I'm having a hard time deciding which to choose here. On one hand you have VBA32 which is rapidly adding sigs and has strong hueristics (a la Dr Web) and on the other you have KAV (6), and there has been enough said about that. For some reason I'm drawn to VBA32. I have valid licences for both. I decided to ditch nod because of their behavior with v3 and now I have a decision to make.

HELP!!!

Which one runs the lightest on your system? Which one makes you feel the most secure?

You can run in realtime and the other demand quite easily.

Seing the recent movie when KAV scans your harddrive, anything is better.
I can't believe they actually made that a part of their software...
Scan a file, its clean NOW, ignore it LATER when we scan again. Sad

You won't be getting 99% protection, not by a long shot.

Brian, what do you mean?

{QUOTE-> Seing the recent movie when KAV scans your harddrive, anything is better.
I can't believe they actually made that a part of their software...
Scan a file, its clean NOW, ignore it LATER when we scan again. Sad

You won't be getting 99% protection, not by a long shot. <-QUOTE}

Hi Brian

Not sure what movie you;ve seen. But if you are talking about the Iswift, I think that is a fantastic feature. If a file is indeed clean, why keep rescanning it if it hasn't changed. Granted new virus's might be found next week, but if a file is clean today, and next week 10 new things are found, how can a file suddenly be bad IF it hasn't changed?

Pete

Kaspersky's detection rates are in the 99%, so the iShift and iChecker technoligy is quite safe with their level of detection. And besides I'm sure the experts have thoughts of ways to prevent such things from happening... (like the pro-active modules who are always active...)

{QUOTE-> Brian, what do you mean? <-QUOTE}
Im not sure :P

But I'm talking about the 'ignore file if it's already been scanned' feature in KAV.
What if that file is infected? What if it's already in the system making crazy stuff? It get's ignored by Kav because "I scanned this the other day, it's clean man!".
It's crap, and that's my point of view, they make their costumers feel safe with super speed, when infact they could already be infected with a worm or whatever, which ofcouse KAV will ignore because it already scanned those files....

I'm not so sure about your statement Brian N. If malware is active it always shows come kind of activity (sending e-mails, hijacking services, infecting files, showing popups ect. ect.).

{QUOTE-> Hi Brian

Not sure what movie you;ve seen. But if you are talking about the Iswift, I think that is a fantastic feature. If a file is indeed clean, why keep rescanning it if it hasn't changed. Granted new virus's might be found next week, but if a file is clean today, and next week 10 new things are found, how can a file suddenly be bad IF it hasn't changed?

Pete <-QUOTE}

I agree with you. :)

{QUOTE-> I'm not so sure about your statement Brian N. If malware is active it always shows come kind of activity (sending e-mails, hijacking services, infecting files, showing popups ect. ect.). <-QUOTE}
Then how do you explaing 40 sec scan time of 40000+ files? It can't be done, no way

{QUOTE-> I'm having a hard time deciding which to choose here. On one hand you have VBA32 which is rapidly adding sigs and has strong hueristics (a la Dr Web) and on the other you have KAV (6), and there has been enough said about that. For some reason I'm drawn to VBA32. I have valid licences for both. I decided to ditch nod because of their behavior with v3 and now I have a decision to make.

HELP!!! <-QUOTE}


I have valid licenses for both also and use one on my notebook (VBA) and KAV6 on my Desktop, both offer great protection IMO. I have not been infected while running either, unless I did so myself on accident or purpose. :P

It is funny you bring this up, because I ran a scan with both lastnight against a small 4974 sample set, cure then delete if not possible the results should be interesting, (I can tell you VBA32 is good at curing macros), so I will PM you a link for the infomation when I get home, as I don't like to publish things like that if they are not done by pro's. Remember no test is perfect, and this one by no means will be any different.

LK

{QUOTE-> Then how do you explaing 40 sec scan time of 40000+ files? It can't be done, no way <-QUOTE}
Let me try to explain you. iSwift and iChecker technology skip already scanned files that's true. If the file changed it gets scanned again.

What I mean is when you get infected the malware must be "loaded" in some way. So it'll get detected, also when detection signatures get added later. Besides the new pro-active modules ain't there for nothing either ;)

So everyone that has an issue with KAVs use of Iswift, are you saying that you wouold recommend VBA32 because of that? I guess I'm just a little confused.

