2013-09-24
Abstract
A higher than usual pass rate was offset by a large number of problems with the products this month, with many tests having to be re-run or nursed gently through as scanners and logging facilities proved unreliable at best. John Hawes has all the details.
Copyright © 2013 Virus Bulletin
For this test we return to Windows 7 – now the most popular desktop platform with its current main rival Windows XP rapidly approaching its long-awaited end and plucky newcomer Windows 8 still rather slow out of the starting blocks (although all that could change with the arrival of the first service pack for Windows 8).
This test report has been much delayed, thanks to a combination of factors which kept the test team away from the lab for extended periods, and also due to the usual flood of products we see in a popular desktop test. The test deadline was set for late June, and testing ran throughout July and August with the final speed and performance measures stretching into September – by which time we had welcomed a new test engineer to the team and were able to give him his first taste of the VB100 testing process.
The product list includes a few newcomers, a few familiar faces returning after periods of absence, and of course all the usual regulars, making for a fairly hefty total of over 50 on the submission day.
Windows 7 offers few surprises these days, although we do occasionally spot some unnecessary changes from familiar old ways – which annoyed us severely when we first visited the platform, but which have since become no more than minor irritants, rendered visible again thanks to the relevant feature being restored or mended in Windows 8. Setting up our new test hardware was a quick and straightforward process though, with the platform, service pack and basic tools applied and frozen for repeat use with minimal fuss.
The test sets were frozen on the test deadline, 26 June. However, certification stages did not commence until mid July and used the latest updates available at the time of testing, giving participants ample time to ensure full coverage of the WildList sets – which threw up few surprises. The other half of the certification set-up, the clean sets, were expanded with a range of items including a wide selection of educational software, designed for use either in schools or in home-teaching environments.
The other test sets were compiled in the standard way, with the RAP sets built around the late-June deadline and the Response sets put together on a daily basis, covering a week prior to the point at which each test was performed. After spotting some problems with our system for recording the first-seen dates of samples a few months ago (as noted in the June Windows Server review), we have done some work to improve this system, and to cast our net wider to ensure a more thorough coverage of samples from all regions and environments.
We have also made special efforts with the ‘Week +1’ or proactive part of the RAP sets, trying to ensure that all items included in it are as fresh as possible, with minimal chance that participating vendors will have seen them prior to the product submission deadline.
The purpose of this set is to provide a measure of the quality of heuristic and generic detection routines, so it is important that the samples are as far as possible unknown to product developers, and thus cannot be covered by file-specific detection techniques. Hopefully our efforts will make for more accurate and interesting figures for the RAP test – an area in which we are considering some more changes in the near future.
The test sets used for speed and performance measures were left unchanged, and minimal adjustments were required to our standard test scripts and automation systems, so testing got started with minimal fuss, albeit in a rather stop-start fashion.
Main version: 8.1(4303.670.1908)
Update versions: NA
Agnitum has been missing from our tests for a while, following the dissolution of engine provider VirusBuster and the subsequent takeover of the engine technology by Agnitum itself. Setting up a functioning virus lab to maintain that engine must have been quite a task, but Agnitum seems to have managed it in impressive time, making for a smooth transition to a fully operational product.
The install was crisp and simple, updates taking place as part of the process, with the interface similarly clean and efficient. Outpost is a full suite including the firewall technology with which its makers have rather more experience, and configuration for the anti-malware side is thus limited but still decent and clear.
Scanning speeds were OK – much better in the warm runs – and on access lag times were a little high, particularly over the set of binaries, but again sped up nicely in the warm runs. Memory use was just a fraction above average, CPU use a little higher, and our set of activities took a fair while to complete.
Detection was not bad, remaining fairly decent even through the Response sets with a slight dip on the last day, and declining fairly steeply through the RAP sets with a very sharp drop in the Proactive week. This implies that the emphasis is on adding detection for items as they emerge – but additional layers in the suite should help protect against unrecognized attacks.
The certification sets were handled without incident, and Agnitum regains its place on the list of VB100 certified providers. This is the vendor’s first appearance in the last six tests, but before that it was a very regular participant, with five passes and a single fail from six entries in the last two years.
This is also Agnitum’s first test since the introduction of our stability rating system, and it gets off to an excellent start with no problems noted at all, earning a ‘Solid’ rating.
ItW Std: 100.00%
ItW Std (o/a): 100.00%
ItW Extd: 100.00%
ItW Extd (o/a): 100.00%
False positives: 0
Stability: Solid
Main version: 8.0.1489/130626-0
Update versions: 130724-0, 130626-0, 130812-0
A product from Avast almost always appears on our testing roster, and almost always puts in a good performance. The company’s current free home-user solution has received plenty of attention in these pages in the past, so regular readers will be well aware of our affection for its clear and attractive styling, and our respect for its simple but comprehensive set of controls.
This free version encourages users to install Google’s Chrome browser as part of the set-up, and as the option is checked by default, we counted it as part of the overall install process, meaning that it took a little longer than it might otherwise do. Updates were pretty speedy though.
Scanning speeds were decent and overheads light, although these figures will be helped by not scanning much on-read by default. With the settings turned up things did slow down a little, particularly over archives, as one would expect. RAM and CPU use were a little above average for this month’s test but far from excessive, and impact on our set of activities was also a little on the high side.
Detection was strong in the Response sets, with just a slight downward trend into the most recent days, and in the RAP sets a similarly shallow decline was seen in the reactive sets, with a noticeable but not catastrophic drop in the proactive week.
The core sets were dealt with flawlessly, easily earning Avast a VB100 award for this month’s efforts. The company now stands on five passes and one fail in the last six tests; ten passes and two fails in the last two years. With no stability issues to report, a ‘Solid’ rating is also earned.
ItW Std: 100.00%
ItW Std (o/a): 100.00%
ItW Extd: 100.00%
ItW Extd (o/a): 100.00%
False positives: 0
Stability: Solid
Main version: 2013.0.3345
Update versions: 3199/6426, 2013.0.3349 - 3209/6529, 2013.0.3392 - 3209/6557, 2013.0.3392 - 3211/6578
AVG is another vendor that is rarely absent from our tests, and again usually impresses. However, the product has had a few issues since a redesign to fit in with the styling of Windows 8, notably with logging. The set-up process is fairly simple but took quite some time, and on one occasion it failed, with a message saying that a binary file could not be found; on re-running the same steps straight afterwards the process completed without problems. Updates were also unpredictable, with progress meters jumping back and forth and jobs occasionally failing to complete properly. On some occasions reboots were required to complete the updating process.
Speeds were decent, very zippy on demand with light overheads, low resource use and a low impact on our set of tasks. Detection testing proved something of a trial, with the on-access alert window very wobbly under the pressure of multiple detections, and the logging system even less able to cope with heavy stress.
Logs exported from the product’s GUI were repeatedly cut short or entirely empty, reporting only some of the items detected according to counters. Much extra labour was required as sets had to be broken down into smaller chunks in order to try to bypass these issues. Even a special tool provided by the developers to rip log data out of database storage failed to produce complete sets of records in some cases, and since this was not spotted until well after the test period, much data has to be reported as partial information only.
The RAP sets were a complete washout, with the logging problems compounded by further issues: when running over large sets of infected samples, the product seemed to push the test systems too hard, and we found the machines rebooting unexpectedly, with the main system drive having vanished from the BIOS. It returned after leaving the system shut down for a few minutes, suggesting some sort of overheating had taken place, and while at first we thought perhaps this was a problem with Windows 7 on our new hardware, we saw the same thing happen repeatedly with AVG, on multiple machines, but did not encounter the problem with any of the other 50+ products being tested.
We did at least manage to obtain complete data for the WildList sets though, showing good coverage throughout, and the clean sets were well managed too, earning a VB100 award for AVG this month.
The company’s test history shows five passes and one fail in the last six tests; ten passes and two fails in the last two years. Given the various problems both minor and major, the points in our stability rating system mounted up, pushing the final score right to the upper end of the ‘Buggy’ category.
ItW Std: 100.00%
ItW Std (o/a): 100.00%
ItW Extd: 100.00%
ItW Extd (o/a): 100.00%
False positives: 0
Stability: Buggy
Main version: 13.0.0.3736
Update versions: 7.11.86.196, 13.0.0.3884/7.11.92.118, 13.0.0.3885/7.11.95.120, 7.11.96.118
As is usual for a desktop test, we see a pair of products from Avira, with the company’s free home-user offering up first. The installation is enlivened by the offer to throw in the Ask toolbar and the promotion of some sort of system optimization tool, both of which some users may look askance at. The process is fairly zippy though, with fast updates too, completing in little more than a minute.
The GUI provides a decent range of controls and seems sensibly laid out and responsive. Scanning speeds were OK, not super fast and remaining much the same through the tests. Overheads were decent too, and showed some good improvements in the warm runs; resource use was a little above average but our set of tasks ran through in decent time.
Detection was uniformly strong in our Response tests, showing just slightly lower scores in the later sets than the earlier ones, and in the RAP set we also saw a fairly gentle decline through the reactive weeks, although the proactive ‘Week +1’ set did see quite a steep drop.
The core sets were dealt with satisfactorily, comfortably earning a VB100 award, and Avira’s free product sits on two passes from two entries in the last six tests; five passes from five entries in the last two years.
