Solved

Confused, conflicting information... So what is the best Antivirus software out there?

Posted on 2004-04-11
17
581 Views
Last Modified: 2010-04-11
I am sure this has been asked before but if someone can point me to reliable information about antivirus software or personal testimonials.  I would appreciate it.   Is there a website/magazine (or?) that can be trusted? You never know who is on whose payroll.

I have been doing review searches and reading magazine articles and I can't seem to figure out which antivirus software is the "best" and I don't have the money or time to try them all.

This website www.virus.gr has a list of virus programs that caught the most viruses.  The top five are:

1) F-Secure version 5.41 - 99.63%
2) Kaspersky version 4.5.0.49 - 99.35%
3) AVK version 12.0.4 - 98.67%
4) McAfee version 7.03.6000 - 97.24%
5) RAV version 8.6.105 - 94.26%
... (Others worth mentioning)
7) Norton 2004 Pro - 92.35%
...
10) Bitdefender version 7.1.110 - 88.28%
...
13) PC-Cillin 2003 version 10.03.1072 - 86.94%

I have had trouble with McAffee in the past (about a year ago and prior) making a perfectly stable system unstable so I gave up on them.  I am currently using Norton AV 2002 (w/ Windows XP Pro) but it seems to be a system hog and I am pretty sure it is the cause of the few instabilities I have (based on installing and uninstalling it).

What gets me is that one review will say that Norton is the "best", the next will say BitDefender is the "best", and the next will say PC-Cillin is the "best" and etc.  Even some that are the "best" according to one review might be one of the worst on another review.  What gives?

The main items I am looking for is:
1) Stability, I don't want it to interfere with my system,
2) Effectiveness at blocking viruses with realtime scanning (i.e. automatically checking email as it comes in and etc.)
3) Ease of use with scheduling system scans, retrieving updates, and advanced options to tailor the software to your needs.

One thing I like about Norton AV 2002 is that it will quarantine viruses in bad emails but you can still view them.  I have heard a few horor stories about some antivirus software deleting emails making them unretrievable, even emails that didn't have real viruses (false positives).

Any help would be greatly appreciated.

Fej  
0
Comment
Question by:Fejimush
  • 4
  • 2
  • 2
  • +6
17 Comments
 
LVL 6

Accepted Solution

by:
parkerig earned 250 total points
Comment Utility
From the info supplied you obviously know your stuff.

We still use McAfee on our servers and desktop
I use norton at home as it came with PC but still perfer McAfee - bad experience with NORTON years ago ( similar to your McAfee experience)

Bottom line - the top five are as good as each other

Each supplier will stuff up at some time
Each virus checker consumes resources and configuring is the key to speed

Recommendation
Use one checker on servers
Another on desktops
Make sure servers and pc's auto update - this is a risk as an error by virus prevention company can cause havoc but it is the lesser of two evils.

There is no silver bullet here.
Prevention is better than cure.
Use an eMail system that only accepts mail from safe addresses
Use web filtering so users can only go to safe sites.
Make sure ALL PC'S and servers have the CRITICAL updates installed - an infected laptop will cause havoc if ALL of the LAN / WAN not patched.
Run spyware programs regularly also. Spybot Adaware etc.
Use Network Monitoring software to keep an eye open for open ports etc. I use LANGuard

The job of protection is now huge and a real pain. My staff and I spend way too much time on this but it is better to prevent than fix.

Again no silver bullet


I'll copy a post with some websites others have recommended

Ian
0
 
LVL 6

Expert Comment

by:parkerig
Comment Utility
here is a list from sunray_2003 that is quite extensive.
hopefully sunray can also assist here.

