[Full-Disclosure] Hi! Antiviruses Comparison - A Little Research Results

[Feher Tamas <etomcat@xxxxxxxxxxx>]

Hello!

>Just wanted to say to all of you that Mcafee(Pro 8) seems to be
>the best antivirus around out of norton 2004, panda and mcafee.

If you are a lamer in the AV area, then please don't fool others! There 
are at least 12 major players in the AV arena, each with diverse 
weaknesses and strong points.

Size-wise number one and two players McAfee and NAV are US 
companies known to cooperate with Uncle Sam (will not dare to detect 
Magic Lantern and the like if one appears in the future). McAfee and 
NAV are huge, but not so strong outside the USA and it's colonies. 
Maybe lack of good local support and not trusting them fully are among 
the factors causing it. I don't know if McAfee still requires reboot after 
every signature update.

Russia's Kaspersky AV has undoubtedly the best capabilities in terms of 
dissecting file internals (supports exploding the widest range of 
archivers, exe-packers, macro insides, etc.) and detecting known 
exploit methods, backdoors, rootkits, spyware, adware, etc., not just 
strictly viruses/worms. They are usually the fastest to react to new 
malware. Their inherently modular signature update technology is the 
most advanced one, but requires considerable care to work properly. 
Their quality control is not always the best and their users' manuals are 
a little cryptic. But a lot of NAV users migrate to KAV in Europe and they 
bash NAV a lot for failing them.

Only finnish F-Secure and american CA has Windows/Linux AV products 
with multiple independent virus scanning engines. This gives protection 
against false positives, but requires more system resources.

F-Secure's central management is probably the most advanced and 
detailed, but it is so heavily standards based, that its use feels artifical 
and often against common logic. NAV management is very hard to set 
up. KAV management does not scale. Some AV makers sell central 
managent for extra money, some include this important feature in the 
base price. Some central management solutions simply suck or do not 
scale, others are hard to install or monitor.

Spanish Panda AV has problems with boot-time protection. Put the 
eicar.com in the autoexec.bat and it will run. Most other AV prevent this.

Sophos and Sybari are mostly unknown in other than gateway AV. 
Worldwide no.3 player, the japanese-taiwanese-american Trend Micro 
company is also very, very strong in gateway level AV as well as having 
an OK homeuser and workstation AV market share, especially in 
Europe. Support can be kind of bureaucratic and their central 
management tool is awkward.

Czech-Slovak made Eset NOD32 wins all tests ever, but they do not 
detect backdoors, droppers and other merged threats, just 
straightforward virus and worm items. Tests like the famous VB100% 
award do not include stuff that would fail them.

Hungarian VirusBuster has become mainstrame grade virus catcher 
during the past two years.

Microsoft will likely become a player in the AV arena soon, even if they 
deny it now. Bill Gates bought the romanian RAV firm, which was selling 
incredibly cheap and reasonable Linux gateway AV products. Although 
most crew bailed out and ended up with KAV, Microsoft is still a 
potential dark horse competitor for the future.

There is so much more about AV, including availability of localized 
language software for home and desktop users, built-in personal 
firewall included with AV software, vendor's prices for multiple-year 
support policies, tiered customer relations, etc. that would need to be 
considered carefully. It could make a book, not just the disorganized 
mess of text I wrote above.

Sincerely: Tamas Feher from Hungary.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html