{QUOTE-> Let me try to explain you. iSwift and iChecker technology skip already scanned files that's true. If the file changed it gets scanned again.

What I mean is when you get infected the malware must be "loaded" in some way. So it'll get detected, also when detection signatures get added later. Besides the new pro-active modules ain't there for nothing either ;) <-QUOTE}
Still, it didn't scan 40k+ files in 2 minutes.
You like to think that it did though... It just ignored the already checked files (even if they changed) ..

{QUOTE-> Then how do you explaing 40 sec scan time of 40000+ files? It can't be done, no way <-QUOTE}
iSwift and iChecker databases are only valid for the same signiture version.

The ability to scan "new and changed files only" doesn't actually scan files once, rather uses some randomization technology to ensure the file is scanned again too at some interval. This is only valid for default settings and REALTIME monitor only. The startup scanner (ran at every system boot and signiture update) doesn't use this by default. On demand scans don't use this option either, by default.

Edit: Of course if the file is changed it IS scanned again. You can confirm this yourself by modifying some files and scanning them again.

I think you are a little mislead Brian, read HERE (http://www.kaspersky.com/faq?qid=186010624) about iChecker and iSwift technologies.

;)

Thanks Brian. Your posts caused others here to provide information that made me even more of an admirer of KAV. As to VBA32 compared to KAV, the proof is in the pudding (http://www.av-comparatives.org/). Taste & see.;)

Seing the recent movie when KAV scans your harddrive, anything is better.
I can't believe they actually made that a part of their software...
Scan a file, its clean NOW, ignore it LATER when we scan again. Sad

You won't be getting 99% protection, not by a long shot.

Brian, it seems from this and a lot of your past postings dealing with the subject of KAV that you like to try to point out what you consider a negative point about KAV whenever possible.
So let me ask, do you have solid evidence to support your statements KAV is not as effective because of the iswift, ichecker setting?
Have you used KAV6?
Show what you have to prove that KAV does not provide 99% detection, other than your opinion, av comparatives seems to support the 99% detection rates by KAV.
It has been mentioned many times how fast NOD32 completes a system scan, and we all know it is an excellent AV, but are you saying users are getting shortchanged by NOD32's scan speed?
Why not just answer the question about VBA32 or KAV without injecting your opinion which appears to be biased as you are an avid NOD32 user.

To answer your question N8CHAVEZ:
I use KAV, DRWEB and have used VBA32 (have trialed just about all others too) and all provide very reliable protection. Try both and decide for yourself which you want to use. My only criticism is that VBA32 has not been thoroughly tested by any of the major test sites to my knowledge.

Edit: I stand corrected about the testing of VBA32, it is tested at av comparatives.

{QUOTE-> To answer your question N8CHAVEZ:
I use KAV, DRWEB and have used VBA32 (have trialed just about all others too) and all provide very reliable protection. Try both and decide for yourself which you want to use. My only criticism is that VBA32 has not been thoroughly tested by any of the major test sites to my knowledge.

Edit: I stand corrected about the testing of VBA32, it is tested at av comparatives. <-QUOTE}

I have used every AV you listed, along with NOD32, and I'm still having trouble making a decision. The only thing about the VBA32 test is that it is still incomplete. And, aside from that, every AV can, and has, had a bad test. Thanks for being objective.

{QUOTE-> I have used every AV you listed, along with NOD32, and I'm still having trouble making a decision. The only thing about the VBA32 test is that it is still incomplete. And, aside from that, every AV can, and has, had a bad test. Thanks for being objective. <-QUOTE}

Yeah, I know what you mean, it is hard to decide. Good luck.

{QUOTE-> Im not sure :P

But I'm talking about the 'ignore file if it's already been scanned' feature in KAV.
What if that file is infected? What if it's already in the system making crazy stuff? It get's ignored by Kav because "I scanned this the other day, it's clean man!".
It's crap, and that's my point of view, they make their costumers feel safe with super speed, when infact they could already be infected with a worm or whatever, which ofcouse KAV will ignore because it already scanned those files.... <-QUOTE}
Unfortunately, Brian you have no idea how the RTM of KAV 6 works in the "Scan new and changed files only" setting. Did you not read and take in Ian Kenefick's posts today? (http://www.wilderssecurity.com/showthread.php?t=131919).

