[Donna]

I mentioned in a recent post Active Virus Shield that I was curious to know how Active Virus Shield (powered by Kaspersky) would perform by allowing it to scan a computer that has known risks and infections. After running the scan with Active Virus Shield, I decided to test the other 3 freeware antivirus products - AVG, AntiVir and Avast!.

AVG, AntiVir and Avast are widely used programs so the arrival on the scene of Active Virus Shield is somewhat interesting because it is a service now being offered at no charge by AOL. There are some users do not like having anything from AOL on their computers but Kaspersky is generally regarded as one of the more reputable antivirus program. Still, some users posted that are hesitant to try Active Virus Shield after they've read the End-User License Agreement (EULA) bundled with the service by AOL.

To see the EULA of Active Virus Shield, please go to this topic and you'll find it posted by another of our CoU Members.

TESTING ENVIRONMENT:

• A PC with 2 hard drives. Windows XP is on Master Drive. Local Drive is C. The Slave drive contains data and/or executables. Both drives have infections. Most infections are known trojans, worms, virus and other type of malware (Not Zoo). Zoo is a threat that exists only in virus and antivirus labs, not in the wild. Most Zoo threats never get released into the wild and, as a result, rarely threaten users.
  
• Total # of infection: 140 confirmed known risks or infections (executables and infected files which contains virus, trojan, malware) and 30 infected emails (as attachments - some are password protected while others are not).
  
• Location of Infection: 140 infected files are on drive D. 30 infected emails in drive C - in Windows>Mail Directory. E-mail Client is Outlook Express.
  
• Infected files were gathered from users who sent the samples to me via email after I analyzed their HijackThis log. Some files were downloaded from the net. Others came with unsolicited emails in the form of phishing and spam with or without attachment (see image below)

It's easy to get infections if one simply downloads unsolicited or dubiously sourced emails:



PRODUCTS FOR TESTING: Freeware antivirus programs that offer and claim real-time protection.

TEST POLICY: No antivirus program is configured to HEAL, CLEAN, DELETE or MOVE to Quarantine any infection. Each antivirus program was configured only to SCAN, DETECT and then REPORT what it found during the scan and while it was running. Hard drive backup was created to ensure the same availability of infections each time I wished to run the test.

TEST 1: Active Virus Shield

About Active Virus Shield:



Detection result:



Active Virus Shield detected 157 out of 170 infections/risks. No False positive detections.

TEST 2: AntiVir

About AntiVir:



Detection result:



AntiVir detected 79 out of 170 infections/risks. 11 False positive detections.

TEST 3: Avast! Home Edition

About Avast!:



Detection result:



Avast! detected 104 out of 170 infections/risks. 1 False positive detection.

TEST 4: AVG Free

About AVG:



Detection result:



AVG Free detected 8 out of 170 infections/risks. No False positive detections.

Summary of Results:

• AntiVir detected 79 out of 170 infections/risks. 11 False positives. 26 infections found in Drive C, 53 infections in Drive D.
  
• Avast! detected 104 out of 170 infections/risks. 1 False positive. 27 infections found in Drive C, 77 infections in Drive D.
  
• Active Virus Shield detected 157 out of 170 infections/risks. No False positives. 30 infections found in Drive C, 127 infections in Drive D.
  
• AVG detected 8 out of 170 infections/risks. No False positives. 0 infection found in Drive C, 8 infections in Drive D. Please note that AVG's test result is "No Virus Found" after I ran "Scan My Computer". Selecting "Scan My Computer" is its method to scan all local drives. AVG Free only found infections when I ran a separate test by selecting "Shell Extension Test" for local drive. I ran the AVG scan many times (in 2 days!) to see if there is any difference with it's test results. See below image as proof that AVG scan was not done just once but quite a few times:
  

Notes:

Please do not use the above as your basis for choosing which program you should use. The following reasons detail why:

1. The infected system is not infected with viruses alone. Please read the state of the system for information on what the risks were present on the system and how they reached it.

You should also read the software vendor's website to read what can be detected by their product.

2. Kindly note that some antivirus programs do not detect exploits, spyware, potential unwanted programs et al. In other terms, infections that are not categorized as "virus" are not detected by some antivirus software. For example, AVG (Free) will not detect potentially unwanted programs . Detections for those are only available in AVG's paid version. Whatever the limitations of standalone antivirus, it should be detecting known, in the wild viruses and any infected file that behaves like a virus (that is, if the heuristic engine is good enough to detect one).

3. Different antivirus programs use different methods and engines. Some scanners are fast, while others are slow. Some scanners will scan packed files while others will not. Some scanners do not scan password-protected archives, while others will scan them as long as the user running the scan and the system being scanned both have the proper permissions.

