Comparative characteristics of antiviruses in the table. Comparative characteristics of anti-virus programs. Microsoft antivirus

As one would expect, it is impossible to name the best antivirus program among the reviewed programs, because there are many criteria that users can use when choosing. One thing is certain - all solutions deserve the attention of users and are among the worthy ones. The most functional among them is Kaspersky Anti-Virus, which provides comprehensive protection against the widest range of threats and has impressive customization capabilities. But in terms of combining high functionality and ease of use (that is, ease of use and minimal "noticeability" in the background work), we liked Eset NOD32 to a greater extent. Avast! Antiviruses AntiVirus and Avira AntiVir are also undemanding to system resources and therefore behave modestly when working in the background, but their capabilities will not suit all users. In the first, for example, the level of heuristic analysis is insufficient, in the second there is no Russian-language localization yet and, in our opinion, the management of the modules is not very convenient. As for Norton AntiVirus and Dr.Web, despite all the popularity of the first in the world and well-deserved recognition for the former merits of the second, the palm tree in the perspective we are considering is clearly not on their side. Norton AntiVirus, despite the fact that its latest version is much faster (in comparison with the previous ones) in operation and has a better thought-out interface, still noticeably loads the system and responds rather slowly to the launch of certain functions. Although in fairness, it should be noted that he performs scanning itself quickly. And Dr.Web is not very impressive against the background of other anti-viruses, because its capabilities are limited to protecting files and mail, but it has its own plus - it is the simplest among the reviewed anti-viruses.

Table 1... Comparison of the functionality of antivirus solutions

It is no less interesting, of course, to compare the reviewed antiviruses in terms of the effectiveness of their detection of malicious software. This parameter is evaluated in special and internationally recognized centers and laboratories, such as ICSA Labs, West Coast Labs, Virus Bulletin, etc. The first two issue special certificates to those antiviruses that have passed a certain level of tests, but here is one nuance - all known antivirus packages today have such certificates (this is a certain minimum). Antivirus magazine Virus Bulletin tests a large number of antiviruses several times a year and awards them VB100% awards based on the results. Alas, today all popular viruses also have such awards, including, of course, those we have considered. Therefore, we will try to analyze the results of other tests. We will focus on the tests of the reputable Austrian laboratory Av-Comparatives.org, which tests antivirus products, and the Greek company Virus.gr, which specializes in antivirus software tests and antivirus ratings, and is known for one of the largest collections of viruses. Avira AntiVir Premium and Norton AntiVirus performed best among those reviewed in the most recent on-demand scan testing conducted by Av-Comparatives.org in August 2009 (Table 2). But Kaspersky Anti-Virus was able to detect only 97.1% of viruses, although it is, of course, completely unfair to call this level of virus detection low. For more information, note that the volume of virus databases involved in this test amounted to more than 1.5 million malicious codes, and the difference is only 0.1% - this is neither more nor less, but 1.5 thousand malicious programs. As for speed, it is even more difficult to objectively compare solutions in this aspect, because the scanning speed depends on many factors - in particular, whether the antivirus product uses emulation code, whether it is capable of recognizing complex polymorphic viruses, whether an in-depth analysis of heuristic scanning is carried out, and active scanning of rootkits, etc. All of the above points are directly related to the quality of virus recognition, therefore, in the case of anti-virus solutions, scanning speed is not the most important indicator of their performance. Nevertheless, Av-Comparatives.org specialists considered it possible to evaluate the solutions and according to this indicator, as a result, among the considered antivirus programs, Avast! AntiVirus and Norton AntiVirus.

table 2... Comparison of antivirus solutions in terms of malware detection (source - Av-Comparatives.org, August 2009)

Name		Scanning speed
Avira AntiVir Premium 8.2	99,7	Average
Norton AntiVirus 16.2	98,7	Fast
	98,2	Fast
ESET NOD32 Antivirus 3.0	97,6	Average
Kaspersky Anti-Virus 8.0	97,1	Average
AVG Anti-Virus 8.0.234	93	Slow
Dr.Web anti-virus for Windows	Not tested	There is no data
PANDA Antivirus Pro 2010	Not tested	There is no data

