Author Topic: AntiVirus with decent anti-spyware (realtime) detection (Read 30090 times)

Josh · « **on:** September 03, 2008, 01:40 PM »

To all,

I have seen this talked about several times on these forums, but I am attempting to solicit opinions of different products from various people. I am currently evaluating VIPRE (By Sunbelt) which is an antivirus with antispyware built in (as almost all a/v's have nowadays). I am liking it, but before I buy it, I want to hear opinions of others I should try. I am thinking of trialing webroot's a/v & a/s. I wasted my money on a 3 year subscription to lavasoft adaware, which has failed me 3 times in the last 2 weeks, and as such I am going to contact them and force them to refund my money. The product touts it's ad watch program as a decent realtime protection system, but it fails everytime I've used it. Now, they might argue that I should have used the trial, but I am not going to install spyware on my system just to test a product in the case that it fails.

So, what antivirus programs have you all used which come with a good anti-spyware module providing realtime protection?

Let me know and thanks!

Josh

Darwin · « **Reply #1 on:** September 05, 2008, 10:23 AM »

Well... after a weird situation last night wherein Maxthon froze and I could not terminate the process because my system had apparently locked it, I disabled my wireless receiver, rebooted and ran a Deep scan with Webroot overnight - I have no idea how long it took, but typically these scans take about 2 hours (I run them once a week over dinner). It found one trojan in a very old e-mail attachment (from 2000! It was a file that allowed me to run Combat Flight Simulator without the CD in the drive) and I let it quarantine it (in the past I'd just directed my AV to ignore it). Because I was paranoid, I then installed VIPRE and set up my preferences for it and rebooted. I let VIPRE update its definitions and then disabled Webroot while I set VIPRE to deep scan my system. After an hour and a half of watching it trawl through my C drive (hadn't even gotten to My Documents, which are on E:) I killed it and looked at the one issue it had found. It had identified Check&Get.exe as a keylogger. I investigated, and also scanned the file with Webroot, and as far as I can tell, it's clean. Anyway, I was disappointed with the speed of VIPRE and with the false positive. My assumption is that it gets quicker with each run (this was my experience with Win2k, before that machine gave up the ghost). For my needs, Webroot is rock solid. If you are happy with VIPRE and you've been runing it for a while you're probably beyond that break in period and it's probably very quick. I'd stick with it. The price is significantly cheaper than Webroot at the moment and I WAS impressed with how responsive my computer was even when running the deep scan. Webroot is more resource intensive during scanning, but it is quick. EDIT: Also, I followed up the aborted deep scan with VIPRE with a Quick Scan with VIPRE and it took about 10 minutes or so - not bad! It also didn't turn up the keylogger false-positive, which I thought rather odd...

NB my wife is running VIPRE Enterprise on my work provided notebook and it is amazingly quick and non-intrusive on that machine (WinXP Pro Sp-3, 2GB RAM). If I didn't have just under two years remaining on my Webroot licence I'd probably stick with VIPRE to get a better idea of how it would perform on this machine in the long run.

Bottom line: I think Webroot is great, but many disagree. Carol, for example, has had negative experiences with it WRT resource utilization. VIPRE is impressive considering it's still only about two months old. I am sure that it will get better. If you are determined to give something else a shot before you commit, do give Webroot a try. Otherwise, I'd take advantage of the great price on VIPRE...

[Darwin returns to gazing at his navel while sitting on the fence!]

EDITED: for clarity.

Josh · « **Reply #2 on:** September 05, 2008, 11:26 AM »

Thank you for the reply darwin. Did you have any other issues with VIPRE? I am going to give webroot a try and just disable VIPRE. I will let you know my results. Have you attempted another deep scan to see if its sped up?

Darwin · « **Reply #3 on:** September 05, 2008, 11:44 AM »

No, I just uninstalled it (I have current licences for both Bitdefender and AVG that I'm not using and the two licences for Webroot. I don't even want to be tempted to spend more money at the moment)! The only other issues I am aware of relate to the performance of SBAMsvc.exe. Occasionally it will freak out and crash a machine. It has done this once to my wife's work computer (a notebook she uses at home a lot). It was in the course of investigating this issue that I becamse aware of VIPRE.

One thing that annoyed me about VIPRE is that it doesn't tell you where the virus/spam/malware/trojan that it finds is located until you complete the scan. Also, if you cancel a scan, it clears the items that it discovered up to that point (so you have to re-run the scan to correct any issues AND you have to let the scan finish). Webroot retains the "found items" if you cancel the scan, letting you deal with them (though I should note that it won't tell you the location until the scan is completed or aborted, either).

With Webroot, I've disabled the check on system start feature (see screenshot) and it STILL takes a long time to load with considerable resource hit, just to warn you. Once it's loaded, though, it's very non-intrusive.

