6 min read

Anti Virus Announcements May Not Be Catchy

It's getting hard to know which to believe less -- anti-virus and other anti-threat software, or some of the announcements touting them, based on inspecting this representative recent example by AVG.
It's getting hard to know which to believe less -- anti-virus and other anti-threat software, or some of the announcements touting them, based on inspecting this representative recent example by AVG.AVG Technologies, makers of AVG anti-virus software, announced its new AVG 2011 security suite, which, according to the press release, incorporates user feedback and enhances features, along with sundry claims which I'll get to in a moment.

The problem I have with the announcement is that I can't tell whether the claims are true... and even if they are true, it's not clear whether these products are good enough, or even appropriate and relevant solutions.

To be fair, I have this problem with just about every press release about a virus, malware, spam or other Internet threat/nuisance detector/blocker. And far too many "reviews" I read aren't much better, as they don't seem to have tested and verified these claims. (One exemplary exception are Lincoln Spector's.)

A quick disclaimer: I am not a security expert. I don't have a testing lab with a bunch of systems, plus a cyber-Petri dish of known viruses and malwares and spams to test with.

What I am is someone who's read and written my share of press releases, news articles, feature, and the like, along with discussions with my peers on PR claims. And what I do have is a, to use a less impolite term, bogosity detector that, I suspect, is as good or even better, in its own field as the anti-whatever security suites.

And when I turn my bogosity meter on this press release, lights flash and horns toot and the needle swings into the red zone.

According to the press release, "The design of AVG 2011 incorporates feedback from AVG's global community of more than 110 million users..."

Let's assume that AVG does, in fact, have 110 million users, give or take ten per cent. "Incorporates feedback" is a strong statement. And arguably misleading.

I'm guessing that AVG -- like many-to-most security scanning-and-matching tools -- includes the ability, possibly requiring user check-off during install, to "phone home" anything it spots that isn't in its database but looks questionable. That's pretty standard; even Windows periodically asks me if it can send a crash dump back to the mothership.

I'm not sure this constitutes "feedback," though. To me, feedback is something explicit and human generated like (and I'm not thinking about AVG here), "The uninstall is unacceptable," or "Why can't the program automatically look things up instead of giving me a cryptic message about something I don't recognize?" Now, that's feedback.

AVG further claims its software has "among the best detection rates in the industry..." Cue bogosity meter alarums.

"Among the best..." is what, in advertising, is called "weasel words." "Among"? Like in "what do you call somebody who graduated last in their class at medical school?" (Answer, "Doctor.") For that matter, what ARE the "best detection rates in the industry" (assuming that by "the industry" AVG means "anti-virus, etc. software")?

And are those rates good enough? It only takes one "successful" virus to whack your data or compromise your system. If these detection rates aren't good enough, what rate would be? (I'm guessing, "100%, with no false positives.")

"a..." I have no idea what this means; as a user, I doubt I would recognize a nimble design, or nimbly designed piece of software, or one with a nimble design (if that's not the same thing) if it jumped over a quick brown fox.

"AVG 2011 is the company's most advanced consumer and small business solution to date."

One would hope that each new product and version would be better than the last. Of course, "advanced" isn't necessarily better. In any case, according to who, as in, what independent third party with enough expertise to make this judgement?

"AVG's unique use of signature based, web, behavioral, and early warning cloud based technology allows us to provide the most advanced protection capabilities in the world."

This is where, in a serious news article, the vendor gets asked, "Define or elaborate on 'unique.' Explain and prove it's 'the most advanced protection in the world.' Now show me that it works. And now prove that 'providing protection' actually results in better protection."

"With our new People-Powered Protection technology and approach, everyone is encouraged and empowered to be part of the solution." Translation: there's a check-box, possibly part of the quid pro quo for software being free.

" sending us over 1.5 billion potential threats from all over the world for evaluation every single day." My real question, if the anti-whatever vendors haven't agreed to some central, shared pool for all this stuff (maybe they have), would they please?

"We believe that AVG 2011's powerful Web-security features, including enhanced social networking security, enhanced speed and detection rates and an easy to use and intuitive user interface, are best-in-class amongst both free and paid security software offerings." Believe? Again: aren't there any independent third-party test labs out there? What does "best-in-class" mean here? Does that mean that something in another class might do a better job?

"The installation process for the software has been reduced to five simple clicks, while the software's uninstall process is as seamless as ever." Neither of these strike me as something to brag about; the implication is that the install previously was way too complicated. "Independent tests have proven that AVG2011 has among the best detection rates in the industry." Tests by who -- let's see some names. And the results. And again, what does "best detection rates" mean, what are they, and are they good enough?

"AVG has enhanced its Smart Scan technology to ensure its 2011 version will not slow your computer down." 2010 seems like late in the game to be doing this. And is this a problem with other security tools? (I'm asking; I don't know.) On my two-year-old Windows desktop, ZoneAlarm is only chewing up a few percent of resources, as one benchmark.

Again, to be fair, the odds are that most press releases for these products will be making similar claims, or other claims similarly unquantified or unproven.

And all this begs the technical question of whether these scanning and matching techniques are sufficient and adequate, versus, say, application whitelisting. Or application sandboxing. Or writing applications don't mis-use compromisable scripting features.

Meanwhile, technology claims ought to be backed up with some facts, and, ideally, be verifiable.

Meanwhile, keep that bogo-meter at hand... because there's always more press releases in the email, and anti-virus software doesn't filter out the high-bogosity ones.