A rare AntiVirus accuracy competition was conducted at Linuxworld this week, and the results should come as a blow to the paid antivirus industry.
A rare AntiVirus accuracy competition was conducted at Linuxworld this week, and the results should come as a blow to the paid antivirus industry. Run by delegates from the untangle network gateway, the competition should provide ammunition to critics of the idea that good virus protection cannot be provided for nothing. The results (with pretty graphs) can be found here.
The test benchmarked ten AntiVirus applications, including the flagships from Norton, McAfee and Kaspersky, as well as the open source ClamAV. The scanners were tested on three categories of viruses -- considered to be easy, medium and hard. Firstly the standard EICAR test files were included to ensure that all scanners were working correctly -- any virus scanner should be guaranteed of identifying the EICAR file, as it's purpose is testing virus scanners. Secondly a set of viruses found in the organisers mailboxes was included, to represent common viruses in circulation at the present point in time. Lastly viruses submitted by the audience were tested, to simulate either historical malware attacks or cutting edge viruses.
Only the Kaspersky and Norton offerings, as well as ClamAV were able to detect all viruses from the first two categories. "The expected results was [sic] that all vendors would catch all of atleast the first two sets (eicar and in-the-wild) because these are all very common viruses that have been around for some time." organiser Dirk Morris wrote on his blog.
When the user submitted viruses were added to the competition results the gap only widened between acceptable solutions and those that were offering false protection.
Kaspersky and ClamAV were the only virus scanners out of the ten tested that were able to detect 90% of threats, whereas the far more expensive Watchguard identified less than five percent -- nothing more than the published EICAR file.
This is great news for the security conscious (unless you happen to be using Watchguard, in which case, sorry guys). Far from being a case of "you get what you pay for", good AntiVirus is clearly within the grasp of anybody at all, for personal or business use. The test also dispels the myth that AntiVirus is a commodity product that does not change a great deal between vendors.
Virus protection is a serious matter, have a closer look next time you're choosing a virus scanner and make sure that you're getting the protection you expect.
Without further ado, the top ten virus scanners according to the AntiVirus fight club were:
1. Kaspersky (97.1%)
2. ClamAV (91.4%)
3. Norton (88.6%)
4. F-Prot (85.7%), and
4. Sophos (85.7%)
6. McAfee (74.3%)
7. SonicWall (54.3%)
8. GlobalHauri (45.7%), and
8. Fortinet (45.7%)
10. Watchguard (2.9%)