VB100 Comparative review on Windows 8 Pro

2012-12-20

John Hawes

Virus Bulletin
Editor: Helen Martin

Abstract

John Hawes reports the results of this month's VB100 test on Windows 8 Pro - finding a decent set of performances from products on this brand new platform.


Introduction

It was rather an important test this month, with our first look at Microsoft’s all-new Windows 8, and at the products that are available for it. A recent report from AV-TEST, a month or so after the public release of Windows 8, found some 60 products from 26 different vendors were available for the platform. Our schedules meant that the test deadline fell a few days prior to the public release of the platform, and this seemed certain to pose the vendors a real challenge.

On the deadline day it was clear that several vendors were less than fully prepared for the new platform – or perhaps just short of confidence in their own wares – as a number of our regulars were absent. Of those that did manage to submit products, a few more were clearly far from ready, with bugs and crashes experienced in the process of simply setting the products up for an initial look on the deadline day. This meant that several were excluded from further testing, and also gave us plenty of data for our stability rating system. Of course, with such a new platform it was always possible that a few bugs and errors would crop up that were unrelated to the products being tested, so we had to be a little more lenient than usual when apportioning blame.

After winnowing out a few hopeless cases, our final tally of products was a reasonable 33, giving the team some hope that we might manage to catch up on our schedule and get the test completed before the end of the year. This would of course depend on how malleable and reliable those 33 products proved to be during the course of the test, so as always we settled into the testing area with all fingers firmly crossed, hoping for an absence of the usual horrors.

Platform and test sets

The lab team’s initial opinions on Windows 8 were a mixture of surprise, confusion, occasional grudging approval, bafflement, bewilderment and general loss of bearings. Designed very much for touch-screen devices, the user interface has been redesigned so radically as to leave seasoned PC users quite at a loss as to where things are. The install process is slick and glossy, and completed in reasonable time, but the process of setting up the test systems was long and slow, mainly thanks to time spent rummaging fruitlessly around trying to find some control which used to be easily accessible. Even something as basic as how to reboot the system took quite a while to figure out, and even when everything had been located and its position carefully memorized, things did not feel at all natural or straightforward. Perhaps with time the new approach will settle in and become second nature, but given that for the most part Windows has followed a consistent pattern for many years, it could be a slow and painful process. On top of the layout issues, we also observed some sluggishness in some areas, even on test hardware which seemed fairly high-spec when first acquired a couple of years ago.

Our use of the jazzy ‘modern’ set-up was thus kept to a minimum, but we did make sure we exercised it fully at the beginning, installing a wealth of popular apps from the nascent Windows app store system and adding them all to our clean set for false positive testing. As one of the team recently acquired a new printer, the bulk of the rest of the additions to the clean set this month were printing related, with the download areas of several major hardware providers scoured for useful, popular software which we hoped would not be flagged as malicious by any of our participants. After the usual tidying up and purging of older items, the final set came to just over 700,000 files, measuring around 180GB.

The WildList sets were based on the September lists which were released shortly before our 17 October deadline. Alongside we added our standard set of clean samples used for speed and performance measures, with some minor tweaks required to our automation system to ensure a smooth run on the new platform, and a RAP set built with samples first seen in the three weeks prior to the deadline and the week following it, the sets averaging around 20,000 files each after final processing and classification. Response sets were built as needed using the same system, with a set from each day for the week prior to each test run. Testing itself ran throughout November, with the bulk of each of the three runs completed within a week, and the final week of the month and the first few days of December devoted to the remaining RAP and performance tests. As far as possible products were treated in the same manner, running through the same set of processes on matching hardware in much the same order, to ensure equivalence for our stability ratings – the results of which we were particularly interested in on this brand new and highly challenging platform.

Results

AhnLab V3 Internet Security 9

Main version: 9.0.0.6 (build 462)

Update versions: 2012.10.17.30, 2012.11.06.00, 2012.11.12.06, 2012.11.15.00, 2012.11.19.05

We haven’t seen much of AhnLab lately, with only a single entry before this in 2012, but the company has obviously been keeping busy, with a major redesign of the product interface seen here for the first time. The installer provided was 133MB and ran through in around a minute with half a dozen clicks required. Updating was performed manually, taking around three minutes on average for the first run. The new GUI is a bit of a departure from the norm, with a rich blue colour scheme and functions divided into four main areas, each represented by a large ‘tile’ which fitted in nicely with Windows 8. Other settings were reached via less prominent links, but were fairly accessible and provided in reasonable detail. A log viewer system allows clear and simple visual access to the logs, which seemed complete and reliable and were easy to export to plain text for more detailed manipulation.

Scanning speeds were rather unpredictable, with one run over the local system partition taking close to two hours, while others needed little more than 20 minutes. On average, times were slow in the archives set, decent in the set of binaries, and pretty zippy elsewhere. Lag times were not too heavy, while RAM use was low, CPU use a little way above average and the time taken for our set of activities to complete was not bad.

Detection rates were pretty impressive in the Response sets, dropping fairly steeply into the final day, and decent in the RAP sets too, once again the very latest set of samples showing a significant decline. The WildList sets were well covered with no problems in the clean sets either, thus the product comfortably earns our first VB100 award on Windows 8. AhnLab’s test history is patchy, with now two passes from two entries in the last six tests; four passes and two fails in the last two years. This was the vendor’s first exposure to our new stability rating scheme, and with no issues to report it earned a ‘Solid’ rating.

ItW Std: 100.00%

ItW Std (o/a): 100.00%

ItW Extd: 100.00%

ItW Extd (o/a): 99.91%

False positives: 0

Stability: Solid

Avast Software avast! Free Antivirus

Main version: 7.0.4363

Update versions: 121017-1, 7.0.4386/121030-1, 7.0.4388/121109-0

A much more regular participant in our tests, it has been more than five years since we ran a comparative without a product from Avast. The current free edition was sent in as a svelte 94MB installer including all required updates for the offline tests, and the set-up process offered an ‘express’ route which needed only a couple of clicks. The offer to install Google’s Chrome browser and toolbars is included, and since it is selected by default, this was counted as part of the install itself. With the extra time needed for these additions the main installation took around six minutes, over half of which was taken up by the Google components, as far as we could measure. Updates were speedy though, averaging not much more than a minute over several installs. On some occasions, when a major product update occurred, a reboot was required.

The product interface remains very pleasant to look at as well as very simple to navigate and operate, despite providing an excellent degree of fine-tuning. It appeared to be very stable and reliable throughout testing, although at one point we did experience a blue screen incident. As we were not doing anything particularly related to the product at the time – in fact, simply opening a command prompt window – and the issue could not be reproduced despite our efforts to replicate the exact circumstances, at least part of the blame must be put down to the operating system, but the incident still counts against the product in our stability rating.

Scanning speeds were very fast, as usual, slowing only in the archive set when the scan settings were set to more thorough levels. Overheads seemed fairly low, but this figure will be skewed by the lack of full on-read scanning by default. Resource use was a little above average, but not a great deal, and our set of tasks ran through at a decent pace.

Detection rates were strong, with some excellent scores in the RAP sets, dropping off a little into the proactive week. The numbers were generally high in the Response sets too, with just a couple of off days throwing off the averages a little at either end of the scale. The core sets were dealt with cleanly though, and a VB100 award is easily earned, putting Avast on six passes in the last six tests; 11 passes and a single fail in the last two years. Stability was hit by the single freak incident, which was not repeatable, but rather unluckily for Avast was just severe enough to edge the rating into the ‘Fair’ category.

ItW Std: 100.00%

ItW Std (o/a): 100.00%

ItW Extd: 100.00%

ItW Extd (o/a): 100.00%

False positives: 0

Stability: Fair

AVG Internet Security Business Edition

Main version: 2013.0.2741

Update versions: 2614/5834, 2013.0.2743/2617/5875, 2013.0.2793/2624/2889, 2629/2905

AVG’s corporate desktop offering also provided an ‘express’ install option, although in this case two or three clicks were needed to reach this stage and a further two or three afterwards, making for a fairly average amount of user interaction anyway. Options are provided to set the default search provider to AVG’s secure system, and to install a toolbar, but rather politely these are not checked by default. The install itself, from a 134MB executable with the latest updates rolled in, takes a couple of minutes to run through, with fairly speedy online updates, adding only another couple of minutes; a reboot was required after most update runs.

The interface has been redesigned drastically, clearly aiming to fit in with the tiling style of Windows 8. It looks fairly clean and slick, but at times we found it rather tricky to navigate, with key options appearing greyed out and hard to spot thanks to the dark colour scheme. A solid level of configuration was available though, and logging, once found, appeared comprehensive and fairly reliable. However, an option provided regularly to ‘archive’ data seemed to make the logs vanish completely, and no amount of searching could retrieve those accidentally subjected to this action. We also observed some minor freezing of the interface under very heavy stress, which soon righted itself.

