Best antivirus

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View
My Norton Antivirus is getting close to expiring.  I am looking for
something a little lighter on the system.  Also any anti malware.  Any
suggestions would be helpful because every website seems to say something
different.   Thanks in advance.



Re: Best antivirus

I have used Avira for a while now and am very satisfied with it, so are all
my clients...

--
Yours Quilly,



Quoted text here. Click to load it


Re: Best antivirus


Quoted text here. Click to load it


http://www.av-comparatives.org /
- AV-Comparatives 2008 Summary Report
http://www.av-comparatives.org/seiten/ergebnisse/summary2008.pdf
 or
http://www.av-comparatives.org/seiten/overview.html

Look for Eset NOD32 and Avira Antivir.

--
Fred W. (NL)

Re: Best antivirus

On 02/28/2009 10:54 PM, Tass sent:
Quoted text here. Click to load it

<http://mtc.sri.com/live_data/av_rankings/

Pete
--
1PW  @?6A62?FEH9:DE=6o2@=]4@> [r4o7t]

Re: Best antivirus


Quoted text here. Click to load it


 Personally, I'd feel better about the accuracy of their testing regimen if  
I knew which versions of the AV programs they were testing. The fact that
they are testing v2 of NOD32 is pretty disheartening since v3 has been out
and in use for over a year now. It throws their results into question as
far as I'm concerned.



--
Rick Simon               rsimon@cris.com

Include "spam(trap)key" somewhere in the
body of any email to avoid spam filters.

Re: Best antivirus

Rick wrote:

Quoted text here. Click to load it

"All antivirus binary analysis results are provided via
www.virustotal.com".

So complain to virustotal.com for not using the latest and greatest
version, or ask them why they choose to remain back on v2.

Re: Best antivirus

VanguardLH wrote:
Quoted text here. Click to load it

no, complain about sri.com not being able to design an anti-malware test
that comes anywhere near being reasonable...

virustotal is for testing malware, not anti-malware... even the people
who provide the service say anti-malware tests designed this way are
bogus...

--
"it's not the right time to be sober
now the idiots have taken over
spreading like a social cancer,
is there an answer?"

Re: Best antivirus

kurt wismer wrote:

Quoted text here. Click to load it

They are upfront with the first statement declaring that their results
are from virustotal.com.  They show ranking based on THOSE results.  Use
their list for what you want.  It's not like their hiding how they came
up with those results.

Re: Best antivirus

VanguardLH wrote:
Quoted text here. Click to load it
[snip]
Quoted text here. Click to load it

it's not about hiding things it's about not understanding things... most
people don't understand that the way virustotal uses scanners is such
that their results are not representative of what a user of the full
anti-virus product would see...

telling people your results come from virustotal and admitting that
those virustotal results are inaccurate (thus making your results highly
questionable) are two entirely different things...

--
"it's not the right time to be sober
now the idiots have taken over
spreading like a social cancer,
is there an answer?"

Re: Best antivirus

kurt wismer wrote:

Quoted text here. Click to load it

Which means the results are for on-demand scanning, which is only a
portion of what anti-malware products provide (i.e., they also have
their real-time protections).  Okay, but no one every quantitatively
measures the real-time protections.  av-comparatives.org, VB100, and
other such testing of AV products are all based on on-demand scans.  I
did find one test that actually had the virtual machine infected and
then use the AV product to see if it caught it which resulted in
different rankings than the on-demand type of tests - but it was an
informal test and users generally can't find similar test methods being
employed.  In general, all such testing is similar, is similarly
incomplete, and thus similarly misleading but only if the user doesn't
bother finding out just what testing was done.  

Name a test that doesn't do the same.  We AV users are all ears as we
keep waiting for an all-inclusive test methodology that accurately ranks
the AV products based on all their features to detect and eradicate
malware.  Have YOU found one yet?  The results from virustotal are
hardly misleading.  They're just typical of the limitation found in all
the same type of testing which is all that users have available to
determine which AV product is better - but only as an indication and not
as an absolute measure.

I think we're back to Bear Bottoms argument with his conclusion that no
AV tests are accurate and/or all tests are misleading.  So which test do
YOU think is wholly accurate in ranking the AV products?  Come on,
reveal it to us, you can do it ... or maybe you can't.

