topbanner_forum
  *

avatar image

Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
  • Thursday March 28, 2024, 6:15 am
  • Proudly celebrating 15+ years online.
  • Donate now to become a lifetime supporting member of the site and get a non-expiring license key for all of our programs.
  • donate

Last post Author Topic: Is it time to start a new AntiVirus/Internet Security Suite review thread?  (Read 62433 times)

Carol Haynes

  • Waffles for England (patent pending)
  • Global Moderator
  • Joined in 2005
  • *****
  • Posts: 8,066
    • View Profile
    • Donate to Member
With the release of a new batch of '2009' products is it time to start looking at Security Suites and standalone AV products again.

Personally I have had an interesting year. Having stated up a small business to fix people's computers locally (work is now picking up a bit as word of mouth spreads) one of the commonest problems is slow system performance and surprisingly less often actual infections.

My usual rule of thumb is dump Norton and install something lighter, use crap cleaner and a decent defragmenter regularly - and so far people have appreciated the speed gain.

I was reading a review today of the latest Norton Suite offering (see http://www.pcmag.com...,2817,2330018,00.asp) and it looks like Norton have started to listen to performance complaints. I am always a bit sceptical of PCMag reviews but looking around reducing the performance hit of previous versions does seem to have been a Norton priority. Add to that the 2009 suite seems to be getting good reviews from the point of view of sorting out virus and other malware.

Is it time to revisit Norton or do you plan to stay with your current provider?

The other site I have been looking at is http://www.av-comparatives.org/ which seems to employ useful selective methodologies to test aspects of performance rather than just a bland overall assessment.

This is something I am thinking about currently as NOD32 quietly tells me every day that my subscription is about to expire. Having been stung by a couple of infection issues this year I am beginning to wonder whether it is worth a change.

The other company that seems to get good performance credit (in terms of system performance hit and also product abilities) is AntiVir.

What does you think?

tomos

  • Charter Member
  • Joined in 2006
  • ***
  • Posts: 11,959
    • View Profile
    • Donate to Member
I've been using the trial of AntiVir "Premium"

@ 20euros it's the cheapest of the better AV's

I cant say much about it (good I think!)
One process running:   [EDIT/ 5 processes running (may depend on your settings) - SEE Reply #10 below]
  • 3 to 4 MB "Private Bytes"
  • 0% CPU

it regularly finds one file as dodgy - I tell it to ignore but it tell me again a week later

I'm pretty much the opposite of a power user re AV - I install and forget, rarely if ever scan so afraid I cant tell you much more

EDIT/ prompted me to go off & buy it - the trial had run out
20euro for 1 pc
50euro for 3 pc
with roughly 20% reduction if you get a two year subscription and a little more for a three year one
Tom
« Last Edit: November 28, 2008, 04:54 AM by tomos »

justice

  • Supporting Member
  • Joined in 2006
  • **
  • Posts: 1,898
    • View Profile
    • Donate to Member
I use AntiVir Premium too and I'm a pc, eh I mean satisfied ;)

mnemonic

  • Supporting Member
  • Joined in 2006
  • **
  • Posts: 177
    • View Profile
    • My website
    • Donate to Member
Another vote for AntiVir here - I'm using the freebie version though.  Gets the occasional false-positive and the update is death-defyingly slow, but I've not had a virus infection in years.

I used to have a computer full of security software, bouncing from KIS to a whole host of security software (NOD32, online armour, along with various anti-spyware and HIPS solution) after being a bit of a wilderssecurity lurker.  Then, after getting sick-to-death of the constant pop-ups and interruptions, I swapped over to running nothing but AnitiVir free, no software firewall (sat behind a hardware router) and a weekly run of the free version of superantispyware.  Not had a single infection since.  Seems to be that the best form of stopping viruses is to be careful about what you download - if in doubt, you can always use sandboxie.

Admittedly, I don't have any outbound protection, but I haven't had a problem yet.

