Home | Blog | Software | Reviews and Features | Forum | Help | Donate | About us
topbanner_forum
  *

avatar image

Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
  • December 03, 2016, 01:48:04 PM
  • Proudly celebrating 10 years online.
  • Donate now to become a lifetime supporting member of the site and get a non-expiring license key for all of our programs.
  • donate

Last post Author Topic: Is it time to start a new AntiVirus/Internet Security Suite review thread?  (Read 33967 times)

Stoic Joker

  • Honorary Member
  • Joined in 2008
  • **
  • Posts: 6,294
    • View Profile
    • www.StoicJoker.com
    • Donate to Member
Interesting thing to note from the article is that they eliminated all of the FP's from all of the test group if they involved a key-gen/crack/etc. ... So if the AV company was trying to regulate morality, they don't get penalized for it (I still haven't really decided how I feel about that behavior).

Any how (that being said...) I used a production machine that GFi LANGuard said had some suspicious looking ports open on it.

A quick scan turned up nothing in about 10min.

(Assuming nothing had been found I did not rerun LANGuard at this point)

A full scan turned up about 30 items, but took 11hrs. ...Mind you it had 250Gig of files to scan, 35 of which were .iso's which it did scan inside of ... but Damn! 11 Hours!?! *Sigh*

Being that I let it scan everything, it managed to find all of my hacking tools (Duh!)...and it managed to (IMO) FP on Angryziber.com Angry IP Scanner ...But, everybody seems to do that which annoys me to no end.

The interesting part was that it did not react to any of the other network scanning utilities some commercial & some of my own that were on the drive. It also did not react to a line stressing ping utility I wrote that includes (for diagnostic purposes only...) a Smurf attack option. Which in earlier versions (which are archived on the drive in question) used the original Smurf attack source code. Now you'd think that kinda thing (Smurf.exe) would be easy to spot.

(Back to the results) So GFi Languard said there were 5 suspicious ports open. MSE's scan results found 30 items to question 25 were actually bad files collected from various places & 5 were FP's. None were active running evil files on the machine. However a rescan of said machine with GFi LANGuard...gave the machine a clean bill of health. So what it pulled from where without saying anything about it, is quite odd.

It is delightfully idiot simple to use, and there is no perceivable difference in machine performance. Hay if I gota bust out a stopwatch & a slide-rule to find a difference ... Then there ain't no difference. Even during the full scan (where most AV apps bring a machine to it's knees) I had no problems using the machine via RDP.

The machine in question is a Dell Dimension E521 with SATA HDDs, an Athlon 64 X2 3800+ (2.0Ghz) CPU, & 2GB of RAM running 32bit Vista Business Eddition.

End result being I'm impressed with it's tiny foot print, curious but optimistic about it performance, and completely baffeled with its results ... as it appears to have worked, but I'm not sure how (and appearently neither is it).

Innuendo

  • Charter Member
  • Joined in 2005
  • ***
  • default avatar
  • Posts: 2,255
    • View Profile
    • Donate to Member
Quote from: MrCrispy
I'm sorry, I should have read the on demand report as well. Now OneCare doesn't look so good after all. I myself don't use it anymore (switched to Avira) but it was simple to use and had integrated backup etc.

I absolutely hate that they alternate the reports like that. Three months is a lifetime in the AV market. Six months is nearly a millennia. They should publish both reports every three months, but I guess they figure that's the best way to keep their revenue stream flowing.

I'd really like to see MSE become a world-class product, but I fear that's not a realistic wish. If it did the screams of outrage from the competition would be huge & MS would end up in court again. I figure it'll be positioned as a nice basic "better than nothing" package with the implied idea that if you want better protection "pleased check out the web sites of these valued Microsoft partners."

