Which is the best anti-virus?

Which is the best anti-virus?

Trojan horses, rootkits, botnets and keyloggers are terms that mean little to the average computer user, but to the average computer they're the equivalent of bird flu or the Ebola virus. With money serving as the main motive, cyber criminals have turned what were formerly the playthings of maladjusted geeks into a serious business. We tested eight dedicated antivirus applications to see which offers the best protection. These include some well-known brands, such as Symantec's Norton, Panda and Trend Micro. But we also looked at packages you may not have heard of but are certainly worthy of consideration, such as Eset's NOD32 and Alwil's Avast 4.0. In fact, as the results table shows, the big names are not always the best choice when it comes to protecting your PC. These applications allow you to pick and choose individual functions and they cost less than full security suites.

All include antispyware protection and many have antirootkit components to guard against attempts to hide malware deep within a system. All the programs we tested have some form of 'proactive' protection to supplement traditional signature-based approaches, which must match incoming threats against a database of known threats in order to block them.

We asked respected research lab AV-Test (www.av-test.org) to go to work on each of the eight antivirus contenders here. AV-Test pitted each application against a 'zoo' - a collection of nearly 900,000 viruses, Trojans, bots and other malware it maintainbos for testing security programs' ability to sniff out suspicious files.

After this, we tested how well the apps could block unknown malware - each one attempted to detect current threats using one- and twoold signature files.

The three programs that performed best in this test were our highest-rated overall.

We rated the programs on design and ease of use, including whether they installed with an appropriate default configuration. We factored in performance, support policies and whether the applications had features such as traffic scanning. Finally, we gave them a score for value. Turn to page 17 for more details on our testing.

On this occasion, we were keen to feature antivirus programs that already offer Windows Vista support and have an established reputation. F-Secure's popular application wasn't Vista-ready in time for full testing, and McAfee no longer sells a standalone antivirus application. Programs were all tested under Microsoft Windows Vista Ultimate, but each of them has a Windows XP version as well.

While none of the programs featured did a bad job, the programs that came second and third were as good as the overall winner for malware detection - and they weren't far behind in other areas, either.

Alwil Avast 4.0 Professional - 4/5

The paid-for version of Alwil's software, Avast 4.0 Professional, achieved a disappointing sixth-place finish despite a 96.32 per cent success rate at detecting malware. Its weakness was pro active detection of unknown threats: it caught just 37 per cent.

Avast's performance was average in our disinfection tests. It cleaned all infected files but missed changes to the Hosts network settings file and some Registry entries, catching 78 per cent of all possible items.

The program installed smoothly, with appropriate default settings for the average person. It offers two interface options.

One is a media player-type control panel that makes it easy to launch a scan or set a manual boot-time scan. A second 'enhanced interface' lets you fine-tune more settings, but it's not as user-friendly. After installation, Avast runs a full startup scan. But the awkward advanced interface meant we couldn't work out how to set up a scheduled scan. One option enables scans whenever the screensaver is running but, again, this setting was difficult to locate. The program scans a good range of e-mail and news protocols, including POP3, SMTP (simple mail transport protocol), Imap (Internet message access protocol) and NNTP (network news transfer protocol), and scans all traffic. Instant-messaging protection covers AIM, ICo, MSN, Skype, Trillian and Yahoo Messenger, as well as some lesser-known chat tools. Upon installing, Avast places a useful, built-in Virus Recovery Database on your PC, which you can theoretically use to repair infected program (.exe) files. The Professional version costs $55. The free Home version lacks some features such as the ability to run scheduled scans and view previous scan results.

