uninstall active virus shield.It has brought me some problems on my pc.And no matter what I have tried I cannot unistall it.

Posted by: olgaslasten@sbcglobal.net | October 2, 2006 9:47 AM | Report abuse

I use NOD32 4 years in row and in between I tried new versions of ALL others antiviruses - they are slower, take more resources or have just fiewer options. NOD32 have integrated also web defence against internet "instant bugs". All updates are small, several times a day.

Posted by: Peter | October 3, 2006 4:18 PM | Report abuse

The comments to this entry are closed.

 
 
RSS Feed
Subscribe to The Post

© 2010 The Washington Post Company