ThE WiZ

  • Participant
  • Joined in 2009
  • *
  • default avatar
  • Posts: 3
    • View Profile
    • Donate to Member
Right now I'm runnig a free version of Avira anti virus,firerwall testing Online Armor Pro free fom GAOTD sent me 1 yr lic# and I run sandboxie pro.This one great light set up.My next test will be Norton Internet Security 2010 beta Symantec has sent me a Lic to test !! Have fun an keep safe !! :Thmbsup:

Innuendo

  • Charter Member
  • Joined in 2005
  • ***
  • default avatar
  • Posts: 2,255
    • View Profile
    • Donate to Member
ThE WiZ,
I have always tried to like Avira. They seem to be a very professional company with very high detection rates of threats, but their downfall on my system is every time I scan my drives with their software I get hundreds (no exaggeration) of false positives. Until they can get that under control I don't think I can ever see myself using their products seriously.

Please do yourself (and your PC) a huge favor and stay away from Norton products. When the Bad Guys program their nasties the first security products they always target is Norton's. They target Norton's weaknesses to elude detection and often program in ways to turn off or sabotage any Norton products you have installed.

If that's not bad enough the uninstall routine for Norton's programs will leave hundreds upon hundreds of files and registry entries all across your system. It's so bad that Symantec released a special uninstall program to fight that problem, but even it leaves a ton of stuff behind.

Once you install a Norton product on your system even if you uninstall it later your PC will never be the same.

Stoic Joker

  • Honorary Member
  • Joined in 2008
  • **
  • Posts: 6,294
    • View Profile
    • www.StoicJoker.com
    • Donate to Member
Worst virus I ever saw only screwed up the machine half as bad as a typically failed Norton uninstall.

Innuendo

  • Charter Member
  • Joined in 2005
  • ***
  • default avatar
  • Posts: 2,255
    • View Profile
    • Donate to Member
Here's my Norton anecdote....someone about a year ago brought me a PC to look at that had the latest version of Norton with the latest version of the signature updates, i.e. it was up-to-the-minute versions and it said everything was safe and secure.

By the time I gave the PC back I had cleaned off well over 3,000 viruses and malware. Norton had missed them all.

ThE WiZ

  • Participant
  • Joined in 2009
  • *
  • default avatar
  • Posts: 3
    • View Profile
    • Donate to Member
Innuendo Ariva(when you config tick the box expert mode) is a lot better at the false postives then B-4.I test them all right now I'm test Norton internet security and they have also gotten better.But you are right about unistalling thiings you better know what you are doing !!

http://img443.imageshack.us/img443/5503/nisbeta2010.jpg

Also here is Matousec Firerwall Testing Updated for June

http://www.matousec.com/projects/proactive-security-challenge/results.php
I guess that now it makes sense to test such products. Now the challenge is called "Proactive Security Challenge". So, not only dedicated to firewall testing, even though in the past firewalls + hips were tested, against those who are pure firewalls.

But, I believe that results shouldn't be mixed.

For example:

Online Armor Personal Firewall 3.5.0.14 is 1st. But, it includes firewall + HIPS.( I run this one From A Free Lic # from GAOTD)

ESET Smart Security 4.0.417.0 is 24th. I know it doesn't include a HIPS.

But, looking at those results, does it mean that ESET Smart Security has a firewall necessarily worse than Online Armor's? (I'm not saying one is better than the other, and vice-versa. Only that what can a random visitor think of such results?)

Truth is, as a firewall, Eset's could be much better than Online Armor. The only problem is that it has no HIPS. So, it won't, from a start point, even reach a near result.

I believe Matousec should make tests for:

Firewalls
Firewalls + HIPS
HIPS
Behavior Blockers

Not mixed all.
« Last Edit: July 30, 2009, 11:09:25 PM by ThE WiZ »

Innuendo

  • Charter Member
  • Joined in 2005
  • ***
  • default avatar
  • Posts: 2,255
    • View Profile
    • Donate to Member
PSA: Agnitum Outpost Security Suite Pro v6.7 has been released

New features include support for Windows 7, a new anti-malware engine and heuristic analyzer, and improved compatibility with certain third-party applications.

I've been running it a couple days and once you get the initial full malware scan out of the way it's fairly smooth and light on resources.