Comodo vs. Symantec: Who offers the best Malware defense?by Steve Ragan - Sep 23 2010, 16:45
Do free anti-Virus products protect as well as their commercial counterparts? It’s a longstanding question, and one anti-Virus company’s CEO wants answers. Based on a quote given in 2009, Comodo’s CEO wants to see a protection test between his product and Symantec’s Norton offering.
In 2009, Tech Blorge reporter John Pospisil interviewed David Hall, Symantec’s product manager for Consumer Products in Asia-Pacific:
“There is a very, very big gap between what antivirus does and the threats that are being delivered today,” Hall said at the time. “If you are only relying on free antivirus to offer you protection in this modern age, you are not getting the protection you need to be able to stay clean and have a reasonable chance of avoiding identity theft.”
“That’s why free antivirus is not enough: you need in-depth layered technologies, which only come from the more mature paid suites,” he added.
Last week, these comments were picked up and used by the Guardian’s George Cole, in a story that attempted to answer the question of whether or not free anti-Virus protection does the job, or if the only true virus protection these days comes from commercial products?
The truth is, both free security offerings and paid security offerings, no matter the vendor, have earned their place in the Internet community. Each has its own strengths and weaknesses, and, depending on what the consumer wants out of the product, offers decent threat protection.
Just because a product is free, doesn’t mean it is necessarily lacking. Likewise, just because a product requires a subscription fee, doesn’t necessarily mean it is the best product on the market. The security industry knows this, which is why there are continuous improvements to mitigation technologies. At the same time, no two products are the same, no matter what a person pays for them.
The Guardian story duly led to remarks from Comodo CEO Melih Abdulhayaglou, who said, “this kind of misinformation is just unacceptable from companies like Symantec. You can't mislead end users with blatant lies.”
Abdulhayaglou promptly issued a challenge, Symantec vs. Comodo, with a mission to determine which “product can protect users better.”
In an email to The Tech Herald, Abdulhayaglou sent links to a set of videos on YouTube where one Comodo user performed the tests. Using 47 samples of Malware, and relying on stock protections alone and not signatures, he tested both Comodo Internet Security and the 30-day trial of Norton Internet Security 2011.
“I spent the last twenty-four hours collecting Malware,” reviewer 'languy99' states. “This Malware I specifically selected to not be detected by signatures for either or, because I want to test how their base protections are.”
So how would the security suites protect the user, the reviewer asked, if they don’t have Internet access and they get hit with a Zero-Day Virus, or something is brought in on a USB stick?
“I want to see how well they work... not their extra services... anything in the cloud, that type of stuff. I want to see how the actual program works at protecting users,” languy99 said.
Based on the amount of uploads to his YouTube account, he has tested several security products. So we’ll give him credit for being the first to do the Comodo vs. Norton test, as security software reviews are hard work and time consuming.
However, it wasn’t up to the level that we here at The Tech Herald would have liked to have seen. If you want to test how the program works, then you need to test the program fully, on equal footing, with every stock option enabled from the start.
For example, there was no Internet connection available to the test systems. This killed some of the layers of detection offered by Norton, and offered no chance for the test to be taken to the Web. While Comodo and Norton were able to function, both applications were still limited somewhat in their overall performance.
More often than not, Malware infections come from visiting malicious sites, or legitimate sites that have been compromised. This attack vector is one that every security vendor, including Comodo and Symantec, is intimately familiar with, and they have spent millions in R&D developing technology to defend against it.
Given that Comodo and Symantec both talk about their Web defenses, as well as their desktop protections, seeing a review that only covers part of the product left us with more questions than answers.
When it came to answering Comodo’s challenge, Symantec said in a statement to several media outlets that Norton is included in a variety of independent, third-party tests from labs such as AV-Test and AV Comparatives.
“We encourage Comodo to contact these testing labs if they are interested in having their product included in these tests,” it outlined.
So while there is plenty of official testing for Symantec, Comodo isn’t part of the AV-Test and AV Comparatives group -- for reasons known only to them. This means that an official lab test doesn’t solve the question of free versus paid protection, and it certainly doesn’t complete the challenge issued by Comodo’s CEO.
Many comments have suggested that the challenge itself is just a PR stunt, designed to get Comodo’s name in the news. That may be, but the question of free versus paid in the security world is one that has existed for ages. A question likely never to be fully answered, if for no other reason than because consumers will always favor one product over another, and they will always have an opinion on matters.
PR stunt or otherwise, the challenge itself is certainly interesting. Given that Comodo wanted to be placed in the firing line, The Tech Herald is more than happy to help take a few shots at the vendor's software.
It may not solve the issue of free versus paid protection, but it will allow Comodo a chance to back its claims against the largest security vendor on the planet.
The review itself is here.