AVComparatives has posted a review of corporate products at http://www.av-comparatives.org/comparativesreviews/corporate-reviews. This test includes AVIRA, ESET, GDATA, Kaspersky, Sophos, Symantec and Trustport. No mention of McAfee or Trend Micro who I believe would both be in the top three deployed corporate endpoint protection solutions.
The report includes a detailed table comparing the available features of the products. It does not focus on detection rates for the most part. It does report on SPAM detection rates. Personally I think SPAM filtering belongs at the enterprise gateway not at the desktop.
As a Symantec Endpoint Protection admin, I loved one of the conclusions of the report, “The Symantec suite is, by far, the most mature and professional product tested by us.”
Posts tagged ‘AV-Comparatives’
AVComparatives Corporate Review
AV-Comparatives Performance Test
AV-Comparatives has released a test report comparing antivirus performance during boot, file copy and file compression.
To access the report, go to av-comparatives.org, click on Comparatives, and scroll down to the Performance Test report.
I’m always disappointed that the tests focus on consumer products (although Sophos is included. I’m more interested in Symantec Endpoint Protection than Symantec Antivirus 2009. I care more about McAfee Total Protection Suite than McAfee Antivirus.
Corporate Fantasyland
Twice today I read “enterprises do this” statements that made me laugh.
Over at SANS the handler wrote “Corporates typically block outbound FTP” while describing Yahoo phishing that had FTP downloaded malware.
Later I was reading the latest AV-Comparatives report. In the discussion of numerous Sophos false positives, the author says Sophos is used in corporate environments where “new software is rarely installed.”
I’ve been looking for reliable statistics about what percentage of companies currently allow a significant percentage of employees to have local administrator rights. When I see statements like the above I wonder if our policies which were once one of the more restrictive are now comparitively lax. Or is it that the authors are merely stating what they wish were true.
New AVCompartivies Report
AVComparatives.org has a new report comparing malware testing organizations. Based on the subject “Anti-Virus Testing Websites: An Overview on Which Testing Sites can be trusted and which cannot” I was kind of expecting a comparison of the various online scanners. Instead I’m greeted by a paper with some of their testing philosophy and why they are better than everyone else.
It didn’t do much for me, but I’d still suggest adding their RSS feed to your reader so you can keep up on their new studies.
Symantec earns top spot in customer loyalty report
Symantec earns top spot in customer loyalty report, but one has to wonder if they would fair as well in a report of enterprise antivirus admins.
Some of the key evaluation points were overall value, overall product, and company reputation.
Doesn’t Symantec routinely have deals where you can get the home suite for practiaclly free, or free with buying something like Taxcut that you were going to buy anyway? If so, I’d say “free” is a pretty good value. The company reputation is perceived as good based on advertising and shelfspace. The average home computer user doesn’t read AV-Comparatives or Virus Bulletin. They aren’t qualified to determine the quality of the product other than their own subjective judgement.
Tip of the cap to Donna’s SecurityFlash since I first saw the study reported there.
Consumer Reports Reviews Antivirus, McAfee Cries Foul
Consumer Reports reviews antivirus products in its September 2006 edition. Most of the article requires a subscription, as a result I have not had a chance to look at it yet.
McAfee responds in their weblog. The author “Igor” obviously has no clue who Consumer Reports is. As a result, he is confused by the September 2006 date. Since the material is undoubtedly part of the September 2006 edition of the magazine, that is the correct way to date the article on their website as well.
Igor gets his nose out of joint because CR used a live fire test, creating new viruses in the lab. Igor prefers tests where three month old virus definitions are used so any virus that came out after that can be tested as a “new” virus.
Complaining about that reminds me of when a vendor complains about the method of disclosure to distract from the vulnerability in their product. (although there is actual damage from full disclosure and no damage from this private lab test). Igor needs to get over it. Signature based detection is dead, and antivirus products will be judged by their heuristic and behavioral protections. That said, CR needs to look into the standard virus testing methodology. They are unaware of the testing performed by av-comparatives for example. These types of tests are not as new as CR imagines.
http://www.avertlabs.com/research/blog/?p=71
Oleg Gudilin: Proactive Protection: a Panacea for Viruses?
Its become obvious to most that reactive signature based antivirus products are not sufficient to protect computer systems. In Kaspersky’s viruslist.com Oleg Gudilin looks at whether proactive protections will be a cureall for viruses.
The article has a lot of interesting graphs from AV-comparatives.org and av-test.org.
I agree with him that vendors are using terms like proactive and zero day incorrectly. Some vendors have implied to me that no update is necessary, but when pressed on how they provided protection against a specific new threat, the first thing they said was an update was deployed.
Where the article falls short for me is that it only includes proactive measures that have been added into antivirus products in recent years. It would be interesting to see how full blown HIPS products shape up.
On the whole, I agree with the author that proactive measures are necessary but that these will not replace signature based detections.
AV-Comparatives.org results
AVComparative’s regularly scheduled antivirus scanner testing results is available.
http://www.av-comparatives.org/seiten/ergebnisse_2004_02.php
What does it really mean? I dont know. Does it matter that one scanner can scan a bunch of zoo viruses (viruses not in the wild) but another scanner misses it? I dont think so.
After looking at the scan results, I had a bunch of questions about their methodology. Fortunately they have written up how they went about this. I found that more interesting than the actual results. Very cool.
