IRON PC SOLUTIONS

Are you one of those people that still have Norton popping up on your computer every time you turn it on asking you to activate your 60 day trial?  Maybe you actually did activate your trial and then purchased the license because everyone knows you don't want to be on the internet without some form of protection against viruses.  You could just be the person who is trying to take an active stance on protecting your computer and data by searching out the best anti-virus solution, but you really are just not sure which one to get.  You may be one of those that thinks, you get what you pay for, so any that are free would not be good enough and the more you spend the more you are protected.  Well I hope to clarify some things about a few of the different available anti-virus solutions that are out there and hopefully provide information that you can base your decision on when it comes time to protect your computer.

The following anti-virus products were tested:

• Avast (Free Version - 5.0.545)
• AVG (Free Version 9.0.819)
• Avira (Free Version 10.0.0.567)
• BitDefender (Anti-virus 2010 Trial Version 13.0.21.347
• Comodo (Free Version 4.0.141842.828)
• Kapersky (anti-virus 2010 Version 9.0.0.736)
• McAfee (Enterprise Paid Version 8.7i)
• Microsoft Security Essentials (Version 1.0.1961.0)
• Norton (Internet Security Trial Version 17.6.0.32)
• Trend Micro (Internet Security Trial Version 17.50.1647)

Each product was installed on a virtual machine with Windows XP Professional SP3 and all available updates at the time of the first product test.  Then the latest versions of the following software was also installed:

• Adobe Reader
• Java
• Adobe Flash

All tests were web based from 50 different links in five categories all gathered from www.malwaredomainlist.com.  The catagories were as follows:

• Trojan
• Java
• PDF
• Fake Antivirus
• Flash

I will show how each product blocked the virus (if at all) through one of the following ways:

• Blocked Website
• Blocked Download
• Blocked Execution

If the anti-virus product blocked either the website completely or before the download dialog box popped up I put it in the "Blocked Website" column.  If the anti-virus product recognized and cleaned/deleted the file at anytime during or immediately after the download process I put it in the "Blocked Download" column.  If I tried to run a file that was fully downloaded and it was cleaned/deleted or recognized as a virus at anytime during the execution of the file I put it in the "Blocked Execution" column.

These first three slides that I am about to show need to be looked at in relation to each other.  One may be weak in detecting a malicious website, but may easily detect a virus when trying to download it.  It may also be just the opposite.

I am a big fan of blocking the offending website before it ever has a chance of downloading a virus simply because a lot of people will just click "Yes" or "OK" when something pops up.  So if you can head it off at the pass it could potentially save a lot of headache for those less computer savvy.

Blocking the download helps if you do, for whatever reason, happen to agree to download something that you have no idea what it is.  The odd thing here is, Windows seems to automatically take care of it for you in almost half the cases.

If you were able to download and run a malicious file, most anti-virus products tested in this scenario did not do to great of a job, but at least a few did something.

The next set of graphs show the individual categories that were tested and how well each product did in relation to the other.  There were ten links in each category.

The above graphs should be pretty much self explanatory

These next two graphs show the overall results from the testing.  The first one shows the total number of exploits/viruses blocked by each of the anti-virus products and for comparison includes a virtual machine with no anti-virus product installed at all.

The second graph is different than the first in that it includes not only those that the anti-virus blocked but also those that Windows blocked if the anti-virus product previously missed it.  This is more of a real world result.

I have included a link to the spreadsheet for those that would like to view my notes.  I tried to track not only if the anti-virus product attempted to block an attack, but also if Windows did as well.  Most products would block an attack  but then so would Windows, except for Avast.  Avast seemed to take care of it with no others warnings, which seems to provide a more secure feeling.

I was surprised that with no anti-virus solution Windows blocked over half of the attacks.  It is recommended that you never operate your computer without some form of anti-virus protection. 

I also would like to note that this is not an exhaustive list of anti-virus products that were tested.  I do hope however that it does give some insight into how these stck up with regards to each other.

Here is my spreadsheet with comments.