Antivirus products — software programs that prevent, detect and remove malware such as computer viruses, spyware, Trojan horses and worms — are a cornerstone of any bank's security defenses, as well as those of its online and mobile banking customers.
Gartner estimates that cyber criminals have stolen more than $3 billion from U.S. banks, businesses and municipalities using financial malware. The Anti-Phishing Working Group says that 39 percent of all computers are infected with financial malware designed to steal personal and account information. As a result, online banking account takeovers are growing at a rate of 150 percent each year, according to research published by the Financial Services Information Sharing and Analysis Center.
But there are hundreds of antivirus products out there, some free and others high-end. AV-Comparatives, an independent testing lab nestled in the mountains of Innsbruck, Austria, has tested 25 antivirus products and declared two to be the best: Bitdefender's and Kaspersky Lab's. (The two companies' products were considered comparable in quality, but Bitdefender was granted the top slot because it hadn't been selected before.) Products from Avast, Avira, BullGuard, Eset, F-Secure and G Data were also found to perform well.
"Bitdefender is very strong, they're a combination of signature-based detection, analytic detection, malware detection and behavior detection," says Peter Stelzhammer, a co-founder of AV-Comparatives. Both Bitdefender and Kaspersky Lab were found to produce low false positive rates, which is important for corporate users. "If you have false positives most of the time, it can cost you more work than an infection," Stelzhammer notes.
The two products also tested well in administration tests: they were found to be easy to deliver to clients and scalable to a large number of users. "Of course, detection is the most important factor," he says. "But these products are also lightweight, they don't impact the system, and they're easy for corporate users to handle."
AV-Comparatives tests Windows, Mac, and mobile-based security software throughout the year. Although vendors pay to be considered in AV-Comparatives' tests, "everyone pays the same amount," Stelzhammer says. Vendors who don't pay are included in the tests anyway and treated the same, he says. (Originally the company tried to get money from users, but "that didn't work - readers don't want to pay anything for information," Stelzhammer says.) The products are all tested using the same automated testing framework, against the same malware, in collaboration with the University of Innsbruck, he says.
In its "real world" tests, AV-Comparatives simulates a corporate environment and throws real-life malware at it. The testers actually visit malicious websites and fully download and execute malicious files. That gives the anti-malware software the opportunity to perform behavior detection as well as malicious file detection. This is important for the spotting of brand-new strains of malware, for which there are no known fingerprints.
Redwood Shores, Calif., security software company Imperva recently conducted an assessment of 40 antivirus products and concluded that by and large they don't work well. That company, along with a group of students from The Technion - Israeli Institute of Technology, used 80 malware samples to test the effectiveness of these products and found that the initial detection rate for a newly created virus is less than 5%. These tests also found that some antivirus vendors take up to four weeks to detect a new virus from the time of an initial scan.
But Stelzhammer believes these tests were faulty, due to the small sample size — AV-Comparatives uses more than 200,000 samples — and the lack of "real world" testing that includes the downloading of files for behavior analysis.
Besides the ability to detect malware, minimal false positives and ease of administration, what else should a corporate IT person look for in an antivirus product?
"There's one other major issue: privacy," Stelzhammer says. It's important when using cloud-based services to ensure that you know which data is sent to the vendor, he says.