- Dec 28, 2011
- 523
A real-world report on antivirus use
By Robert Vamosi
The top two antivirus products in use worldwide might surprise you.
Then again, they might not. Free products now dominate the AV market.
(Sorry for the long Post)
— a snapshot of AV use
OPSWAT, a computer-services company, recently released its quarterly antivirus-software market-share report, which — among other things — shows the current adoption rate for various AV products, both free and paid. In addition to information services, the company offers several free, personal-use applications, including a malware scanner, an application remover, and a Web-browsing anonymizer. The company claims a world-wide clientele.
To produce the report, OPSWAT analyzed data sent to it by its AppRemover software (more info) — a utility having one function: to completely remove an installed security app so you can cleanly install another one. (According to OPSWAT, AppRemover is widely installed on PC systems. If users opted in, the software compiled a list of apps installed on a system.) OPSWAT states that it collected over 120,000 data points between May 16, 2011, and May 15, 2012. The report compares market-share changes between two six-month periods, and it summarizes AV usage both worldwide and in North America.
The report is biased toward those who downloaded AppRemover and also selected that they wanted their data shared — admittedly a small group. Nevertheless, I think it's a valid sampling of AV products in use today.
What's more interesting is comparing OPSWAT's conclusions with test results from two leading, independent AV-testing labs — AV-Test and AV-Comparatives. That analysis suggests that the most popular anti-malware app isn't necessarily the most effective and that free almost always trumps paid.
And the AV market-share winner is …
As of May 2012, Avast Free Antiirus was the leading AV product worldwide, with a market share of 13.5 percent, according to OPSWAT. Microsoft Security Essentials (MSE) followed closely with 13 percent. Market share then dropped to 8.3 percent for ESET NOD32 Antivirus, 7.5 percent for Avira Free Antivirus, and 6.8 percent for AVG Anti-Virus Free Edition.
Notice the common thread within this group? Four of the five most-used antivirus products are free.
Surprisingly, the big names in AV have relatively small slices of the market. Norton AntiVirus came in at 4.3 percent, followed closely by McAfee VirusScan at 4.1 percent. Kaspersky Internet Security was 3.6 percent, AVG Anti-Virus 3.3 percent, and Norton Internet Security a paltry 2.8 percent. All five are paid products.
Microsoft Security Essentials is on the rise
Between November 2011 and May 2012, MSE had a leading market-share gain of 2.3 percent. Over the same period, Norton AntiVirus and Avira Free Antivirus each lost 1.5 percent. Notwithstanding the fact that Avira's free product lost as much market share as the paid Norton Internet Security gained (1.5 percent), the numbers suggest that AV users are moving to the free products.
North American AV use: With a 21.3 percent share, Microsoft Security Essentials dominated the North American market — nearly triple that of its nearest competitors (Avast Free Antivirus with 8.2 percent and AVG Free Antivirus at 7.7 percent). Norton AntiVirus squeaks into the top five with 6 percent. (According to the report, CA's Total Defense AV beat Norton AV with a 6.3 percent share — something I seriously question because CA has ceased to be a major antivirus contender. It's used mostly in enterprise applications.)
MSE gained 6.6 percent over the last six months of the study, followed by CA's Total Defense AV at 4.6 percent (again, questionable). The losers were AVG Anti-Virus Free Edition with a 2.1 percent drop, Norton AntiVirus down 1.9 percent, and Avast Free Antivirus losing 1.5 percent. With those results, there's no clear trend in free-versus-paid AV use in North America.
Comparative AV results — a different story
Avast and MSE might be the top two AV applications in terms of use, but how good are they at stopping malware? Comparative AV-performance numbers come from three independent labs: AV-Comparatives, AV-Test, and Virus Bulletin. Each uses slightly different testing methods, but for the most part they (along with the rest of the AV industry) have come to agree upon some common criteria. That said, results from the three labs can be difficult to compare because they use different scoring systems and they test on different schedules.
AV-Comparatives performs two sets of tests run several months apart. The first set measures an AV app's on-demand capabilities — how well it finds known viruses. AV-Comparatives then suspends the product for a few months (i.e., prevents it from receiving virus-signature updates) and then exposes it to new viruses. That measures its ability to detect virus-like behavior (heuristics) and block new threats that arise between virus-signature updates.
