anyone have test results of latest test by www.virus.gr ??

Im buying AV software and i wanna buy best AV by them!

thanks

Hi,
I personally think that the most antiviruses test sucks. The best is that you take time, and Install the AV that you like, probe it, the performance, updates, etc and decide what is the right choice for you.
However, I personally recommend the following AV:
-NOD32: Use low resources, the heuristic is one of the best, available in many languajes, good features, quick scan, the incoming mail scanner is excellent, it work as winsock level.
-KAV: Good detection rates, the best in this, heuristic so so, daily update, normally 2 per day or more, available in several languajes, good support, but if you plan install it, I recommend a good computer, 564 ram or higher, it AV use many resources than any other!.
-McAfee: Good heuristic scan and highly effective.
-Dr.Web: Light on resources, good heuristic, good detection rate.
I hope that this info will help you.
Regards.

You might want to have a look into this threat:

http://www.wilderssecurity.com/showthread.php?t=17092

wizard

I can vouch for Kaspersky using a LOT of resources. I recently broke down and got their v4.5 Personal Pro and can't do anything on my box while it's running a scan. I've got a 1.3G Athlon processor and 512RAM.

I've scheduled my weekly scan for late in the evening, when I'm finished using the computer. I'm still trying to figure out all the things this version can do. I'm impressed but think I could have saved a lot of money by going with the Personal version. This one does a lot more things than I'll ever use.

{QUOTE-> quoting: sir_carew link=board=24;threadid=18163;start=0#msg111967 date=1071909920]
Hi,
I personally think that the most antiviruses test sucks. The best is that you take time, and Install the AV that you like, probe it, the performance, updates, etc and decide what is the right choice for you.
...
<-QUOTE}
This is also my opinion. There are many good AV's out there, but not all of them may run smoothly on your computer. I personally like KAV very much, but my computer seems to be unable to cope with this "resource-hungry" AV. Therefore, I do hope KAV 5.0 will cause less problems.

I also think that NOD32 is pretty good, but the Eset folks shouldn't rest on their laurels. This AV still has many weaknesses. Anyway, if Eset improves both their AV and their support, NOD32 may soon be as popular as other leading AV's.

{QUOTE-> quoting: Buddel link=board=24;threadid=18163;start=0#msg112539 date=1072076334]
I also think that NOD32 is pretty good, but the Eset folks shouldn't rest on their laurels. <-QUOTE}

I don't think Eset does that. Development goes on and on and don't forget that they released this year a major program upgrade with massive improvments compared to the previous version of NOD32.

{QUOTE-> This AV still has many weaknesses.
<-QUOTE}

I don't say NOD32 is perfect (no av is that) but I don't think that there are "many weaknesses" left. Maybe you can give a list of what is in your opinion missing in NOD32 to be a "leading av".

wizard

When I said Eset shouldn't rest on their laurels I was thinking of their support in particular, which, IMHO, has not always been that good. In order to find out about NOD's problems, just read the threads in the "official" NOD32 forum. There you will find the problems encountered by many people (well, I'm one of them). Some problems: shutdown protection, trojan detection, scanning inside SFX archives etc.

I do think NOD32 is a promising AV, but in my opinion, it does not (yet) belong to the leading AV's such as KAV and McAfee. Nevertheless, if both NOD32 and Eset's support improve, I'm sure NOD32 will soon be a top-notch AV.

{QUOTE-> quoting: Buddel link=board=24;threadid=18163;start=0#msg112572 date=1072089680]
Some problems: shutdown protection, trojan detection, scanning inside SFX archives etc. <-QUOTE}

Let's see
a) shutdown protection: not really necessary. If NOD32 picks up malware before it executes there is no way for the malware to shut down NOD32. And if malware bypasses NOD32 than you have to worry about much more than just that your av software is not shutdown

b) trojan detection: agreed, but this counts for nearly all antivirus programs except of those KAV-based ones.

c) Useless. If you start malware that is inside a SFX archive the malware has first be unpacked somewhere on disc before it really be executed and that's when the on-access scanner AMON catches the malware - early enough.

wizard

a) shutdown protection
I think it is necessary. Yes, if NOD32 picks up malware before it executes, there is no way for the malware to shut down NOD32. But: what if NOD32 fails to detect it?

b) trojan detection
You are right: I was thinking primarily of KAV-based AV's.

c) scanning inside SFX archives
It's not useless in my opinion. You are right again: AMON will catch the nasty as soon as it is executed. However, I would like to know that there's crap on my computer before it is executed.

