Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Security
Guides - Privacy & Security Tips
Why there is no "best" Antivirus product
Message
<blockquote data-quote="Deleted member 21043" data-source="post: 372169"><p><span style="font-size: 12px">Hello everyone,</span></p><p><span style="font-size: 12px"></span></p><p><span style="font-size: 12px">I see more and more threads over time asking what the best Antivirus product is... So I made this thread to explain that there is not a "best" Antivirus product and why there isn't one.</span></p><p><span style="font-size: 12px"></span></p><p><span style="font-size: 12px">With the increase of malware spreading all the time (and not just "malicious software", but adware/PUPs are a lot more popular nowadays than they used to be in my opinion), it's impossible for any current security company to provide a product which can detect and block every threat out there. </span></p><p><span style="font-size: 12px"></span></p><p><span style="font-size: 12px">Each Antivirus product may have it's own strength, however an important note is that most Antiviruses have their own different and unique databases used in the product. I said "most" since some products use another Antivirus engine. Although, usually they would still have their own different database anyway. </span></p><p><span style="font-size: 12px"></span></p><p><span style="font-size: 12px">Antivirus vendors realized that the standard hash detection (MD5, SHA-1, SHA-256) was not going to be enough years ago, so they moved to developing new features for protection such as HIPS/BB. They also started implementing "heuristic" analysis (this could be both static and analysis. For example, the heuristics could have static analysis for detection based on the bytes in the executable, however it may then have dynamic analysis detection based on the API calls the process will make once it's executing).</span></p><p><span style="font-size: 12px"></span></p><p><span style="font-size: 12px">Static analysis detection = <strong>detection <u>without</u> executing the executable.</strong></span></p><p><span style="font-size: 12px">Dynamic analysis detection = <strong>detection in real-time for when the executable <u>is</u> executing.</strong></span></p><p><span style="font-size: 12px"></span></p><p><span style="font-size: 12px">No HIPS/Behaviour Blocker can block every threat. The only way it can would be by blocking everything, including legitimate applications.</span></p><p></p><p><span style="font-size: 12px">The closest I can see any company reaching the "best" protection would be to adapt to whitelisting over blacklisting. Although, this alone has flaws. The first issue with it, is what about new software? I can't even imagine how crazy everyone would be if they had to wait weeks for their software to be whitelisted by a company. Secondly, whitelisting would be a pain in the end because it will block legitimate applications which are not whitelisted. It would also cause a lot more hassle for the user.</span></p><p><span style="font-size: 12px"></span></p><p><span style="font-size: 12px">On top of the whitelisting idea (companies have actually already started to try this, and it does work well to an extent), what if a malware writer managed to outsmart all the staff at a specific security company who are managing the whitelisting? What if they managed to fool and succeeded, and had programmed their malicious software so well that it tricks all the staff and becomes whitelisted? Don't get me wrong, staff at security companies are very smart, however it's always a possibility. </span></p><p><span style="font-size: 12px"></span></p><p><span style="font-size: 12px">The only way to have a "best" antivirus would be for all the antivirus vendors except one to stop their companies and drop all their products. This would leave 1 antivirus product - ending the competition. Since there is then only one antivirus product available, then it is surely the best right? Of course it still won't have 100%, but it would be the best since it would be the only one available. I am afraid to say I don't think this will ever happen. </span></p><p><span style="font-size: 12px"></span></p><p><span style="font-size: 12px">Of course there are cases when another antivirus product is shown to be more effective than another. I am not trying to say every product is the same. For example, I would happily agree that Emsisoft is far more effective at preventing malware infections than ClamAV. Nonetheless, even with another product "seeming" better than another, there is still no "best" antivirus.</span></p><p><span style="font-size: 12px"></span></p><p><span style="font-size: 12px">You'll notice some vendors put something like "99.9% detection rate" on their websites. This is advertising to try to get new customers - I don't personally agree with that kind of advertising because I think it's misleading and unfair to the average customer who is not so aware of the real situation... </span></p><p><span style="font-size: 12px"></span></p><p><span style="font-size: 12px">There are also companies like VirusBulletin, AV-Comparatives who perform tests on different antivirus products. Just because one product scored top in their tests won't make it the "best". Most of us are aware that Bitdefender has won awards from AV-Comparatives and won in the past, but I am sure there are many users on this forum who are willing to disagree that Bitdefender is better compared to a product like ESET or Emsisoft. It's user opinion based. Due to the amount of samples out there and being released everyday, it is impossible for any testing companies to tell you which vendor really has the "best" detection. Some have a good detection with certain samples, some don't. Some companies work extremely well some weeks/months, some don't. It's just how things work.</span></p><p><span style="font-size: 12px"></span></p><p><span style="font-size: 12px">When you see a thread asking what the best Antivirus is, the comments people put down regarding different antivirus products are their opinion. It's more of what their "favourite" Antivirus is, as opposed to what the best antivirus is. </span></p><p><span style="font-size: 12px"></span></p><p><span style="font-size: 12px">If anything, the best antivirus available out there is yourself. Don't always be click-happy. Do your research before you run an application (especially if you are going to grant it Administrative priveleges). Try running a new program in an virtualized environment before your real system. Keep a backup of all your personal documents in case of execution of malicious software which may harm/damage your files. </span></p><p><span style="font-size: 12px"></span></p><p><span style="font-size: 12px">I recommend if anyone reading this is looking for a "best" antivirus, you start using the free trials the products usually provide for testing purposes, and then if you like the product enough, purchase it and use it. Only you can decide upon which product you want and should use. </span></p><p><span style="font-size: 12px"></span></p><p><span style="font-size: 12px">The safest way to stay free from infection would be to lockup your system and never use it again. Originally I was going to say to never connect to the internet... But you could then always be infected via removal storage media. Point being, if you are using a computer at all then the risk is always there, and when you use it whilst connected to the internet then the risk is increased due to the content out there and the hackers waiting for their next victim.</span></p><p><span style="font-size: 12px"></span></p><p><span style="font-size: 12px">Cheers. <img src="data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7" class="smilie smilie--sprite smilie--sprite110" alt=";)" title="Wink ;)" loading="lazy" data-shortname=";)" /></span></p></blockquote><p></p>