Scanning speeds were pretty zippy to start with, and very fast indeed in the warm runs, with overheads likewise improving hugely from an already impressive start. RAM and CPU use were both a shade above average but far from heavy, and our set of activities got through in good time. Detection was excellent – maintaining consistently high levels throughout the Response sets and the first few weeks of the RAPs, and tailing off a little into the later weeks. The core sets presented no problems, and AVG’s new-look product earns a VB100 award with some style, putting the vendor on five passes and one fail in the last six tests; ten passes and two fails in the last two years. With only some very slight issues with the interface and logging, a ‘Stable’ rating is earned.

ItW Std: 100.00%

ItW Std (o/a): 100.00%

ItW Extd: 100.00%

ItW Extd (o/a): 100.00%

False positives: 0

Stability: Stable

BeyondTrust Blink Professional

Main version: 6.0.2

Update versions: 1.1.2352, 1.1.2373, 1.1.2352, 1.1.2392

The company formerly known as eEye Digital Security continues to operate seemingly unchanged, with the business version of the Blink product much the same as ever. The installer was a fair size at 281MB, including all required data, but it installed fairly speedily, taking only a couple of minutes despite its multiple components – much of the time was spent installing Visual Studio runtime software. Updates became noticeably slower later in the month as more data had to be pulled down, going from just a couple of minutes in the early runs to close to ten minutes later on when over 250MB was downloaded, but reboots were not required.

The interface is simple and fairly easy to navigate, providing a little more than the basics for the anti-malware component. Logging is reliable and comprehensive, although rather wasteful with large chunks of text repeated multiple times throughout. Scanning speeds as ever were rather slow, and overheads also pretty hefty, but RAM use was fairly low and CPU was above average but not outrageous. Our set of tasks took just a fraction longer than the average for the month.

Detection started well in the RAP sets but declined quite steeply into the proactive week, while Response scores started no more than respectably and also showed a fairly sharp drop as we moved to more recent samples. The clean sets saw only a handful of suspicious alerts, including one for an item of adware and one for an application of some sort which was considered worthy of a mention. The WildList sets were mostly handled well but a single item went unobserved in both modes in all three runs – a problem that has occurred in previous tests and which is still being investigated. As a result, BeyondTrust cannot be granted a VB100 award this month, the vendor’s history showing three passes and two fails in the last six tests; seven passes and three fails in the last two years. Stability was faultless however, earning a ‘Solid’ rating.

ItW Std: 99.81%

ItW Std (o/a): 99.81%

ItW Extd: 100.00%

ItW Extd (o/a): 100.00%

False positives: 0

Stability: Solid

Bitdefender Antivirus Plus 2013

Main version: 16.23.0.1619

Update versions: 7.43739/7645988, 7.43919/7843510, 7.44063/8000253, 7.44094/8001721

Bitdefender has implemented a fairly drastic overhaul of its image of late too, with its products, logo and slogans all updated to a new style – however, its performance continues along the same solid lines as ever. The package provided this month – a fairly large 258MB – offers to download the latest version if available, then provides a single-click, catch-all options page, including the acceptance of a EULA which is not actually displayed. A few further clicks are required after the speedy main install, with options to operate in ‘auto pilot’ mode, and to start a trial, or log into a user account using various shared login systems including Facebook and Google accounts. When the GUI was up and running, it reported a problem with the web filtering system – something which seemed to persist across a number of installs. The product does not mention that an update might be required in its list of known issues, but manual updates were very rapid indeed, taking no more than 30 seconds, perhaps in part thanks to the process of fetching new install packages when available.

The interface is dark and foreboding, and it is not immediately clear how to go about operating it, but with a little trial and error it soon reveals its secrets, providing a comprehensive range of controls. Logging is stored in an XML format, which appears complete, detailed and reasonable easy to work with.

Scanning speeds were pretty decent, speeding up considerably in some but not all of the warm runs, with overheads very light with the default settings, a little heavier with things turned up to the max. Resource use was on the low side though, with a decent time taken to complete our set of activities too.

Detection was very solid through most of our Response sets, dropping off only slightly into the later few days, and RAP scores were decent for the most part, but in the oldest of the weeks our scans repeatedly crashed out. We tried breaking things down into ever smaller chunks, but inevitably some samples went unchecked as the scanner simply couldn’t get past some of the things that were causing it some nasty problems. This seems to have caused a noticeable dip in the scores for that week, with the others all very impressive indeed. The core sets presented no such issues though, the product sailing through the WildList and clean sets without trouble and easily earning a VB100 award – maintaining Bitdefender’s excellent record of 12 passes in the last two years. Stability was shaken somewhat by the crashes under heavy stress in the RAP sets, earning the product only a ‘Stable’ rating.

ItW Std: 100.00%

ItW Std (o/a): 100.00%

ItW Extd: 100.00%

ItW Extd (o/a): 100.00%

False positives: 0

Stability: Stable

BullGuard Antivirus 2013

Main version: 13.0.252

Update versions: 13.0.0.30/13.0.0.15/7.43919

Using the Bitdefender engine behind the scenes, BullGuard’s front end has also had some polishing up in recent months. The installer measured 163MB this month, and required only a couple of clicks before blasting through its set-up in very quick time. Updates are a little slower, most runs having two stages of downloading and implementation, and in most cases requesting a reboot, sometimes quite a while after the process had apparently completed.

The interface is very minimalist, but reasonably simple to burrow down into to find some decent controls. Responsiveness and stability were pretty good throughout testing; logging is in a rather gnarly XML format, which is easy to access using the product’s built-in log viewer system, but on occasions this refused to open larger logs, leaving the user obliged to analyse them manually, which is a less than pleasant task.

Scanning speeds were pretty decent, with some warm runs closely mirroring initial rates while some zipped through in no time at all. File access lags were not too bad, and resource use and impact on our set of activities were also pretty low.

Detection was excellent though, with just a slight decline in the last few days of the Response sets, and the RAP sets were handled superbly, even the proactive week showing an impressive score. The core sets were handled impeccably, earning BullGuard a VB100 award this month too, and raising its tally to five passes from five entries in the last six tests, only the annual Linux test having been missed, and ten passes from ten entries in the last two years. The log viewer failing to display extra-large logs was the only issue noted, thus a ‘Stable’ rating is earned.

ItW Std: 100.00%

ItW Std (o/a): 100.00%

ItW Extd: 100.00%

ItW Extd (o/a): 99.96%

False positives: 0

Stability: Stable

Commtouch Command Anti-Malware

Main version: 5.1.20

Update versions: 5.3.20/201210171259, 201211061437, 201211141016, 201211201350

Having shown no signs of a redesign for quite a while, Commtouch’s product came as the usual tiny 14MB installer, with offline updates not large either at 28MB. Set-up is fast and simple – there were all the usual steps to click through, but the actual work of putting files into place and so on was over in a flash, and online updates were very speedy too, averaging little more than 30 seconds with no reboots required.

The interface remains pretty basic, providing a reasonable level of control, and giving the user no opportunity to lose their bearings. Logging is straightforward, seemed reliable, and was easy to export from the viewer utility. Speed measures were hampered by crashes when trying to scan the local C: drive – these were repeated every time we attempted the job, so in the end no time could be recorded for this task. Other speed sets were handled better, but we also observed several more crashes in the clean sets. On-demand speeds were fairly slow, with overheads very high on access, and while RAM use was fairly low, CPU use and impact on our set of tasks were both very high indeed.

The scans of infected sets were also hit by numerous GUI crashes, which were adjudged less serious here thanks to the unusual stress levels, but they still slowed things down considerably and hampered our efforts to cover all our sets. Eventually, a reasonably complete set of results were gathered, showing some fairly poor scores in the RAP sets, but much more impressive numbers in the Response sets, at least until the very freshest days, indicating a heavy reliance on cloud scanning to cover the most recent threats. The WildList set was properly dealt with on demand, but on access several items were missed, which may well be for similar reasons. In the clean sets a number of items – including packages from Canon, Lexmark and HP – were flagged as malware. Commtouch is thus denied a VB100 award this month by some margin, its test history showing two passes and three fails in the last six tests; four passes and six fails in the last two years. Multiple crashes of the on-demand scanner component, including repeated failure to complete basic checks of the local system drive, tip the stability score over the edge into ‘Buggy’ territory.

ItW Std: 100.00%

ItW Std (o/a): 99.81%

ItW Extd: 100.00%

ItW Extd (o/a): 99.83%

False positives: 3

Stability: Buggy

Emsisoft Anti-Malware

Main version: 7.0.0.10

Update versions: 7.0.0.12

After a long partnership with another provider, this month sees the first appearance of a new incarnation of Emsisoft’s product, which now features the Bitdefender engine alongside the company’s own efforts. The fairly large 218MB installer provided few surprises though, following the standard flow and completing in a minute or so, with online updates adding little more than half a minute to the total set-up time. The GUI is little changed, having had a minor refresh a few months ago. It looks fairly good, with a few quirks in the design here and there, but it has a decent layout and a good basic set of controls. It also seemed fairly stable for the most part, with just the occasional wobble under heavy pressure. Recent issues we have experienced with scans crashing out were much less evident this month, with only a couple of incidents encountered.

Scanning speeds were on the slow side over archives and binaries, but pretty speedy elsewhere, with overheads reasonably light across the board, but especially so in our set of miscellaneous files. Resource use was pretty low, and our set of tasks ran through in around average time for the month. Detection was excellent, even in the RAP sets, where we had to use a slightly older version of the detection data thanks to file-corruption issues with the build originally downloaded.

