VB100 comparative review on Windows 2008 Server R2

Main version: 4303.670.1908

Update versions: N/A

Agnitum’s Outpost was a stalwart participant in our tests for many years, before skipping a few tests while the engine’s ownership transferred from the now-defunct VirusBuster to Agnitum’s own control. The product returned strongly in the last test though, achieving certification once again, and now it comes back for more.

The product interface is clean and crisp, with a good clear layout and a reasonable set of controls that go a little further than the basics. Scanning speeds were a little slow initially but sped up nicely in the warm runs. On-access overheads likewise were a little high initially, but also showed some good improvements. RAM use was a little high, CPU use reasonable, but our set of activities took considerably longer to complete than the control measure.

Detection was reasonable – better over older items and dropping quite sharply into the proactive week of the RAP sets. The WildList set was fully covered though, and with no problems in the clean sets either a VB100 award is well deserved.

Having taken almost a year off, Agnitum only has two entries in the last six tests, both of which are passes, with five passes and one fail from six entries in the last two years. No bugs were observed, and Agnitum earns a Solid rating for stability.

ItW Std: 100.00%

ItW Std (o/a): 100.00%

ItW Extd: 100.00%

ItW Extd (o/a): 100.00%

False positives: 0

Stability: Solid

Main version: 8.0.1490

Update versions: 130821-0, 131015-0, 131022-0, 131027-1

A very regular entrant, Avast hasn’t missed a VB100 comparative since 2007, and has maintained an impressive level of passes as well as keeping the lab team happy with good design and reliable performances.

The current File Server product doesn’t feel too different from desktop variants, offering a very rapid install complete with smiley face at the end. The layout is clear and attractive, with a thorough range of options presented in an intuitive manner. The interface remained responsive throughout testing.

Scanning speeds were not the zippiest but remained very constant throughout multiple runs, and while on access lag times look very low with the default settings, this is due to the product only scanning a limited set of file types on-read; with the settings turned up to match those of most other products, the lags increase a little but remain pretty decent. RAM use was low, CPU use OK, but our set of activities took an unexpectedly long time to complete – a little over double the baseline measure.

Detection rates were strong, remaining very steady through the days of the Response sets and not dropping too steeply through the RAP sets either. The certification sets presented no problems, and Avast earns another VB100 award comfortably.

Having not missed a test for some time, Avast stands on five passes and one fail in the last six tests; ten passes and two fails in the last two years. Stability was flawless, earning a Solid rating.

ItW Std: 100.00%

ItW Std (o/a): 100.00%

ItW Extd: 100.00%

ItW Extd (o/a): 100.00%

False positives: 0

Stability: Solid

Main version: 2013.0.3392

Update versions: 3211/6590, 2013.0.3408 3222/6752, 2013.0.3426 3222/6773, 3222/6796

AVG’s latest editions have given us some trouble of late, with unreliable logging and some very strange system instability having been observed last time around.

The set-up process isn’t too lengthy, and updates were generally fast too, although on some occasions they failed to complete. We also noted that the product claimed to have successfully updated even when there was no network access. The interface is pleasant and usable, with a good selection of controls.

Scanning speeds were pretty good, and overheads pretty light, at least with the default settings. Resource use was low, and our set of tasks completed in reasonable time. Detection rates proved harder to gather, with logging once again highly unpredictable and seemingly unable to cope properly with more than a handful of alerts to report. We also saw scans crashing the entire system repeatedly (as far as we could tell simply from over-exertion), and all but the smallest of detection measures had to be split into the smallest possible chunks to gather any data at all.

Once the data had been gathered, detection proved mostly good, dropping off fairly steeply into the proactive week of the RAP sets but with full coverage of the WildList set (as we would expect). With no more than a few warnings about corrupted files and possible XML bombs, the clean sets were well handled too, thus earning AVG a VB100 award.

This vendor’s test history is also fairly complete, and again shows five passes and one fail in the last six tests; ten passes and two fails in the last two years. Stability was badly hit by some serious issues once again, with the product earning only a Buggy rating and not far off falling into the dreaded Flaky category.

ItW Std: 100.00%

ItW Std (o/a): 100.00%

ItW Extd: 100.00%

ItW Extd (o/a): 100.00%

False positives: 0

Stability: Buggy

Main version: 13.0.0.3736

Update versions: 8.02.12.106/7.11.97.166, 13.0.0.4052 8.02.12.130/7.11.108.10, 13.0.0.3736 8.02.12.132/7.11.109.28, 8.02.12.134/7.11.109.218

Avira missed a few tests around the turn of 2012–2013 thanks to issues with Windows 8 support, but has returned strongly, maintaining a good record of passes dating back to 2009.

The business product makes use of the MMC system for its interface, but installation is fast and simple, requiring a reboot to complete. The layout is not the most intuitive but is fairly usable after some acclimatization, with a thorough set of controls provided.

Scanning speeds were OK, overheads a little on the high side initially but tending to speed up nicely in the warm runs. Resource use was low and the speed with which our set of tasks was completed was pretty zippy too.

Detection was very good, with strong scores throughout, and even the proactive week of the RAP sets well covered. The core sets presented no problems, and a VB100 award is easily earned by Avira.

That puts the vendor on four passes from four entries in the last six tests; ten from ten in the last two years. A couple of very minor glitches were observed, and the product comfortably falls into the Stable category.

ItW Std: 100.00%

ItW Std (o/a): 100.00%

ItW Extd: 100.00%

ItW Extd (o/a): 100.00%

False positives: 0

Stability: Stable

Main version: 5.1.4.223

Update versions: 7.49632, 7.50910, 7.51071, 7.51173

Bitdefender enters this month’s review riding a wave of successes dating back to 2010, and will surely be hoping to maintain its string of passes.

