Talk:AntiVirus Comparison - Initial Cut

From CastleCopsWiki

Jump to: navigation, search

Contents

Changes

A table intended to allow a quick comparison of popular AVs. I've offered a suggested layout only. Feel free to revise to a more suitable table layout and start adding content. --Ikester 12:57, 29 November 2005 (EST)

I populated this page with data submitted by Negster at Talk:Roll_your_own_Free_Security_Suite#Tabular_Comparison_of_Top_AVs and added a couple more items raised in the discussion that might be ranked in some manner. --Ikester 01:42, 3 December 2005 (EST)

Why is the first test shown in raw figures while it is shown as percentage wise for the rest? Showing percentages would allow easier comparison frankly.--Erikalbert 11:49, 7 December 2005 (EST)

Looks good Ike. Made a couple of corrections in table data or presentation.--Negster22 11:10, 3 December 2005 (EST)
Are those percentages in the third and fourth lines? And they represent what? --Ikester 12:50, 3 December 2005 (EST)
??That link brings me to a non-existent page. What's the purpose of the link? --Ikester 12:42, 3 December 2005 (EST)
Nevermind!! No purpose that I can see. The way I got to the table was by clicking on recent changes, and I didn't realize clicking on 'article' brought you to the table--Negster22 13:18, 3 December 2005 (EST)
Ah OK. What about my questions WRT to the numbers in third and fourth lines?--Ikester 18:04, 3 December 2005 (EST)
I'll get back to you on the ??? re: AV table and percentage rankings. As I recall one has to do with overall rank and one with abiltiy to disinfect. Let me check it out.--Negster22 12:23, 4 December 2005 (EST)
The numbers represent detection capabilties taken to the the hundredth of a percent. The gr.virus study assigns percentage rankings based on overall performance within the group of AVs tested.--Negster22 12:36, 4 December 2005 (EST)
I added the percentage signs but just to be clear, the virus.gr study indicates the percentage of viruses detected (and fixed?) of all the viruses tested? How many viruses were tested for BTW?--Ikester 14:11, 4 December 2005 (EST)
OK - In the gr.virus study the % represents the detection rate. The sample contained The 91202 virus samples and the top performer, Kaspersky, detected 99.28% of that total sample. Out of the three free AVs we are researching the top performer was AntiVir with a detection rate of 84.5%. I'm think we should rename the collumn effectiveness or detection capability, because that is the feature we are assessing --Negster22 20:00, 4 December 2005 (EST)
Updated table to reflect these 'finer points'to aid in deciphering the meaning of the numbers.--Negster22 12:56, 4 December 2005 (EST)
BTW, I added the sections for each product to allow a short description of key aspects that can't be easily compared in a table. I also added a row in the table to have which Operating Systems are supported listed for each. --Ikester 18:04, 3 December 2005 (EST)
I was thinking more along the lines of just having a short summary at the bottom of the table. like a conclusion paragraph, not a list. All would be combined into one paragraph. --Negster22 12:39, 4 December 2005 (EST)

I thought Erik's suggestion about ability to run in safe mode was a good one, so I bumped the "interferes with other programs" one. The latter is very important but none of them conflict with ewido which is what I primarily had in mind. We can just mention that elsewhere in text summary format. We could also mention elsewhere that they are all low on resource consumption, and bump that--Negster22 20:24, 3 December 2005 (EST). Well, it turns out they all run in safe mode, too!--Negster22 20:00, 4 December 2005 (EST)
Changed data values under "Can scan on demand in quiet mode (requires no user intervention)"--Negster22 20:38, 3 December 2005 (EST)
Added OSs supported for AntiVir - 98 -> XP (it's a small space)--Negster22 21:11, 3 December 2005 (EST)
Added OSs supported for Avast & AVG - 95 -> XP, AVG requires dl of library files for Win 95--Negster22 21:48, 3 December 2005 (EST)

Split out the OSs supported to differenciate any differences in the way Server versions are supported.--Ikester 01:51, 4 December 2005 (EST)

One thing that I read, and I believe it to be true, disturbing as it may seeem, is that although AVG autoupdates, Grisoft only issues updates about once per month! (Not so with the paid version, but true of the free one.) Preliminary investigation reveals this is the probably the case because if you go to manual updates, the last two available are 12/2/2005 and 10/29/05. It's hard to recommend something which gives malware a one month window of opportunity to infect. --Negster22 12:23, 4 December 2005 (EST)