Paul Keith

  • Member
  • Joined in 2008
  • **
  • Posts: 1,989
    • View Profile
    • Donate to Member
mnemonic, I actually have the same set up as yours until I read about the idea of Returnil + ShadowProtect which prompted me to make a topic here and now I'm reconsidering:

http://www.wildersse...wthread.php?t=226108

Couple this with the newly released PrevX Edge and I agree with Carol:

http://www.wildersse...wthread.php?t=225190

I think it's not so much that NIS 2009 has improved that warrants this discussion but the idea of a scan-less secure Windows that you can set up for the casual internet users that has me salivating for the day Windows becomes as secure as Linux. (not through architecture but through these new Shadowing technologies)


nudone

  • Cody's Creator
  • Columnist
  • Joined in 2005
  • ***
  • Posts: 4,119
    • View Profile
    • Donate to Member
using the free version of antivir too (after allen recommended it a while back on the forum). seems fine. it's warned me of a few things that appeared legitimate - whether it's any better than something like grisoft AVG i don't know. less resource hungry i'm assuming.

one thing to remember - the free antivir doesn't do email scanning.

mnemonic

  • Supporting Member
  • Joined in 2006
  • **
  • Posts: 177
    • View Profile
    • My website
    • Donate to Member
Couple this with the newly released PrevX Edge and I agree with Carol:

http://www.wildersse...wthread.php?t=225190

Thanks Paul, that looks very useful - will have to read-up on it properly.

I have to stay away from Wilders these days as everytime I read anything there it makes me want to don my little tinfoil hat and wave a baby monitor around  ;D

Fedorov

  • Participant
  • Joined in 2006
  • *
  • Posts: 49
    • View Profile
    • Donate to Member
Online Armor for firewall - nice and light
Avast for Antivirus - again nice and light

Also, Online Armor is soon to get a new Antivirus engine to replace Kaspersky so keep your eyes open ;)

Ralf Maximus

  • Supporting Member
  • Joined in 2007
  • **
  • Posts: 927
    • View Profile
    • Read more about this member.
    • Donate to Member
NOD32 continues to impress, because of its performance and lack of paranoia.

I use AVG 8 on my test machines, and am constantly pelted with false positives.  This can be more dangerous than actual infection; the Cry Wolf syndrome.  On the other hand, AVG detects real threats as soon as the file exists -- NOD32 seems to require the file be executed before swinging into action.

This can be a catastrophic failure, since some of the newer malware fires off zillions of threads to attack your system, and NOD32 gets tangled up trying to stop them all.  In these circumstances, I simply ignore NOD32's "repair" option and go straight to restoration of a backup.  The end result is the same -- PC not infected by nasty trojan or whatever -- but AVG would have prevented the infection to begin with.

I've encountered people who run multiple virus scanners concurrently, and always thought them a bit paranoid.  Am now questioning this assumption.

Opinions?

Darwin

  • Charter Member
  • Joined in 2005
  • ***
  • Posts: 6,984
    • View Profile
    • Donate to Member
I've encountered people who run multiple virus scanners concurrently, and always thought them a bit paranoid.  Am now questioning this assumption.

Opinions?

I assume that these people use one to scan their systems in real-time and use the other(s) to scan on demand? If this is indeed what they are doing, I can't see that it would help in the scenario that you describe. On the other hand, if they are running multiple AVs scanners in real-time, I'd expect them to experience serious stability problems running two or more AV scanners that are vying with each other for access to resources and rogue files.

tomos

  • Charter Member
  • Joined in 2006
  • ***
  • Posts: 11,959
    • View Profile
    • Donate to Member
I've been using the trial of AntiVir "Premium"

One process running:
  • 3 to 4 MB "Private Bytes"
  • 0% CPU

Ooups, I didnt have "Show proccesses from all users" ticked in Process Explorer
make that:-

5 processes running (may depend on your settings)

                                CPU           Private Bytes
avesvc.exe          74176 K     7868 K
avgnt.exe             4052 K     4712 K
avguard.exe         80296 K   9084 K
avmailc.exe          1848 K       912 K
avwebgrd.exe      3536 K       6564 K
Tom

Darwin

  • Charter Member
  • Joined in 2005
  • ***
  • Posts: 6,984
    • View Profile
    • Donate to Member
FWIW, Sunbelt is selling Vipre today for $9.95. When you checkout, you are also offered the Sunbelt Personal Firewall for $9.95 as well. In addition, they have multi-licence deals - an unlimited home licence for Vipre is $49.95 (I think).