Based on AV-Comparatives' April 2012 report (PDF), Avast Free Antivirus scored fairly high, with 98 percent detection. (It was mid-pack for the 15 AV products listed, which means most well-known AV products do a good job of detection.) But Avast also had a relatively high false-positive indicator of 14 (the number of false alarms it generated during the tests).
Microsoft Security Essentials came in at the bottom of the list with a detection score of 93.1 percent but also had no false positives (the only application to do so).
Neither Avast nor MSE did well in detecting new viruses, according to a November 2011 AV-Comparatives report (PDF). MSE's detection rate was 48.7 percent, followed closely by Avast with 46.1 percent. (To put that into perspective, the average score for the 12 products listed was 56.7 percent, with Qihoo earning the top score of 67.6 percent.)
Not too surprisingly, paid products such as ESET NOD32 and Kaspersky scored significantly higher in both sets of tests. However, if you look at the two reports, note that McAfee was tested only for on-demand scanning; Avira Free Antivirus, AVG Anti-Virus Free Edition, Norton AntiVirus, Norton Internet Security, and ESET Smart Security were either not tested or had different versions in the two tests.
Similar results reported by AV-TEST
In AV-TEST's March/April report, MSE 2.1 turned in similar results. Its detection rate of relatively new viruses was 97 percent (against an industry average of 98 percent). Its protection against zero-day attacks was 84 percent (versus an average of 91 percent).
(These scores are abstractions of a larger set of data points typically not revealed to the public nor to publications, though they are made available to companies willing to purchase more detailed reports.)
In a third test — repair — MSE did well, earning above-average scores for removing active components of common viruses and cleaning up critical system files (as you might well expect). MSE also earned a high score for usability — a sort of beauty contest for AV products.
By comparison, Avast Free Antivirus scored 98 percent (one point better than MSE) for new-virus detection and 90 percent (six points better than MSE) for zero-day protection.
On the other hand, Avast was average or below average in the Usability and Repair categories (it left traces of the malware behind).
AV-Test reported top results for Norton Internet Security and Kaspersky. Norton received a perfect score for detection and protection. On the other hand, it was relatively poor at removing the bits and pieces of viruses and at repairing system components.
Kaspersky was nearly perfect at detection and perfect in repairing systems. It also rivaled MSE for usability. AVG Free Antivirus earned average or above-average scores in all but two categories — it was relatively poor at repairing systems and earned 4 out of 12 in usability.
ESET NOD32 Antivirus, Avira Free Antivirus, Norton AntiVirus, McAfee VirusScan, and AVG Antivirus either weren't tested or were tested with a different release than the one listed in the OPSWAT report.
Earning the Virus Bulletin VB100 award
Comparing the OPSWAT report to the most recent (December 2011) Virus Bulletin tests produces a slightly different list of winners and losers. MSE, ESET NOD32 Antivirus, Avira Free Antivirus, and Kaspersky Internet Security all earned the coveted VB100 certification (more info).
However, Avast Free Antivirus and Norton Internet Security both failed certification by missing some viruses. (As with the other testing sites, only limited summaries of the tests are provided free, online.) AVG Anti-Virus Free Edition, Norton AntiVirus, AVG Antivirus, and ESET Smart Security either weren't tested or were tested with different versions than the one reported by OPSWAT.
And the rest of the antivirus contenders?
One must conclude that products such as Trend Micro, F-Secure, Sophos, and other top-ranked antivirus products fall within the OPSWAT catch-all "other" category, which accounts for 30.1 percent of the global market and 28.6 percent of the North American market. Then again, the top-three free AV products amount to 35 percent of the global market and 37 percent of the North American market.
Keep in mind that the OPSWAT rankings represent only a thin slice of the PCs online today, and they're based on PC users who downloaded the company's AppRemover product. Nevertheless, OPSWAT's report is refreshing because it comes from real-world software-deployment data — not sales numbers, which don't include free AV products.
People tend to get defensive of their choice of antivirus product, so while the report probably won't change anyone's mind, it's food for thought.