I don't think anyone not even a first responder should make the decision on what is hard to recommend or not. Even a recognised AV expert would be hard pressed to tell you for sure what should or should not be recommended. I can tell you a number of other facts about every AV, that might make you go "it's hard to recommend....", depending on what you think is important.--Erikalbert 04:48, 5 December 2005 (EST)
I did pose the question on the AVG forum, and a highly qualified SE responded to say that AVG Free updates are issued usually on a daily basis, but not on weekends. It seems the report I read is false, which is why I wanted to verify it. I will also keep an eye on the version I dl'ed to to see how often it updates. I certainly don't want to print something damning that isn't accurate.--Negster22 19:40, 4 December 2005 (EST)
Actually both reports can be true. Remember some AVs might have a predefined update schedule, but others might not. Even for those that do have one (say once a week, once a day, or once a month), they will push updates if something fast spreading is found. The 'highly qualified SE' probably mean updates *could* be pushed on a daily basis if something fast spreading occurs. Obviously he isn't saying updates are definitely pushed every day.  :) --Erikalbert 04:36, 5 December 2005 (EST)
I think what is interesting is to find out if paid and unpaid customers have different update schedules. That represents the fact that customers could not be protected as much as they possibly be, because updates are being held back. And this has the advantage of being easily checked, rather than some policy that might easily be changed.--Erikalbert 04:36, 5 December 2005 (EST)
Some antiviruses update more than once a day. This could be in a summary paragraph. See what I mean? --Negster22 12:23, 4 December 2005 (EST)
There's a difference between an antivirus that is set to check for updates every x hours and an explict policy to update. I hope you see the difference. And yes of course I know there are AV's that explictly aim to update every say 8 hours. --Erikalbert 11:21, 7 December 2005 (EST)
Perhaps the table entry could be a number I.e. the min update interval, not just a Yes or No. --Ikester 14:48, 4 December 2005 (EST)
Indeed, as long as it's something objective and quantifiable it can be in a chart. I think a poll might be a good idea for subjective features like Userfriendliness. We can then say 68% of Castle cop users find Antivir most user friendly. Trying to poll on which citeria to list on the other hand seems harder to do--Erikalbert 04:36, 5 December 2005 (EST)
Good points. --Ikester 08:37, 5 December 2005 (EST)

Added opening text, separated Studies from Features, and added text descriptions for a couple of features being compared. --Ikester 14:48, 4 December 2005 (EST)
Added some qualifications and clarification to some table entries (data) and descriptions.--Negster22 21:36, 4 December 2005 (EST)
Aligned all table cells to center of cell. --Ikester 21:52, 4 December 2005 (EST)
Changed autoupdating info for AVAST and AntiVir. They were reversed.--Negster22 22:44, 4 December 2005 (EST)
Added some qualification in these table notes to reflect the added features of AntiVir's beta version:

1 Offers boot scan disinfect; New Beta Version 7 offers immediate disinfect
3 If configured with /AH option in scheduler; New Beta Version 7 has autoupdating feature.

--Negster22 15:40, 6 December 2005 (EST)

Interesting points, but the beginner-intermediate user is hardly going to use a beta, and this is more information than needed. --Erikalbert 11:31, 7 December 2005 (EST)

Changed Note 2 form Cannot disinfect-->Can detect but cannot disinfect--Negster22 14:26, 10 December 2005 (EST)
Updated Table but not done yet and created page to define boot scan. Added Boot scan Option, and Guard Disinfect w/o user interaction (quiet mode)to the table.--Negster22 23:23, 15 September 2006 (EDT)
Updated Avast Features for 4.5 version.--Negster22 23:29, 15 September 2006 (EDT)
Added AV-comparatives 2006 Results, and added an additional note.--Negster22 19:32, 19 September 2006 (EDT)
Added Vista for supported OS for Avast Free.--Negster22 01:04, 6 February 2007 (EST)

