Author Topic: Is it time to start a new AntiVirus/Internet Security Suite review thread? (Read 67001 times)

city_zen · « **Reply #25 on:** December 01, 2008, 11:18 PM »

The other site I have been looking at is http://www.av-comparatives.org/ which seems to employ useful selective methodologies to test aspects of performance rather than just a bland overall assessment.
-Carol Haynes (November 26, 2008, 05:32 AM)

What I do notice as interesting is that NOD32, which has always had superlative overall reports on av-comparatives.org, has been really slipping dowm the charts both for on-demand and retro-active tests this year (it won overall best AV in 2007). Is that because of the shift to Version 3, and/or is it being outperformed by the new generation of malware more than its peers now?
-nontroppo (November 30, 2008, 10:54 AM)

A couple of days ago, the results from the latest tests by AV-Comparatives have been released. IMHO, those are the best AV tests currently available. The amount of detail given about the tests results and the author's methodology seem much better than those of other tests.
Anyway, in a (not entirely) surprising comeback after the slipping that nontroppo mentioned in his post, ESET NOD32 was the only antivirus to reach the maximum certification level (Advanced+) in this test. This was a retrospective/Proactive test where NOD32's heuristics typically shine.
Please visit the site (www.av-comparatives.org) to get the full results as the author has asked for the tests results not to be linked directly.

nontroppo · « **Reply #26 on:** December 02, 2008, 06:11 AM »

Note also that NOD32 has V4 in beta:

http://www.eset.eu/p...2-for-windows-4-beta

Hard to get past the marketing speak, but I think they claim better proactive support, a new sysinspector module to root out rootkits, rescue CDs and lots of graphs!

Darwin · « **Reply #27 on:** December 02, 2008, 01:37 PM »

Just to note - just ran a quick scan of my Win2k machine with VIPRE: 5 minutes 52 seconds. The last one I suspect was a Deep scan and an anomaly at that (WRT how long it took). Just thought I'd update you all. They don't call me "Mr Interesting" for nothing, you know

nontroppo · « **Reply #28 on:** December 02, 2008, 04:03 PM »

Darwin: Vipre looks very interesting, I'd love to see it added to av-comparitives.org testing to see how it stacks up.

I also wish there were proper benchmarks done to see how AVs really affect a machine, nothing I've seen is really comprehensive enough...

4wd · « **Reply #29 on:** December 02, 2008, 06:56 PM »

I also wish there were proper benchmarks done to see how AVs really affect a machine, nothing I've seen is really comprehensive enough...
-nontroppo (December 02, 2008, 04:03 PM)

There have been tests done to see how various ISS's affected a machines boot time, but I can't find that particular site ATM - although it was last year, (or early this year), I think.

PC Mag did a few simple tests on five of the current ISS's to see what effect they had on boot times and file access.

Paul Keith · « **Reply #30 on:** December 02, 2008, 09:42 PM »

Problem with benchmarks is that it cannot take account for 0 day malwares. That's why in my uneducated opinion, many quality antiviruses are slipping up and down on charts.

Anytime an AV program prepares for a new release, their detection quality suffers that's why many recommend Dr. Web's CureIt as the best on demand scanner based on their upgrade models and even that is just delaying the storm of next gen security suites like cloud-based behaviour blockers and shadow virtualization.

city_zen · « **Reply #31 on:** December 02, 2008, 11:10 PM »

Problem with benchmarks is that it cannot take account for 0 day malwares. That's why in my uneducated opinion, many quality antiviruses are slipping up and down on charts.
-Paul Keith (December 02, 2008, 09:42 PM)

I'm not sure I understand what you mean, Paul, but if you're talking about the kind of benchmarks AV Comparatives and other organizations do, they can (and, in at least the case of AV Comparatives, actually do) take into account 0-day malware, i.e. "unknown" malware. In fact, the test I mentioned in my previous post is precisely that: a test to see how each AV performs against a number of previously unknown (to their signature databases) malware. This kind of tests allows us to see how well each program uses heuristics to detect this 0-day malware.

I also wish there were proper benchmarks done to see how AVs really affect a machine, nothing I've seen is really comprehensive enough...
-nontroppo (December 02, 2008, 04:03 PM)

There have been tests done to see how various ISS's affected a machines boot time, but I can't find that particular site ATM - although it was last year, (or early this year), I think.
-4wd (December 02, 2008, 06:56 PM)

I think you're talking about the same article I remember, 4wd. Is it this one?: What Really Slows Windows Down
In any case, if it wasn't it, this article is well worth reading. It's a little outdated now (written in 2006) but very informative.

Paul Keith · « **Reply #32 on:** December 03, 2008, 02:13 AM »

I know heuristics can detect 0-day malware but I doubt they can detect every 0-day malware unlike a HIPS that monitors every changes and lately it seems malware has been improving at a much more rapid rate. It always seems to be a single virus that slips through AV guards especially if you forget to update from one version to another.