AVG 7.5 Anti-Virus Pro - 4/5

Grisoft's AVG 7.5 Anti-Virus Professional Edition was one of the cheapest programs we tested, and its 96.15 per cent malware-detection rate puts it in the middle of the pack in that critical category. However, the software's last place proactive protection performance, c1unky interface and solely e-mail-based support (albeit available 2417) dropped it to seventh place in our ran kings. AVG did a fine job in the disinfection tests, reversing more than 80 per cent of changes made by malware. It was the only program that removed all the malware files and reversed both changes to the Hosts network settings file. However, like the others, it missed some Registry changes. AVG came last at protecting against unknown threats, failing to detect two thirds of our malware samples. And the program puts the user in charge of too many decisions that require know-how. To schedule a scan, for example, you have to wade through a 'test manager' and work out the difference between a complete test, a detailed test, a detailed user test and a simple user test. Grisoft plans to revamp the interface, which we found hard to manage. AVG integrates nicely with Eudora and Microsoft Outlook to quarantine suspect e-mail messages. It also scans all programs' e-mail traffic over POP3 and SMTP protocols. However, it's one of only two programs (Trend Micro being the other) that doesn’t' scan traffic - and it doesn't direct support specific IM clients. Like Alwil. Grisoft offers a free version that lacks anti-spyware protection and has a limited ability to schedule scans. The paid for Professional version is also $55.

Eset NOD32 - 4.5/5

When it comes to unknownn threat protection, Eset's NOD32 was the hands-down winner. In our tests it caught 79 per cent of unknown malware using month-old signature files. The next-best app, BitDefender, managed just 61 per cent. NOD32's overall malware detection rate wasn't stellar, however. When pitted against AV-Test's huge zoo of Trojans, viruses and other malware, it caught only 88.32 per cent, compared with the top performers' 97.77 per cent. It fared surprisingly poorly with 32-bit Windows viruses too, catching about three quarters. In disinfection tests N0D32 cleaned up all the malware files, but missed changes to the Hosts network settings file and most of the Registry changes, for a disappointing 55 per cent success rate. The program installed without a hitch and the default settings were almost ideal for the average customer. However, N0D32 doesn't enable a full-system scan by default. When you set that up or want to change other settings, you might be put off by its overly technical interface. For instance, you'll have to open up the 'DMON' interface module to scan Microsoft Office documents. And, if you do need help, the program offers no guidelines for finding support; you have to go to the company's site. The program ties into Outlook and Outlook Express for e-mail scanning, but doesn't directly integrate with any IM applications for scanning sent links or files. Plus, it offers integrated virus, spyware, and ad ware scanning, where other programs require two separate scans, one for antivirus and one for antispyware. The multi threat engine can detect malware-hiding rootkits. At $64.50 for a single-user licence, Eset N0032's pricing is about average for the group. E-mail and phone support is free.

Kaspersky Anti-Virus 6.0 - 4.5/5

An impressive malware detector and disinfector, Kaspersky Anti-Virus 6.0 secured the Best Buy award despite some strong competition. The program's 97.64 per cent detection rate was on par with Norton's 97.77 per cent score and an 86 per cent disinfection rate made it the champion of this category too. What's more, it costs a reasonable $72.71. Less impressively, the app's proactive protection against unknown threats was only middling, catching half of 200 new malware samples from AV-Test's monthhold signature database. A polished interface makes it easy '0 schedule scans. Clearly labelled, one-c1ic,< drill-downs make finding and setting up advanced features a breeze. With e-mail and news traffic, the program scans incoming and outgoing data over POP3, SMTP, Imap and NNTP . It monitors HTTP traffic for borne threts too. It doesn't set up a default schedule scan, however, so you'll need to do so. Built-in antiphishing protection can block scam e-mails, while a 'proactive defence module looks for the Registry changes that can signal malware hidden with a rootkit. If you buy this program, download it from Kaspersky's site and save $10. If you want the Vista-compatible version, you'll have to download the program in any case. Just be sure to download th right version - it's easy to click the wrong link. Customers get access to get free phone and e-mail support during business hours from Monday to Friday, with a toll-free phone number. The company says support calls on weekdays after hours and all calls on weekends be answered by its Moscow office.