Article Discussion - 2006

I would like to get this article out (released) because it has been languishing behind the scenes for sometime. Can we work on eliminating unused/empty tables, updating the AV comparison studies by providing current links, and adding LU's FAQ or glossary when it is ready - to wrap it all up? This way we can provide a link to the AV Comparison article from from the "Roll Your Own" article under the AV section. I think the only way that exists to reach the AV Comparison article now is to access the link via this discussion page? What do you think LU and Ike about cleaning this up and releasing it "in the wild".--Negster22 17:12, 15 September 2006 (EDT)NA

How about creating a proposed article that axes what hasn't been filled out? When and if other info is contributed, it could be added to the released version. --Ikester 00:27, 16 September 2006 (EDT)
Sure, Axe it all, or rather move the second table to another page, I've fill it up later. The FAQ or maybe glossary will be much easier to create then actually testing all the features of the AVs but even that will take me a week before the first rough draft is up. --LU 08:31, 16 September 2006 (EDT)
I like the idea of moving the empty tables to an inactive storage page. Probably most of the AV features are correct in the tables. I will ask swat to review the AntiVir ones for accuracy since he is uses that for his AV and he is the original writer of "Roll".--Negster22 11:30, 16 September 2006 (EDT)
Actually there are a number of security-related articles that are in the same state of affairs (i.e. languishing). Perhaps a proposed series listing is needed so we know what is being worked towards. --Ikester 00:27, 16 September 2006 (EDT)--Ikester 00:27, 16 September 2006 (EDT)
What do you mean by proposed series listing? Anyway this doesn't seem to be the right talk page to discuss it --LU 08:31, 16 September 2006 (EDT)
Fair point. I see you proposed something at Talk:Desired Site Structure. Let's continue there. --Ikester 13:07, 17 September 2006 (EDT)

What really matters in an antivirus - Ike's List

Erik and I have listed what features are important to us. Ike, For comparison's sake, can you now add, the most important features you look for in an AV. (say five)--Negster22 20:28, 3 December 2005 (EST)

Well ... um ... er ... there's the stuff you submitted ... then there's Erikalbert's stuff ... all are important I agree ... then I added the OS line.  :) --Ikester 01:48, 4 December 2005 (EST)
Actually, what i was at getting at is , there is a need for a discussion on what is important. Rather than I think ALL of them are important. To assist in that, I listed as many aspects as I could think of. yes i know my headers were poorly chosen --Erikalbert 05:04, 4 December 2005 (EST)
But seriously I can't think of anything else. Now ErikAlbert lists several aspects. Should any go in the table (i.e. are they important and can they be quantified?) It seems to me that many can be quantified though some could be considered trivial (in the overall picture thus possibly obscuring the big picture).--Ikester 01:48, 4 December 2005 (EST)
Yes I think some of the points i list are trival, but what is trival for me , might be important for you. Hence the need for discussion --Erikalbert 05:04, 4 December 2005 (EST)
I'm wondering if any of these uncertainties should be put to users in a poll? --Ikester 13:44, 4 December 2005 (EST)

Just thought I might mention the results of other security programs in detecting my zipped trojan file: Negster22 15:16, 6 December 2005 (EST)

Do enlighten me how *one* trojan file has any particular relevance at all to the possible effectiveness of antiviruses? Surely even you aren't so naive. --Erikalbert 11:17, 7 December 2005 (EST)
a-squared - no detection
TrojanHunter - no detection

Seems ironic that these two dedicated trojan scanners were unable to pick up the trojans while the AVs and ewido did a overall excellent job. (both were updated as I have the registered version of TH) Negster22 15:16, 6 December 2005 (EST)

Here's where an understanding of the different meanings of the word 'trojan' comes in handy. If bitdefender's detection can be relied on, it's actually a trojan dropper that drops adware. By and large, traditional AntiTrojan like the now defunt TDS3 and trojan hunter are used to handle trojan droppers for backdoor, rootkit type malware (backoffice,optix,Beast etc), if ir was one of these, I'm confident they would do well. Altough nowadays they claim they handle adware type too, though I'm not that convinced. Ewido on the other hand in addition to this has always being strong on adware (see their page where they explictly mention they handle it). IMHO A-squared free is pretty much useless. The author has in fact admitted more than once online the scanner is a 'gimick' (on wilders I think for one) compared to Ewido. The value of A2 squared comes from it's IDS type guard, but that isn't available for free. --Erikalbert 11:17, 7 December 2005 (EST)


