Jon’s Network

new tagline pending

Jon’s Network - Church on Pilatus
AT&T Removing Itemized Detail How to Find Great Color Schemes

AV Scanning Comparisons Have Little Benefit

August 30th, 2007 · 2 Comments

The AV Fight Club at LinuxWorld was an interesting AV comparison sponsored by Untangle. ClamAV, Symantec and Kaspersky came out on top at 100%…Sophos caught 94%. There were only 25 viruses in the sample set. The interesting thing is that I have seen other tests with much larger sample sets that show ClamAV near the bottom and others near the top. What gives? Do signatures have a catch rate probability? Or maybe the vendors can’t include signatures for all known viruses so they include the ones their customers will most likely encounter. In any case, I don’t think these tests are a good basis to choose an AV solution. The end user would have to know how likely it is to encounter the viruses in the test to judge how well it would work for them. Since that is difficult to know, most users then look to other factors, such as how much memory the product uses, features, price, etc. I don’t think this type of test changes opinions either. The losers deny the results or ignore them while the winners use them as a marketing tool. Given the human propensity to ignore evidence that doesn’t agree with personal belief, I think these tests are pretty pointless beyond serving as rudimentary marketing devices to encourage those that already agree with you to take out their wallets.

Here’s how I would choose an AV company. I would ask a ton of customers of each short-listed vendor the following:

  • When is the last time you had a virus, spyware, etc. on your network?
  • Where was it caught and how easy was it to fix?
  • How much time do you spend per week messing with AV software?
  • How much do you pay for the license?
  • Do you feel like you are getting a good deal?
  • How is the support and how often do you use it?

I don’t know what viruses I’ll most likely encounter other than what I have experienced in the past, so I would combine that with input from the many other similar companies and choose the vendor that has produced the desired results historically and ignore any RFP-type bake-offs or comparison matrices with information supplied by the vendors. I would probably ignore AV Fight Clubs too.

Tags: Anti-Virus · Malware · Open Source

2 responses so far ↓

  • 1 Osama Salah // Aug 31, 2007 at 9:10 am

    I wouldn’t worry too much about the catch rate of professional AV software, I believe that the reputable players are all more or less in the same league. Everyone of of them has at some point a good day and at another time a bad day. I would worry much more about usability, how easy is it too manage, do you have to spend too much time messing around with it, are the clients running reliably, ease of deployment and upgrade, footprint, CPU usage etc.

  • 2 Jon Robinson // Aug 31, 2007 at 10:31 am

    Osama, I totally agree. A buyer’s guide along those lines would probably be pretty useful.

Leave a Comment