The WildList was well covered, and with only a few alerts on toolbars in the clean sets, a VB100 award is easily earned by Emsisoft. The vendor’s history is less than edifying, with now two passes and three fails in the last six tests; two passes and eight fails in the last two years. However, given the significant changes under the hood, this should be the start of a new and much more successful era for Emsisoft. With only a few problems scanning large infected sets, a ‘Stable’ rating is earned.

ItW Std: 100.00%

ItW Std (o/a): 100.00%

ItW Extd: 100.00%

ItW Extd (o/a): 100.00%

False positives: 0

Stability: Stable

eScan Internet Security Suite for Windows

Main version: 14.0.1400.1284 DB

Update versions: N/A

Another product based around the Bitdefender engine, again with a little extra added, eScan has been a regular entrant in our tests for many years, having missed only one test in the last five years. This month saw another fairly dramatic redesign, timed to coincide with the release of Windows 8. The installer provided was a jumbo 397MB, and ran through the standard steps to complete in a minute or so, with updates then taking another half minute to finish off the process. On one occasion the updating GUI opened but then vanished immediately and could not be reopened, but the process seemed to complete successfully and on restarting the main interface all was set back to normal again. No reboot was needed to complete the set-up.

The new interface is another dark, eye-straining thing, with most of the text in grey on a black background, occasionally highlighted in green. Again a tile effect has been worked into the layout to reflect the styling of the new platform, with areas devoted to a set of eight components, each providing some statistics or status information on the component in question (for those with eyes keen enough to make it out amid the gloom). Configuration is impeccable though, much closer to the old familiar style once we get away from the home screen, and logging is clear and complete too. From the configuration screens we could see that this was a late-stage beta.

Scanning speeds were a little on the slow side, but overheads were not too bad, and resource use was fairly low, with a low impact on our set of tasks too. Detection was excellent across the board, with no issues in the core sets and a VB100 award is comfortably earned. The product’s test history stands at an excellent six passes in the last six tests; 11 passes and a single fail in the last two years. Only a single, very minor issue with the updating interface was observed, thus the product easily earns a ‘Stable’ rating.

ItW Std: 100.00%

ItW Std (o/a): 100.00%

ItW Extd: 100.00%

ItW Extd (o/a): 100.00%

False positives: 0

Stability: Stable

ESET NOD32 Antivirus 5

Main version: 5.2.9.1

Update versions: 7597, 7661, 7688, 7706

Barring any shock upsets, ESET should complete a full decade of passing every single VB comparative in a few tests’ time. The company’s product seemed fully ready for Windows 8, with the standard, compact 65MB installer running through familiar stages to complete within a couple of minutes. Updates added around another minute on average, although in some cases it was less than straightforward to achieve this, as no option to apply a licence was given – the update run simply failed with the message that no licence was in place.

The interface remains unchanged, looking efficient and businesslike, but not unattractive. A vast wealth of fine tuning is provided under the covers in a reasonably clear and simple way, although there seems to be some duplication of controls and some items we might expect to see appeared to be absent. Operation was mostly stable, but the interface did crash a few times, mostly when under heavy stress such as during on-access runs over large sets of infected samples. Despite the crashes, protection seemed to remain rock-solid throughout. Logging is well displayed in a viewer utility, which again is a little less than obvious in its usage but seemed reliable (although, rather oddly, when asked to export to file, it defaults to saving things to the System32 directory).

Scanning speeds were splendid, almost up to the exemplary speeds of old, with warm runs mostly very quick indeed, while overheads were extremely light. RAM use was very low, CPU use also below average, and our set of tasks ran through in very quick time. Detection was excellent, with reliably high scores throughout the Response and RAP sets, and with the core sets handled perfectly ESET adds yet another VB100 pass to its tally, maintaining its impeccable 12 out of 12 in the last two years, with no fails recorded since 2001 and no tests missed since May 2003. A few interface crashes were observed under stress, but a ‘Stable’ rating is still well deserved.

ItW Std: 100.00%

ItW Std (o/a): 100.00%

ItW Extd: 100.00%

ItW Extd (o/a): 100.00%

False positives: 0

Stability: Stable

ESTsoft ALYac Enterprise

Main version: 2.5.0.18

Update versions: 12.4.26.1/451761.2012101113/7.43686/7679200.20121010, 12.4.26.1/455958.2012110618/7.43911/7841561.20121105, 12.4.26.1/457201.2012111318/7.43979/7903168.20121112, 12.4.26.1/458391.2012112018/7.44050/7984770.20121119

Yet another product using the Bitdefender engine, ESTsoft’s offerings have made a number of appearances on our test bench in the last year or so with wildly varying success – some performing excellently, while some, as in the last test, have been too unstable even to make the full report. We hoped for better things this month. The installer measured 153MB and ran through quite a few stages, completing in only a couple of minutes. We have had some issues with the stability of the updater in recent tests, but this time all seemed well, with the process completing within a couple of minutes and indicating successful implementation of data from the current date. No reboot was needed.

The product interface is busy and bustling, but not too cluttered, and a reasonable range of controls is within fairly easy reach. Operation seemed smooth and reliable for a change – the logging system was extremely slow to export, and in a rather bizarre layout, but was apparently complete and fairly readable. Scanning speeds were pretty zippy, with nice light overheads, and resource use was very low indeed, although our set of activities did take a fair amount of time to get through.

Detection rates were a little disappointing though, especially compared to other products this month that are based on the same engine – RAP scores started a little below par and dropped off rather rapidly; Response numbers were distinctly low from the off and plummeted catastrophically into the last few days. At first we assumed this meant that the updates hadn’t been as successful as they had seemed, but looking closer at the response numbers showed no indication of this – instead it just appeared that detection data was updating, but still lagged some way behind current. At the time of going to press no explanation for this had emerged from discussions with the developers.

In the core sets, no false positives emerged in the clean set but in the WildList sets, again rather bizarrely, a number of items were missed consistently across both modes and in the three runs, from both the traditional and Extended sets. This meant no VB100 award could be given to ESTsoft this month, putting the vendor on two fails and one pass from three entries in the last six tests (not including aborted attempts); two passes and two fails in the last two years. Stability seemed mostly good, with a few minor judders in the interface and a few scans aborting thanks to overuse of memory – thus the product just about scrapes a ‘Stable’ rating.

ItW Std: 99.62%

ItW Std (o/a): 99.62%

ItW Extd: 98.38%

ItW Extd (o/a): 98.38%

False positives: 0

Stability: Stable

FileMedic Antivirus 2012

Main version: 1194

Update versions: 1234

A new name for our testing rosters, but not an entirely new company, Poland’s FileMedic was only formed last year but inherited much of its team from MKS, whose old product line MKS_vir is something of a veteran in the industry. Having been quiet for some time, MKS_vir re-emerged a couple of years ago and some products were sent in for us to look at. However, over several attempts few were found stable enough to be included in a full comparative, and only a single fairly disastrous appearance was managed. Now the product returns under a new name and with a new look, and on this occasion we finally managed to cobble together some usable results.

The package submitted measured 105MB, and installed in a fairly standard process which took less than a minute. Updates appeared to be manual only, and ran for around three minutes on average. A reboot is required to complete the installation process, but the message warning of this is rather shy and retiring, fading away after 30 seconds, and is thus easy to miss. The interface is a little basic but clean and crisp, with very little by way of fine-tuning controls, focusing mostly on information rather than options.

Operation was for the most part reasonably smooth and reliable though, at least for the on-demand component, with a few scans crashing out but most making it to completion without too much coaxing. On-access runs through the infected sets seemed to work OK, although clearly not much was detected. However, trying to gather our performance results proved rather difficult: on the first two attempts, the on-access component simply gave up under the pressure (of having lots of clean files accessed, copied around and so on) and shut down – manual restarting proved effective only for a few moments in most cases. Eventually we managed to get all parts to complete with the product awake and active, but this was far from straightforward. The numbers gathered showed some fairly sluggish scan times on demand, with on-access overheads pretty heavy, high resource use and a slow old time of it getting through our set of activities.

Detection rates were not good, with little to get excited about in the Response sets; initial RAP results were gathered, but it quickly became clear that the build submitted was far from up to date on the test deadline, so the numbers would have been of little relevance. The WildList sets were actually relatively well covered, with not too much missed, but coverage was still some way off perfect, and in the clean sets there were quite a few false alarms – many of them under the same few detection IDs, suggesting that a handful of rogue detections were causing the bulk of the issues. Thus no VB100 award can be granted to FileMedic on its first official appearance, but things are certainly looking up and with some more hard work we could see it reaching the required standard in the not-too-distant future. Stability remained something of an issue, particularly with the problems involving the on-access component staying alive. Repeated serious incidents put the score well into the ‘Buggy’ category.