Based on the results of the August testing of Virus.gr, presented in table. 3, the data is somewhat different. Here the leaders are Kaspersky Anti-Virus 2010 with 98.67% and Avira AntiVir Premium 9.0 with 98.64%. By the way, it should be noted right away that the free Avira AntiVir Personal program, which uses the same signature bases and the same testing methods as the paid Avira AntiVir Premium, is quite a bit behind the commercial solution. Differences in the results are caused by the fact that different laboratories use different virus databases - of course, all such databases are based on the collection of wild viruses "In the Wild", but it is supplemented by other viruses. It depends on what kind of viruses they are and what their percentage in the total database is, and which of the packages will become the leader.

Table 3... Comparison of anti-virus solutions in terms of detecting malware (source - Virus.gr, August 2009)

Name	Percentage of detection of different types of malware
Kaspersky Anti-Virus 2010	98,67
Avira AntiVir Premium 9.0	98,64
Avira AntiVir Personal 9.0	98,56
AVG Anti-Virus Free 8.5.392	97
ESET NOD32 Antivirus 4.0	95,97
Avast! AntiVirus Free 4.8	95,87
Norton AntiVirus Norton 16.5	87,37
Dr. Web 5.00	82,89
Panda 2009 9.00.00	70,8

It is also worth paying attention to the extent to which anti-viruses can in practice cope with unknown threats - that is, the effectiveness of the proactive anti-virus protection methods used in them. This is extremely important, since all leading experts in this field have long come to a common opinion that this particular area is the most promising in the antivirus market. Such testing was carried out by Anti-Malware.ru specialists from December 3, 2008 to January 18, 2009. To conduct a test, they collected a collection of 5166 unique codes of the latest malicious programs while freezing the anti-virus databases. Among the antiviruses considered in this article, Avira AntiVir Premium and Dr.Web showed the best results (Table 4), which managed to detect a relatively high number of malicious codes absent in their databases, however, the number of false positives in these antiviruses was also high. Therefore, the experts awarded the laurels of primacy in the form of the "Gold Proactive Protection Award" to completely different solutions. These are Kaspersky Anti-Virus, ESET NOD32 AntiVirus and BitDefender Antivirus, which turned out to be the best in terms of the balance of proactive detection and false positives. Their results were almost identical - the level of heuristic detection was 60% and the level of false positives was in the region of 0.01-0.04%.

Table 4... Comparison of anti-virus solutions in terms of the effectiveness of proactive anti-virus protection (source - Anti-Malware.ru, January 2009)

Name	Percentage of viruses detected	The percentage of false positives
Avira AntiVir Premium 8.2	71	0,13
Dr.Web 5.0	61	0,2
Kaspersky Anti-Virus 2009	60,6	0,01
ESET NOD32 AntiVirus 3.0	60,5	0,02
AVG Anti-Virus 8.0	58,1	0,02
Avast! AntiVirus Professional 4.8	53,3	0,03
Norton Anti-Virus 2009	51,5	0
Panda Antivirus 2009	37,9	0,02

From the above data, only one conclusion can be drawn - all considered antivirus solutions can really be attributed to the number of worthy of attention. However, when working in any of them, in no case should we forget about the timely updating of signature bases, since the level of proactive protection methods in any of the programs is still far from ideal.

I'll make a reservation right away that the article will compare only those antivirus solutions that are common in Russia, namely Kaspersky Anti-Virus , Eset Nod32 , Doctor Web , Symantec / Norton , Trend Micro , Panda , McAfee, Sophos, BitDefender, F-Secure, Avira, Avast !, AVG, Microsoft. Exotics such as G-DATA AVK, F-Prot Anti-Virus and AEC TrustPort will not be considered. So, let's start preparing the tests.

