I've been using ewido / AVG AS for the past year and have been relatively pleased w/ the app. Fortunately, it only finds a few cookies here and there. I also use manual scanners maybe once a month. Not much to report on this end either. My only current issue w/ AVG is that guard.exe slows down Firefox startup, sometimes miserably.

Last year I switched from SpyWare Doctor V4 to ewido. On my laptop I have Spyware Doctor V5 beta working "almost" flawlessly. I'm not crazy about PC Tools as a company, but SWD has been improved to a point where I would consider using it as my main AS.

I wonder what the future holds for AVG AS.
My subscription is up in 15days and I was wondering whether to renew or not.

...screamer

I have been running Ewido/AVG since the demise of TDS-3 and
think well of it. You might wish to look at A2 or Online Armor as
alternatives, i think quite highly of both of them. I have 5
machines here and have different security setups on each.
I run all each of the above on at least one machine.



Mike

Also you can try Counterspy from Sunbelt. It is light in resources and fast, with excellent detection rates.

I am a fan of AVG Products, but the recent findings that AVG Antispyware software only uses Heuristic Detection for On Demand and not in RealTime, prompts me personally to use something other than AVG AS. I think it is great for those using IE and not Firefox, but for anything more than a Signature Based AS, at this point one would need to look elsewhere. I realize how well AVG Anti-Malware did in the recent AV Comparitives, but again this was for On Demand and not RealTime Detection. I am however quite faithful that Grisoft will soon implement Heuristics in all of its AVG AS products. As for its On Demand Detection I believe it will continue to improve.

Counterspy barely detects and doesn't clean anything crucial. CS V2 is having major problems right now,but their tech support is excellent.Ewido/AVG has cleaned the tougher infections I have gotten that CS has detected but couldn't clean.Another downside of CS V2 is that it conflicts with other programs.My opinion is it's worth $15.00 to renew AVG antispyware since it uses the ewido scanning engine.

With 8 days left on my ewido / AVG subscription I've decided to use SWD ver.5 beta 11. None of the performance issues related to SWD ver.4. It runs silent & fast. No conflicts w/ other security apps. In fact I don't even notice it on my box except for the systray icon. PC Tools is working very hard to correct any and every issue brought to their attention, and they're doing it in a timely manner. Response time on their forum is quite impressive indeed.

If and when ewido / AVG fixes the guard.exe issue, I'll consider switching back, but untill then, I'm quite satisfied w/ my choice.

...screamer

-{ Quote: "Counterspy barely detects and doesn't clean anything crucial. CS V2 is having major problems right now,but their tech support is excellent.Ewido/AVG has cleaned the tougher infections I have gotten that CS has detected but couldn't clean.Another downside of CS V2 is that it conflicts with other programs.My opinion is it's worth $15.00 to renew AVG antispyware since it uses the ewido scanning engine." }-


Counterspy has better detection rates even spy sweeper. It had been improved over v1. Sure there is not perfect program that can detect everything. Check this report http://www.sunbelt-software.com/documents/pcworld_spyware_test_results.pdf

-{ Quote: "Counterspy has better detection rates even spy sweeper." }-

Is it me? Can't find ewido/Avgas

Gerardo

AVG: http://free.grisoft.com/doc/5390/lng/us/tpl/v5

...screamer

-{ Quote: "AVG: http://free.grisoft.com/doc/5390/lng/us/tpl/v5

...screamer" }-

Screamer, gerardwil mean that AVG don't appears in the comparative test report, check my previous post.

My AVG 7.5 AS has found 4,832 pieces of malware just running in real time. At least that's what it says on the home page. I use SAS for scans on demand. Good combo.;D

eiether renew avgas or try out counterspy 2.0 or superantispyware pro
all great apps
lodore

@calcu007: Ooppps!

@ladore: I'm gonna stick w/ SWD Ver 5 beta till full release. It's really a kick-ass spyware app.

...screamer

-{ Quote: "@calcu007: Ooppps!

@ladore: I'm gonna stick w/ SWD Ver 5 beta till full release. It's really a kick-ass spyware app.

...screamer" }-

what is w/swd version 5?
which apps?
lodore

-{ Quote: "It's really a kick-ass spyware app." }-

So kick-ass that it is blind to Rustock B trojan when it is loaded:'(

:o Gee's man another couple of months and Rustock will be celebrating its first birthday:blink: so its not like it's a newly discovered malware.

Obviously PCtools advanced technology is'nt keeping up with malware technology,not good show at all from what some consider to be one of the once leading 3 ASW softwares.

@ ladore "what is w/swd version 5?
which apps?"

I don't get the question.

@fcukdat: Don't know about Rustock, but SWD ver 4. cleaned anything I had on my box. No app gets em all. I could be wrong... fcukdat, if you know one, I'm all ears.