ItW Std: 99.75%

ItW Std (o/a): 99.75%

ItW Extd: 96.98%

ItW Extd (o/a): 97.66%

False positives: 46

Stability: Buggy

Filseclab Twister Antivirus 8

Main version: 8.1.5.6709

Update versions: N/A

A slightly more familiar name, but one that still has not quite made the grade to achieve its first VB100 award, Filseclab continues to soldier bravely on, showing small improvements from test to test. The latest offering came as a 149MB package, with offline updates measuring a compact 5.4MB, and ran through the usual steps to install quite quickly. With the initial set-up complete, a brief survey probes the user’s knowledge of security matters, including such questions as ‘have you ever used anti virus before?’ and a list of terms which you may or may not recognize. Based on the user’s responses, the knowledgeable user is offered a ‘Pro’ mode, while novices are recommended ‘Standard’ mode – this appeared to make minimal difference though, the only change we spotted being the enabling of a ‘Registry Defense’ module in the more advanced mode. While all products saw some prompts for the UAC system during installation, here we saw further prompts when choosing to activate a trial mode, and also when running a manual update, which clocked in at just over two minutes on average for the first run.

The interface has been updated significantly for this latest version, adopting a much more familiar look and feel compared to previous iterations. It is sharp and clear, with a decent range of options provided, and seemed easy to navigate. It also ran very stably, with no significant issues to report. Logging is provided with its own display system, and can be exported in a clear, usable manner.

Scanning speeds were distinctly slow in the initial runs, but barely noticeable in the warm runs, while lag times on access were very much on the heavy side. RAM use was low, but CPU use was very high indeed, and our set of tasks didn’t get through as quickly as we would have liked. Detection rates were pretty decent in both the RAP and Response tests, but the WildList sets were well short of the level required, and in the clean sets we saw a number of false alarms too, including alerts on items from Buffalo, SAP and Adobe and popular tools such as WinAmp, MySQL and Java.

Thus once again Filseclab is denied a VB100 award, but its upward trend continues and the developers must remain hopeful of making the grade fairly soon. The test history for this product shows three entries in the last six tests, five in the last two years, all without success. The developers can be most proud of their stability this month, scoring a perfect zero and meriting a ‘Solid’ rating.

ItW Std: 95.39%

ItW Std (o/a): 95.39%

ItW Extd: 88.72%

ItW Extd (o/a): 88.72%

False positives: 5

Stability: Solid

Fortinet FortiClient Lite

Main version: 4.3.5.472

Update versions: 5.026/16.550, 5.026/16.647

This month Fortinet presented us with a rather different product from what we are used to: its ‘Lite’ edition. The install package lived up to its name, measuring just 12MB, with an offline update bundle a slightly heftier 145MB. Set-up was pretty simple, although the option to ‘optimize’ to the system had us thinking for a moment or two. With this request bypassed, the process completed in little over half a minute. Online updates added a couple of minutes on average.

The interface for this version is a little more cuddly and novice-friendly than Fortinet’s usual stark, efficient business product line, pared down to remove all the configuration options and other things that the likes of us find useful, but which are considered too scary for some everyday users. The developers provided us with registry tweaks to disable some of the automatic cleaning and quarantining to speed our tests along, but we didn’t have much luck implementing these so we carried on as was, and didn’t do too badly. Logging was as complete, clear and readable as ever.

Scanning speeds were not the fastest, but were mostly fairly reasonable, while overheads were a little high at first but much lighter in the warm runs, very sensibly. Resource use was low and our set of activities got through in pretty good time too. Detection tests were a little slower than usual thanks to the extra work of quarantining, and in large sets the product showed a lack of restraint, managing to flood the system drive with all the items it was hiving off and slowing the machine to a sleepy snail’s pace.

Things soon returned to normal though, and numbers looked good, with both RAP and Response sets covered excellently at the start, dropping off a little into the most recent samples. The core sets were properly handled, with no false positives or WildList misses, and Fortinet comfortably earns a VB100 award with its ‘Lite’ solution. The test history shows five passes from five entries in the last six tests; nine passes and one fail in the last two years with only the annual Linux comparatives not entered. With some bogging down of the system thanks to careless quarantine management noted (but only likely to occur under extreme stress), a ‘Stable’ rating is earned.

ItW Std: 100.00%

ItW Std (o/a): 100.00%

ItW Extd: 100.00%

ItW Extd (o/a): 100.00%

False positives: 0

Stability: Stable

F-Secure Client Security

Main version: 9.50 build 139

Update versions: N/A

A pair of products once again from F-Secure, with the apparent divide being into business and consumer solutions (this appears to be the corporate offering). The installer provided was a 65MB executable, accompanied by 148MB of updates. Set-up posed the usual questions, completing in a minute or so. An initial update request reported that all was in order on one occasion, with the actual update then starting 30 seconds later; on all runs the update process reported completion within a minute, but it was clear that the product was not fully installed and functional for some time after that – around 10 minutes as far as we could tell.

The interface is familiar from several years of testing: chilly and stark with minimal controls, but fairly well laid out and accessible. The display seemed a little wonky at times though, with some screens showing text cut off halfway down, and as in past tests we had some issues with the system getting a little caught up in itself after the on-access tests, on-demand scans becoming impossible until after a reboot. Logging, as ever, was a little precarious, written only at the end of scans and only storing data from the most recent job, but in a reasonably usable HTML format.

Scanning speeds were easy to gather though, with initial times good and warm runs lightning fast. Overheads showed a similar pattern – initial runs perhaps just a little on the high side but warm runs much improved, although we were unable to persuade the product to scan more than the default list of file extensions in either mode. RAM use was very low but our CPU measurement is a negative figure – a rare occurrence. This is explained by the very long time taken to get through the set of activities – apparently during this period the system was just about idle, thus bringing down the CPU average to well below the figure recorded in the baseline runs where action was rapid and non-stop. Presumably most of this idle time was spent waiting for response from cloud look-up requests.

Detection rates were pretty solid, although a couple of the Response sets fell below the level we would expect from a product incorporating the Bitdefender engine, knocking the averages a little. The RAP sets were also below expectations after the first week, although still highly respectable. We could only surmise that these shortfalls were due to problems with logging, as observed in many recent tests.

The WildList sets were well handled though, and with just a couple of items in the clean sets flagged as suspicious by the cloud look-up system, F-Secure’s business offering earns a VB100 award without too much fuss. With participation a little irregular of late, it now has two passes and one fail from three attempts in the last six tests; seven passes and one fail in the last two years. A few wobbles in the interface when faced with a little stress testing mean no more than a ‘Stable’ rating.

ItW Std: 100.00%

ItW Std (o/a): 100.00%

ItW Extd: 100.00%

ItW Extd (o/a): 100.00%

False positives: 0

Stability: Stable

F-Secure Internet Security 2013

Main version: 10.00 build 18410

Update versions: N/A

The second of F-Secure’s solutions this month came in a very different format, with nothing more than a tiny 800KB downloader sent in. As product installation can only be done via the Internet, and the decision to submit was made rather late in the day, it was not possible to include it in the RAP tests. Set-up itself was fairly painless, with all the necessary downloading and implementation undertaken in good time, and the main install completed in not much more than a minute and a half. Once again, this appeared to include a successful update, but on checking more closely we found it still (very quietly) reporting a number of components yet to fall into place.

The interface is much the same as the business version, although is complemented by a ‘launchpad’ component from which one can access several other packages besides the anti-malware solution. Initial test runs proved rather troubling, with the on-access component apparently turning itself on and off again repeatedly during the WildList set. Several runs showed the same pattern of detections and misses. Retrying the same task some time later proved much more successful, but still not quite as complete as we would have liked, while reinstalling a week, and then a fortnight later, the issue seemed to have gone away entirely with no intervention from us – presumably having been spotted and fixed by the developers. Again, logging was not to our tastes, but for on-demand work at least it appeared to be recording complete data, as long as the data was caught and backed up before being overwritten on the next scan. On-access logging seemed to be absent.

Scanning speeds were excellent though, again showing impressive improvements in the warm runs in both modes, but with no option to expand the coverage to include non-standard extensions. RAM use was low, but again the activities time was sky-high – considerably higher even than its sister product – and this meant another negative CPU measurement thanks to long idle periods.

Detection was hard to criticize however, with excellent rates across the board, although sadly no RAP scores could be recorded. The issues in the first on-access run knock the averages down a little, but fortunately for F-Secure they only affected the Extended WildList, for which we do not (currently) require full coverage on access. With 100% in the subsequent two runs, and again just a couple of cloud based suspicious alerts in the clean sets, a VB100 award is merited. Our test history for F-Secure’s secondary product line is a little sparse these days, with two passes from just two entries in the last six tests; three from three in the last two years. Some nasty issues were noted in one of the runs, along with some more trivial wobbles, but as the more serious problems occurred only under heavy stress and were not repeated on later runs they do not totally undermine the stability rating, leaving a score firmly in the middle of the ‘Fair’ zone.