[QUOTE="Deleted member 21043, post: 372169"] [SIZE=3]Hello everyone, I see more and more threads over time asking what the best Antivirus product is... So I made this thread to explain that there is not a "best" Antivirus product and why there isn't one. With the increase of malware spreading all the time (and not just "malicious software", but adware/PUPs are a lot more popular nowadays than they used to be in my opinion), it's impossible for any current security company to provide a product which can detect and block every threat out there. Each Antivirus product may have it's own strength, however an important note is that most Antiviruses have their own different and unique databases used in the product. I said "most" since some products use another Antivirus engine. Although, usually they would still have their own different database anyway. Antivirus vendors realized that the standard hash detection (MD5, SHA-1, SHA-256) was not going to be enough years ago, so they moved to developing new features for protection such as HIPS/BB. They also started implementing "heuristic" analysis (this could be both static and analysis. For example, the heuristics could have static analysis for detection based on the bytes in the executable, however it may then have dynamic analysis detection based on the API calls the process will make once it's executing). Static analysis detection = [B]detection [U]without[/U] executing the executable.[/B] Dynamic analysis detection = [B]detection in real-time for when the executable [U]is[/U] executing.[/B] No HIPS/Behaviour Blocker can block every threat. The only way it can would be by blocking everything, including legitimate applications.[/SIZE] [SIZE=3]The closest I can see any company reaching the "best" protection would be to adapt to whitelisting over blacklisting. Although, this alone has flaws. The first issue with it, is what about new software? I can't even imagine how crazy everyone would be if they had to wait weeks for their software to be whitelisted by a company. Secondly, whitelisting would be a pain in the end because it will block legitimate applications which are not whitelisted. It would also cause a lot more hassle for the user. On top of the whitelisting idea (companies have actually already started to try this, and it does work well to an extent), what if a malware writer managed to outsmart all the staff at a specific security company who are managing the whitelisting? What if they managed to fool and succeeded, and had programmed their malicious software so well that it tricks all the staff and becomes whitelisted? Don't get me wrong, staff at security companies are very smart, however it's always a possibility. The only way to have a "best" antivirus would be for all the antivirus vendors except one to stop their companies and drop all their products. This would leave 1 antivirus product - ending the competition. Since there is then only one antivirus product available, then it is surely the best right? Of course it still won't have 100%, but it would be the best since it would be the only one available. I am afraid to say I don't think this will ever happen. Of course there are cases when another antivirus product is shown to be more effective than another. I am not trying to say every product is the same. For example, I would happily agree that Emsisoft is far more effective at preventing malware infections than ClamAV. Nonetheless, even with another product "seeming" better than another, there is still no "best" antivirus. You'll notice some vendors put something like "99.9% detection rate" on their websites. This is advertising to try to get new customers - I don't personally agree with that kind of advertising because I think it's misleading and unfair to the average customer who is not so aware of the real situation... There are also companies like VirusBulletin, AV-Comparatives who perform tests on different antivirus products. Just because one product scored top in their tests won't make it the "best". Most of us are aware that Bitdefender has won awards from AV-Comparatives and won in the past, but I am sure there are many users on this forum who are willing to disagree that Bitdefender is better compared to a product like ESET or Emsisoft. It's user opinion based. Due to the amount of samples out there and being released everyday, it is impossible for any testing companies to tell you which vendor really has the "best" detection. Some have a good detection with certain samples, some don't. Some companies work extremely well some weeks/months, some don't. It's just how things work. When you see a thread asking what the best Antivirus is, the comments people put down regarding different antivirus products are their opinion. It's more of what their "favourite" Antivirus is, as opposed to what the best antivirus is. If anything, the best antivirus available out there is yourself. Don't always be click-happy. Do your research before you run an application (especially if you are going to grant it Administrative priveleges). Try running a new program in an virtualized environment before your real system. Keep a backup of all your personal documents in case of execution of malicious software which may harm/damage your files. I recommend if anyone reading this is looking for a "best" antivirus, you start using the free trials the products usually provide for testing purposes, and then if you like the product enough, purchase it and use it. Only you can decide upon which product you want and should use. The safest way to stay free from infection would be to lockup your system and never use it again. Originally I was going to say to never connect to the internet... But you could then always be infected via removal storage media. Point being, if you are using a computer at all then the risk is always there, and when you use it whilst connected to the internet then the risk is increased due to the content out there and the hackers waiting for their next victim. Cheers. ;)[/SIZE] [/QUOTE]
Insert quotes…
Verification
Post reply
Top