Hello everyone,
I see more and more threads over time asking what the best Antivirus product is... So I made this thread to explain that there is not a "best" Antivirus product and why there isn't one.
With the increase of malware spreading all the time (and not just "malicious software", but adware/PUPs are a lot more popular nowadays than they used to be in my opinion), it's impossible for any current security company to provide a product which can detect and block every threat out there.
Each Antivirus product may have it's own strength, however an important note is that most Antiviruses have their own different and unique databases used in the product. I said "most" since some products use another Antivirus engine. Although, usually they would still have their own different database anyway.
Antivirus vendors realized that the standard hash detection (MD5, SHA-1, SHA-256) was not going to be enough years ago, so they moved to developing new features for protection such as HIPS/BB. They also started implementing "heuristic" analysis (this could be both static and analysis. For example, the heuristics could have static analysis for detection based on the bytes in the executable, however it may then have dynamic analysis detection based on the API calls the process will make once it's executing).
Static analysis detection = detection without executing the executable.
Dynamic analysis detection = detection in real-time for when the executable is executing.
No HIPS/Behaviour Blocker can block every threat. The only way it can would be by blocking everything, including legitimate applications.
The closest I can see any company reaching the "best" protection would be to adapt to whitelisting over blacklisting. Although, this alone has flaws. The first issue with it, is what about new software? I can't even imagine how crazy everyone would be if they had to wait weeks for their software to be whitelisted by a company. Secondly, whitelisting would be a pain in the end because it will block legitimate applications which are not whitelisted. It would also cause a lot more hassle for the user.
On top of the whitelisting idea (companies have actually already started to try this, and it does work well to an extent), what if a malware writer managed to outsmart all the staff at a specific security company who are managing the whitelisting? What if they managed to fool and succeeded, and had programmed their malicious software so well that it tricks all the staff and becomes whitelisted? Don't get me wrong, staff at security companies are very smart, however it's always a possibility.
The only way to have a "best" antivirus would be for all the antivirus vendors except one to stop their companies and drop all their products. This would leave 1 antivirus product - ending the competition. Since there is then only one antivirus product available, then it is surely the best right? Of course it still won't have 100%, but it would be the best since it would be the only one available. I am afraid to say I don't think this will ever happen.
Of course there are cases when another antivirus product is shown to be more effective than another. I am not trying to say every product is the same. For example, I would happily agree that Emsisoft is far more effective at preventing malware infections than ClamAV. Nonetheless, even with another product "seeming" better than another, there is still no "best" antivirus.
You'll notice some vendors put something like "99.9% detection rate" on their websites. This is advertising to try to get new customers - I don't personally agree with that kind of advertising because I think it's misleading and unfair to the average customer who is not so aware of the real situation...
There are also companies like VirusBulletin, AV-Comparatives who perform tests on different antivirus products. Just because one product scored top in their tests won't make it the "best". Most of us are aware that Bitdefender has won awards from AV-Comparatives and won in the past, but I am sure there are many users on this forum who are willing to disagree that Bitdefender is better compared to a product like ESET or Emsisoft. It's user opinion based. Due to the amount of samples out there and being released everyday, it is impossible for any testing companies to tell you which vendor really has the "best" detection. Some have a good detection with certain samples, some don't. Some companies work extremely well some weeks/months, some don't. It's just how things work.
When you see a thread asking what the best Antivirus is, the comments people put down regarding different antivirus products are their opinion. It's more of what their "favourite" Antivirus is, as opposed to what the best antivirus is.
If anything, the best antivirus available out there is yourself. Don't always be click-happy. Do your research before you run an application (especially if you are going to grant it Administrative priveleges). Try running a new program in an virtualized environment before your real system. Keep a backup of all your personal documents in case of execution of malicious software which may harm/damage your files.
I recommend if anyone reading this is looking for a "best" antivirus, you start using the free trials the products usually provide for testing purposes, and then if you like the product enough, purchase it and use it. Only you can decide upon which product you want and should use.
The safest way to stay free from infection would be to lockup your system and never use it again. Originally I was going to say to never connect to the internet... But you could then always be infected via removal storage media. Point being, if you are using a computer at all then the risk is always there, and when you use it whilst connected to the internet then the risk is increased due to the content out there and the hackers waiting for their next victim.
