This thread shows results of my virus scanner tests for 2005. Every year I try to include more antivirus programs in my tests. Because there are so many products available and I have only so many resources and time available, I test only mainstream, popular programs. Discussion of my results and concerning other programs can be held in another thread in order to prevent this thread from becoming cluttered. PLEASE DO NOT POST QUESTIONS OR DISCUSSIONS PERTAINING TO RESULTS OR OTHER SECURITY PRODUCTS IN THIS THREAD

I haven’t really had a lot of time to devote to these tests as I’d like, mainly due to the fact that I have a new business which is growing. I’m also down a couple of systems because I’ve had to use them for the business. However, I believe that you do the best you can with what you’ve got to work with and things usually turn out alright. It took a little longer because having only one test system means more wiping and reformatting when a virus torches all the data in the hard drive. One bonus this year is due to having a computer store. Every day I get customers with systems infested by spyware and infected by viruses and Trojan horses coming into the shop. They run the entire gamut of antivirus software available on the market and I get to see how they work in everyday systems. I’ll update their av, run a scan and then install something else if I’m not happy with the results. If the replacement finds more malicious files then I know something is up.

You’ll notice that some of the information in this thread is copied from the 2004 test. No, it doesn’t mean I’m any lazier than I was last year, it simply means that the results didn’t change enough to alter the report. I just like to have everything in one post so readers don’t have to skip around from thread to another looking for something.

One term used in conjunction with antivirus products is HEURISTICS. Apparently there is a bit of misconception as to what heuristics can or can't do. Much of this is nothing but market hype and this feature is dictated by the software manufacturer. Heuristics are supposed to allow a virus scanner to detect previously unknown viruses by making comparisons with known virus footprints. They give the software the ability to do a more intensive search for newer hostile files not yet given definitions by the antivirus company. Unfortunately, to use true heuristics a virus scanner would have to be exceptionally intrusive. Due to public disdain of false positives and the desire for unobtrusive scanners, most companies do not employ the full blown technology. Others offer configurable options to allow users to maximize or lessen heuristics as desired. Because of this, a virus scanner is still confined to detecting known virus files as heuristic technolgy is actually not very effective at this time. As viruses become more complicated and heuristic technology advances, user interaction will become unimportant as the ability to detect new hostile files will become required.

So, without further ado, I proudly present Antivirus Test 2005. I hope it helps clear up some confusion as to what antivirus you should use. The new antivirus I decided to put on the chopping block this year is..........NOD32. Enjoy the read.


This year I tested Grisoft AVG version 7 http://www.grisoft.com/us/us_index.php and it once again it didn’t impress me. I’ve had several computers in the shop which were infected and even after an update the program didn’t fare too well. It didn’t do too well running in the test system either, allowing a host of malicious files to install without so much as a whimper. Sorry folks, but AVG just doesn’t cut the mustard. After all the messing around I’d say AVG stands at about 70% effective. Yuk!

Next was Etrust EZAntivirus http://www.my-etrust.com/products/Antivirus.cfm. This came as part of the security suite with the firewall, antivirus, spamkiller, etc, yadda, yadda. I will say they’ve gotten better, but not to the point where I would feel comfortable using it to protect my information. Not only that, but with all that other garbage included it was a resource hog. A couple of computers that came in had it installed at the suggestion of Time-Warner RoadRunner. While I didn’t find too many other malware files on their computers, EZ did let some well known Trojans and spyware associated Trojans slide right through. When I installed AntiVir it found about six more which EZ missed. That’s not good. On the test system EZtrust did better than last year, but not much more than AVG. Still, it’s better than AVG and on the test system scored about 80%. However, if we're looking at percentages, 80 percent of 120,000 or so isn't very good.

Norton Antivirus http://www.symantec.com gets the “Gnashing Teeth” award from me this year ARGH! I am so disgusted with those idiots at Symantec it’s not funny. I swear, that blasted program does selective detection. I’ve updated the definitions on customers’ systems and I’ve seen it miss a file one minute and find it the next. Not only that, but if you’re using Norton Internet Security 2005 you may find this software has the most problems with regard to interfering with connections, software conflicts and other misc. errors. What really steams my clams is that Symantec had to create uninstallers for their software because half the time they won’t uninstall normally. Truly despicable considering it's from one of the largest security software companies in the world. On the test system Norton was inconsistent at best, ineffective at worst. This is rapidly turning into a true piece of bloated junkware that gulps down system resources instead of doing its job. BTW, the corporate version is worse than the standard version, so don’t even go there.