{QUOTE-> quoting: Buddel link=board=24;threadid=18163;start=0#msg112578 date=1072093253]
But: what if NOD32 fails to detect it? <-QUOTE}

Let's try an example: NOD32 (with assumed shutdown protection) fails to detect malware. NOD32 keeps happily running while malware does damage to your computer or steal your data.

NOD32 (without shutdown protection) fails to detect malware. The malware shuts down NOD32. You are warned that something is wrong with your computer and can take counter measures.

But anyway in both cases: Sh*t happend and there is no gain by having a shutdown protection at all.

{QUOTE-> However, I would like to know that there's crap on my computer before it is executed. <-QUOTE}

At the moment I know only one av program that comes close to what you want: KAV. But still KAV does not support all kind of intallers or sfx-packers, archives and so on. At the end also KAV relies on one single technique: wait untill the file is unpacked and stop the malware from execution. So personally I think there is no much gain from this kind of feature from a security point of view.

The "cost" for that fantastic feature of scanning in all kind of installers, archives and so is that KAV uses a lot of resources and the scanning speed is extremely slow.

Don't think that's the way Eset should follow. I hope that they will keep the approach on focusing on the real points that are important for security and keep NOD32 fast and resource light.

For those who want all archive scanning features they better stick to KAV anyhow, as Kaspersky is in these areas of unpacking/archive scanning miles ahead of nearly everybody in the av industry. :)

wizard

{QUOTE-> quoting: wizard link=board=24;threadid=18163;start=0#msg112581 date=1072094491]
For those who want all archive scanning features they better stick to KAV anyhow, as Kaspersky is in these areas of unpacking/archive scanning miles ahead of nearly everybody in the av industry. :)
<-QUOTE}
Couldn't agree more. :)

Anyway, I still think shutdown protection is important (even though there may be more important things to implement into NOD32 at the moment):
If a virus which NOD32 is capable of detecting simply shuts down this AV, my data will be damaged because NOD32 is unable to block it. NOD32 knows this virus, but it just cannot stop it from getting on my system.
However, if a virus which NOD32 is capable of detcting is blocked by this AV through shutdown protection, my data may not necessarily be damaged because the virus cannot get on my system.

I don't really care how much time an AV needs to scan my computer as long as it scans it thoroughly. What's the use of a "Formula One AV" if it fails to detect malware on my computer?

The fact that NOD32 is very "resource-friendly" was the main reason for me to have a closer look at this promising AV.

{QUOTE-> quoting: Buddel link=board=24;threadid=18163;start=0#msg112588 date=1072096492]
NOD32 knows this virus, but it just cannot stop it from getting on my system.
<-QUOTE}

If NOD32 detects a malware it stops it. There is no way for malware that is know to NOD32 to execute (and therefore to shutdown NOD32) except of two cases:
a) the user allows the malware to execute
b) the user executes the malware without having AMON running

wizard

{QUOTE-> quoting: wizard link=board=24;threadid=18163;start=0#msg112577 date=1072092579]
b) trojan detection: agreed, but this counts for nearly all antivirus programs except of those KAV-based ones.
wizard <-QUOTE}

DrWeb is pretty good at this, too, isn't he, Wiz?

{QUOTE-> quoting: bellgamin link=board=24;threadid=18163;start=0#msg112711 date=1072124824]
DrWeb is pretty good at this, too, isn't he, Wiz?
<-QUOTE}

I agree, not as good as KAV in this field but overall there is nothing bad to say about DrWeb. :)

wizard

Hello all,

just a little hint: starting from February 2004 there will be a new source for AV comparatives ;-)
About 10-12 of good AV products will be tested.
I will let you know the link as soon as the webpage is online.

Regards,
Andreas

I keep hearing how good kav is but in every test I have seen there is another av that is always tied or beats kav. It is mcafee virusscan. I know a lot of people don't like it but the fact is it is a very good av. Here is a screen shot from a rokop test taken 08/24/03

The rokop test are bad. Rokop's people don't use the extended bases for KAV, if rokop people was used the extended kav bases of kav, kav will be the winner, moreover the rokop test don't use the advanced heuristic for nod, and I don't believe that the NORTON AV detect more than NOD, it's impossible, I've been using NAV with large years, and the "heuristic" joke called BloodHound jajaja is useless, it don't detect any mass-mailing, p2p, vbs, and others worms that McAfee and NOD detect proactively.
I've VBS.Cling, KAV detect proactively as Type_Script, NOD (with normal heuristic) as Probably new Script Virus, and dr.web as Probably new script virus.
Please, is impossible that NAV detect more than NOD. LOL.