By Robert Vamosi
The top two antivirus products in use worldwide might surprise you.
Then again, they might not. Free products now dominate the AV market.
(Sorry for the long Post)
— a snapshot of AV use
OPSWAT, a computer-services company, recently released its quarterly antivirus-software market-share report, which — among other things — shows the current adoption rate for various AV products, both free and paid. In addition to information services, the company offers several free, personal-use applications, including a malware scanner, an application remover, and a Web-browsing anonymizer. The company claims a world-wide clientele.
To produce the report, OPSWAT analyzed data sent to it by its AppRemover software (more info) — a utility having one function: to completely remove an installed security app so you can cleanly install another one. (According to OPSWAT, AppRemover is widely installed on PC systems. If users opted in, the software compiled a list of apps installed on a system.) OPSWAT states that it collected over 120,000 data points between May 16, 2011, and May 15, 2012. The report compares market-share changes between two six-month periods, and it summarizes AV usage both worldwide and in North America.
The report is biased toward those who downloaded AppRemover and also selected that they wanted their data shared — admittedly a small group. Nevertheless, I think it's a valid sampling of AV products in use today.
What's more interesting is comparing OPSWAT's conclusions with test results from two leading, independent AV-testing labs — AV-Test and AV-Comparatives. That analysis suggests that the most popular anti-malware app isn't necessarily the most effective and that free almost always trumps paid.
And the AV market-share winner is …
As of May 2012, Avast Free Antiirus was the leading AV product worldwide, with a market share of 13.5 percent, according to OPSWAT. Microsoft Security Essentials (MSE) followed closely with 13 percent. Market share then dropped to 8.3 percent for ESET NOD32 Antivirus, 7.5 percent for Avira Free Antivirus, and 6.8 percent for AVG Anti-Virus Free Edition.
Notice the common thread within this group? Four of the five most-used antivirus products are free.
Surprisingly, the big names in AV have relatively small slices of the market. Norton AntiVirus came in at 4.3 percent, followed closely by McAfee VirusScan at 4.1 percent. Kaspersky Internet Security was 3.6 percent, AVG Anti-Virus 3.3 percent, and Norton Internet Security a paltry 2.8 percent. All five are paid products.
Microsoft Security Essentials is on the rise
Between November 2011 and May 2012, MSE had a leading market-share gain of 2.3 percent. Over the same period, Norton AntiVirus and Avira Free Antivirus each lost 1.5 percent. Notwithstanding the fact that Avira's free product lost as much market share as the paid Norton Internet Security gained (1.5 percent), the numbers suggest that AV users are moving to the free products.
North American AV use: With a 21.3 percent share, Microsoft Security Essentials dominated the North American market — nearly triple that of its nearest competitors (Avast Free Antivirus with 8.2 percent and AVG Free Antivirus at 7.7 percent). Norton AntiVirus squeaks into the top five with 6 percent. (According to the report, CA's Total Defense AV beat Norton AV with a 6.3 percent share — something I seriously question because CA has ceased to be a major antivirus contender. It's used mostly in enterprise applications.)
MSE gained 6.6 percent over the last six months of the study, followed by CA's Total Defense AV at 4.6 percent (again, questionable). The losers were AVG Anti-Virus Free Edition with a 2.1 percent drop, Norton AntiVirus down 1.9 percent, and Avast Free Antivirus losing 1.5 percent. With those results, there's no clear trend in free-versus-paid AV use in North America.
Comparative AV results — a different story
Avast and MSE might be the top two AV applications in terms of use, but how good are they at stopping malware? Comparative AV-performance numbers come from three independent labs: AV-Comparatives, AV-Test, and Virus Bulletin. Each uses slightly different testing methods, but for the most part they (along with the rest of the AV industry) have come to agree upon some common criteria. That said, results from the three labs can be difficult to compare because they use different scoring systems and they test on different schedules.
AV-Comparatives performs two sets of tests run several months apart. The first set measures an AV app's on-demand capabilities — how well it finds known viruses. AV-Comparatives then suspends the product for a few months (i.e., prevents it from receiving virus-signature updates) and then exposes it to new viruses. That measures its ability to detect virus-like behavior (heuristics) and block new threats that arise between virus-signature updates.
