As an IT Manager I always look for potential problems, security being first priority. First front in the security battle between good and evil, is antivirus. I often hear my buddies doubting: “Was my decision for using vendor X the right one?” Is huge discount I was provided worth the risk of being infected with a virus? Even worse, one or two day of downtime? What is The Best Corporate Antivirus?
We were using Symantec in the past and when I really trembled was with version 10. I don’t know if any of our readers still remember that time, but it was time of Windows Vista and new type of viruses kept on spreading, SAV was technologically behind. Symantec introduced new version called SEP but first version was riddled with bugs. I tried really hard to persist with Symantec but after test 2 pilots and issues we had, still on version 10, we knew the time has come.
One user called in, I think I am infected. Another called in the next day…Again, she was infected.
Then my friend, who works at one of the largest clothing chains in my country, called me and almost cried, we have a virus and we can’t get rid of it. They hired a company that specialises in security, hoping that they would be able to contain viral spreading, but it was too late. They needed two days to completely clean virus from their systems. Damage was done. And for two days, they were down. Trading manually.
That was a good reason for me to find a better product. I like our current solution, but I still check how it fares compared to others from time to time.
How do you find a good anti virus product? Not by reading IT magazines, unless they provide some real information how they tested protection. You see, I don’t understand how some popular IT Magazines dare to do a review of Antivirus software without any real antivirus test. So far I have seen one flawed “review” ending with “best of” in almost every magazine, “review of 5 Security Suits”. They choose one as the best and that’s it. They provided no explanation how they tested protection, who tested protection, where they got virus samples or how many virus samples they included in the test. So how can you trust them? Or how do you trust products that are announcing that they are best of…in marketing material?
The day has come for me to review state of our Antivirus protection, I do that from time to time, just to be sure that it didn’t fall a victim to some strange management decision to cut on cost. Some companies do that, or some companies take strange decisions and their super best product becomes a resource hog. I thought I would share my findings.
I checked results of two independent organisations that specialise in testing anti virus products in order to get real world results.
Av-test.org just released Windows XP corporate test for September / October 2013
Windows XP, is less secure compared to newer Windows versions, protecting it with a good product is especially important.
They were evaluating Protection, Speed and usability
Kaspersky got 6/6 for protection, 5.5/6 for performance and 6/6 for usability, F-Secure got 6/6 for protection, 4.5/6 for performance and 5/6 for usability. I agree with 4.5 for performance, Full Scans with F-Secure take a bit longer/use a bit more CPU. But usability, I think they deserve 3, don’t get me wrong, client is fine, pure 6, but UI for Server…. same like 5 years ago, no improvements to usability or design. Trend Micro was rated a bit lower for protection with 5.5/6 for protection, still ok, and was rated 5.5 for both, performance and usability. Bitdefender and McAfee both scored 5.5 for protection, Bitdefender is no speed daemon, like F-Secure with 4.5, still ok. But McAfee is still a hog, the slowest on the test. They are both ok Usability wise. Symantec scored 5/6 for protection, 5.5 for performance which is impressive history wise and scores 6 for usability. Sophos, Fortinet and Microsoft they all scored 3.5 for protection, meaning that protection was questionable. Sophos along with Microsoft were slow with 3.5 for performance but Fortinet on the other hand scored perfect 6. They all scored 6 on Usability.
I got curious so I checked Endurance test on Consistent Security, test was done between March and August 2013.
The only product that scored 100% on detection rate for Real-world scanning was F-Secure, it also detected 100% of reference set. Both Kaspersky and Symantec share the same score 99% for Real-World detection, but Symantec failed to detect 1% of referenced set. McAfee scored 96% for Real-World Detection and 100% on referenced set. Fortinet scored 94% on Real-World testing but 100% on referenced set. Sophos scored 93% for Real-World test and 100% on referenced set. It just hurts looking at numbers below 98% detection, especially when looking closer to 90%, Trend Micro scored 91% in Real-World and 100% on referenced set. Looking below 90% detection there is Webroot with 86% and Microsoft with 76% on Real-World protection with 99% and 93% detection on referenced set. I really don’t want to be in the company where they use Microsoft Anti Virus, they were pretty good once, but Microsoft officially passed anti virus protection to their partners. MS now looking after basic protection.
That were two tests from the same organisation, what about another independent organisation? I checked AV-Comparatives, another great organisation for anti virus testing.
I was interested in long term protection as the most important thing about Antivirus protection is consistency. You don’t want you protection to be 100% one month but 80% next month do you?
I have coloured scores based on protection level. Green is for scores with 100% detection, you will notice that some scores are green even though they are well below 100%. AV-Comparatives has 3 colours in their test. They use Green for status blocked. Yellow colour is used for status User dependant, meaning that it detects malware, but user has to choose if they would like to block it or not. Red colour is for status compromised, meaning that AV solution failed to protect and computer got compromised. My decision to colour scores below 100% with green is because I feel it matters that program detected anomaly and based on my experience, user will always either choose to block infection or call in Helpdesk for advice. You could also set in the AV policy to block potential infection instead of releasing it or asking users for decision. I have used Orange for scores above 99.5%, meaning that products has good detection rate, even thought it misses some viruses. I have used red colour for scores below 98%, though I am thinking it would be more appropriate for scores below 99%.
Looking at the table there are 4 products that stand out. F-Secure is again on the top list of protection along with Kaspersky, Bitdefender and Trend Micro. You will notice that AV-Comparatives didn’t test Symantec which scored formidably well in AV-test.org test. I have added Vipre and ESET to the table just because they often get mentioned.
So which product is The Best Corporate Antivirus? Which product is worth having for protecting your company?
I never thought I will say that but the answer is not a simple one. I think that it all depends on:
1. Your budget (prices differ even for 300% between the products) but this never gets mentioned, so even though you would like to choose the best one, you may not afford it, so you have to look at the best that fits your budget.
2. Your history with using a brand. You know product X 100% and the settings you have set are protecting the environment, but you could miss a setting or two in the new product and would make it perform worse than the one you have
3. Quality Assurance. If AV company lacks QA, 2 things can happen: 1. Nothing for a while, 2. Disaster, very likely in one not so distant future
Now let’s take a look what is bad QA:
‘Catastrophic’ Avira antivirus update bricks Windows PCs
Horror AVG update ballsup bricks Windows 7
McAfee false positive bricks enterprise PCs worldwide
Dodgy BitDefender update bricks systems
Rogue CA update bricks Win XP systems
Dodgy Kaspersky update borks THOUSANDS of NHS computers
My recommendation goes to F-Secure and Kaspersky, I haven’t stumbled upon news mentioning that F-secure update broke systems and I hope for Kaspersky that they learned a lesson.
What do you think? Which product do you use? Is it protecting you or you had some problems?
I used to work for Sophos back in 2006. I was a very junior developer at the time, but I do recall them being a very competent, well organised & switched-on bunch of people. (Amongst the best I have ever worked with, as it happens). As a result, I am somewhat surprised, disappointed & saddened by the 93% detection rate score. Sigh.