AntiVirus with decent anti-spyware (realtime) detection

cmpm · « **Reply #4 on:** September 05, 2008, 11:47 AM »

Check out Eset.
It has a trial period of 30 days.

http://www.eset.com/

Darwin · « **Reply #5 on:** September 05, 2008, 11:48 AM »

Note - I re-read my original post and have edited it for clarity. I've indicated the "edit" with EDIT: in the text of that post.

Darwin · « **Reply #6 on:** September 05, 2008, 02:32 PM »

Just had Webroot run a scheduled daily Quick scan on my system and, being tied up with other things, completely forgot about it. Had a negligible effect on system performance.

Josh - do let us know how your test goes. I've come to realise that AV and AS applications are truly unique in how they run on each system and for each user. I know that WEbroot has had some bad press because of resource utilization yet I've had no problems with it. Likewise, I've heard bad things about SpyDoctor yet have a friend running the latest version on an anaemic P4 and 512MB RAM without any trouble. Weird.

Curt · « **Reply #7 on:** September 05, 2008, 03:07 PM »

I (too) would recommend Eset NOD32, only.

Josh · « **Reply #8 on:** September 05, 2008, 03:08 PM »

Tried it, Didn't detect spyware in an accurate manner and it ate up too much processing power.

Darwin · « **Reply #9 on:** September 05, 2008, 03:20 PM »

Ouch! I'm slipping - the computer I've been talking about has a 120 GB harddrive with two partitions (C and E). C had windows and programs on it while E has My Documents and my Outlook and IE settings folders. C is a 28GB partition with 22GB of data on it while E is an 83GB partition with 61GB of data on it. From what I can see, both Webroot and VIPRE scan the entire drive (ie both partitions) during Deep scan but only select "bits" of C during Quick scan. Thus, I'll have to set Webroot up to do a custom, rather than quick, scan from now on so that it hits my Outlook and IE folders.

EDIT: Update - I have no idea where Webroot is scanning during Quick scans. I assume that it does scan Outlook and IE but can't be sure and have set up a custom scan to do it instead.

Anyway, main point was to give a frame of reference for the scans I wrote about earlier this morning.

Paul Keith · « **Reply #10 on:** September 05, 2008, 07:08 PM »

As far as recent reputation to my knowledge, only Avira is known for that but it's primarily sold as an antivirus scanner but it's been recently gaining more and more recognition as the antivirus scanner that I've read some even say it's one of the few antivirus scanner that can detect spyware but most of my impression was from this forum.

Just don't buy the premium version other than for supporting the product. Webguard can mess up your internet connection even when disabled. A problem not really exempt from Avira. Even Nod32 has it.

SKA · « **Reply #11 on:** September 06, 2008, 03:54 AM »

FWIW, here's my two cents, all ideas from Wilders' forums :

1. Last 2 years use of software firewalls became very popular -now many antivirus players have added firewalls into their "suites". IMO best suites are : AVIRA, ESET, KasperskyIS (in increasing order of system impact). NortonIS 2009(now in beta) when released may also be a contender.

2. This year's fashion is HIPS (Host Intrusion Protection System) - many users adopted HIPS in various forms (Online Armor, Defense Wall, Geswall, SSM-System Safety Monitor, DriveSentry ,Threatfire etc) apart from antivirus/ firewal combos. HIPS rely less on daily updates/signatures and more on a whitelist approach, if my understanding is right.

3. In fact a compatible HIPS(DefenseWall, Online Armor etc) + light Antivirus (Avira or Eset) may have less system impact & be more proactive than an AV+firewall combo. For XP : it maybe worth to add a software firewall or use LUA(limited user account) + SRP (Software restriction policy) to "harden" systems. For Vista a HIPS does not seem critical (as yet), also its inbuilt firewall is quite okay.

Some users on Wilders say they stopped using realtime AV's altogether- relying on HIPS alone or with LUA/SRP . They use online AV services like Jotti,Virustotal etc to checkout suspect files reported by their HIPS .

Useful links on LUA & SRP:
http://www.wildersse...wthread.php?t=200772
http://www.mechbgon.com/srp/

4. Spywares: No AV product has 100% or even 90% removal for the huge variety of spywares/trojans infesting the net. I recommend two specific antisypware products to run on demand & which shouldn't conflict wth AVs(Avira or Eset).
- SAS - Superantispyware.com
- MBAM - Malwarebytes.com

5. Special infections may call for custom fixes like SmithfraudFix, Vundofix, Combofix, SDFix, etc.
Running a HijackThis scan peridocially can help to locate suspects on your system with advice from experts at specialised forums like spyware warrior, bleepingconputer, castlecops, etc.

SKA

Paul Keith · « **Reply #12 on:** September 06, 2008, 08:48 PM »

Thanks SKA. Those seem to be in line with what I know except for HIPS in fashion. Wasn't there this new program, Recover something that was a System Restore like software even better that was all the rage back then?

Also Hijackthis De, a worthwhile companion to Hijackthis for those who don't know.

