But that would destroy the purpose of using a computer right? So let us see how to decide on which antivirus software is to be used to remain best protected among the rest.
Before all that, we need to what should define these 'best antivirus software'(this is necessary to understand HOW of 'how to decide which antivirus is better' and is advisable to be read, but if you are not interested, then skip this and go towards the end of the post where I have told ABOUT the best antivirus product).
According to AV-Comparatives, "an antivirus product should preferably have very high detection rates (of malware and also potentially unwanted applications), high pro-active on demand protection, very few false positives, scan fast and reliably with a low system impact, provide good malware removal capabilities, protect the system against malware/websites with malicious software without relying too much on user decisions/interactions, cause no crashes or hangs and have no annoying bugs". If that went heavy on you, then let me explain what it meant.
Basically a good antivirus solution should have these features or capabilities:
- Should have very high detection rates: i.e. the antivirus should be able to detect as many malwares and other harmful (or potentially harmful) stuffs that may be a cause of concern to an average user.
- High pro-active detection capability: this can mean that the antivirus should be able to identify a harmful object even in its unreactive state. i.e. the antivirus product should be able to detect a malware automatically, if present in any storage media, without needing the user to manually scan it. Also known as resident shield in some antivirus.
- Very few false positives: its a bitter truth(or was) for most malwares that initially, the malware comes out and then the antivirus companies resolve it and make an update to their products. Thus by the time an update is received, a few computers may have already been infected by a new malware. So, to minimise this risk, antivirus companies have resorted to heuristics method which means that they check the pattern of coding on the target software(or the object) and if they find a similar pattern with already known malwares, then they will mark this object as a malware too. While this comes handy when dealing with new and unknown malwares, it may also brand a good object as a bad one (even a computer makes mistake). These mistakes are called false positives and are highly undesirable. A novice user may actually delete a good file mistaking it for a bad one(due to heuristic detection). It's very common when it comes to cracks and key generators.
- Scanning: definitely a fast scan(but thorough and reliable) and lower system requirements are desirable for antivirus products. Remember? Symantec Norton Antivirus has been badly branded as a system resource hog for years now even though it has actually learned from its mistakes and improved!
- Malware removal: an antivirus having just high malware detection rates is not enough. It should have good removal rate too. Often, you may find that an object has been detected as a malware and even after deleting it, it comes back and shows the warning again. No matter how many times you delete, it will come back. This may be termed as a bad removal rate. It can be most noticed amongst malwares spread by USB flash drives.
- Web protection: it should be able to detect harmful scripts and other malicious codes in a website and block them too. This feature is found on most major antivirus products and can be a boon against web malpractices such as phishing.
- No crashes and bugs: though not generally seen, but antiviruses may tend to hang up while scanning. They should not crash when operating them. Though it's got to do nothing with security but it may irritate the user and thus is not desirable.
- Cost factor: this is an important factor for most. Look for value for money products. Some products will just demand a higher price just because they are famous (innovation advantage? effective marketing?). Look for which delivers the most. 'More the cost, better the product' thing doesn't always work. These days many free antivirus products are actually better in many ways than their paid relatives. So look for value for money. Better still look for the free ones, mostly they are pretty good. Why spend money when you are getting good quality for free ?
- Pro-Activity: in most countries that do not have a good internet connection availability ratio(population wise) as in India, users just install antivirus products and tend to think that since they have installed an antivirus product on their computer, it will work well indefinitely without any updating (many even do not know that it's required to update!). Remember one thing, thousands of new malwares are coming out every single day and to remain protected you need to be updated as regularly as you possibly can. These days antivirus companies release updates (which contains virus signatures needed for their identification) every day or even by the hour in some cases. It is important to update and for those who can't do so everyday, try to update it at least every week. In such cases, where updating regularly is not a feasible option, heuristics play an important role. Since they trace a malicious object by identifying the code patterns against previous known malwares, they have high chances of catching new and unknown malwares even without updates. So make sure that your choice of antivirus has a good heuristic capability (with few false positives) and set it on 'high' inside settings menu.
- Look for newer technologies such as 'sandboxie'(or sandbox; suspected infection is allowed to execute in a virtual, controlled environment and marked as bad if caught doing any harm. This avoids harm to the actual computer), 'in the cloud' (infection is scanned against a set of pre-existing samples in the cloud. Requires internet but is faster than sandboxie method) and 'behavioral blockers' (mostly for malicious websites).
