Excellent sources of anti-virus comparison reports

[Wai_Wai]

Excellent sources of anti-virus comparison reports!!

Version 1.0.1

Note:

- If anyone finds any other good websites and/or sources, please tell me and I will update my post. Thanks!

- It is very long-winded. So scan the bold/italic headings first. If the heading interests you, read on.

- I haven't read thoroughly all the websites which I posted. If I have read the websites and find them very great, I will label them as (highly recommended!) or (recommended!)

==================================

Update logs:

V1.0.1

- pick up some minor mistakes and correct them :-D

v1.0

- Inclusion of My Anti-virus Program Comparison Analysis . It introduces you to the best anti-virus programs based on my research and observation.

- It seems I have done a lot on that. The post is mature now. It may be time to move on to other topics/areas

v0.3

1/4 volume of the content is added.

- more links to reports

- more links to free online virus scans

- get some tools about anti-virus and testing anti-virus on your own

- more links to articles/resources

- more explanation and articles on how to pick up a good AV program

v0.2

Half volume of the content is added.

- more links to reports

- more links to articles/resources

- *new* links to free online virus scans

- more resources about virus, and anti-virus

- some info about virus, written by me (eg how virus attack you, how we can protect ourselves, how to choose a good anti-virus program)

v0.1

- the first release of my post

==================================

Overview

I found some excellent sources relating to anti-virus(AV) comparison. There are reviews, reports, analyses. the sources are:

My Anti-virus Program Comparison Analysis

http://www.msfn.org/board/index.php?act=ST&f=19&t=35308

Reports, Analysis

http://www.av-test.org/ (highly recommended!)

http://agn-www.informatik.uni-hamburg.de/vtc/ (highly recommended!)

http://www.av-comparatives.org/ (recommended!)

http://www.virus.gr/english/fullxml/default.asp

http://www.virusbtn.com/

http://www.icsalabs.com/

Free Online Scans

- http://www.kaspersky.com/remoteviruschk.html

- http://us.mcafee.com/root/mfs/default.asp?...mfs/default.asp

- http://housecall.trendmicro.com/

- http://www.bitdefender.com/scan/licence.php

- http://www.pandasoftware.com/activescan/co...n_principal.htm

- http://www.ravantivirus.com/scan/

- http://www3.ca.com/securityadvisor/virusinfo/scan.aspx

Articles/Resources

http://www.vht-dk.dk/vhtdk/pc/pc.htm

http://www.cert.org/security-improvement/ (recommended!)

http://kaspersky-esac.org/index.php (recommended!)

http://www.scmagazine.com/products/index.c...ls&GroupId=5891

http://antivirus.about.com/

http://www.microsoft.com/athome/security/

Detailed reports

Av-test.org (highly recommended!)

Av-test.org http://www.av-test.org/ is an unbiased organization. The project is held by the Business-Information-Workgroup at the Institute of Technical and Business Information Systems at the Otto-von-Guericke University Magdeburg.

They made a lot of detailed and good analyses on anti-virus programs, in terms of their detection and prevention abilities.

The tests include:

- VIRUS DETECTION ITW ON-DEMAND SCANNER

- VIRUS DETECTION ITW ON-ACCESS GUARD

- VIRUS DETECTION ZOO ON-DEMAND

- ARCHIVED AND COMPRESSED FILE FORMATS ON-DEMAND

- PERFORMANCE / SCAN TIME ON-ACCESS (IN SECONDS)

The categories they test are:

- known virus

- unknown virus from their labs

- File viruses

- Macro viruses

- Script viruses

- Polymorphic viruses

- Other Malware

- False positives (ie wrong claims of the infected files)

- Compressed program files (with virus)

- password-protected files (with virus)

- and so on

On the detection side of know virus, nearly most of the anti-virus programs score very high, ranging from 95-100%.

But on other aspects, the scores can vary greatly. So we can see their weaknesses and strengthens by reading their reports.

Their reports are excellent - highly recommended people to read them. It doesn't mean you must make a switch to the AV program which score the highest mark, or do anything else after you read the reports. But they can be served as good indicators to tell you how well your AV program protects you - something that you can't know just by using them!

Virus Test Center - Hamburg (highly recommended!)

