I found this article which had a security architect load up 35 different AV products and had them scan through the same set of malware data to see which products were effective and which one were duds. The testing method is pretty crud but I think gives a good real world example of how each product compares.

Since a lot of people here use AVG I figured it was worth putting the article up which had AVG come in 26th place as it only detected 110 out of the 36,438 pieces of malware he had on the drive.

Top 10 list:

* 1. -- G Data -- 36,423 -- 99.95 percent
* 2. -- Trust Port -- 36,171 -- 99.26 percent
* 3. -- eScan -- 36,146 -- 99.20 percent
* 5. -- BitDefender -- 36,105 -- 99.08 percent
* 6. -- Avira -- 35,846 -- 98.37 percent
* 7. -- Hauri -- 35,325 -- 96.94 percent
* 8. -- Trend Micro -- 35,182 -- 96.55 percent
* 9. -- DrWeb -- 34,114 -- 93.62 percent
* 10. -- F-Prot -- 32,635 -- 89.56 percent

promoted forum item

* 26. -- AVG -- 110 -- 3.01 percent

Hey, AVG finds 3 in 100, so its not totally s***, just very close.

:)

Thats wierd how Avast worked really well, only after running it twice in a row.
Maybe one of the first ones it picked up/stopped was a blocker of some sort?

Out of the top 20 (If you include Avast) i've heard of 2 of them.

I'll just stick to Avast for now, just remember to run it twice.

I love my Trend Micro

Yeah, Trend Micro is a good brand and very high up the list. Would get my bux I think.

Pro-tip: With Avast! always set it to 'High' (default is 'Normal') - I had a worm that it didn't pick up until I noticed a lot of activity for 'outgoing mail' when I only use webmail. About 5000 outgoing spams later I realised I had a worm. Turned Avast! onto 'High' and it picked it up straight away and killed it.

I havent run a virus scanner since i was about 15. In the past 10 years I've had 1 (one) virus, which I got by running a keygen from a dubious source (my fault, live and learn). i realized as soon as i ran it that i had gotten one and got rid of it in about 15 minutes.

The best virus scanner is common friggin sense. When you get messages on msn like "HEY EMAILUSERNAME, I SAW THIS PHOTO OF YOU -> www.LINK.com LOL" here is a pro tip - dont f***ing click it.

I would probably run a virus scanner if i could find one that didnt run like poop and require half a dozen processes and a nice chunk of memory to operate.

...and a nice chunk of memory to operate.

I know! Because you've probably only got about 4GB of memory, and it would probably take about 30-60MB to run A/V.

Three scoops of sarcasm at no extra cost.

The Internet is like sex.
If you have a lot of Unsafe Sex with Ho's your going to get a nasty virus that will ruin your Sex Life for a very long time.

I know! Because you've probably only got about 4GB of memory, and it would probably take about 30-60MB to run A/V.

Three scoops of sarcasm at no extra cost.

ironically the people that most need the virus scanners (ie, my mum and dad) are running older pc's that really are impacted by 60mg and processor usage. (amd xp2400+, 512mg ram systems).

With Avast! always set it to 'High' (default is 'Normal')

That's the first think I do after I installed Avast usually.

how would you know you haven't had other viruses if you're not using anything to detect them? that's the opposite of common sense.
it's completely irresponsible to use windows on a network without a virus scanner because you're greatly increasing the chance of contributing to hassles on other people's networks when your machine is exploited. where do you think the vast majority of spam comes from? machines just like yours usually

Jim I think I would know my computer is sick once it's sneezing and throwing up. And obviously, it has never done that.

how would you know you haven't had other viruses if you're not using anything to detect them? that's the opposite of common sense.
it's completely irresponsible to use windows on a network without a virus scanner because you're greatly increasing the chance of contributing to hassles on other people's networks when your machine is exploited. where do you think the vast majority of spam comes from? machines just like yours usually

qft, I thought exactly the same thing - I'm just a poor communicator and resorted to a sarcastic and snide comment instead, as expected by the readers.

