[Spookie]

Different AV vendors will always maintain their own followings. Some will whole heartedly stand by what works best for them, while others will base their judgement on what others say, just to go with the flow.

Granted no AV is perfect, some have an better interface then others, some clean better then others, while some will hog your box to a point where your lucky if you can bring up the task manager.

Either way Virus Bulletin seems to be the one all the AV Vendors want to get a great score from, as they are quick to make note to potential buyers of their VB100% award. Just what exactly is the VB 100 award?

Quote

      The VB 100% logo is awarded to anti-virus products that:

          o Detect all In the Wild viruses during both on-demand and on-access scanning in Virus Bulletin's comparative tests.
          o Generate no false positives when scanning a set of clean files.

      Virus Bulletin's aim is to offer subscribers the best impartial advice about anti-virus security and the products on offer. The VB website lists the outcome of comparative tests as follows

          o by vendor
          o by platform
          o a summary of the most recent comparative test

With that in mind one should also keep in mind

Quote

A VB 100% award means that a product has passed our tests, no more and no less. The failure to attain a VB 100% award is not a declaration that a product cannot provide adequate protection in the real world if administered by a professional. We would urge any potential customer, when looking at the VB 100% record of any software, not simply to consider passes and fails, but to read the small print in the reviews.

So just how well did your ? AV Score :blink:

[andydis]

yea i like that site,
good independant AV analysts,
andywhere heres me



Result summary: 24 passes / 11 fails
- Success / Failure / No Entry
Vendor website: http://www.norman.com/

[nuorder]

nice site but i guess a good quality to look for in an AV is how many lesser know virus/trojans/malware it detects

[aapje]

Result summary: 23 passes / 13 fails
Performance graph: - Success / Failure / No Entry
Vendor website: http://www.kaspersky.com/

I used to use trend micro, it looks good in the tests too. Its small and easy

[buzzons]

Result summary: 25 passes / 6 fails
Performance graph: - Success / Failure / No Entry
Vendor website: http://www.symantec.com/

[Terminal]

Result summary: 28 passes / 3 fails
Performance graph: - Success / Failure / No Entry
Vendor website: http://www.nod32.com/


Hmm nod ratings are very good . It seems to be the fastest antivirus (yup very fast scanning) available .
WOrth a try :D:D:D

[Spookie]

Quote

i guess a good quality to look for in an AV is how many lesser know virus/trojans/malware it detects

Good point nuorder - I would say the best function of any AV would be it's ability to maintain an effective integrity check of the system.

Though if I'm not mistaken Heuristics also plays a function in being able to determine undocumented malware.

With elements such as the "sandbox" in use by an AV as well, there is some sense of safety. But then again sometimes which seems to occur more often then not, the Sandbox concept doesn't work as effectively as one would like. If the concept was extremely effective Bagel/MyDoom/Nimda all would have been controlled instead of making its worldwide debut.

So just what exactly is needed to make an AV effective? Depends on who you ask and if their willing to give you a straight answer or one that would prevent them from having a resume generating moment.

InfoSec mag had a pretty decent article back in
May 2002 regrading some of the myths of AV. The CISO Strategies article The Great AV Myth from InfoSec mag also had some interesting points.

Regarding Integrity Checkers Dmitry Mostovoy wrote an interesting peice as well.

With all the malware being created can one element stay on top? My opinion is no. If there was one AV that did the ultimate job in identifying, removing, cleaning, renaming, or isolating malware there would not be AV Vendors- Trojan Scanners- or Hardware to ride within an enterprise to detect worm anonmolies.

All we can do is the best with what we have before us. Me I use Nod32 and have had pretty good luck with it. Not saying I think it's the best but just haven't had any major issues with it. With the DMON being added to Nod32, I think it packs a good punch.

Result summary: 28 passes / 3 fails
Performance graph: - Success / Failure / No Entry
Vendor website: http://www.nod32.com/

[u533m3n0t]

[QUOTE]From Nuorder:nice site but i guess a good quality to look for in an AV is how many lesser know virus/trojans/malware it detects

Try these to satisfy that urge..Still haven't gotten the balls to buy them yet, but tried them out. Pretty cool and aimed at the new virii, and polymorphic ones..

SurfinGuard from Finjan

Uses a "sandbox" to test apps...

InVircible Software

Doesn't rely on definition updates

Try'em out. B)

Best Regards,
U533m3n0t

[andydis]

Norman uses "sandbox" technology :-)

[nuorder]

pretty good tools U533m3n0t ill try em out
a virtual machine always comes in handy too - just to watch it die hahah

[aelphaeis_mangarae]

If you ask me i think there website is a load of shit.

They basically making out Kaspersky to be bad, and they rated Norton good.

[u533m3n0t]

I don't think you should trash the site bro. It's "a" source, and pretty good as well. They base it on a series of tests they run to adhere to a "standard". So friend, use it as a benchmark tool. Not as the final word. Best way to come up with what's best for you is to download a demo <which all the good AV's offer>, and do your own testing. Then you decide when to commit the $$. B)

[JaG]

Quote

Result summary: 28 passes / 3 fails
Performance graph: - Success / Failure / No Entry
Vendor website: http://www.nod32.com/

2nd that nod32 rules only 7mb :)