List of apps to compare
Kaspersky, Symantec, McAfee, G-Data, Sophos, Bitdefender, Emsisoft, Dr. Web, Panda, Cylance
What I am most interested about
Exclusive Features & Functionality

notabot

Level 12
In any case the main question is more about AV vendors taking seriously the security of their own products, I don’t agree with security by obscurity but folks are entitled to their views and I’d rather keep the focus on what steps the vendors are taking for the security of their own products.
 

Durew

Level 1
I have no solid answers as to what AV is the least vulnerable but this does remind me of the following web page (a bit old):
Code:
https://www.av-test.org/en/news/self-protection-for-antivirus-software/
I addition I read somewhere that the more complex an AV is the more likely it is to be exploitable. From this point of view a simple static signature scanner (clamAV?) is the least exploitable option. Least exploitable thus seems in contrast to most effective. Yet another trade off I guess.
Another read you may like:
Code:
https://www.blackhat.com/presentations/bh-europe-08/Feng-Xue/Whitepaper/bh-eu-08-xue-WP.pdf
It may help in your quest to find the least exploitable AV solution.
As a closing note the often given advice to not use an administrator account by default. With fewer rights it should be a lot harder to exploit anything.

I hope this helps.

Regards,
Durew
 

Slyguy

Level 42
Verified
I addition I read somewhere that the more complex an AV is the more likely it is to be exploitable. From this point of view a simple static signature scanner (clamAV?) is the least exploitable option. Least exploitable thus seems in contrast to most effective. Yet another trade off I guess.
The more complex ANYTHING is the more vulnerable/exploitable it is going to be in any industry really. There is something divine about simplistic yet functional creations of all types. German tanks in WWII were incredibly effective 'when' they worked, but incredibly complex and almost always broken in some way. Boxer engines are more complex and hence, generally they are more unreliable.

Some AV's always appear like a mish-mash of different things thrown in resulting in a complex and likely more vulnerable final product, and without a doubt more bloat. The simplicity and elegance isn't there with most products and I feel that's one area in which the industry fails. This is actually why I appreciate the simplicity of some solutions, like Cylance while I detest the increasing convoluted nature of other suites.

I recently reconstructed the entire network infrastructure of my home. A big part of that was simplifying it and making it more elegant. Running shielded 550Mhz Cat6 direct to each device off a central conduit. Moving many wireless devices to wired. Removing multiple switches from the home. This was done precisely to eliminate potential vulnerabilities and failures within the network.

Simplistic elegance is what's missing from the AV industry and nobody seems willing to step up and address that - apparently. I actually miss Nod32 for this reason. Anyone remember the old Nod32 with the tiny modular interface and no bloat?
 
D

Deleted member 178

When people ask me what AVs they should use, I always recommend only those two. Average joe doesn't care of uber-settings or this or that awesome modules, they just want efficient set & forget type of AVs.
 

notabot

Level 12
I’ve never used Emsisoft so I can’t have a view. As comparing the list of emsisoft cves to a more widely used AV is pointless:

Architecture wise, why is it less vulnerable, do they eg have a good track record of keeping kernel level code to the minimum possible, following Microsoft’s guidelines, high code quality etc ?