While browsing Sophos’s website, an image placed on the homepage caught my eye. The text inside it asks: “Is your anti-virus catching everything? Give it our threat detection test”. If you click the image, you learn that it’s not a “test”, but an on-demand virus scanner, just like the one every other major anti-virus company offers for free in the form of a web-based application.
But the problems don’t stop there, as the page insists that it’s a “Threat Detection Test”. Of course, this is wrong, and this method of “testing” is misleading.
If a user runs his anti-virus software on his computer, it might miss some threats. That is absolutely normal, as no single anti-virus is able to catch every piece of malicious code in existence. If, after deleting the found threats, the user then runs another anti-virus, such as Sophos’s, it might detect the malicious software his other protection missed, but that doesn’t mean that the software is better.
The problem lies in the wrong assumption users might make at this point. Just because a software detected malicious code that the existing protection missed, that does not mean this software is also able to detect the threats that were already deleted (or prevented) by the existing protection. Instead of warning users about this, Sophos, knowing that it has a clear advantage in this situation, advertises a simple on-demand scanner as a way to “check the performance” of other anti-virus software.
“If Sophos is just detecting one more virus that F-Secure (or others) couldn’t find, it doesn’t tell you that they were able to detect more than these tools”, says Andreas Marx, anti-virus testing expert of AV-Test.org, in an interview to Linha Defensiva. He also notes about problems with false positives — clean files that an anti-virus flags as infected: “If Sophos has a hit on a file which is actually a false positive, it’s perfectly fine that F-Secure (or others) have not reported it at any time”, Marx says, also noting that “it’s not really a ‘threat detection test’, as Sophos only detects malware (malicious software), not any other kind of attacks.
In Marx’s latest comparative test, Sophos’s anti-virus didn’t perform very well. Out of the 29 solutions tested, Sophos only managed to get the 21st place.
Many other anti-virus companies offer free on-demand scanners. Marx mentions Google Pack, which includes free on-demand scanners from PC Tools and Symantec. He also reminds us that, for the home user, there are plenty of free tools that also have real time scanning, citing Grisoft’s AVG Free Edition, Alwil’s avast! and Avira’s AntiVir.
This is of course not the first time that a desperate marketing tactic of an anti-virus company has been properly documented. Since the epidemic-level “worms” have died — and before that too, to a lesser extent — security companies have been advertising their solutions using viruses that no one will ever see in the wild. We’re all used to that by now, as bad as it is, but as competition gets fiercer — and the virus defense market is getting quite a bit of new players — even worse marketing ploys, like this, start to take shape.