Antivirus is an interesting topic right now. Threats are getting faster and more severe. Endpoint protection can catch the “standard” viruses and malware but are missing the latest and most damaging threats. Some consider antivirus as a necessary evil while others hold out hope for a better product being more effective. If you’re shopping around for an antivirus solution, this article presents resources to assist your decision making and factors to consider in the process.
To even know what your options are and where you might start looking, you can head over to third party antivirus review sites. AV-Comparatives provides the results of several different tests, regularly updated. For example, the screenshot of the real-world protection test below comes from last month and shows detection rate and false positives by vendor. There are other tests like the file detection test, heuristic/behavior test, and performance test that can give you an independent idea of how a product would operate. If you’re looking for a new solution because you just spent a lot of time recovering from a false positive or you’re hoping to reduce the performance impact to your computers, you can use these tests to see the track records of the alternatives.
AV-Test is another source of test results. You can compare home uses on Windows or Mac, Android mobile devices, or Windows business clients. As you can see below, the results for the products are considered on a scale of six for protection, performance, and usability. You can also click on each product to learn more about how its test.
You might hear the Gartner Magic Quadrant for Endpoint Protection come up when considering what company to go with. The document costs almost $2k but most of the antivirus vendors will provide a copy on their sites for free because it is promoting their product. The Magic Quadrant considers candidates as challengers, leaders, niche players, or visionaries and they land in the corresponding coordinates based on their evaluated completeness of vision and ability to execute.
From a recent thread discussing the Magic Quadrant, it seems most IT Pros consider Gartner’s publication to be mostly marketing spin and subjective criteria. I found the quadrant to be fairly useless (big companies are big and the companies getting all of the word of mouth are doing things worth talking about) but I did appreciate the analysis of the companies that led to their decisions. You can view a free copy of the latest report from January 2014 to see for yourself.
Of course, the best way to evaluate how an endpoint protection product is going to work in your environment is to test it out. Most antivirus companies have 30 day trials available or can provide one if you work with their sales department. I found the following metrics worth considering in choosing new products, evaluating trials, and making sure something would fit my needs. The downside of a trial is that it is a limited time and can require learning all of the quirks of a product and management console in that short amount of time. Considering more than one product at a time can take some effort.
- Mac OS X
- File Servers
- Active Directory Synchronization
- Local network traffic (cloud-based solutions may increase bandwidth)
- VDI / vShield
- Central management of Windows clients
- Central management of Mac clients
- Central management of Mobile clients
- Endpoint protection
- Device encryption
- Host Intrusion Detection/Prevention
- Software Inventory
- Local server presence
- Cloud-based infrastructure
If you recently switched, did you find anything else helpful in making your choice for an antivirus vendor?