Comment from sunray_2003
Date: 04/10/2004 10:46AM NZST
 Comment  


Check for spywares and virus in the system

Use spybot ,ad-ware ,CWshredder and post the log from Hijackthis here

After installing them, First Update them and then run

Spyware/Adware removal tools:
------------------------------

What is spyware : http://www.spychecker.com/spyware.html

SpyBot-S&D : http://www.webattack.com/download/dlspybot.shtml

Ad-aware : http://www.webattack.com/download/dladaware.shtml

CWShredder: http://www.softpedia.com/public/cat/10/17/10-17-150.shtml

HijackThis : http://www.spychecker.com/program/hijackthis.html

Pest Patrol : http://www.pestpatrol.com/

Trojan Remover :http://www.simplysup.com/

KL-Detector  :http://www.webattack.com/download/dlkldetector.shtml

X-Cleaner Free  :http://www.webattack.com/download/dlxcleaner.shtml

SpywareBlaster  :http://www.webattack.com/download/dlspywareblaster.shtml

SpywareGuard :http://www.webattack.com/download/dlspywareguard.shtml

SpySites  :http://www.webattack.com/download/dlspysites.shtml

Keylogger Hunter :http://www.webattack.com/download/dlklhunter.shtml

BHODemon : http://www.spywareinfo.com/downloads/bhod/

Browser Hijack Blaster : http://www.wilderssecurity.net/bhblaster.html

Other spyware removal instructions: http://www.pchell.com/support/click2findnow.shtml


online virus scanner:
---------------------

http://housecall.trendmicro.com/

http://security.symantec.com/

http://www.pandasoftware.com/activescan/com/activescan_principal.htm

http://www.pcpitstop.com/antivirus/default.asp
 
0
 
LVL 1

Expert Comment

by:lehan
Comment Utility
I would agree with parkerig that most antivirus scanners are more or less the same. however, I believe that the most important feature of an antivirus software is its auto update. it is basically useless if the virus definitions are out of date.

from my experience, and I tried most antivirus software you mentioned above both at work and home, I found Norton's Live Update to be the best. Its solid and easy to setup. I also like the outgoing mail scan feature in Norton.

hope this helps.
lehan
0
 
LVL 24

Expert Comment

by:SunBow
Comment Utility
1) the best is the one you use, and use well

2) comparisons are often biased - to they test for virus we really get? Or just some theoretical one no one has seen.

3) Do they clean virus? Or just detect?  Hopefully they can isolate it.

4) How helpful are they in identifying, removing, or teaching you to remove the more difficult ones. How well do they explain

5) How well do they support, how hard is it to get the upgrade when you really need it? How Timely? Any FAQ of value? Knowledgebase? Integration?

6) How often do they interfere or collide with other user applications, uses?
0
 
LVL 24

Expert Comment

by:SunBow
Comment Utility
> Norton AV 2002 (w/ Windows XP Pro) but it seems to be a system hog and I am pretty sure it is the cause of the few instabilities I have (based on installing and uninstalling it).

Of course. Why run it when you are not adding strange files or accessing internet, and why scan files that do not need scanning?  I normally have none running, and normally have less problems that way.  Some interfere with other needs such as Directx, CD and DVD, not to mention the good old game now and then.
0
 
LVL 38

Expert Comment

by:Rich Rumble
Comment Utility
Everyone will have a different opinion, when it comes to favorite or ease of use... But overall and through years of working with it, I say McAfee. We've purchsed companies that use Norton, and some others, and when we make them throw mcafee on the pc's and servers, we find a crazy amount of viri that went un-notieced with Norton and trend-micro...

That has been my experience. It meets your criteria with ease, and although it does have the same quarantine feature you spoke of earlier, you can tell it not not quarnantine, and just delete, which is probably the same as the other program, I hate to think that McAfee thought that up and no one else caught on to it.

Remember that plain ol McAfee won't do well on an exchange server, as it is not specialized for the email portion... they don't offer a product for that kind of scale, Trend-micro does and a few others, email gateway software is different than personal AV.