Re: Best antivirus

kurt wismer wrote:

Quoted text here. Click to load it

I don't recall using an AV product in which the UI app was the engine.
The engine is separate from the UI.  In fact, the UI may be unloaded or
even crash but it doesn't take out the engine (the kernel-mode file
system filter).

Quoted text here. Click to load it

Alas, there isn't much info at VirusTotal regarding their setup for each
AV product.  For other tests, usually they announce that settings were
at "highest" (which doesn't often match the install-time defaults in
typical user installs).

Quoted text here. Click to load it

But this subthread started due to Rick's comment that VirusTotal is
using an old version of NOD32 so there must be some indication to the
user as to which version was using during the summary period for that
test result report.  However, I don't see SRI listing the version in
their summary report.  I took a very quick peek at VirusTotal's site and
didn't see versions mentioned there, either.  The only time that I see
the product version listed is when I submit a file to them and then look
at the scan report.  

With a summary report that spans a period of time, it is possible the
version of the product has changed.  That's why I submitted a request to
SRI that they either show coverage by product over several of their
summary reports (since a single snapshot alone is hard to guage how well
a product has fared over time), or keep an archive of their old summary
reports so users could copy them into a spreadsheet to see the
effectiveness of a particular product over repeated snapshots.

Quoted text here. Click to load it

Not sure how timeout scans for a particular test could be included in a
summary report that includes multiple tests.  But then users might not
want to use a product, even with high coverage, that takes a really long
time to detect a pest.

Quoted text here. Click to load it

Yet each product included in the scan *claims* to also detect viruses.
There are few exactly identical products.  If they were identical, we
wouldn't need any of these "results" summaries since every product would
fare the same as another because they were the same.  When you shake
flour through sifter, you're looking for an overall granularity of
powder, not that it is a absolutely perfect consistency.  They throw the
suspect at their sifters, one for each product, and see what falls
through.  Like PGP, the test is pretty good.  Not very good, or
extremely good, or perfectly good, but good enough to provide some gauge
of effectiveness.

Quoted text here. Click to load it

I've never trusted av-test.org.  They get commissioned (paid) by AV
vendors to "test" that vendor's product but are guidelined as to the
test scenarios and sometimes as to even which sample of pests that they
are to test against.  I'm not convinced they qualify as an *independent*
testing agency.  I haven't seen one AV vendor who commissioned
av-test.org to test their product where that product didn't come out
shining like a white knight of security products.

The only free and publicly available "comparison" they offer on their
web site is how often the various AV products provide updates.  Oh gee,
golly, big deal.

Quoted text here. Click to load it

Alas, I remember reading a blog or article from them where they mention
that costs are getting prohibitive to do this testing for free.  So they
may go the way of VirusBulletin and others that charge for testing an AV
vendor's product.  That means:

- Some vendors won't submit their product for testing, or they will be
selective as to who tests their product that results in presenting them
with the best image.

- Vendors can pay to have their product tested but they can also request
the results not be published.  So if they did really poorly, you don't
get to see it.

- A bias can creep into the tester's methodology regarding products for
which they get paid to test, especially if repeatedly paid in subsequent
tests, and those that don't pay to get tested only occasional pay to
test their product.

Re: Best antivirus

Quoted text here. Click to load it


 The only reason I knew which version of NOD32 they were using was because
it was one of two (AhnLab was the other) of the 30+ products listed that
actually showed their version numbers. The fact that they were using the
current version of AhnLab and NOD32v2 (v4 was just released to the public)
shows that the test in question cannot be reliably used as a "comparative"
between AV engines. Not even in a broad sense.


Quoted text here. Click to load it


 I take it then that ClamAV, CA AV (VET), DrWeb, VBA32 and Rising did not
pay to have their products tested by av-test.org in the test Kurt
referenced? After all, their results were not what I would have called
"shining like a white knight".


Quoted text here. Click to load it


It's possible. Then again there is also the argument against "for free"in
that you "get what you pay for". For what it's worth, IMHO this is an
argument that will never end. There is no single, definitive test out there
that I am aware of and there will probably never be one. Even if the
testing parameters did cover a lot of what has been discussed in this
thread, there will continue to be an argument, ad nauseum, over how to rank
the imnportance of such things as false positives, load on system
resources, speed, etc. All subjective parameters that will vary from person
to person.