I am now off to the KAV forum to post my thread on "Malware missed by NOD" just to balance the books out ::)

{QUOTE-> Unfortunately, Brian you have no idea how the RTM of KAV 6 works in the "Scan new and changed files only" setting. Did you not read and take in Ian Kenefick's posts today? (http://www.wilderssecurity.com/showthread.php?t=131919).

I am now off to the KAV forum to post my thread on "Malware missed by NOD" just to balance the books out ::) <-QUOTE}

Sorry buddy.

They closed the thread.

{QUOTE-> You like to think that it did though... It just ignored the already checked files (even if they changed) .. <-QUOTE}"Even if they changed"? Looks like there's something not clear to you about what a checksum is... ::)

{QUOTE-> "Even if they changed"? Looks like there's something not clear to you about what a checksum is... ::) <-QUOTE}

Even more to the point. Certain smaller files come under Ichecker. Whether or not they are scanned is a function of a checksum determination. Most of the other files come under ISwift which doesn't use checksums, it uses NTFS file internal descriptors. This means the files aren't rescanned as long as they don't change or don't move.

{QUOTE->
Brian, it seems from this and a lot of your past postings dealing with the subject of KAV that you like to try to point out what you consider a negative point about KAV whenever possible. <-QUOTE}
Bullcrap. I'm saying what I don't like about a piece of software regardless if it's kaspersky / nod / microsoft / whatever. And I don't like that "feature" in Kav6 because it has the option to ignore nasties.

{QUOTE-> Bullcrap. I'm saying what I don't like about a piece of software regardless if it's kaspersky / nod / microsoft / whatever. And I don't like that "feature" in Kav6 because it has the option to ignore nasties. <-QUOTE}

Hi Brian

A user isn't locked into that feature. It's there if you want it and not if you don't. Me I like it. It's worked fine, but if you don't, you don't have to use it. In the latest MP1 beta's they've significantly improved the scan speed. A full scan for me used to be 1:10, and now it's :44 Thats pretty significant.

Pete

{QUOTE-> Bullcrap. I'm saying what I don't like about a piece of software regardless if it's kaspersky / nod / microsoft / whatever. And I don't like that "feature" in Kav6 because it has the option to ignore nasties. <-QUOTE}

Hi Brian,
You don't seem to be using KAV or KIS anyway, so why bother so much?;D

1. On-Demand Scan. Most KAV users, particularly newbies will stay with the default settings so most users will not use the very fast on-demand scan. If the scan is taking a long time, they can simply select to shut down the scan after it has finished and can therefore carry it out at any time. Experienced KAV users know to mix up the slow and fast scans and to manually check downloaded files.

2. On-Access Monitor. Again default settings will be used by most users. BUT the "Scan new and changed files only" settings is not (http://forum.kaspersky.com/index.php?showtopic=12357) like the one in Dr Web or VBA32. This setting can again be supplemented by a regular default on-demand scan.

{QUOTE-> Still, it didn't scan 40k+ files in 2 minutes.
You like to think that it did though... It just ignored the already checked files (even if they changed) .. <-QUOTE}
The sad part your obvious hatred towards Kaspersky is that no one will listen to you if you continue this "mission" of yours, you seem to grab any little straw you can get, then twist it and present it in your usual "rambo style", that even other Nod32 users will see through.

Now about your claims: No the "scan new & changed files only" option does not mean it will not be scanned ever again, because it will, i can tell you this from months of testing it.

.....................On second thoughts, would you please continue in your usual style, because me thinks the entertaiment around Wilders would loose something without your comedy act.;D

Please stop poking the bear. If I remember correctly (sarcasm) I started this thread to help me make a decision on what AV to use; KAV or VBA, not on KAVs use of Iswift. People here must have a lot of free time on their ands and enjoy egging others on for the hell of it. If this thread is not going to stay on topic, I ask the mods to close it.

Don- Haven't you heard that it is best not to react or pay attention to a bully? Guess Not. I can assume that you're here just for that reason because you are a regular at the Kaspersky forum (and obviously biased), are unobjective, and not helping this threads purpose.

