Top AV lists

Just my ramblings. It's not even structured well. But it is something I'd like to share...

When selecting products, end users usually use search engines with the keywords 'best', 'top', and other synonyms.

I was just searching the web for top 10 lists of AVs. And I found the following sites:

• http://anti-virus-software-review.toptenreviews.co...
• http://www.devduff.com/software/top-ten-antivirus-...
• http://www.consumersearch.com/antivirus-software/r...
• http://www.av-comparatives.org/comparativesreviews...

These sites are usually searched by endusers and administrators looking for the best AV. I can't say for sure if the site/organization is really objective in their analysis or if there are any bias during testing. Each site that posts these lists have their own testing procedures and tools for penetration testing and security auditing. It's not that they have different standards, but rather, they each have different processes to achieve the set standard which leads to an almost similar end result - better detection rate, reduced infection rate, etc.

The only way to see if the solution is right for your company is to do your own testing. I have tested AVs and my old procedure may be non-conventional. In fact, I didn't even have any set standards to follow back then. I used the Scientific Method I learned during science class http://en.wikipedia.org/wiki/Scientific_method .  Basically, all I did was find a few infected subnets, identify the threat, and chose the worst PC found there (lowest specifications)  and if it ran and cleaned the threat on that partcular machine, then the next comparisson would be on performance and finally, the cost. Plus, if the sales rep made me sleepy during his or her presentation of the product, then that's negative points for them. :D