ItW Std: 100.00%

ItW Std (o/a): 100.00%

ItW Extd: 100.00%

ItW Extd (o/a): 99.82%

False positives: 0

Stability: Fair

Hauri ViRobot Internet Security 2011

Main version: 2012-10-17.00 (7645988)

Update versions: N/A

Hauri is yet another user of the popular Bitdefender engine, and another with which we have had a few problems in the past, most notably with updating not playing ball. This month’s submission came as a 187MB installer, which followed the standard path until a quick scan was offered prior to the actual installation. With this step skipped, the whole process took not much over a minute. Updating generally ran for around 30 seconds before halting with a message informing us that we already had the latest updates, but as in several previous tests the version data on the main screen did not change, sullenly insisting that it dated from the initial deadline. No amount of coaxing, cajoling, rebooting and retrying seemed to change this, and the same situation applied on at least four installs on different, fresh hardware each time.

The product interface is fairly shiny and pleasant to look at, and provides some reasonably decent configuration, although it is a little confusing in parts. Apart from the updating fail it seemed to respond well and remained stable under all test scenarios. Logging was comprehensive, reliable and usable. Scanning speeds were a little on the slow side, overheads perhaps a little high in some areas, but resource use was low, especially CPU use, and our set of tasks tripped through very quickly indeed.

Scores were excellent in the RAP sets, closely matching those of most similar products using the same engine, but the Response scores dropped off sharply through the three runs thanks to the lack of functioning updates, resulting in less than excellent averages. The core sets were properly handled though, and a VB100 award is technically earned despite the absence of any updates through the entire month of testing.

Hauri now has four passes from four attempts in the last six tests; four passes and two fails in the last two years. There wasn’t much else to complain about besides the updating issue, but the significance of it, coupled with its repeatable nature, mean a ‘Buggy’ rating.

ItW Std: 100.00%

ItW Std (o/a): 100.00%

ItW Extd: 100.00%

ItW Extd (o/a): 100.00%

False positives: 0

Stability: Buggy

Ikarus anti.virus

Main version: 2.2.12

Update versions: 1.1.122/82526, 82676, 82733, 82784, 82855

Having been unlucky with false positives in the last few comparatives, Ikarus rejoins us hoping for a change of fortunes this time. The install package was a small 23MB, with 89MB of updates provided for the RAP tests. The set-up process includes the downloading and implementation of the .NET framework, so took rather longer for us than it might for those who already have this in place on their systems. The actual set-up of the product itself is fairly speedy, with few surprises along the way other than the option to join a feedback scheme hidden away on a greyed-out screen mainly dealing with update options. Updates were rapid, completing in around half a minute on average, and no reboot was needed to finish off the process.

The interface is pretty basic and a little clunky, providing a limited set of options, but it remained reasonably stable, juddering a little in the most stressful tests. Logging seemed complete and usable. Scanning speeds were a little on the slow side, and overheads rather heavy, with RAM use fairly low but CPU use a little high; our set of tasks got through in quite good time though.

Detection rates were superb in the Response sets, with only the most recent day showing any sign of decline, with excellent scores in the RAP sets too. The WildList set was well dealt with, and with a clean sheet managed in the false positive tests too, Ikarus regains its VB100 certified status with a very impressive performance. The vendor now has three passes and two fails in the last six tests; longer term things are not so impressive, with three passes and six fails. With just some minor freezing of the interface under pressure, a ‘Stable’ rating is well deserved.

ItW Std: 100.00%

ItW Std (o/a): 100.00%

ItW Extd: 100.00%

ItW Extd (o/a): 100.00%

False positives: 0

Stability: Stable

K7 Total Security

Main version: 12.2.0.151

Update versions: 9.153.7726, 9.154.7822, 9.154.7850, 9.154.7878

K7 tends only to appear in our comparatives on desktop platforms, but has managed to maintain a solid run of performances of late, with an excellent record for stability and a redesigned interface impressing with both its attractive, sensible design and its ruggedness. This month’s submission was an 84MB executable, which offered only a single dialog box with a stark ‘Agree and Install’ button to click. The set-up then took next to no time, followed by a couple of activation stages and a very fast update, the whole job done in little over a minute, including dithering time during the activation step.

The interface remains pleasing with its military styling, offering a good range of controls in a logical and consistent style. Logging is reliable, complete and usable by both humans and machines. Scanning speeds were a little slow in the sets of archives and binaries, but much faster elsewhere. Overheads reflected this pattern to a degree, with some excellent improvement in the warm runs. RAM use was a little above average, but CPU use very low, and our set of activities got through in reasonable time.

Detection was decent in the RAP sets, with a steady decline through the weeks, and not bad in the Response sets either, the final day showing a steep drop. The WildList sets were well handled, but in the clean sets a single item – part of a package provided by HP but apparently built by a third party – was alerted on as a trojan, which was enough to deny K7 a VB100 award this month despite a good showing elsewhere. The company’s test history now shows two passes and a single fail from three entries in the last six tests; four passes and one fail in the last two years. No stability problems were observed, earning the product a ‘Solid’ rating.

ItW Std: 100.00%

ItW Std (o/a): 100.00%

ItW Extd: 100.00%

ItW Extd (o/a): 100.00%

False positives: 1

Stability: Solid

Kaspersky Internet Security 2013

Main version: 13.0.1.4190 (b)

Update versions: N/A

A much more regular participant, Kaspersky rarely misses a test, with an entry in all but two of our comparatives going right back to 1998. The company’s current product came as a 161MB installer, which was installed and updated online on the deadline day at the request of the developers. The installation process requires minimal interaction and includes a stage of checking for incompatible software, completing in good time. Updates were rather slow though, taking up to ten minutes in some runs. On the last run it was announced that a major new version was available and should be downloaded – the extra several minutes this took added considerably to the overall average set-up time.

The interface has had a few more tweaks since we last saw it, but remains fairly familiar, with its unusual layout and design made a little easier to cope with thanks to regular practice. A comprehensive reporting utility gives access to copious logging data, allowing all manner of manipulation and easy exporting.

Scanning speeds were not too quick initially, but almost instant in the warm runs, with fairly light overheads on access. RAM use was fairly high, CPU use around average, with a reasonable time taken to complete our set of tasks too. Detection rates in the RAP and Response sets were excellent, showing only the slightest decline into the most recent sets, and the core sets were handled with great aplomb, comfortably earning Kaspersky another VB100 award to add to its collection. The product now has five passes and a single fail in the last six tests; eight passes and three fails with a single test missed in the last two years. Stability was impeccable, earning a ‘Solid’ rating.

ItW Std: 100.00%

ItW Std (o/a): 100.00%

ItW Extd: 100.00%

ItW Extd (o/a): 99.91%

False positives: 0

Stability: Solid

Kingsoft Antivirus 2012

Main version: 2012.SP3.5.040610

Update versions: 2012.08.23.20

Kingsoft, hailing from China, was a fairly regular participant in our comparatives for a spell of several years until going rather quiet around the middle of last year. The vendor now returns with an all-new product, boasting the Avira engine under the covers. The 84MB installer ran through very speedily with minimal interaction, with updates also extremely rapid, the whole job completing in little over half a minute on some attempts. Other attempts were slowed down by the updater crashing, which was clearly indicated and seemed fairly graceful, everything working again when it was retried.

The interface is colourful and bright, but provides only minimal controls, running fairly smoothly. Logging seemed clear and usable too, although one run over the RAP sets reported large numbers of detections on screen but far fewer in the actual logs; re running the scan in chunks proved more effective, implying that rather than simply pruning data to squeeze into size-capped logs, some kind of strange re-counting is performed, resulting in inaccurate and misleading logs.

Scanning speeds were very slow through the archive sets, although settings default to extreme thoroughness, and they were much faster elsewhere. Lag times were a little high but not too intrusive. RAM use was low, CPU use fairly high, with a decent time through our set of tasks.

Detection was excellent, as we have come to expect from the Avira engine (Avira’s own product is absent from this month’s test thanks to some Windows 8 compatibility issues that were discovered rather late in the day). The Response sets were demolished, only the most recent day dropping below extreme heights, while the RAP scores started very high indeed but tailed off a little into the later few weeks. The core sets were handled properly, comfortably earning Kingsoft a VB100 award for its new-look solution. Our test history covering the old product is split into multiple streams, and is perhaps not particularly relevant thanks to the major change in engine, but it now shows just this single pass in the last year; three passes and a fail in the last two years. Stability was a little shaky at times, with a number of minor GUI hitches and some unsettling oddities with the logging system, earning no more than a ‘Fair’ rating.

ItW Std: 100.00%

ItW Std (o/a): 100.00%

ItW Extd: 100.00%

ItW Extd (o/a): 100.00%

False positives: 0

Stability: Fair

Microsoft Windows Defender

Main version: 4.0.9200.16384

Update versions: 1.1.8904.0/1.137.1875.0, 1.139.1882.0, 1.1.9002.0/1.141.79.0

Something old and something very new here. Microsoft’s malware-battling strategy has been multi-pronged in the past: Windows Defender provided anti-spyware capabilities and was built into Windows Vista and Windows 7, and offered as a free extra for Windows XP. Meanwhile, full anti-virus was provided as a free add-on for home users in the form of Microsoft Security Essentials, and prior to that the commercial OneCare product. With Windows 8 we see Defender has matured to take on all the anti-malware features of Security Essentials, and is bundled in as part of the basic operating system. For the purposes of this test we had to disable its functionality in our base images, to allow other products to install happily and to enable us to record the performance of unprotected systems for our baseline measures. Now we see what happens when it is switched back on.

