Saturday, January 12, 2008

Free Anti-virus comparisons, OS Comparisons and more

Home users have quite a few options for free anti-viruses. Which is the best anti-virus among them? To answer this question, we first have to ask: What makes a good antivirus?

A good anti-virus must have :

  1. A very good detection rate for viruses and trojans.

  2. Additional antispyware/ anti-rootkit capability

  3. Lesser number of false-positives

  4. Use less system resources so that there is no performance downgrading of the computer

  5. Scan the computer fast

  6. Have additional features like network and download protection, with rapid scans of any downloaded files

What are the anti-viruses that will be compared?

There are quite a few excellent and not-so excellent products free anti-viruses for non-commercial home use, so much so that it is a wonder why anyone buys paid anti-viruses at all for the same purpose. Do not get me wrong: Paid anti-virus is essential for business purposes, if for nothing but the fact that there are no standard free options in that space. However, we are focussing on the home users for now.

The main free anti-viruses are AVG Free 8.x, Avast! Home Edition, and Avira Antivir Personal.

Besides this, there are some other anti-viruses like Comodo and PCTools, but independent tests show that they have too low a detection rate to be really seriously considered.

How can the anti-viruses be compared?

The only way to see whether a particular anti-virus has a good detection rate is to read about the detection rates found by multiple independent sources having a large sample size. The source must be expert and independent. It is never trustworthy to read about home-made tests (reported by some magazines) because even though the source may be honest, the sample size is not large enough. The sources I have used for this analysis are AV Test, AV Comparatives and Virus.gr.The results were again compared and confirmed with the statistics by shadowserver.org. However, the statistics of the latter was not used because there is no column for AVG 8, and it tests on the linux platform. However, a comparison of the results would show that the results are roughly equivalent across all the tests. I cannot publish the raw data from these sites beacuse it will be an infringement of the copyright, but you can double-check on my stats by going directly to the source. Thus, the majority of this article is not a new analysis, but a review of various tests carried out by trustworthy sources. You may ask, how does this make it useful? Well, for the simple reason that a good review of all the independent tests is not readily found in the internet. However, I have analyzed the sources, and added information about the additional features, therefore the conclusion drawn may be different from the original sources.

 

Detection rate:

Total samples: Perhaps the most striking thing was how close all the antiviruses were as far as their detection rates were concerned. The maximum difference between the best and the worst free anti-virus in a single test was 4.9%. Another striking feature was how close the detection rates were compared to the commercial versions. Avira had the best detection rate among all anti-viruses (commercial and free) in 2 tests, and its worst rank when compared with all antiviruses tested was 7. Avast also had a good performance, while that of AVG, even though the detection rates were good, was an average performer. Only the latest tests were considered from all the sources.

Avira

Avast!

AVG

Average detection rate for the different tests

98.20%

96.80%

95.00%

Go to the main sources: AV-test, AV Comparatives, Virus.gr,

Go to secondary source: Shadowserver

New Samples: Tests for new virus samples however, the results are more mixed. Studies from AV Comparatives suggests that Avira is undoubtedly the best in this category, but also that AVG is better than Avast! In this regard. All three are good performers, however, with Avira being consistently excellent. These tests, to some extent reflect the proactive protection delivered by the antivirus. However, this result should carry less weightage than the detection of all virus samples with fully updated signature because it reflects a more real-world situation.

Go to source: AV Comparatives,

Anti-spyware and anti-rootkit protection: The Avira personal edition Classic does not come with anti-soyware capabilities, a definite minus when compared with the other two products. The antispyware built in Avast! gave better results than AVG. However, AVG does not come with a built in Anti-rootkit, and have also discontinued their free dedicated anti-rootkit product. Avast! Is the only product with both these in its free edition.

Go to source: AV test 1(Anti-spyware, and anti-rootkit), AV test 2 (anti-spyware, this was also used for measuring detection rate),

False Positives: In the test conducted by Av-test.org , the number of false positives were comparable for all the three products. However, in the analysis by AV comparatives(pdf), even though the numbers were comparable, Avast! Gave a higher number of false positives (around twice that of the other two).

Usage of System Resources: Avira was lightest on resources, according to a study carried out by passmark, followed closely by Avast!. These findings were also confirmed in a study by AV Comparatives. AVG was the heaviest on resources.

Go to source (pdf): Passmark, AV Comparatives performance test

Additional features: Avast! Has plenty of additional features just not found in the other anti-viruses. It actively detects web downloads, networks, IM and P2P applications, giving an additional layer of security found in the paid versions of the other anti-viruses. In fact, Avast! is equivalent to the paid commercial versions of many antiviruses. These are not just feature bloat but are extremely useful in these conditions:

  1. An undetected virus aims to disable the anti-virus on many occasions. In such cases, a self protecting mechanism, like that in Avast! May be necessary

  2. The network shield may prevent malicious web sites from loading. Such a mechanism protects against new, possibly non-detectable viruses.

  3. Active web, IM and P2P protection detects the viruses at the earliest stage possible, and lessens the risk of the virus spreading to other machines. It is to be noted in this regard that the users machine will be protected with all three antiviruses anyway, because the resident protection will set in whenever the malicious program is run.

Picture: Avast! Stopping a malicious site from loading

CONCLUSION:

AVG Free

Avast! Home

Avira Personal

Detection Rate

Good

Good

Very Good

Zero Day detection rate

Good

Good

Very Good

Anti-spyware

Moderate

Moderate to good

Not available

Anti-rootkit

Not available

Present

Present

False Positives

Less

Moderate-Less

Less

Usage of system resources

Moderate-High

Low

Low

Additional features (e.g web browsing and download protection, network protection, dedicated e-mail protectionetc)

None

Present

None

Final Score

A good choice, but Avast! has better features, Avira has the better engine.

The best single choice overall

The best scanner, both fast and accurate, but loses out due to lack of additional protective features. Excellent choice if combined with a good third party anti-spyware

Avast! Home Edition is possibly the best single choice for a free Windows anti-virus. Even though Avira has a slightly better engine, both of them are comparable for anti-malware. However, Avast! has an excellent in built anti-spyware and additional features which makes it preferable to the other free anti-viruses. Avira may be preferable for those who think about very good protection against “zero day” viruses and are willing to install an additional real time anti-spyware scan.

Edit: the previous post has been edited to be more relevant

1 comments:

Anonymous said...
This comment has been removed by a blog administrator.