The only reason I originally poked my nose in on this thread was that
SRI.com was mentioned as if it were a definitive ranking of AV products
when it is not. IMHO av-comparatives is a much better source for such
rankings, but even it has its limitations.



--
Rick Simon               rsimon@cris.com

Include "spam(trap)key" somewhere in the
body of any email to avoid spam filters.

Re: Best antivirus

Rick wrote:

Quoted text here. Click to load it

While their normal testing is useful, I always find it interesting to
wait until they do the retrospective test.  This uses the same version
engine and same database of signatures that were used in the normal test
but against pests that didn't exist at the time.  The retro test is
performed months later using the same engine and signatures to see how
they fare against new and unknown pests.  So you need to use BOTH their
normal and retro tests to get indication of coverage by the product.

Re: Best antivirus

VanguardLH wrote:
Quoted text here. Click to load it

you're being disingenuous... nobody said the engine was in the UI app,
rather, what was said was that the command-line tool that they are
provided with does not necessarily use the same engine as the desktop
tool that customers would normally use...

Quoted text here. Click to load it

sigh - you're thinking about this all wrong... the virustotal people are
*not* doing tests, therefore there's no reason for them to provide
details about their setup... they'd only be lending credibility to the
wrong-headed practice of interpreting their results as though it was
valid testing methodology - which they have openly criticized on their
own company blog...

Quoted text here. Click to load it

well, you're free to spend your time as you see fit, obviously, but i
wouldn't waste my time trying to get SRI to report what versions
virustotal were using when they shouldn't be using virustotal for that
task in the first place...

Quoted text here. Click to load it

be that as it may, the timeouts that av companies build into their own
engines for the user's benefits are not the same as the timeouts that
hispasec (the virustotal folks) built into their system... the demands
on their system are considerably different than the demands on the
desktop...

Quoted text here. Click to load it

what does that have to do with the fact that different products have
their heuristics tuned for different situations (desktop vs gateway)??
that's what i was alluding to when i said they were using apples
along-side oranges... yes they all claim to detect malware, but some are
intended for user input and others are not and that makes a big
difference in how the non-signature-based technologies are tuned...

Quoted text here. Click to load it

be that as it may, they run tests that include behavioural detection...

Quoted text here. Click to load it

judging by a paper andreas clementi (of av-comparatives) published a
while back about which testing organizations you can trust, he didn't
seem to think there was much wrong with the financials of av-test.org...

since av-comparatives.org is notoriously unfriendly to direct links to
their content, you're looking for a paper released back in april 2007
about anti-virus testing websites...

Quoted text here. Click to load it

which would be why they provide links to other publications that publish
their tests...

Quoted text here. Click to load it

some vendors have pulled out anyways - generally because they get bad
results...

Quoted text here. Click to load it

i really think your tinfoil hat needs refitting...

Quoted text here. Click to load it

consider the possibility that there are byproducts of testing (other
than the report itself) that testing organizations can sell to av
vendors such that the test can remain independent and the testing
organization can still get paid...

--
"it's not the right time to be sober
now the idiots have taken over
spreading like a social cancer,
is there an answer?"

Re: Best antivirus

kurt wismer wrote:

Quoted text here. Click to load it

Programmers reuse code.  They don't reinvent the wheel.  They reuse the
same signature database.  They reuse the same heuristics algorithms (if
any can be applied against static files, that is).  The engine or driver
itself has no UI.  Any windowed or console interface to it will call
methods available within the same modules used by the engine.

Quoted text here. Click to load it

So, in other words, we have no information on which to base judgment as
to what causes the timeouts at virustotal.com for some products or can
even tell if those timeouts are typical of a particular product or are
pseudo-random across all products.  That the a product times out as used
by virustotal.com cannot be used in determining whether or not a product
is adequate for use on a particular workstation.  So why bring it up?

Quoted text here. Click to load it

To bad they don't then go publish them so we users can actually see
them.

Quoted text here. Click to load it

Actually I've never see those official reports from av-test.org
published at those companies that commissioned av-test.org to do the
test.  All you get is the overview that the commissioner composed on
which they claim the av-test.org report.  This comes back to who owns
the publication.  It would be the entity that paid for its creation.
That might be why av-test.org can't provide a list of their reports.  It
also means we won't ever see them except after their modification or
filtering to be aligned to the commissioner's intent.