Trend Micro user here and it works like a charm

i was using ESET.. got good reviews a few years ago.. might have to go to trend

yeah, using avast here also

I find it interesting that one very important part is missing from his details.

Did he update the AV software before running these tests?

:O Using AVG Now.. soo switching to avast!.

Did he update the AV software before running these tests?

I don't know about most of them but the ones I use (used) do an auto update during installation or it's the first thing they after rebooting from the install process.

I wouldn't worry about it too much vell - I had a virus slip in under mcafee on a network a little while back, but installing avg 8.5 found and fixed it, and we have avg picking up on things fairly regularly even if most of them are utils like pskill and netcat. I suspect the guy was doing it wrong in spite of his qualifications

use to use NOD32, pretty good. now don't bother, just common sense.
ocasionally i'll scan it with a portable virus scanner (claimwin) but i'm starting to doubt its dedication to the task.

anyone got any better recomendations for portable virus scanners (i.e. u install it to a folder/usb, and scan it from there)

wow AVG turns out to be a bit of a scam eh

Cant really be classified as a scam.. since it is free.

how would you know you haven't had other viruses if you're not using anything to detect them? that's the opposite of common sense.
it's completely irresponsible to use windows on a network without a virus scanner because you're greatly increasing the chance of contributing to hassles on other people's networks when your machine is exploited. where do you think the vast majority of spam comes from? machines just like yours usually

I hope your not being serious.. I'd be more worried if you claimed to be an IT expert/professional and couldn't tell when a PC your using has a virus/malware. Even the not so obvious ones are pretty easy to spot.

For the record, just to be cautious (because I like to double check myself) once a year or so I download and run the latest AVG/AVAST. Have never picked up a thing.

again, common sense is the best virus protection you can get. Dont click on stupid links, dont open sus emails... virus's don't just magically appear on your computer - something YOU did has allowed you to become infected.

p.s. i only use windows for gaming really. the rest of the time im on linux.

Strik3r, I'm with Jim on this one. You must be living in a cardboard box of some kind, because virii/worms have come a long way over the past few years. The most malicious ones can infect your computer without having to go to a dubious website / opening a dodgy email.

heh yes I absolutely was being serious

sure, many viruses are obvious because their intent is to just break stuff without really trying to hide. but many are crafted specifically to go undetected by the computer user or administrator so that the resources available to the computer can be utilised by a third party for free without your knowing. it's completely and utterly naive to think that you can visibly detect anything that might give your computer a virus, and simply avoid it. do you really think you're smarter than all the malware authors out there, combined?

how would your common sense theory deal with exploitable software and operating systems, for example? how would you, the computer user, avoid a virus if say a site you regularly visit was compromised, and the code in the website exploited a browser security hole?

common sense should dictate that you can't feasibly avoid viruses on your own, not that all you need do is "Dont click on stupid links, dont open sus emails..."

virus's don't just magically appear on your computer - something YOU did has allowed you to become infected.

and that something need only be putting your computer onto a network like the internet.

how would your common sense theory deal with exploitable software and operating systems, for example? how would you, the computer user, avoid a virus if say a site you regularly visit was compromised, and the code in the website exploited a browser security hole?

definitely a valid point. However, a problem like that is gonna getcha either way. Virus scanners dont patch browser vulnerabilities and chances are if they are taking advantage of a new unpatched browser security flaw, then they arent going to use a virus that was written 2 years ago - they will write a new one that your virus scanner wont know about (and dont pretend that the whole 'detect a virus before it hasnt seen before' feature ever really works).

How do i avoid those sorta things ? I keep my OS/software patched, and I keep myself aware of whats going on. If something like that happens, i would simply go and get the removal tool.

Hey, maybe i'm wrong and I have a harsh lesson coming up in the future, but I have a pretty decent track record that speaks for itself. The irony of virus scanners is that they often slow down your computer / impact on your usage of the PC MORE than having a virus would.

So whats the best FREE AV?

Your computer must be a piece of s*** if you cant afford the system resources for a virus scanner.

Sure, you may not have an infection and you may check it once a year, but what happens when a key logger finds its way on to your PC?

