Hi All,

Trustport obtained the highest ratung in the last AV comparatives test. (AV=Anti Virus, AS = AntiSpyware)

Trustport Combines the AVG free, Ewido (now AVG AS), Norman and Dr Webb, so in effect it is AVG paid (AV+AS), Norman and DrWebb.

Most Wilders Members always argue that out of the free AV's Antivir is best. Only the free Antivir is the AV engine only, without the AS. In other tests this reduced the effectivitu of AVG and ANtivir with 75 t 90 percent (depends off course on the test samples used).

For a friend with an average dual core with 2 GIG mem running Vista with UAC in quiet mode and Vista FW, I have set up this combo:

1. Antivir free (only has AV engine)
a) set to check at write only
b) set with heuristics high (Avira has one of the best heuristics)

2. Avast free (has AV and AS engine)
a) set with standard shield OFF (dus no execution, read and write control). This to prevent overlap with Antivir.
b) set with the other (except Outlook) shields ON, being P2P, Web, Internet Mail, Messenger, Network

I told him this combo would be as good as Kapersky (I know it is a bold statement). He is really a security Noob. He also told me that everyone is warning him not to combine AV's. I only showed him Trustport and said that it is true when they conflict, but Avira and Avast do not conflict with this set up. It is a Best of Both worlds setup,

Any comments/ideas/discussion?

Forgot to tell that I gunned down Notify.exe with Vista security properties (not allowed to execute).

AV's don't conflict eachother if you properly exclude their folders.
They only compliment eachother unless devs use some crappy way of hoking stuff that hogs down everything. Stay away from such antiviruses anyway even if you use them alone. They are no good if they do such things...

just u wait till the day that one starts getting FPs from the other's update packages orcrashes from new updates and patching..if you like that anyway you should consider a multiengine product :) Gdata is great

Chris,

Friend did not report any of such problems. I think this 'wait until' are one of the myths of combining an AV.

Regards

{QUOTE-> Chris,

Friend did not report any of such problems. I think this 'wait until' are one of the myths of combining an AV.

Regards <-QUOTE}
I know for a fact that KAV and NOD32 v3 don't play well together. There may be others.

KAV, doesn't go with any its got to be on its own. Just don't put 2 realtime scanners or firewalls on one go.

Yep,

Some AV do not match and should not be matched. But the combo Avira and Avast work wondefully well together.

;D {QUOTE-> Yep,

Some AV do not match and should not be matched. But the combo Avira and Avast work wondefully well together. <-QUOTE}
If it works, its good!

Kees! let me ask what you are going to get by adding Avast to Antivir?
It will add a minimal of extra protection only( if ever). U can,t totally protect a PC from viruses even if u install Virus Total( supposing it to be possible). One good scanner is more than enough. If I am in ur place I would have added ThreatFire or some thing similar( Prevx ABC, PRSC, N Antibot etc) in addition to Antivir( with medium heuristics).

Can't imagine cobining Avast and Avira is more safe than just Avira. Avira is safe enough. I will only slow things down, isn't it?

well both scanners are tops in performance but still,if files are opened three times thats gonna have an impact.altough if you only use your pc for surfing and non intensive stuff and u like it,why not

{QUOTE-> Hi All,

Trustport obtained the highest ratung in the last AV comparatives test. (AV=Anti Virus, AS = AntiSpyware)

Trustport Combines the AVG free, Ewido (now AVG AS), Norman and Dr Webb, so in effect it is AVG paid (AV+AS), Norman and DrWebb. <-QUOTE}

so have they dropped bitdefender?

or is it now?

1. AVG AM
2. NORMAN
3. BITDEFENDER
4. DRWEB

Of course, 2 AVs often do not get on well with each other and cause major problems/crashes, whereby usually, simply uninstalling them both and then installing one usually fixes it.

There is a large slowdown with 2 AVs and little additional protection attained by using 2 AVs (because of often a large signature/detection overlap)

Add each AV to the other's exclusions to minimize the possibility of conflict.

2 AVs can be done. Just keep an eye out for problems. Any sign of instability and you know what to do :)

try to limit web browsing to 1 (or maybe 2 max) engines.

use the 4/5 or whatever for purely on demand scans.

