Search
  • Jason D.

A Survey of All Antivirus Engines (100+ and Counting)

Updated: a day ago


A brief survey of AntiVirus Engines in production in 2021.


When we first started researching AntiVirus Engines and companies we thought there were a handful of them and that it would be a pretty quick job to make an inventory of all the names, their origins, and general capabilities. Once we got started, we quickly realized how wrong we were!


Did you know? There are over 100 AntiVirus Engines and they are all over the world? Some of them even use the same back end through a licensing arrangement or white label such as the following which are all leveraging the BitDefender engine and signature database internally.


When you are scanning with most of these engines, most likely you will get the exact same scan results because they leverage the same internal system and database!


Kaspersky does something similar for a handful of engines, but to our knowledge it doesn't have anywhere near the same market penetration.


Following are some AntiVirus Engines based on BitDefender:


Tencent - tencent.com - China

Baidu - baidu.com - China

Trustport - trustport.com - Czech Republic

F-Secure - f-secure.com - Finland

Gdata - gdata-software.com - Germany

Quickheal - quickheal.com - India

Escan AV [Microworld] - escanav.com - India

SourceNext - sourcenext.com - Japan

Fuva Brain - fuva-brain.co.jp - Japan

Emsisoft [SpyHunter] - emsisoft.com - New Zealand

Arcabit [MKS Vir] - arcabit.pl - Poland

SafeNSoft - safensoft.com - Russia

Hauri - hauri.net - South Korea

ESTSecurity [ALYac] - estsecurity.com - South Korea

Nprotect - nsos.nprotect.com - South Korea

J2 Global [VIPRE Threatrack] - vipre.com - United States

TotalDefense - totaldefense.com - United States

Ad-Aware [Lavasoft] - adaware.com - United States

HitmanPro - hitmanpro.com - United Kingdom Ready for the rest of the list of non-BitDefender AntiVirus Engines? Hang on to your hats because it's quite a doozy.

Amsterdam

ReaQta - ReaQta.com


Austria

Ikarus - ikarussecurity.com


Belarus

VirusBlokAda [VBA32] - anti-virus.by


Brazil

AVware [Bluepex] - bluepex.com.br

Psafe - psafe.com


China

Antiy Labs - antiy.net

Qihoo-360 - 360.cn

Rising - rising-global.com

Kingsoft - ir.kingsoft.com, ijinshan.com

Jiangmin - Jiangmin.com

Alibaba - alibaba.com

Huorong - Huorong.cn


Czech Republic

Avast - avast.com

Zoner - zonerantivirus.com


Denmark

Bullguard - Bullguard.com


Estonia

Trapmine - trapmine.com


France

Fortinet - fortinet.com

Tehtris [Egambit] - egambit.app

Quarkslab - quarkslab.com


Germany

Avira - avira.com

Inlyse - Inlyse.com

Wardwiz - Wardwiz.in


India

K7 Antivirus - k7computing.com

MaxSecure - maxpcsecure.com

Net Protector - npav.net


Iran

Padvish - padvish.com


Ireland

Safer Networking - safer-networking.org


Israel

Quttera - Quttera.com

Resec Technologies - resec.co

Votiro - Votiro.com

Minerva - minerva-labs.com

Airo Security - airoav.com

Vdoo - vdoo.com

ZoneAlarm - zonealarm.com


Japan

Trendmicro - trendmicro.com


Lithuania

Wipersoft [Aceso.Network] - wipersoft.com


Portugal

Xvirus Personal Guard - xvirus.net


Romania

Bitdefender - bitdefender.com


Russia

NanoAV - nano-av.com

Drweb - drweb.com

Kaspersky - kaspersky.com

Yandex - yandex.com


Singapore

Trustwave - trustwave.com


Slovak Republic

Eset - eset.com


South Korea

Ahnlab - ahnlab.com

Tachyon - tachyonlab.com

Max Antiirus - maxsecureantivirus.com

Jiran Security - en.jiransecurity.com


Spain

Panda - pandasecurity.com


Switzerland

Acronis - acronis.com


Taiwan

Lionic [Aegis] - aegislab.com


Turkey

Zemana Anti-Malware - zemana.com


Ukraine

Grindinsoft - grindinsoft.com

Zillya - zillya.com


United Kingdom

Qualys - qualys.com

Deep Secure - deep-secure.com

Sophos - sophos.com

Glasswall - glasswallsolutions.com


United States

Clamav - clamav.net

Area One Security - area1security.com

Inquest - inquest.net

Symantec - symantec.com

Palo Alto Networks - paloaltonetworks.com

Webroot - webroot.com

Crowdstrike - crowdstrike.com

Intezer - intezer.com

SentinelOne - sentinelone.com

Trustlook - trustlook.com

Bromium - bromium.com

Deep Instinct - deepinstinct.com

Forcepoint - forcepoint.com

Cyren - cyren.com

Cisco AMP [Immunet] - immunet.com

Comodo - antivirus.comodo.com

Second Write - secondwrite.com

Morphisec - morphisec.com

K2IO - k2io.com

Cyber Adapt - cyberadapt.com

Slashnext - Slashnext.com

Virsec - virsec.com

Zimperium - zimperium.com

PC Matic - pcmatic.com

Sonicwall - sonicwall.com

Malwarebytes - malwarebytes.com

SecureWorks - secureworks.com

Veracode - veracode.com

SUPERAntiSpyware - superantispyware.com

Mcafee - mcafee.com

Cylance - blackberry.com/us/en/cylance

FireEye - fireeye.com

Lastline - lastline.com

Microsoft - microsoft.com

Lookout - lookout.com

Proofpoint - proofpoint.com

Cybereason - cybereason.com

Endgame - endgame.com


Vietnam

CMC - cmccybersecurity.com

BKAV - bkav.com


That is quite a mouthful! Even looking at this list and having put it together ourselves, it's quite hard to believe that there are in fact so many AntiVirus vendors out there which begs the natural question:


Why are there so many AntiVirus Engines?