4. Detection result is not the only basis to review any security tool that detects virus. Real-time protection, Removal, EULA, Product Support and Product Updates/Response Time are the other areas to review and consider. Some antivirus may succeed in detection but will fail with removal and vice-versa. The above test is only a "detections" test. It does not include "cleaning" or "removal" tests nor does it include Real-time protection. All infections existed already prior to installation of the antivirus program, which may have affected any of the program's abilities to be able to detect specific infections.

5. There are some antivirus programs that will not detect any infection due to the user's settings. You should review the help file before running a scan. Example: Selecting "System Areas" in AVG means the scanner will be fast but it will not scan any files the engine classifies as "not changed" or apparently in the same state as at the time of the previous scan.

6. This test covered only a sample of 170 infections/risks that are in the wild or known. Since there is the presumption that not all antivirus programs are capable of catching all known viruses, it is possible that AVG (which performed very poorly on this particular test) might catch some viruses that Active Virus Shield won't be able to detect. However, since it is virtually impossible to test all the antivirus programs against the ever changing universe of viruses, this test should be considered just a sampling of the potential for the particular programs, not a definitive indictment against their abilities. We did not contact nor communicate with the program's authors regarding the findings of our tests, so we aren't aware if they may have any explanations concerning the relatively wide gap in performance.

7. The choice of your antivirus program should be made after you've conducted careful research. We do not support, represent nor endorse any particular product. Similarly, we do not recommend any user remove or stop using any particular product based upon the results of this test. Please do not accept the findings of our test to infer the superiority of one or the inferiority of another. Rather, please use this test to alert you that not all programs perform similarly.

8. We recommend visiting the websites linked below to view other recent results of Antivirus Testing, but please view them also with all of my comments above still in mind:

• AV-Test.org
  
• AV-Comparative.org
  
• Tech Support Alert's The Home Computer Security Mess

Kindly view our Disclaimer on Product Reviews and Research

[Haroldo]

I dropped AVG a few months ago when I read that they failed to detect a major virus. I am not an expert, but if I am using an antivirus program, I need to have faith in it. I lost faith.
I switched to McAfee, which was being offered free of charge since I am a Comcast subscriber.
Switching took under 5 minutes.

[weaselthatbites]

Firstly thanks a lot Donna for doing those tests They were illuminating.

Okay...been a long time user of AVG....but that test is kinda scarey. Except that I do try out the big boys regularly...eg Kaspersky, Nod etc - maybe once every 3 months or so I will download and try the trial product, and it NEVER finds anything. ZIP.

Which probably means that my internet habits are very safe and there is nothing there to find.

I will keep this test in mind as with the January one where it failed quite badly with the WMF exploit, but for the moment am happy to stick with AVG. When one of the commercial products finds something on my machine that shouldnt be there, then will consider switching. Until that time, I think its best to stick with the one that works for me.

Also, it would be nice if that AOL EULA was cleaned up a bit...it looks better now, but still not to my satisfaction.

[Haroldo]

McAfee didn't find anything either, so I guess I might have good habits, also. The real question is...can you trust that they will be able to protect you when you need them?
I, for one, can't answer that, but the results seem to indicate that you might not be able to!

[Haroldo]

A while back (after the WMF debacle) we asked our members if they were going to switch or keep AVG. Here is the survey.

[guest]

36.73% chose to stay with AVG
22.45% chose to switch probably because they could not get their WinXP to pass WGA validation to install Microsoft's update
34.69% like to answer time wasting surveys

[mark5019]

YoKenny, on Aug 22 2006, 04:55 PM, said:

36.73% chose to stay with AVG
22.45% chose to switch probably because they could not get their WinXP to pass WGA validation to install Microsoft's update
34.69% like to answer time wasting surveys

ok i just switched from avg to macaphee
question what about there fire wall im useing za free?

[guest]

Quote

question what about there fire wall im useing za free?

Stick with ZA.

I use the venerable old Kerio v2.1.5

It can't be beaten as it uses only a little bit of resources and is tried and true.

[Alk]

Take a read of this as well about the new AOL scanner, it's disadvantages, and the other free comparitives.
http://techsupportalert.com/issues/al_curr...htm#Section_6.1

[boopme]

Thanks Donna for all your work, and good info. I still use AVG free,no problems for a couple years. I guess I surf pretty safely tho. I dor un Panda and Trend micro and Ewido free scans every month or so and nothing turns up, so I feel comfy til I see signs of failure.

[Donna]

Hi All,

Please note that the this test result is not against with any of the antivirus program
AVG, Avast, AntiVir and Kaspersky are good antivirus programs. Their detections will of course differ from one another. It is very rare to see two AV to perform the same. The intention of this test is not to kick one or two antivirus but to show how they perform in detecting known risks. The numbers of infections is maybe little, that is OK. Big or small #, there will be no difference. The important thing is we've seen how the AVs perform.