Hey I am not a av tester and they are Maybe they do it right and maybe they don't but I will not claim to know more than they do. I do not base my trust in a product from one groups test. I take rokops test for what it is,one groups test but the results are interesting, Kav ,nod, mcafee I don't believe there is a (best) av they all have benefits and weaknesses. Like I have seen it said here on the forums a dozen times if it works for you then at the time it is the best for your situation but because it is the best for you you can't try to tell someone else that it is the best for them to. It just wont work that way. For a while the etrust armor free av and firewall was the hot thing. I know that it is not a bad av at all but it would not work on my comp's configuration so it was not so good for me. And maybe it worked perfect for someone else. It just goes to show you no matter where you go there you are. Which means there is no end to the question which is the best. ;D

I'm agree that no av is the better, but exist some Antiviruses that really are bad, here are my fundament, because my opinions and fundament are based in my own experience:
I've a .AVC (AVP/KAV bases), it's a old interesting a proof-of-concept viruses made years ago, but not detected by some AV, including NOD and NAV, KAV detect it as Trojan.Hoho.a
I send it to Symantec and Eset. Eset was add it as Hoho.A and Symantec answer me: The file is clean!, what type of ignorant do Symantec have?, maybe the "best" antivirus don't exist, however there are many BAD antiviruses, and one of the best example is Symantec.

{QUOTE-> quoting: wizard link=board=24;threadid=18163;start=0#msg112683 date=1072120025]
{QUOTE-> quoting: Buddel link=board=24;threadid=18163;start=0#msg112588 date=1072096492]
NOD32 knows this virus, but it just cannot stop it from getting on my system.
<-QUOTE}

If NOD32 detects a malware it stops it. ... <-QUOTE}

I agree, but what happens if this virus shuts down NOD32 before this AV can detect it?

I'm just thinking of some dialers which had and perhaps still have the ability to shut down certain anti-dialer programs. These dialers simply killed these programs, so that expensive numbers could be dialled. If these programs had had better shutdown protection, this would not have happened. So if a virus simply kills the NOD32 process before this nasty is detected, my computer may get infected. This is the reason why I do think that shutdown protection is important.

Nevertheless, NOD32 is a good, promising AV. I have been using it myself for a couple of months and I still like it. Perhaps it is not as good as KAV-based AV's, but if you are looking for an AV that is both light on resources and reliable, NOD32 is definitely a good choice.

>I agree, but what happens if this virus shuts down NOD32 before this AV can detect it?
If NOD32 detect a certain virus, AMON will stop the virus before the virus can shut down any program, damage the pc, etc. the only problem is what happend if a dropper, kill the nodkrn.exe process and drop a know virus, in this case, NOD will not detect the known dropped virus.
>Perhaps it is not as good as KAV-based
KAV-bases AV are good detecting "known" viruses, however the KAV heuristic isn't good, and in this case, NOD is much good than KAV, so KAV is better than NOD only detecting old known viruses, and not newly worms.

{QUOTE-> quoting: sir_carew link=board=24;threadid=18163;start=15#msg112839 date=1072163875]
..., however the KAV heuristic isn't good, ...
<-QUOTE}
Hm... this is not the experience many other people have made. ??? I can't confirm this either.

{QUOTE-> quoting: sir_carew link=board=24;threadid=18163;start=15#msg112809 date=1072155828]
The rokop test are bad. <-QUOTE}

I can't agree to this statement. ;)

{QUOTE-> Rokop's people don't use the extended bases for KAV, if rokop people was used the extended kav bases of kav, kav will be the winner,... <-QUOTE}

In this special case KAV would not have been "better" while using the extended signature bases. Compared to McAfee KAV just missed one or two packer/crypter in this test.

{QUOTE-> Please, is impossible that NAV detect more than NOD. LOL.
<-QUOTE}

No it's not. Depending on whatever is in the testset or you can let every program look like the winner or the looser. ;)

wizard

regarding shutdown protection there's a nice feature in kav: when a nasty tries to shutdown kav(avpM.exe) it will display a message in control center: dangerous situation, process ****** tries to shut down anti virus monitor.. so although kav is generally unkillable, the user is notified..
now do you listen ESET folks?

kav heuristics bad? i can't confirm that either.. perhaps not the best(that would be nod or dr web), but it is good believe me

{QUOTE-> quoting: illukka link=board=24;threadid=18163;start=15#msg112858 date=1072172040]
regarding shutdown protection there's a nice feature in kav: when a nasty tries to shutdown kav(avpM.exe) it will display a message in control center: dangerous situation, process ****** tries to shut down anti virus monitor.. so although kav is generally unkillable, the user is notified..
now do you listen ESET folks?
...
<-QUOTE}

Would be nice if there was such a feature in NOD32, too.