Since the dawn of malware and the first Internet virus, the holy grail of virus defense has been in developing the ability to tell the difference between malicious and innocuous code. As it turns out, the problem is much harder than it seems. Most antivirus engines take their own approach when it comes to detecting malicious payloads and it has become an arms race to try to be better than the next guy and prove that one is the "top dog" in the industry of malicious file detection.


Companies like VirusTotal.com, Jotti.org, Virscan.com, opswat.com, and others have sprouted up which then attempt to aggregate results from multiple AV engines in order to show the comparisons between the signature matches and the actual detection. Unfortunately this has only accelerated the malware file creation because in so doing, it also allows the bad guys to see the results of the scans more easily and to make adjustments to their strategies accordingly to evade detection.


There are many reasons why antivirus detection is a difficult challenge. Following are some of the hurdles that companies need to jump through in order to maximize their chances of detection success:


  • Packing and ever evolving methods of code obfuscation has made it increasingly difficult for engines to simply run their detection database against a file normally because additional layers of trickery are added to the process in order to make the process more difficult.


  • Not every AntiVirus engine has a complete view of the world in seeing all the possible malware that might exist. More often than not, they can only build in detections and protections against the types of files and methods that they have seen before. New files and new methods make that process more difficult. That's why companies like ours help to bridge the gap because we add more visibility into files they might not otherwise have access to on their own.


  • Malicious files can be written for many platforms, and although an engine may be good at detection within a single platform, it has to develop the same capabilities on other platforms (such as Android, IOS, Linux, or Mac) in order to increase the horizontal footprint. However, in doing this it takes more resources, man power, and troubleshooting to support many systems and platforms.


  • The spread of malicious activity can be localized to a specific region, or even worse, it can be associated with very specific individuals or groups where the AntiVirus engine may not have visibility. This too increases the odds of not being able to detect a given file or payload as malicious.


  • The risk of false positives is equally great because tools like virustotal.com have caused other engines to try to keep up with the detection rates of others. Sometimes, engines will flag a file as malicious which is actually benign, but other engines subsequently start doing the same in order to have a similar detection rate and to not be left behind. This can actually have a detrimental effect on the overall accuracy of the results.


  • There are many different methods that have been developed over the years and some of them require very different strategies to deal with the problem. Many types of companies have sprouted up to try to address the problem in their own unique proprietary way such as: Next Gen AV, In Memory Scanning, Crowdsourcing, WhiteListing Systems, Real-Time Sandboxing, Protected Memory Space, Content Disarming and Reassembly, and much more.


  • Sometimes malicious intent can be buried very deep in the dark corners of a file, system, or bit of code which can be terribly difficult to get access to. It is nearly impossible to determine intent, especially in a realtime fashion, so often times systems are left to be reactive rather than proactive due to their limited visibility potential. The reactive process can be effective, but also limited if it is not built to understand a specific threat or method.


  • Even the best engine on the planet would still have to go out and get users through the process of marketing. Many engines exist because they are reaching a different customer base. There might be local country language challenges, or enterprise versus retail, or Windows versus Mobile specialization, or Proactive versus Reactive strategies, and much more.


AntiVirus Mergers and Acquisitions


These dynamics have kept the industry segmented and despite the occasional Mergers and Acquisitions from time to time, it remains largely bifurcated. Some acquisitions in the past include companies like:

  • Fortinet acquired Ensilo

  • Avast acquired AVG and Norman

  • Checkpoint acquired ZoneAlarm

  • Symantec acquired Appthority

  • SecureWorks acquired CarbonBlack / Bit9

  • Sophos acquired HitManPro

  • J2 Global acquired Vipre / Sunbelt

  • Microsoft acquired Sybari

  • Symantec acquired Avira who had been acquired by Investcorp

  • Intel acquired Mcafee.

  • Webroot acquired Sophos

  • Crowdstrike acquired Preempt

  • Blackberry acquired Cylance

  • Cisco Systems acquired ClamAV and ThreatGrid

  • ... and many more!


Even keeping up with the M&A activity can be daunting, but for every acquisition perhaps more vendors keep popping up with new and interesting capabilities as well as new and interesting user bases. This pattern will continue for the foreseeable future.


The Diverse Detection Landscape is Here To Stay


As long as the Internet is running and there are humans to cause mischief, the vast landscape of AntiVirus engines is here to stay.



The number of engines is truly daunting, but one thing is for sure: there is never a dull moment when it comes to keeping up with malware and all the subtle intricacies that take place on collection, detection, and prevention!









15 views0 comments

Recent Posts

See All

VIRUS

SAMPLES

LINKS
ABOUT

We give you the best of the worst kind of files on the Internet. 

SOCIAL
  • LinkedIn
  • Twitter

© 2021 by VirusSamples