ewido security suite - Trojan.Zapchast, Trojan.LowZones.a

Here's the jotti results:
AntiVir - Found Dropper/Zapchast.A.52
ArcaVir - Found Trojan.Dropper.Yea
Avast - Found Win32:LowZones-M
AVG Antivirus - Found nothing
BitDefender - Found Trojan.Bat.Zapchast.D, HTML.MediaTickets.A, Trojan.WinREG.LowZones.A
ClamAV - Found nothing
Dr.Web - Found Trojan.DownLoader.1844, Trojan.LowZones
F-Prot Antivirus - Found nothing
Fortinet - Found W32/Winreg.A-tr
Kaspersky Anti-Virus - Found Trojan.BAT.Zapchast, Trojan-Clicker.JS.Linker.j, Trojan.WinREG.LowZones.a
NOD32 - Found Win32/Adware.MediaTickets.downloader application, Reg/LowZones.A
Norman Virus Control - Found nothing
UNA - Found nothing
VBA32 - Found Trojan-Clicker.JS.Linker.j, Trojan.WinREG.LowZones.a
--Negster22 15:16, 6 December 2005 (EST)
What's jotti? --Ikester 16:42, 6 December 2005 (EST)
Jotti is an online scan service which allows you to upload a single file (at a time) for analysis by all the AV scanners listed above. There is a 15 MgB per file size limit and the defs are updated hourly. Here's the link to the Jotti multi Antivirus scanner--Negster22 21:41, 6 December 2005 (EST)
I would caution against assuming that Jotti results will match up against actual performance.

For one thing it uses linux versions of scanners, in many cases this will make little difference in detection but for some like AVAST it will make a big difference. Virustotal might be a better bet to avoid this though as other disadvanatges (file size for one). But even then I wouldn't dare to make any guesses on how good scanners are by using online scans only --Erikalbert 11:17, 7 December 2005 (EST)
Added www.virus.gr Aug 2006 results to the mix.--Negster22 02:33, 14 September 2006 (EDT)
_______

What really matter in an antivirus. What features should we list?

I think we should be very careful and selective in choosing what citeria we want to list.

As an aside, IMHO 'Can scan archives/nested archives on demand' should be yes for all. Disinfect is a different matter, but IMHO not a big deal. Since you can just delete the whole thing if you want. Or better yet just extract it yourself and remove the offending file. --Erikalbert 04:41, 3 December 2005 (EST)

Scan is yes for all, disinfect is not (I corrected that in the table). AVG requires you to manually delete the file. Not desirable for a newbie, especially if "display hidden filles and folders is switched off". What we are trying to do is make a table of key features that a novice ->intermediate user might consider to be important. I would bet, most users just leave their AV on the default settings, so we have to keep who we are addressing in mind.--Negster22 11:10, 3 December 2005 (EST)

Here I list a number of features you might want to consider.

Some things to ponder.

1. The original article now says all 3 reports uninamously rank detection rates in that order, but this may change in the future. Not to mention reports which may rank them differently.--Erikalbert 04:41, 3 December 2005 (EST)

Point taken, and this can change anytime and be updated. That is the nature of the wiki.--Negster22 11:25, 3 December 2005 (EST)
A much smarter way would be to not say anything and let the results speak for themselves. Also an indication for the date on which the results were released will also help aid decision. --Erikalbert 11:53, 7 December 2005 (EST)

2. Is this page only going to list AVG,AVAST,Antivir? Also does it make any sense to list citeria that are all 'yes' for all three, or all 'no' for all three?--Erikalbert 04:41, 3 December 2005 (EST)

We are listing the top three free AVs. Why what did you have in mind to add? Yes, if the criterion is an important feature, then users will wonder about it, if it is not included. User friendliness - I don't know what to say about that. That is subjective in that some people like a lot of glitz and some like to get to the point without wading thru it. --Negster22 11:25, 3 December 2005 (EST)

3. As far as I see it, the citeria we list can be listed for 2 reasons. One shows customisability (eg skinnable, ability to set realtime scanner to exclude certain directores etc), another shows outright scanning detection ability (packers, memory scan) --Erikalbert 04:41, 3 December 2005 (EST)

Can be customized is important to some, but to most novice ->intermediate users, setting an AV to scan a particular directory is rarely used. Single file scanning on demand via the context menu is though but that is a given for any AV.--Negster22 11:25, 3 December 2005 (EST)