The heuristic of KAV is really bad, no as NAV, but bad.
The latest viruses, what of those KAV detect proactively with the heuristic?, I know only one: Win32/Alanis.A
I've P2P samples that only NOD with AH and McAfee detect via heuristic.

All talking about Mcafee, KAV and NOD but we should put there and F-secure 2004 same as Panda 2004
I personaly think these 2 programs are better than KAV nad Mcafee
Many times I installed PANDA av on infected PC and it deleted all viruses which Norton and KAV failed.

Im currently testing NOD antivirus ;)

Panda doesn't do as well in professional tests, which I trust more. And I'd rather have an AV that has a large database than one with decent heuristics. Heuristics are imperfect and can't be relied on. If you get very frequent updates like KAV has, you'll detect more viruses than with NOD - despite the heuristics. And sir_carew must admit, others have found KAV's heuristics to be better than he says.

I just tested NOD32 at that webpage mentioned at dslreports - and got infected. Norton and KAV both detect it. NOD32 is promising, but that confirmed that I'm definitely not buying yet.

NAV heuristic is very bad, it's impossible that NAV heuristic are better than nod, VERY impossible.
KAV heuristic isn't better than NOD, please give 4 recent viruses that KAV catch and NOD not. NOD catched Logpole.a/b; Swen; Sober, and Mimail that KAV not.
Panda is a good av, however I install it and I went in safe mode to restore my pc to work perfect, it slow-down my pc, damage my windows, etc. carefully with this av.
F-Secure use 3 engines, kav, f-prot and other, however the availabilitie of kav update for f-secure aren't the same that for KAV.

If you look at overall viruses, there are plenty that KAV catches that NOD32 doesn't. I'm not talking about heuristics. I'd say that NOD32's heuristics are better, but that doesn't mean much to me. Heuristics are still not very advanced. I do agree that NAV's heuristics aren't good. I was talking about a website exploit that NOD32 completely missed.

Yes, NOD misse some exploits.
KAV detect more old viruses than NOD, 100 % agree. But old viruses aren't important, I segure that nod cath more new viruses than KAV thanks to its heuristic.

I'd say that KAV gets the viruses in time enough for me. The larger database of KAV has many recent viruses.

I know that KAV have new viruses too, but NOD detect many new unyet clasified viruses, in special p2p, mass mailing, encrypted than KAV with heuristic isn't able.
All days appear new p2p, mass mailing... worms that NOD detect without update, and kav need update, for this I think that NOD detect more new viruses, and for this I think that the heuristic is very important point in a AV.

IMO NOD32 could be a good backup AV for me - if I save a lot of money up. And in the future, as it adds more trojans and exploits, it might be a fantastic resident AV.

As I said, NOD32 doesn't detect enough new viruses for me to use it over KAV. I don't even use Outlook much for mail. Or P2P much. And you could get caught with just a slightly older P2P worm that goes undetected by NOD32.

Hi,
Don't use Outlook, OE, instead use The Bat, the mail of Opera, or others.
Can you send me those old p2p samples?, if yes, send me a private message.

I don't have any - I'm saying that KAV's database allows it to detect quite a few that NOD32 can't. NOD32 is attempting to catch up and it gets credit for that. I guess we just have different wants in an AV. I like having a lot of viruses in the database and get worried when an AV doesn't detect a website exploit (that exploit stops your AV scanner when it gets to it. Used GoBack to get it off.) And you like the fact that NOD32 can find some new things. I hope that NOD32 gets so it can satisfy us both.

Yes, the AV matter are many relative.
The only think that I believe that nothing can't said nothing different, is that the heuristic of NAV is toy, a joke ;D
Think that NOD is a relative "new" antivirus comparing to others like mcafee, kav, nav...

I agree - I've seen NOD32's regular heuristics detect a couple things that I downloaded for testing. Well, I have to go to bed. Nice talking to you. :)

>Nice talking to you
You're welcome, I think the same, do you have MSN or ICQ for speak about the security pc matter?
Thanks.

No, I don't have those chat vehicles, but give me a PM anytime.