Installation was of course not an issue, but on each test run when the systems were booted to a fresh image some updating was required; this ran very rapidly, rarely taking more than half a minute to complete. The product interface is very similar to that of Security Essentials, slightly pared down with some of the options removed, leaving a very minimal set of controls. Operation is thus pretty idiot-proof, and stability seemed OK, although we did manage to cause a couple of minor interface crashes without exerting any particular stress on the product. Logging is detailed, if a little unfriendly, and on a couple of occasions appeared not to be recording in real time, dropping in some data only after the next system restart.

Scanning speeds were a little slow, with overheads a little high initially but speeding up a lot in the warm measures. Use of RAM and CPU were both well below average, and our set of tasks ran through very quickly too. Detection was pretty decent in both the RAP and Response tests, with only the most recent set showing a slight decline, and the core sets were properly dealt with, with no WildList misses or false alarms, thus a VB100 award is comfortably earned. As this is, strictly speaking, an entirely new product to our tests it has no history as yet, but looking over the past results for Microsoft’s corporate and consumer products – entered alternately in most of our tests – we can see a strong pattern of reliable success, with no fails recorded in the last two years. There were a few wobbles noted, but a ‘Stable’ rating is earned.

ItW Std: 100.00%

ItW Std (o/a): 100.00%

ItW Extd: 100.00%

ItW Extd (o/a): 100.00%

False positives: 0

Stability: Stable

MSecure Data Labs MalwareSecure Antivirus

Main version: 1.1.107.0

Update versions: 82526, 82696, 82741, 82795

Another new name for our lists, we first heard from MSecure Data Labs just a few weeks prior to the deadline for this test, but the company has apparently been in business for over ten years, focusing on providing easy to use anti virus and web security solutions. The product incorporates the Ikarus engine. The installer provided was compact at 16MB, with updates of 89MB also sent in for use in the RAP tests. The install process follows the standard path and completes very quickly, with updates also extremely speedy, the entire process not needing much more than half a minute to complete.

The interface is simple and angular with a vaguely unfinished feel; it provides some basic controls, and is mostly clear, but in places it uses rather baffling language and at times is less than intuitive. Options to scan archives on access were provided, but seemed to have no effect. Logging of on-access activities is displayed in the interface but seemed impossible to export to file, while on-demand logs appeared to be stored in the root of the C: drive by default. Responsiveness was hit in some of the heavier stress tests, with the GUI and indeed the whole system becoming a little sluggish, and after large scans a reboot was needed to get the interface straightened out, but in normal use it seemed fairly stable.

Scanning speeds were reasonable, if nothing too special, while overheads were very light indeed. Resource use was very low and impact on our set of tasks minimal. Detection was excellent, with just the most recent parts of the RAP and Response sets showing a fairly steep drop, and the WildList was well handled with nothing missed. A single adware alert was reported in the clean sets, but no false alarms, and MalwareSecure earns a VB100 award on its first attempt, with a promising future ahead of it. Stability of the interface was slightly suspect under pressure, but protection seemed undented, earning a ‘Stable’ rating.

ItW Std: 100.00%

ItW Std (o/a): 100.00%

ItW Extd: 100.00%

ItW Extd (o/a): 93.29%

False positives: 0

Stability: Stable

Norman Security Suite 10

Main version: 10.00

Update versions: 7.00.14, 7.00.16

The developers at Norman promised an all-new product this month, which was provided as a 258MB installer. This ran through quite a number of steps before it finally got down to business, and when it seemed complete it still took some time before the interface was accessible. Running updates was similarly fiddly, with messages that claimed a reboot was needed overlapping with the update process, and a few cycles of reboot-update-reboot-update were needed to get it all set up and working.

The new look is very different, with a proper interface as opposed to the previous browser-based attempt, featuring bright, bold minimalist styling, slightly mimicking the Windows 8 tile approach, and providing a reasonable basic set of control options. For on-demand scans a simple scanner GUI familiar from previous iterations is still available. Logging is good for the on-demand component, but less usable for the on-access data.

Scanning speeds were not bad at all – a little slow in the archive set where the defaults are set to fairly thorough levels, and overheads were a little high but at least showed some improvement in the warm runs. Resource use was low and our set of activities got through in good time.

Detection was impressive, with excellent figures in the early days of the Response sets, gradually decreasing into the more recent sets, with a similar pattern in the RAP sets where scores dropped steadily through the weeks. The WildList sets showed a handful of misses though, with the standard set at least fully covered by the time we got to the third of the three passes, and in the clean sets we noted a false positive as well. The developers admitted to having some issues, thanks to a fully rewritten and heavily optimized engine accompanying the new front end, and also let us know that the false alarm had been spotted and fixed before we pointed it out to them. No VB100 award can be given to Norman this month, but the work put into speeding things up seems to have paid off and recent improvements in detection seem to continue apace, promising good things for the future. The past looks pretty good too, our test history showing now a single fail and five passes in the last six tests; ten passes and two fails in the last two years. This month’s stability was very good, with no issues reported and a ‘Solid’ rating is earned.

ItW Std: 99.87%

ItW Std (o/a): 99.87%

ItW Extd: 99.76%

ItW Extd (o/a): 99.76%

False positives: 1

Stability: Solid

Panda Cloud AntiVirus Free

Main version: 2.0.1

Update versions: N/A

This is Panda’s second appearance in our tests this year, after a lengthy absence. There was no physical submission for the free cloud-based solution; instead we simply visited the website, fetched the downloader file and ran it each time we wanted to install the product. Even with this extra step the whole process never took anywhere close to a minute to complete, with minimal fuss.

The product GUI is fairly simple and clear, with little opportunity to get confused thanks to the minimal controls. The default logging is reasonable, but seems to be capped at some arbitrary size limit, making it less than ideal for our needs; an advanced logging option is available, leading to massively more comprehensive logs which seemed perfect, although lacking in some of the detail seen in the standard logs. However, towards the end of testing we realized that these too were limited in size, and that rather than deleting old logs (as seems to be the standard approach), once the limit is hit there is simply no more logging. This meant that some tests had to be re done, split into smaller chunks, to ensure we could gather all the information required.

Scanning speeds were not bad, and our file access lag time measurement looks excellent, although it should be pointed out that on-read scanning is only implemented for a very limited selection of file types. Resource use was very low, but again the limited on-read scanning will have impacted this measure, and our set of activities got through in good time. Detection was very good through the Response sets, with no RAP score possible thanks to the entirely cloud based nature of the product. The core sets were handled well with no issues, earning Panda its second VB100 award in as many entries this year. We did have a few wobbles, including a couple of ‘unexpected error’ messages during high-pressure tests, but for the most part things went smoothly, earning a ‘Stable’ rating.

ItW Std: 100.00%

ItW Std (o/a): 100.00%

ItW Extd: 100.00%

ItW Extd (o/a): 100.00%

False positives: 0

Stability: Stable

Qihoo 360 Antivirus

Main version: 3.0.0.3101

Update versions: 2012-10-17, 2012-11-06, 2012-11-13, 2012-11-20

Qihoo has become a pretty regular participant in our tests of late, the product including the Bitdefender engine. This month’s submission was a 135MB installer, with updates rolled in. It installed with a single click, completing the job in around half a minute. Updates seemed to be manual only, taking a couple of minutes on average. The interface has been much the same for a little while, looking sharp and shiny with a fairly straightforward layout and a decent level of configuration. Logging is clear, comprehensive and easy to work with.

Scanning speeds were OK – a little slow over archives thanks to thorough default settings, but not bad elsewhere. Overheads were very light, but as usual the real-time mode appears to operate rather differently from the norm, not actually intercepting file accesses but rather checking files as they are accessed and only reporting if they are adjudged malicious some time later; when running our on-access tests over the WildList, some detections were not logged for over an hour after the initial access attempt, with the logs insisting that access had been denied when it clearly had not. Memory use was rather high in our resource measures, while CPU use was low and our set of tasks took just a little below the average time to complete.

Detection was splendid, keeping pace with others based on the same high-performing Bitdefender engine and scoring well in all sets. The core sets presented no difficulties, with just a single item in the clean sets warned about as a possible archive bomb, and a VB100 award is earned by Qihoo. The vendor stands on three passes and one fail from four entries in the last six tests; five passes and two fails in the last two years. Stability was decent with a few minor wobbles, earning a ‘Stable’ rating.

ItW Std: 100.00%

ItW Std (o/a): 100.00%

ItW Extd: 100.00%

ItW Extd (o/a): 100.00%

False positives: 0

Stability: Stable

Quick Heal Total Security 2013

Main version: 14.00 (7.0.0.2)

Update versions: N/A

Quick Heal’s Total Security product has been with us for a year or so now, and seemed little changed for the new Windows version. The package provided was a fair size at 326MB, including all required updates. The install process was straightforward and fairly speedy, completing in a minute and a half including a quick scan of vital areas. Updates were also quick, averaging around 20 seconds for the initial run, although one attempt did freeze up, the dialog becoming unresponsive for quite some time.