Avast http://www.avast.com remains a good free scanner. Yes, I still wish it was as configurable as AntiVir from the start, and the registration process is inconvenient, but it’s a really good, free antivirus program, light on resources and easy to use. It was a little better than AntiVir, capturing around 97 percent of viruses. Freeware for home users only.

Norman Virus Control http://www.norman.com is an excellent program I still use every so often. I do like their sandbox feature and it remains one of the most configurable programs available. It's a very easy program to use, is exceptionally configurable and the sandbox feature allows testing suspicious files, allowing them to run as if they were active in the system but keeping them contained in a smaller, controlled environment. Norman also has no trouble scanning any format of compressed files I had to user defined depths and sizes. If a virus is found, Norman makes an attempt to clean and recompress the file. I used packers to ultra-compress a couple of virus infected files and Norman had no problems finding and repairing/removing them. Users may designate what areas and files to be scanned at various times or during certain circumstances using the programs' Task Editor. I found this to be very interesting because the program permits experienced users to completely custom design how the program works and looks for malware. Norman scans all incoming and outgoing email and newsgroups. Norman had no trouble detecting the normal run of viruses I introduced it to and even removed a couple of those annoying redirect viruses from infected sites I took the system to. It is as effective as all the top rated scanners I've seen which places it as one of the highly rated antivirus programs. It is still pricey (a one year home user subscription costs $61 USD), but it’s worth it.

AntiVir http://www.free-av.com is what I use on my other system on a regular basis. It remains small, easy on resources and simple to use. AntiVir has gotten very adept at ferreting out those pesky spyware trojans and is a perfect mate for your antispyware scanners. Since I only have one profile on my system it's more than adaquate. Aside from that, its small size makes it perfect for people connecting with dialup, and I love the name of their scanning engine-"Luke Filewalker". Ain't it great? By the way, AntiVir and Avast are both much more effective than Norton AV. Antivir proved to be effective about 95% of the time, not bad for a free antivirus. Freeware for home users only.

McAfee http://www.mcafee.com was ok, but not as good as it has been. Still a good antivirus, it also remained one of the top reasons why a system will slow to a crawl too or suffer from program conflicts. I don’t know why they still haven’t addressed this, but that's their cross to bear. However, I think McAfee has passed the torch to Norton as the most hated software.

KasperskyLabs http://www.kaspersky.com is another top notch antivirus, rating at the top. It’s user friendly and very effective.

TrendMicro http://www.trendmicro.com Well, if you’ve been to Trends’ Housecall online scanner you’ve undoubtedly seen some changes. Trend has purchased several companies and has incorporated their technologies into a variety of scanners, both online and software. The most recent acquisition was Intermute, the makers of SpySubtract and the owner of CoolWebShredder after Merjin either sold or gave it to them. This has reinforced the effectiveness of their security suite software and it does a good job. Resource speaking it’s a fairly large program but isn’t the pig that Norton is by any means. The virus scanner is still one of the best and had no problems defending the test system against everything I threw at it. However, as good as PC-cillin is, I don’t believe it matches AntiVirs ability to ferret out spyware associated trojans, so I’ll generally install and run AntiVir and then either use Trends’ portable scanner or Housecall. Still, I highly recommend PC-cillin as one of the best payware scanners on the market.

This year I decided to put NOD32 http://www.nod32.com to the test. All these NODheads keep telling me that this program is unstoppable, unbeatable, invincible and invulnerable. The first thing I’ve noticed about NOD reviews is that it has been stated other av software “pales” in comparison. I’ve been wondering what this antivirus program can do that no other is able to do. The answer is.....nothing. Is there some miracle that makes their programmers better than any others? That train of thought doesn't even make sense. A virus scanner is designed to do one thing-detect and remove active, hostile Internet code which seeks to damage data, steal information or offer unwanted access to your computer. NOD32 does this no better than any other good program and, in some cases, not as good as others. Surprised? Don’t be. Everyone likes their favorite and will staunchly defend it to the bitter end. That’s customer loyalty and it takes a lot of hard work to build it. So, let’s see if NOD32 holds up to its’ reputation.

The first thing I look at is ease of use. Programs like these should not be difficult for regular, everyday users to install and setup. After all, the main objective is to make it as simple as possible to stop viruses from doing damage and spreading, right?