McAfee 4.x was unstable on some Hardware... but stable on others... it was wierd for me to. Well that's the only mcafee I had trouble with. McAfee has a great feature left out of most of nortons offerings, the ability to find what it calls "joke or unwanted programs" these are key-loggers spy-ware and many other unwanteds, norton definatly doesn't catch these as McAfee does...
-rich
0
 
LVL 6

Expert Comment

by:dorkestra
Comment Utility
I've had really good luck with AVG I've tried almost all of them and you can't beat free.  It seems better able to handle viruses once detected than norton and mcaffee and I like the heuristics analysis.

http://www.techtv.com/callforhelp/freefile/story/0,24330,3382067,00.html

http://www.dooyoo.co.uk/computers/applications/avg_antivirus_free_edition/_review/72344/

http://www.sofotex.com/reviews/r21.html

http://www.reviewcentre.com/reviews12679.html

http://www.reviewcentre.com/reviews8682.html

Hope this helps
0
 
LVL 2

Assisted Solution

by:tcmv
tcmv earned 250 total points
Comment Utility
This conversation really stifles me ....  I'm completely surprised no one has said anything about the Mercedes of the antivirus industry: Trend Micro.

Trend Micro is by far the most expensive, and the most hailed antivirus solution by all the experts I've read.  To give you an example on the expense, for a non-profit (discounted price) organization to use Trend Micro on MS Exchange with 5000 mailboxes, the price is $50,000!

-----------------------------------------------------------------------------
That said here are the REAL metrics to evaluate antivirus solutions:

- Expediency of Virus Definitions
- Ability to identify virus behavior on 'new release' viruses that don't yet have signatures
- Ability to remove viruses once a machine is infected
- Lightweight client
-----------------------------------------------------------------------------

Trend Micro does do those well, but there are a few others which are not getting much airtime here which do it even better.

Sophos antivirus ( www.sophos.com ) is the most lightweight client, & its definitions are released more often than any other solution I have ever found.  The same organization that wanted to deploy the $50K Trend Micro on one exchange server, uses Sophos on all of its 3000 workstations and servers for $20,000 total.  And it comes with a free version for all the members of the oranization to use at home!  Every comparative evaluation I have ever read has always put sophos on top of the list.  One big feature of Sophos is its ability to 'shred' viruses, not just marking them for deletion, but using DoD methods for secure deletion.

Now F-Secure is listed on the top of your list ... the product is actually known as F-Prot.  F-Prot's definitions are released only momentarily after Sophos's ... but one thing that F-Prot has going for it is that it uses neural networks for identification of unclassified viruses.  Neural networks, in case you are unfamiliar, is essentially a method used in Artificial Intelligence.  F-Prot is free for linux & DOS home users, free trial for Win32, and available for a handful of other unix platforms.  F-Prot is extremely fast at scanning systems and much more effective.  ( www.f-prot.com )

I have worked for organizations that peddled both Norton Antivirus and McAffee.  If it's not the fact that their popularity and poor design makes those products susceptible targets for viruses that disable antivirus, then it's definitely the fact that they are slow to release definitions, and expensive examples of Corporate America's less than quality workmanship.

During the blaster worm outbreak last fall, I worked for that organization which depended upon Norton AV.  I remember taking phone calls all afternoon about suspicious behavior of rebooting PCs, while searching Norton's knowledge base with no luck.  F-Prot put out a statement identifying the virus, but that their definition writers were busy creating a definition update at about 2PM.  They had the definition available for download at about 5-6PM.  Norton didn't even mention it until their signature update came out at 8PM, and they had to recall and replace that definition because it didn't catch the virus properly.  We had about 200 workstations that we ended up having to re-clean because the first update didn't work.  The machines that used F-Prot were never touched again for blaster.

-----------------------------------------------------------------------------

I believe strongly that an intelligent solution from a smaller, less popular vendor decreases the likelihood of your machines' antivirus being targetted by virus authors.  Sophos is the premier choice for those responsible for larger scale networks, as its central reporting piece and pricepoint scale nicely, while F-Prot is the premier choice for smaller networks and individuals.

