Size of anti-virus app detection databases

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

tomdkat

Thread Starter
Retired Trusted Advisor
Joined
May 6, 2006
Messages
7,148
You can all thank perfume for being the inspiration for this thread. : )

In this thread, perfume posted this comment in response to a comment I posted:
Dear tomdkat,
I have re-read your link and what i said as a response to that question of yours! Avira's Database must have been larger and more up-to date than AVG. I can't see any hidden reason except that.
I had the occasion to choose a free AV when my KIS2010 shipment was in transit. I chose AVIRA Antivir(free) without a blink of the eye! Avast(free) is real top-notch. IMO, AVG is travelling south. Recently i had the luxury of sending a seemingly "virus" to VirusTotal, and only one of the AVs reported positive. So,what do you do, especially if its a registry item! I took a once-in- a- lifetime chance and used Ccleaner's registry cleaner(please don't do it-i was lucky to get away)to mop up things and after reboot all was well! Freaky things ,these occurances!
PS: Machines are alive!
The point about AntiVir's detection being larger and more up-to-date than AVG's database got me curious about the sizes of the detection databases of the various anti-virus apps we use.

So, I did a little research and found the number of threats in the databases of AVG 9 (free edition) and AntiVir 10 (free edition). Of course, these were NOT the version of these tools I was using when I posted the comments to which perfume responded.

If you like, please post the number of threats in the database of your anti-virus app of choice. :)

App: AVG 9.0.814 (free edition)
Virus db version: 271.1.1/2853 (as of 5/4/2010)
Threat count: 2847945

App: AntiVir 10.0.0.567 (free edition)
Virus db version: 7.10.7.45 (as of 5/5/2010)
Threat count: 2074600

Peace...
 
Joined
Apr 2, 2002
Messages
5,934
I'm not sure how big NOD 32's database is or, more importantly. how significant that total would be with a product that claims to stop threats by heuristic analysis of behaviour rather than simply referring to a database that will, in the nature of things, always be one step behind the bad guys.

I remember when I had NAV 2000 (or 2001), that it had an impressive looking number of definitions (well over 100,000 if my very unreliable memory serves me correctly) but that seemed slightly less impressive when you realised that over 30000 of the defs were for old MBR viruses, mostly spread via floppy discs which were not very widely used at the time!

Isn't it the case that the quality of the database (assuming that could be accurately measured), is more relevant than its quantity?
 

tomdkat

Thread Starter
Retired Trusted Advisor
Joined
May 6, 2006
Messages
7,148
I'm not sure how big NOD 32's database is or, more importantly. how significant that total would be with a product that claims to stop threats by heuristic analysis of behaviour rather than simply referring to a database that will, in the nature of things, always be one step behind the bad guys.
It's true good heuristic analysis is critical to optimum protection from threats but not something to replace a solid database of identified threats running rampant in the wild. The combination of both should provide about as good of software-only protection as you can expect. Of course, there's always the user factor that the software can't fully control. :)

I remember when I had NAV 2000 (or 2001), that it had an impressive looking number of definitions (well over 100,000 if my very unreliable memory serves me correctly) but that seemed slightly less impressive when you realised that over 30000 of the defs were for old MBR viruses, mostly spread via floppy discs which were not very widely used at the time!
Yep, I agree that the numbers don't tell the "whole" story. That's partly what generated my curiosity in the sizes of current anti-virus apps we use today. AntiVir could have a database 10x the size of AVGs but that could be negated by AntiVir's known high false positive rate. Are those false positives due to bad database entries or due to its heurisitc algorithms and analysis capabilities? Also, if an anti-virus app relies more on heuristics than a database, does that mean that database will be updated less often? Or on the contrary, does an anti-virus app with frequent database updates mean its heuristic analysis capabilities aren't strong?

Isn't it the case that the quality of the database (assuming that could be accurately measured), is more relevant than its quantity?
Absolutely! However, the size of the database (as reported by the apps) is something easily (or relatively easily) obtained from the application itself and can be used as a one of a list of points of comparison for those seeking a "good" anti-virus application.

I don't consider AVG 9 to be a "better" anti-virus application simply because it's got a larger detection database (as reported by the app) but I was surprised to learn AVG 9's database appears to be larger than AntiVir's. Also, I wonder if the sizes of the databases differ significantly between the free and paid versions of anti-virus apps that offer free and paid versions.

Peace...
 

Snagglegaster

Banned
Joined
Sep 12, 2006
Messages
1,906
I'm not sure how big NOD 32's database is or, more importantly. how significant that total would be with a product that claims to stop threats by heuristic analysis of behaviour rather than simply referring to a database that will, in the nature of things, always be one step behind the bad guys.

Isn't it the case that the quality of the database (assuming that could be accurately measured), is more relevant than its quantity?
Absolutely correct, especially since there isn't even agreement between vendors on how "threats" should be counted. For a very thorough discussion see this paper presented by Eset's David Harley at the 3rd International Conference on Cybercrime Forensics Education & Training. The entire paper is really interesting, but the abstract on page 2 covers the main points well.
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Top