Kaspersky Lab: world leader in virus reaction time

05 Mar 2004
Comparative Tests

Russian antivirus service tops the tables in independent German study

Virus threats on the Internet are steadily increasing. Given this, the speed at which antivirus developers react to new viruses is a crucial factor in the effectiveness of any information security system. There have been several massive virus attacks since the start of 2004, each more destructive than any seen before.

In connection with this, a well-known research group from Magdeburg University, AV-Test.org conducted independent research to establish the reaction time of antivirus developers to new malicious code. This research was designed to discover the average time taken to release an antivirus database update from the moment a new virus is first detected. The recent notorious viruses, Dumaru.y, Mydoom.a, Bagle.a and Bagle.b, which are all detected using heuristics, were used as controls.

This analysis is more objective than traditional comparative testing carried out by IT publications and research centres. Such tests use collections of older viruses, detected over a month prior to the start of testing, to determine the efficacy of antivirus products. This means that the most important factor in the quality of an antivirus solution is overlooked: reaction time. It is this specific feature which determines the reliability of protection against new threats. The research carried out by the group from Magdeburg University clearly illustrates the actual quality of antivirus systems, which in turn determines the level of information security as a whole.

For maximum accuracy in analysing the speed at which antivirus database updates are released, the researchers used dedicated script programs. These scanned the developers' servers every 5 minutes for new updates. The mean results of all data received showed that Kaspersky Lab was the quickest in responding to new virus threats.

The results of the experiment ranked antivirus developers as follows:

  1. Kaspersky Lab
  2. Bitdefender
  3. Virusbuster
  4. F-Secure
  5. F-Prot RAV
  6. AntiVir
  7. Quickheal
  8. InoculateIT-CA
  9. Ikarus
  10. AVG
  11. Avast
  12. Sophos
  13. Dr. Web
  14. Trend Micro
  15. Norman
  16. Command
  17. Panda
  18. Esafe
  19. A2
  20. McAfee
  21. Symantec
  22. InoculateIT-VET

In addition to the above, Kaspersky Lab was also praised for the frequency with which standard antivirus database updates are released. Users of Kaspersky Anti-Virus can automatically receive updates via the Internet every three hours, round the clock, thereby providing them with greater security.

The data presented below confirms the undisputed right of Kaspersky Lab to the victor's crown:

Standard regular update release intervals.

AntiVir (H+BEDV)5 - 6
Avast! (Alwil)2
AVG (Grisoft)2
BitDefender3 - 4
Command2
Dr.Web6
eSafe (Aladdin)5
eTrust (CA)4 - 5
F-Prot (Frisk)4 - 5
F-Secure6 - 7
Ikarus4
Kaspersky Lababout 20*
McAfee/NAI1
Norman2
Panda7
Quickheal4
Sophos4 - 5
Symantec1 - 2
Trend Micro2 - 3
VirusBuster4 - 5

*data for December 2003. Since December 2003 the number of regular updates per week is 56.

Kaspersky Lab' leadership is significantly strengthened by the introduction of Rapid Virus Response, a new antivirus database update release technology. This was launched in December 2003, and since then Kaspersky Anti-Virus users have had access to 56 regular updates a week. This figure does not include urgent updates which contain a cure for new viruses judged to be of maximum danger.

It should be noted that all Kaspersky Lab antivirus database updates undergo complex testing for compatibility with a wide range of operating systems and configurations prior to release. Many antivirus developers provide their users with beta-versions of antivirus database updates, which have not been tested for compatibility and which can seriously damage system performance. All in all, Kaspersky Lab is not only the fastest when it comes to reacting to new viruses, but users are also offered maximum protection.