JFYI (and for a seemingly needed quick laugh ):
Also, just for the record, McAfee isn't the worst antivirus out there ....
I think there are NO limits to "worse" , but quite frankly, I would be puzzled by a product that not only detects an "own" app as a virus, but additionally affirms that it has deleted it while it hasn't.....
Of course McAfee is sometimes totally off but i've seen almost all other antivirus doing similar things or worse:
- Kaspersky is indexing files and stores its index in the file %windir%\system32\drivers\fidbox.dat and you can't change its location. Just google fidbox.dat to see the side effects.
- F-secure is well known for its memory leaks.
- Symantec AV or Endpoint is most likely one of the worst with it virus definitions using as much space as %systemdrive% can handle and then simply stoping working. Also its default settings are the worst.
- Sophos doesn't offer a good protection. It let some viruses bypass its protection even when it detect them (conficker for example).
- TrendMicro often get problem updating and older version might be detected as virus by the newer one's. But all in all it is not that bad.
- AVG is a little better than sophos but it let conficker spread on some computers.
For the others, i didn't had the opportunity to see them working in the real world so i can't tell.
Also, there are two important things that a good antivirus should be able (at least in my opinion):
- Properly detecting new viruses (most antivirus can do that properly). And it includes having a good virus definitions update scheme (that's were some are behind).
- Being able to remove viruses (quarantine or delete depending on your settings). And there, the gap between them might be huge.
Most of the time, end users still need to report strange behavior because their AV didn't properly do its job. For example, i'm pretty sure that almost all AV out there wouldn't be able to stop conficker (of course with some specials conditions like having a weak administrator password) as conficker has dictionnary attacks on admin$ shares.