I have been asked this question almost everyday by friends, family, colleagues, businesses and a lot of people I bump to. As a security expert, I find this question is not that easy to answer. In my opinion there is no best antivirus software. Each has its own advantages and disadvantages. Also, I tend not to rely on the various antivirus ratings/comparisons performed by third-party organisations and those found on the internet. Though they do repesent accurate results depending on what testbenches they use, but they do not represent an accurate picture of the overall performance/quality of an antivirus software.
There is so much involved in evaluating an ativirus such as:
1. Detection rates (which most antivirus ratings tend to focus on). For better accuracy, detection rates should depend on the latest or existing malware out there on the internet. It would be pointless to evaluate the detection rate of an antivirus and compare it others using extinct malware samples such as apropos rootkit or even worse using vius samples from the DOS era.
2. Removal capabilities of active malware => an antivirus with a high detection rate does not necessarily mean that it is capable of removing the infection after it detects it. An antivirus would render useless if it is unable to clean or remove a virus it detects. I have seen this quite often with highly rated antiviruses.
3. False positive considerations
4. Memory and CPU resources and Scan times. People will refrain installing an antivirus if it will hog down thier systems regardless on how much you swear this is the best protection.
5. Rootkit, ADS, MBR detection+removal
6. Cleaning malware registry keys. A couple of antiviruses just remove virus files and leaves all associated registry items intact.
7. For businesses: integration with exchange, SAP, sharepoint, file servers, etc. and whatever is required to meet business needs.
8. Dealing with patched system files and file infectors.
9. How quick an antivirus responds to new threats and zero-day malware.
10. Customer experience with thier support system for either businesses or home (Not that important but worth mentioning).
11. Robustness => ideally a malware should not cripple or disable the antivirus or tamper with any of its files.
As a result, you will find the results from one antivirus ratings to another varies at a huge proportions. The top 10 in one rating could be among the last 10 in another rating. For example, NOD32 is rated 3rd best antivirus according to av-comparatives.org. But according, to mtc.sri.com, NOD32 was ranked last from among 30 antiviruses. In AV-test it is ranked 15th.
In my opinnion, OITC ratings provides a better picture among all antivirus ratings. But yet I do not depend on its results to tell which is the best antivirus since it does not evaluate the other criteria I mentioned above such as removal capabilities.
Anyhow, for those who still greatly beleive in the various antivirus ratings and depend on them on making thier business decisions, I have combined the ratings from the following trusted third-party comparison results:
1. http://mtc.sri.com/live_data/av_rankings/
2. http://winnow.oitc.com/AntiVirusPerformance.html
3. http://virusinfo.info/index.php?page=testseng
4. http://www.av-comparatives.org/comparativesreviews/main-tests
5. http://www.av-test.org/
The comparions were combined by averaging the rating from each site and then sorting the averages in an ascending order. Each ratings were given equal weights. Antiviruses that appeared only in a single rating were excluded. The results of averaging those 5 rankings are as follows:
| 1 | Antivir |
| 2 | Ikarus, F-secure |
| 3 | Kaspersky |
| 4 | trustport |
| 5 | escan |
| 6 | Microsoft |
| 7 | Gdata |
| 8 | Bitdefender |
| 9 | Avg |
| 10 | Sophos |
| 11 | Secureweb |
| 12 | symantec |
| 13 | esafe |
| 14 | nod32 |
| 15 | Avast |
| 16 | Norman |
| 17 | prevx |
| 18 | mcafee |
| 19 | panda |
| 20 | F-prot |
| 21 | Authentuim, VBA32 |
| 22 | CAT |
| 23 | Trendmicro |
| 24 | DrWeb |
| 25 | k-7 computing |
| 26 | fortinet |
| 27 | ClamAV |
| 28 | Ahnlab, Rising, Hacksoft |
| 29 | etrust |
| 30 | sunbelt |
| 31 | Virusbuster |
Again, I would not take these results as granted. Based on the results of the 5 ranking, Antivir is ranked first. Although Antivir has an impressive detection rates but it had a very bad shortcomming. It wasnt capable of cleaning infected system and legitimate files (file infectors such as Sality). Instead it gave an option of either quarantine or delete the infected system and legtimate files. If you choose either option, your system would be unbootable. Dr. Web on the other hand, is the best antivirus vendor to clean the infected files safely. Dr.Web is the only vendor I would recommend when dealing with file infectors. But yet Dr.Web has its own shortcommings.
In conclusion, if you are a home user, go for a free antivirus such as AVG and Avira. If you are a corporation, what to select should depend mainly on your business needs. However, I would stay away from any of the security products mentioned here.
Posts
Hey thanks a lot for posting such a nice and informative article,Really a very nice and detailed review and i definitely agree with most of the views mentioned by you. It is very difficult to say that which is the best Antivirus,but in my opinion BitDefender Antivirus is the world renowned antivirus solutions. This software has grown and known to the world as a trusted company in the business for a quite a while. This antivirus runs on all the environments of windows right from windows 98- windows7 and it runs on 32-64bit machines. Its effective scanner cleans the system,flash drives and all other data storage devices.
ReplyDeleteBy the for more information Security courses and Certification check this link : SECURITY COURSES
Hi Dave,
ReplyDeleteThank you for your compliment and as well as your feedback.
Despite Bitdefender's historical reputation, I do not recommend Bitdefender or any of its products to anyone (businesses & home) ever since its partnership with the controversial Ask Toolbar.
For more information, please see:
http://www.calendarofupdates.com/updates/index.php?showtopic=16253