Testing patriarchs

One of the first to test anti-virus products was the British magazine Virus Bulletin, the first tests published on their website date back to 1998. The test is based on the WildList malware collection. To successfully pass the test, it is necessary to identify all viruses in this collection and demonstrate a zero false positive rate on the collection of "clean" log files. Testing is carried out several times a year on various operating systems; Products that successfully pass the test receive the VB100% award. Below you can see how many VB100% awards were received in 2006-2007 by products of various antivirus companies.

Of course, Virus Bulletin magazine can be called the oldest antivirus tester, but his patriarch status does not save him from criticism of the antivirus community. So, at the September Virus Bulletin conference in Vienna, renowned expert Andreas Marx from the AV-Test research laboratory at the University of Magdeburg made a presentation The WildList is Dead, Long Live the WildList! In his report, Marks emphasized that all tests carried out on the WildList collection of viruses (including VB100%) have a number of drawbacks associated with the composition of this collection. First, WildList includes only viruses and worms and only for the Windows platform, while other types of malware (Trojans, backdoors) and malware for other platforms are left out. Secondly, the WildList collection contains a small number of malicious programs and is growing very slowly: only a few dozen new viruses appear in the collection in a month, while, for example, the AV-Test collection during this time is replenished with several tens or even hundreds of thousands of malware copies.

All this suggests that in its present form, the WildList collection is morally outdated and does not reflect the real situation with viruses on the Internet. As a result, according to Andreas Marks, tests based on the WildList collection are becoming increasingly meaningless. They are good for advertising products that have passed them, but they do not really reflect the quality of antivirus protection.

From WildList to tests on large collections

Independent research laboratories such as AV-Comparatives, AV-Tests, are not limited to criticism of testing methods. They test their antivirus products twice a year for on-demand malware detection. Moreover, the collections being tested contain up to a million malicious programs and are regularly updated. The test results are published on the websites of these organizations (www.AV-Comparatives.org, www.AV-Test.org) and in well-known computer magazines PC World, PC Welt, etc. The results of the August tests are presented below:

If we talk about the products most widespread on the Russian market, then, as we see, according to the results of these tests, only Kaspersky Lab and Symantec solutions are in the top three. The leader in the tests Avira deserves special attention, but we will return to this topic further in the section on false positives.

Modeling the user

The tests of the research laboratories AV-Comparatives and AV-Test, as well as any tests, have their pros and cons. The upside is that testing is done on large collections of malware, and that these collections contain a wide variety of types of malware. The downside is that these collections contain not only "fresh" samples of malware, but also relatively old ones. Typically, samples collected over the past six months are used. In addition, these tests analyze the results of a hard drive scan on demand, whereas in real life the user downloads infected files from the Internet or receives them as attachments by e-mail. It is important to detect such files exactly at the moment they appear on the user's computer.

One of the oldest British computer magazines, PC Pro, attempted to develop a testing methodology that does not suffer from this problem. Their test used a collection of malware detected two weeks prior to the test in traffic passing through MessageLabs' servers. MessageLabs offers its customers filtering services for various types of traffic, and its collection of malware really reflects the situation with the spread of computer infection on the Web.

The PC Pro team did not just scan infected files, but simulated user actions: infected files were attached to messages as attachments, and these messages were downloaded to a computer with antivirus installed. In addition, using specially written scripts, infected files were downloaded from the web server, i.e. user surfing on the Internet was simulated. The conditions in which such tests are carried out are as close to real ones as possible, which could not but affect the results: the detection rate of most antiviruses turned out to be significantly lower than with a simple on-demand scan in the AV-Comparatives and AV-Test tests. In such tests, an important role is played by how quickly antivirus developers react to the emergence of new malicious programs, as well as what proactive mechanisms are used when detecting malicious programs.