The Endpoint product comes with minimal opportunities for user interaction, having been designed to be controlled by a central administrator. Set up is thus unsurprisingly fast and simple, and the basic interface provides little more than information, although the user can at least initiate scans.

Scanning speeds were not bad, although they lacked the optimization in the warm runs we have come to expect, and on access overheads were pretty high, especially in the archive sets. Resource use was not too high, but our set of tasks did take rather a long time to get through.

Detection rates were excellent though, with even the proactive part of the RAP sets well covered. There were no issues in the WildList or clean sets, and Bitdefender earns another VB100 award, maintaining its streak and remaining on 12/12 in the last two years. An absence of instability issues means it also adds a Solid rating to the trophy cabinet.

ItW Std: 100.00%

ItW Std (o/a): 100.00%

ItW Extd: 100.00%

ItW Extd (o/a): 100.00%

False positives: 0

Stability: Solid

Main version: 13.0.261.9

Update versions: 7.49629, 13.0.263/7.50912, 13.0.264/7.51072, 7.51196

The first of many products this month that include the Bitdefender engine, BullGuard is a well-established brand with a strong history in our tests.

The set up is very simple and the GUI also fairly pared down, but there are some reasonable controls available for those who seek them out.

Scans started off rather slow, but the product blasted through the test sets in the warm runs. Overheads started off fairly reasonable and also sped up in the warm runs. Resource use was reasonable, and our set of tasks didn’t take too long to complete either.

Detection, as expected, was very strong indeed, with good scores across the board. The certification sets were well handled, with just a single item in the Extended WildList ignored on access due to its large file size. A VB100 award is well deserved.

BullGuard opts out of our Linux tests, but otherwise has an exemplary record, with ten passes from ten entries in the last two years. No stability problems were observed this month, earning the product a Solid rating.

ItW Std: 100.00%

ItW Std (o/a): 100.00%

ItW Extd: 100.00%

ItW Extd (o/a): 99.91%

False positives: 0

Stability: Solid

Main version: 5.1.23

Update versions: 5.4.2/201308211438, 201310211538, 201310231229, 201310300940

Commtouch comes into this comparative hoping to break a run of bad luck with false positives stretching back a full year. The product hasn’t changed much in some time, offering a fairly simple install process which completes rapidly with no need for a restart, and a pared down, rather old fashioned-looking interface which manages to provide a reasonable set of controls under its simple covers.

Scanning speeds were sluggish and overheads distinctly high. RAM use was low, CPU use a little high, and our set of tasks took an age to complete – more than six times the baseline measure.

Detection was a little mediocre in the RAP sets, but judging by the strong Response scores, this is likely to have mainly been due to the absence of the product’s cloud look up system in the RAP test. The WildList set was well covered, but in the clean sets once again a false positive spoiled Commtouch’s chances of a VB100 award – a component of the Git version control software was alerted on. This was an improvement on recent tests, however, and a narrow miss.

Commtouch’s recent test history is disappointing, with five fails from five attempts in the last six tests, all attributable to false alarms. In the longer term, we see two passes and eight fails in the last two years. We did see some freezing of the GUI when scanning large infected sets, but no other problems, so the product earns a Stable rating.

ItW Std: 100.00%

ItW Std (o/a): 100.00%

ItW Extd: 100.00%

ItW Extd (o/a): 100.00%

False positives: 2

Stability: Stable

Main version: 8.1.0.4

Update versions: 10,462,652, 8.1.0.19/10,893,777, 10,994,690, 11,039,415

Emsisoft’s flagship product switched to the Bitdefender engine not so long ago, and has built up a healthy string of successes over the past year. The installation process is a little lengthy and involved, but eventually completes to provide a pleasantly clean and simple interface, which has a few quirks but is pretty easy to navigate and operate.

Scanning speeds were on the slow side, and overheads may appear low compared with most other products this month, but unlike most there is no on-read protection by default here. This also impacted our resource use measures, which look pretty low, but should have had less of an effect on our set of activities, which turned out fairly average.

Detection rates were well up with what we would expect from the Bitdefender engine, with good coverage throughout. The clean sets were handled well, as were the WildList sets on demand, but the on-access measures were much more problematic, with protection failing several times, and other attempts ending with freezes and even total hangs of the test machine.

In the end, we were forced to slow down the rate of file opening, leaving a pause of a few seconds between each to give the product time to draw breath and collect itself. This proved enough to nurse it through the small sets, with only a few misses still noted in the Extended WildList, coverage of which is not required on access, and a VB100 award is earned.

Emsisoft now has five passes from five entries in the last year, only missing out on our annual Linux test. Longer term things are not so good, with six passes and two fails in the last two years, but the change of engine has clearly had a positive impact. Stability was a little shaky, with numerous headaches in the on-access tests, earning Emsisoft no more than a Fair stability rating.

ItW Std: 100.00%

ItW Std (o/a): 100.00%

ItW Extd: 100.00%

ItW Extd (o/a): 99.34%

False positives: 0

Stability: Fair

Main version: 14.0.1400.146

Update versions: N/A

Another devotee of the Bitdefender engine, eScan has been using it rather longer. Once again, installation is fairly lengthy, with updates also taking some time, and as observed in recent tests, the redesigned GUI is dark, with grey text on a black and dark green background. This makes it a little hard to see what’s going on; it also suffers from sluggishness, with update details remaining frozen after a successful update, only changing when the GUI is restarted. There is a good level of configuration available though, in a rather more responsive and visible form.