I see avira is up there on the list, I actually tried that and was really happy with how it cleaned up the computer I had to decontaminate recently but f*** me it pops up more stupid popups than the actual malware so I deleted it.

Virus scanners dont patch browser vulnerabilities and chances are if they are taking advantage of a new unpatched browser security flaw, then they arent going to use a virus that was written 2 years ago - they will write a new one that your virus scanner wont know about (and dont pretend that the whole 'detect a virus before it hasnt seen before' feature ever really works).

I think it's fair to say that you've got a better chance at detecting such a virus if you're using a decent up to date virus scanner, than if you're not

How do i avoid those sorta things ? I keep my OS/software patched, and I keep myself aware of whats going on. If something like that happens, i would simply go and get the removal tool.

meanwhile, your computer has been used for spamming and at the very least you've contributed to swamping a bunch of mail servers with bounce messages, or actually helped deliver fraud emails to thousands of people around the internet. or the virus has phoned home with password and network dumps, or made itself dormant waiting for a specific date/time to do something, or made a noise over here and while you're running off to get a removal tool, introduced other trojans or backdoors into your computer that you don't notice or that your removal tool doesn't deal with because it can't hook into system i/o like a previously-installed scanner can

Hey, maybe i'm wrong and I have a harsh lesson coming up in the future

maybe, maybe not - it's more likely you'll remain oblivious while other people pay the price

You make me hot when you talk security Jim...so very hot

I'm always cautious about reading these Anti-virus tests. 33000 malware is crap load to scan, but he doesn't list which ones they are. Is there like the 800+ variants on the current Adobe PDF CollectEmail() included or is there only 1 of each malware type? I find new variants of this daily ( its generated by a toolkit hence the quantity of variations ). Some AV tools these days don't scan for MD5 like G data. Many scan for malicious behavior like unsigned code adding registry entries into the startup. So if its just a file scan that is finding files then its only part of the AV needed. He would need to run his test again and actually execute each of those malware files to see if they AV will protect him or just sit there and point that you got infected ( Symantec loves letting you know you're infected and it did nothing to stop it ).

I personally run Sunbelt Vipre which isn't in the list, so they're far from complete or fair. I like Vipre cause I've yet to find a virus that will deactivate it or interfere with its ability to run. I tested it on my threatbox at work and it was able to restore it to 95% clean from a gumblar infection with only the non-malicious crap left on the box.

* AV: Sophos Infections found: --- Comments: The software froze the computer and I was unable to run the test. I followed the same procedure I used with other AV software like reinstalling using different options, but the software still wouldn't run. It seemed like it was trying to call a service that wasn't running, but for whatever reason, the software either "failed silently" or froze the computer.

wow.

installs fine here :/

I wonder if his old AMD test rig has anything to do with that.

it'd be nice if the guy could torrent those 38,000 test examples for people to test themselves.

anyone here got a virii collection for testing?

pARODY! any chance of a torrent of your virii collection?



last edited by koopz at 18:18:18 01/Jun/09

I'm with Jim because when writing viruses and malware I would assume the goal in most cases would be to achieve your goal without making the user aware of the infection. For example a keylogger is only usefull is it remains undetected. As soon as the keylogger starts to slow dow nteh omputer or makes it crash the computer it is therefore useless.

Also just because you know what not to click on that doesn't mean you won't have a mate who is a computer noob come over and start looking up porn while you are at work and you come home and all hell has broken lose.

koopz: best place to get them is a secure malware archive like the mwcollect.org archive. You'll need to go through a review process but its free and you can submit and download collections of malware.

very decent of ya :D

cheers!

My malware collection should hit the 100k mark in about 2 months at this rate :P
I've uploaded most of it to mwcollect. I've spent way too many hours when WoW is down ripping these apart and trying to learn more about it. I'm getting good at de-obfuscating javascript in my head :D

My current Challenge with malware is making a .swf decompiler to extract payloads from flash/shockwave files. All the tools on the web will execute the bytecode as they load and the decompilers on sourceforge don't support AS3 or FlashMX9, so my analysis time is spent in Ollydbg watching what opens when I open the file. This is painful as the test box gets infected and I have to reset/clean it afterwards.