The interface is bright and colourful, with a slightly unusual but thoroughly usable design and layout, offering a good range of controls. Logging is clear and detailed, but on-access logs cannot be exported, only viewed in the built-in viewer utility. Scanning speeds were a little slow in the archive set despite only minimal coverage of key archive types, but were speedy elsewhere, with light overheads on access. RAM use was very high – the highest recorded this month – but CPU use was barely noticeable, and our set of tasks got through in decent time.

Detection was a little underwhelming – fairly steady through the RAP sets but dropping off rather steeply in the last few days of the Response sets. The WildList was well covered though, and with no issues in the clean sets a VB100 award is earned. Quick Heal’s test history shows three passes and two fails from five entries in the last six tests; eight passes and three fails in the last two years. We noticed a couple of minor issues, including a GUI freeze, but nothing too serious, thus earning a ‘Stable’ rating.

ItW Std: 100.00%

ItW Std (o/a): 100.00%

ItW Extd: 100.00%

ItW Extd (o/a): 100.00%

False positives: 0

Stability: Stable

Roboscan Enterprise Solution

Main version: 2.5.0.18

Update versions: 12.4.26.1/451761.2012101113/7.43686/7679200.20121010, 12.4.26.1/455958.2012110618/7.43911/7841561.20121105, 12.4.26.1/457201.2012111318/7.43979/7903168.20121112, 12.4.26.1/458391.2012112018/7.44050/7984770.20121119

A close cousin of ESTsoft’s ALYac, the Roboscan submission came at the same time from the same source, and the whole testing experience was pretty similar for the two products. The 157MB package installed in a fair number of clicks, with quite some waiting time, and a couple of attempts saw the progress dialog freezing up completely for over 10 minutes while apparently running a file called ‘install.rse’. They did all complete happily in the end though. Updates were much more reliable than in past tests, with no problems running to completion.

The interface is simple and unfussy, providing a reasonable set of controls and plenty of information. It was mostly reliable, although on a couple of occasions things locked up quite nastily during high-stress scanning work, with messages warning about memory issues and on one occasion the entire system locked up, the screen black and unresponsive and a hard reset required to right things. The logging system is also a little inefficient, routinely taking a very long time to sort its data out into usable form, during which time the product cannot be operated.

Scanning speeds were pretty zippy though, with excellent improvement in the warm runs, and overheads were fairly light – again much better after initial familiarization. Resource use was very low, but our set of activities did take a little while to get through. Detection was again rather disappointing for the Bitdefender engine that supposedly underlies things, although update information appeared to show everything in order. Once again a handful of WildList items were not detected at any point during the test period, meaning no VB100 award for Roboscan. The company’s test history shows one pass and two fails from its three entries so far, all of which have been within the last six tests, and with a couple of additional entries aborted thanks to stability issues. There were a number of wobbles here again, including a couple of quite serious ones, but as these mostly occurred only under heavy stress a ‘Fair’ rating is just about earned.

ItW Std: 99.62%

ItW Std (o/a): 99.62%

ItW Extd: 98.38%

ItW Extd (o/a): 98.38%

False positives: 0

Stability: Fair

Sophos Endpoint Security and Control

Main version: 10.2

Update versions: 10.2.0/4.82G/3.36.2, 10.2.1/4.83G/3.37.2

Sophos is another contender for the position of the most regular participant in our comparatives, with only two no shows in the history of the VB100 scheme. This month’s submission came as a 99MB installer, with offline updates measuring just 9MB; fetching these on the deadline proved a little confusing, as different areas of the company website appeared to be serving different update bundles and we had to double-check to confirm we had the correct ones. The install itself is fairly speedy, although it requires quite a few clicks, highlighted as usual by the offer to remove ‘third party software’ – meaning, of course, other anti-virus products. We also noted that the option to install a firewall component was greyed out, presumably meaning that this part is not yet ready for Windows 8. No reboot is needed to complete, and updates are very fast, over in a matter of seconds.

The interface is efficient and businesslike, simple to operate with most options within easy reach and an extreme degree of control is available to those who really want it. Logging is all stored in a single file, which makes sense, and the format is reasonably lucid to the human eye and simple to process automatically. We did note a single odd error message, which occurred when temporarily disabling the on-access component, but it didn’t seem to be more than a minor bug in the interface.

Scanning speeds were a little slow to start off, but zipped through the repeat runs at a very rapid pace, while file access lags were similarly a little high at first but barely noticeable afterwards, at least until we turned the settings up to the max. RAM use was a fraction above average, but CPU use was low and our set of activities got through in excellent time.

Detection was solid, with some excellent scores in the earlier parts of the Response tests, tailing off rather sharply towards the end. RAP numbers declined more gently from a decent starting position. The WildList and clean sets presented no problems, and a VB100 award is well earned, putting Sophos on five passes and one fail in the last six tests; ten passes and two fails in the last two years. Just one very minor issue was noted, meaning the product earns a ‘Stable’ rating.

ItW Std: 100.00%

ItW Std (o/a): 100.00%

ItW Extd: 100.00%

ItW Extd (o/a): 100.00%

False positives: 0

Stability: Stable

SPAMfighter VIRUSfighter PRO

Main version: 7.1.274

Update versions: N/A

In April, in our most recent XP test, we saw the count of products based on VirusBuster’s engine almost hit double figures. Less than a year on and how much has changed, with VirusBuster no more, the engine now owned and administered by Agnitum, and only a single product using it in this month’s test. Brave SPAMfighter submitted its product as a 98MB installer, which required a handful of clicks and completed in 30 seconds. Updates were speedy too, with the whole set-up process complete in not much more than a minute on average.

The interface is bright and reasonably clear, offering some basic controls, and is generally easy to navigate. Stability under pressure remains something of an issue, with the GUI freezing up during large scans or heavy on-access work, but in normal use all seemed fine. Logging is capped at a fixed size, but thankfully it no longer floods log files with unnecessary data, making it fairly usable. Scanning speeds were a little slow, overheads a little high, with RAM use a little below average, CPU use a little above, and our set of tasks a little slower than we would hope.

Detection was slightly disappointing, and a little uneven, but not too bad. The clean sets were handled well, with just a couple of suspicious alerts, and the traditional, replicating part of the WildList was properly covered too. However, in the Extended list a fair number of items were missed, meaning there is no VB100 award for SPAMfighter this month. The vendor now stands at two passes and two fails in the last six tests; seven passes and two fails in the last two years, with things looking on the verge of returning to normal. A few GUI issues were noted under heavy stress, but the score still falls within the ‘Stable’ region.

ItW Std: 100.00%

ItW Std (o/a): 100.00%

ItW Extd: 86.58%

ItW Extd (o/a): 86.62%

False positives: 0

Stability: Stable

Total Defense Inc. Internet Security

Main version: 8.0.0.215

Update versions: 6055.0.0.0, 6063.0.0.0, 6073.0.0.0

It was something of a surprise to see only the consumer offering from Total Defense this month – traditionally this one appears in our desktop tests, with its corporate big brother showing up in all tests, but apparently the business edition wasn’t quite ready for Windows 8 in time for our test deadline. The home user variant is fairly familiar, remaining unchanged in the last year or two, and was provided this month as a 176MB installer. This installs with a single click, running through stages of initial scan, install and update, although on completion some three minutes or so later it seems to still require further updating. This occurs after an initial reboot, and following the update a second restart is then required. The initial scan also alerted on a couple of adware items, with little information provided, and a link in the scan results screen simply leads to an empty search results page on the company’s website.

The interface for the most part is clear and informative though, with configuration limited, but easy to access and operate. Logging is clear and seemed reliable. For the first run at least, scanning speeds were a little slow over binaries and archives, faster elsewhere, but in the warm runs all sets completed very quickly indeed. Overheads were a little high on access, with RAM use fairly high, but CPU use was low and our set of activities got through in good time. One of the scans of clean samples used for speed measures was interrupted by a surprise blue screen incident, which seemed hard to blame entirely on Total Defense but nevertheless adds to its stability score. We also noted several scans failing to complete properly, having reported large numbers of detections as they went along but ending with the bewildering statement that nothing at all had been found. Generally, re running the job proved more successful, but the issue could easily have misled a user into thinking they were safe when the reality was quite different.

Detection was not bad through the Response sets, with no RAP score as the product relies heavily on cloud detection technology. The WildList was well covered but in the clean sets a single item – an image file which came with software pre-installed on some of the popular ThinkPad laptop range – was alerted on as a trojan, apparently thanks to an erroneous cloud look-up result. Thus Total Defense cannot be granted a VB100 award this month, the history for the vendor’s consumer product showing two passes and one fail in the last six tests; four passes and two fails in the last two years. A few problems were noted including a blue screen, resulting in a stability rating at the lower end of ‘Fair’.

ItW Std: 100.00%

ItW Std (o/a): 100.00%

ItW Extd: 100.00%

ItW Extd (o/a): 100.00%

False positives: 1

Stability: Fair

TrustPort Antivirus 2013

Main version: 13.0.5.5084

Update versions: 13.0.6.5088, 13.0.7.5091

Another solution including the Bitdefender engine, this time in conjunction with AVG, TrustPort has been a consistently high performer in our tests for some time now, generally vying with a couple of other multi-engine solutions for the top right corner spot on our RAP charts. The installer provided was reasonably compact for a multi engine product, measuring only 216MB, and ran through in a fair few steps in around a minute. Part of the install process was a period of updating, but after the initial reboot that was requested at the end of the set-up, it was clear that things were not fully up to date and more downloads were needed, adding another minute or so on average to the total install time.