Rapid response team

The speed at which antivirus updates with new malware signatures are released is one of the most important components of effective antivirus protection. The sooner the signature database update is released, the less time the user will remain unprotected. In April 2007, the AV-Test laboratory team conducted a study of the reaction rate to new threats for the American magazine PC World, and this is what they got:

Known unknown

Recently, new malware has emerged so frequently that antivirus labs have barely time to respond to new samples. In such a situation, the question arises of how an antivirus can resist not only already known viruses, but also new threats, for the detection of which a signature has not yet been released.

To detect unknown threats, so-called proactive technologies are used. These technologies can be roughly divided into two types: heuristics (detects malicious programs based on the analysis of their code) and behavioral blockers (block the actions of malicious programs when they are launched on a computer, based on their behavior).

If we talk about heuristics, their effectiveness has long been studied by AV-Comparatives, a research laboratory led by Andreas Clementi (Andreas Clementi). The AV-Comparatives team uses a special technique: antiviruses are checked against the latest virus collection, but antivirus with signatures of three months ago is used. Thus, the antivirus has to confront malware that it knows nothing about. Antiviruses are checked by scanning a collection of malware on the hard drive, so only the effectiveness of the heuristic is checked, another proactive technology - behavioral blocker - is not used in these tests. As we can see, even the best heuristics currently show a detection rate of only about 70%, and many of them also suffer from false positives on clean files. All this, unfortunately, suggests that so far this proactive detection method can only be used simultaneously with the signature method.

As for another proactive technology, a behavioral blocker, there have not been any serious comparative tests. First, many anti-virus products (Doctor Web, NOD32, Avira, etc.) lack a behavioral blocker. Second, these tests are difficult to carry out. The fact is that in order to test the effectiveness of a behavioral blocker, it is necessary not to scan a disk with a collection of malicious programs, but to launch these malicious programs on the computer and observe how successfully the antivirus is blocking their actions. This process is very laborious, and only a few researchers are able to undertake such tests. All that is available to the general public so far is the results of individual product testing by the AV-Comparatives team. If, during testing, antiviruses successfully blocked the actions of unknown malicious programs during their launch on a computer, then the product received the Proactive Protection Award. Currently, such awards have been received by F-Secure with DeepGuard behavioral technology and Kaspersky Anti-Virus with its Proactive Defense module.

Infection prevention technologies based on the analysis of malware behavior are gaining popularity, and the lack of comprehensive benchmarks in this area is alarming. Recently, there was hope for the emergence of such tests: specialists from the AV-Test research laboratory held an extensive discussion of this issue at the Virus Bulletin 2007 conference, in which the developers of antivirus products also participated. The result of this discussion was a new methodology for testing the ability of anti-virus products to resist unknown threats. This technique will be presented in detail at the end of November at the Asian Antivirus Research Association conference in Seoul.

False positives are worse than viruses

A high level of malware detection using various technologies is one of the most important characteristics of an antivirus. But, perhaps, no less important characteristic is the absence of false positives. False positives can do no less harm to the user than virus infection: block the operation of the necessary programs, block access to websites, etc. Unfortunately, false positives are common. After another update in September 2007, AVG antivirus began mistaking Adobe Acrobat Reader 7.0.9 for the SHueur-JXW Trojan, and NOD32 antivirus in July 2007 informed users about the detection of the Tivso.14a.gen Trojan when it encountered banners from serving-sys. com on popular sites like Yahoo, MySpace and other news-focused portals.

In the course of its research, AV-Comparatives, along with antivirus detection capabilities of malware, also runs false positive tests on collections of clean files (see the chart below for results). According to the test, Doctor Web and Avira antiviruses are the worst with false positives.