I used to think that after every update those files get rechecked but it's not it. Update frequency is too high so it would be pretty pointless. They however use some different aproach of re-checking files.
Also as far as i know they skip all properly signed files (signed by Microsoft).
If file is modified it looses the signature anyway, so pretty simple way of avoiding scanning system files that are clean.
More detailed stuff is known only to KL team however...

{QUOTE-> Please stop poking the bear. If I remember correctly (sarcasm) I started this thread to help me make a decision on what AV to use; KAV or VBA, not on KAVs use of Iswift. People here must have a lot of free time on their ands and enjoy egging others on for the hell of it. If this thread is not going to stay on topic, I ask the mods to close it.

Don- Haven't you heard that it is best not to react or pay attention to a bully? Guess Not. I can assume that you're here just for that reason because you are a regular at the Kaspersky forum (and obviously biased), are unobjective, and not helping this threads purpose. <-QUOTE}
Ok, i apologies accordingly for being one of those who hijacked your thread.

Now on topic:

I would with my coloured eyes choose KIS 6.0...because it's light on resouirces and still maintain it's 99.5/9% detectionrate despite being lighter, faster in the new version and there are features yet to be implemented.:)

About your last comment yes, normally, but the info was simply too incorrect to just ignore like i normally do with Brian's posts.

As my signature suggests, I currently use NOD32. I have a valid licence for it, with quite a bit of time left on it, but I feel it is time to move on mainly because of the way ESET is handling version 3; with a lack of information. That being said, I do agree that x.299 of KAV 6 is especially light on my system, even lighter than previous versions. So I do like KAV and am very interested to know what those features are that have not yet been implemented.
For some reason I am still drawn to VBA32. There have been times when it caught an infection that CureIt (Dr Web), NOD32, and KAV all missed. So i guess I feel safe with it. That might just be a false sense of security thought. VBA32 has become increasingly heavily lately. But I am suprised on how fast it adds defs and their hueristics.

Sounds to me like "Brian N" is a former Norton user still scarred by all the "Norton Bashing".Even if what you say were 100% correct which i don't feel it is, your talking about on demand scanning.KAV would catch any nasties once the file was accessed don't you think?.

{QUOTE-> As my signature suggests, I currently use NOD32. I have a valid licence for it, with quite a bit of time left on it, but I feel it is time to move on mainly because of the way ESET is handling version 3; with a lack of information. That being said, I do agree that x.299 of KAV 6 is especially light on my system, even lighter than previous versions. So I do like KAV and am very interested to know what those features are that have not yet been implemented.
For some reason I am still drawn to VBA32. There have been times when it caught an infection that CureIt (Dr Web), NOD32, and KAV all missed. So i guess I feel safe with it. That might just be a false sense of security thought. VBA32 has become increasingly heavily lately. But I am suprised on how fast it adds defs and their hueristics. <-QUOTE}

Hi n8chavez

I think they are working on some new PDM features, but I got to tell you they gave the scanning one big kick in the ..... Not counting the Iswift features the scanning time has dropped dramatically. As I said before my scan time for a complete scan dropped from about 1 hour and 10 minutes with previous builds, to about 43 minutes with the most recent beta's. This was noticed by many. A drop from 70 minutes to 43 is darn significant.

Pete

{QUOTE-> As my signature suggests, I currently use NOD32. I have a valid licence for it, with quite a bit of time left on it, but I feel it is time to move on mainly because of the way ESET is handling version 3; with a lack of information. That being said, I do agree that x.299 of KAV 6 is especially light on my system, even lighter than previous versions. So I do like KAV and am very interested to know what those features are that have not yet been implemented.
For some reason I am still drawn to VBA32. There have been times when it caught an infection that CureIt (Dr Web), NOD32, and KAV all missed. So i guess I feel safe with it. That might just be a false sense of security thought. VBA32 has become increasingly heavily lately. But I am suprised on how fast it adds defs and their hueristics. <-QUOTE}
There are several, i can't remember all, but: Deep memory scanning, snortrules (FW), more things added to the proactive: keylogger, better rootkit detection, advanced disinfection, there are more but i can't remember of the top of my head....yes, parental control for the suite version.