Stability was reasonable, but in one of the Response test runs a scan simply gave up part way through, with no indication to the user that it had not completed the job requested. As this only occurred once, and only when scanning large malware sets, the score is minimal, making for a ‘Stable’ rating.
ItW Std: 100.00%
ItW Std (o/a): 100.00%
ItW Extd: 100.00%
ItW Extd (o/a): 100.00%
False positives: 0
Stability: Stable
Main version: 13.0.0.3736
Update versions: 7.11.86.196, 13.0.0.3737/7.11.92.118, 7.11.95.120, 7.11.96.118
The Pro version of Avira’s desktop product is pretty similar, but without the offers of iffy-ware during the install, and with a few more options available in the configuration. Speeds, overheads and resource use were similar too, all being fairly decent, and impact on our set of tasks was almost identically low.
Detection was more or less identical too – again very even through the Response sets, although we later realized that one of the runs had actually given up just part way into the scan, meaning that a fair chunk of data was missing and we had to rely on data from the other runs only. RAP scores were also good in the reactive portions of the test, and less impressive in the proactive set.
The core sets were well handled though, and a VB100 award is easily earned. Avira’s more business-focused product line participates more regularly in our tests but did skip a couple of comparatives around the time of the Windows 8 release, leaving it now on four passes from four entries in the last six tests; ten passes from ten entries in the last two years.
Just a single issue was observed, with scans aborting unexpectedly, making for a ‘Stable’ rating.
ItW Std: 100.00%
ItW Std (o/a): 100.00%
ItW Extd: 100.00%
ItW Extd (o/a): 100.00%
False positives: 0
Stability: Stable
Main version: 3.4.1.33144
Update versions: 3.4.9.37545
Baidu is a new name on our test bench, but a company we’ve been working with for a while. We had hoped to feature two products from the Chinese company this month, but one was adjudged not quite ready in time for the test deadline. The one that did make it is an international edition, available in English for easier testing, and uses the Avira engine.
The install process is very plain and simple, requiring little more than a single click, and completes in lightning time. Updates are included in the process but it still all completed within less than a minute.
The interface is clear and uncluttered but provides a decent range of settings, and it seemed easy to use and reliable throughout testing. Speeds were decent on demand, closely mirroring those of other products using the same engine, and overheads started similarly reasonably but were very light indeed in the warm runs.
Resource use was below average, and our set of activities ran through in good time too. Detection was strong, as expected, with the proactive week of the RAP sets showing a fair drop but elsewhere all very impressive.
The core sets presented no difficulties, earning Baidu a VB100 award on its first attempt. Stability was mostly OK, but we did have a few instances of the on-access component failing to start after installation, at least until an unrequested reboot was performed, along with a noticeable slowdown of the test system after running the RAP tests, meaning it earns only a ‘Stable’ rating.
ItW Std: 100.00%
ItW Std (o/a): 100.00%
ItW Extd: 100.00%
ItW Extd (o/a): 100.00%
False positives: 0
Stability: Stable
Main version: 7.0.2/1640
Update versions: 1.2.2756, 7.0.2/1641/1.2.2801, 7.0.2/1642/1.2.2822, 7.0.2/1642/1.2.2832
The company formerly known as eEye and the product formerly known as Blink return with their new, rather longer titles, but things are much the same under the covers. Installation takes a little longer than most, with a number of steps to click through and a chunk of personal data requested too. Updates are also slow, with the overall set-up process taking more than ten minutes.
The interface is busy and a little confusing in parts, but provides a decent basic set of controls if you know where to find them. Perhaps uniquely, setting the on-access controls to ‘ignore’ really does just that – most products would insist on blocking access to things even when told not to perform a remediation.
Scanning speeds were on the slow side over archives, despite only limited coverage of archive types, but not bad at all elsewhere. Overheads were a little on the high side, with the set of binaries the most problematic. Resource usage was on the low side, but our set of activities did take rather a long time to complete.
Detection wasn’t bad though, with some pretty respectable scores in the Response sets, showing a slight downturn into the most recent few days, and the reactive part of the RAP sets also showing a gentle downward slope; the proactive set did drop pretty sharply though. The WildList was well covered, and with no problems in the clean sets a VB100 award is earned.
BeyondTrust’s history, including awards gained under previous identities, shows a rather uneven pattern of success, with now two passes and two fails in the last six tests; six passes and three fails in the last two years.
We had a few minor problems with the product: some scans seemed to start properly but stopped after a few minutes with a ‘nothing found’ message, despite subsequent re-runs of the same task turning up large numbers of detections. Thus a not-quite-perfect ‘Stable’ rating is earned.
ItW Std: 100.00%
ItW Std (o/a): 100.00%
ItW Extd: 100.00%
ItW Extd (o/a): 100.00%
False positives: 0
Stability: Stable
Main version: 4.1.28.116
Update versions: 7.48274, 7.48908, 7.49214, 7.49412
Following three products in a row that share the same engine we come to one which provides the detection technology for more than a dozen of this month’s participants. Bitdefender’s business oriented Endpoint product is about as pared down as they come – the installation process requires just a single click before blasting through its business in a couple of minutes, which appears to include updates; once the interface is up though, it claims that no updates have been performed, adding another few minutes, in some cases more.
I refer to the interface, but really there’s not much to see – there are almost no controls whatsoever, with configuration presumably provided by some sort of central management system. So we proceeded with the default settings, which turned out to be quite thorough, and got through our speed measures in pretty decent time.
Overheads were a little high on access though, particularly over archive files, and with slightly high use of RAM noted in our performance measures, we noted that tell-tale negative figure in our CPU use measure, a sure sign that our set of activities had taken an extraordinary amount of time to complete (as the CPU measure takes a snapshot of CPU use every few seconds during the activities test, if much of the time is spent idling, this can average out to a figure much lower than that recorded in our baseline measures).
Those activity measures really were extraordinary – the set of tasks took from 45 to 95 minutes to get through, compared to a fraction over a minute in the baseline measures with no solutions in place, and not much more than two minutes on average with products intercepting file accesses. This seemed so out of whack that we retried the task several times, on different systems, but saw the same thing happening each time – the bulk of the slowdown appeared to be during the downloading of zip files from our in-house web server.
Moving on, the detection tests proved much less time consuming, with splendid scores across the board. Even the proactive week of the RAP sets (which, thanks to our tweaks to ensure best possible freshness has been causing problems for some products) was very well handled here. The core sets were handled without problems, and a VB100 award is well deserved by Bitdefender, despite the rather odd behaviour in our performance tests.
The company’s products can thus continue to boast of a flawless 12 out of 12 in the last two years; despite the frankly bizarre slowness, there were no actual bugs to report, earning the product a ‘Solid’ rating.
ItW Std: 100.00%
ItW Std (o/a): 100.00%
ItW Extd: 100.00%
ItW Extd (o/a): 100.00%
False positives: 0
Stability: Solid
Main version: 13.0.260
Update versions: 7.48272, 7.48909, 7.49214, 7.49412
The first of many third party products making use of the Bitdefender engine, BullGuard rarely misses a test and can usually be relied on to put in a strong showing. The install process is simple and quick, completing in 30 seconds or so, but updates tended to be a little slower sometimes, with a few attempts resulting in error messages, but generally finishing off OK without further interaction required.
The interface is shiny and friendly, with controls not the clearest but reasonably detailed. A UAC prompt is presented when running an on-demand scan.
Speeds were only OK on demand in the initial runs, but blazed through the warm runs very quickly indeed. Lag times were very light, and again showed good improvement in the warm runs. Resource use was a fraction above average, and despite fears that the engine might be causing problems with our set of tasks, they also zipped through very quickly indeed.
Detection rates were once again excellent, with only the faintest hint of a decline through the days of the Response sets and a gentle slope through the RAP weeks, while the proactive week was still well handled.
The core sets presented no issues, and a VB100 award is well deserved, keeping up BullGuard’s strong record of ten passes from ten entries over the last two years, with only our annual visits to Linux platforms not entered. There were a few minor errors in the update process but nothing more serious, making for a ‘Stable’ rating.
ItW Std: 100.00%
ItW Std (o/a): 100.00%
ItW Extd: 100.00%
ItW Extd (o/a): 99.95%
False positives: 0
Stability: Stable
Main version: 11.0.768.000
Update versions: 8.3.1.6/1112773440, 1120180256
ZoneAlarm is a veteran brand in security, but has been only an occasional entrant in our comparatives over the last few years. The set-up process is fairly straightforward, including the offer of a security toolbar and some mandatory scans of critical areas, completing with initial updates in just a few minutes.
The interface is colourful and reasonably simple to understand. It provides only fairly basic configuration options, and was a little wobbly under pressure, especially when dealing with large sample sets, but seemed to keep things going well behind the scenes. We also noted that the firewall component blocked access to all network shares set up on the machine by default.
Scanning speeds were a little slow initially but much better in the warm runs, while overheads were a touch high to start with but pretty light in the warm runs. RAM use was fairly low, CPU use a little above average, and our set of tasks got through in a little less than the average time for this test.
Detection was well below what we would expect to see from the Kaspersky engine under the hood, implying that not all features from Kaspersky’s own solutions have been included here (notably the cloud lookup system). RAP scores were especially weak, and detection rates in the WildList sets were also disappointing, with a handful of items missed out on demand and even more on access.