We treat what was not caught

Regrettably, there is no one hundred percent protection against viruses. From time to time, users are faced with a situation when a malicious program entered the computer and the computer was infected. This happens either because the computer did not have an antivirus at all, or because the antivirus did not detect the malware either by signature or proactive methods. In such a situation, it is important that when an antivirus with fresh signature databases is installed on the computer, the antivirus can not only detect the malicious program, but also successfully eliminate all the consequences of its activity, cure active infection. It is important to understand that virus writers are constantly improving their "skills", and some of their creations are quite difficult to remove from the computer - malicious programs can mask their presence in the system in various ways (including using rootkits) and even interfere with the work of antivirus programs. In addition, it is not enough to simply delete or disinfect the infected file, you need to eliminate all changes made by a malicious process in the system (for example, changes in the registry), and completely restore the system's performance. The authors are not aware of only one group of researchers who conduct tests for the treatment of active infection - this is the team of the Russian portal Anti-Malware.ru. The last such test they conducted in September last year, its results are presented in the following diagram:

We integrate the estimates

Above, we examined a variety of approaches to testing antiviruses, showed what parameters of antivirus operation are considered during testing. It is clear that some antiviruses are winning one indicator, others - another. At the same time, it is natural that in their advertising materials, antivirus developers focus only on those tests where their products occupy leading positions. For example, Kaspersky Lab focuses on the speed of reaction to the emergence of new threats, Еset - on the power of its heuristic technologies, Doctor Web describes its advantages in curing active infections. But what should the user do, how to make the right choice?

We hope this article will help users in choosing an antivirus. To do this, the results of a variety of tests were presented to give the user an idea of \u200b\u200bthe strengths and weaknesses of antivirus software. It is clear that the solution that the user chooses must be balanced and according to most parameters must be among the leaders in the test results. For the sake of completeness, the positions taken by antiviruses in the tests reviewed are summarized in a single table below, and an integrated assessment is displayed - what is the average place for all tests for a particular product. As a result, among the top three winners: Kaspersky, Avira, Symantec.

In this benchmarking test, we examined the effectiveness of HIPS antiviruses and programs in countering the latest malware samples transmitted to users in the most common method now - through infected websites.

Introduction

Almost all tests of antivirus protection quality conducted by other laboratories (AV-Test.org, AV-Comparatives.org) were criticized by the professional community about their certain synthetic nature or separation from real life.

The first and main complaint was that when running a scan of file collections, only some components of antivirus protection are tested, such as classic signature detection or heuristics, while the possible contribution of relatively new technologies, such as behavioral analysis or HIPS, is not taken into account in any way. In addition, the work of other protection components included in modern "combines" (Internet Security class products) in addition to antivirus, for example, Firewall / IDS (can detect suspicious traffic and signal an infection), check HTTP traffic on the fly, etc. ...

The second good reason is that the real user does not store or run old malware on their hard drive. As a rule, new samples come to him, from which his antivirus may not protect. Methods of getting malware onto a computer are also important. Infection can occur when you open a link received in some way (by e-mail, ICQ, etc.) or simply found in a search engine, opening a file attached to a letter, a file downloaded from the network or copied from an external media.

Their effectiveness can largely depend on the method of penetration, since for some antiviruses the threat of infection can be eliminated even at the stage of an attempt to activate a malicious script on a web page, while for others it can only be done by activating the downloader downloaded by the exploit, while the third is even further - when a downloaded malware program is launched.

In our benchmarking test, we examined the effectiveness of antiviruses against the latest malware samples transmitted to users. the most common way now - through infected websites. To do this, we collected links to infected sites from various sources (daily collections of links from MessageLabs + help from our community). As a rule, each of us stumbles upon such links in search engines, receives by e-mail, ICQ or other means of Internet communication, including social networks.

Benchmarking is about checking complex the ability of antivirus software to counter the latest malware threats spread across infected websites.

Benchmarking methodology

The test took place from August 5 to September 15, 2008. Before starting the test, the testing environment was prepared. To do this, under the control of VMware Workstation 6.0.3, a set of clean virtual machines was created on which the Microsoft Windows XP Pro SP2 operating system was installed (the latest updates were intentionally not installed). Each machine was individually installed with its own protection program from the list below.