Cheers.
I see more and more threads over time asking what the best Antivirus product is... So I made this thread to explain that there is not a "best" Antivirus product and why there isn't one.
With the increase of malware spreading all the time (and not just "malicious software", but adware/PUPs are a lot more popular nowadays than they used to be in my opinion), it's impossible for any current security company to provide a product which can detect and block every threat out there.
Each Antivirus product may have it's own strength, however an important note is that most Antiviruses have their own different and unique databases used in the product. I said "most" since some products use another Antivirus engine. Although, usually they would still have their own different database anyway.
Antivirus vendors realized that the standard hash detection (MD5, SHA-1, SHA-256) was not going to be enough years ago, so they moved to developing new features for protection such as HIPS/BB. They also started implementing "heuristic" analysis (this could be both static and analysis. For example, the heuristics could have static analysis for detection based on the bytes in the executable, however it may then have dynamic analysis detection based on the API calls the process will make once it's executing).
Static analysis detection = detection without executing the executable.
Dynamic analysis detection = detection in real-time for when the executable is executing.
No HIPS/Behaviour Blocker can block every threat. The only way it can would be by blocking everything, including legitimate applications.
The closest I can see any company reaching the "best" protection would be to adapt to whitelisting over blacklisting. Although, this alone has flaws. The first issue with it, is what about new software? I can't even imagine how crazy everyone would be if they had to wait weeks for their software to be whitelisted by a company. Secondly, whitelisting would be a pain in the end because it will block legitimate applications which are not whitelisted. It would also cause a lot more hassle for the user.
On top of the whitelisting idea (companies have actually already started to try this, and it does work well to an extent), what if a malware writer managed to outsmart all the staff at a specific security company who are managing the whitelisting? What if they managed to fool and succeeded, and had programmed their malicious software so well that it tricks all the staff and becomes whitelisted? Don't get me wrong, staff at security companies are very smart, however it's always a possibility.
The only way to have a "best" antivirus would be for all the antivirus vendors except one to stop their companies and drop all their products. This would leave 1 antivirus product - ending the competition. Since there is then only one antivirus product available, then it is surely the best right? Of course it still won't have 100%, but it would be the best since it would be the only one available. I am afraid to say I don't think this will ever happen.
Of course there are cases when another antivirus product is shown to be more effective than another. I am not trying to say every product is the same. For example, I would happily agree that Emsisoft is far more effective at preventing malware infections than ClamAV. Nonetheless, even with another product "seeming" better than another, there is still no "best" antivirus.
You'll notice some vendors put something like "99.9% detection rate" on their websites. This is advertising to try to get new customers - I don't personally agree with that kind of advertising because I think it's misleading and unfair to the average customer who is not so aware of the real situation...
There are also companies like VirusBulletin, AV-Comparatives who perform tests on different antivirus products. Just because one product scored top in their tests won't make it the "best". Most of us are aware that Bitdefender has won awards from AV-Comparatives and won in the past, but I am sure there are many users on this forum who are willing to disagree that Bitdefender is better compared to a product like ESET or Emsisoft. It's user opinion based. Due to the amount of samples out there and being released everyday, it is impossible for any testing companies to tell you which vendor really has the "best" detection. Some have a good detection with certain samples, some don't. Some companies work extremely well some weeks/months, some don't. It's just how things work.
When you see a thread asking what the best Antivirus is, the comments people put down regarding different antivirus products are their opinion. It's more of what their "favourite" Antivirus is, as opposed to what the best antivirus is.
If anything, the best antivirus available out there is yourself. Don't always be click-happy. Do your research before you run an application (especially if you are going to grant it Administrative priveleges). Try running a new program in an virtualized environment before your real system. Keep a backup of all your personal documents in case of execution of malicious software which may harm/damage your files.
I recommend if anyone reading this is looking for a "best" antivirus, you start using the free trials the products usually provide for testing purposes, and then if you like the product enough, purchase it and use it. Only you can decide upon which product you want and should use.
The safest way to stay free from infection would be to lockup your system and never use it again. Originally I was going to say to never connect to the internet... But you could then always be infected via removal storage media. Point being, if you are using a computer at all then the risk is always there, and when you use it whilst connected to the internet then the risk is increased due to the content out there and the hackers waiting for their next victim.
Cheers.