Click link for deal:

http://www.vipreanti...rus.com/blackfriday/

EDIT: Just to note, the deal linked to is no longer active.
« Last Edit: November 30, 2008, 11:00 AM by Darwin »

nontroppo

  • Charter Honorary Member
  • Joined in 2005
  • ***
  • Posts: 649
  • spinning top
    • View Profile
    • nontroppo.org
    • Donate to Member
What I do notice as interesting is that NOD32, which has always had superlative overall reports on av-comparatives.org, has been really slipping dowm the charts both for on-demand and retro-active tests this year (it won overall best AV in 2007). Is that because of the shift to Version 3, and/or is it being outperformed by the new generation of malware more than its peers now?
FARR Wishes: Performance TweaksTask ControlAdaptive History
[url=http://opera.com/]

Darwin

  • Charter Member
  • Joined in 2005
  • ***
  • Posts: 6,984
    • View Profile
    • Donate to Member
I purchased a copy of VIPRE for my Win2k machine (PIIIE 600Mhz, 512MB RAM) and it is truly a wonderful thing! It's blazing fast in scanning and any issues I had in trialling it a few months ago are gone - updates are quick and I've not seen any issues WRT runaway processes. I'll post back later with resource usage numbers (I'm on OSX at the moment...).

Darwin

  • Charter Member
  • Joined in 2005
  • ***
  • Posts: 6,984
    • View Profile
    • Donate to Member
I started out adding this as an edit to the post above, but have moved it to a new post (too much added info):

From Win2k machine. VIPRE runs two processes, SBAMSvc.exe (16,072K Private bytes) and SBAMTRay.exe (3,708K Private bytes). CPU usage is 0% for both processes. I'm starting a quick scan now:

SBAMsvc.exe - 18,564K private bytes started out at 41% CPU, immediately fell to about 29% and then after about a minute to 19%. Still fluctuating between 17% and 29%
SBAMTray.exe - 3,732 private bytes 0% CPU

Incidentally, the "bits" of this post relating to VIPRE actually running were added while the scan was in progress. No degradation of performance at all. My only real concern is that even without a scan running, the GUI takes a while to load. On the order of 20 seconds or so...

Overall, I wish that I had bought more licences for this - I'd love to see how it stacks up against Webroot on my XP and Vista machines (both with MUCH, MUCH RAM and CPU power).

Overall, my 80 GB harddrive is scanned in about 10 mintues when running a Quick scan and about 45 minutes when running a deep scan. Pretty decent on such old hardware, I think.

EDTI: er, no... The quick scan that I started with this post just finished after 2 hours 22 minutes  :o Weird, as I ran both a quick and a deep scan yesterday with the results indicated above. Will have to monitor this. Still like VIPRE better than BitDefender at any rate. Afterall, who cares how long the scan takes if you can still use your computer!
« Last Edit: November 30, 2008, 02:29 PM by Darwin »

tomos

  • Charter Member
  • Joined in 2006
  • ***
  • Posts: 11,959
    • View Profile
    • Donate to Member
A reservation about Avira (AntiVir) is that they seem to have very poor support for non-corporate paying customers ..
This seems to be par for the course in Germany, cant understand why considering their good reputation for tech - maybe they think something doesnt need support if it's well crafted/made  ;D

It's called the"Service Wüste" here - the service desert ...

e.g. see http://forum.avira.c...d&threadID=78157
Tom

city_zen

  • Supporting Member
  • Joined in 2008
  • **
  • Posts: 134
    • View Profile
    • Donate to Member
e.g. see http://forum.avira.c...d&threadID=78157

 :o :( >:(

That was awful! Easily one of the worst customer support cases I've ever seen. I can hardly believe Avira is that bad with regards to support for home users, but the evidence is there. Thanks for posting it, tomos

Make that -1 for Avira
I'll have what she's having

J-Mac

  • Supporting Member
  • Joined in 2007
  • **
  • Posts: 2,918
    • View Profile
    • Donate to Member
NOD32 v3 on every computer I own - and I'll be keeping it. It just works for me. Granted I don’t often get threats - hopefully I am avoiding the more threatening sites - but every now and then NOD32 pops up and grabs something. I figure that if it has done the job for me for so long, I'm OK with it.

 :)

Jim

Carol Haynes

  • Waffles for England (patent pending)
  • Global Moderator
  • Joined in 2005
  • *****
  • Posts: 8,066
    • View Profile
    • Donate to Member
Well I was considering moving to a paid subscription to Avira Premium but that won't be happening now - and I won't be recommending them to any clients in the future. It is fair enough to offer forum support to users of free software but a paid subscription should receive at least email support.

tomos

  • Charter Member
  • Joined in 2006
  • ***
  • Posts: 11,959
    • View Profile
    • Donate to Member
e.g. see http://forum.avira.c...d&threadID=78157

 :o :( >:(

That was awful! Easily one of the worst customer support cases I've ever seen. I can hardly believe Avira is that bad with regards to support for home users, but the evidence is there. Thanks for posting it, tomos

