types

This is the second, in a three part series, on selecting anti-virus and end point protection software. The first post provided a background on the type of threats and the protection options. This post will provide a brief overview of the leading solution providers. Part 3 will provide my own solution evaluation and recommendation.

For a full list of IT protection considerations, beyond anti-virus, please read my post on Small business IT security considerations.

Market Share

The table below shows the real time anti-virus market share according to a company called OPSWAT (“real time” refers to scanning for threats in real time rather than retrospectively). OPSWAT provides a free tool to monitor and manage security for up to 25 devices, called OPSWAT Gears. OPSWAT is not a market research organisation, rather they have summarized information collected via OPSWAT Gears for 5,000 of their, mainly enterprise, customers.

Worldwide products vendors january 2014

Table 1 – Worldwide Products Vendors January 2014 (real time protection enabled).

(source: OPSWAT, Antivirus Market Share Report January 2014)

Independent testing

AV Comparatives, a not for profit organisation, provides an overview of the main independent anti-virus testing laboratories, of which itself is included. AV Comparatives claim to have the broadest range of tests, and while their are some obvious conflicts of interest in self evaluations, I am accepting their claim.

The following table, from AV Comparatives, provides a summary of their various tests performed over 2013. A brief summary of each test follows this chart. The vendors are ranked in order, with the best performing at the top of the table, Kaspersky lab.

AV Comparatives - Summary 2013

Table 2 – AV Comparatives, summary of tests performed over 2013

 (Source: AV Comparatives, Anti-Virus Comparative – Summary Report 2013)

The following test descriptions are taken directly from the AV-Comparatives site. Please follow the links for additional information.

  • File Detection Test – The File Detection Test assesses the ability of antivirus programs to detect malicious files on a system.
  • Proactive Test – The retrospective tests evaluate the products against new and unknown malware to measure the proactive protection capabilities.
  • Performance Test – These tests evaluate the impact of anti-virus software on system performance
  • Real-Word Test – This section contains full product long-term dynamic test reports.
  • Anti-Phishing Test – These tests evaluate the protection provided against phishing websites
  • Malware Removal Test – These tests focus only on the malware removal/cleaning capabilities.

For me it is immediately obvious that comprehensive anti-virus testing is very involved. For this reason, I defer to the results of professional test laboratories, and in particular to AV-Comparatives.

Vendor observations

Free antivirus

Avast! Free Antivirus, Avira Free Antivirus, and AVG Anti-Virus Free edition occupy the 2nd, 4th and 5th market share positions respectively, accounting for close to 25% of the market. All three providers state their free products are not to be used for business use (avast here), (Avira here), (AVG here). I suspect that there are some businesses not abiding within the licensing requirement. Naturally they have paid products aimed at business on offer.

MalwareBytes

In the full market share report (download required), OPSWAT make an interesting observation that a significant proportion of the summary group use a second anti-virus product from a vendor called MalwareBytes. MalwareBytes provide a free product specifically targeted at retrospective virus removal, rather than real-time detection (MalwareBytes real-time detection product, Anti-Malware Pro, is ranked 7th in market share Table 1).

MalwareBytes claim to protect devices from new online threats that anti-virus can’t detect. This claim has some validation, as MalwareBytes is the second most prevalent installed anti-virus product, when considering both non-real time products, such as virus removal tools, and real time anti-virus products  (as shown in the above table). For me, this means just one anti-virus product for small business may be insufficient

Symantec

Notably, Symantec products are missing, including their Norton ranges of products. I contacted AV Comparatives and was told that Symantec declines to be included in the File Detection Tests, and this test is mandatory for any vendor before inclusion in the summary report.

A quick search on the AV Comparatives site shows the last time Symantec participated in the File Detection test  it ranked 15th out of 18 vendors (August 2011) – I can only wonder if the poor result influenced Symantec’s decision.

Interestingly, Symantec is also missing from file detection results performed by VirusBulletin (Aug 2013 to Feb 2014), when contacted, VirusBulletin confirmed that Symantec also declined to participate.

Microsoft

Microsoft has two free products, which combined account for about 25% of the market share in Table 1. Microsoft Security Essentials is a free download for Windows XP, Windows Vista and Windows 7 machines, while Windows Defender is included as part of Windows 8. Both products are consistently perform at the lower end of test results and indeed a Microsoft Malware Protection Center representative apparently informed one of the independent testing labs that Microsoft has “baseline strategy”. March 2012 File Detection Tests by AV Comparatives appears to support this stance, with Microsoft ranking last out of 22 vendors.

Beyond market share and independent testing

From a small business perspective, there are obviously other important aspects to choosing an anti-virus product, including ease of use and administration, price/value, and vendor support. In the 3rd and final post I will provide an evaluation and recommendation including consideration of these items.