This means that despite only a few warnings in the clean sets, there is no VB100 award for Check Point this month. The vendor’s record now shows two fails from two attempts in the last year; one pass and two fails in the last dozen tests. There were a few wobbles under pressure but nothing too serious, earning the product a ‘Stable’ rating.
ItW Std: 100.00%
ItW Std (o/a): 99.30%
ItW Extd: 99.81%
ItW Extd (o/a): 98.52%
False positives: 0
Stability: Stable
Main version: 5.1.23/5.4.2
Update versions: 201306262332, 201307310855, 201308061329, 201309020725
Commtouch is a far more regular VB100 participant, rarely missing a test, and the product has remained little changed over the last few years. The set-up follows the standard path, completing in under a minute, and updates are rapid too, after some extra steps to activate a licence. The interface is basic but clear, providing a decent basic set of controls, and generally seemed stable under pressure.
Scanning speeds in general were a little on the slow side, and lag times on access were pretty heavy. RAM use was low but CPU use a little high, and as usual our set of tasks took quite a while to go through – several times the time taken in our baseline measures.
Detection was pretty solid in the Response sets, showing a steady decline into the most recent days but remaining pretty strong even there. Things were a little less impressive in the RAP sets, reflecting a heavy emphasis on cloud detections which are not covered by the RAP test methodology.
After the detection tests we noted occasional issues with the log viewer, which seemed unable to handle large amounts of data and froze up several times.
The WildList sets were covered well, but once again in the clean sets quite a cluster of false alarms were reported, mainly on a selection of files related to printers. A VB100 award is thus denied once again. The company’s test history shows no passes from five attempts in the last six tests; two passes from ten entries in the last year. With just a couple of minor stability issues noted, a ‘Stable’ rating is earned.
ItW Std: 100.00%
ItW Std (o/a): 100.00%
ItW Extd: 100.00%
ItW Extd (o/a): 100.00%
False positives: 14
Stability: Stable
Main version: 3.43.0/4.90G
Update versions: 3.43.0/4.91G
Returning to our tests after a lengthy break thanks to the changing of hands of the VirusBuster engine previously included in the product, Digital Defender is one of several products this month built around a design from Preventon (under which now lies the Sophos detection engine). On the surface little has changed though, with the installation process following the familiar standard track, completing very rapidly with no reboot required, and updates were also very rapid.
Indeed they were so quick that we had some problems setting up for the RAP tests – as online connectivity is required to activate the product and access the controls, we were hard pressed to complete the activation process and cut off the link before the updates completed. Just how effective the updates were was less than clear however, with initial on-access runs over the WildList sets showing a large number of items ignored. Re-running the same job later on was much more successful, implying that the system takes a while to absorb the data so rapidly downloaded.
We also had an issue with some on-demand scans, with tasks set up to scan the entire C: partition completing in just a few seconds with only a single item reported as having been scanned. Again, retrying proved much more successful, taking as many minutes as the initial try did seconds and showing numbers much closer to the true size of the target region.
Scanning speeds were a little slow over archives and binaries but reasonable elsewhere. Overheads were high over binaries but not bad over media and other types of files. Resource use was a little above average, but our set of activities didn’t take too long to get through.
Detection was not great in the Response sets, with a noticeable dip into the later few days. RAP scores were a little uneven but not too bad in the reactive sets, dropping off quite sharply in the proactive week. The core sets were properly dealt with though, with nothing missed in the WildList sets and no false alarms either, thus earning Digital Defender a VB100 award on its return to the fold.
The vendor now has one pass and one fail from two entries in the last six tests; five passes and one fail from the last two years. There were some problems noted, including the rather serious matter of the on access component taking some time to be properly active, meaning the product earns only a ‘Fair’ rating for stability.
ItW Std: 100.00%
ItW Std (o/a): 100.00%
ItW Extd: 100.00%
ItW Extd (o/a): 99.91%
False positives: 0
Stability: Fair
Main version: 7.0.0.25
Update versions: 10,269,879; 8.0.0.10/10,019,893; 10,132,477; 10,175,494
Another solution integrating the Bitdefender engine these days, Emsisoft’s installer is simple and not too slow, with updates adding a few more minutes to the total. The interface is quirky but reasonably usable, with a mid-range set of controls available.
Stability was far from perfect, especially under pressure; one attempt at an on-access run over our WildList sets left the entire machine locked up and unresponsive, with a hard reset required to right it. A few scans seemed to give up part-way through, and we also noted some error messages when tweaking the settings in the speed tests.
Speeds were not bad though, and overheads were very light, although not imposing proper on-read scanning by default will have helped a lot in this respect. It will also have affected our performance measures, which show low resource use and low impact on our set of tasks.
Detection was as high as we would expect though, with excellent scores across the board, and even the proactive part of the RAP sets well handled. There were no problems in the core certification sets, and a VB100 award is well deserved. That puts Emsisoft on four passes and one fail from the last six tests; five passes and five fails in the last two years, but some of those fails were with a different underlying engine.
A number of stability issues were noted, most but not all of which occurred under heavy pressure, earning the product a ‘Fair’ rating.
ItW Std: 100.00%
ItW Std (o/a): 100.00%
ItW Extd: 100.00%
ItW Extd (o/a): 100.00%
False positives: 0
Stability: Fair
Main version: 14.0.1400.1429
Update versions: NA
A client of Bitdefender for rather longer, eScan’s suite product has had a fairly heavy redesign lately. The install features a slideshow of smiling folk happily using their computers in safety – this distraction is welcome as the process is rather lengthy. Updates are also a little slow, with occasional errors, and after updating, the on-access component seemed to be completely inoperative. A reboot fixed this, but was not requested by the product as far as we could tell.
We also had some errors with some scan jobs – some locked up and failed to progress when left running overnight, some crashed out with error messages even when scanning only clean items. In the end, though, we managed to collate usable scanning speed data, which showed some pretty sluggish speeds, while overhead figures were slow too, with some hefty lag times. Resource use was fairly low, but our set of tasks took a while to complete.
Detection rates were as strong as others based around the same engine, with good scores everywhere including the certification sets, thus earning eScan a VB100 award. The vendor’s test history shows an exemplary 12 passes in the last two years, but stability was suspect this month, with numerous errors earning the product only a ‘Fair’ rating.
ItW Std: 100.00%
ItW Std (o/a): 100.00%
ItW Extd: 100.00%
ItW Extd (o/a): 100.00%
False positives: 0
Stability: Fair
Main version: 6.0.316.0
Update versions: 8492, 8612, 8636, 8680
Another provider with a flawless record for some while, ESET’s product is pretty familiar, with a simple install process which gets through in good time and very speedy updates. The interface combines unfussy good looks with comprehensive fine-tuning controls, and seemed firm and responsive throughout testing.
Scanning speeds were not bad to start with and sped up nicely in the warm runs, while lag times were low, RAM use was OK and CPU use very low. Our set of tasks didn’t take too much longer to complete than the baseline measures.
Detection was decent in the Response and RAP sets, with the proactive week of the RAPs well handled. The WildList and clean sets presented no difficulties, and ESET adds another VB100 award to its tally, maintaining its 100% pass record going back over a decade. Stability was flawless this month, earning the product a ‘Solid’ rating.
ItW Std: 100.00%
ItW Std (o/a): 100.00%
ItW Extd: 100.00%
ItW Extd (o/a): 100.00%
False positives: 0
Stability: Solid
Main version: 2.5.0.23
Update versions: 13.3.21.1/501164.2013062618/7.48273/9541992.20130626, 13.3.21.1/505305.2013072616/7.48942/9293407.20130726, 13.3.21.1/506079.2013080513/7.49205/9385833.20130805, 13.3.21.1/507076.2013081318/7.49385/9423212.20130812
Returning to our haul of Bitdefender-based solutions, ESTsoft’s ALYac has a rather unpredictable pedigree, alternating between strong performances and horrible flakiness which has seen it excluded from some tests in the past. This time, setting up seemed OK and fairly speedy, but updates were slow, often taking more than a quarter of an hour to get the job done. The interface is a little quirky, mainly thanks to some odd use of language (which may be the result of translation issues), but provides a decent set of controls and seemed mostly responsive.
The same was not always true of the protection, which appeared very flaky indeed, with the on-access tests seeing good levels of detection at first only to find the blocking switching off part-way through the test. A reboot fixed this, and with a little coaxing we did manage to get some clear runs through – hopefully in normal use, with only occasional detections to deal with, it should be able to maintain its calm.
Scanning speeds were pretty good, and even better in the warm runs; overheads were not bad and again showed great improvement in the warm measures. Resource use was low and impact on our set of tasks not too bad either.
Detection was around the level we have seen from other products with the same engine – pretty impressive throughout – and with no problems in the clean or WildList sets a VB100 is duly awarded. Our test history for ESTsoft shows two passes and one fail from three entries in the last six tests, although we’re only counting those entries which made it as far as a final report; four passes and two fails from six qualifying entries in the last two years.
This month we saw fewer of the stability problems which have given us headaches in the past, but there were still some serious issues, with a score well into the ‘Fair’ category.
