Symantec and McAfee NOT the Best Antiviruses!

You might be tempted to believe that Symantec, McAfee, ESET, Kaspersky or Softwin Labs provide the best antiviruses on the market. In fact, it's well known that these solutions have millions of consumers as they offer very powerful antivirus utilities. But (yeah, I know, there's always a 'but'), a recent research conducted by Cascadia Labs revealed that the technologies mentioned above are NOT the best solutions on the market when it comes to certain aspects of the antiviruses. The lucky (or maybe - the best) antivirus that provides the most powerful detection of new infectious agents (malware/viruses/spyware/Trojan horses) is included in Sophos Antivirus.

According to the research, the Sophos solution detected 86 percent of the pre-execution malware while McAfee and Symantec found only 43 percent and 51 percent. Symantec's post execution detection won the first place with 18 points while McAfee came second with 2 percent.

"We were disappointed with McAfee's effectiveness. It only caught 43 of our 100 files pre-execution. Although 28 of these were caught with signatures, McAfee's pattern-based recognition and other pre-execution capabilities couldn't keep up with Sophos. McAfee caught 13 more malware samples at execution but none of these could be attributed to its run-time HIPS capabilities. It should be possible to improve McAfee's protection by configuring HIPS rules, but it takes a lot of expertise and time to configure the rule-based HIPS and we conducted our testing with basic HIPS settings in place", Cascadia Labs wrote in the report.

Symantec and McAfee have always been two of the top antivirus technologies on the market and I guess they will remain among the leaders as long as the developers continue to implement more and more security features. For example, the Symantec engineers improved the security of the products with the Proactive Threat Scan feature. However, the report reveals that this function may not be as useful as it might sound.

"Symantec's new Proactive Threat Scan is included to bring additional protection against some malware, but it only runs hourly by default. This default configuration leads to a window of vulnerability where malware is not detected and can inflict damage. Although Proactive Threat Scan can be configured to run when a process starts, it places a heavy burden on the system according to Symantec's documentation and confirmed in our testing", it is mentioned in the report provided by Cascadia Labs.