Threw away AVG for Avast years ago. My fail friends still swear by AVG, some people will never learn.

maybe, maybe not - it's more likely you'll remain oblivious while other people pay the price

Come on Jim his computer isn't doing something like that, its on dial up and only connects to the internet to post on this forum once a day for 3 minutes.

Avira have had a free edition for a while http://www.free-av.com/en/download/index.html I have installed it once before, putting it on my PC now. AVG has been alright for me but that is a very low detection rate.

common sense combined with an up to date virus scanner is the best virus protection you can get

fixed.

So which company does this 'Chaz' fellow work for :p

Seriously though, I was here thinking AVG was awesome, when clearly it sux :/

I'm OK with that though, until someone shows me a better FREE anti virus program I'll stick with AVG

I don't get why you guys want free AV tools, anything I ever do these days is computer related (internet banking, pictures, document writing, etc) so ~$100 a year for virus protection is a small price to pay when faced with dirty dirty russian hackers getting into my bank account through a key logger.

I bought my Vipre site license for $80au. 12months updates and support. Running it on all my desktops and laptops at home.

So we just got asked if we wanted to review this Gaming Edition of Norton.

I'll be honest, I hate Norton because of the ridiculous nature of their software (at least the last time I used it) and the impossible task of trying to get it to uninstall.

If anyone is interested in testing this edition and reviewing it i'd be interested to hear from you, otherwise I'm just going to tell them thanks but no thanks.

Bahahaha a gaming version of Norton. I could make a living of removing Norton from PCs. I've had to surgically remove Norton from 12 PCs this year alone. All of them required the Norton Removal tool + more and 3 of them had to be loaded from scratch cause Norton took out the OS when being removed. It'd be easier removing an egg laying alien from a persons face.

Tell em we said no thanks.

i used to use norton a fair bit, yes it did take over the machine (i found for noob users it was good, saved me support work), never had any issues uninstalling it though

I'm building a new threat lab at work. Once I get it setup, I can possibly put Norton on a testbed and smash it with malware. :D

I'm building a new threat lab at work. Once I get it setup, I can possibly put Norton on a testbed and smash it with malware. :D

that would be f***ing awesome. Would you be able to write your results for an article for ausgamers, or would that not be cool given your job?

I should be able to do it independently. As long as I use my own hardware, which the threat lab is, I dont see IBM/ISS having any issue with it. Expensive setup too :(.

I see avira is up there on the list, I actually tried that and was really happy with how it cleaned up the computer I had to decontaminate recently but f*** me it pops up more stupid popups than the actual malware so I deleted it.

I have installed Avira on four machines (two of mine and my parents' two), and it runs like a charm. Just have the free edition of it - yeah it does have a few pop ads to promote the fully-paid version, but you can edit the registry to kill them off fairly easily. You can also disable the splash screen at the start, which is handy. It runs fairly compact, doesn't get in the way too much - can thoroughly recommend it.

110 out of the 36,438 pieces of malware

malware are not virii I like my spybot to find malware and my anti virus packages to find virii.

I like how he excluded anything that detected more then he thought it should because obviously they were false positives...

AV: Comodo Infections found: 36,492 Comments: By far and away this was the fastest AV scanner that I tested. Comodo scanned thought all 36,438 malware in only 6 minutes. However, it appears that this speed comes at a price. The software flagged and "removed" 54 more instances of malware than were actually on the computer.

less then a .1% false positive ? assuming that it wasn't a case of a few infections being detected twice or something weird

AV: Comodo Infections found: 36,492 Comments: By far and away this was the fastest AV scanner that I tested. Comodo scanned thought all 36,438 malware in only 6 minutes. However, it appears that this speed comes at a price. The software flagged and "removed" 54 more instances of malware than were actually on the computer.

It would be most profound if the 54 extra files were actually malware he hadn't known of. :D

pARODY, awesome mate, I might shoot you a PM later if that's cool

oi pARODY you haven't seen an early release of MS Morro haveya?

koopz: not yet.