Row breaks out over antivirus response times

Row breaks out over antivirus response times


'Mischievous' F-Secure accused of 'selective memory'

A boast by F-Secure that it can counter new infections more quickly than any other antivirus firm has provoked an angry response from rival vendors.

The row was sparked when a senior F-Secure executive said about the firm's ability to beat its competitors "easily".

"Symantec's figure is somewhere around nine hours. McAfee's is around 10 hours. So we are beating them easily, we are beating the big boys hands down," claimed F-Secure's chief research officer Mikko Hyppönen at a recent briefing.

However, McAfee responded angrily to the claims, describing them as " mischievous".
"Mikko Hyppönen is certainly picking and choosing his battles, and the figures he is quoting are from specific threats," Nick Bowman, a spokesman at McAfee, said.

"Some of those threats McAfee did not classify as medium risk or high risk and therefore didn't release any emergency DATs for them."

Hyppönen claimed that F-Secure's average reaction time to a virus is just two hours and 37 minutes.

"The average reaction time we have as clocked by the University of Magdeburg in Germany, Andreas Marx and his team, is two hours and 37 minutes. That's from the moment a new virus is found to the moment we are protecting our customers," he said.

Bowman begged to differ, however. "That's not specifically true. If F-Secure doesn't receive a sample of a threat until 24 hours after McAfee receives a copy, does that mean that the virus is not discovered until F-Secure receives the copy?" he said.

"For instance, McAfee and Symantec detect certain families of viruses without actually needing to put out an extra DAT file.

"If we were all at that same level Hyppönen would have a case, but he's just picking and choosing things where we may well have protected customers in any case without having to release anything at all. It's a bit mischievous, really. "

Bowman quoted a Washington Post link from University of Magdeburg's AV-Test.org website, which quotes some of the same data Hyppönen used.

"Marx noted that corporations are extremely intolerant of false-positives, so Symantec, McAfee and other vendors widely used in corporate environments tend to have a more complex quality-assurance process to weed out false positives," said the Washington Post.

"This often results in the companies taking longer to get virus definitions in place. On the other hand, smaller antivirus companies, Marx said, tend to have more problems with false positives."

Hyppönen's claims seemed to have been taken on face value at the security briefing because he was not claiming that F-Secure had the fastest response time of any company.

"A company from the Czech Republic, Eset, is even faster than us. So we're not the fastest in the world, but we are much faster than the main competitors," Hyppönen said.

Despite being named as a slower competitor by F-Secure, Symantec declined to comment.

"I'm afraid that at this time, without knowing more details of the testing Mikko is referring to, Symantec is not able to comment," said a spokeswoman.