Scanning speeds were pretty slow, with some improvement in some of the warm runs, but nothing exceptional. Overheads were distinctly high in all areas except the set of archives, which are not investigated in any great depth. Resource use was very low, but our set of tasks took quite a while to complete.

Detection was good though, with decent scores everywhere, and with no issues in the certification sets a VB100 award is earned without too much effort. Our test history for eScan shows an exemplary 12 passes in the last two years; stability this month was decent, with just a few very minor issues in the GUI responsiveness, earning the product a Stable rating.

ItW Std: 100.00%

ItW Std (o/a): 100.00%

ItW Extd: 100.00%

ItW Extd (o/a): 100.00%

False positives: 0

Stability: Stable

Main version: 5.0.2214.4

Update versions: 8711, 8923, 8953, 8974

Another product with a flawless record, ESET’s run of VB100 certifications dates back many years. The vendor’s latest product runs through a standard set up process, completing rapidly with speedy updates too, once a licence key has been applied. The interface is slick and professional, with a thorough set of controls, and seemed both easy to navigate and responsive under stress.

Scanning speeds were OK initially and very fast indeed in the warm runs, with very light overheads. Resource use was low and our set of tasks ran through rapidly. Detection was pretty good, very steady through the Response and the reactive parts of the RAP sets, and remained decent into the proactive week too. The WildList and clean sets were handled well, and yet another VB100 award goes to ESET.

The vendor’s test history shows no missed or failed tests in the last two years, 12 passes out of a possible 12, and with no stability issues to report a Solid rating is well deserved.

ItW Std: 100.00%

ItW Std (o/a): 100.00%

ItW Extd: 100.00%

ItW Extd (o/a): 100.00%

False positives: 0

Stability: Solid

Main version: 2.5.0.23

Update versions: 13.3.21.1/507649.2013082115/7.49637/9752153.20130821, 13.3.21.1/513150.2013101713/7.50933/10150016.20131017, 13.3.21.1/513907.2013102515/7.51097/10222737.20131017, 13.3.21.1/514272.2013103011/7.51201/10254147.20131030

Returning to our Bitdefender theme, ESTsoft’s ALYac has a somewhat unpredictable history in our tests, with some entries storming through everything and some riddled with bugs. Set up is fairly simple and fast, but updates took some time. The interface is a little unusual and prone to confusion, but is reasonably well stocked with controls.

Scanning speeds were pretty good to start with and improved a little in the warm runs, overheads likewise started reasonable and improved greatly. Resource use was low, and impact on our set of activities not bad either. Detection was a little behind the pace set by some other Bitdefender-based products in the RAP sets but kept up well in the Response sets, indicating that the problem was with the timing of the version submitted rather than the live updates available, and even with the older data was still very good indeed.

The WildList sets proved no problem, and there were no issues in the clean sets either, earning ESTsoft another VB100 award, putting it on three passes and one fail in the last six tests; five passes and two fails in the last two years. There were a number of stability issues this month, including problems with the logging system exporting blank files, scans claiming completion when only part of the target folder had been checked, and other scans freezing up when trying to examine large sets of samples. Thus only a Fair rating is earned.

ItW Std: 100.00%

ItW Std (o/a): 100.00%

ItW Extd: 100.00%

ItW Extd (o/a): 100.00%

False positives: 0

Stability: Fair

Main version: 5.0.5.308

Update versions: 5.146/19.064, 5.147/20304, 5.147/20.340, 5.147/20.383

Fortinet has been putting in some very strong performances of late. The current product sets up fairly easily but takes some time to update, with the process failing on occasion too. The interface is pretty basic, with many settings applied by loading a configuration file supplied by the developers, but it is fairly simple to operate.

Scanning speeds were not the fastest for the most part, with some sets rather oddly being scanned much more quickly on the first attempt than in subsequent retries. Lag times were a little on the high side initially, but showed some good improvement in the warm runs. Resource use was not bad, and our set of tasks was completed in reasonable time.

Detection was excellent, challenging the leaders in all our measures, and the certification sets presented no difficulties either, comfortably earning Fortinet a VB100 award. With no fails in the last two years, the vendor stands on ten passes from ten entries, having missed only our annual Linux tests. There was a single very minor issue, the failed updates, and a Stable rating is earned.

ItW Std: 100.00%

ItW Std (o/a): 100.00%

ItW Extd: 100.00%

ItW Extd (o/a): 100.00%

False positives: 0

Stability: Stable

Main version: 10.00 build 152

Update versions: 9.50 build 19221

F-Secure’s server product is a little different from its desktop variants, and is controlled mainly from a web console. The installation is a bit of a pain, requiring two reboots for some reason, and as usual updating is slow and unclear, with several misleading indications that everything is complete countermanded by information displayed elsewhere.

The interface is fairly clear and usable though, with not too much of the lagginess or instability often encountered with web consoles, and it provides a reasonable set of controls. Logging remains rather odd, with scan results written to an HTML file at the end of a job, overflowing to a text file if too many detections are observed. These files are overwritten by each subsequent scan, which is perhaps acceptable for a home user with no need to keep track of things, but seems inappropriate at best in a server setting.

Scanning was pretty fast to start with and very rapid indeed in the warm runs, while overheads were reasonable with the default settings but increased greatly with the settings turned up to cover more than the basic set of file extensions. RAM use was average, CPU use fairly low, and our set of tasks got through in decent time.

Detection was excellent in the Response sets; no updates were provided on the deadline so RAP scores could not be measured, but we would expect them to closely mirror those of other products that use the Bitdefender engine. The certification sets were dealt with well and a VB100 award is earned.

The test history for F-Secure’s main product line now shows four passes and two fails in the last six tests; six passes and three fails in the last two years. There were a few minor problems to note, including some log flakiness and problems navigating the interface, but a Stable rating is awarded.