Virus Test Center http://agn-www.informatik.uni-hamburg.de/vtc/ is a non-profit cooperation without any hierarchic structure of membership.

Their reports are written in plain text which may discourage people from reading them.

Anyway, their reports are resourceful. If you don't mind their appearance, you will find their information interesting and useful.

Their tests are also as comprehensive as the AV-test.org

Extract of one of their comprehensive test:

=======================================================================

Eval WXP.01: Development of Windows-XP Scanner Detection Rates

Table WXP-A: Comparison File/Macro/Script virus detection rates

Eval WXP.02: In-The-Wild Detection under WXP

Eval WXP.03: Evaluation of overall WXP AV detection rates

Eval WXP.04: Evaluation of detection by virus classes under WXP

WXP.04.1 Grading the Detection of file viruses under WXP

WXP.04.2 Grading the Detection of macro viruses under WXP

WXP.04.3 Grading the Detection of script viruses under WXP

Eval WXP.05: Detection of Packed Viruses by virus classes under WXP

WXP.05.1 Detection of Packed File Viruses under WXP

WXP.05.2 Detection of Packed Macro Viruses under WXP

Eval WXP.06: Avoidance of False Alarms (Macro) under WXP

WXP.06.1 Avoidance of False Alarms (file) under WXP

WXP.06.2 Avoidance of False Alarms (macro) under WXP

Eval WXP.07: Detection of Malware by classes under WXP

WXP.07.1 Detection of File Malware under WXP

WXP.07.2 Detection of Macro Malware under WXP

WXP.07.3 Detection of Script Malware under WXP

========================================================================

Some remarking tests are they run particular tests on false positive(=false alarm to clean files), and non-viral malware. Especially false positives, these areas are what I am in great interests. Good job!

AV Comparatives (recommended!)

AV Comparatives http://www.av-comparatives.org/ is another alternative. They produce good and in-depth reports as well. They will explain their sorting and testing methodology. You can see their sincerity in making these great reports for us.

They will test anti-virus abilities in different areas, including:

- known viruses

- unknown or new viruses

- Retrospective/Proactive Test

- On-demand comparative

AV Comparatives test only anti-virus programs which they feel they are up to standard. Currently there are 13 anti-virus programs. Other rip-off and poor anti-virus programs will not be tested in the first place. (But this is already enough, isn't it?)

Short Reports

virus.gr

virus.gr http://www.virus.gr/english/fullxml/default.asp tries to collect viruses all over the world to form a virus database. Then it will use test different anti-virus by scanning the virus database, and see how many viruses they can catch.

This test is not as comprehensive as AV-test.org has. It focuses only on their abilities to catch known viruses only, which is not enough. New viruses are always coming. but they ignore this important category. But they test much more anti-virus programs (including poor and rip-off anti-virus programs).

The latest testing result (10-25 August 2004): http://www.virus.gr/english/fullxml/default.asp?id=67&mnu=67

ICSA labs

If you hate reading long reports, you may seek help to ICSA labs http://www.icsalabs.com/index.shtml. They listed all the certified AV programs.

Virus Bulletin

Virus Bulletin will issue its VB 100% logo is awarded to anti-virus products providing that the product can:

* Detect all In the Wild viruses during both on-demand and on-access scanning in Virus Bulletin's comparative tests.

* Generate no false positives when scanning a set of clean files.

Their tests are simple and limited unfortunately (only anti-virus abilities on catching known virus are tested). And some says their reports are not too reliable.

Comparison table of all AV programs

http://www.virusbtn.com/vb100/archives/products.xml?table

List of each AV program report

http://www.virusbtn.com/vb100/archives/products.xml?

Free Online Scans

No single anti-virus can catch all viruses. It is worth using other AV programs to help you to spot out the most hidden/disguised viruses.

I have searched for some online scans, and they are free .

- http://www.kaspersky.com/remoteviruschk.html

- http://us.mcafee.com/root/mfs/default.asp?...mfs/default.asp

- http://housecall.trendmicro.com/

- http://www.bitdefender.com/scan/licence.php

- http://www.pandasoftware.com/activescan/co...n_principal.htm

- http://www.ravantivirus.com/scan/

- http://www3.ca.com/securityadvisor/virusinfo/scan.aspx

Anti-virus Tools

Virus Help Team

Tools for testing anti-virus programs ( Interesting )

http://www.vht-dk.dk/vhtdk/pc/eicar.htm

They provide a way for us to test our own AV program. Sounds interesting!!

