Choosing antivirus protection can be very difficult. The market is highly competitive and the products are at the forefront of information technology.
Antivirus vendors have both the knowledge (gained from the daily war against cybercriminals) and the money to wage an epic brand battle in the field of IT security. There are many vendors and each of them is releasing dozens of features in their product. How do you really choose between them? Let me try to delve into this topic in this article.
security is boring
Security is always in conflict with usability. Whether you’re working on your documents, playing video games, or watching a movie, no amount of security measures or procedures will really help your business. On the contrary, they are playing games: they slow down your computer, ask for different passwords, force you to choose a suitable folder to save your files, etc.
Yes, I understand the need; a security payload is the price for your security, but it’s no fun at all. Modern marketing tries to get people to engage, have fun, get some kind of closure by using a product. What kind of shutdown can you expect from antivirus software?
The only thing you need from an antivirus solution is to shut up and remove viruses. This is why antivirus vendors never have a large fan base. LOST has 7.5 million fans on Facebook, Symantec has 35 thousand.
To make matters worse, almost no security measures give you a guarantee or some kind of psychological closure. Do you remember the movie “Mission: Impossible”? There was a very well protected computer and yet Tom Cruise came and hacked it. With any antivirus product, there is always a chance that viruses will get through to your defense. That’s sad.
Antivirus software developers are constantly at war with cybercriminals and with each other.
There are many ways to make money illegally on the Internet: spam, prescription drug sales, pornography, gambling, identity theft, credit card fraud, etc. And where the money is, brilliant (but devious) minds apply their knowledge to get it. Every day criminals try to find a new way to infect your PCs.
When a new virus is created, it is tested against the most important antivirus protections; They shouldn’t be able to detect it. He then pushes himself “into the wild” and begins to do his dirty work. Antivirus software labs around the world work 24/7/365 to try to detect new viruses through “honey pots” and various other techniques. Normally, when they get an example, it’s not very difficult to create a cure. Within hours (sometimes minutes) after detection, software from this particular vendor can and will protect you against this virus. (Major antivirus brands also have proactive protection against yet unknown viruses. They try to analyze the behavior of any new program and define whether it is a virus or not. But the intelligence of such programs is still not very good.)
Normally, all the major antivirus labs in the world exchange information about the latest viruses with each other. So we can assume that all antivirus products are very good at finding new viruses. The problem is that hundreds of new viruses are developed every day. You never know when someone will make a mistake and let it slide.
It looks like a Formula 1 race. We know that all the cars are good. In reality, they are almost 99.99% perfect and the drivers are geniuses. However, they have to compete with each other. Someone will make a mistake and it will be “not so perfect” this time.
Antivirus providers have to compete every day, 24 hours a day, on a Formula 1 track to prove their performance.
Size does matter
The first logical thought is to try to find the leaders in the market. Who sells more antivirus products in the world? Perhaps they are better at what they do and the “invisible hand” of the market has already picked out the favourites.
According to Softwaretop100, the largest companies are:
- (Kaspersky is aggressively reaching for third place)
The rest are much smaller.
However, this does not include so-called “free antivirus” software. This means that a provider offers a basic version of their security software absolutely free and makes money with expanded products or services. Free is a magic word, and according to some sources, free antivirus protection is installed on 50% to 60% of all computers in the world! The free antivirus industry leaders are:
They all start with A, and they are all European (Avira is German, avast! and AVG are from the Czech Republic)
There are independent labs that try to test virus protection products to see how well they perform in the endless race. Let’s see if we can find which antivirus product is the best.
AV-Test tests more than 20 products and publishes a report every quarter. They give a score from 0 to 6 in three categories (protection, repair, usability) and the worst products are not “certified”.
Let’s see who got the highest rating for protection:
- Q2 2010: AVG, GData, Symantec, Panda
- 2010 Q3: Kaspersky PC Tools
- Q4 2010: BitDefender, BullGuard, Kaspersky, Panda
- 2011 Q1: BitDefender
I don’t see any particular leader here. Some months, some providers are the best, another month, another is.