ItW Std: 100.00%

ItW Std (o/a): 100.00%

ItW Extd: 100.00%

ItW Extd (o/a): 100.00%

False positives: 0

Stability: Stable

Main version: 12.0.0.239

Update versions: AVA 22.11939/AVL 22.1914, AVA 22.13261/AVL 22.2024, AVA 22.13407/AVL 22.2037, AVA 22.13528/AVL 22.2049

G Data provided us with a full blown server solution. Set up includes installation of an administration console, and client protection is either deployed from there or put in place manually and connected to the control system. This takes a little time and requires the .NET framework, but with some practice it becomes a fairly painless task. Updates were a little unpredictable, with some taking moments and others more than ten minutes, perhaps depending on internal schedules.

The controls are fairly usable and provide a good degree of fine-tuning, with many of the settings initially blocked for the end-user, but they can be granted more permissions easily. Scans ran through rather slowly, with none of the optimization in the warm runs we would normally expect, and overheads were rather heavy too. RAM use was high, CPU use a little above average too, but we did have the administration suite installed on the test system. Our set of tasks were slowed down noticeably, taking more than twice as long as our baseline measures.

Detection was stellar though, with superb scores everywhere, even the proactive week of the RAP sets very well handled. The core sets were dealt with easily too, and a VB100 award is well deserved. G Data’s history is solid, with four passes from four entries in the last six tests; nine passes from nine entries in the last two years. No stability issues were noted, earning the product a Solid rating.

ItW Std: 100.00%

ItW Std (o/a): 100.00%

ItW Extd: 100.00%

ItW Extd (o/a): 100.00%

False positives: 0

Stability: Solid

Main version: 2.2.29

Update versions: 1.43/84979, 85493, 85557, 85592

Ikarus has a rather unpredictable history in our tests, with detection rates always strong but often tempered by a tendency to false alarm. The set up process is rather fun, as the .NET framework is required and the installer offers to set it up for you (from a copy included in the install bundle), requesting a reboot to complete this task. However, as on this platform such changes can only be made from the integrated role management system, the framework is not installed, and the Ikarus installer thinks it needs another try, resulting in another reboot. With .NET put in place before the set up is initiated, all runs nice and smoothly though. Updates were mostly fast, although they failed to compete properly on some occasions.

The product GUI is simple and fairly basic but provides a reasonable set of controls, proving responsive for the most part even under heavy stress. Speeds were on the slow side on demand, overheads pretty heavy on access, with RAM use a little below average, CPU use a little above, and a reasonable time taken to complete our set of tasks.

Detection was mostly excellent, tailing off slightly into the more recent sets, and the WildList set was covered well too. For a change, scanning of the clean sets proved uneventful and Ikarus earns another VB100 award.

The vendor now has three passes and two fails from five entries in the last six tests; five passes and four fails in the last two years. There were a few tiny issues, including the install confusion, earning the product a Stable rating.

ItW Std: 100.00%

ItW Std (o/a): 100.00%

ItW Extd: 100.00%

ItW Extd (o/a): 100.00%

False positives: 0

Stability: Stable

Main version: 8.0.0.559

Update versions: N/A

There are three products from Kaspersky this month, starting with the vendor’s corporate anti-virus offering. The set up process includes installation of the anti-virus client as well as a set of administration tools, and ran through in good time, although updates were a little on the slow side. Configuration is done via an MMC-based console tool, which is clear and pleasant to operate, providing the comprehensive set of controls one would expect in a business environment.

Scanning speeds were rather slow, but did eventually show some significant improvements in the later warm runs. Overheads were light though, with some good optimization again. RAM use was fairly high, CPU use a little above average – both of these most likely attributable to the administration system – and our set of activities ran through quite quickly. Detection was strong, tailing off only slightly into the more recent sets, and there were no issues in the certification sets (just a few warnings on remote access tools in the clean sets), thus earning a VB100 award for Kaspersky’s first offering this month.

Our test history for this product line shows five passes and one fail in the last six tests; ten passes and two fails in the last two years. There were no stability issues to report, and the product earns a Solid rating.

ItW Std: 100.00%

ItW Std (o/a): 100.00%

ItW Extd: 100.00%

ItW Extd (o/a): 100.00%

False positives: 0

Stability: Solid

Main version: 10.1.1.965

Update versions: N/A

Next up from Kaspersky is the Endpoint suite solution, which is fairly similar in user experience to most of the company’s recent desktop offerings. Set up is fairly straightforward, although once again updating takes quite a while. Configuration is pretty comprehensive, and reasonably easy to navigate.

Scanning speeds were rather slow in the archives and binaries sets, but better elsewhere, and again optimization didn’t seem to kick in until several steps into the warm runs. On access, things were good with the default settings and considerably slower with more thorough options enabled, as one would expect. RAM use was low and CPU use below average, with a decent time taken to complete our set of tasks.

Detection was very similar to the server product, starting strong and declining only slightly into the later sets, and again there were a couple of warnings in the clean sets but no false alarms. With full coverage of the WildList sets, another VB100 award goes to Kaspersky. The test history for the suite product line is rather sparse of late, with just this single entry in the last six tests, while the longer-term view shows four passes and one fail in the last two years. With no stability issues the product earns a Solid rating.

ItW Std: 100.00%

ItW Std (o/a): 100.00%

ItW Extd: 100.00%

ItW Extd (o/a): 100.00%

False positives: 0

Stability: Solid

Main version: 13.0.4.233

Update versions: N/A

The third offering from Kaspersky is a new one to our test bench: a small office suite aimed at businesses with only a handful of users to protect. In look and feel it’s not very different from some of the other products in the current Kaspersky range, although the colour scheme ditches the standard green for a more sombre and business-like grey. Installation is again fairly simple, updates a little slow. The interface is clear and simple to operate, with a solid range of options provided.