Quote:

The EICAR test file is designed for users and administrators who want to check the proper operation of their anti-virus software without using actual viruses. Since it is never a good idea to test with real viruses, anti-virus researchers designed a completely harmless test file that most anti-virus products detect as if it were a virus. The EICAR test file is completely benign and contains NO virus code.

Other tools (free of charge!)

http://www.vht-dk.dk/vhtdk/pc/free.htm

Articles/Resources

Cert.org (recommended!)

There are a lot of articles regarding security issues. The topics they cover are:

- Practices about hardening and securing systems

- Practices about preparing to detect and respond to intrusions

- Practices about detecting intrusions

- Practices about responding to intrusions

- Practices about improving system security

- Practices related to outsourcing managed security services

Although I haven't read through all articles, it is very resourceful!

A must-visit website! http://www.cert.org/security-improvement/

kaspersky-esac.org (recommended!)

There are a number of articles which are well-written.

They discuss or explain some issues which you can't find normally elsewhere.

A few good articles are much better than a lot of commonplace articles.

Evaluating anti-virus tests - Why some reviews are better than others?

http://kaspersky-esac.org/index.php?PageID=9

Good article! An article of wisdom.

It explains in depth why some of the reviews are not reliable, how we should judge from the reports, limitations of different kinds of reports etc.

To use one or two Scan Engines...not so easy...

ftp://ftp.kaspersky.fr/utils/private/ESAC/TwoScanEngines.pdf

It explains about the strategies used in protecting the computer.

Should I use more than 1 anti-virus program?

Should I use 1 anti-virus with multi-scan-engines?

More Publications:

http://kaspersky-esac.org/publications.php?PageID=0

SC Magazine

http://www.scmagazine.com/products/index.c...ls&GroupId=5891

They have some reviews on the major anti-virus programs.

Instead of giving the overall rating only, they will give rating in each category too, which could be great for users to know more about their strengths and weaknesses.

However it is strange that a few have not been rated at all - only comments are available.

Antivirus.about.com

Before You Buy Antivirus Software

http://antivirus.about.com/cs/softwarereviews/bb/bybav.htm

Top Picks

Windows: http://antivirus.about.com/cs/beforeyoubuy/tp/aatpavwin.htm

Macintosh: http://antivirus.about.com/cs/allabout/tp/aamacvir.htm

See also:

http://www.virus.gr/english/fullxml/default.asp?id=67&mnu=67

Microsoft

What are viruses, worms, and Trojan horses?

http://www.microsoft.com/athome/security/v...s/virus101.mspx

Protect your PC in 3 steps

http://www.microsoft.com/athome/security/p...ct/default.aspx

Other Information about virus, anti-virus

Why do I need to protect my computer from anti-virus?

You may think if you use your computer carefully, you will not get any virus/trojan etc. It is a wrong concept.

The villains can knock your computer down even if you just connect to the Internet.

See how these villains can knock you down:

>>> Connect to the Internet. That's it!

Q: Why? I am a very alert user. I will only browse the most reputable websites. I don't install any suspicious things (even *.txt). I think I am safe enough.

A: Unfortunately it is not. No operating system is perfect. They all have "security holes" which can be exploited by a new type of viruses in order to infect the computer, without asking you any permission at ANY time at ANY situation.

They are free from devastating your computer. By the way, most villains will attack Microsoft Windows since it occupies a majority of the market.

Q: How can they find me out and attack me? It's not easy to look for a needle in a haystack.

A: It is easy.

A way to find you out is to use port scanners. It doesn't need to be an expert in order to use a port scanner.

A lot of great scanners are available on the Internet for free. Villains who make use of them can scan millions of computer within minutes, or even seconds.

Once you are connected to the Internet, they may be able to find you out.

Q: I don't have valuable resources in my computer. The villains will not target me.

A: No, some of their objectives are for fun. It is a fun to them to crash our system.

They may get a great sense of success and happiness when they succeed in intruding your system.

Some villains need to control your computer. Later they can use your computer to attack their real targets without worrying about counter-attack (because it is now you to suffer from these attacks).