Norton AntiVirus 2007 - 4.5/5

Symatec's Norton AntiVirus 2007 is a solid performer, with an attractive, user-friendly interface and a virus detection rate of 97.77 per cent. It was the slowest to respond to viurs outbreaks, however, taking an average of 10-12 hours to deliver new signatures. And, like Kaspersky, its proactive protection is only middling: it caught about half of the unknown threats in our test. Norton Antivirus is is the joint-costliest product here, and tech support isn't cheap either. Free phone support applies only to installation problems and and known bugs. The program was beaten only by Kapersky in our disinfection tests, cleaning up 18 out of 22 items.
Symantec has incorporated its new Sonar behavioual analysis technology for proactive protection. The program scans both e-mail and traffic, covering POP3, SMTP and HTTP. And it ties into the MSN, Yahoo and AIM. During our testing with Vista Ultimate, the program turned off the build-in Windows Defender antispyware utility without notice. This is not because of conflicy, according to the company, but because Symantec feels Windows Defender "offers no value beyond what Norton offers". BitDefender was the only other program to disable Defender when installed. Symantec Norton Antiviurs 2007 was also the only program that triggered multiple UAC alerts when we changed settings, which could annoy users.

Panda Antivirus 2007 - 4/5

Panda Antivirus 2007 has decent features, but its mediocre detection results, inadaquate default settings and poor disinfection performance consigned it to fifth place,
The application caught 92.09 per cent of AV-Test. org's samples, a detection rate that was dragged down by a poor showing at Trojans (90.78 per cent) and back doors (92.76 per cent), two increasingly common types of malware, It had the third best showing for proactive detection, however, catching 56 per cent of unknown threats. Disappointingly, several important features are turned off by default. You'll have to enable e-mail scanning yourself in a complicated process that sends you to the Windows Control Panel. Protection against 'potentially dangerous files' - Panda's euphemism for the ad ware and other junk normally caught by antispyware - is also switched off, and you'll need to schedule your own full-system scan, Once you turn these features on, however, Panda Antivirus scans will cover a good range of e-mail and news protocols (POP3, SMTP, IMAP4, NNTP) along with traffic, It flags suspected phishing e-mails sent over POP3 and SMTP and integrates with Yahoo, MSN and AIM applications, Panda Antivirus 2007 scored poorly in disinfection tests, It missed one existing infection entirely and failed to clean up another's changes to the Hosts and Registry files, Including Registry changes, it scrubbed up just 41 per cent of the infections, And after we uninstalled it, Panda left behind a stray .dll file that another antivirus program flagged as suspicious. At just $35,55, Panda Antivirus 2007 is among the most affordable programs tested.

Trend Micro PC-cillin AntiVirus 2007 - 3.5/5

Trend Micro's last-place ranking was primarily decided by its lacklustre performance at detecting malware samples, The program managed a disappointing rate of 90.97 per cent. Trend Micro did better in pro actively detecting unknown malware, but even here it had the third-worst showing, It caught 43 per cent of threats when tested with a month-old scanner, We felt the program struggled to justify its relatively high price. On the plus side, Trend Micro installed smoothly, was easy to use and includes good default settings, such as an automatically scheduled full-system scan. These defaults are simple 0 change via an intuitive interface. One particularly useful feature scans for known Microsof proproduct vulnerabilities. If a system is missing an important patch, for example, the application guides to the user to Microsoft's Windows Update site to down load the appropriate fixes.
The program scans E-mail traffic over POP3 and SMTP but, unlike almost every other programs we tested, it doesn't scan Internet Traffic. It stands alone in being unable to launch a manual file scan when you right-click within Windows Explorer, a weakness in the Vista version of the program that Trend Micro says it will remedy in future updates. Finally, the application's antispyare protection has an annoying habit of labelling cookies as dangerous spyware.

Overall

Aliwil Avast 4.0 Professional
Price: $55
Design and ease of use: Good
Malware detection rate: 96.32%
Proactive detection of unkown threats: 37%
False-positive detectioons*1: 5
System slowdown: 4%
Outbreak response time (hours)*2: 6-8
Bottom line: This program has decent overall malware detection, but poor proactive protection and an awkward design.