ItW Std: 100.00%
ItW Std (o/a): 100.00%
ItW Extd: 100.00%
ItW Extd (o/a): 100.00%
False positives: 0
Stability: Fair
Main version: 5.0.4.279
Update versions: 5.146/17.824, 17.968, 19.005, 19.02
A rather more stable product, FortiClient generally does pretty well, with scores continuing to improve over the last year or so. Although the install is very fast, updates are a little slower, and the new interface is not as popular with the lab team as the old – virtually all controls having been stripped out in favour of a more simplistic GUI which gives over much of its space to advertising.
Scanning speeds were a little on the slow side, overheads pretty heavy to start with but improving greatly in the warm runs, mercifully. RAM use was average, CPU use low, and our set of tasks got through in decent time.
Detection was pretty good, with some decent scores in the Response tests, dropping away a little into the later days, but great figures in the RAP tests, including a solid showing in the proactive week. The WildList set was covered perfectly, and with no problems in the clean sets a VB100 award is well earned by Fortinet.
The company’s history in our tests shows ten passes from ten entries in the last two years, with only Linux tests not entered; stability was a little off this month though, with some serious wobbliness in the on-access tests on occasion, which was enough to knock our rating over into the ‘Fair’ category.
ItW Std: 100.00%
ItW Std (o/a): 100.00%
ItW Extd: 100.00%
ItW Extd (o/a): 100.00%
False positives: 0
Stability: Fair
Main version: 11.00 build 332
Update versions: 9.50 build 19220
Another pair of products was entered by F-Secure this month, with the more business-oriented Client Security solution up first. This one was provided as a full installer package, with a set of updates for the RAP tests also sent over at the last minute. The install was easy with only a couple of clicks, a few minutes’ wait and a reboot.
After the restart it appeared that all was well, but delving into the simple, minimal GUI showed there was still much to do, with updating of all components actually not complete for at least another ten minutes. During this time the interface implied that protection was available, but it was clearly not completely active.
Once it was up and running, we hit a few problems, including: scans refusing to start if attempted after brief on-access detection tests (a reboot was needed to get things moving again), some scans clearly not covering all the areas requested but reporting successful completion, and the usual problems with truncated logs.
Scanning speeds were good to start with – remarkably so in some areas – and very fast indeed in the warm runs, while overheads were very light indeed. RAM use was a little above average, but CPU use was low, and our set of tasks took quite some time to get through.
Detection was excellent, very strong indeed throughout the Response sets and the earlier parts of the RAP sets, with even the proactive week scoring pretty well. The WildList sets were well handled, but in the clean sets a single item, an image optimization tool, was flagged with a generic trojan alert, spoiling F-Secure’s chances of a VB100 award this month. Later investigation showed that the item should have been on a whitelist but seemed to be in a slightly different form from that expected.
F-Secure’s Client product line now shows three passes and two fails in the last six tests; six passes and three fails in the last two years. Stability was distinctly rocky this month, with a number of issues pushing the score into the ‘Fair’ banding.
ItW Std: 100.00%
ItW Std (o/a): 100.00%
ItW Extd: 100.00%
ItW Extd (o/a): 100.00%
False positives: 1
Stability: Fair
Main version: 12.30 build 100
Update versions: 11.00 build 19132
F-Secure’s IS line came as a rather different installer type – a tiny downloader which fetched the required items from the Internet, so it was not possible to include it in our RAP tests this month. The download time was speedy though, with the main install completed within a couple of minutes. Again updates were not very obvious, and seemed to take quite a while, with the product not fully operational for close to ten minutes from starting the installation.
The interface is pretty similar in design to its more business oriented cousin, with a limited set of controls in a stark, pared-down setting. We hit all the same issues with inaccurate or partial logging once again, as well as scans refusing to start, giving up part-way through or getting stuck at some point and making no further progress, and on one occasion the on access protection shut down part-way through one of the WildList tests (which fortunately fared better on a second attempt).
Scanning speeds were once again highly impressive though, with light overheads and low CPU use, although RAM use was a little higher than most and our set of tasks ran through a little slowly.
Detection was excellent, with the Response sets well managed and no problems in the WildList set, but once again that single false alarm in the clean sets stood in the way of a VB100 award. The IS product line appears less regularly in our tests, with only one pass and now two fails from three entries in the last six tests; two of each from four entries in the last two years.
We saw some wobbles in the product this month – a few more than its stablemate – which were enough to push it just over the edge into the ‘Buggy’ category.
ItW Std: 100.00%
ItW Std (o/a): 100.00%
ItW Extd: 100.00%
ItW Extd (o/a): 100.00%
False positives: 1
Stability: Buggy
Main version: 24.0.1.5
Update versions: NA
Routinely putting in very solid performances in our tests, G Data’s dual engine approach also makes for some high scores, which looked likely again after some good showings by the same engines elsewhere. The set-up is straightforward and takes a minute or so, during which some adverts for Android and small business products are shown, and a reboot is required to complete. Updates were mostly fairly quick but on occasion did require two to three minutes to get done.
The interface is glossy and cool, with a splendid level of controls, and as usual remained responsive under whatever stresses we subjected it to. Scanning speeds started off decently and sped up to a blinding pace in the warm runs, but overheads were a little heavy on access, with some improvement in the warm runs but remaining a little high. Resource use was below average, especially RAM use, but our set of tasks did take a fair while to complete.
Detection, as expected, was very good indeed, almost flawless in the earlier parts of the RAP tests and still pretty strong in the proactive week, and with no problems in the certification sets a VB100 award is well deserved. Having missed three tests in the last couple of years, G Data now stands on nine passes from nine entries. There were no stability issues this month, so the product adds a ‘Solid’ rating to an all round strong performance.
ItW Std: 100.00%
ItW Std (o/a): 100.00%
ItW Extd: 100.00%
ItW Extd (o/a): 100.00%
False positives: 0
Stability: Solid
Main version: 2013-06-26.00(9544038)
Update versions: 2013-07-24.00(9544038), 2013-08-05.00(9544038), 2013-08-13.00(9544038)
Hauri’s ViRobot is yet another member of the Bitdefender gang, but in the past we’ve seen some differences between this and other products using the same technology. Installation here was fast and simple, updates also quicker than expected and with none of the unreliability noted in some past tests. The interface is a little basic and suffers from impenetrable language in parts, but seemed fairly responsive.
We did observe some oddities elsewhere though: the windowing system got into a very odd state from time to time, there was an issue with the RAP scan getting stuck fast and needing a reboot and a re-run, and there were some very odd problems with the on-access component, which seemed very unpredictable. Some runs produced very little detection at all, while re-running the same task several times in a row gave entirely different results each time. Only after several reboots and leaving the product to settle in for a while were we able to show it working fully.
The speed tests were less problematic though, showing some fairly sluggish times in the on demand scan measures, but fairly light overheads on access. Resource use was low, and our activities test showed a good result too.
Detection was as strong as expected in the RAP sets, closely matching others based on the same engine, but in the Response tests scores were much lower than we had anticipated, suggesting that despite appearances, updates had not always been as successful as they seemed. There were no problems in the WildList sets, but in the clean sets a single item, a version of the main Skype executable, was flagged as malware, thus denying Hauri a VB100 award this month.
Hauri now has two passes and two fails in the last six tests; four passes and three fails from seven entries in the last two years. With a number of issues noted, a stability rating of ‘Fair’ is just about earned.
ItW Std: 100.00%
ItW Std (o/a): 100.00%
ItW Extd: 100.00%
ItW Extd (o/a): 100.00%
False positives: 1
Stability: Fair
Main version: 2.2.22
Update versions: 1.4.3/84497, 2.2.29/1.4.3/84780, 84845, 84897
Ikarus has something of a chequered history in our tests, combining a tendency to score very highly with a similarly high chance of being upset by false alarms. The product’s installer seems little changed, with the usual fair number of stages, and rapid updates meaning the whole job takes no more than a couple of minutes.
The interface is limited but seems fairly clear and responsive. Scanning speeds were distinctly slow, overheads rather high, with RAM use below average but CPU use on the high side, while our set of activities ran through pretty quickly.
Detection as usual was very good, with just a whisper of a decline through the Response sets and solid scores in the reactive part of the RAP sets. The proactive set showed a fairly steep drop, hinting that detection relies heavily on the rapid addition of new items as they are seen.
The WildList sets were clear, and for once there were no problems in the clean sets either, earning Ikarus a VB100 award, its second from five entries in the last six tests. The two-year view now shows four passes and five fails; stability was impressive this month too, with no problem to report and a ‘Solid’ rating is earned.
ItW Std: 100.00%
ItW Std (o/a): 100.00%
ItW Extd: 100.00%
ItW Extd (o/a): 100.00%
False positives: 0
Stability: Solid
Main version: 4.0.13011
Update versions: NA
Another new name for our roster, Inca hails from South Korea and its product is yet another implementation of the near ubiquitous Bitdefender engine, alongside some technology of its own. The install process is quick and easy, completing in half a minute, but once installed it took a while to actually start up and updates were a little slow at times too, adding a few more minutes to the total time. The interface is simple, crisp and clean – it provides only limited controls, but is easy to navigate and seems fairly stable.
We did note a couple of minor issues, including some options which appeared not to function properly, but there was nothing too serious, and scanning speeds were rapid. On access lag times were rather high, and with average RAM use, CPU use was also a little high. Our set of tasks completed in a reasonable time though.