Whenever possible, we took into the test products for integrated protection of the Internet Security class, but if there were no such products in the vendor's line, then we used the younger products in the line. As a result, the comparison involved:

Avast Antivirus Professional 4.8-1229
AVG Internet Security 8.0.156
Avira Premium Security Suite 8.1.0.367
BitDefender Internet Security 2008 (11.0.17)
Dr.Web 4.44
Eset Smart Security 3.0.667
F-Secure Internet Security 2008 (8.00.103, aka STREAM Antivirus)
G DATA Internet Security 2008
Kaspersky Internet Security 2009 (8.0.0.454)
McAfee Internet Security Suite 8.1
Microsoft Windows Live OneCare 2.5
Norton Internet Security 2008 (15.5.0.23)
Outpost Security Suite 2009 (6.5.2358)
Panda Internet Security 2008 (12.01.00)
Sophos Anti-Virus 7.3.5
Trend Micro Internet Security 2008 (10.16.1182)
VBA32 Workstation 3.12.8

Also, two special programs for proactive protection against the latest types of threats of the HIPS (Hosted Intrusion Prevention System) class participated in the comparison:

DefenseWall HIPS 2.45
Safe "n" Sec Pro 3.12

Unfortunately, in the course of the test and the processing of the results obtained, some vendors released updates to their products, which could not be reflected in the final results.

It is important to note that all antiviruses were tested with standard default settings and with all the latest updates received in automatic mode. In essence, a situation was simulated as if a simple user with one of the tested security programs installed on his site was using the Internet and followed the links of interest (obtained in one way or another, see above).

Selection of malware

For the test, we selected links to sites infected only with the latest malware samples. What does "newest" mean? This means that these samples of malicious programs downloaded from the links should not have been detected by file antiviruses in more than 20% of the list of tested products, which was checked through the VirusTotal service (a total of 38 different antivirus engines are connected to this service). If the selected samples were detected by someone, then the verdicts were usually inaccurate (suspicion of infection or a packed object).

The number of images that met these requirements was small, which significantly affected the size of the final sample and the timing of testing. In more than a month of testing, 34 working links for the latest malicious programs were selected.

Assessment of results

Detecting an exploit on an open web page (malicious script), or blocking the opening of the page by the anti-phishing module.
Detection of a downloader program transmitted by an exploit (a special program that is used to download other malicious programs, such as a Trojan, to the victim's computer) web antivirus or file antivirus.
Detection of the downloaded malware during its installation (usually using behavioral analysis).

For any of the above options to prevent infection, the antivirus was set 1 point... No distinction was made, since from the user's point of view it does not matter at what stage and which protection component eliminated the infection threat. The main thing is that it has been eliminated. If the infection was not prevented, including partially, then the antivirus was installed 0 points.

In fact, such a rating system means the following. 1 point was given if an infection attempt was explicitly detected or a suspicious action was detected, and the infection was completely suspended provided that the user selected correctly in the dialog box (about detection of a dangerous action, prevention of an infection attempt, detection of an attempt to launch a suspicious program, detection of an attempt file changes, etc.). In all other cases 0 points were given.

It should be noted that in some cases the presence of a malicious program on a computer was detected after infection using a file monitor or firewall / IDS, but the antivirus could not cope with the infection. In this case, the antivirus was still given 0 points, since it did not protect against infection.

HIPS-class programs were evaluated according to the same principle as antivirus programs. They were given 1 point in all cases when malicious or suspicious activity was detected and infection was prevented.

Benchmarking results

The final results of comparative testing of antivirus programs and HIPS are presented below in Figure 1 and Tables 1-2.

Figure 1: Effectiveness of various protection programs against the latest threats

Table 1: Effectiveness of antivirus programs against the latest threats

Antivirus		% of max (34)
Kaspersky
Avira

Sophos
BitDefender
F-Secure (STREAM.Antivirus)
Dr.Web
G Data
Avast!
Outpost
Trend Micro
Microsoft
Eset
McAfee
Panda
Norton
VBA32

Among antiviruses, the best were Kaspersky Internet Security, Avira Premium Security Suite and AVG Internet Security, which were able to prevent infection in 70% of cases and more. Sophos Anti-Virus, BitDefender Internet Security and F-Secure Internet Security (aka STREAM Antivirus) turned out to be slightly worse, breaking the 50% barrier.