Let’s see how the 3 obvious market leaders (Symantec, McAfee, Trend Micro) fare in this test:
- Symantec: 5.5,5.0,5.0,5.5 (near maximum scores)
- McAfee:5.0,3.5,3.5,3.0 (not good)
- Trend Micro: 2.5, 4.0, 4.5, 3.5 (not good)
AV-Comparatives tests about 20 products almost every month and has a series of tests to show the performance in antivirus protection.
Almost all leaders detect more than 90% of viruses, but there are those who detect close to 100%. Let’s see who is the best at on-demand detection:
- February 2010: G Data, Avira, Panda
- August 2010: G Data, TrustPort, McAfee
- February 2011: G Data, TrustPort, avast!
Obviously, G Data is doing very well. It is strange that it is not always the best according to AV-Test.
Let’s follow the market leaders by their position in the top 20:
- Symantec: 7,6,12 (middle positions)
- McAfee: 5,3,10 (near the top)
- Trend Micro: 18,13,13 (almost always near the bottom)
“Lower” in this case means >90% detection; We’re talking about 90% of the thousands of newest and most dangerous virus threats, so I guess it’s good enough anyway.
Virus Bulletin is the most advanced site, measuring the widest range of vendor products and providing the most extensive results. They have a lot of historical data on the performance of the antivirus product. Let’s do your RAP (Reactive and Proactive) test from October 2010 to April 2011.
The best providers were: Trustport, Coranti, Avira, G Data, Kaspersky.
How are the leaders?
- Symantec: ~90%-80% (definitely the top quadrant)
- McAfee: ~75%-75% (average results)
- Trend Micro has been boycotting this test for 3 years (hmm)
What can be said about antivirus protection, if it is tested by independent sources?
– The results do not match. Completely different providers rise to the top and fall to the bottom without any indication as to why.
– The main sales providers are average or below average in their level of protection and the best places are given to small businesses.
– The same provider can show a perfect result on the same test in 2010 and drop a year later
– Antivirus vendor websites are littered with certifications obtained from one of these three labs. Each of the 52 providers has at least one. I’m not sure how to compare them based on this information.
power of the fourth power
There are many computer magazines. And they are issued every month. Market research says that advice from computer news sources is one of the most important factors in customers’ decision-making for antivirus products.
I gathered information from various PC magazines, both online and offline. Let’s see which antivirus products they think is the best:
Dennis Technology Labs, “PC Total Protection Suites 2011”, February 2011
Best picks: Symantec, Trend Micro, Webroot
PassMark Software, “Consumer Security Product Performance Benchmarks (February 3, 2011 Edition)”, February 2011.
The best options: Symantec, ESET, G-Data
Best picks: Symantec, Avast!, Sophos
Best Picks: BitDefender, Kaspersky, Webroot
The best options: ESET, Symantec, McAfee
Best Picks: K7, Symantec, Kaspersky
Best Picks: Kaspersky, McAfee, Trend Micro
I could go on posting dozens of examples, but I think I’ve made my point. Choose any one of 52 providers and there will be an IT magazine ranking you #1.
What do sellers say about themselves?
Vendors are telling stories. Within many antivirus vendors there is a marketing tool called a “battlecard”. It is a list of the characteristics of your product and the comparison with the competition.
Of course, this is not public information, but it is more or less openly available to software sales channel partners: distributors and resellers. You can google a bit and find examples of research and comparison charts put out by the vendors themselves.
(Disclaimer: This information is provided as is and the way I obtained it, via Google, is subject to criticism.)
For examples of such “battle cards”, Google a vendor name + “battle card” and you’re sure to get some interesting results.
Choosing an antivirus product is like choosing a car. Everyone has their preferences, and vendor marketing machines spend millions to change our opinions. But there are no Ferraris or Porsches among the antivirus products, just a huge row of midsize sedans.
You need one, sure.
But if you need to choose between antivirus software, don’t! Select the one you’re using today or the one your engineer friend likes. Or the one recommended by your company’s IT department. If one of the products is causing you performance issues, choose another. If you have 5 PCs at home and the subscription becomes expensive, choose a cheaper one.
A much more interesting question is how to buy antivirus software. What do you need to know to buy the software safely, quickly and at the best price? Unfortunately, this is beyond the scope of this article.