...screamer

Hello
Ditch SD.
Do not renew AVG license - use as on-demand scanner.
All problems solved. Don't get too excited about fancy trojans...
Mrk

-{ Quote: "Hello
Ditch SD.
Do not renew AVG license - use as on-demand scanner.
All problems solved. Don't get too excited about fancy trojans...
Mrk" }-

hehehe... yeah, I guess so ;)

...screamer

-{ Quote: "Hello Don't get too excited about fancy trojans...
Mrk" }-


Yeah i wonder how many folks are backdoored by this fancy nee *advanced* trojan and don't know it.I had one URL that delivered Rustocks as regular as clockwork alongside CWS infections via mutiple exploits.

-{ Quote: " but SWD ver 4. cleaned anything I had on my box. No app gets em all. I could be wrong... fcukdat, if you know one, I'm all ears." }-

SWD cleaned what it detected on your box:thumb:

But your right no one gets em all:'(

What about BOClean? It,s one time payment if I remember exactly. Seems a very good software.

AVG AS, SAS, A2 on demand. Your AV real time.
For AV backup, if really wanted, Prevx1, Cyberhawk, ST's shield are other approaches. BOclean looks good too, but i have no way to confirm.
If even so you want real time AS, one of the three above.
If you don't install much, SandboxIE.:)

-{ Quote: "What about BOClean? It,s one time payment if I remember exactly. Seems a very good software." }-

I would highy recomend BOClean. Worth every cent.

Dose Boclean detect Rustock B when it is loaded ?

AVG7.5 ASW,SD5,CS 2.0,a2 all do not:blink:

-{ Quote: "Dose Boclean detect Rustock B when it is loaded ?

AVG7.5 ASW,SD5,CS 2.0,a2 all do not:blink:" }-
No. I'm suprised and disapointed that they do not (yet). It still is a top notch app with great support to boot.SuperAntiSpyware detects this?

-{ Quote: "No. I'm suprised and disapointed that they do not (yet). It still is a top notch app with great support to boot.SuperAntiSpyware detects this?" }-

SAS detects and cleans Rustock A's & B's when they are loaded;D

Virtually all signature based software will flag a rustock file if it is inactive but virtually all but a very few will detect it when it is running.Its not a case of signatures updated required it is technology under the hood so to speak;)

I watch with interest because CounterSpy brought out its much vaunted 2.0 software and this state of the art scanner was blind to Rustock.SpySweeper latest offerings,AVG 7.5ASW and the latest Adaware2007 Beta,so all these new and improved softwares and they cannot bust a bot that is is 9/10 months old:blink:

FWIW Rustock is still the most advanced trojan in my zoo:)

Again, AVG AS + A2 + SAS. These are my main scanners/ artillery. None are paid/ real time.
fcukdat: which of these 3 has better real time protection? You're all for SAS, but is the shield that good too? And light? (curious)

-{ Quote: "AVG AS, SAS, A2 on demand. Your AV real time.
For AV backup, if really wanted, Prevx1, Cyberhawk, ST's shield are other approaches. BOclean looks good too, but i have no way to confirm.
If even so you want real time AS, one of the three above.
If you don't install much, SandboxIE.:)" }-
Hi Somone, now u have posted a pretty healthy list of options here.

Thank you:)
One thing to compare: A-squared has a behaviour blocker. How are the other's shields? (coz, this looks better)
And is this behavior blocker good, regarding something like CH?

Hello,

fcukdat, you can always seek hidden trojans using live CD.
As to people being infected and not knowing it ... well ... what can I say. Regarding the exploits you mentioned, again this takes an effort - using the wrong browser to visit a wrong page, when your OS is full of holes.

Mrk

Apologies folks for strayin way OT but this is somewhat relevent to so called advanced detction software.
-{ Quote: "Hello,

fcukdat, you can always seek hidden trojans using live CD.
As to people being infected and not knowing it ... well ... what can I say. Regarding the exploits you mentioned, again this takes an effort - using the wrong browser to visit a wrong page, when your OS is full of holes.

Mrk" }-


Hi Mrk my knowledgeble freind but lets not forget the fact that for example building your own Bart PE goes far beyond the remit of most folks and that includes a lot of the folks that visit/frequent the security forums for education etc.
Dont forget slaving in a second drive dose the trick too but again it is not a onestop solution that can be widely utilized.

FWIW i agree and disagree with your statement on patch's and exploits,yep Windoze takes effort to switch off automatic updates to stem the bandaids,WGA etc but there is such a thing as 0 day exploit in the wild,we've seen plenty and it's occurence will always clip some innoccent victim's when they occur:'(

If you remember the storms email worm back in January07,when that campaign began quite a few AV's were caught sleeping although they reacted quickly by updating there sigs to target the worm.The trouble was the damage was already done for a lot of those victims(uneducated)that opened the executable attachment.The worm dropped the wincom32 rootkit trojan which opened up a backdoor and added the infected PC to the fast growing Nuwar botnet.

Guess what all those folks saying my AV has detected blah-blah(Peacomm,Pead) a few days later and then the worm is removed by the signature based software....Sorted ???

