Which Antivirus has the best signatures?

In your opinion, who has the best signatures?

  • Avira

    Votes: 13 7.6%
  • Sophos

    Votes: 1 0.6%
  • Kaspersky

    Votes: 77 44.8%
  • BitDefender

    Votes: 19 11.0%
  • ESET

    Votes: 26 15.1%
  • Emsisoft

    Votes: 17 9.9%
  • Avast

    Votes: 7 4.1%
  • Reason Core

    Votes: 1 0.6%
  • Other (Specify)

    Votes: 11 6.4%

  • Total voters
    172
D

Deleted member 178

Small explanation about Emsisoft Anti-malware signature dual-engines mechanism (Bit Defender + proprietary/homemade) :

We continuously check which threats are already detected by Bitdefender and disable all signatures in our own engine that were created to detect the same threats. As a result you of course will see 99% "(B)" detections when scanning large malware archives. That is because we focus on the tiny delta on top of Bitdefender (which does a quite good job).
Our own signatures mostly focus on brand new malwares and PUPs. Hours later Bitdefender then usually publishes the same signatures so we can disable ours again.

Also our Anti-Malware Network (Cloud) will complement our engines and the Web Filter will prevent you to access malicious websites.
 
Last edited by a moderator:

Faybert

Level 24
Verified
Top Poster
Well-known
Jan 8, 2017
1,320
I think it's Avira, it's one of the oldest AVs on the market, its base has been gigantic. I do not understand why Emsisoft is there, since it uses third-party (Bitdefender) and its own is weak, because it has no more clients and market time from Avira, Avast, Kaspersky, Eset.
 

Evjl's Rain

Level 47
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Apr 18, 2016
3,684
to be fair, according to so many tests (only static results) I have seen in MT hub, the 2 AVs which have the best signatures are: kaspersky and ESET. The time of testing is considered
I have to say, emsisoft and bitdefender no longer have the best detection rates, in fact, far from kaspersky and ESET
avira without cloud has lower detection rate than kaspersky and ESET, no joking
kaspersky has better signatures for malwares but ESET has much much better PUP detection rate
 
D

Deleted Member 3a5v73x

Also Fortinet and Ikarus are very high on my list looking at pure signatures
Ikarus is indeed worth mentioning, I have seen many times in VirusTotal that it is one of the first engines to pick up new malware. I can not speak for Fortinet as I have no experience with it.

Emsisoft also used to have Ikarus engine before switching to Bitdefender's in 2012 year.
 
D

Deleted member 178

Emsisoft also used to have Ikarus engine before switching to Bitdefender's in 2012 year..
Yep, we used it but despite its high detection rate (rivaling with Kaspersky or Avira at that time), it gave way too much false positives. We decided to replace it by BD because we want our users not to be annoyed and worried about such issues.

I have to say, if classic detection by signature was so amazing, we won't see all vendors adding Behavior Blockers, HIPS or sandboxes and now machine learning to their products.
Emsisoft was among the first to introduced IDS (Intrusion Detection System) into A-Square AM (EAM's predecessor ) in 2005, then followed by the creation of a standalone BB called Mamutu in 2007 which will be associated to the first dual-engine anti-malware (EAM) a year later .
Detection is important but prevention is better. :)
 
Last edited by a moderator:

Bleak

Level 4
Well-known
Sep 5, 2017
149
I have to say, if classic detection by signature was so amazing, we won't see all vendors adding Behavior Blockers, HIPS or sandboxes and now machine learning to their products.
Emsisoft was among the first to introduced IDS (Intrusion Detection System) into A-Square AM (EAM's predecessor ) in 2005, then followed by the creation of a standalone BB called Mamutu in 2007 which will be associated to the first dual-engine anti-malware (EAM) a year later .
Detection is important but prevention is better. :)

None is really amazing, even BB and others. It's just there to make life difficult for hackers/malware developers, as they will have to bypass not only 1 module but other 3-4 modules. Which is still achievable. I've seen some legit programs that are packed by 6 different packers and yet got broken.

I'll have to disagree with the statement "Detection is important but prevention is better.", Prevention alone does sometimes work, but it has a major drawbacks for some reasons, first it won't stop social engineering or a targeted attack, it also fails to address anything that goes beyond it, and this is where most attacks begin, prevention will not also stop most network attacks, as what has been happening lately with the different ransomeware, for example the WannaCry's used exploit was already known before the attack has taken place, still, many companies and organization got infected by it.
IMO, one can't just depend only "prevention" or stuff like "anti-exe", prevention alone as said is never enough alone, a balance of both detection and prevention is the ideal way, while still both will usually disappoint if you're being highly targeted, which in any case you're just doomed.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top