Top of their page.
DISCLAIMER: These detection rates represent the TRUE POSITIVE detection rates of these various antivirus tools on the limited corpus of malware binaries captures by our honeynet. The results do not take into consideration the false positive rate of a given tool, and thus a tool that declares everything to be infected would appear to have the highest true positive percentage rate. All antivirus results provided via www.virustotal.com. From: Alex Eckelberry [mailto:[EMAIL PROTECTED] Sent: Monday, August 25, 2008 10:07 AM To: NT System Admin Issues Subject: RE: Corporate antivirus recommendation I'm a little baffled by this test. We're trying to figure out the methodology ourselves. Note that the top rankings include Ikaraus, BitDefender and WebWasher. They have good engines but these three have a very high rate of false positives. NOD32 has outstanding detection, but in this test they got a horribly low score. Sorry, that's a red-flag for me. I work with malware on a constant basis and I know NOD32 intimately. It's a very solid engine. So, this may mean that the test doesn't take into account engines that use emulation (like NOD32 and VIPRE). There are different methods of detecting viruses. The most basic is a string search. However, a string search has its limitations. A more powerful system is an emulator. An emulation-based engine sandboxes a binary and runs it in an emulator, observing its behavior. So, if the malware has been malformed (e.g. cannot be executed), then it can't be emulated, and it won't be detected. But an engine that uses a simple string search will find it. Also, these tests may use another AV engine as a "benchmark". For example, if it gets one detection on VirusTotal, then it's considered a virus. This is, of course, complete nonsene but I've seen this idiocy happen with one "reputable" AV test outfit -- if one or two engines detects a sample as a virus, then it must be a virus. This is ridiculously flawed, but it does happen. There are also other issues at play, such as behavior detection. A product may not pick up a virus on a scan, but will pick it up when it tries to execute. The best test, IMHO, is the Andreas Marx AV-Test.org test, and the VirusBulletin tests. These are the most rigorous, and vetted tests. Also, each file included in the zoo has a reason to be there -- it's not there just because another engine detected it. At any rate, we're adding literally thousands of more definitions daily, and we're not standing still, regardless of who is testing a given product. Alex Alex Eckelberry, CEO Sunbelt Software, Inc. 33 N. Garden Avenue, Clearwater, FL 33755 727.562.0101 x220 [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]> www.sunbeltsoftware.com <http://www.sunbeltsoftware.com/> www.sunbeltblog.com <http://www.sunbeltblog.com/> ________________________________ From: Ralph Smith [mailto:[EMAIL PROTECTED] Sent: Sunday, August 24, 2008 6:31 PM To: NT System Admin Issues Subject: RE: Corporate antivirus recommendation That's a pretty disturbing list. I don't see any details on their methodology - does anyone know how accurate this test is? I am real close to switching to VIPRE, but this gives me a little pause. I wonder if there is an opportunity to find out the details - what version product they are testing, definition levels at the time of testing, the applications settings used (e.g. did they have Active Protection enabled on VIPRE, if it was VIPRE). ________________________________ From: Michael D Faulkner [mailto:[EMAIL PROTECTED] Sent: Sunday, August 24, 2008 5:36 PM To: NT System Admin Issues Subject: RE: Corporate antivirus recommendation We use NOD32 on our servers. Was a bit disappointed with this recent ranking report. http://mtc.sri.com/live_data/av_rankings/ ________________________________ From: Jonathan Merrill [mailto:[EMAIL PROTECTED] Sent: Friday, August 22, 2008 1:37 PM To: NT System Admin Issues Subject: RE: Corporate antivirus recommendation I recommend ESET NOD, above all others. My team actually ran trials and performed research on Symantec, McAfee, Trend Micro, ESET, Kaspersky, and very recently Vipre. We have been running NOD in our 3-hospital environment for over 2 years with resounding success - this is not a paid advertisement ;) _________________________________ Jonathan Merrill MCP, CCA, NET+ Information Technology www.gomerrill.com <http://www.gomerrill.com/> _________________________________ ________________________________ Subject: Corporate antivirus recommendation Date: Fri, 22 Aug 2008 11:51:15 -0400 From: [EMAIL PROTECTED] To: ntsysadmin@lyris.sunbelt-software.com Hi folks, I know this is not an unusual request, but just thought I might get some updated opinions from people. I'm thinking of re-evaluating our allegiance to Trend Micro for desktop antivirus. Not that they've done anything wrong, just think it's time to take a look around and see if newer or better things are out there. My top three requirements would be: 1) Excellent threat detection record and frequent updates to threat definitions. 2) Good admin interface with easy and reliable remote installs. 3) Good deep scanning ability of clients with a real-time scan that doesn't hog resources. I've heard good things about Kaspersky. Anyone have thoughts about going in that direction? And yes, Stu, I know you will recommend Vipre... <g>. Just looking for some unbiased user opinions. Feel free to email me off-list if more comfortable. Thanks, Evan Confidentiality Notice: ****************** This communication, including any attachments, may contain confidential information and is intended only for the individual or entity to whom it is addressed. Any review, dissemination, or copying of this communication by anyone other than the intended recipient is strictly prohibited. If you are not the intended recipient, please contact the sender by reply email, delete and destroy all copies of the original message. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~