Avira and Windows Defender

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View
Running Win Xp Home ed.
Is it necessary to use Windows Defender when you have Avira Antivir
installed and doing a good job ?
Kind regards,Richard

Re: Avira and Windows Defender

On 2/26/2011 11:40 AM, Richard Oliver wrote:
Quoted text here. Click to load it

Hello Richard:

Microsoft's Windows Defender ostensibly is the antispyware component
in your overall layered malware defense. Albeit a poor one.

While Avira's AntiVir Personal is regarded as an outstanding antivirus
application, it must be meshed with a good antispyware application.

Respectfully, I would recommend the full/paid/PRO version of
Malwarebytes' Anti-Malware (MBAM) to replace your otherwise poor
performing Windows Defender (WD).

If you are not completely convinced, you may keep WD *and* run MBAM
PRO together as they are non-interfering.

HTH

--
1PW

Re: Avira and Windows Defender

Richard Oliver wrote:
Quoted text here. Click to load it

It probably isn't necessary, but it isn't a problem to have both active
unless there is a conflict with one of the Avira modules.  See the
following knowledgebase article.

http://www.avira.com/en/support-for-free-knowledgebase-detail/kbid/587

I turned off the real-time protection in Windows Defender and configured
it to run a scheduled scan instead.

There are other malware scanners (better than WD) that you can use as
well such as Malwarebytes' Anti-Malware or SuperAntiSpyware.

D.

Re: Avira and Windows Defender

Richard Oliver wrote:

Quoted text here. Click to load it

Did you really mean Windows Defender (WD) or its replacement of
Microsoft Security Essentials (MSE)?  WD was just an anti-spyware
detector whereas MSE is both anti-spyware and anti-virus.  

Pick one or the other, not both.  If you go with MSE, don't install
Avira.  If you go with Avira, don't bother with MSE.

You did not mention if you were asking about the free or paid version of
Avira.  The free version is missing several features found in the free
version of Avast.  The payware version of Avira is as good or perhaps a
bit better than the free version of Avast which is better than the free
version of Avira.  That's regarding detection.  For healing an infected
file, turns out MSE is better; however, I rarely even try to repair an
infected file and prefer to get it from the install CD or a prior backup
that isn't infected.  Order of false positives, from least to worst, is
MSE with Avira and Avast a close tie but that's because they are more
agressive than MSE.  Avast can protect its processes from getting
killed.  I suspect Avira can, too.  MSE doesn't and can be stopped with
just a "net stop" command.

So what is your disaster recovery strategy should you get infected by
something that none of these can recognize or none can disinfect?  If
you don't backup then you deem your files as worthless or reproducible.
None of these security products is perfect, repairing a file can cause
more problems than it solves, and overlapping them (with one on-access
[realtime] scanner and manually running the others as on-demand
scanners) still doesn't cover that last 1-2% of malware that none will
detect.

There's security with which your comfortable.  Then there's lots of
security that ends up getting in your way of using your host.  You need
to find something that gives you a comfort level you are willing to
settle on depending on the level of your expertise and how much nuisance
you are willing to take from these products.

Re: Avira and Windows Defender

VanguardLH wrote:

Quoted text here. Click to load it

Or keep them both, and run the 'other one' as an on-demand scanner and a
backup.  &deity; knows you surely need backups...

--
   -bts
   -Belt and suspenders.

Re: Avira and Windows Defender

Beauregard T. Shagnasty wrote:

Quoted text here. Click to load it

I don't recall that you can configure MSE to not operate as an on-access
(realtime) scanner, so the combo would be to install Avira, disable its
on-access scanner, and then install MSE.  Personally I stay away from
Avira because it has known problems with S.M.A.R.T. in not understanding
the difference between polling a device to get its type and accessing
its media to actually use the device.  A defect that showed up 3-4 years
ago has reared up again in a recent build which can cause some users to
notice Avira continually re-accessing their floppy or USB-attached
drives once per minute but only after a program that uses SMART happens
to poll the devices (like when you load a CD burning program that
queries all the devices to determine their type).  They didn't fix the
problem before, it somewhat went away without any direct fix from them,
and came back (because they didn't fix it the first time).  