Scanning speeds were noticeably better than for the other two Kaspersky products tested this month, with optimization kicking in much more quickly and making the warm speeds lightning fast. Overheads were not so light initially, but the warm runs were very rapid indeed, and with low RAM use and medium CPU use, our set of tasks was completed quite quickly too.

Detection was again strong with just a slight decline into the last few sets, and the certification sets were covered flawlessly, easily earning SOS its first VB100 award. A single issue was noted, with one of the larger scans not quite completing happily, earning the product a Stable rating.

ItW Std: 100.00%

ItW Std (o/a): 100.00%

ItW Extd: 100.00%

ItW Extd (o/a): 100.00%

False positives: 0

Stability: Stable

Main version: 2013.SP4.0.031800

Update versions: 2013.SP5.0.101215, 2013.SP5.0.102316

Kingsoft re-emerged recently after a quiet spell at the end of last year, with a new engine and a new look, and has been doing pretty nicely since. The set-up is enlivened by a zippy timer bar, emphasizing the rapid pace of the install process. The interface is bright and shiny and appears to offer a wide range of features, although as it is only available in Chinese, it’s not entirely clear to us what many of these are. Updates were a little slow thanks to the distance between the test lab and the company’s servers.

Scanning was pretty quick to start with, and a little faster in the warm runs, while overheads were fairly reasonable. Resource use was around average, and our set of tasks ran through at a good rate. Detection was harder to measure, as logging was rather unreliable – truncated in some cases and completely absent in others. With much data missing, we did manage to obtain a usable set of figures for the Response tests, showing solid scores similar to those recorded for Avira (the vendor behind the main engine here), but the RAP test proved a no-go, with the product insisting it had the correct definitions installed but refusing to detect anything.

Fortunately there were no such problems in the certification sets, with the WildList sets well covered and no issues in the clean sets, earning Kingsoft another VB100 award. The vendor now has five passes from five entries since its reappearance in our tests a year ago. A number of problems with stability were noted, including the logging issues already mentioned and some other oddities which occurred when simply trying to rename log files, meaning only a Fair rating is earned.

ItW Std: 100.00%

ItW Std (o/a): 100.00%

ItW Extd: 100.00%

ItW Extd (o/a): 100.00%

False positives: 0

Stability: Fair

Main version: 4.3.215.0

Update versions: 1.155.2595.0, 1.161.159.0, 1.161.529.0, 1.161.971.0

Microsoft’s submission is the company’s corporate product, as befits a server platform, but in look and feel it is not very different from other parts of the Microsoft range such as Windows Defender. The install process is clean and clear, the interface likewise plain and unfancy, providing a basic set of options.

Scanning speeds were fairly high initially, but very fast indeed in the warm runs, with low resource use and a very low impact on our set of tasks. Detection was reasonable: very even through the Response sets and the reactive part of the RAP sets, but dipping somewhat into the proactive week. The WildList was properly handled though, and with no false alarms either a VB100 award is well deserved.

Microsoft’s business product line is not the most regular participant in our tests, with only two entries in the last six tests, passing on both occasions. Over two years, we see four passes from four entries. We noted a single issue on this occasion – the product’s history tab failing to show any detection information on occasion – earning it a strong Stable rating.

ItW Std: 100.00%

ItW Std (o/a): 100.00%

ItW Extd: 100.00%

ItW Extd (o/a): 100.00%

False positives: 0

Stability: Stable

Main version: 1.1.107.0

Update versions: 84947, 85536, 85564, 85607

MSecure’s product has a couple of VB100 test entries under its belt, and would have had more but for some communication issues which meant that submissions for the last few tests went missing. Fortunately, we spotted the issue just in time for this month’s comparative. The product install is very fast, with updates also extremely rapid, and the interface is a little simplistic and clunky, but provides some basic settings.

Scanning speeds were pretty slow, but overheads seemed very low indeed, as did resource use, and our set of activities completed fairly rapidly too. When it came to the on access detection tests, we spotted a likely reason for these unexpected numbers – the on access protection component was extremely unreliable, often working for only the first few samples in our WildList sets before simply shutting down. The test was repeated multiple times on different systems, using different approaches, but despite much effort we were unable to force detection of more than a handful of samples before things simply deactivated.

On-demand scanning was much more reliable, showing the excellent detection rates we expect from the Ikarus engine underlying things here, although the decline through the RAP sets was fairly steep. The WildList was well covered on demand, and there were no false alarms in the clean sets, but with the on access component failing to perform satisfactorily despite all our efforts, no VB100 award can be granted here.

MSecure’s test history shows three entries in the last six tests – one pass and two fails. There were some pretty severe stability issues this month, most but not all appearing under heavy stress, pushing our rating into the Buggy category.

ItW Std: 100.00%

ItW Std (o/a): N/A

ItW Extd: 100.00%

ItW Extd (o/a): N/A

False positives: 0

Stability: Buggy

Main version: 9.10

Update versions: 7.01.04, 7.02.06

A rather more long-serving participant in the VB100 tests, Norman is another of our most regular entrants. The current product sets up fairly rapidly, with fast updates too, but on opening the interface a string of error messages are presented, thanks to the GUI being based in the browser. With these ignored, the interface seemed to work OK, although we found it a little clumsy and lacking in useful controls.

Scanning speeds weren’t too bad; overheads were a little heavy to start with but sped up nicely. RAM use was fairly low, CPU use a shade above average, and our set of tasks got through nice and quickly. Detection was decent, with a noticeable drop into the more recent sets, but there were no issues in the certification sets and a VB100 award is earned.