Detection was decent, but not quite as high as we would expect in the Response sets. As we were unable to set the product up in advance for the RAP sets, no scores were recorded here. The WildList sets were handled impeccably though, and with no false alarms Inca earns itself a VB100 award on its first attempt. With only a few very minor stability issues to report, it also earns a ‘Stable’ rating.
ItW Std: 100.00%
ItW Std (o/a): 100.00%
ItW Extd: 100.00%
ItW Extd (o/a): 100.00%
False positives: 0
Stability: Stable
Main version: 13.1.0201
Update versions: 8.170.8909, 9.170.9131, 9.170.9153, 9.170.9259
K7’s product had a redesign not long ago, which the team here found much more aesthetically pleasing than previous versions. The installer is a very minimal one-click affair, and blasts through in about ten seconds – although once it appears to have completed (and provides a message reassuring the user that they are secure) there is still some way to go, with updates to download and apply. This doesn’t take too long, although on some occasions a reboot is needed afterwards.
The interface is crisp, attractive and simple to operate, with a good range of controls, and seemed firm and stable throughout testing. Scanning speeds were pretty slow over archives and binaries but not bad elsewhere, while on access lag times were just a little on the high side. Resource use was below average and our set of activities got through in good time.
Detection was reasonable if not stellar, with a slight downward trend in the Response sets and a steep drop into the proactive week of the RAPs, but the WildList was covered satisfactorily and there were no false alarms, thus earning K7 a VB100 award. Our history for the vendor shows two passes and one fail from three entries in the last six tests; five passes and one fail in the last two years. This month’s showing earns a ‘Solid’ rating for stability thanks to no issues noted at all.
ItW Std: 100.00%
ItW Std (o/a): 100.00%
ItW Extd: 100.00%
ItW Extd (o/a): 100.00%
False positives: 0
Stability: Solid
Main version: 13.0.1.4190(g)
Update versions: NA
Kaspersky’s 2013 edition appears in our tests just as the 2014 version is hitting the shelves. Installation starts with an unpacking stage which can easily be mistaken for the install itself, but the whole thing is fairly zippy, completing in under a minute. Updates are slower though, taking five minutes or so.
The interface is a little over-styled and some brainwork is needed to get the hang of its quirks, but there is a lot of fine-tuning once you figure it out, and it seemed solid and reliable throughout. Scanning speeds started a little slow but were almost instant in the warm runs; overheads were light, at least until we turned up the settings, and resource use was low with a decent time taken to complete our set of tasks.
Detection was pretty good throughout, with a noticeable but not extreme drop in the proactive week of the RAP sets, and there were no issues in the certification sets, earning Kaspersky a VB100 award and putting our test history for the company’s mainline product on five passes and one fail in the last six tests; nine passes and two fails in the last two years. Stability was good, earning a ‘Solid’ rating.
ItW Std: 100.00%
ItW Std (o/a): 100.00%
ItW Extd: 100.00%
ItW Extd (o/a): 100.00%
False positives: 0
Stability: Solid
Main version: 2013.SP3.5.072215
Update versions: 2013.SP3.5.072215, 2013.SP3.5.031800, 2013.SP4.0.080217
China’s Kingsoft continues its recent comeback in our tests, since completely overhauling its product and adding in the Avira engine. The installation process features a very funky thermometer animation which blasts through very quickly, completing in little more than ten seconds, but updates do take a little longer, the entire install requiring around three minutes.
The interface looks colourful and sparkly, but lacks any language options other than Chinese so we can’t really comment much on how clear it is to operate; we relied on a detailed cheat-sheet for most of our needs. It may be thanks to the language barrier that we saw no prompt requesting a reboot, but initial investigations quickly showed that the on access component was not active without one.
Scanning speeds proved a little slow over archives (which were well covered by default), but reasonable elsewhere, while overheads were a little high, as was resource usage, but our activities measure completed in around average time.
As we would expect from Avira’s engine, detection was very good, as far as we could tell; sadly, logging appeared to be capped at a limited level, which we had not been informed about at the time of submission, so when we came to process numbers much of it was lost. We had already observed some problems with the log viewer, which fell over a few times and reported wildly divergent figures for the same job depending on when we visited it. As the Response sets were already dated by the time we spotted the issue, the tests could not be repeated and only partial results are thus provided. We did try to re-run the RAP tests, but after a few crashed attempts we had to give up under heavy time pressure. Had things all gone to plan, we expect that we would have seen figures very similar to those recorded for Avira’s own solutions.
Fortunately for Kingsoft, we ran the certification sets separately and the data was small enough to fit into the available log space. No WildList misses or false alarms were noted, and Kingsoft earns a VB100 award – its fourth from four entries in the last six tests, with no appearances before that for some time. There were a few issues noted this time, including scanner and logging problems, meaning only a ‘Fair’ rating for stability.
ItW Std: 100.00%
ItW Std (o/a): 100.00%
ItW Extd: 100.00%
ItW Extd (o/a): 100.00%
False positives: 0
Stability: Fair
Main version: 2.1.96
Update versions: 8.2.12.94, 8.2.12.114
The Kromtech Alliance Corporation may sound like a group of villains from an episode of Doctor Who, but it is in fact the company that now controls the PCKeeper brand, formerly owned by ZeoBit. The product looks much as it has done in previous tests though, and still includes the Avira engine under the covers, with the ZeoBit name not yet eradicated. (It also features some rather cheeky use of the VB name, and includes a link to one of our reports which really shouldn’t be publicly shared by anyone other than ourselves.)
The install process is enlivened by a slideshow carrying the words ‘Imagine you had a technical expert next to your PC ALL THE TIME’ (my caps – having met a fair few technical experts, I’m not sure I fancy this scenario much at all). On completion we find the product itself is mainly devoted to optimization and so on, with the anti-malware component an extra which requires separate set-up. During the initial scan, which launches automatically, it found a number of issues with our freshly installed systems, as these things invariably do, including an epic 4.42MB of potential disk space to save – although on a machine with 1.5TB of hard drive space this wouldn’t make much of a dent.
With the AV module up and running, we found only minimal controls for it but were able to operate it reasonably easily. Scanning speeds were not bad, and overheads were a little heavy initially but much better in the warm runs. RAM use was a little higher than most, but CPU use was OK, and our set of tasks got through in around average time.
Once again, RAP scores were unavailable due to not having been able to prepare an install of the product on the deadline day, and Response scores proved problematic too. Although we found complete and detailed logging for our scans of the clean and WildList sets on each install, it seemed that after this initial success the logging system gave up and refused to do any more work. Even with reinstalls and running the job again from scratch we could not persuade it to record how it had performed in the scan job, and in a chat with one of those ‘technical experts’ using a built-in live chat system we were informed that logging needed some work following a product overhaul. From the raw numbers we saw though, we would once again expect to see detection on a par with that of Avira’s own solutions.
The data we did gather showed no problems with the certification sets, earning Kromtech a VB100 award; PCKeeper now has one pass and one fail from two entries in the last six tests; two passes and one fail in the last two years. There were a number of wobbles noted, including the logging issues mentioned, and the product earns just a ‘Fair’ rating for stability.
ItW Std: 100.00%
ItW Std (o/a): 100.00%
ItW Extd: 100.00%
ItW Extd (o/a): 100.00%
False positives: 0
Stability: Fair
Main version: 10.5.3.4405
Update versions: 19972, 20270, 20526
Lavasoft’s Ad-Aware is another occasional participant in our tests, and one which tends to give us the odd headache in the process. The current version still uses the ThreatTrack (formerly GFI, formerly Sunbelt) engine alongside Lavasoft’s own work.
An ‘express’ set-up mode is offered, which fetches the main 80MB installer from the web, runs it through its work in about 20 seconds and updates in another 30 seconds, completing in not much more than a minute with a decent network connection, with a reboot needed at the end.
The interface is busy and colourful, not providing a great deal of configuration, but is reasonably easy to use after a brief explore. In normal use it seemed reasonably sturdy, (although a few scans of clean files did lock up), but after running our on-access detection tests it managed to get itself into a very messy state, running on-demand scans that lasted 0 seconds and found no files to scan (in the C: partition), and generally slowing the machine down in a bad way. Rebooting didn’t help – the product was still non-functional and the system barely usable – so we ended up opting to nuke the whole thing from orbit and start again. Fortunately these issues were not repeated in later runs, where we were rather more careful about running our on-access tests.
Once these problems were dealt with, we found scanning speeds were slow over archives but reasonable elsewhere, especially in the warm runs. On access overheads were pretty good, RAM use below average, CPU use very low indeed, and impact on our set of tasks pretty low too.
Detection was pretty impressive, maintaining a high standard throughout the Response tests and getting some splendid scores in the reactive parts of the RAP tests too, although numbers did fall away rather in the proactive week. The core sets were properly dealt with, earning the product a VB100 award and putting Lavasoft on two passes from two attempts in the last six tests; two passes and one fail in the last two years. We encountered some pretty hairy problems, but they happened only in high stress situations which we wouldn’t expect normal users to encounter, and were not found to be repeatable. As a result, a stability rating just inside the ‘Fair’ boundary is earned.