The interface is rather unusual, with components scattered among a selection of mini GUIs, but with a little practice it soon becomes fairly simple to navigate. Configuration is provided in reasonable depth, and stability was mostly decent, although one scan did freeze up entirely, refusing to show any results, and had to be re run. We also observed once again that clear options to extend the size of logs permitted were ignored, with logs being capped at a miserly 1MB, although details of on-demand scans were at least stored elsewhere in a reasonably usable XML format.

Scanning speeds were not bad, overheads a little on the heavy side, but showing good improvements in the warm runs and only really heavy with the scan settings set more thoroughly than the defaults. RAM and CPU use were both a little above average, but our set of tasks got through in excellent time.

Detection was of course superb – near flawless in the Response sets and very good even in the proactive part of the RAP test. The WildList was covered impeccably, and with no issues in the clean sets either TrustPort easily earns a VB100 award, putting it on three passes and two fails in the last six tests; seven passes and two fails from nine entries in the last two years. Stability showed a few little wobbles, but the score falls well within the ‘Stable’ category.

ItW Std: 100.00%

ItW Std (o/a): 100.00%

ItW Extd: 100.00%

ItW Extd (o/a): 100.00%

False positives: 0

Stability: Stable

ZeoBit PCKeeper

Main version: 2.0.103.8660

Update versions: 8.2.10.186/7.11.46.170, 8.2.10.192/7.11.49.18, 8.2.10.198/7.11.50.12, 8.2.10.202/7.11.50.126

We only have a couple of appearances from ZeoBit in our records – one very recent and one a couple of years back – but on both occasions we saw some highly impressive performances, with excellent scores thanks to the Avira engine underlying the anti-malware part of this fairly comprehensive suite.

When setting the product up on the deadline day we ran into a few problems as Windows 8 support was still being worked on, and an initial bug meant it refused to install the anti malware portion on a system which had another product (i.e. the built-in Windows Defender) in place. With this worked around, things moved on nicely, and we were later able to try out a more complete version of the installer, which proved pleasant and simple – a ‘one-click’ dialog with options to tweak settings and read EULAs for those who wanted them, followed by a brief slide show during the install itself. This included the slightly garbled and not strictly accurate boast that the anti-virus component has been ‘awarded with VB100 as [one of the] Top 10 solutions in the world’. The process completes in under a minute, after which the opening screen provides a simple wizard for a catch-all check-up of the system. We avoided this and went straight to the anti-malware component, which took a couple more minutes to open, claiming it was ‘gathering data’, but as far as we could tell it was actually installing and updating the Avira-based plug-in.

The interface is attractive – busy without seeming cluttered, and offering a range of security, privacy and optimization components, with the offer of human assistance always on hand. The anti-malware area offers a limited but reasonable set of controls, and seemed well laid out. Logging was a little odd, but usable with some fiddling. A few stability speed bumps were hit, including in a portion of the clean set which had been populated with a wide range of popular apps from the new Windows app store. Something in here was clearly causing problems, as scans repeatedly froze up and error messages reported problems with the ‘native shim’. Despite repeated attempts, removing items which appeared to be causing the issue, we were unable to get a complete scan of this part of the false positive set, so we cannot be entirely sure that there were no false alarms to report – although it seems improbable.

Elsewhere we managed to gather a complete set of results, and these showed the expected excellent scores in the RAP and Response sets. As far as we could tell given the issues, no false positives emerged in the clean sets, but in the WildList sets a handful of items were not detected, thanks to some problem in the scanner system which the developers managed to fix very speedily once we had reported it to them. This meant no VB100 award for ZeoBit this month, but overall a pretty strong showing, with some detection scores to be very proud of. The vendor’s scattered history now shows one pass and one fail from two entries in the last six tests, with only a single additional entry, a pass, a little over two years ago. Stability was far from perfect this month on the new version of Windows, with a number of issues noted, earning a rating just within the ‘Fair’ zone.

ItW Std: 99.62%

ItW Std (o/a): 99.62%

ItW Extd: 99.96%

ItW Extd (o/a): 99.96%

False positives: 0

Stability: Fair

Untested products

Given the newness of the platform, we were expecting some products to have trouble this month, and with our deadlines tight we resolved to strike products from the test as soon as it became apparent that severe problems were occurring. Several products were submitted but did not make it to the final line up; these included solutions from Coranti and Unthreat, both of which proved too unstable to provide useful results. We will, as always, be working with the developers to help diagnose and correct the issues we observed.

Results tables

(Click for a larger version of the table)

(Click for a larger version of the table)

(Click for a larger version of the table)

On-demand throughput graph part 1.

On-demand throughput graph part 2.

(Click for a larger version of the table)

File access lag time graph part 1.

File access lag time graph part 2.

(Click for a larger version of the table)

Performance measures graph part 1.

Performance measures graph part 2.

(Click for a larger version of the table)

(Click for a larger version of the table)

(Click for a larger version of the table)

(Click for a larger version of the chart)

Conclusions

Given how close the submission deadline for this comparative lay to the final release date of Windows 8, we were expecting to see some issues with compatibility. Despite new versions of major operating systems generally being available to developers months in advance of release, it seems inevitable that some products will be incompletely adjusted and tested well after the emergence of new platforms. This slow process of adjustment doubtless has a large impact on the slow adoption of new platforms by users. We were thus not surprised to see a few products not arriving on the deadline day, with the absence of some of the largest firms perhaps attributable more to a lack of confidence in their products than to a lack of official support for the new platform.

A handful of the products that were submitted proved too unstable for us to do much with, but those which did work were for the most part reasonably stable. Most had at least a few minor issues, but only a couple were seriously problematic, and even in those cases the issues mostly emerged under the sort of heavy stress that is unlikely to be encountered by real-world users. Hopefully the recent addition of our stability rating system has helped encourage developers to keep a close eye on the quality of their products (or at least, if they feel they are not up to scratch, to prevent them from participating in tests where their shortcomings will be highlighted).

In terms of certifications, this month’s pass/fail ratio was close to recent norms at two to one. Looking back over figures jotted down during the last five or six years’ worth of comparatives, the long-term average is a fraction over a 70% pass rate, so this month’s figures are not too far off. As usual, the most common reason for failing was false positives, but there were also a fair few issues with WildList samples this month, some caused by simple lack of detection and others down to other, internal product issues. With few complex file-infectors in the sets of late we’ve had fewer problems with the WildList sets, but perhaps the changes required to make products function on the new platform are part of the reason for the increase this time.

In general though, the standard was high this month, and many vendors can justly be proud of their products’ performances. Next up, in the new year, will be our annual excursion into the world of Linux, which despite the relatively small field of products available invariably throws up some interesting insights. After that we will return to familiar old Windows XP, for which we expect to see a far more complete field of products than this month. We will doubtless return to Windows 8 later in the year, by which time it will perhaps have started to make some penetration into the usage figures and developers will have been forced to pay it proper attention.

Technical details

Test environment. All products were tested on identical machines with AMD Phenom II X2 550 processors, 4GB RAM, dual 80GB and 1TB hard drives, running Microsoft Windows 8 Pro, 64-bit Edition. For the full testing methodology see http://www.virusbtn.com/vb100/about/methodology.xml.

Any developers interested in submitting products for VB's comparative reviews, or anyone with any comments or suggestions on the test methodology, should contact john.hawes@virusbtn.com. The current schedule for the publication of VB comparative reviews can be found at http://www.virusbtn.com/vb100/about/schedule.xml.

twitter.png
fb.png
linkedin.png
hackernews.png
reddit.png

 

Latest reviews:

VBWeb Comparative Review - Spring 2019

Most organizations use web security products to minimize the risk of malware making it onto the network - the VBWeb tests measure the performance of such web security products against a wide range of live web threats.

VB100 Certification Report - April 2019

The VB test team detail the performance of 34 anti-malware products from 31 different vendors tested during March and April 2019.

VBSpam Comparative Review - March 2019

All 11 full solutions participating in this test obtained a VBSpam award, and four of them performed well enough to earn a VBSpam+ award. However, it is important to look beyond the spam catch rates: block rates of malware and phishing emails, though…

VB100 Certification Report - February 2019

Users are right to expect anti-malware products to satisfy a minimum standard of blocking malicious executables that have recently been seen in the wild, while blocking few to no legitimate programs. This report details the performance of 30…

VBWeb Comparative Review - Winter 2019

In the Winter 2019 VBWeb report we detail the performance of two web security products against live web threats and look at the current state of the web-based threat landscape.

We have placed cookies on your device in order to improve the functionality of this site, as outlined in our cookies policy. However, you may delete and block all cookies from this site and your use of the site will be unaffected. By continuing to browse this site, you are agreeing to Virus Bulletin's use of data as outlined in our privacy policy.