Edit: Also what's the best HIPS right now?

SKA · « **Reply #13 on:** September 06, 2008, 11:24 PM »

@Paul Keith :
"recovery" could be: First Defense ISR, Returnil, Shadow Defender , Power Shadow, Rollback , Deep Freeze etc -
So many new products out esp from China with less publicity & support (english forums) - only at Wilders is where "beeding edge " products get announced /discussed <grin> . I really dont know any other forum where HIPS' are discussed in depth.

The Hijack de link is really useful for fast diagnosis - thanks !

Best HIPS ? Difficult to answer as the "tech" is quite fluid,with lot of hype.
Geswall Pro - author missing in action ?
Defensewall HIPS - author Illya Rabinovich is quite active & popular on Wilders.
Online Armor (HIPS + firewall) is what I use now.
Maybe others can chime in.

SKA

Paul Keith · « **Reply #14 on:** September 07, 2008, 08:12 AM »

Thanks. Those were really helpful! I've mostly been lurking on Wilders so I really didn't have a good grasp on many of the topics except when they talk mainly about antivirus software. Yeah, Returnil was what I was thinking of. I still haven't installed it but it does seem to be a more efficient alternative to HIPS since you actually get to test the software before rolling it back.

Darwin · « **Reply #15 on:** September 07, 2008, 07:06 PM »

So... I'm on the hunt for a light, effective AV and AS solution for Win2k. I like VIPRE, but the updates take FOREVER, very disturbing. I'm still considering it, but would like some alternative suggestions, if anyone has an opinion they'd care to share...

So far as I can tell, the choices are limited (VIPRE, ESET, Spyware Terminator - free and comes with ClamAV, but how effective is it??)...

Darwin · « **Reply #16 on:** September 07, 2008, 07:11 PM »

Josh - how do you find VIPRE's updating behaviour? The connection to the server keeps getting dropped and I have to keep re-trying. It's very trying... if you follow!

This is the main issue causing me to look elsewhere. Otherwise I find VIPRE to be very good under Win2k.

Grorgy · « **Reply #17 on:** September 07, 2008, 07:54 PM »

Well, I'm using ESET smart security, I am 'immunized' by spybot S&D which I also sometimes run as an on demand scanner, and have the free editions of super antispyware and malwarebytes which I also sometimes run as an on demand scan. And even more occasionally i will run an antirootkit finder. So far, and to me this is the test that is most useful, only 1 minor spyware infection i think, i ran all those spyware things and its gone and never reappeared. I really like the idea of Threatfire, but it seems to slow up the boot time a lot and also seems to stop other programs starting properly, missing icons in system tray that sort of thing, so I don't bother with it, more trouble than it is worth to me. Touch wood, (Taps self on head)

Edit, ESET here in Australia do a 50% student discount so could be worth a look if you decide on it

Darwin · « **Reply #18 on:** September 07, 2008, 08:51 PM »

Hmm... thanks, Grorgy. How's the "impact" on your system with it running in the background, though?

Grorgy · « **Reply #19 on:** September 07, 2008, 09:07 PM »

Once it was all running it seemed ok, though the little laptop does seem a tad perkier without but it might be more of a perception thing than a real thing.

Darwin · « **Reply #20 on:** September 07, 2008, 10:48 PM »

Thanks Grorgy

I'm going to try it later this week. I've been trying to update bloody VIPRE all day and it just keeps timing out

This has survived a reboot, so I assume it is a server problem. Not very encouraging! Thanks for the heads up about the educational licensing... Alas, I find myself no longer an educator or a student

dantheman · « **Reply #21 on:** September 08, 2008, 12:56 PM »

Eset in Canada apparently grant a discount to non-profits.
With AVG8 taking the bloatware street our group plans on going with Eset as soon as our present contract is over.

I've been testing it for three weeks now and it is just fine. Low on resources and quite fast to update and scan. Very non-intrusive. Can't wait for the changeover!

Darwin · « **Reply #22 on:** September 08, 2008, 01:06 PM »

Awesome! Thank you for posting that, dantheman

I'm downloading it myself as I write this.

dantheman · « **Reply #23 on:** September 08, 2008, 03:19 PM »

My pleasure Darwin!

Let us know how it works out for you ay!

Darwin · « **Reply #24 on:** September 09, 2008, 02:11 PM »

ESET installed with no trouble (after I had to manually un-install VIPRE - all it's uninstaller did was uninstall the uninstaller!). Unfortunately, I'm not too impressed with ESET's scanning speed on my Win2k notebook (admittedly, this is not surprising given the notebooks EIGHT year old specs

). It strikes me as being about the same as BitDefender*. On balance, I am seriously considering just re-installing BitDefender. At least I won't have to pay for it for about 16 months!

In fairness, ESET IS most likely quicker but there are only two scanning options - Standard and Custom. I should probably tweak it before making a decision... - I've just been running the Standard scan and it's been about an hour and it's only at 52%...