:blink: Shame about Mr Wincom32 still cloaked and the infected 'puter is still backdoored.Only a few of the AV's have the capability of seeing the loaded wincom32 trojan so all the rest have a clean bill of health since the worm has been removed:thumbd:

Now factor in that i busted wincom32 trojan which came imported with CWS infection 4 days before *the Storms* event and you might see which folks were behind the email/worm campaign.This was a targeted attack to harvest as many new zombies as possible using peoples lack of PC security awareness
to achieve its goal.No effort on the victims behalf literally to become infected.

Relevent to this topic i'm not sure if SWD can see loaded Wincom32 but hopefully at some point this weekend i will give it a run out and let y'all know :)

Hello,

My aim was not to disparage. It's just that when people here things like bodiless, undetected trojans and alternate data streams, it sounds like a coffee enema to most. A frightening prospect. We should calm them down.

I think that such threats should be taken in perspective. First, it's just computer software. Second, the worst thing that can happen is to reinstall the OS. Once people understand this, they can think logically.

Regarding live CDs, downloading + burn a Linux ISO takes very little effort, although using their tools to forensicate and enemaize Windows might take even more skills than making BartPE CD.

Keep on the good work, man. But remember. Every time you mention a terrible word, someone out there rubs their hands and thinks - another storm of dollars is coming my way ...

Rustock or Woodstock ... doesn't matter - just simple stupid software. Remember 1988? How things were simple then? There were no trojans then. And miraculously, we all got by well. So nothing dreadful will happen if a computer gets cankered.

Of course, you have the people who have never heard or will never care about potential consequences, whatever they are. But for those who do lurk and listen and have caught the whiff of rumor, the big titles and terrifying words that you see everywhere are in fact counterproductive. To learn, you must first let go of fear.

If they realize that, then perhaps their education will be so much more effective. And instead of running for one-in-all ultimate solutions that do not work but falsely assuage the buyer, perhaps the people will try to listen and actually think.

Mrk

very good points Mrkvonic
if you practice safe surfing and havent got infected in ages then chill.
sure there are threats out there but they are not targetting you and very likely never will.
with my new pc im gonna create an offline fresh image so if i screw windows up all i need to do is pop in the cd browse to the image and restore
lodore

Point taken again my freind but don't overplay the everything is rosey too much.

Folks have had their personal data removed and used with criminal intent.It dose happen and i don't expect those victims to have the no big deal spin on the event.

With reguards the storms worm event subsequent worm network traffic reports suggested ~250k+ worth of compromised machines within 3 days.Probaly lots of folks getting new/first time computers for xmas or UK netcitizens in a rush to see the storm pictures(.exe) attached to the campaign email.

Even you have to accept what a loaded backdoor potentially represents to the security of a computer=kiss goodbye to your base if the attacker so decides.

-{ Quote: "Screamer Re your security sig" }-

Looking at your safety aps (Pro FW, Good AV, Plus clasiscal HIPS), I would spend my money on a sandbox like GesWall or DefenseWall or just trust the three security aps you have got.

Regards K

-{ Quote: "Looking at your safety aps (Pro FW, Good AV, Plus clasiscal HIPS), I would spend my money on a sandbox like GesWall or DefenseWall or just trust the three security aps you have got.

Regards K" }-

Kees, I already re-newed my SWD subscription and I've got like one day left w/ AVG. I think I'm gonna stick w/ SWD in the active security group and retire AVG to my on-demand collection.

Just D/L'd Primary Response SafeConnect to give it a whirl.

...screamer

I have used the free versions of SD for some time, and one thing I don't like about them is that they take forever to load at startup. By watching CPU activity with Process Explorer I have found that SD version 4 consumes literally 90 -100% of cpu cycles for 6 minutes during startup. I can't get into the internet or do much of anything else until SD finishes doing its thing.

It also gets very active at other times, notably during scans with other AS applications. I would shut SD down to speed up the scans, but then when I restart it, it eats up another 6 minutes of cpu time.

I would be interested in hearing how SD 5 performs in this regard. My general impression is that others also feel SD does not run light at all.

-{ Quote: "

I would be interested in hearing how SD 5 performs in this regard. My general impression is that others also feel SD does not run light at all." }-

The sluggish behaviour you mention was prevalent in ver. 4, that's why I canned it. SWD ver.5 runs lean on my box. I do realize that my situation is not the norm. (referring to complaints on SWD forum) Since I installed SWD beta 5, I couldn't be more pleased w/ this app. In fact AVG' guard.exe slowed things down much more than SWD ver.5


...screamer

-{ Quote: " SWD ver.5 runs lean on my box. ...screamer" }-

Thanks for that post, which I guess includes a screen from What's Running.

One specific question: does SWD run lean at startup, while you are up and running, or (hopefully) both?

-{ Quote: "Thanks for that post, which I guess includes a screen from What's Running.

One specific question: does SWD run lean at startup, while you are up and running, or (hopefully) both?" }-

Absolutely both. No start-up issues like the prior version. It's like its not even there.
Then again, this -is one of the "major" complaints about SWD. Even this version, many ppl are complaining that their boxes slow to a crawl. Mine hasn't.
The only way to know for sure is to D/L a copy.

YMMV,

...screamer