Based on AV-Comparatives' April 2012 report (PDF), Avast Free Antivirus scored fairly high, with 98 percent detection. (It was mid-pack for the 15 AV products listed, which means most well-known AV products do a good job of detection.) But Avast also had a relatively high false-positive indicator of 14 (the number of false alarms it generated during the tests).
Microsoft Security Essentials came in at the bottom of the list with a detection score of 93.1 percent but also had no false positives (the only application to do so).
Neither Avast nor MSE did well in detecting new viruses, according to a November 2011 AV-Comparatives report (PDF). MSE's detection rate was 48.7 percent, followed closely by Avast with 46.1 percent. (To put that into perspective, the average score for the 12 products listed was 56.7 percent, with Qihoo earning the top score of 67.6 percent.)
Not too surprisingly, paid products such as ESET NOD32 and Kaspersky scored significantly higher in both sets of tests. However, if you look at the two reports, note that McAfee was tested only for on-demand scanning; Avira Free Antivirus, AVG Anti-Virus Free Edition, Norton AntiVirus, Norton Internet Security, and ESET Smart Security were either not tested or had different versions in the two tests.
Similar results reported by AV-TEST
In AV-TEST's March/April report, MSE 2.1 turned in similar results. Its detection rate of relatively new viruses was 97 percent (against an industry average of 98 percent). Its protection against zero-day attacks was 84 percent (versus an average of 91 percent).
(These scores are abstractions of a larger set of data points typically not revealed to the public nor to publications, though they are made available to companies willing to purchase more detailed reports.)
In a third test — repair — MSE did well, earning above-average scores for removing active components of common viruses and cleaning up critical system files (as you might well expect). MSE also earned a high score for usability — a sort of beauty contest for AV products.
By comparison, Avast Free Antivirus scored 98 percent (one point better than MSE) for new-virus detection and 90 percent (six points better than MSE) for zero-day protection.
On the other hand, Avast was average or below average in the Usability and Repair categories (it left traces of the malware behind).
AV-Test reported top results for Norton Internet Security and Kaspersky. Norton received a perfect score for detection and protection. On the other hand, it was relatively poor at removing the bits and pieces of viruses and at repairing system components.
Kaspersky was nearly perfect at detection and perfect in repairing systems. It also rivaled MSE for usability. AVG Free Antivirus earned average or above-average scores in all but two categories — it was relatively poor at repairing systems and earned 4 out of 12 in usability.
ESET NOD32 Antivirus, Avira Free Antivirus, Norton AntiVirus, McAfee VirusScan, and AVG Antivirus either weren't tested or were tested with a different release than the one listed in the OPSWAT report.
Earning the Virus Bulletin VB100 award
Comparing the OPSWAT report to the most recent (December 2011) Virus Bulletin tests produces a slightly different list of winners and losers. MSE, ESET NOD32 Antivirus, Avira Free Antivirus, and Kaspersky Internet Security all earned the coveted VB100 certification (more info).
However, Avast Free Antivirus and Norton Internet Security both failed certification by missing some viruses. (As with the other testing sites, only limited summaries of the tests are provided free, online.) AVG Anti-Virus Free Edition, Norton AntiVirus, AVG Antivirus, and ESET Smart Security either weren't tested or were tested with different versions than the one reported by OPSWAT.
And the rest of the antivirus contenders?
One must conclude that products such as Trend Micro, F-Secure, Sophos, and other top-ranked antivirus products fall within the OPSWAT catch-all "other" category, which accounts for 30.1 percent of the global market and 28.6 percent of the North American market. Then again, the top-three free AV products amount to 35 percent of the global market and 37 percent of the North American market.
Keep in mind that the OPSWAT rankings represent only a thin slice of the PCs online today, and they're based on PC users who downloaded the company's AppRemover product. Nevertheless, OPSWAT's report is refreshing because it comes from real-world software-deployment data — not sales numbers, which don't include free AV products.
People tend to get defensive of their choice of antivirus product, so while the report probably won't change anyone's mind, it's food for thought.