ItW Std: 100.00%
ItW Std (o/a): 100.00%
ItW Extd: 100.00%
ItW Extd (o/a): 100.00%
False positives: 0
Stability: Fair
Main version: 4.3.211.0
Update versions: 1.1.9506.0/1.151.1851.0, 1.1.9700.0/1.155.979.0, 1.155.1264.0, 1.155.2050.0
Microsoft opted to enter its corporate endpoint solution this time, providing the usual slimline installer package. Set-up follows the standard path and completes quickly, with updates adding a couple of minutes. The interface is simple and solid, providing a decent basic set of controls which are mostly easy to find and understand.
Scanning speeds were not bad, overheads a little high initially but much better in the warm runs, with RAM use low, CPU use a little above average and our set of activities getting through quite quickly. Detection was reasonable in the Response sets and a little uneven in the RAPs with a very steep drop into the proactive week. The WildList sets were properly covered though, and with no false alarms a VB100 award is duly earned, putting Microsoft’s corporate line on three passes from three entries in the last six tests; four from four in the last two years. There were no stability problems, earning a ‘Solid’ rating.
ItW Std: 100.00%
ItW Std (o/a): 100.00%
ItW Extd: 100.00%
ItW Extd (o/a): 100.00%
False positives: 0
Stability: Solid
Main version: 3.43.0/4.90G
Update versions: 3.43.0/4.91G
Another member of the Preventon clan now based on the Sophos engine, MyPCwash is a new name for our lists, but the product is much as expected. Installation is unexceptional but fairly speedy, the interface is simple with a decent set of controls, and stability was hit by some oddities with implementing protection on initial install and a few scans binning out unexpectedly.
Scanning speeds were not bad, overheads a little on the high side, resource use reasonable, but impact on our set of tasks a little high. Detection was OK but not stellar, with a sharp drop into the proactive RAP week. The certification sets were properly covered though, thus MyPCwash earns a VB100 award on its first attempt. With a few issues noted, a ‘Fair’ stability rating is awarded.
ItW Std: 100.00%
ItW Std (o/a): 100.00%
ItW Extd: 100.00%
ItW Extd (o/a): 100.00%
False positives: 0
Stability: Fair
Main version: 0.24.0.53571
Update versions: 0.10.6.986, 0.26.0.53954/0.11.5.422
Yet another new name, but another product we’ve been keeping our eye on for a while, the Russian developers of Nano AntiVirus have been working on their solution for some time, gradually improving things, and have decided the time is now right for a public comparative, although the product is still officially in beta.
The set-up process from the rather large installer starts with a check for a new version, which then proceeds to download several hundred MB of installer once again. After that things move along rapidly though, completing in good time, with updates not too slow either.
The interface is considerably more professional than many we’ve seen this month, looking glossy and attractive, with a good layout and a good level of configuration. Scanning speeds were around average, with overheads perhaps a shade heavy; resource use was a little high too, with CPU use well above average for this month’s test. Our set of tasks took a fair while to complete.
Detection was pretty decent in the Response sets, a little higher in the earlier days than the later ones, as we would expect; once again RAP scores are absent as the product was not set up on the deadline day. The WildList was covered reasonably well but there were a fair few misses, and in the clean sets there were a small handful of false alarms, mainly on the set of printing utilities added late last year which seem to have caused problems for many.
So Nano is not quite up to the VB100 standard yet, but this is a remarkable performance for an all-new product. Even more impressively, there were no stability problems even under the heaviest stress, earning a ‘Solid’ rating.
ItW Std: 84.28%
ItW Std (o/a): 84.28%
ItW Extd: 80.71%
ItW Extd (o/a): 80.71%
False positives: 3
Stability: Solid
Main version: 10.1
Update versions: 7.01.04
A rather more familiar name with a venerable history in our tests, Norman’s suite solution has had a pleasing redesign of late. The installer takes a fair while, and once it appears to be done still has a few more tasks to complete, requesting a reboot several minutes later. It then runs an update, which seems to entail a second restart of the system before things are finally fully operational.
The interface is a little more stable than previous iterations, and provides a good basic set of controls. We did note a few wobbles though, with larger scan jobs crashing and freezing fairly regularly. The right-click scan option prompts a UAC query.
Scanning speeds were a little slow in some areas but reasonable elsewhere, with overheads on the heavy side initially but speeding up well in the warm runs. RAM use was around average, CPU use very low, and our set of tasks got through in good time.
Detection was pretty good in the Response sets, with a gentle downward slope, and solid in the reactive parts of the RAP sets too, although the proactive week did dip pretty low. The WildList sets were properly handled, and there were no false alarms, meaning a VB100 award is earned by Norman this month; the company’s test history shows three passes and three fails in the last six tests; things look a little better in the longer term, with nine passes and three fails.
There were a few stability issues but only under heavy, unnatural pressure, placing it in the ‘Stable’ category.
ItW Std: 100.00%
ItW Std (o/a): 100.00%
ItW Extd: 100.00%
ItW Extd (o/a): 100.00%
False positives: 0
Stability: Stable
Main version: 2.2.0
Update versions: 2.2.1
Panda has been doing well in our tests since its return a year ago. The free cloud product is compact and pretty simple to install, with a GUI providing minimal controls but in a clear and simple fashion.
Stability was OK, although we did note several appcrash errors when running scans; there were also a few issues with the log viewer, which on occasion was found to be empty after a crashed scan despite many detections having been reported earlier, and could also easily be made to crash itself. As the standard log is capped at a rather small size for our purposes, we used an advanced logging system with the size cap extended using a special tool to a maximum of 4GB, which in some phases of the test was required – the log records details of each request for a cloud lookup, and the response, in great detail.
Scanning speeds were reasonable on demand, but on access overheads were very light indeed. Resource use was low, and our set of tasks got through in good time too. Detection was strong and very even through the Response sets, with no RAP scores as the product cannot function offline (which may make it unsuitable for some scenarios).
The WildList sets were well covered, but in the clean sets we observed a single item from an educational package marked ‘blocked’ (no further details were available as despite the huge amount of information in the advanced logs, actual detections are not expanded upon very much). Investigation with the developers could not explain this oddity, as the item in question should have been marked as known-good software, and subsequent re tests produced no repetition of the issue, although these were run several weeks after the initial incident. Despite this we have to go by the data gathered at the time of the official test, so the FP stands and Panda is denied a VB100 award this month, by a whisker.
That puts Panda on three passes and one fail in the last six tests, with an additional pass a year ago and no appearances for quite some time before that. Stability was OK, with a few small issues noted, rating ‘Stable’.
ItW Std: 100.00%
ItW Std (o/a): 100.00%
ItW Extd: 100.00%
ItW Extd (o/a): 100.00%
False positives: 1
Stability: Stable
Main version: 3.43.0/4.90G
Update versions: 3.43.0/4.91G
Another member of the Preventon family, PC Booster’s version of the product has a couple of appearances under its belt in various guises, the current one including the Sophos detection engine.
The set-up process is straightforward and updates very speedy. The interface simple and clear with a reasonable set of basic controls provided. There were a few wobbles, including an issue noted previously with the interface not opening at first attempt, and some scans freezing up if the default ‘extended’ logging mode is left on. We also saw the same problem elsewhere with the on-access component not fully operational for some time after the initial install and update.
However, once things were fully ready, detection was reasonable, trending downward slightly through the Response sets and rather uneven in the RAP sets, dropping off sharply into the ‘Week +1’ batch. The WildList was properly handled though, and with no false alarms a VB100 award is earned.
That puts PC Booster on two passes this year; three from three entries in the last two years. Stability was not perfect, rating only ‘Fair’.
ItW Std: 100.00%
ItW Std (o/a): 100.00%
ItW Extd: 100.00%
ItW Extd (o/a): 99.91%
False positives: 0
Stability: Fair
Main version: 1.0.0.34
Update versions: NA
We’ve looked at various versions of PC Matic in the past, but it has made only one appearance in a full comparative prior to this test, with a slightly different edition; both editions use the ThreatTrack/formerly GFI/formerly Sunbelt engine. The install had the usual steps to click through, including more than one UAC prompt, and once the process was complete it turned out that this was only for the optimization parts of the product – the anti-malware component is added separately and takes a little while to put in place.
The interface is unusual, with very few controls for the anti-malware side of things, but proved reasonably usable with care. It was not the most stable though, with numerous crashes and hangs, the most easily repeatable being when simply trying to enable the anti-malware component before it is fully in place, which brings up an appcrash error. There were also a few C++ runtime errors. One scan run seemed to be blocked by the product’s own on-access protection, with the only detection found in the scan log relating to adware items, while the sets were cleaned out nicely.
Scanning speeds were very slow, but overheads were not too heavy. RAM use was a little high, CPU use was on the low side, with a reasonable speed through our set of activities. Detection was solid though, with some splendid scores in the Response sets, only dipping a little on the very last day, and strong numbers in the reactive weeks of the RAP sets, dropping away somewhat in the proactive part.
The WildList presented no problems, and there were no FPs either, earning PC Pitstop’s home edition a VB100 award, the company’s second so far, both in the last six tests. There were a number of stability issues, most but not all occurring under heavy stress, putting the score at the very top end of the ‘Fair’ banding.