At least I have no other explanation for how viruses can still pass quality guards especially with their improved heuristics.

J-Mac · « **Reply #33 on:** December 03, 2008, 02:34 AM »

I know heuristics can detect 0-day malware but I doubt they can detect every 0-day malware unlike a HIPS that monitors every changes and lately it seems malware has been improving at a much more rapid rate. It always seems to be a single virus that slips through AV guards especially if you forget to update from one version to another.

At least I have no other explanation for how viruses can still pass quality guards especially with their improved heuristics.
-Paul Keith (December 03, 2008, 02:13 AM)

This is one of those "Anything is possible" things. Sure, you can always get hit with a zero-day infection. Of course it is possible I can get struck by lightning every time I go out in an electrical storm.

I take my chances with NOD32's heuristics and I backup, backup, backup. To a few different locations. I am very fortunate that I have not been infected in all the years I have been using computers - and that is more than a few years! As in almost everything I do, I take the best precautions that I can while still maintaining a balance in keeping it all real - and usable.

It has worked for me for quite a long time. And if it goes bad, I have all the recovery options in place that I can reasonably have.

At this point, I have stopped worrying!

Jim

Paul Keith · « **Reply #34 on:** December 03, 2008, 07:33 AM »

While that is good advice J-mac, it ignores the context of this thread.

I mean theoretically everything can be safe if you have a backup irregardless of your security settings and it might help improve your security settings if you have the correct attitude in dealing with these but this ignores people who have different habits as well as people who don't have the technical knowledge to rely on anything but their antiviruses.

J-Mac · « **Reply #35 on:** December 03, 2008, 04:34 PM »

While that is good advice J-mac, it ignores the context of this thread.

I mean theoretically everything can be safe if you have a backup irregardless of your security settings and it might help improve your security settings if you have the correct attitude in dealing with these but this ignores people who have different habits as well as people who don't have the technical knowledge to rely on anything but their antiviruses.

-Paul Keith (December 03, 2008, 07:33 AM)

Paul,

That wasn’t my point, actually. I just kinda threw that in there for good measure!

My point was that using an A-V with well-tested heuristics is about as good as almost anyone here would need to protect against zero-day infections. Fearing that special zero-day infection even with that good A-V is, well, fatalistic. If you don’t feel that an A-V with good heuristic capabilities can protect you to your satisfaction, then yes: you definitely need a fall-back plan. Like backups! Rather than a "better" Anti-Virus.

Jim

Paul Keith · « **Reply #36 on:** December 04, 2008, 02:09 AM »

Ahh, sorry for missing your point.

tinjaw · « **Reply #37 on:** January 30, 2009, 03:57 PM »

I am at that point in rebuilding my laptop (Vista) that I need to choose some AV. I am old school and rely on my experience to know what to avoid. The only AV I need is an on-demand scanner. For example to scan email attachments on-demand when I get attachments from people I know or when I download a program to install.

I have looked at AV-Comparatives and AV-test.org and think I am going to grab a copy of Avira AntiVir Personal. I will use it 99% of the time as a console app invoked by another program like Firefox, WinRAR, or similar.

mnemonic · « **Reply #38 on:** June 01, 2009, 01:12 PM »

Sorry to dredge up an old post, but I'd be interested in finding out what everyone decided upon in the end.

Darwin · « **Reply #39 on:** June 01, 2009, 02:11 PM »

I'm running Sunbelt's VIPRE on four notebooks. It's been very solid under XP 32-bit SP-2 and SP-3, Vista 64 bit SP-1 and SP-2, Vista 32 bit SP-1 (hasn't been updated to SP-3 yet), and Win 2k SP-4.

Stoic Joker · « **Reply #40 on:** June 01, 2009, 08:40 PM »

I'm running Sunbelt's VIPRE on four notebooks. It's been very solid under XP 32-bit SP-2 and SP-3, Vista 64 bit SP-1 and SP-2, Vista 32 bit SP-1 (hasn't been updated to SP-3 yet), and Win 2k SP-4.
-Darwin (June 01, 2009, 02:11 PM)

I'm still using Avast due to its being light, fast, free, & reasonably accurate ... But I have been curious about VIPRE for awhile. How (Um...) "Modular" is it? (To clarify what I'm after) I noticed the free version comes bundled with/includes a firewall (Which aggravates the bloody hell out of me) ... Can it be removed from the package during the install, or does it have to be suffered through and crippled later?

Darwin · « **Reply #41 on:** June 02, 2009, 07:42 AM »

Sunbelt's Firewall is a separate download/install from VIPRE, as far as I know. I have a licence for the firewall but don't have it installed because it annoys the bloody hell out of me, as well! Thus, at worst it will need to be uninstalled while at best it isn't part of the package at all.