Some villains need to control a lot of computers, so they can issue denial of service to paralyse their target website.

Other ways:

>> Browsing websites (even if you browse the reputable ones! It's because, say, a virus can infect the website. And when you browse the website, you get infected too.)

>> Just reading pr previewing emails (some evil codes will be stored in *.html, or in the pictures!)

Q: How can I prevent from these attacks?

A: Don't read suspicious emails. Only read plain email (ie non-html emails!). Disable any graphics/pictures.

>> Opening infected hard disk, CD-ROM or diskette.

>> Executing attached infected files

Q: How can I prevent from these attacks?

A: Don't install or execute any suspicious files/programs etc. If you do wish to try them, scan them fully before installing/executing them. But pay special attention to compressed or password-protected or encrypted files. They may contain the evilest viruses which anti-virus programs find hard detecting them.

How can I protect my computer from anti-virus?

I recommend you doing the following:

- installing a good anti-virus program. But how can I choose a good one? See the information in another heading - How can I choose a good anti-virus program .

- frequently update your anti-virus program

- frequently run full-system scan on your computer (eg weekly)

- frequently do online scans from other anti-virus companies (eg monthly, or even weekly)

(Note: For their websites, see my previous paragraphs)

What's more, you should shield-up your computer by doing the following as well:

- frequently update Windows

- install a software firewall program

- install a hardware firewall if possible

- have better knowledge in using and protecting your computer

How can I choose a good anti-virus program

>> read the reports

I recommend reading the most elaborate reports!. Click on the websites which I collect for you.

For these reports, they can tell you accurately about the abilities to:

- detect/remove known viruses (most reports focus on this area!)

- detect/remove unknown viruses (this is also important too because there are in fact many unknown viruses in the world. But most reports ignore this kind of abilities. AV-test.org http://www.av-test.org/ has been producing good reports on these areas. Worth reading their reports!)

>> Don't rely on magazines, website reviews too much

The reviews in (eg CNet) do not really write good reviews. There are several reasons:

- Most magazines simply do not have enough resources to conduct an effective and representative anti-virus capability tests. Unless the magazine is using the results from a big and independent testing organisation, the reviews cannot reflect their true value.

- Some magazines receive money support from these anti-virus programs (by advertisements etc.) So do you think they are will be impartial enough?

- They will not just spend a lot of time to do one review. They are a lot of other things to do. A good and comprehensive test needs a lot of money and time (eg half year). How come they will afford a lot just for some reviews? It's not commercially advantageous.

>> ask user advice

I don't think users can fully experience how well a program can protect you from anti-virus simply by using the program. One of the problems is a virus bypass your anti-virus program. They don't cause serious problems in your computer. You never notice this virus. You still feel your anti-virus program is doing a big job.

But most reports which I recommend tell you their anti-virus capabilities. You may wish to know some other aspects including:

- stability

- virus database

- support

- features

- customizations

One of the best ways to know about them is to "ask". They can tell you their experiences and feeling of the products, and see how they comment.

More links about this:

- http://kaspersky-esac.org/index.php?PageID=9 (recommended!)

Good article! In this article, it explains in depth why some of the reviews are not reliable, how we should judge from the reports, limitations of different kinds of reports etc.

- http://antivirus.about.com/od/antivirussof...irusprotect.htm

Finally I hope you will find this post interesting/helpful. :-P

Cheers!

[Wai_Wai]

Updated to v0.2

Half of the volume is added.

[Wai_Wai]

Updated to v1.0.1

[mdes]

Excellent Thanks a lot

[Wai_Wai]

Excellent Thanks a lot 

Thanks for your feedback.

This makes me feel my efforts are not wasted.

I will work harder and make more good posts.

By the way, your hand looks scary.

[webmedic]

Your reposrts on virus bullitin are very wrong. The issue is that you are only seeing a small portion of the report. The rest is pay for at some 1000$ a pop and many corporations use their reports for making their decisions.

The issues here is that many pof hte other reports listed here are not varifiable by anybody other than those doing the test themselves. Therefore you really have no idea about the quality of the data they collected. I can gurantee you that corps dont pay for the reports fomr virus bulitin for nothing.

Also rememeber that at virusbtn you are only seeing the in the wild virii testing for free. They are very correct as far as in the wild virii are concerned.