The problem is everything cannot be put in table form, so perhaps a good method would be to write a summary about each AV, mentioning items that don't quite fit in table format or of secondary consideration, but it must be kept simple. Features such as cookie/spyware scanning, ability to scan in safe mode, even portability (can it be run from CD)--Negster22 11:35, 3 December 2005 (EST)

Good point. I'll link each AV to it's own section. We could could also better explain any capabilities compared in the table to a section explaining the relevance of that comparison criteria. --Ikester 12:42, 3 December 2005 (EST)

Effectiveness of Realtime scanners, which of this should be used?

1. Scan archives (zip,rar etc)
2. Scan packers (UPX)
3. On execution
4. On read/write/creation
5. Scan using heuristics
6. Block script files
6. Customised directories not to scan
7. Customised file sizes not to scan
8. Customised extensions to scan
9. Scan of floppy,cd,network drives
--Erikalbert 04:27, 3 December 2005 (EST)

Effectiveness of email scanner

1. transparent proxy scanner or not
2. scan incoming and outgoing mail
3. The rest same as above.
--Erikalbert 04:27, 3 December 2005 (EST)

Effectiveness of scanners in general

1. Types of archives scanned including specific mail archives mbx etc
2. Types of packers scanned

The first two might or might not be interesting to a newbie. --Erikalbert 05:26, 4 December 2005 (EST)

3. Number of nested levels it scans for archives
Erikalbert 04:27, 3 December 2005 (EST)

Suppose you test this then. (lol)--Negster22 11:45, 3 December 2005 (EST)
This one is actually fairly easy to check compared to some of the other citeria I have listed. LOL.--Erikalbert 05:26, 4 December 2005 (EST)

4. Memory scanner (not process module memory scanner)
5. Scans spyware/cookies etc
Erikalbert 04:27, 3 December 2005 (EST)

Let's hope the user has other products (AS apps) installed for this so it is not that critical--Negster22 21:51, 3 December 2005 (EST)

6. Scans NTFS
--Erikalbert 04:27, 3 December 2005 (EST)

(don't you mean ADS?)--Negster22 11:45, 3 December 2005 (EST)
Yes I mean ADS. Though now that you mention it, all antiviruses do both NTFS and FAT right? --Erikalbert 05:26, 4 December 2005 (EST)
Or do you mean scans NTFS from a rescue disk?--Negster22 22:54, 3 December 2005 (EST)

Updater citeria

1. Allows use of proxy.
2. Allows incremental signature updates
3.
--Erikalbert 04:27, 3 December 2005 (EST)

Misc

1. Adds scan to explorer context menu
2. Allows scan on boot scan
--Erikalbert 04:41, 3 December 2005 (EST)

Important but are newbies going to understand the signifigance of this? Maybe mention in text summary.--Negster22 22:00, 3 December 2005 (EST)
Compared to some of the other entries on the list, this one is actually pretty easy to understand.--Erikalbert 4 December 2005 (EST)

--Erikalbert 05:26, 4 December 2005 (EST) 3. Allows scan on networked drives,CD,floppies
3. Runs in safe mode.--Erikalbert 04:41, 3 December 2005 (EST)

Agree - Added to table--Negster22 22:05, 3 December 2005 (EST)

4. Specialised scanner for IM , P2P or HTTP scanner
--Erikalbert 04:41, 3 December 2005 (EST)

Avast has IM/P2P module incorporated into their guard, but is this really unique or is it hype--Negster22 21:54, 3 December 2005 (EST)
Well it's an aspect of real time scanner. Say you download some zipped file malware.zip inside which is malware.exe. --Erikalbert 4 December 2005 (EST)

Real time scanner A scans archives (and obviously all files created), so it detects it the moment you download malware.zip. Real time scanner B doesnt scan archives, but scans new files when they are created or written, so the moment you unzip the file malware.zip to get malware.exe , Scanner B detects it. Real time scanner C doesn't scan archives, doesn't scan new files when created, but only scans them on execution. So the moment you click on the unzipped file malware.exe to run it, it's detected.

In all cases, the user is protected. So is this hype? Or is any of this important enough to list?