The high protection rates of Kaspersky Internet Security are primarily associated with the built-in HIPS component, which allows evaluating malicious ratings of any applications using reputation mechanisms (whitelisting).

Avira Premium Security proved to be effective due to the high level of detection of exploits (see table 3 in the full test report) and packed objects (meaning the detection of malware by the packer used in it). Proactive detection technologies in AVG Internet Security, Sophos Anti-Virus, BitDefender Internet Security, and F-Secure Internet Security (STREAM Anti-Virus) turned out to be quite effective, which came in from 3rd to 6th, respectively. An application control module (DeepGuard technology) was noticed in the work of F-Secure Internet Security.

It is important to note that when malware was detected (alerts), many compared products often could not prevent infections.

Table 2: Effectiveness of HIPS Against Emerging Threats

HIPS	Number of infections prevented	% of max (34)
DefenseWall HIPS
Safe "n" Sec

As can be seen from Table 2, DefenseWall HIPS showed a very high result among HIPS-class programs, which was able to detect attempts to infect the system by almost 100%. Safe "n" Sec turned out to be less effective, but its result is still much better than many antiviruses compared in this article.

Safe "n" Sec and DefenseWall HIPS products are very different in how they interact with users. If Safe "n" Sec is similar in principle to antivirus products and does not require special training, then in relation to DefenseWall everything is not so simple. To learn how to use the latter effectively, you must at least have some knowledge and experience, as well as carefully read the user manual.

It should be noted that the above results are not the ultimate truth, testifying to the super-reliability of some and the weakness of others. The test does not claim to be completely objective - this is a small study that should be the first step towards comparative testing of complex anti-virus protection products.

This article should be viewed as a test step towards comprehensive testing of the real effectiveness of antivirus software protection. In the future, we plan to improve the methodology of such comparative testing: use a large sample of malicious programs, record and conduct an accurate analysis of the effectiveness of various components of products, etc.

Send your good work in the knowledge base is simple. Use the form below

Students, graduate students, young scientists using the knowledge base in their studies and work will be very grateful to you.

Posted on http://www.allbest.ru/

COMPARATIVE ANALYSIS OF ANTI-VIRUS PROGRAMS FOR COMPUTER

Ivanchenko Alexander Evgenievich,

Chistyakova Natalia Sergeevna,

FSBEI HE "Magnitogorsk State

technical University named after G.I. Nosov "

In this article, we will compare several free antivirus programs and find out which one is safer.

Key words: sandbox, firewall.

Ensuring information security of systems is one of the primary issues. In modern society, the protection of information plays a particularly significant role, since the Internet is teeming with viruses and even the simplest of them can cause serious harm to the computer and the data stored on it. These threats can be of the most varied nature - disrupting the system by destroying important system files, stealing important information, passwords, documents. This leads to sad consequences - from reinstalling the system to losing important data or money. Therefore, the question of choosing an antivirus program for a computer that can protect important data becomes very important. In this article, we will consider some popular antiviruses and try to choose the most optimal one for the average user (most of them will be free, since, nevertheless, free antiviruses are the most accessible for a wide audience of users). So, we will consider 4 antivirus - Avast Free Antivirus, Panda Antivirus, 360 Total Security, ESET NOD32. We will start with a presentation and brief information about each of them.

Avast Free Antivirus is one of the most famous free antivirus programs. Avast includes the AutoSandbox function, which automatically places suspicious files in a so-called "sandbox", where you can fully analyze the file and then disinfect it if necessary. This function saves a large percentage of information from automatic deletion, which in turn helps prevent problems and errors resulting from accidental damage to system files. Avast also has remote support that allows users to connect to each other for mutual assistance. Overall, Avast Free Antivirus is a good choice for the average user, providing good security and protection for the system.