-----------------------------------------------------------------------------


And, by the way, spyware is still malware-- the broader category for viruses/worms.  Spyware removal tools cannot be trusted.  They often remove their competitor's spyware and replace it with their own.  Be careful where you surf.  Don't surf using Internet Explorer while having Administrative privileges.  Spyware/malware is still a security risk, and as such must be treated equally with viruses.  Don't use some crackpot spyware tool or you won't own your systems anymore.



Hope my bias is evident and it stirs the point of focus back to competitors worthy of attention ...

-tcmv
www.mvix.net
0
IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

 

Author Comment

by:Fejimush
Comment Utility
Sunbow:
>Of course. Why run it when you are not adding strange files or accessing internet, and why scan files that do not need scanning?  I normally >have none running, and normally have less problems that way.  Some interfere with other needs such as Directx, CD and DVD, not to >mention the good old game now and then.

I have broadband so I am always connected to the internet I and surf often.  Bu I agree with you in general.  I use spybot and zone alarm for surrfing, along with a hardware firewall.

tcmv:
>This conversation really stifles me ....  I'm completely surprised no one has said anything about the Mercedes of the antivirus industry: >Trend Micro.

I will check into Trend Micro.  I assume they have a home version?  They were not listed on the www.virus.gr site.

>Sophos antivirus ( www.sophos.com ) is the most lightweight client, & its definitions are released more often than any other solution I have >ever found.

Sophos antivirus ranked #14 only catching 86.55% of the virus thrown at it.   So figure a number like 500,000 virus variants and Sophos will miss 117,250 of them assuming the data taken by www.virus.gr is statistically signifacant, unbiased and accurately tested.  That's a pretty big number of missed viruses.

As far as AI goes I am a software engineer athough I don't do much "real" AI, mostly RTOS (i.e. VxWorks development).   I have had an AI class in college, "Artificial Initelligence a Modern Approach," Russel and Norvig and have read the book "Object Oriented Neural Networks in C++" by Rogers.  I noticed consistently high scores for F-Secure in the area of identifying new viruses (i.e. before updates).  I didn't know they employed a neural network for their heuristics.  That's interesting.   Thanks.

>I believe strongly that an intelligent solution from a smaller, less popular vendor decreases the likelihood of your machines' antivirus being >targetted by virus authors.  Sophos is the premier choice for those responsible for larger scale networks, as its central reporting piece and >pricepoint scale nicely, while F-Prot is the premier choice for smaller networks and individuals.

I think you are right one with this one.  Being an old, "retired", hacker myself.  Those days are long gone.  Thank goodness.

>And, by the way, spyware is still malware-- the broader category for viruses/worms.  Spyware removal tools cannot be trusted.  They often >remove their competitor's spyware and replace it with their own.  Be careful where you surf.  Don't surf using Internet Explorer while having >Administrative privileges.  Spyware/malware is still a security risk, and as such must be treated equally with viruses.  Don't use some >crackpot spyware tool or you won't own your systems anymore.

How do you feel about SpyBot?

Well, thanks for all the info folks.  I would like to are more because besides tcmv's comments are the only "concrete" suggestion I have had yet.  

Thanks again And hopefully I will get more good stuff.

Fej
0
 
LVL 2

Expert Comment

by:tcmv
Comment Utility
What I have found is that F-Prot has often found the spyware on systems I have scanned with it, labelling the spyware as a 'security risk'.  So, I find myself shying away from the recent trend to cling to any spyware removal tools.  Like I said before, the best way to remediate spyware is to not let users surf the web with admin priviliges.  Including yourself.  That way, none of that garbage gets grabbed and installed.  But, after the fact, a good virus tool ( www.f-prot.com ) will eliminate it.