Norman has been on something of a rollercoaster of late, with three passes and three fails in the last six tests; longer term things look better, with nine passes and three fails in the last two years. A few minor bugs were noted, all in the product interface and none of them affecting actual protection, thus the product just scrapes into the Stable category.

ItW Std: 100.00%

ItW Std (o/a): 100.00%

ItW Extd: 100.00%

ItW Extd (o/a): 100.00%

False positives: 0

Stability: Stable

Main version: 6.60.00

Update versions: 6.50.10.0000/6.70.00.0000

A rather less familiar face, Panda returned to the VB100 tests last year after a decade-long absence, and has put in a string of strong performances. The Panda Cloud solutions tend to be quick and simple to install, although the business offering does involve a few more steps to connect with the online management system. Despite these extra steps, deployment rarely took more than two minutes. The local interface is fairly basic, with the bulk of the controls operated from the web console.

Scanning speeds were on the slow side, and overheads were no more than reasonable with the default settings, despite limited on-read checking. RAM and CPU use were both below average, and our set of tasks didn’t take too long to get through either.

Detection was fiddly to measure, as usual, with the main product logging limited in size and an ‘advanced’ log system required to get the data we needed – this meant a recording of every single transaction between the product and its online resources, the size of the logs rapidly mounting up so that in most sections of the test several gigabytes of data were logged. The logs showed some excellent scores once again, but with no RAP measure as the product can only function with a live web connection. The WildList sets were dealt with cleanly, but in the clean sets a single file was flagged – a driver kit from a leading printer manufacturer – and this was enough to deny Panda a VB100 award this month. This is the second time in a row the vendor has been denied a VB100 award by the narrowest of margins.

Stability was mostly good, although we did note some issues when deploying updates and settings changes from the console to the local client – these may have been more a matter of impatience rather than actual failures. A Stable rating is given.

ItW Std: 100.00%

ItW Std (o/a): 100.00%

ItW Extd: 100.00%

ItW Extd (o/a): 100.00%

False positives: 1

Stability: Stable

Main version: 5.1.27

Update versions: 3.45.0/4.91G, 3.47.3/4.93G, 3.48.0/4.94G

Somewhat unusually, this is the first appearance of the Preventon product family in this test – we would normally expect to see many more family members taking part. Now using the Sophos engine, the set up process differs little from the many previous visits to our test bench, running through rapidly and with speedy updates too. The interface is simple but easy to find one’s way around, providing a good basic set of options.

Scanning speeds were rather slow, and overheads a little high, especially over executable file types. Resource use was OK, but our set of activities was a little on the slow side. Detection was reasonable, but not great, with pretty similar levels across the Response and RAP sets. The core sets were dealt with well though, and Preventon earns a VB100 award.

The vendor’s test history shows two passes from two entries in the last six tests; before that, a different engine was in use, so our figure of five passes and one fail in the last two years is of less relevance than usual. There were a few minor wobbles in the product, but nothing serious, earning a Stable rating.

ItW Std: 100.00%

ItW Std (o/a): 100.00%

ItW Extd: 100.00%

ItW Extd (o/a): 100.00%

False positives: 0

Stability: Stable

Main version: 4.2.0.4071

Update versions: N/A

Qihoo’s Internet Security is another product that is based on the Bitdefender engine, with some of the vendor’s own technology on top – it also includes options to enable the Avira engine, but these are not enabled by default so are not included in our tests. Installation is surprisingly rapid, with updates pretty speedy too. The interface is bright and friendly, its layout clear and usable, with a reasonable set of controls.

Scanning speeds weren’t the fastest, and while on access overheads appear low, that’s thanks to a quirk of the real-time protection: while it operates on-read, it does not operate in actual real time, popping up warnings and insisting it has blocked something long after it has been written to disk. This will also have had an effect on our resource use measure, which shows low figures too, but our set of activities should exercise all angles, and shows a fairly fast time.

Detection was strong, as expected from the Bitdefender engine, with only the very slightest drop into the later sets. The WildList set was handled well, with nothing missed, but in the clean sets several items – all Python scripts associated with the GIMP package – were flagged as trojans. Investigations indicated that there had been a problem with contacting cloud servers, where the items should have been whitelisted. Qihoo is thus denied a VB100 award this month.

The vendor’s test history now shows four passes and one fail in the last six tests; six passes and three fails in the last two years. There were a few very tiny wobbles in the GUI when under heavy stress, just nudging our rating into the Stable category.

ItW Std: 100.00%

ItW Std (o/a): 100.00%

ItW Extd: 100.00%

ItW Extd (o/a): 100.00%

False positives: 6

Stability: Stable

Main version: 14.00 (7.0.0.4)

Update versions: N/A

Quick Heal’s Server Edition is not too different in look and feel from its desktop cousins, with the colour scheme a little more sombre but the layout unchanged. The install process is speedy but updates were a little unpredictable – some were over in under a minute, some took closer to ten. The GUI is well formed, combining elegance with practicality, and offers a good range of controls, although the layout can be confusing at times.

Scanning speeds were OK – rather slow in the archive set despite not much coverage by default, and fairly average elsewhere. Overheads were fairly light though, and showed some impressive speeding up in the warm runs. RAM use was a little high, CPU use around average, and impact on our set of tasks was fairly high too, but not excessively so.

Detection was rather mediocre, especially in the RAP sets where numbers declined quite sharply from a fairly low starting point. The WildList was well covered though, and there were no problems in the clean sets either, earning Quick Heal another VB100 award. The vendor now has five passes from five entries in the last year; seven passes and two fails in the last two years. Stability was good, although we did have problems with a few scans not covering all the ground requested, meaning a Stable rating is earned.