- Safe removal: sometimes a malware may be very difficult to remove. This mainly happens because that infection may be active in the computer memory an in such cases removing them in Safe Mode may be beneficial. Some products, such as Avast Antivirus, offer something called 'boot-time scan' which attempts to scan and remove the infection before the computer boots into Windows completely. As such, the malware does not get a chance to attach it to the active memory and thus gets removed (in most cases). Techniques such as these, though often overlooked, can be immensely useful at times.
- When a file is infected by a particularly bad malware, it may need to be deleted. But what if that file is an important one and you do not have a back up ? Some products create a database or fingerprints of files in advance and are able to restore them back to earlier non-infected condition. Check for products that have such feature as they can be really helpful in need.
- Give preference to a complete suite (such as Internet Security suite) instead of just an antivirus. These suites generally include the antivirus + firewall + web security + Anti-Spyware etc. Thus giving you better overall protection for a little extra price.
- Some other small and negligible factors such as pop ups when watching a movie or playing a game may irritate you (as in Avira). Just make sure about such things beforehand.
benchmarking (testing all selected products in a controlled manner one by one and then collecting and analysing data from them) of all relevant antivirus products. Benchmarking or bench-testing antivirus products is a very delicate matter as extreme caution and careful analysis needs to be done, to be able to observe minute details. You will find many blogs and websites posting their own benchmarked results but very often these are not so accurate. But AV-Comparatives is an Austrian Non-Profit-Organization, which is providing independent Anti-Virus software tests free to the public.
They do these bench-testing under controlled conditions and this organisation is endorsed by all the major antivirus companies. Their results are often regarded as the official tests and used for analytical purposes.
They have divided their tests in many parts:
- Main tests: again divided into 2 types
- Retrospective/Proactive Test: in this test, they update the antivirus to a particular date (say 1st Jan, 2010) and then test them on a later date using malwares that were released after 1st of January and thus unknown to the products(say, malwares collected from 2nd Jan till 5th Jan and then tested on 6th Jan). Thus this shows how effective a computer's heuristics are in detecting unknown malwares. Good for people who do not update their antivirus regularly.
- On-demand Comparative: here, a large collection of malware collected during past many months are used for scanning on fully updated antivirus products. Their objective in this test is to determine how effective the antivirus product is, in detecting infections based on their updates. Thus it shows how good the product is in bringing out effective and timely updates that can detect and remove known malwares.
- Performance tests: these are done to check if the antivirus products are hampering a computer's performance. Different activities like installing/uninstalling, downloading, copying from one hard disk to another etc are done on various common softwares and files. These will tell you if your antivirus is a resource hog or not.
- Corporate Reviews: this section is mainly for corporates who use these security products and this type of test is focused not on detection rates but on handling and user friendliness and its scope of functionality. These tests reviews are not for average home users and therefore not counted when accounting for the Best Antivirus Product of the Year.
- Dynamic tests: the main objective is to test the high claims of antivirus products (more so by their Internet Security products) about their special features on a real world basis. Features such a sandboxie, in the cloud , behavioral blocking among others are tested to check for their effectiveness for an average home user.
- Removal tests: the objective here is to check how effective an antivirus product is in removing the malware from an already infected system. No consideration is done for detection rates here.
- Potentially Unwanted Applications: these are the ones that are not exactly malwares and therefore not too harmful but can be misused if intended so. The best example would be cracks, and key generators.
And finally here are the results for the Best Antivirus Product of 2009,
- Gold Certification - Symantec (Best Product of 2009)
- Silver Certification - Kaspersky
- Bronze Certification - Eset
The following products are tested in the current main comparatives:
| avast! Free 5.0 |
AVG Anti-Virus 9.0
AVIRA AntiVir Premium 9
BitDefender Antivirus 2010
eScan Anti-Virus 10
ESET NOD32 Anti-Virus 4.0
F-Secure Anti-Virus 2010
G DATA AntiVirus 2010
|Kaspersky Anti-Virus 2010|
Kingsoft Antivirus 2009+
McAfee VirusScan Plus 2010
Microsoft Security Essentials 1.0
Norman Antivirus & Anti-Spyware 7.30
Sophos Anti-Virus 9.0
Symantec Norton Anti-Virus 2010
TrustPort Antivirus 2010
Check out more at www.av-comparatives.org
You can download the results in pdf format from the website. Just select the category of test you want the data on.
If you like the article, kindly share this article with as many people as you can.
Feel free to distribute this article or link to it as long as you have mentioned the source clearly.
Give a visit to this blog as often as you can. Let me know what you want me to write, I will post it as soon as it is possible for me.
Thank you for reading.