main

Security giants fail Virus Bulletin test

Daniel Fleshbourne   on 02 October 2008 - 16:56 · 18 comments & 7131 views

Advertisement (Why?)
Some of the biggest names in the security industry have failed the latest Virus Bulletin 100 test. The test used 100 pieces of malware collected from active samples and put them up against a number of major security suites for Windows Server 2008.

Only 16 of the 24 products pitted against the test passed, while eight fell short owing to missed malware samples or false positive returns. Most of the major vendors, including McAfee, Symantec, Microsoft and Sophos, were able to pass the test. However, several others, including F-Secure, Kaspersky and Computer Associates, fell short of the certification.

View: The full story @ vnunet

Share this Article

About the Author

Full name: Daniel Fleshbourne
User name: Daniel
Contact: via forum PM
Submissions: View All
More: View Bio   New!

Related news

Post a comment · Send to friend Comments · There are 18 additional comments
(2 replies) #1 ViperAFK on 02 Oct 2008 - 17:28
Wait kaspersky and avira fall short? In the last couple comparatives I saw avira was beating everyone?
#1.1 vetmarkjensen on 02 Oct 2008 - 17:33
And Microsoft One Care was at the bottom of VB100 last time, I believe. This time, they nailed the 100%. They have been bouncing between VB100 certified, and near bottom performance over the past two years, if memory serves.

I think that the nature of virus scanning makes this a dynamic list. It is probably important to select an AV supplier that is consistently good. Plus, I would take two false positives over two missed viruses any day.
#1.2 vetmarkjensen on 02 Oct 2008 - 18:18
Update/correction to above. I just assumed it was Microsoft One Care in this test. It was not. It was Microsoft Forefront, as this was a test on Windows Server 2008.
http://www.microsoft.com/forefront

OneCare scored a 100 in April 2008, on Vista SP1
#2 +John. on 02 Oct 2008 - 17:33
This is surprising, especially as Kaspersky's up there.
(2 replies) #3 EcPercy on 02 Oct 2008 - 17:49
I don't feel like registering on the VB100 site just to look at the results. How did AVG do?
#3.1 vetmarkjensen on 02 Oct 2008 - 18:13
Passed.

Really, it is very easy to register there, and I get zero spam (or email updates) from them.
#3.2 excalpius on 02 Oct 2008 - 23:17
Agreed. What a stupid thing to require registration for. FAIL.
(2 replies) #4 E.Fahd on 02 Oct 2008 - 18:50
I really don't know if I have to keep Avira or switch to OneCare. In one hand Avira is doing well and i'm satisfied with the antivirus (I have Antivir Premium Edition), but in the other hand OneCare seems to be a lightweight piece of software and overall it's doing well in AV tests. Actually the question is : Will OneCare provide me with the same protection as Avira and use less ressources ? If it's the case I'll switch to OneCare, otherwise i'll stick with Avira Antivir. Any help ?
#4.1 d3nuo on 02 Oct 2008 - 19:04
i haven't used onecare since the original version so im not sure how it is resource-wise anymore, but it used to be a hog.
i use avira now and between 3 processes it is using a total of just over 10MB.. i'd say it's as good as it gets tbh, because i used NOD32 before avira and it was lightweight in my opinion but typically used 3-4x the memory. i'd stick with avira IMO.
#4.2 +GreyWolfSC on 02 Oct 2008 - 19:41
(E.Fahd said @ #4)
I really don't know if I have to keep Avira or switch to OneCare. In one hand Avira is doing well and i'm satisfied with the antivirus (I have Antivir Premium Edition), but in the other hand OneCare seems to be a lightweight piece of software and overall it's doing well in AV tests. Actually the question is : Will OneCare provide me with the same protection as Avira and use less ressources ? If it's the case I'll switch to OneCare, otherwise i'll stick with Avira Antivir. Any help ?


I use OneCare and it seems fine... I don't notice any difference in resource usage between it and Avira.
(1 reply) #5 lars77 on 02 Oct 2008 - 19:22
How did Nod32 do?

(like EcPercy I'm not registered on there either)
#5.1 vetmarkjensen on 02 Oct 2008 - 19:43
ESET? VB100 pass
(2 replies) #6 DooGie on 02 Oct 2008 - 20:45
NOD32 Passed

However I've been a NOD32 user for the past 2 years and while I think its detection rate is pretty good its ability to clean is a whole different story
#6.1 +Raa on 02 Oct 2008 - 23:41
NOD passed? Great to hear! It's never done me wrong

Its ability to clean? I thought it was excellent tbh. In fact, it did "too good" of a job once, it cleaned a virus which had changed the registry for explorer, which stopped it from loading. Easy fixed though.
#6.2 theyarecomingforyou on 03 Oct 2008 - 02:58
NOD32 has gone downhill a lot recently. I haven't been able to move to version 3.0 because it keeps dropping my internet connection and it has given me several false positives, including Abe's Odyssey and Colonization (both bought off Steam so cannot possibly be viruses; warning were put on the Steam forums). I used to be a huge supporter but it simply isn't as good any more.

I'll have to have a look around when my subscription runs out next year (bought a 2yr sub last time).
#7 goretsky on 03 Oct 2008 - 01:20
Hello,

This VB100 comparative review was for Microsoft Windows 2008, so if anti-malware companies offered both consumer and business products, the business products were used. Keep in mind that in tests like these, what is being tested is a particular version of a malware signature database. It is likely that if the test were run with a program's previous or next database that the results would differ.


Part of the criteria for receiving a VB100 award is that the anti-malware program cannot report a false positive alarm of malware when scanning a clean set of files. Avira AntiVir and Kaspersky Anti-Virus both had a single false positive report against different files in the clean set . Otherwise, the programs performed excellently on other parts of the review.

While looking at false positive alarm rates are important when evaluating anti-malware software, especially in an enterprise environment where such events lead to a swamped helps desk and users being locked out of their computers, but they are not the only criteria by which anti-malware software is judged. Things like detection rate, performance with frequently-used applications, manageability and availability/quality of support are important, too.

Anti-malware programs are not perfect, and they are going to generate a false negative (miss detection of malware when it is present) and false positive (detect malware when it is not present) reports from time to time. Making a decision based off of a single test result is not good research.

Where individual reviews such as Virus Bulletin's are very useful, they become even more so when looked at over time. If the test methodology is good, you can get a good idea of product quality by graphing the measurements from the tests used in the reviews over time . You might even find out some interesting things about a product that are not apparent from looking at just a single review.

Regards,

Aryeh Goretsky
#8 oblique on 03 Oct 2008 - 02:39
NOD32 passed with flying colors.. as always. best anti-virus hands down.
#9 temp2 on 04 Oct 2008 - 00:54
Avira did not pass the VB100 because of a single false positive. I'll take a false positive with 70% detection rate for new malware over ESET/NOD32s abysmal 30% detection rate for new malware and no false positives any day. Let's not mention ESETs anaemic attempts to remove malware.

VB100 is one of the poorer measures of anti-virus software as it tries to give software that inherently has graduated results a single rating, pass or fail.

Commenting has either been disabled on this article or you are not logged in. Click here to login or register, its free!

Note: Anonymous commenting is disabled in order to keep the quality of responses to a high standard.

Advertisement (Why?)
News powered by Neowin Management System (Build - 5.0.879) © 2000 - 2008 Neowin.net