I also tend to stay away from "loud" adware.  Avast is adware but it is
mild in that you only see their ad when you load their GUI and only in
the summary panel.  With Avira, you have to contrive a means to disable
their avnotify.exe adware program that loads on every update (like
renaming the file, creating a 0-byte version of it, or using SRPs to
prevent it from loading) along with altering the Run key in the registry
to eliminate the adware banner.  Both Avast and Avira are adware but
Avira is just too much in your face and requires workarounds (which may
eventually be overcome by Avira).  The AntiVirus product (yeah, not a
discerning name) got acquired by Avira who then made it blatant adware.

Also, most folks asking about anti-virus products are typically asking
about the free version.  The webguard and other features are missing in
the freeware version of Avira (yet it is the full payware version that
gets tested in comparison reviews) but which are present in the freeware
version of Avast.  To compare apples with apples, you would have to
compare the freeware version of both or the payware version of both.
Whether freeware or payware, Avast has more to offer.  While the payware
version of Avira has the features of the freeware version of Avast, the
payware version of Avast exceeds the payware version of Avira in
providing, for example, a [auto]sandboxing function to further isolate
an unknown process due to so many users logging on under an admin-level
account.  Avast has its SafeZone which, as best as I can tell (since I
only use the free version that doesn't have this), is similar to the
safe banking feature of Online Armor (a firewall + HIPS product).  Avast
includes a boot-time scan (in free and paid versions) which will run
while the OS and malware are quiescent to provide a more austere and
clean environment under which to detect the pests.  No boot-time scan
with Avira (unless, I suppose, you create a bootable CD with Avira on
it, but you don't need a boot CD to do a boot-time scan with Avast).  I
you compare freeware for each, Avast provides more features and covers
more infection vectors.  If you compare payware for each, Avast still
has more features.  Avira wins by a percentage point or two in a static
on-demand scan for malware coverage but that's only a portion of the
story regarding the detection and prevention of malware on your host.
By the way, while Avast's Behavior Guard was passive in the past to
accrue statistics in modifying its operation, it became active in
5.1.189 build and now has some configurable options.  Besides watching
for malware, it looks for the behavior of malware as typical of many
HIPS products.

Avira does beat Avast regarding disinfection (the ability to heal a file
to remove the malware) but MSE is better than Avira.  Whether that has
value to you depends on whether you even want to try modifying modified
files in hoping to return them to a prior good state.  

Since Avast is better than Avira, I would suggest using Avast (and
without using either Avira or MSE as backup scanners but then I don't
think you can make MSE a passive and manually initiated scanner).  If
you want overlapping products then Avira (passive) and MSE (active)
would be one setup but then you're using MSE as the active scanner
although Avira has a better detection rate.  If I'm wrong about MSE in
that you can configure it as the passive (on-demand) scanner then Avira
(active) and MSE (passive) would work.  Yet I'd use Avast alone instead
of having to spend effort getting Avira and MSE to work together.  

Remember that despite making an AV product passive does not eliminate
its system hooks and whether AV products will cooperate with each other
when chained in the system API depends is variable.  I've found 1 active
and 1, or more, passive AV products can still interfere with each other
and usually I have to resort to something like Resplendence's Hook
Analyser (don't think its available anymore) to show me which programs
are trying to hook into the same system calls.  So just making all but
one AV product as active and all others passive still can run into
troubles.  Being passive (i.e., you execute them) doesn't eliminate how
far they dug into the OS to combat with other products that do the same.

Re: Avira and Windows Defender

VanguardLH wrote:

Quoted text here. Click to load it

I think on-access and realtime are two different modes of operation. So
you meant set MSE to operate realtime (in the background all the time),
and Avira (or other a-v) to on-access, or more properly on-demand.

--
   -bts
   -Four wheels carry the body; two wheels move the soul

Re: Avira and Windows Defender

Beauregard T. Shagnasty wrote:

Quoted text here. Click to load it

On-access and realtime mean the same to me.  On-access means catching
file creates or modifies at the time they occur.  That requires a
monitor that is constantly running or a file I/O handler to intercept
the system calls for file operations.  Realtime is also something that
is ever present, running in the background, or as a file handler, to
catch the creation or modification of files to interrogate them for
malicious content or behavior.

How are on-access and realtime different to you?  