{QUOTE-> Please stop poking the bear. <-QUOTE}Better yet -- do not feed the troll.8)

So as to return somewhat to thread topic, tests show KAV affords superior protection. One should take note that OnlineArmor-AV+ now includes KAV plus a full-on HIPS + a spam killer + (coming soon) a firewall -- a VERY sweet (uh... suite) package!

Since you mentioned it, has OnlineArmor-AV+ updated to KAV 6 yet?.

6.0 and 5.0 show the same results during scan task (on-demand scans).The difference is in Proactive Defense module (behavior blocker) that exists in version 6.0 only.

Scanning speed of v6 seems quicker however (on demand scanning). Atleast on the systems i've ran it on.
Online Armor AV+ still uses v5 of the KAV engine.

n8chavez, i don't think anyone can really help you choose. Its upto you, consider the advantages and disadvantages YOU see of each product and choose that way. You can run one on demand and the other in realtime. KAV has alot of "value added" realtime componants that VBA32 doesn't.

{QUOTE-> If I remember correctly (sarcasm) I started this thread to help me make a decision on what AV to use; KAV or VBA, <-QUOTE}

I have a solution for you!

Why dont you buy both of them so you cant go wrong?

Am i right guys? ;)

Sorry Durad, seems like you missed something in the first post:

{QUOTE-> I have valid licences for both <-QUOTE}

;)

{QUOTE-> 6.0 and 5.0 show the same results during scan task (on-demand scans).The difference is in Proactive Defense module (behavior blocker) that exists in version 6.0 only. <-QUOTE}

HI IBK

You are right relative to the released version of 6.0. But the leastest beta's of 6.0 MP1 have an afterburner now.:D

{QUOTE-> I have valid licences for both <-QUOTE}

Sorry i missed that.

Use 1 month each than change :)

If you like Vba32 why not use it?

I want to thank everyone that has helped me while I make my primary AV decision. I have tried nearly every product out there, but in the end decided to go back to an old friend; the good doc. There were things I liked about every AV but with a simply interface, pitbull-like huerisrics and aggressive def adding Dr Web seemed the way to go. Simple and very effective.

If I did not like the ISwift and IChecker and the "scan only new or changed files" I would just uncheck them and not use them. I cannot understand the problem since there is an option. Use it and feel more secure if that is what it takes.
Jerry

{QUOTE-> The sad part your obvious hatred towards Kaspersky <-QUOTE}
That's even more bullcrap.
Expressing you opinion on this forum could never lead to lots of name calling and 'stuffing words in my mouth' thingies - Well, guess I was wrong.

I've never imaged being called a troll, the lowest scum on the net.
I understand that you people are defending you AV, because its oohhh sooo good, but calling people trolls, putting words in their mouths is just sad.

Now I know how the Kaspersky userbase works.. A bunch of teens with no social life whatsoever.
You make me sad.

{QUOTE-> Now I know how the Kaspersky userbase works. <-QUOTE}I am not a user of KAV. I am a DrWeb user. I honor Kaspersky for much the same reasons that, although I don't drive a BMW, I know from reading objective tests/reviews that BMW is a bloody good driving machine.

I am quite impatient with critics who condemn what they don't understand and, when they run out of facts, start comparing credentials.

Having said that, I consider VBA32 to be one of the best of the new group of AVs. Not yet in KAV's class... but close on its heels.

{QUOTE-> I've never imaged being called a troll, the lowest scum on the net.
...
Now I know how the Kaspersky userbase works.. A bunch of teens with no social life whatsoever.
You make me sad. <-QUOTE}Just hilarious. Now you expect us not to call you a troll after this outing? Please. ::)

{QUOTE-> That's even more bullcrap.
Expressing you opinion on this forum could never lead to lots of name calling and 'stuffing words in my mouth' thingies - Well, guess I was wrong.

I've never imaged being called a troll, the lowest scum on the net.
I understand that you people are defending you AV, because its oohhh sooo good, but calling people trolls, putting words in their mouths is just sad.

Now I know how the Kaspersky userbase works.. A bunch of teens with no social life whatsoever.
You make me sad. <-QUOTE}
Brian, i never called you a troll. As for then teens remark................thanks. ;D ;D ;D