ItW Std: 100.00%
ItW Std (o/a): 100.00%
ItW Extd: 100.00%
ItW Extd (o/a): 100.00%
False positives: 0
Stability: Fair
Main version: 3.43.0/4.90G
Update versions: 3.43.0/4.91G
The progenitor of many of this month’s solutions, Preventon’s own variant differs little from its siblings, again incorporating the Sophos engine. Set-up was very quick, with updates over in seconds. The interface is clear and sensible but prone to minor issues, with the on access protection once again clearly not ready for some time after the installation appeared to be complete.
Scanning speeds were decent, overheads not too bad either, with reasonable RAM and CPU use and a fairly long time taken to complete our set of activities. Detection was no more than OK too, with the proactive part of the RAP sets a little disappointing. There were no problems in the certification sets, after several problematic attempts, and a VB100 award is just about deserved.
Preventon has built up quite a history, mostly with the previous VirusBuster engine, and now shows one pass and one fail in the last six tests; five passes and one fail from six entries in the last two years. There were a number of wobbles, with the product rating only ‘Fair’ for stability.
ItW Std: 100.00%
ItW Std (o/a): 100.00%
ItW Extd: 100.00%
ItW Extd (o/a): 99.91%
False positives: 0
Stability: Fair
Main version: 4.2.0.4061
Update versions: NA
Returning to our Bitdefender theme, Qihoo’s 360 is yet another Chinese product featuring the engine, although here there seems to also be an option to include the similarly popular Avira engine (not enabled by default). Set-up is another one-click affair and runs through very rapidly, with updates also fairly quick, and the interface is bright and shiny, with a decent level of controls.
As we’ve noted in the past, on access detection is not quite in real time, with checking of files apparently queued, pop ups warning of items ‘blocked’ in our on-access test appearing hours after the files were written in some cases. This does not provide much sense of security. In some cases it seemed to take even longer, but on rebooting the system and retrying the test the alerts started much earlier, implying that initially the on access module had not in fact been operational at all.
Scanning speeds were rather slow, but overheads very light, thanks to the files not actually being looked at before access is granted as they would be in most products. This also affects the speed of our set of tasks, which was pretty rapid, with very low CPU use; RAM use was fairly high though.
Detection was much as expected, very strong across the board, and with no problems spotting the WildList samples (if not actually blocking access to them), and no false alarms either, a VB100 award is granted. That puts Qihoo on five passes from five entries in the last six tests; six passes and two fails in the last two years. There were a few worries this month, notably the on access component apparently being silently disabled at one point, nudging the score into the ‘Fair’ category.
ItW Std: 100.00%
ItW Std (o/a): 100.00%
ItW Extd: 100.00%
ItW Extd (o/a): 100.00%
False positives: 0
Stability: Fair
Main version: 14.00(7.0.0.4)
Update versions: NA
Quick Heal’s Total Security product has become quite familiar over the last few tests, with another simple and rapid install, updates a little slower. The interface has a few quirks but is simple to navigate once the basic idea has been divined, and provides a good range of configuration options.
Scanning speeds were slow over archives, despite not particularly thorough defaults, and no more than reasonable elsewhere, but overheads were light – barely perceptible in the warm runs. RAM use was high, CPU use low, with an average kind of time in our set of activities.
Detection was pretty mediocre – a little uneven in the Response sets but remarkably flat in the RAPs, the proactive week handled just as well as the reactive ones. The certification sets raised no issues, thus earning Quick Heal a VB100 award, its fifth pass from five entries in the last six tests; the vendor has seven passes and three fails in the last two years. No stability issues were noted, thus earning a ‘Solid’ rating.
ItW Std: 100.00%
ItW Std (o/a): 100.00%
ItW Extd: 100.00%
ItW Extd (o/a): 100.00%
False positives: 0
Stability: Solid
Main version: 2.5.0.23
Update versions: 13.3.21.1/501164.2013062618/7.48273/9541992.20130626, 13.3.21.1/505305.2013072616/7.48942/9293407.20130726, 13.3.21.1/506079.2013080513/7.49205/9385833.20130805, 13.3.21.1/507076.2013081318/7.49385/9423212.20130812
Roboscan is more or less a re-badged clone of the ESTsoft product. Set-up took only a minute or so, but updates were rather slow, taking several minutes on most runs. The interface has some clarity issues in places but is mostly fairly usable and provides a good set of controls.
Stability was mostly good, with none of the major horrors that afflicted its stablemate, but there were still some wobbles, especially with the logging system which routinely took more than half an hour to process data at the end of a scan and almost as long to display and export data later on.
Scanning speeds were impressive though, and overheads pretty light, with low resource use and not too much of a hit on our set of tasks. Detection was as strong as we’d expect from the underlying Bitdefender engine, with all sets covered well; this extended to the certification sets where no issues were noted, thus earning Roboscan a VB100 award.
That makes for two passes and one fail in the last six tests; three passes and two fails in the last two years, although some recent tests saw the product excluded from the final report thanks to severe stability problems. Things were much better this time, with only a few issues when heavily loaded, earning the product a ‘Stable’ rating.
ItW Std: 100.00%
ItW Std (o/a): 100.00%
ItW Extd: 100.00%
ItW Extd (o/a): 100.00%
False positives: 0
Stability: Stable
Main version: 3.43.0/4.90G
Update versions: 3.43.0/4.91G
Yet another new name for our lists, but not a new face as this is another product based on Preventon’s GUI and the Sophos engine. Set-up as usual was rapid with very quick updates, and the interface is simple and usable.
Stability was a little more suspect here than elsewhere though, with all the expected issues and a few more besides, including one incident where the on-access protection simply shut down mid-test, requiring a reboot to get the system moving again.
Detection was a little below par but not too bad, with only the proactive part of the RAP sets really disappointing. The certification sets were handled well after a few false starts, and a VB100 award is earned – the first for Senvira. Stability was an issue though, with a number of problems earning a score at the upper end of the ‘Fair’ category.
ItW Std: 100.00%
ItW Std (o/a): 100.00%
ItW Extd: 100.00%
ItW Extd (o/a): 99.91%
False positives: 0
Stability: Fair
Main version: 10.2.8
Update versions: 3.43.0/4.90G, 3.45.0/4.91G
Having seen the bare Sophos engine a few times already, we expected to see rather better from Sophos’s own product, as several components including cloud lookups are enabled here on top of the basic detection. Set-up takes a couple of minutes and updates download quickly but take another minute or so to apply. The interface is businesslike and efficient without sacrificing decent looks, providing a comprehensive set of controls in a sensible and easy to navigate format. Stability seemed good for the most part, although we did note a few scans locking up on specific files, a handful of which were sprinkled through the earlier test sets.
Scanning speeds were fairly slow initially over archives and binaries, but reasonable elsewhere and very fast indeed in the warm runs, while overheads were likewise a little high initially and barely noticeable in the warm measures, rising again with the settings turned to the max.
Detection was excellent in the Response sets, very even through the week. Scores were lower in the RAP sets, with a steep dip in the proactive week, but this is perhaps less reflective of the product’s abilities, as in most situations it will be running with the cloud component, which clearly adds considerably to the detection capability. (We are looking at revamping the RAP test to take such technologies into account as they become more widely deployed in products.)
The core sets were well dealt with, both with and without the cloud, earning Sophos a VB100 award without much trouble. The company boasts a full set of six passes in the last six tests; ten passes and two fails in the last two years. There were only a couple of issues noted, in pretty unusual circumstances, earning the product a ‘Stable’ rating.
ItW Std: 100.00%
ItW Std (o/a): 100.00%
ItW Extd: 100.00%
ItW Extd (o/a): 100.00%
False positives: 0
Stability: Stable
Main version: 7.4.24974.501
Update versions: NA
Another Chinese product, again using the Avira engine, and once again with no English translation available, Tencent’s offering is always fun to test given the language barrier, but a detailed guide was provided by the developers to help us find our way around. Set-up is very quick and easy, updates also not too slow, and the interface is bold and colourful, looking very busy as if there are a large number of components, most of which we know little about.
Operation of the anti-malware part was fairly simple – for the most part intuitive just from the layout and icons. Scanning speeds were a little slow over archives thanks to thorough defaults, but reasonable elsewhere, while overheads were very low indeed – this is another product which does not provide on-read protection by default. Resource use was low, but our set of tasks took a while to complete.
Detection was solid in the reactive areas, dropping a little in the proactive week of the RAP sets, but the certification sets were handled well and a VB100 award is earned, Tencent’s fourth from four attempts in the last six tests, with six passes from six attempts in the last two years. A single stability issue was noted – a scan which binned out leaving no trace of its passing – but a ‘Stable’ rating is still earned.
ItW Std: 100.00%
ItW Std (o/a): 100.00%
ItW Extd: 100.00%
ItW Extd (o/a): 100.00%
False positives: 0
Stability: Stable
Main version: 6.2.4.7
Update versions: 3.9.2567.2/19074, 3.9.2570.2/19974, 20230, 20524
The VIPRE engine has cropped up a couple of times already in this test, with mixed results. In ThreatTrack’s own implementation, set-up is zippy, with a reboot needed, and the interface is unfussy and fairly clear, providing only basic controls.
Scanning speeds were very slow over archives, although not all types are handled, and slow initially elsewhere but speeding up nicely in the warm runs. Overheads were fairly light, resource use low, and our set of activities didn’t take long to complete.
