Trojan horses. Rootkits. Botnets. Keyloggers. These terms might not mean much to the average computer user, but to the average computer they're the equivalent of the bird flu and Ebola
viruses. With money serving as the main motive, tech crooks have turned these one-time playthings of maladjusted geeks into a serious business.
To see which programs offer today's best protection, we tested eight stand-alone antivirus apps: Alwil's Avast 4 Antivirus Professional Edition, BitDefender's Antivirus 10, Eset's NOD32, Grisoft's AVG 7.5 Anti-Virus Professional Edition, Kaspersky's Anti-Virus 6, Panda's Antivirus 2007, Symantec's Norton AntiVirus 2007, and Trend Micro's AntiVirus plus AntiSpyware 2007. These apps allow users to pick and choose their other security software (such as firewalls), and they cost less than security suites. All include antispyware protection, and many have antirootkit components to defend against devious attempts to hide malware deep within a system. To protect against unknown viruses, all of the apps we tested come with some form of proactive protection to supplement more-traditional signature-based approaches, which must match incoming threats against a database of known threats in order to block them. For more information about proactive protections, read "When a Signature Isn't Enough."
After rigorous analysis, we awarded Kaspersky's well-designed Anti-Virus 6 the Best Buy. It ended up in a virtual dead heat with the entries from Symantec and BitDefender for best malware detection honors, and it also did the best job of cleaning malware infections. At $50, however, it's relatively expensive.
In partnership with security research company AV-Test.org, we tested the programs under Microsoft Windows Vista Ultimate; all eight have a Windows XP version as well. By far the most important tests that AV-Test conducted pitted each app against a "zoo"--a collection of nearly 900,000 viruses, Trojan horses, bots, and other forms of malware. After this, each app had to try to detect current threats using one- and two-month-old signature files to simulate how well it could block unknown malware. Our three best-rated apps were, not surprisingly, those that performed best in these critical tests.
We also rated each program on its design and ease of use, including whether the application installed with an appropriate default configuration. We then factored in performance, support policies, and whether the app had features such as Web-traffic scanning. Finally we rated cost. (Read more details on our testing.)
To choose our contenders, we selected from Vista-ready popular sellers and best-of-breed programs. Alwil and Grisoft offer feature-limited free versions of their programs--but to compare apples to apples, we selected their paid versions. Wondering why McAfee isn't on the list? The company no longer sells a stand-alone antivirus app (its VirusScan Plus programs include a firewall). Another no-show is F-Secure, whose popular app wasn't Vista-ready in time for inclusion in our testing.
Top Antivirus Performers
See our ranked chart of the antivirus programs we tested in this roundup, including individual reviews, full specs, and the latest pricing information.
When a Signature Isn't Enough
At the beginning of the year, as hurricane-force winds roared across Europe, a storm of an entirely different kind battered computers around the globe. On January 18, the so-called Storm worm began arriving in the form of attachments to e-mail messages with subject lines such as '230 dead as storm batters europe'.
More than 42,000 distinct variants of the new malware spread over a 12-day period, according to security company Commtouch. The attackers intended for the onslaught to evade traditional signature-based virus detection, which must know about a specific piece of malware before it can catch it.
The Storm worm serves as a prominent example of how virus writers try to stay one step ahead of antivirus protection programs by churning out new variants of successful malware strains. The crooks also try to stay under the radar (and out of the signature database) by launching targeted attacks that send a small batch of malware to a single company or organization. Such attacks typically involve more social engineering than the average attack; for example, they may employ faked 'From:' addresses of actual company employees to send virus-laden e-mail.
In response, security companies are using proactive protection that doesn't need a full virus signature to be effective. Such protection is "a necessity," says Natalie Lambert, a senior security analyst with Forrester Research. "It's all about the unknown and targeted threats," Lambert says.
One proactive approach uses a method called heuristics to examine a virus's programming for suspect commands or segments of code. Often this method can catch a new variant of some existing malware--one of the many Storm worms, for example--by recognizing commonalities with previously analyzed variants.
The heuristics approach looks inside a potential piece of malware, but behavioral analysis, another proactive-protection technique, looks at it from the outside to see how it runs. If a file behaves suspiciously, such as by executing from a temp directory, antivirus programs may flag it as potential malware.