AVG 7.5 Anti Virus Professional
Price: $55
Design and ease of use: Good
Malware detection rate: 96.15%
Proactive detection of unkown threats: 34%
False-positive detectioons*1: 1
System slowdown: 2%
Outbreak response time (hours)*2: 6-8
Bottom line: AVG has average overall malware detection, the worst proactive protection and a clunky interface.

BitDefender Antivirus 10.0
Price: $38.95
Design and ease of use: Superior
Malware detection rate: 95.68%
Proactive detection of unkown threats: 61%
False-positive detectioons*1: 14
System slowdown: 124%
Outbreak response time (hours)*2: 4-6
Bottom line: BitDefender has excellent malware detection, but it causes a noticeable (though not show-stopping) system slowdown.

Eset NOD32
Price: $64.50
Design and ease of use: Very Good
Malware detection rate: 88.32%
Proactive detection of unkown threats: 79%
False-positive detectioons*1: 6
System slowdown: 5%
Outbreak response time (hours)*2: 4-6
Bottom line: NOD32 has the best unkown-threat protection by fa, but its overall malware detection is second-tier. It has an overly technical interface.

Kappersky Anti-Virus 6.0
Price: $72.71
Design and ease of use: Superior
Malware detection rate: 97.64%
Proactive detection of unkown threats: 51%
False-positive detectioons*1: 6
System slowdown: 10%
Outbreak response time (hours)*2: 0-2
Bottom line: This effective program has solid malware detection and the fastest outbreak response time among currently tested competitiors.

Norton AntiVirus 2007
Price: $59.95
Design and ease of use: Superior
Malware detection rate: 97.77%
Proactive detection of unkown threats: 49%
False-positive detectioons*1: 3
System slowdown: 10%
Outbreak response time (hours)*2: 10-12
Bottom line: Nortins solid program wins extra points for antivirus detection and cleanup, but remewal and support costs are high.

Panda Antivirus 2007
Price: $35.55
Design and ease of use: Very good
Malware detection rate: 92.09%
Proactive detection of unkown threats: 56%
False-positive detectioons*1: 3
System slowdown: 4%
Outbreak response time (hours)*2: 6-8
Bottom line: This well=priced option provides good proactive protection, average overall malware detection and a poor disinfection rate.

Trend Micro PC-cillin AntiVirus 2007
Price: $50
Design and ease of use: Very good
Malware detection rate: 90.97%
Proactive detection of unkown threats: 43%
False-positive detectioons*1: 0
System slowdown: 9%
Outbreak response time (hours)*2: 6-8
Bottom line: Trend Micro's poor perfrormance at detecting malicious software (overall and proactive) put it at the bottom of the barrel in our ranking.

*1: The number of harmless files incorrectly identified as suspicious out of 20,000
*2: The number of hours on average it took the company to deliver signatures for new malwre during the first part of 2007
Note: Prices are in Australian dollars.

How we test

The most important test evaluated how effectively each program detected malware and then disinfected the affected PC. These tests were performed with German security research company AV-Test. AV-Test puts programs through a rigorous analysis using a 'zoo' of almost 900,000 viruses, Trojan Horses, backdoors and other malware types. Some of these samples are commonly used in internet attacks; others are far less well know. For these zoo tests, we used the antivirus programs' strongest detection settings. The disinfection tests involved cleaning an existing infection, undoin any changed it made to the Registry and Hosts file. We also tested detection of unknown malware using one and two month old signature files and looked at the appls' ability to find malware in various document types. Antivirus software can appreciable slow down a PC, so we measured how much longer it took to run our standard WordBench benchmarking tests with each program running. Additional marks were awarded to programs that scan e-mail and traffic, and to those that can manually delete a file via a right click menu option in Windows Expoler. Finally, we factored in phone and e-mail support, ease of use and RRP to produce an overall score.

Quote

This information was included on page 10 of the Australian PC World Magazine, August 2007 edition. The article was done by Ryan Naraine.

This post has been edited by Mak: 04 July 2007 - 10:21 AM