Kaspersky - Interesting Take On Anti-Virus Software
- 4
- Add a Comment
Over at Kaspersky anti-virus website, Eugene Kaspersky has posted a very interesting article explaining the problems facing all anti-virus software developers. Some of what he says is evident. Most people pick a anti-virus software program because of hype or because they are sold a bill of good. Some may purchase a anti-virus program because this is all they have ever used and do not like change. But some of what I read in the report, I found interesting, like:
There’s been a great deal written about viruses, hackers, and those who hunt them down - there have even been Hollywood films made on the subject. The developers and vendors of antivirus solutions use their web sites to publicize their achievements. However, there isn’t much information about the problems which the antivirus industry faces. This article, therefore, aims to address this topic and, to some extent, rectify the imbalance.
What problems might the antivirus industry be facing, apart from the market headaches which plague any manufactuer of consumer goods. We all know that viruses exist, and so do antivirus solutions. It might seem that antivirus solutions are a standard consumer product - one solution barely differs from the next. Users choose their product according to design, or marketing, or for some other non-technical reason. Given this, an antivirus solution is, in theory, just another consumer product, like washing powder, toothpaste, or cars.
Unfortunately (or perhaps fortunately) this is not the case. Users often chose an antivirus solution for its technical characteristics, and these differ widely between products. Users often focus on whether or not a specific product protects against a specific type of cyber threat, and the overall level of protection offered.
But this is what hit home the hardest:
It’s also worth mentioning the tests conducted by VirusBulletin (an industry publication) - I am sure that if I didn’t include this, readers would ask why the tests and the resulting VB100% award hadn’t been mentioned. Sadly, these tests are far from perfect. The test standards were developed in the mid-1990s and have barely changed since then. Antivirus products are tested using a collection of files infected by ITW viruses. The award is given on the basis of the test results. However, the ITW collection only contains between two to three thousand files - fewer malicious programs than appear in the wild in the space of a single month. Therefore, a VB100% award doesn’t necessarily mean that a product really provides protection against all types of malware. It simply means that the product copes well with VirusBulletin’s ITW collection, nothing more.
I tend to agree with Mr. Kaspersky on this issue. If we all depend on just one source of information on who has the best anti-virus product, we could be led down a garden path. For years I have been suspect of the VB100% award.
What do you think?
Comments welcome.
Full article here.
[tags]kaspersky, virus, software, protection, report, [/tags]
4 Comments
marc klink
August 9th, 2007
at 1:48pm
I agree, and I think the people who give the advice of choosing only one antivirus are silly. The idea of using two resident programs IS silly,and can cause many problems, but having only one resident, yet having two to do file scans frequently is how I’ve been able 3 times in 10 years to avoid major problems on my machines.
No one product does it all. Also, things change over time. In the days of DOS, Norton Antivirus was king, since Windows 98 their product has been hard to use, not updated as frequently, and lets lots of things get by.
A couple of years ago, I was investigating a problem on my wife’s work computer, which was protected by the corporate version of Norton. I disabled it, ran AVG Free, and it found 37 viruses - problem solved. I ran AVG on the other 6 computers at her workplace and all has the same 37 viruses. Some had not yet caused problems, but Monday morning [this was Saturday afternoon] 3 of the people remarked that things that hadn’t been working were suddenly OK again. So much for NAV as a lone solution.
I’m sure that designing these programs is difficult, and that makes me all the more appreciative when I use AVG Free, and it works great!
BTW, the best I’ve ever paid for is F-Prot. It’s faster than any other I’ve ever seen - an order of magnitude faster than some.
Ron Schenone
August 9th, 2007
at 3:58pm
Heh Marc,
Thanks for the info. and comments.
Ron
tseax
August 10th, 2007
at 9:02am
A popular and much more discriminating test site is AV-Comparatives:
http://www.av-comparatives.org/ run by Andreas Clementi in Innsbruck, Austria. He uses 2 test methods, an “On-demand comparative” that “shows the pure proactive ON-DEMAND detection capability that the scanners had 3 months ago … with best possible detection settings”, and an “On-demand comparative” which is a performance snapshot for a specific date - it’s a accounting of “how good a scanner is in detecting zoo-samples on-demand in general with updated signatures”.
This is the site I use in choosing an anti-virus software for the machines I administer.
The Kaspersky AV software has been quite consistent in it’s ability to hold an “Advanced+” rating in the On-demand comparatives, but that’s only part of the story. In checking the most recent Retrospective/ProActive test you can see that only NOD32 receives the Advanced+ rating. Together the two tests make interesting reading indeed!
Ron Schenone
August 10th, 2007
at 11:14am
Hello tseax,
Thanks for the info. and for the link.
Ron