Every so often we get requests from readers asking us about comparisons between the different anti-virus products. These requests range from recommendations on how to compare oneself over to ready made comparison reports.
Typically we tend to use virustotal output in a lot of the diaries we write as it gives a good overview where a given malware is detected and how the different vendors named it. E.g:
Obviously some vendors are absent from these results.
Virustotal keeps some limited statistics online, but they're not useful in comparing products.
Build your own
Now if you collect enough of these you might build your own statistics on which product detects things you encounter better than the competition. It's not easy to collect enough of them to get a statistically significant sample, so running 2 or more of your favorite scanners in-house might be easier to get more significant results -but more limited in scope-.
Getting enough malware to scan could be done using proxy logs, stripped email attachments etc. Do take care with local privacy rules/laws before doing this!
3rd Party Reports
There are some reports available about 3rd party testing of anti-virus products.
What's important to evaluate anti-virus products on? A test with a well known fake virus to see if it is detected (eicar), just will not expose the strengths and weaknesses of the different products and allow us to make a choice. Depending on the specific situation, we can be interested in:
With thanks to epablo, Vincent, Bryan, William, and many others for contributing to this diary
Mar 6th 2007
|Thread locked Subscribe||
Mar 6th 2007
1 decade ago