Jump to content
Tuts 4 You

The Facts About Virii And Av Software


lena151

Recommended Posts

It has always been a big struggle to find the best AV software.

This research tries to deal with this problem.

Because the study is in french, I have taken the most important stuff out to display it here, but you can find the complete text (11 pages !) at

>http://www.clubic.com/article-37030-1-comparatif-antivirus-2006.html
A comparaison is done between 11 of the most used antivirus software

Kaspersky Antivirus 6,0, Norton Antivirus 2006, McAfee VirusScan 10, F-Secure Antivirus 2006, Bit Defender 10 (beta), Panda Titanium 2006, NOD32 and PC Cillin Internet Security 14

13621 virii were scanned (!!!)

00340746.jpg

Green : how many virri were detected

Red : time to end the scan

00340747.jpg

2nd test is performed on 156 of the most common virii

00340748.jpg

3rd scheme shows the impact of the AV software on general PC performance.

(PC startup in red and compressing a 250 MB archive in green, both compared with no AV installed)

Maybe somebody is helped in his struggle to choose the right one ?

My remark though : why is no test on packed executables done ? I read a study some time ago that sets all the above in discussion when dealing with packed software :o

Link to comment
It has always been a big struggle to find the best AV software.
Thanks for that, Lena151... interesting. ^_^

Kinda confirms my recent decision switching to KAV... :D

PS: Curious, if this topic will go like:

This one is better ! ... NOPE, this one !!! ... Oh, RLY? ... YA, RLY !!!

:P

Link to comment

He's another nice AntiVirus comparative test: ;)

http://www.virus.gr/english/fullxml/default.asp?id=72&mnu=72

Currently using F-Prot AntiVirus 6.0.4.3 Beta and happy! :D

Link to comment

I am using nod32, as it depacks most packers without a hassle.

still thought, it doesn't really detect downloaders... which is a shame.

other than that, it seems to work awesome.

Link to comment
...Curious, if this topic will go like:

This one is better ! ... NOPE, this one !!! ... Oh, RLY? ... YA, RLY !!!

I hope it's clear that my post above is not meant to give food to another of those meaningless subjective discussions like we've all seen before, also on this board, "this is best/that is best".

On the contrary, the above comparative study is supposed to bring objective facts so that everybody can deduct from the figures what AV -if any- is best for his/her own case : we don't all have the same configuration, hence it's clear that what is best for person A is not necessarily best for person B ... (always assuming you want to use a AV and/or firewall : many do not use it for reasons of performance etc)

Link to comment

I had a discussion with a friend of mine about this yesterday, here's some conclusions we came to.

virus authors, of course test thier virus against all the most populat AV products, when the virus is not detected by them, it's ready for deployment...

what happens here, AV soft which is more obscure can catch virus' the "big boys" do not.

AV comnpanies need to take clues from the virus writers, and use these techniques against them, one that would be very effective would be a polymorphic scan engine/kernal so the same exploit never works twice.

On the other hand, this will promt the writers of this stuff, to take it to the next level.

The problem is,this has become HUGE business on both sides of the fence. But if a company did (and probly can) make a detection system that can detect everything, this is literally shooting themselves in the foot...

so the war rages on...

Link to comment
so the war rages on...
IMO it becomes even more interesting, when comparing virtual with ?real? life:

PC = Human

Virii = ...well, Virii

Surfin? without Firewall/AV and downloading every sh!t -

should be like naked running around in every hot or cold

corner of this world and drinking every toilet-water...

You can live relatively safe -

like you can let your box live relatively safe

without any Firewall/AV...

just depends on where you go and what you want... :D

virusprotectorlt3.jpg

Link to comment
Guest Darkwave

Andreas Clementi does some nice tests with antivirus

softwares. AFAIK, KAV is best with packed samples as it updates the unpacking routines very

frequently. virusbtn tests are fundamental tests but Clementi's test comes close to real world

situation.

the thing is that in the VX scene the old workhorses are retiring soon. the new ones are not that

interested as it is becoming more and more complex. yes, there are exceptions but once 29a team

dies out i wonder who'll take their place.

Edited by Darkwave
Link to comment

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...