Make that -1 for Avira

unfortunately

they dont seem to have a number in US/Rest of the world and they offer numbers in Germany/Aus/Switzeland @ €1.99 a mimnute and email support is only "for the customers of our business products (AntiVir ProfessionalEdition)"

not sure but the guy had a paid up version, got a refund - I'm just after buying the "Premium" version

Looking at their site again - they dont make this clear but after digging a bit, I found the "Pro" version for desktop is €36 as opposed to €20 that I paid for "Premium"..
so that's why they were so cheap - I'd prefer if they were up front about it as well

Edit/ more readable hopefully ;-)
Tom
« Last Edit: December 01, 2008, 10:10 AM by tomos »

Carol Haynes

  • Waffles for England (patent pending)
  • Global Moderator
  • Joined in 2005
  • *****
  • Posts: 8,066
    • View Profile
    • Donate to Member
unfortunately they dont seem to have a number in US/Rest of the world and they offer numbers in Germany/Aus/Switzeland @ €1.99 a mimnute and email support is only "for the customers of our business products (AntiVir ProfessionalEdition)"

Sadly it isn't uncommon - most US companies ONLY have support in the US so everyone else in the world has to make international phone calls to the US for support. Many companies simply don't offer phone support, or extort money (currently MS charge something like $30 just to talk to you per incident unless it is an installation issue), or offer service that is so bad it costs a fortune to get nowhere.

There is no real excuse to not offer email support - even if it is only 30 days to ccover installation issues. If they can't afford to employ enough people they will have to charge more for the product to cover the support costs.

If they really can't supply email support they should at least have a forum that is supported by conscientious staff members quickly and effectively.

If customers can't talk to them how are they supposed to deal with new threats and false positives?

mwb1100

  • Supporting Member
  • Joined in 2006
  • **
  • Posts: 1,645
    • View Profile
    • Donate to Member
One thing that people should look into is that ISPs often provide an anti-virus package as part of the subscription/account (at least this seems to be common in the US). 

For example, if you're on Comcast you can get McAfee Security Suite by going to http://security.comcast.net/.  Note that you can get one installation for each email address on your account, and I think you can have up to 7 email addresses on an account (at least that's the case for my account).

Of course, whether McAfee (or whatever your ISP might offer) is the package you want is another story, but I imagine that given that you've already paid for it (in a sense), it's worth at least considering.

edbro

  • Charter Member
  • Joined in 2006
  • ***
  • default avatar
  • Posts: 426
    • View Profile
    • Donate to Member
I was using Symantec Corporate Antivirus because I can install it free and legal from my workplace. It was suprisingly good as far as no impact to my computer use. I never felt its presence.

Now I do not use any antivirus, antispyware, or firewall. I am using Returnil and everything runs in a virtual environment. After every reboot I am back to a clean slate. I don't have to worry about viruses or malware. Plus, I can try out new software virtually before committing it to my real hard drive. The only drawback is that I have to turn off protection and reboot if I want to make any lasting changes.

J-Mac

  • Supporting Member
  • Joined in 2007
  • **
  • Posts: 2,918
    • View Profile
    • Donate to Member
I was using Symantec Corporate Antivirus because I can install it free and legal from my workplace. It was suprisingly good as far as no impact to my computer use. I never felt its presence.

Now I do not use any antivirus, antispyware, or firewall. I am using Returnil and everything runs in a virtual environment. After every reboot I am back to a clean slate. I don't have to worry about viruses or malware. Plus, I can try out new software virtually before committing it to my real hard drive. The only drawback is that I have to turn off protection and reboot if I want to make any lasting changes.

I'll have to take a look at Returnil. The only time I tried a sandbox-type application was Buffer-Zone, which I actually won here at DC. Didn't like that at all. Maybe it was just me, though, being too lazy! When I booted into Buffer-Zone the UI of my system was so sparse, it was worse than booting up in Safe Mode. And I could not find any easy way to get it more usable. Never booted into it again.

Jim

4wd

  • Supporting Member
  • Joined in 2006
  • **
  • Posts: 5,641
    • View Profile
    • Donate to Member
For a free PrevX Edge alternative you could try DriveSentry - you can upgrade it to the paid version for US$10, (for life), UKP10 or EU$10.  They also have a portable version if you want on-the-go cover.