{QUOTE-> Kees! let me ask what you are going to get by adding Avast to Antivir?
It will add a minimal of extra protection only( if ever). U can,t totally protect a PC from viruses even if u install Virus Total( supposing it to be possible). One good scanner is more than enough. If I am in ur place I would have added ThreatFire or some thing similar( Prevx ABC, PRSC, N Antibot etc) in addition to Antivir( with medium heuristics). <-QUOTE}

Aigle,

Why Avast?

Avast free is the AV + AS. Antivir freee is only AV. I have seen some test reports where the free version sof AVG and Antivir scored 75 to 85/90 percent of the paid version (AV plus AS versus only AV).

So reason one is: Avast free = AV PLUS ANTI SPYWARE

Reason two is that Avast has modules whch check data before it is executed (the Web shield for instance). In terms of protection you want this malware to be killed before it is executed (f.i. in a webpage). Because Antivir takes care of the file writes to disk, Avast takes of all the incoming data streams. This means that Avast discovers earlier than Antivir. Earlier is better is a golden rule. Third reason Avast has got a Network module which acts as a simple NDIS (mostly against worms), so all and all it is safer.

Secondly Trustport proves that combining different engines increases the protection level (see AV comparatives).

It turns out that execution and read checking of AV's account for the highest CPU delay. With this setup Avast incoming streams and Antivir writes the combo is amazingly fast.

The higher AV protection level combined with the LUA of Vista gives a lot of protection.

Why not TF?
I tried TF with him, let him download a few test files. ThreatFire tells often to only proceed when you trust the program. The Noob trust the program so he choses YES! So even TF was to difficult.

Regards Kees

Regards Kees

{QUOTE-> so have they dropped bitdefender?

or is it now?

1. AVG AM
2. NORMAN
3. BITDEFENDER
4. DRWEB <-QUOTE}


I do not know exactly, I will take your word for it.

{QUOTE-> Can't imagine cobining Avast and Avira is more safe than just Avira. Avira is safe enough. I will only slow things down, isn't it? <-QUOTE}

Nope Avira = write, Avast = incoming data streams (try it) you will see

{QUOTE->
There is a large slowdown with 2 AVs and little additional protection attained by using 2 AVs (because of often a large signature/detection overlap)
<-QUOTE}

No overlap
- Avira is AV only and checks only at writes (no data reads)
- Avast is AV + AS and standard shield is OFF, so only incoming data streams like P2P, Internat Mail (PoP3), Network shield (sort of light NDIS) and Web Shield (HTTP scanner).

All these services of Avast free are not in Antivir free

{QUOTE-> Hi All,

Trustport obtained the highest ratung in the last AV comparatives test. (AV=Anti Virus, AS = AntiSpyware)

Trustport Combines the AVG free, Ewido (now AVG AS), Norman and Dr Webb, so in effect it is AVG paid (AV+AS), Norman and DrWebb.

Most Wilders Members always argue that out of the free AV's Antivir is best. Only the free Antivir is the AV engine only, without the AS. In other tests this reduced the effectivitu of AVG and ANtivir with 75 t 90 percent (depends off course on the test samples used).

For a friend with an average dual core with 2 GIG mem running Vista with UAC in quiet mode and Vista FW, I have set up this combo:

1. Antivir free (only has AV engine)
a) set to check at write only
b) set with heuristics high (Avira has one of the best heuristics)

2. Avast free (has AV and AS engine)
a) set with standard shield OFF (dus no execution, read and write control). This to prevent overlap with Antivir.
b) set with the other (except Outlook) shields ON, being P2P, Web, Internet Mail, Messenger, Network

I told him this combo would be as good as Kapersky (I know it is a bold statement). He is really a security Noob. He also told me that everyone is warning him not to combine AV's. I only showed him Trustport and said that it is true when they conflict, but Avira and Avast do not conflict with this set up. It is a Best of Both worlds setup,

Any comments/ideas/discussion? <-QUOTE}

I've used this combo (avira with webshield from avast) for a long time. No conflict. I exclude the tempory folder avast uses. The combo slows down the boot-up for about 2-3 seconds in my machine (sempron 2500+, 1gb, winxp sp2). Other than that, everything goes well.

{QUOTE-> Can't imagine cobining Avast and Avira is more safe than just Avira. Avira is safe enough. I will only slow things down, isn't it? <-QUOTE}
slightly, but both are top notch products with low mems and webshield is included...

From my personal tests, combining certain av's didn't cause me any trouble. I had 4 of them running side by side at one point with no problems apart from the expected performance drag. I definitely found it a more effective setup when i was purposefully trying to get infected but for the average user its probably overkill.