I'm still stifled by the reports on sophos.  At my current employment, we use sophos on 3000 workstations/servers with 5000 users.  We use it in our mail gateway appliance as well.  Maybe that report could say that sophos won't catch unidentified viruses ... because sophos doesn't spend much time developing heuristics like F-Prot does, however there are new signatures released nearly hourly as new viruses come out.  Our central management piece fetches updates hourly, and clients update themselves against the central manager on similare intervals.  That setup works very well.  If you want to know how often sophos release virus signatures, get on their free mailing list at their website ( www.sophos.com ), and your inbox will get flooded several times a day!

-tcmv
www.mvix.net
0
 

Author Comment

by:Fejimush
Comment Utility

Thanks.   I don't know how I am going to divy these points.  I am really hoping for more information like links to reliable reviews with statistics and etc.  

But I did try this I dowloaded a verstion of F-Secure and it found a fair number of viruses that Norton 2002 missed.  But I also noticed that F-Secure doesn't seem to work with Zone Alarm Pro.  I am not sure why.  Also, my wife has Norton Corporate Edition (latest and greatest, she gets it for free) on her Laptop and I installed F-Secure on there and sure enough it found viruses that Norton Corporate Edition missed.  So thus far the only thing I know for certain is that F-Secure is better than Norton 2002 at finding viruses.

Kindly,

Fej
0
 
LVL 38

Expert Comment

by:Rich Rumble
Comment Utility
Everyone has opinions... and they are based on facts and experiences that they've had, even reviewers aren't totally objective. I wish there were an objective, definitive review for ton's of products... but again, you'll get fluctuations very often, As you've found out, not all software plays well together... I've never encountered a problem with ZA working with other software... ZA's privacy controls may conflict with F-secures (if it has any I don't know)

My company has uses McAfee for a long time now, I've administered it for even longer, and I love their product. Again I've had experience with many Norton, and have been disappointed in comparision.
ZA has some good help staff, perhpas you could write them...
-rich
0
 
LVL 2

Expert Comment

by:tcmv
Comment Utility
Here are some links of un-objective, yet interesting comparisons:
http://img.com.com//i/tr/contentHTML/r00620040113bxr01_01.htm
http://www.antivirusebook.com/antiviruscomparison.htm

ICSA Labs is a 'vendor-neutral' organization which certifies products for technical merit in the world of InfoSec ...
http://www.icsalabs.com/html/communities/antivirus/certifiedproducts.shtml

And yet another 'independent' antivirus review source:
http://www.virusbulletin.com/


Just don't use Norton or McAffee and you'll more than likely be just fine. (jib)

-tcmv
www.mvix.net
0
 
LVL 2

Expert Comment

by:tcmv
Comment Utility
Oh ... one important retracting point ...

F-Secure is ***NOT*** the same company that makes F-Prot.  F-Prot AntiVirus (which has my endorsement) is written/released be Frisk Software International ... the F's had me going.  My apologies.

-tcmv
www.mvix.net
0
 

Expert Comment

by:mgbyrne2004
Comment Utility
*** advertising removed by Netminder, Site Admin ***
0
 
LVL 27

Expert Comment

by:Tolomir
Comment Utility
No comment has been added to this question in more than 21 days, so it is now classified as abandoned..
I will leave the following recommendation for this question in the Cleanup topic area:
Split: parkerig{http:#10802734} & tcmv{http:#10810352}

Any objections should be posted here in the next 4 days. After that time, the question will be closed.

Tolomir
EE Cleanup Volunteer
0

Featured Post

Free Trending Threat Insights Every Day

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

Article by: btan
Provide an easy one stop to quickly get the relevant information on common asked question on Ransomware in Expert Exchange.
Many companies are looking to get out of the datacenter business and to services like Microsoft Azure to provide Infrastructure as a Service (IaaS) solutions for legacy client server workloads, rather than continuing to make capital investments in h…
It is a freely distributed piece of software for such tasks as photo retouching, image composition and image authoring. It works on many operating systems, in many languages.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…

763 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

8 Experts available now in Live!

Get 1:1 Help Now