Detection was very strong indeed throughout the Response sets and the reactive parts of the RAP test, dropping off fairly sharply into the proactive week. The WildList sets presented no problems though, and with no false positives to report, ThreatTrack earns a VB100 award. That gives the product three passes from three entries in the last six tests; six passes and two fails in the last two years (some of those earlier results under a different company name).
As usual, there were a few problems handling large sets, with some scans hanging or failing to complete successfully and logging was rarely reliable. A ‘Fair’ rating is earned though.
ItW Std: 100.00%
ItW Std (o/a): 100.00%
ItW Extd: 100.00%
ItW Extd (o/a): 100.00%
False positives: 0
Stability: Fair
Main version: 5.0.4.0000
Update versions: 12.163/5.0.31
Total Defense’s groovy cloud solution does away with its own engine in favour of another from a third party, one already featured many times in this month’s report. Set- up was a little confusing on our first few visits but with a little practice has become fairly simple to reproduce, a web-based control system providing access to a range of tools including a simple download of a local client install bundle. With most of the work in the finding of the bundle, the actual set-up is fast and simple, although once the client itself is in place the download of the malware protection component and updates does take a few minutes.
The interface is a browser GUI with limited controls, most of the configuration being applied by group policies set-up in the online portal, where a reasonable range of options are provided. We encountered a few wobbles: the on access scanner was a little unsteady at first, only becoming properly reliable after a reboot; a few error messages appeared shortly after installation on some occasions; and there were some problems with logs which were unavailable after some scans, and incomplete after others.
We eventually got a full set of results though, with some pretty speedy scan times, fairly light overheads, low resource use and very low impact on our set of tasks. Detection was excellent with high scores across the board, and with no problems in the core sets a VB100 award is easily earned.
That puts Total Defense’s business product on four passes from four entries in the last year; eight passes and a single fail in the last two years, although some of those older appearances were a radically different product. Stability was a little suspect this month, rating only ‘Fair’.
ItW Std: 100.00%
ItW Std (o/a): 100.00%
ItW Extd: 100.00%
ItW Extd (o/a): 100.00%
False positives: 0
Stability: Fair
Main version: 8.0.0.215
Update versions: 6432.0.0.0, 6446.0.0.0, 6453.0.0.0
The consumer offering from Total Defense remains unchanged, based on the company’s own engine and cloud lookup system. The installation requires minimal interaction but takes a few minutes to run through, needing a reboot to complete. Updates are speedy, but also need a reboot. The interface is flashy and glossy but a little easy to get lost in, providing only basic controls.
Stability was good, speeds very rapid as always, with overheads a little higher than we might expect but still reasonable. Resource use was a little above average, possibly thanks to the flashiness of the interface, but our set of tasks got through in decent time.
Detection was rather unimpressive, and a little unpredictable through the Response sets, with the product not entered for the RAP tests due to its reliance on cloud detections. The WildList was handled well, but thanks to those cloud detections a number of false alarms were raised in the clean sets, the bulk of them on business software from major brands including IBM and HP.
A major new version of the product is expected soon, which should help ease these woes, but for now no VB100 award can be granted – this is the third fail from three attempts in the last six tests for this product line. In the longer term things are slightly better, with two passes and four fails in the last two years. On the bright side, stability was not a problem and a ‘Solid’ rating is earned.
ItW Std: 100.00%
ItW Std (o/a): 100.00%
ItW Extd: 100.00%
ItW Extd (o/a): 100.00%
False positives: 12
Stability: Solid
Main version: 13.0.10.5107
Update versions: NA
Yet another product featuring the Bitdefender engine, this time combined with AVG for extra coverage, TrustPort is another regular high performer in our tests. The product install is a little lengthy with updates also taking a while, and a reboot is required.
The interface is rather unusual, with the main GUI fairly minimal but providing links to more detailed configuration areas, which go into some depth of fine-tuning. After initial exploration it soon becomes simple to navigate. Once again options to remove a cap on the log files failed to function as expected, and there were some odd issues with windowing behaviour as noted previously.
Scanning speeds were not the fastest, and overheads a little high initially, improving notably in the warm runs. Resource use was around average, but thanks to the optimization our set of tasks got through rapidly.
Detection was as splendid as one would expect, barely missing a thing in the reactive sets and very strong even in the proactive week of the RAP sets. The core sets presented no problems, and a VB100 award is easily earned.
TrustPort now has five passes from five entries in the last year; seven passes and two fails in the last two years, with this month’s performance rating ‘Stable’.
ItW Std: 100.00%
ItW Std (o/a): 100.00%
ItW Extd: 100.00%
ItW Extd (o/a): 100.00%
False positives: 0
Stability: Stable
Main version: 3.43.0/4.90G
Update versions: 3.43.0/4.91G
Utililab is a new name but another familiar face, being another from the Preventon school. It provided few surprises, with a fast install and a clear, simple interface. There were a number of wobbles (some of them quite serious), reasonable speeds, fairly light overheads, average resource use and average impact on our set of tasks.
Detection was mediocre, but the core sets were well handled, earning Utililab a VB100 award on its first attempt; stability was deep into ‘Fair’ territory.
ItW Std: 100.00%
ItW Std (o/a): 100.00%
ItW Extd: 100.00%
ItW Extd (o/a): 99.91%
False positives: 0
Stability: Fair
Main version: 3.43.0/4.90G
Update versions: 3.43.0/4.91G
A slightly more familiar name for another member of the same group, UtilTool’s version had the same fast set-up and clear GUI, and the same stability woes. Speeds were just as reasonable, overheads just as light, resource use around the same average level, but a little slower over our set of tasks for some reason.
Detection figures were similar – no more than respectable in most areas, a little disappointing in the proactive part of the RAP sets, but there were no issues (eventually) in the WildList or clean sets, and a VB100 award is earned by UtilTool – it now has one pass and one fail in the last six tests; three passes and two fails in the last two years, with all previous entries using a different engine. Stability rates only ‘Fair’.
ItW Std: 100.00%
ItW Std (o/a): 100.00%
ItW Extd: 100.00%
ItW Extd (o/a): 99.91%
False positives: 0
Stability: Fair
Main version: 3.43.0/4.90G
Update versions: 3.43.0/4.91G
One final product to report on, but not much new to say, as Vexx Guard is yet another Preventon/Sophos solution, with all the same pluses and minuses – speeds were mostly decent, including the set-up time; overheads and resource use were light, while the interface is pleasant and usable but prone to instability.
Detection was not great, but not too bad either, dropping off sharply in the RAP ‘Week +1’, but the certification sets were properly dealt with after some initial inaccuracy, thus earning Vexx Guard a VB100 award. That’s its second pass from three entries this year, with the fail using a different engine. Stability was again rated only ‘Fair’.
ItW Std: 100.00%
ItW Std (o/a): 100.00%
ItW Extd: 100.00%
ItW Extd (o/a): 99.91%
False positives: 0
Stability: Fair
Two additional products were submitted for testing, but we were not able to include them in the final report thanks to a lack of detailed results. UnThreat Antivirus was found to be too unstable to complete any but the simplest parts of the tests and was quickly sidelined. Xango Psafe Protege fared better, but thanks to problems with logging we could not accurately judge its performance, and opted to leave it out for the time being – we expect to see both products covered properly in future tests.
(Click for a larger version of the table)
(Click for a larger version of the table)
(Click for a larger version of the table)
(Click for a larger version of the table)
(Click for a larger version of the table)
(Click for a larger version of the table)
(Click for a larger version of the table)
(Click for a larger version of the table)
(Click for a larger version of the table)
(Click for a larger version of the table)
(Click for a larger version of the table)
(Click for a larger version of the table)
(Click for a larger version of the table)
(Click for a larger version of the table)
(Click for a larger version of the table)
(Click for a larger version of the chart)
(Click for a larger version of the chart)
(Click for a larger version of the chart)
(Click for a larger version of the chart)
This proved to be a rather stressful test, with this report scrabbled together a long time after we had hoped to have it published. The lateness is due to a variety of factors: testing was interrupted by travels, jury service and illness, but the main headache was the large number of problems with the products, which made for much more intensive work than would have been ideal; many tests had to be re-run or nursed gently through as scanners and particularly logging facilities proved unreliable at best, simply useless at worst.
There were some good points though, with a much higher than usual pass rate, although that may be partly due to the continuing clustering of products based on third-party engines. The three most popular engines this month were represented by no fewer than 28 separate solutions.
We also saw a rather significant impact resulting from our work to keep the proactive part of the RAP set as fresh as possible. In looking at the design of this part of the test, we hope to continue to improve accuracy and usefulness. As always, we welcome feedback and ideas from our readers – I hope to see many of you at our conference in a little over a week’s time.
Test environment. All tests were run on identical systems with AMD A6-3670K Quad Core 2.7GHz processors, 4GB DUAL-DDR3 1600MHz RAM, dual 500GB and 1TB SATA hard drives and gigabit networking, running Microsoft Windows 7 Professional SP1 (x32).
Any developers interested in submitting products for VB's comparative reviews, or anyone with any comments or suggestions on the test methodology, should contact [email protected]. The current schedule for the publication of VB comparative reviews can be found at http://www.virusbtn.com/vb100/about/schedule.xml.