{QUOTE-> I've used this combo (avira with webshield from avast) for a long time. No conflict. I exclude the tempory folder avast uses. The combo slows down the boot-up for about 2-3 seconds in my machine (sempron 2500+, 1gb, winxp sp2). Other than that, everything goes well. <-QUOTE}


Shek,

Do you have Avira checking on reads and writes or writes only?

Regards K

both read and write.

Shek,

Try write only and feel the speed improvement.

{QUOTE-> \
Why not TF?
I tried TF with him, let him download a few test files. ThreatFire tells often to only proceed when you trust the program. The Noob trust the program so he choses YES! So even TF was to difficult.
<-QUOTE}
Let him DENY all!

Oh.... there is no DENY oftion in TF( unlike CH). That,s a pitty.

{QUOTE-> Let him DENY all!

Oh.... there is no DENY oftion in TF( unlike CH). That,s a pitty. <-QUOTE}
Not really, since fortunately there's the Quarantine option, which is a safer and more effective option than Deny.

May be more effective but not safer regarding false positives IMO!

If it's a false positive, what you need isn't a Deny option either, it's the Allow option.

If ever you know!

Now you're contradicting yourself.

According to you, a Deny option is needed because of FPs. This implies you already know they are FPs. I say that you don't need the Deny option for FPs, you need the Allow button - to which you reply IF one knows they're FPs.

The only logical deduction I can make from your statements is that you're trying to say that having a Deny button will automagically let users distinguish between FPs and real malware, while a Quarantine button blinds them to the difference.

Let me clear this. For an ordinary user, Quarantine when u think that pop up is about suspect malware, click only DENY if u suspect that it,s a false positive and then investigate the issue). Allow when u are sure that it,s a falso positive.

Suspect alert: Quaratine
Sure False positiev: Allow
Unsure: Deny only

Actually I will love to have an option to Deny all popups silently without user ineteraction( for dummies).

{QUOTE-> click only DENY if u suspect that it,s a false positive and then investigate the issue). <-QUOTE}
aigle, it's called Quarantine, not "Permanently and Irreversibly Remove From Computer", for a reason.

{QUOTE-> Actually I will love to have an option to Deny all popups silently without user ineteraction( for dummies). <-QUOTE}
So why not use the type of products that do offer that option, and excel at it, instead of trying to bend a product that wasn't meant to do that from the very start into how you think it should be?

In all seriousness, aigle, SSM (Free) with Disconnected UI could probably do that far better than ThreatFire could ever hope or want to.

Still, I think the problem Kees' friend had with TF was not the lack of a Deny button, but rather, the presence of an Allow button...

I have posted it before that quaratine can be troublesome at times as i have experienced it( unable to restore back).

After all there was only a DENY button in CH. SSM is a total different category!

{QUOTE-> I have posted it before that quaratine can be troublesome at times as i have experienced it( unable to restore back). <-QUOTE}
If that one software somehow doesn't work after restoring, I believe it's more worth investigating it than TF.

PS: CH had an Allow button as well.

I did not say it doesn,t work. It was not restored fully.

{QUOTE-> I did not say it doesn,t work. It was not restored fully. <-QUOTE}
I still stand by my previous opinion; adding a Deny button is a counter-intuitive solution to take when, of the hundreds of thousands of programs out there, one fails to be completely restored.

If this continues I think we'd better take it via PM.

Ok, let us stop here! ;D

{QUOTE-> I do not know exactly, I will take your word for it. <-QUOTE}

Hi,

Trustport AV currently contains following engines:

AVG
VBA (VirusBlokAda)
Dr.Web
Norman
Ewido

Combining AV software is tricky because of collisions of on-access scanners. On-access scanners intercepts file-system activity using file system filter drivers. These filters hooks operations like file opening. Using this hooks file is scanned before calling application get handle for opened file. If there are two such filters present on single computer, they can easily collide. Same applies to other filter SW (firewalls).

Lubos Hnanicek
AEC

{QUOTE-> Hi,

Trustport AV currently contains following engines:

AVG
VBA (VirusBlokAda)
Dr.Web
Norman
Ewido

Combining AV software is tricky because of collisions of on-access scanners. On-access scanners intercepts file-system activity using file system filter drivers. These filters hooks operations like file opening. Using this hooks file is scanned before calling application get handle for opened file. If there are two such filters present on single computer, they can easily collide. Same applies to other filter SW (firewalls).