ItW Std: 100.00%

ItW Std (o/a): 100.00%

ItW Extd: 100.00%

ItW Extd (o/a): 100.00%

False positives: 0

Stability: Stable

Main version: 2.5.0.23

Update versions: 13.3.21.1/507649.2013082115/7.49637/9752153.20130821, 13.3.21.1/513616.2013102115/7.51020/10182961.20131021, 13.3.21.1/513980.2013102816/7.51158/10242981.20131028, 13.3.21.1/514417.2013102818/7.51158/10242981.20131028

A close sibling of ESTsoft’s ALYac, Roboscan is essentially the same product re-branded for a different market. Again, the Bitdefender engine does most of the heavy lifting. Installation was very fast, but initial updates extremely slow, taking over 20 minutes for most attempts.

Scanning was fairly quick to start with and a little better in the warm runs, while overheads were just a little high initially, with some excellent improvements later on. Resource use was low, but our set of tasks did take quite some time to complete.

Detection was much as we would expect – pretty impressive across the board, with no problems in the WildList or clean sets – and Roboscan earns a VB100 award.

Roboscan’s test history does not go back very far, now showing three passes and one fail in the last six tests; three passes and two fails in the last two years. There were a few stability issues, including protection seeming to have been temporarily broken in some on access tests, and a few problems with unreliable logging, but a Fair rating is awarded.

ItW Std: 100.00%

ItW Std (o/a): 100.00%

ItW Extd: 100.00%

ItW Extd (o/a): 100.00%

False positives: 0

Stability: Fair

Main version: 10.3

Update versions: 10.3.2.220/3.45.0/4.91G, 10.3.2.220/3.47.3/4.93G, 10.3.3.8/3.48.0/4.94G

Sophos products are rarely absent from our comparatives, but it was a bit of a close call this month thanks to some communication problems. The process of installation and set up was pretty familiar from countless previous occasions, and although a fair few clicks are needed, the install itself didn’t take long, with updates not too sluggish either. The product interface is simple and unfussy, providing a wealth of fine tuning options at varying depths.

Scanning speeds were a touch slow in the first run but very rapid indeed in the warm re runs, while on access lag times were for the most part not too bad, spiking somewhat in the set of binary files, but only going really high with the scan depth turned up to the max. RAM use was a fraction above average, CPU use just a whisker below, while our set of tasks took a fair while to complete.

Detection scores were only reasonable in the RAP sets, where cloud look ups are not available (we plan to make some tweaks in the near future to improve on this). Unfortunately, in the Response sets some inexact testing instructions meant that detection was not measured properly – cloud look ups were disabled – meaning that we had no usable figures to report. The numbers we did see closely mirrored those of other products that include the local engine only, but we would normally expect to see a significant increase on this had the cloud system been available.

Fortunately, we did gather a full set of figures for the WildList and clean sets, which showed no problems at all, earning Sophos another VB100 award. The vendor continues a recent run of success, standing on six passes from six entries in the last year; longer term, it has just a couple of fails and ten passes in the last two years. There were no stability problems to report, earning the product a Solid rating.

ItW Std: 100.00%

ItW Std (o/a): 100.00%

ItW Extd: 100.00%

ItW Extd (o/a): 100.00%

False positives: 0

Stability: Solid

Main version: 7.5.97

Update versions: N/A

One of the products using the Sophos engine mentioned above, SPAMfighter puts a bit of a spin on the standard Preventon set up and interface. Installation was very fast, as were initial updates, with the whole process taking under a minute in some runs. The interface is bright and colourful, with a fairly obvious layout providing a reasonably basic set of controls. For our purposes, a registry tweak is required to prevent the product logging every single file it looks at, and then throwing away the logs when they outgrow a fixed size. This was only done for the detection tests, of course, with all performance measures taken with the full defaults.

Scanning speeds were not too exciting, overheads fairly high over binaries but pretty light elsewhere, while resource use was a little below average and our set of tasks got through in a decent time. Detection was not stellar, but not too bad either, and there were no issues in the clean sets, earning SPAMfighter a VB100 award.

The vendor’s test history shows two passes and one fail in the last six tests; five passes and two fails in the last two years. We saw a few minor issues this month, with some scans simply aborting before they got anywhere at all, some options apparently not doing as they were told, but a Stable rating is earned.

ItW Std: 100.00%

ItW Std (o/a): 100.00%

ItW Extd: 100.00%

ItW Extd (o/a): 100.00%

False positives: 0

Stability: Stable

Main version: 8.1.24983.501

Update versions: N/A

Another Chinese-language-only product, testing Tencent requires a detailed cheat sheet kindly provided by the developers, which points out which button does what. The set up and update is very speedy, the interface very bright and cluttered with apparently a feast of features, most of which remain mysterious to us. The anti malware component, including the Avira engine, is fairly simple to operate given a few pointers.

Scanning was very slow over archives – which are analysed in great depth – but not bad elsewhere, while overheads look very light thanks to a lack of on-read protection. Resource use also seemed fairly low, and our set of activities didn’t take too long to complete.

Detection was as strong as one might expect, maintaining a high and very steady rate through the Response sets and the earlier parts of the RAP sets, only declining slightly into the last sets. The core test sets were dealt with well, and Tencent earns another VB100 award. The product’s relatively short test history shows four passes from four entries in the last year; seven passes from seven entries in the last two years. A few issues were noted, with scans of large sample sets failing to complete properly, but a Stable rating is awarded.