A realtime scanner D with special support for IM, HTTP or the more commonly available email support works even earlier then A,B,C. It will detect the malware even before any of the above scanners A,B,C (in this case we have to assume it also does archives). Roughly speaking it has an understanding of the protocol (HTTP,POP,SMTP whatever) that it is scanning so it can scan the file as it comes in, maybe before it even hits the hard-disk.

Is this hype? I leave it to you to decide. -Erikalbert 05:26, 4 December 2005 (EST)

The bottom line is "are you ultimately protected from infection, in all cases". If the answer is yes, then I don't see a point in mentioning that in particular, but I personally would want it stopped the instant it is unzipped or before. It is a compromise between resource drain and nipping it in the bud.--Negster22 12:45, 4 December 2005 (EST)
I know you have reserved the right to speak for everyone in particular beginner and intermediate users and what they would or would not find useful, but even then, I find your assertion here unconvincing and somewhat conflicting. And no offence Negster but I find it tiresome to keep reading your assertions about what feature or info everyone else would find useful or that your view on userfriendlinesse or compromise is the senisble one. For the record an intermediate user like myself disagrees. --Erikalbert 04:05, 5 December 2005 (EST)
Interesting discussion. Actually I expect this could be important to many users. For example some folks strenuously object to turning off email scanning -- even for testing purposes -- though they are protected by the real-time monitor. Maybe it's because they don't fully appreciate the complexities but it would be good to lay that out for them. ErikAlbert could you write something that would explain these different ways an AV might operate? --Ikester 13:55, 4 December 2005 (EST)
I'm afraid I must decline on three reasons
1. I'm hardly qualified, one of the real experts here who are trained in HJT analysis and malware removal would certainly not want someone like me to mislead everyone. --Erikalbert 04:05, 5 December 2005 (EST)
Well we have Negster right here to set us straight if that were to happen. --Ikester 08:49, 5 December 2005 (EST)
I'm sure he would. ;) LOL --Erikalbert 09:44, 6 December 2005 (EST)
2.Though such information while interesting , may legimately in the view of many to be too much information. Apparantly this wiki is meant only for people who want to know the minimal amount to protect themselves. IE The people who used to read the instructions on HJT malware removal, then get a canned speeach on protecting themselves, now are pointed here. I suppose these people won't be interested at all in such information. I was working under the mistaken impression that the wiki was meant to be more then that. For people who for want of the better term are security hobbyists. People who might be interested to learn more. As such I'm only minimally interested in this project now. --Erikalbert 04:05, 5 December 2005 (EST)
I dunno why you say that. I've been attempting to help you along here. You've certainly raised lots of "yeah buts" and I've been attempting to address each one. In fact my request to which you are responding is for details which the average person may not need but would be good to know for some. I'm not sure what else you want. This wiki can support a range of purposes. Have a look at the vision statement. --Ikester 08:49, 5 December 2005 (EST)
I'm not talking about you, and no offense, you hardly count as one of the Powers that be. Among those people, if you take their comments as a whole, you can see I'm right about the direction this wiki is meant to go.
3. This is a matter involving some unpleasantness on the forums. --Erikalbert 04:05, 5 December 2005 (EST)
Unpleasantness at the forums? This from you??? --Ikester 08:49, 5 December 2005 (EST)
LOL With such a response, you make me feel *so* welcome . :) --Erikalbert 09:44, 6 December 2005 (EST)
Erik you've been participating a lot in the wiki, that ought to make you feel good. Its all about helping others. --Paul 10:28, 6 December 2005 (EST)