Innuendo · « **Reply #42 on:** June 02, 2009, 09:51 AM »

I'm not using anything right now when I have been using something I usually install Agnitum's Outpost Security Suite Pro. In the past their AV has been weak, but recent AV comparison tests show that they've been working on fixing that flaw.

Their firewall is best in class. It's one of the few that consistently scores 100% on leak tests. For those with affinities towards skulls, Agnitum thoughtfully included an auto-learn mode for the firewall. For one or two weeks you can put it in auto-learn mode and all your programs will be given firewall permissions.

It's a little more resource-intensive than I would like, but it protects you from everything & the latest beta will allow you to opt not to install the components you know you aren't going to use.

I bought it on a whim during their last sale when they were selling lifetime licenses and I was in a mind to putting an end to yearly AV subscription costs.

Darwin · « **Reply #43 on:** June 02, 2009, 10:50 AM »

I bought it on a whim during their last sale when they were selling lifetime licenses and I was in a mind to putting an end to yearly AV subscription costs.
-Innuendo (June 02, 2009, 09:51 AM)

Dang! I'd jump at something like that... Though $15-30 a year for peace of mind is a small price to pay, all things considered. Still...

mwb1100 · « **Reply #44 on:** June 02, 2009, 11:54 AM »

I bought it on a whim during their last sale when they were selling lifetime licenses and I was in a mind to putting an end to yearly AV subscription costs.
-Innuendo (June 02, 2009, 09:51 AM)

Dang! I'd jump at something like that... Though $15-30 a year for peace of mind is a small price to pay, all things considered. Still...
-Darwin (June 02, 2009, 10:50 AM)

Too bad you missed it - it was discussed on DC in at least one thread. Anyway, if you're in a mind for lifetime licenses, Agnitum is currently selling lifetime licenses for Outpost Pro (but not the Security Suite as far as I can tell). It doesn't include the antivirus, but is a lifetime license for the firewall (2 June 2009):

http://www.agnitum.com/purchase/outpost/

mnemonic · « **Reply #45 on:** June 02, 2009, 02:47 PM »

Has anyone had any experience with Prevx Edge?

I'm currently running just Avira Free and sat behind a hardware firewall (via a router), but I'm a little confused about exactly what Prevx does. From reading the webpage, it seems to be an anti-malware app, but does it also act like a HIPS?

The post on Wilders about it is 173 pages long, so it seems to be popular!

Innuendo · « **Reply #46 on:** June 02, 2009, 04:28 PM »

Dang! I'd jump at something like that... Though $15-30 a year for peace of mind is a small price to pay, all things considered. Still...
-Darwin

Yes, as was said above this was discussed on DC. Where were you, Darwin?

https://www.donation...ex.php?topic=16332.0

And I just realized that I got a better deal than I thought...that lifetime license is good for 3 PCs.

Darwin · « **Reply #47 on:** June 02, 2009, 06:38 PM »

Why celebrating Christmas with my family, of course! Er... actually, I simply wasn't that interested at the time. Six months on and I'm feeling a bit more fiscally responsible (or is that impecunious?)

Innuendo · « **Reply #48 on:** June 02, 2009, 06:55 PM »

I know what you mean. There's been more than a couple programs I missed getting at a reduced price that I ended up regretting I didn't get for one reason or another.

I nearly passed on the Agnitum offer at the time as their software didn't knock my socks off at the time, but figured I'd end up regretting it if I did.

Paul Keith · « **Reply #49 on:** June 02, 2009, 09:50 PM »

Has anyone had any experience with Prevx Edge?

I'm currently running just Avira Free and sat behind a hardware firewall (via a router), but I'm a little confused about exactly what Prevx does. From reading the webpage, it seems to be an anti-malware app, but does it also act like a HIPS?

The post on Wilders about it is 173 pages long, so it seems to be popular!
-mnemonic (June 02, 2009, 02:47 PM)

No experience but from what I've read of that thread, it's cloud anti-virus.

Technically since it's real time updating definition, it's like a smart HIPS in that instead of being an AV that requires the next update, it's an AV that detects a virus as soon as someone got infected and send it to them. My apologies for the non-techie definition but that's what it boils down to from what I gathered.

It has some memory leakages last time I read and it still has false positives (so it's not really superior to traditional AVS yet) but in general, I heard lots of good things from it and it seems way ahead of it's competition in that area but I think many in Wilders generally feel that traditional AVs is just mature enough for now and along with Avira combining anti-malware with antivirus, that the traditional AVs are close to reaching the best state it could possibly be that right now, it's not necessary yet to switch to those things. (Although people using programs like Mamutu and Threatfire might possibly prefer looking into that kind of AV instead of just having a HIPS)