ItW Std: 100.00%

ItW Std (o/a): 100.00%

ItW Extd: 100.00%

ItW Extd (o/a): 100.00%

False positives: 0

Stability: Stable

Main version: 7.0.6.2

Update versions: 3.9.2570.2/20692, 3.9.2574.2/22644, 22700, 22896

A shiny new 2014 version was submitted by ThreatTrack, although on the surface it’s more of a facelift than a thorough revamp, with the basic layout and control system left more or less unchanged. Installation is quick, updates not too slow, and the GUI is gleaming and clean, with a reasonable set of controls.

Scanning speeds were very slow over archives but not bad elsewhere, and showed some good improvement in the warm runs in the other sets too. Overheads were decent too, again with some signs of optimization in the warm runs. Resource use was OK, and our set of tasks completed in a decent time.

Detection rates were impressive, actually increasing into the most recent days of the Response sets, and not sloping too sharply downward in the RAP sets. The WildList and clean sets were handled well, and a VB100 award is duly earned.

ThreatTrack’s test history – much of it recorded under previous company names – shows four passes from four entries in the last six tests; six passes and two fails in the last two years. We noted the usual wobbles in the GUI, particularly under heavy stress, and some logging problems too, but a score just inside the Stable range is recorded.

ItW Std: 100.00%

ItW Std (o/a): 100.00%

ItW Extd: 100.00%

ItW Extd (o/a): 100.00%

False positives: 0

Stability: Stable

Main version: 5.0.6.1002

Update versions: 5.0.5/12.163, 5.0.7.0000/5.0.5/12.163

Another cloud-oriented product, the installer for Total Defense is obtained by logging into an online portal and finding one’s way through a rather less than obvious path to an endpoint download section. The set up from this point onwards is very quick indeed, but the initial updates could take some time to come online. The configuration is performed partly in a local web console and partly through the portal admin system, which with a little practice seems to be fairly simple to navigate and use.

Scanning speeds were impressively fast, with overheads not too heavy. Resource use was fairly low, and impact on our set of activities was very low indeed. Detection rates were splendid thanks to the Bitdefender engine, with good scores everywhere and no problems in the certification sets, thus earning a VB100 award. The product was not entered for the RAP tests due to its reliance on cloud detections.

The test history for Total Defense shows a good run of passes, although some of the earlier ones may have been earned by the previous product line which used an in-house engine: four passes from four entries in the last six tests; eight passes and a single fail in the last two years. There were a couple of problems exporting complete logs, and a little lagginess in the GUI, but nothing serious, and the product earns a Stable rating.

ItW Std: 100.00%

ItW Std (o/a): 100.00%

ItW Extd: 100.00%

ItW Extd (o/a): 100.00%

False positives: 0

Stability: Stable

Main version: 13.0.10.5110

Update versions: N/A

Yet another aficionado of the Bitdefender engine, TrustPort deploys it in conjunction with that of AVG. The set up doesn’t take too long for a dual-engine solution, and updates were surprisingly quick too, when they worked (some failed to complete happily). A reboot is required to complete things. The interface is a little quirky, maintaining a multi part approach which does not make for the best usability, but with some familiarity it is not too difficult to operate. As in some previous tests, we noted some odd window behaviour with the focus seemingly out of sync with the display.

Scanning was rather slow, as one might expect from a product using the dual engine approach, and overheads fairly high, although things sped up nicely in the warm runs. Resource use wasn’t bad at all, but our set of tasks took a fair while to complete.

Detection was superb – not far off perfect for the most part, and with a clean sweep in the clean sets and no issues in the WildList sets either, a VB100 award is easily earned. TrustPort can celebrate five passes from five attempts in the last year; eight passes and two fails in the last two years. There were a handful of wobbles – notably the failed updates and odd window behaviour – but nothing dangerous, meriting a Stable rating.

ItW Std: 100.00%

ItW Std (o/a): 100.00%

ItW Extd: 100.00%

ItW Extd (o/a): 100.00%

False positives: 0

Stability: Stable

Main version: 3.2.27

Update versions: 3.45.0/4.91G, 3.47.3/4.93G, 3.48.0/4.94G

UtilTool is another member of the Preventon family, making use of the Sophos engine, so we expected there to be few surprises here. The set up is simple and speedy, and the interface likewise basic but easy to use. Scans were not the fastest, and file access lag times were a little sluggish, with average resource use and a rather heavy impact on our set of tasks.

Detection was not the best, but not to be sneered at, with no issues in the certification sets earning UtilTool a VB100 award, putting it on two passes from two entries in the last six tests; four passes and two fails in the last two years. We saw a few issues here, including some GUI flakiness and problems with the on-access protection not coming online for some time, but it still falls into the Stable category.

ItW Std: 100.00%

ItW Std (o/a): 100.00%

ItW Extd: 100.00%

ItW Extd (o/a): 100.00%

False positives: 0

Stability: Stable

Main version: 3.2.27

Update versions: 3.45.0/4.91G, 3.47.3/4.93G, 3.48.0/4.94G

Our final product this month is more of the same – another Preventon/Sophos offering with very similar features to several already covered. It was very quick to install and update, and easy to use with only a basic set of options. The product was rather slow at scanning, with high lag times on access, and used a reasonable amount of RAM and CPU with not too heavy a hit on our set of tasks.

Detection was a notch or two above mediocre, but there were no upsets in the core sets and a VB100 award is granted, putting Vexx Guard on three passes from three entries in the last six tests, with its only previous entry a fail just over a year ago. A few minor issues were noted, but a Stable rating is awarded.

ItW Std: 100.00%

ItW Std (o/a): 100.00%

ItW Extd: 100.00%

ItW Extd (o/a): 100.00%

False positives: 0

Stability: Stable