Some newer, advanced types of behavioral methods create what's called a sandbox, in which part or all of a suspect program can be analyzed in a protected virtual environment. The top two performers in our proactive tests, which subject PCs protected by month-old signatures to new malware to simulate future unknown threats, rely on the sandbox approach. Eset's NOD32 program intercepted 79 percent of malware, and BitDefender Antivirus 10 stopped 61 percent. On the other hand, Grisoft AVG finished last, at 34 percent, despite using a sandbox.
These numbers demonstrate that though proactive protections are important supplements, they are not yet ready to replace traditional signatures altogether. To see how effectively our tested programs handled proactive scanning, consult the "Proactive detection" line in our roundup's ranked chart.
Erik Larkin
See our ranked chart of the antivirus programs we tested in this roundup, including individual reviews, full specs, and the latest pricing information.
How We Test Antivirus Software
The PCW Rating for stand-alone antivirus software is based on separately calculated scores in each of our usual four categories: Performance, Specifications, Design, and Price.
The Performance score, heavily weighted in the PCW Rating, measures not only system speed tests but also the critically important malware detection and disinfection tests. The detection tests are heavily weighted within the performance score.
To perform detection and disinfection tests, we partner with AV-Test.org, a security research company in Germany. AV-Test.org puts programs through a rigorous analysis; its overall malware detection test pits each app against an almost 900,000-sample "zoo" of viruses, Trojan horses, back doors, and other malware types. Some of these samples are commonly used in Internet attacks; others are far less well known and may have been used in small, targeted attacks. For these on-demand zoo detection tests, the antivirus programs are set at their best detection settings.
To perform proactive tests that simulate how well the programs can detect unknown malware, AV-Test.org scans a set of new malware with each app using one- and two-month-old signature files. The detection tests also examine how well each program handles different document types, such as whether it can find malware hidden within various types of archived files.
The disinfection tests measure how well an antivirus app can detect and then clean an existing infection that has installed itself on a PC. AV-Test.org checks whether the antivirus software has removed malware files, changes to the Hosts file, and Registry changes. We consider cleanup of Registry entries the least important of the three areas, and weight it less heavily.
To round out the Performance score, we test the antivirus software's impact on a PC's speed. For that we use portions of PC World's WorldBench 6 Beta 2 benchmarking application. These tests measure how long a computer takes to run a set of automated tasks with a variety of programs, including Firefox, Microsoft Office, WinZip, and other apps. We run WorldBench 6 Beta 2 on a test PC multiple times with the antivirus software installed and then without. By comparing the results with and without the software installed, we can calculate how much system drag or slowdown each antivirus program adds.
The Specifications score gauges each program's basic feature set. While it's important, it's not nearly as heavily weighted as the Performance score. We look for things such as whether the program scans e-mail and Web traffic to catch attacks before they hit the hard drive and whether the program can manually delete a file via a right-click menu option in Windows Explorer. Also in this section, we research the type of support (phone and e-mail) a program offers and any costs associated with it.
Our Design score evaluates each program's interface and ease of use. If a program makes it easy to find and understand program settings, looks good, and installs with default options appropriate for the average user, it scores well here.
Finally, we rate Price. For the sake of consistency, we chose the download price rather than the price of a retail box where there was a difference. We considered the purchase price of a license for one computer for one year (except for products whose lowest price covers multiple computers), as well as the second-year renewal cost. Most companies offer different rates for multiple computers and/or multiple years, so check your options for the best deal for your situation.
You may wonder why our final scores for antivirus and other product ratings often bunch up (our three top-ranked products in "Virus Fighters" earned final scores of 85, 84, and 84, for example). In part, this result can be due to several products having similar (or in the case of the story just mentioned, nearly identical) performance in one heavily weighted area such as malware detection. Also, antivirus programs can have very similar feature sets.
For these reasons, it's important to look at each product's Test Report for its unique performance and feature characteristics. Two products with similar PCW Ratings may have significantly different results in certain individual performance tests and feature areas.
Tags: Spyware Doctor, Spyware Removers, downloads, software, trial, free, free Spyware Doctor download, computer doctor, secure pc, spyware protection