From a regular user standpoint, NOD has a rather unattractive and confusing interface. There is too much to look at, too many options to choose from and none of it is clearly explained. The normal user is not going to know what to do with it all nor are they willing to learn all the technical jargon. It does offer some nice features though, from keeping the logs cleaned out so old info is removed to cleaning and removing viruses without disturbing the user (like AntiVir). For the experienced user, NOD32 offers a host of configurations, from scanning by extension to determining how to deal with detected files. Still, it can be very confusing for the unwashed to perform an optimal setup. NOD is light on resources. This means you don’t have to shut down your av because you’re going to be gaming or using resource intensive applications. Scanning speed wasn’t bad either-it scanned the entire test system (AMD 3400, 40Gb HDD, 512Mb PC3200, WinXP) in about 15 minutes (of course, there aren’t too many applications installed). It ran well, suffered no conflicts during the tests and is relatively small (around 8Mb), only being a little bigger than AntiVir, which is still the smallest.

Onto the viruses....
NOD did pretty well finding most of the samples placed into the system. It did choke on a couple of packed files and did serve up a few false alarms which concerned me (I don't like false positives). Other than that it did well, better than AVG, ETrust and Norton (what it's often compared to) but no better than Avast or AntiVir. It’s highly toted heuristic qualities are no better than any other scanner.

The conclusion is that NOD32 is a pretty good scanner, not great, but pretty good. I would suggest having an experienced user around if you’re not really sure how to configure it because all those options are confusing at best. Also, be aware there have been quite a few reports concerning NODs' incompatibility with some software. However, as it stands right now (I’m leaving it installed in the test system for a while to see how things go as time goes on) I wouldn’t chastise anyone for using it because it is in a similar effective percentile range as Avast and AntiVir. Still, I'm glad I took the time to take a look at the program and prove to those silly NODheads that their program isn't the end-all-be-all of antivirus software.

The Big Story....

If you want a free scanner, then choose either Avast or AntiVir. Of course, there are always downsides to everything. Avast requires going through an inconvenient registration process and isn't as configurable as I think it should be, and AntiVir has been seeing some difficulties updating through the servers for their free version. However, these are generally minor.

On the upside, they are both excellent antivirus programs. If you are concerned with percentages, the programs fall into the 95 percentile range on average. The payware versions these companies have offer more features and better support, but you're still not going to go wrong using the freeware versions.

As far as payware programs are concerned, PC-cillin, Kaspersky labs are the best choices. At this time I wouldn't say NOD32 is a bad program either although it still has a lot to prove to me.

I don't think EZ Antivirus or AVG are going to do the job and I don't recommend them. Until Symantec takes a step back for a fresh perspective and decides what it wants to do with their piggish program I wouldn't recommend them either. It's just going from bad to worse. McAfee? Well what can I say? I've never been fond of it. The av isn't necessarily bad, but the extra baggage, errors and the system slowdowns are the reason I don't like it.

No antivirus can detect all viruses. I don’t care what their claims to fame are or how good users say they are. To be safe during those uncertain times, I advise people to utilize a good scanner installed into their computer as well as a good online scanner, or have another antivirus program installed (but not active) in their system. The idea is to practice safe hex, keep your operating system updated and learn the proper settings to make intrusions into the system more difficult.


Online Scanners


TrendMicro Housecall
http://housecall.antivirus.com/housecall/s.../start_corp.asp is a plain-jane, no-nonsense online virus scanner based on the PC-cillin engine. reasonable fast (well, maybe except for the very first time), it allows users to choose what area of their system they want scanned and offers to clean or delete infected files. They now offer vulnerability and spyware scans. All these services offered free? You have to love those wonderful folks at TrendMicro!

Symantec SecurityCheck
http://security.norton.com/default.asp?lan...id=us&venid=sym does not scan compressed files, nor does it remove viruses if found. I find it useless to scan a system without cleaning it. Not only that, but I kept getting a message that said my ActiveX security settings were too high and couldn’t perform the scan. Eventually I was able to, but by that time I normally would’ve gone somewhere else.

McAfee's Virusscan Online
http://us.mcafee.com/root/mfs/default.asp doesn't remove infected files, but point users toward links and information to aid in removal. Still, doing a scan and not removing the virus is of no use to me or anyone else.

RavAntivirus
http://www.ravantivirus.com/scan/ scans as thoroughly as HouseCall, offering to scan compressed folders, unpack executables and remove hostile files from the system. Although I haven’t tested their antivirus program, research shows it rates about as effective as AntiVir, which isn’t bad at all. The online scanner did a good job and was pretty fast, detecting the virus files I placed in the system and effectively cleaning them out.

Panda's ActiveScan
http://www.pandasoftware.com/activescan/co...com/default.asp
only detects 90,000 viruses. This they state on the scanner page. Still, it may find a file another cannot, and the rule is to use every tool at your disposal to keep the baddies at bay.

So, there you have it. Just in time too, for another victim of malicious code is walking through my door. Buh-bye now.