If we will read the report by experts (the labs), the result is similar which is why for example... av-comparative.org ranked AVG as "standard" antivirus instead of "advanced" and/or "advanced+"
Then AntiVir, avast and Kaspersky received "advanced" as rank.

For the record, I have AVG Pro version and it flagged 30+ infection/risks out of 170.
It detected trojans, viruses and worms and some of the potentially unwanted programs.

Some readers might think that the only infection that is available here are mostly adware, spyware. Wrong. Half of the infected files are not spyware.


Thanks all!

[927]

antivir classic:
the file scanner does not detect ad/spyware but the webscanner does, i think.
i used classic for two days i'am 100% sure that i got warnings from zango (on www) and thats what i call adware

[hewee]

Great report you did Donna.

Have AVG free also and have never found anything on my PC yet.
But your right you have to set it up right because by default it only scans the C: drive for one thing.

[Donna]

927, on Aug 23 2006, 02:46 AM, said:

antivir classic:
the file scanner does not detect ad/spyware but the webscanner does, i think.
i used classic for two days i'am 100% sure that i got warnings from zango (on www) and thats what i call adware

Hi,

Thanks for sharing.
The scan result of Antivir detected some of spyware on the test machine.
AV-test.org also found Antivir PE Classic has removed some spyware/adware during their test - only 5% though. Avast, as per av-test.org removed 33% while AVG removed none which is expected since AVG Free don't detect it.

We know that viruses and worms is best handle by antivirus, spyware and adware is best handle by antispyware. Same with trojans. It is best handle by antitrojan. However, if one or two of the freeware antivirus can provide better detections, then that's good because the internet and PC user will have extra protection.

[927]

ok.

i got some test samples om my computer (one zlob, one vundo and one istbar file) and if i open that folder PE decects these files. Classic none, not even when i marked them.

http://www.free-av.com/

(i also sent some files to avira but they told me that the where already inluded in the signatures and detected by PE i did not know about the difference between PE and Classic )

This post has been edited by 927: 23 August 2006 - 10:29 PM

[cloussau]

interesting to note the different length of times associated with each scan Avast @ 3 hrs 18min against AVG at 30 min ???

[Donna]

Yes. Avast scanned the computer for many hours. I didn't pause it. It really finished after 3 hours.
Google it and will find that it's known in avast if one choose "Thorough" scan including archived files.

AVG finished scanning in less than avast - for one drive alone. If you want screenshot of the the other drive.. here it is:
Drive C



It took only 26 minutes & 3 seconds for AVG Free to finished scanning the Drive C. Total files scanned is in the screenshot.

For "Complete Test" scan result of AVG:


It took less than 30 minutes for AVG to scan both drives. System Integrity scan is disabled by unchecking "scan system area".

When I allow it to scan also the "system area before the test start", the scan time is also less than 30 minutes.

Hope this help.

[SR71BlackBird]

AOL Active Virus Shield was trapped by my firewall, and i found that it's transfering pretty large amount of data outbound. Here is the screenshot:




PS: this is not from the update process of the AOL Active Shield.

[Donna]

SR71BlackBird, on Aug 23 2006, 10:34 PM, said:

AOL Active Virus Shield was trapped by my firewall, and i found that it's transfering pretty large amount of data outbound. Here is the screenshot:




PS: this is not from the update process of the AOL Active Shield.

Hi,

Those remote IP address is own by Google as per Whois.
My test doesn't cover where AVS/AVP is connecting, just the detections of AVP/AVS on known infected files in an infected machine but looking into the logs of my firewall software:

attachment

Mine shows only connection to kaspersky.com

I suggest to post in KAV forums:
http://forum.kaspersky.com
Kaspersky moderators or the team will sure help in determining the datas and the remote IP address that you got there. It will be great if you could share that screenshot to them. One thing I'd like to ask.. did you install the AOL Toolbar that is optional in installing the Active Virus Shield?

BTW, there is existing topic at their forums regarding this free Kaspersky antivirus (as AOL service). It's in http://forum.kaspers...showtopic=19410

mrclarke, on Aug 23 2006, 11:03 PM, said:

i run the GRISOFT AVG product and then go to F Secure for an online scan and F Secure finds nothing after the scan by AVG.

and i mean nothing, not even adware, spyware, etcetera.

It's good to know that you are free from any infection mrclarke
Let's remember that the test is not comparing a machine that is infected and a machine that is not infected.

The comparison of 'detections' by freeware antivirus in a machine that contains infected files

Hope this helps.

Attached thumbnail(s)

•