The New Virus Fighters

Our Antivirus Picks

BitDefender's main interface is basic. Its performance is top-notch.
BitDefender's main interface is basic. Its performance is top-notch.
After the dust finally settled, BitDefender 9 Standard emerged as our Best Buy. It ranked in the top four on every performance measure, and it costs only $30. The $40 McAfee VirusScan 2006--with its relatively good heuristics performance and intuitive interface--came in second.

Trend Micro's PC-cillin packs a lot of information into a well-designed screen.
Trend Micro's PC-cillin packs a lot of information into a well-designed screen.
Trend Micro's PC-cillin Internet Security Suite 2006, a descendant of our Best Buy in June 2004, finished ninth among the ten products. It performed poorly in the zoo and heuristics tests and is relatively expensive because it's available only as a full security suite. On the bright side, it had snappy outbreak-response times and offers a stellar user interface.

The three free programs came up short, too: AntiVir placed seventh, Avast ranked eighth, and AVG brought up the rear in tenth. Of course, for people who have no budget for antivirus software, any one of these products provides far more protection than simply forgoing an antivirus utility.

Fighting Malware We Know

At their default configurations and with up-to-date virus definitions in place, all of the products that AV-Test evaluated were 100 percent successful at detecting WildList viruses in real time and on demand, defined as when a user conducts a manual or scheduled scan of the computer.

The programs successfully detected and removed macro viruses, with a few exceptions. Avast failed to clean ten viruses, including two viruses that targeted files from PowerPoint versions 97 to 2003 and four viruses that targeted files from Word 6. Panda did not fully clean the two PowerPoint viruses, though the files were still operable. AntiVir failed to clean ten Word 6 viruses among others, and BitDefender missed two viruses that targeted files from Word versions 97 to 2003. These viruses aren't new, so today's products should be able to handle them.

The ability to catch WildList viruses is essential, since they're widely known; detecting the miscreants in AV-Test's zoo, however, is a somewhat different matter.

Kaspersky Anti-Virus Personal 5.0 was the only program we looked at that successfully detected all three types of zoo threats 100 percent of the time. F-Secure and Symantec were successful 97 percent of the time--still an excellent score.

At the other end of the spectrum, PC-cillin produced one of the worst results, detecting only 76 percent of zoo threats--this score includes 85 percent of bots, 82 percent of backdoor software, and 69 percent of Trojan horses. Trend Micro says that it chooses not to expend resources developing signature files for the malware contained in AV-Test's zoo because those threats have never affected its customers. We can't say for sure whether every threat in the zoo is relevant, but we would rather choose a product that detects 100 percent of that menagerie's beasts.

Fighting Malware We Don't Know

None of the products performed exceptionally well in our heuristic tests, proving that there is room for improvement in identifying new threats. In our tests of apps with one-month-old signatures, BitDefender performed the best, detecting 43 percent of worms and 57 percent of backdoor programs. McAfee came in a close second, catching 41 percent of worms and 55 percent of backdoor software. F-Secure and Kaspersky finished close behind, catching more than 32 percent of worms and and 53 percent of backdoor malware each. (AV-Test says that a 50 percent detection rate is very good.) In our tests of apps with two-month-old signatures, all programs did more poorly.

PC-cillin again performed the worst. Its scanner with one-month-old definitions caught just 5 percent of worms and 7 percent of backdoor software. Trend Micro feels that the problems caused by heuristics--in particular, with its potential for false positives--outweigh the benefits. As a result, the company chooses to place less emphasis on developing heuristics.

Subscribe to the Security Watch Newsletter

Comments