AV products are NOT all the same

I read an interesting article recently on the cost of anti-virus products. The article considers the increasing cost of some anti-virus products, as vendors try to steer users towards product suites that include not just anti-virus, but also personal firewall, anti-spam and IDS. The article concludes with the message that users should shop around and not allow themselves to be pressured into buying a suite from a single vendor.

It’s hard to argue with that: it makes perfect sense. However, it’s a shame that price and brand recognition are considered here to be the only criteria. As if all other things are equal. Sadly they’re not. What about a product’s ability to protect you from attack? Isn’t this a key factor in deciding which product to use?

It’s true that it’s not always easy for customers to determine which product is best, but that’s not to say that it doesn’t matter. And a vendor’s track record in a range of independent tests is always a good guideline when looking at a product’s performance. There’s a paper in the ‘Publications’ section of the ESAC [European Scientific Antivirus Centre] web site if you’re interested in further information.

Shop around? Definitely. But remember that cost isn’t the only factor and don’t let poor detection be the price you pay for selecting a cheaper product.

AV products are NOT all the same

Your email address will not be published. Required fields are marked *



Ferocious Kitten: 6 years of covert surveillance in Iran

Ferocious Kitten is an APT group that has been targeting Persian-speaking individuals in Iran. Some of the TTPs used by this threat actor are reminiscent of other groups, such as Domestic Kitten and Rampant Kitten. In this report we aim to provide more details on these findings.

Andariel evolves to target South Korea with ransomware

In April 2021, we observed a suspicious Word document with a Korean file name and decoy. It revealed a novel infection scheme and an unfamiliar payload. After a deep analysis, we came to a conclusion: the Andariel group was behind these attacks.

Operation TunnelSnake

A newly discovered rootkit that we dub ‘Moriya’ is used by an unknown actor to deploy passive backdoors on public facing servers, facilitating the creation of a covert C&C communication channel through which they can be silently controlled. The victims are located in Africa, South and South-East Asia.

Subscribe to our weekly e-mails

The hottest research right in your inbox