Lubos Hnanicek
AEC <-QUOTE}
so, you got rid of bitdefender and brought in drweb and VBA?

{QUOTE-> so, you got rid of bitdefender and brought in drweb and VBA? <-QUOTE}

Yes, BitDefender is not available anymore. It was cut down because of business reasons. Of course updates for Bitdefender engine will be provided for users, who bought TPAV it in past.

cool,

so people have the choice to use the old / new version and still recieve all updates?

i wonder what the majority of users will choose to use, which engines they will prefer :)

{QUOTE-> cool,

so people have the choice to use the old / new version and still recieve all updates?

i wonder what the majority of users will choose to use, which engines they will prefer :) <-QUOTE}

Old version cannot be dowloaded from AEC site anymore, only the new version is available.

{QUOTE-> Old version cannot be dowloaded from AEC site anymore, only the new version is available. <-QUOTE}
but if people can use the old version, they will still recieve full updates for those engines used?

C.S.J :
{QUOTE-> but if people can use the old version, they will still recieve full updates for those engines used? <-QUOTE}

Yes, until the license year has expired.

Although running multiple AV's together seems to work fine,
it is often difficult to disable the On-access part needed for this.

But even if you manage to succeed in disableing this completely,
On-demand must still be able to work, that often is a problem as well.

And even if you manage to get this working, what do you think will happen,
if you find a virus? Because one of the first things that a AV must do when that happens, is to isolate the file from infecting the system.
This most certainly will give you the problems as Hnanicek described.

If you want to run multiple engines, there are two ways.
1) use multiple OS-es (like VMware or multiple hw)
2) use a AV with multiple engines where these problems mentioned above are already solved for you by the developers.

I am very curious to see what will happen with the next on-demand with
TrustPort and the new engines on the next AV-Comparatives.

Btw, i don't understand the fuzz about the False Positives,
In TrustPort you can set move to quaratine (and you can do this on other AV's as well).

After testing for a long time, it never gave me any problems to restore file from quarantine.

So if a FP occurs, you just restore the file, exclude it for On-Access and On-Demand scanning, send the file to your AV company and a few hours laters the problem is solved. So what is the problem?

Further more it would be very interresting if AVcomparatives would run a test once a year on 'malware' .

It is just a suggestion, because i think he is doing a great job,
but why not add some spyware,adware,dailers etc.?
For the end-user it doesn't make any difference which malware he gets on his system, only how he can prevent it, and how he can clean it.

I think that TrustPort with Ewido would perform even better that it already did, finishing with the best results on the last real test.

:thumb:

Ok tested Kees, your setup worked here, i have download 6 real virus from internet, 5 was stoped by Avast, before they get into my system. one passes Avast was removed by Avira. both worked great and no conflictions.

{QUOTE-> Ok tested Kees, your setup worked here, i have download 6 real virus from internet, 5 was stoped by Avast, before they get into my system. one passes Avast was removed by Avira. both worked great and no conflictions. <-QUOTE}

That kind of common sense makes me happy, good for you :thumb:

after play around a bit more, i had say, avast need improve it's detections rate... today it stoped 5 virus from some website, but in the Avira's quarantine, there was 17...so if i rely on Avast alone, it won't protect me good from malware today.

{QUOTE-> after play around a bit more, i had say, avast need improve it's detections rate... today it stoped 5 virus from some website, but in the Avira's quarantine, there was 17...so if i rely on Avast alone, it won't protect me good from malware today. <-QUOTE}
It appears that you're visiting dark corners of the web, doing p2p, or possibly other shady stuff. You may want to consider a limited user account with a software restriction policy, hips, etc.

yep, and also running avast with avira. ::)

:thumbd:

Hm...I wonder if running Avira free together with Avast free could be the answer to my question in this thread:

http://www.wilderssecurity.com/showthread.php?t=196676

And how would this work together with say Threatfire and maybe Prosecurity Pro?

Please continue such experiments in newbie's machines & let us know the results. All of us in this forum shall benefit from your adventures & out of the box thinking. But my dear, what security features do you use in your own machine?

{QUOTE-> Please continue such experiments in newbie's machines & let us know the results. All of us in this forum shall benefit from your adventures & out of the box thinking. But my dear, what security features do you use in your own machine? <-QUOTE}

http://www.wilderssecurity.com/showpost.php?p=1185306&postcount=9

Regards