Independent Anti-Virus Testing

Greg Cutshaw · Post by **Greg Cutshaw** » 30 Apr 2014 4:11 am

Here's a link to the latest (March 2014) independent test of major anti-virus software suites:

http://www.av-comparatives.org/wp-conte ... 014_03.pdf

Here's the link to their home page:

http://www.av-comparatives.org/

I used Trend Micro for a long time then switched to ESET for the past 3 years. Note the graph along the bottom showing false positives. It's very high for Trend Micro!

These tests use quote a large number of test cases but your web habits also can play a large role in how protected you are. It must be very time consuming to run these tests, analyze the results then tabulate everything!

Jack Stoner · Post by **Jack Stoner** » 30 Apr 2014 5:00 am

I've seen testing results from several sites. They all vary, one antivirus can rate high on one site and not so good on another.

Jon Light (deceased) · Post by **Jon Light (deceased)** » 30 Apr 2014 5:27 am

For simplicity's sake I've opted to not change what I've had for several years--Symantec/Norton--in spite of people ragging on it. Works fine for me. As big a player as they are (aren't they?), I'm very surprised to not see them in the test. With resubscription on the horizon, I was hoping for some chart data.
Oh well, somebody's always going to get left out.

Wiz Feinberg · Post by **Wiz Feinberg** » 30 Apr 2014 9:26 am

Every anti-virus I have ever used has had false positives. Because I set my actions to notify me and ask, rather than quarantine then alert, I worry less about false positives than about missed detections. One can always check to see if a sudden alert about a changed system file is due to a bad update to their definitions, or from a zero day exploit you picked up.

Back in my early days of computing, I borrowed a program on floppy disks from a friend who had purchased it. I installed the program, played with it, did my thing, then eventually, shut the computer down. The next day, when I turned it on, the built-in basic anti-virus program went nuts, warning me that pretty much every operating system file's checksum had changed. The PC had gotten infected by the floppy disks.

I purchased an anti-virus program (Thunderbyte) which walked me through the manual disinfection process (leading me into a 15 year career as a computer troubleshooter). I kept that A-V program through all of its program updates until it was discontinued around 1998 or 99.

Thunderbyte based most of its detections on changes to checksums of protected files. There was a process to follow when one updated the operating system (via Windows Updates), or an already protected program. Sometimes I left the PC on in the evening when I went out to play gigs. And, sometimes it installed an update while I was out (I was on dial-up and ran updates when I was going to be out, or asleep). I can't tell you how many nights I was blasted out of bed, or came home to hear a loud blasting siren from Thunderbyte warning me about changed files. Those were all false positives caused by updates not being registered with the anti-virus gatekeeper.

Don Lanier · Post by **Don Lanier** » 18 May 2014 2:28 pm

Ive used AVAST for the last 4 years, the free version and NEVER had any Virus, Trojan or PC issue, Ive recently updated to the paid PRO version and had more Hits and Alerts...I also use Malware Bytes Paid version, between the two theyve kept me and my files safe and my PC secure. Ive had good luck with a program called Hitman Pro also when cleaning infections off others PCs, I typically give Hitman the first run, followed by Malware Bytes and then a Full Virus scan....

There are so many spoofs, fake sites, fake email links and other traps out there, I would simply NOT click any link your werent 100 percent sure of its owner, especially in an email, Ignore the Nigerian Princes and Lotterys wins, and diligently use and run these programs to keep your PC like new...

Ive seen these ratings for Anti Virus go up and down but AVG and AVAST both rank typically one and two, but if you do regular updates keeping the latest updates of the AV, Windows, Programs so your running the newest patched and clean programs.

Wiz Feinberg · Post by **Wiz Feinberg** » 19 May 2014 9:19 am

Right now there are so many variants (because of repackaging, double compressing, moving bits and bytes) of existing malware installers, plus new ones being created every hour, that definitions based A-V cannot keep up. You must have heuristics detections that look for bad behavior in files. It is just-in-time protection, often stopping a threat in the last microseconds before it gets installed.

Most of the current players use heuristics engines in addition to standard and cloud based file detections.

Most false positives come from heuristics detections. You are damned if you do and damned if you don't. To accommodate possible FPs, I set the Action to Notify, wherever possible. This gives me a chance to investigate before a possibly important file gets quarantined or deleted in error.

Most of the major A-V players have issued bad detection updates that hosed numerous computers that received the bad automatic update. That's why full system and/or image backups are so important.

I set my Windows 7 PC to do a system image every Sunday night. Acronis True Image also runs a full image, around 6PM. With Acronis I can open the backup .tib file and poke around to find one folder or file that I accidentally deleted or corrupted. A simple drag and drop restores it to my PC.