Quoted text here. Click to load it

Time to take off the rose-colored eyeglasses and see the real world.

Now we start the battle of mots.  No thanks.

Re: Best antivirus

VanguardLH wrote:
Quoted text here. Click to load it

i'm not going to debate the way things *ought* to be - there are
documented cases of command-line av tools having significantly different
capabilities than the desktop av product of the same vendor... mcafee's
stinger, for one... trend's sysclean is another...

furthermore, this point isn't me pulling things out of my arse, i'm
relaying a point that the hispasec/virustotal folks themselves have made...

Quoted text here. Click to load it

because it calls into question the results of tests based on virustotal...

Quoted text here. Click to load it

they let magazines publish them instead...

Quoted text here. Click to load it

except of course that i provided a link already to republishing of
av-test results at vb (who most certainly did not commission any test
from them)...

Quoted text here. Click to load it

i'm sorry, i should never have expressed it quite that way... that was
wrong of me...

i do, however, feel you are putting too much weight in conspiracy
theories... it's easy to believe the worst in people (heck, i just did
it in my previous post), and in this context the worst to believe when
you discover that an av testing organization gets some or all of it's
revenue from av vendors is that the vendors are paying for cooked
results, that the test is not independent, that there is inherent bias
because of the financial relationship...

but that assumes the worst - there are, as a matter of fact, a variety
of other business models that allow publicly released av tests to remain
independent while the organization still derives a revenue stream from
av vendors... one hypothetical example is the following: let's say that
a truly impartial independent test has been performed by a testing
organization, and let's further say that that organization protects it's
brand and symbols as intellectual property - in order for any vendor to
mention the test in their marketing (which they'll want to do if they
perform well) they'll have to pay to license the brand IP of the test
organization... in this scenario the money is paid not for the test
results but for the rights to reference the test at all...

if we're always going to believe the worst, we also have to throw the
vb100 out the window because of the relationship between virus bulletin
and sophos... if, on the other hand, we keep an open mind about virus
bulletin, we really ought to afford av-comparatives and av-test the same
  benefit of the doubt...

--
"it's not the right time to be sober
now the idiots have taken over
spreading like a social cancer,
is there an answer?"

Re: Best antivirus

On 03/01/2009 05:36 AM, Rick sent:
Quoted text here. Click to load it

Hello Rick:

I agree with you.

Actually NOD32 AntiVirus 4.0.226 RC1 came out in the last couple of
weeks I think.

If ESET is following industry accepted version numbering, then the above
release should be a major one.

Would be nice if someone at SRI could enlighten us.

Pete
--
1PW  @?6A62?FEH9:DE=6o2@=]4@> [r4o7t]

Re: Best antivirus


Quoted text here. Click to load it

use the avast anti virus for free-but I have DSL  and a router
used to have escan but tried this and it works great and is free-have it on
2 compters and it updates itself.
http://www.avast.com /
I find it is more important fo rme to have a good spyware things and have
counterspy on one computer and webroot on the other...they block a lot of
shit.
Michael

Quoted text here. Click to load it



Re: Best antivirus

Tass wrote:
Quoted text here. Click to load it

Based on reading a lot of posts here, I switched my family (and all of
the friends I also support) over to Avira Free over the last 6 months.
In total, this is some 15 systems. I've had no infections at home, or
nasty phone calls from friends. The biggest problem is the nag screen,
but that's relatively easy to get rid of, just about two minutes in Safe
Mode.

Note that I also use and recommend SuperAntiSpyware, MalwareBytes
AntiMalware, Spbybot S&D, and Ad-Aware.

Good luck,
RB

Re: Best antivirus



Rube Bumpkin wrote:
Quoted text here. Click to load it

Why bother? The nag screen does remind you of the great and   FREE
antivirus program you are using. It is only on for moments and I leave it on
as a tribute to the authors.
I also read somewhere that stopping the nagscreen could cause some problems,
but I can't remember where or what but it seemed to have something to do
with an engine or version update.
PS: I also think free Avira is a great program. I run Win2000Pro.

Quoted text here. Click to load it

Perhaps you should also add the free SpywareBlaster to you list. It prevents
a lot of crapware from ever getting on your computer and uses almost no
resources.

Quoted text here. Click to load it



Site Timeline