Currently, I'm running KingSoft Internet Suite 2009, (the other KIS :) ), on a 180 day trial.  Seems to have little impact on the system performance-wise and is currently using about 22MB across all it's processes.
Virus/programs database updates happen every 6 hours by default are are also non-intrusive, you get a requester in the lower right corner of your screen telling you it's updated the program or database which goes away after about 10 seconds, (or you can click OK).
It will open a requester before a program update asking for confirmation if it detects high processor usage, (eg. video encoding).

I don't use Scan On Demand or Full Scan in any AV I've used, I prefer On Access protection for less impact.

Can't really say much about the AV part at all, it'd only get used if it finds something and it hasn't found anything.

CONS:
The only problem I have with the AV component is that you don't seem to have an option to Ignore a suspect file, it's either Quarantine or Delete.

The Firewall is reasonably configurable, (it seems to differentiate between LAN and internet traffic very well, (compared to some firewalls I've used where you have to input specific network rules just to let LAN traffic pass without problem - Comodo springs to mind).
Custom rules can be created for traffic type, although with nowhere near the ease of PCTools Firewall, (PCTFW has arguably the best custom rule creation interface I've ever seen/used in a firewall).
It's relatively non-intrusive in the requester department, only popping open one when a new program wants to access the net.
Permission requesters open reasonably quickly giving you the usual Allow/Block Once/Always options.

CONS:
1) There seems to be some kind of Whitelist in effect, having it set at the default Medium level I would still expect all new outbound programs to require permission before being allowed to communicate with the outside world - however, Securom's updater breezed through without a peep from the firewall.  Not really a problem but it does cause me to wonder what other programs are allowed through without asking.  NOTE: I am comparing this with other firewalls whose default 'medium' level is usually a learning mode that requires all outbound programs to be given permission, (assuming you haven't turned on an "Automatically allow known programs' option).
2) You can't sort the allowed programs list, makes it hard trying to find one program somewhere in it.
3) You can't resize the interface window, (applies to AV and AS also), coupled with 2) makes it incredibly annoying.
4) Log file is a bit sparse on details, (for my liking - no where near as complete as PCTFW).

The Anti-Spyware sits in the background waiting for something to happen.  Not having IE installed and using Portable Firefox, (so effectively no browser installed as far as the system is concerned), it probably doesn't have that much to do.
It does have a handy(?) Health Index analyser that starts at a score of 100 and gets reduced depending on what suspect problems it finds, eg. shared folders, unknown startup items, etc, etc.  Any unknown items can be submitted to Kingsoft for analysis.

The AS also contains a few useful tools:
a) A Process Supervisor which lists running processes, checks them against Kingsoft's database and marks them as Secure or Unknown, (you can submit Unknown to Kingsoft for checking), and let you kill any.
b) USB Protection Tool which disables Autorun on portable devices - something I do system-wide normally.
c) LSP Repair Tool to try to repair your Winsock 2 if your connection goes wacko - see here for a freebie version.
d) History Cleaner for temp files and cache, I use CCleaner.
e) Disk Cleaner to allow you to remove *.tmp, *.chk, cookies, etc, etc - again, I use CCleaner.

CONS: None to speak of.

The only gripes I have with the suite as a whole are the ones I've listed under the AV and Firewall.

Normally US$29/year for virus/program updates.

As a bonus you have David from Kingsoft Research on the DC forums so you can personally harass him if there's something you don't like :)

BTW David if you're listening, I don't know what you've done to your website but IMO you've taken a step backward, (unless I'm missing something obvious).  You used to be able to click through to a page dedicated to each product along with it's associated awards and info but now they're both together on every page it's rather bereft of anything useful other than a download link.

NOTE: I've never run an integrated Internet Suite before KIS2009 and I should probably say that after my trial ends I will probably go back to PCTFW, (because I haven't yet found a free firewall that provides the same amount of logging with the ease/breadth of custom rule creation).  And for an AV I'll use whatever free version of something that doesn't impact my system.....or maybe I'll try the free Comodo IS first and see if they've improved their firewall sufficiently, (configuration-wise).

I should also mention that I actually bought the upgrade to DriveSentry over a year ago because it seemed like an excellent program, (it probably is an excellent program just not suited to me), but quickly got sick of requesters wanting confirmation for programs not in the database.  I'm pretty sure I'd get this with any HIPS style program, (as DriveSentry and PrevX basically are), but AFAIAC, HIPS ain't for me.  I rapidly get sick of all the requesters.

Decent, (not perfect), firewall and AV is all I need.
« Last Edit: December 01, 2008, 07:37 PM by 4wd »