Post subject: Re: [Antivirus] Thread, what AV your using,
Posted: Wednesday, 04 Aug 2010, 11:57
I live here Три раза сломал клаву :)
Joined: Sunday, 02 Aug 2009, 20:57 Posts: 2091 Location: Bulgaria
Anti-virus or not,if you don't know how to take care of a PC,then you'll have to re-install it every month just because it has been infected by some malware. Back at the day I was using WinXP,I was infected with a few viruses,but the AVs I tried just annoyed me with false alarms.They were useless because the damage was already done.So my PC was infected for like an year and a half and it still kept going without a problem,no BSODs or anything like that.On March I switched to Win7 and put Kaspersky Internet Security.Since then I'm clean,it blocked dozens of MySQL attаcks and even found a virus trying to record itself in the system32 folder.Sure it's annoying when it asks you to run some .exe file or not(almost replaces UAC ) but that's usually use a warez crack.For now I'm happy and I'm thinking to switch to Avira Personal when KIS 2010 gets old.
We evolved from smart users with dumb terminals to dumb users with smart terminals.
^ This man speaks the truth.
Random user don't let it be you wrote:
Sorry for my bad English
Nearly all of us don't have English as a native language,so we can't bother you for that! If you really doubt your English,go here and ask in your OWN language!
Post subject: Re: [Antivirus] Thread, what AV your using,
Posted: Friday, 06 Aug 2010, 02:08
A+
Joined: Wednesday, 26 Dec 2007, 00:42 Posts: 7319
prohos wrote:
I am using Kaspersky, I saw on this website that it's on the first place on top ten best antivirus software, so I have decided to use it and it seems to be a good decision.
You shouldn't buy that top ten list. Claims to be able to list AVs into a top ten list, are purely ridiculous and rather proof that the authors did not perform any real testing. Then there isn't even any info on how these tests have been run or what criteria they used.
There are a few things you can look for on an anti-virus, and the most important thing is the VB100 logo. Another important check criteria are RAP test results ( http://www.virusbtn.com/vb100/rap-index.xml ). It's no surprise, that multi engine AVs ( ie GDATA ) are having the best results. MSE and KAV have nearly the same result though ( the horizontal score is not too important, the vertical one is the critical score ). Other AVs such as Avira are good, too, but Avira is infamous for false alerts and therefore not too good. Even RAP results don't give a clear image on what an AV can deliver. RAP tests also don't show how quickly new threats are dealt with nor how effectively exploits and other hacks are being blocked. However, as you can see, the results of different AVs ( excluding GDATA, Ikarus etc ) are very dense. I wouldn't bother to get new key files for KAV, when MSE, Avast, Avira or AVG are free. Nowadays KAV and especially KIS have become a bunch of bloat, because every commercial AV tries to add features that shall magically help you against malware, while in reality, they don't. These free AVs however, make mainly money from corporate versions ( eg. MSE -> MS Forefront, same for AVG and Avast ) and don't add such features therefore. I would actually meanwhile disrecommend KAV, because it installs NDIS filters, and what the heck all, injects DLLs anywhere ( iirc it even added a Kaspersky logo to the login screen ), all only to advertise but we got feature XYZ which competitor B doesn't and therefore we win. Kaspersky, Norton and others are like Nero Burning ROM in that mean: They were once good and now add only features over features nobody actually needs or uses, but it makes the product look as if there was more in it. For the SOHO market, I'd only recommend said free AVs ( excluding Avira, because Avira is - as I said - notorious for its false positive rate [ even though that improved a lot ] and - that is why mainly - is extremely annoying by opening an ad popup everytime you update asking you to buy Avira Pro, which nobody does anyway, since home users sure need E-Mail anti-virus scanning if they got an account at any bigger E-Mail provider, for instance hotmail or g-mail )
Source_engine wrote:
Since then I'm clean,it blocked dozens of MySQL attаcks and even found a virus trying to record itself in the system32 folder.Sure it's annoying when it asks you to run some .exe file or not(almost replaces UAC ) but that's usually use a warez crack.
Exactly what I meant. Blocking MySQL attacks still makes sense ( the next MSE will have exploit network filters on Vista and higher, by the way ), but this hardcore integration of allowing and blocking content will rather confuse the user buy protect him. It is the case, that almost all infections nowadays are due to social engineering. Asking do you want to run X does not protect you from that. That feature is however giving the user the feeling that it actually does stuff, so the user thinks of it as a value, and will buy it again. The real protection level is the same as with MSE, AVG or others.
However, there is one thing you should watch out: Social engineering and derivates. If you're using Firefox, use NoScript in any case. Firefox itself features awful security features. NoScript adds ClickJacking protection ( ClickJacking is a way to trick the user into a page that is the original, but hacked page, it's insanely dangerous, because there is no way to properly distinguish the site from a fake ), which Firefox lacks. Then, the actual URL scanner is absolutely horrible. NoScript is definitely a must have if you're a Firefox user. If you're using Internet Explorer, that features protection against ClickJacking and a decent URL filter ( see that link ), so you don't need to add anything to it. If you're using Chrome, Opera or Safari, you're more or less fucked and can hope that you're not getting into a ClickJacking or any similar scam.
Also, i want to correct ChrisTX based on those tests: Avira Antivir has a low number off false positive detection.
Mostly used avira antivir premium (running on promos) since 2008, and it is very good. (Atleast for my use)
Only that avira will show all kinds of cryptographic packers as malware. Avira goes nuts on that. Also, Avira goes nuts on software that shows virus-like behaviour ( ie. memory patchers and similar ). Believe me, I can tell from experience that is the case. Of course, they won't test such stuff in such a test.
Also, i want to correct ChrisTX based on those tests: Avira Antivir has a low number off false positive detection.
Mostly used avira antivir premium (running on promos) since 2008, and it is very good. (Atleast for my use)
Only that avira will show all kinds of cryptographic packers as malware. Avira goes nuts on that. Also, Avira goes nuts on software that shows virus-like behaviour ( ie. memory patchers and similar ). Believe me, I can tell from experience that is the case. Of course, they won't test such stuff in such a test.
Well basically thats also what a Virus would do isnt it? Patching other processes to load the DLL is part of how viruses work at least the most of them. So it can just guess its a virus. I think that its being so strict is not that bad as u can really choose what to do.
_________________ There are 10 types of people in this world: Those who get Binary, And those who don't.
Post subject: Re: [Antivirus] Thread, what AV your using,
Posted: Monday, 23 Aug 2010, 17:48
A+
Joined: Wednesday, 26 Dec 2007, 00:42 Posts: 7319
CPAMX wrote:
Well basically thats also what a Virus would do isnt it? Patching other processes to load the DLL is part of how viruses work at least the most of them. So it can just guess its a virus. I think that its being so strict is not that bad as u can really choose what to do.
Yes, which produces false alerts. Other AVs such as Kaspersky, AVG, MSE, GDATA and so on have better detection rules, since not only ( and actually only a minority does I'd say ) of such programs are actual malware. Hooks are used in lots of software to implement features and packers are primarily sold to companies who want to protect their apps. If you use such broad heuristics, then you'll trigger naturally a lot of false alerts which then leads to incertainity of the user on subsequent alerts.
Users browsing this forum: No registered users and 5 guests
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot post attachments in this forum