This post has been edited by Interceptor: Jul 29 2005, 09:07 AM

John,

A very humble thank you for all your efforts. Everyone has opinions. Yours are based on fact.

I appreciate your time and work placed into this. As always, I printed and saved in my notebook for future reference.

Chris

Hey, Fearless Founding Member ...

I really appreciate the time and effort you have invested in this analysis. A big Thank You!

I have been using AVG 7 (paid for version) for the last 8 months or so after having my own set of horror stories with NAV. So far I haven't had any problems with AVG 7, but your test results (70% effective) certainly give me pause. I do believe I will give AntiVir a spin around the block.

This post has been edited by Tecumseh: Jul 9 2005, 05:50 PM

Thanks for the info Interceptor

I went from AVG to nod32 and your spot on with what you’re saying about it. It does require the user to set it up for best protection and for this reason I won't recommend it to the normal user.

QUOTE

All these NODheads keep telling me that this program is unstoppable, unbeatable, invincible and invulnerable.

Arr the fans yes once they are convinced its the best thing since sliced cheese they defend it with all sorts of claims.

I also use PC-cillin on another computer glad you highly recommend it I won't switch it to nod32 as I see no reason to.

This post has been edited by Zenith: Jul 10 2005, 02:35 AM

I've just ditched Norton in favour of Avast! My subscription had expired, and I thought that rather than renewing I'd try another one (especially as Norton isn't getting such a great press these days).

To be fair, I don't really like Avast's "media player" style user interface, but as long as it does the job and protects me from viruses then I'm happy with it.

My system is also a bit faster as well for having made the change.

I as well really didn't see the point in skinning an anti virus app, Avast, but you can disable the skins like I did.

Right click the Avast icon on your taskbar, next to your clock, and choose Program Settings, uncheck 'Enable skins for simple user interface', and click ok. Thats it, no more media player look. I prefer it this way.

Thanks Interceptor.

I had been waiting for this. Love the brutal honesty. Was just as informative (and funny) as I was expecting.

Thanks once again,Interceptor, for your time and experience in assessing the AV programs in your post.
I'm sure I speak for many, when I say we do appreciate it.

One question. May I post a link to this forum in other forums that I frequent so that others can become better educated when choosing their AV protection?

Paul

This post has been edited by ups4: Jul 11 2005, 06:13 PM

Good post, John; accurate and informative as usual!

Paul,

In reference to your link question, you should check with the rules of any board you wish to link us at. Some forums (ours included) have rules on outside linking. They may or may not have a problem with you doing it, so check their FAQ. And if that doesn't answer it for you, just ask one of their staff.

Yes Paul. As long as the forum you're posting it at doesn't have any problems with it, spread it far and wide.

Thanks for that, XPGeek! I've yet to play with the settings in earnest with it.

As for linking to us, usually there's not a problem unless there is a conflict of interests, such as another computer support forum. But it's always worth checking the rules and regulations there before linking.

I've already posted a link to here from another forum, and as it's a non-technical one it doesn't break the rules at all.

And they are VERY cagey over there as to what you can and cannot link to!

I just wanted to say thanks ... I too fix computers ... your results are dead on based on my customer's issues ... it's nice to have verification ... and you are correct, sir, that AntiVir rules ... goes on every system I touch ... and Norton comes off everytime I find it ...


Thank you, thank you,

Angusdhu

I am proud to announce that Ian "Gizmo" Richards of TechSupportAlert.com thought enough of the review to add it to TSA's monthly newsletter. TechSupportAlert is an officially recognized and sponsored utility, security, information and software resource website. I don't even want to hazard a guess as to the sheer numbers of subscribers to the newsletter. This was an enormous boost of recognition and legitimacy for me, and I deeply appreciate his taking the time from his busy schedule to fit Antivirus Test 2005 in during the midnight hour.

This post has been edited by Interceptor: Jul 18 2005, 01:10 PM

Here Here !!

You earned and you deserve it. Just surprised it took others so long to find out what everyone @ SAF knows; what a tremendous asset you are

Chris

Wow Interceptor!
What a FANTASTIC COMPLIMENT from TSA!
Many congratulations to you!

Congratulation Interceptor.

Good job Interceptor on their web page they say 55,000 subscribers

This post has been edited by Zenith: Jul 20 2005, 05:07 PM

Many thanks again.

Is it worth mentioning that there are now two TrendMicro scanners, the original one you mention and also

http:// fr.trendmicro-europe.com/consumer/housecall/housecall_launch.php

My feeble understanding is that the original one uses ActiveX, while the new one uses Java and thus is more widely applicable. The new one also charges to remove (tho not to detect) malware.

Way to go, Interceptor

This round is on me.........