Some users understand on-access and on-demand mechanisms for detection
of malware.  Many users don't so I will refer to on-access mode as
realtime protection (since these users understand that) and refer to
on-demand mode as manual scans.

Re: Avira and Windows Defender


Quoted text here. Click to load it


Maybe he meant "on-demand".


Re: Avira and Windows Defender

G. Morgan wrote:

Quoted text here. Click to load it

I guess I did. I even said "... to on-access, or more properly
on-demand."

"Realtime" indicates the program is running all the time, scanning away
at any new file or file change it finds. "On-[demand/access]" means that
I've selected a file (perhaps by a right-click) and want to scan it
(this one file) now.

But in the end, isn't it a matter of semantics?

--
   -bts
   -Four wheels carry the body; two wheels move the soul

Re: Avira and Windows Defender


Quoted text here. Click to load it

Yes and no.  You would never want two A/V products running simultaneously in
"real time" (services always loaded).  You know that.

When I think of "on demand", it's launching a new program to scan something. For
instance, MBAM (free) is "on-demand", while the paid version has "real-time"
protection.  MBAM is not and AV product per se, but that was just an example.

 

Re: Avira and Windows Defender

G. Morgan wrote:

Quoted text here. Click to load it

My use of the word "sematics" above had to do with defining "on
demand/on access" which ... well, the definition of the word is "the
multiple meanings of words or the multiplicity of words having the same
meaning".

Quoted text here. Click to load it

But of course. But as I said, you can have one a-v running "realtime"
and scan a file "on-demand" with another.

Quoted text here. Click to load it

'Zactly.

--
   -bts
   -Four wheels carry the body; two wheels move the soul

Re: Avira and Windows Defender


Quoted text here. Click to load it

Interesting.  So do think I can turn off the real time component of Avira
(free), and also install Avast6 as the real-time watchdog?

That way the Rt. click "scan with Avira" will still be there.

 <aside Lutz>

I hit send and my spell checker thought "Rt." was "RtS", an entry I added to the
dictionary!  :-))


 


Re: Avira and Windows Defender


Quoted text here. Click to load it

I do something like that. If I scan with ClamWin, my on access Avira will scan
each on-demand file being accessed by ClamWin. My right click options are scan
with ClamWin, Avira, or Malwarebytes' Anti-Malware. Both MBAM and ClamWin are
filewalking on demand only scanners whether they are scheduled or not. As long
as two 'real time' scanners aren't competing for the same resources it should be
fine. I also believe, though I haven't tried it, if you have one AV scan on
access (open) and another on access (close) you shouldn't have a problem. Real
time protection that monitors change detection in your registry for instance is
'real time' but not 'on access' so they are not the same thing really.

Quoted text here. Click to load it

Yep, unless they are incompatible for some other real or fabricated reason.
Competing for resources is not the only way conflict arises.



Re: Avira and Windows Defender


Quoted text here. Click to load it

Right, are you hinting about each other's installation routine?  A-la "You must
first uninstall our competitor's product".


Re: Avira and Windows Defender

G. Morgan wrote:
Quoted text here. Click to load it
Yes. I'm not so sure that they are always straightforward about the
reason for not allowing coexistence.

Re: Avira and Windows Defender

Beauregard T. Shagnasty replied to hisself:

Quoted text here. Click to load it

"semantics" ...   :-/

--
   -bts
   -Four wheels carry the body; two wheels move the soul

Re: Avira and Windows Defender


Quoted text here. Click to load it

Sure, unless it matters.

Active or 'real time' can apply to other types of monitoring than just the
scanning of file's contents. On-demand and On-access refer to user initiated or
scheduled as opposed to triggered events. An 'on demand' scan may be for a
program going through a list of files to scan (such as 'all files' (can be
scheduled) while an on access scan scans files contents before  an executable
image is built by interrupting (hooking) the normal flow either when it is
opened or closed or maybe even both.



Re: Avira and Windows Defender


Quoted text here. Click to load it


So when FF downloads a file and the status shows "scanning for viruses", is that
on-demand or on-access or both ?






Re: Avira and Windows Defender

G. Morgan wrote:

Quoted text here. Click to load it

If you initiate the scan, that's on-demand. If it is automatic, that's
on-access.

--
Sir_George

Site Timeline