5. Skinnable
6. Alerts via email,messanger service
--Erikalbert 04:41, 3 December 2005 (EST)

Documenting technical details

Wouldn't all these itemized comparison aspects be better placed directly into the table? --Ikester 12:42, 3 December 2005 (EST)
Maybe not in a basic feature table or it's possible the user will be overwhelmed and tune out. It's probably best to have the basic table and then maybe a specialized feature table? I just don't want to turn off those people with no AV that we are trying to help.--Negster22 22:05, 3 December 2005 (EST)
Sorry missed your comment here. I agree. I'll add a "Technical Comparison" table. --Ikester 02:02, 4 December 2005 (EST)
I've structured a table but I'm not sure what details may have to be included. Could we get a few examples of the sort of details that should be included? --Ikester 14:41, 4 December 2005 (EST)
Ike you did a good job on the tech table, but when I look at it the first thing that comes to my mind is "who is going to fill this out"? I think all those tech details may be out of the realm of what we are attempting to accomplish. I think we should just stress those basic features that would be of a concern to most users. What do you think?--Negster22 02:02, 5 December 2005 (EST)
See my comments above to ErikAlbert. But just to extend to your concern, there's nothing saying we have to keep everything on the same page. If we manage to get the tech table filled out, it can be placed as a reference document. If no one cares to flesh it out, we'll just drop it of course. --Ikester 08:58, 5 December 2005 (EST)
IMHO this whole technical section should be on another page. Otherwise the page is going to be bogged down. For example there can be a basic antivirus comparison page and an advanced comparison page. Still, I suppose currently, the page has a strange mix of citeria anyway, i doubt beginners will have a clue what 'Guard can scan read time archive/nested archives' whatever that means. The Guard is by definition real time I thought? Or do you mean packers/real time compressors etc. --Erikalbert 11:46, 7 December 2005 (EST)
I just took your earlier comments to form the "technical comparison" table structure. Change it as you see fit. For the first table, I've added links to sections where an explanation can be placed. I (or you) could do the same for the second. Again, if there's something not right, then fix it. --Ikester 14:47, 7 December 2005 (EST)
Hi there, great job guys :) I was just wondering, as the point was touched on, would it be worth adding a 'Glossary' page/section that explains some of the technical terms such as 'nestled archives' for example? It would aid clarity, not to memntion help those who may have only a basic knowledge but wish to 'educate' themselves further :) I broke my Wiki duck ;)--HappyShiner 19:26, 12 December 2005 (GMT)
A glossary is a great idea!!! why didn't I think of that? I'll start work on one over the weekend covering terms some people throw around when talking comp security, assessment of security software etc. Maybe I will do an FAQ about antivirus covering some of the issues, along the same lines as the HIPS FAQ ... --LU 04:51, 14 September 2006 (EDT)
Hi Michael, nice to see you actually posting here! Thanks for you comments and they are spot on. The page is still under construction, and it definitely will have a more organized look before the final release. We do need to clarify what that phrase means as well as what relevance it has to the user in terms of their infection vulnerability. I believe Ike did that to some degree already. I also plan to include a text summary in addition to the table, because not everything of importance lends itself to being condensed into table format. Our finished product should be a lot more polished and informative than the current state. We do not want to lose the newbie users and consider it very important to familiarize them with the different features which can distinguish AVs. This way they will be able to able to make a more informed decision when choosing a product for their PC.--Negster22 19:21, 12 December 2005 (EST)

Adding Comments

Folks, please consider how your comments are going to look to someone else coming in wanting to understand background. To that end please:

  1. at least sign each section you submit, even if you submit several sections at once.
  2. When injecting comments into text, please copy the sig/timestamp from the end of that person's comments to immendiately above the comments you are going to insert.
--Ikester 12:18, 3 December 2005 (EST)
How'd I do?--Negster22 21:51, 3 December 2005 (EST)
Lookin' good Negster! Even added your own section to emphasize a point.  ;) --Ikester 01:53, 4 December 2005 (EST)

Finishing the Article

I wanted to finish this article. Since, it is really aimed at beginner to intermediate (at most) users that need to consider which free AV is best for them, I think the empty table of more technicial features can be removed. Does anyone object to this? Either that or let's move it to an empty page for storing. Then we just have to fill out the features of AntiVir and AVG a bit more. I am going to start on AntiVir next. --Negster22 19:39, 28 February 2007 (EST)

Kill it. Start work on the firewall comparison.--LU 22:02, 28 February 2007 (EST)
Let's do what we did for the MRP procedure -- archive this article and duplicate it as the tentative production version. -- I'll do so now. --Ikester 00:08, 1 March 2007 (EST)

BTW, any thoughts as to other articles that could/should accompany this one to form a "malware product comparison" series? --Ikester 00:08, 1 March 2007 (EST)


Don't make any further changes here. The intent is that this be the archived article and that further work be continued at AntiVirus Comparison.
Retrieved from "http://wiki.castlecops.com/Talk:AntiVirus_Comparison_-_Initial_Cut"
Personal tools