360 Total Security- slightly less than Avast, but still a fairly well-known antivirus that relies on reliability and simplicity, according to its creators. It will appeal to a wide variety of user categories. For beginners, it will be convenient to have a strong automation of the anti-virus functions that protect the computer without direct user intervention. For experienced users, there is flexible application settings, the ability to optimize the system through antivirus and the ability to create several profiles with different settings.

Panda Antiviruspositioned by developers as an easy-to-use, but reliable and effective antivirus. Let's take a look at its functionality. Most of the functions are automated, including automatic scanning of your computer for threats. There is a function of the Panda Cloud Cleaner antivirus boot disk, which allows you to cure the system when it cannot boot itself due to infection.

ESET NOD32 - a fairly effective antivirus with an aggressive approach to detecting and neutralizing threats. Here are just some of its functions: several levels of protection against various variations of unwanted software and viruses; a firewall with the ability to customize the encryption of the connection; parental control; scanning of connected devices. Unfortunately, such an abundance of functions significantly increases the load on the system.

So, for clarity, let us present the results of the analysis of the characteristics and functionality of anti-virus programs in a tabular form (Table 1).

From table 1, we see that if we talk about the number of different functions, then the undisputed leader will be ESET NOD32, and the least reliable are Panda Antivirus and 360 Total Security. Now let's test the interaction of antiviruses with the system. The test results are presented in table 2.

Table 1-Results of a comparative analysis of the characteristics and functionality of antivirus programs

Antivirus functionality	Avast Free Antivirus	360 Total Security
Antivirus Scanner & Antivirus Monitor
Protection of personal information
Heuristic algorithm
Firewall
Email protection
The ability to work in the cloud
Intrusion detection and prevention system
Antispam
Update system
Web protection
Behavioral blocker

table 2-Test results for the interaction of antivirus with the system

In tests, it showed itself the most "easy" for the system Avast Free Antivirus.360 Total Securityand Panda Antivirusslightly inferior in scanning speed, while ESET NOD32almost does not lag behind. The favorites for memory usage are Avast and Panda. ESET NOD32 and 360 Total Security consume significantly more memory.

Thus, the most optimal antivirus option is Avast Free Antivirus, which showed good results both in the review of the functionality and in tests. antivirus review security optimal

ESET NOD32 is also a good option, but, as mentioned earlier, it loads the system significantly.

360 Total Security and Panda Antivirus are not bad choices for newbies thanks to the automation of many functions and a nice simple interface, but still inferior to the first two antivirus in terms of security settings.

Bibliographic list

1. Gaisina A.D., Makhmutova M.V. Problems of ensuring information security of the automated system of an enterprise / In the collection: Modern instrumental systems, information technologies and innovations. Collection of scientific papers of the XII-th International scientific-practical conference. Managing editor: A.A. Gorokhov 2015.S. 290-293.

2. Bobrova I.I. Information security of cloud technologies / In the collection: Information security and prevention of cyber extremism among youth. Materials of the intra-university conference. Edited by G.N. Chusavitina, E.V. Chernova, O. L. Kolobova. 2015.S. 80-84

3. Chernova E.V., Bobrova I.I., Movchan I.N., Trofimov E.G., Zerkina N.N., Chusavitina G.N. Teachers training for prevention of pupils deviant behavior in ICT / In the collection: Proceedings of the 2016 Conference on Information Technologies in Science, Management, Social Sphere and Medicine (ITSMSSM 2016) 2016, pp. 294-297.

4. Makhmutova M.V., Podkolzina L.V., Makhmutov R.R. Application of innovative educational technologies in the study of the foundations of information security of organizational management systems / M.V. Makhmutova, L.V. Podkolzin, R.R. Makhmutov // In the collection: Information security and prevention of cyber extremism among young people. Materials of the intra-university conference. Edited by G.N. Chusavitina, E.V. Chernova, O. L. Kolobova. 2015.S. 297-305.

Posted on Allbest.ru

...