Hi, I use and really like Online Armor AV++. They have recently switched the AV portion from Kaspersky to the A2/Ikarus engine. Your opinion..is this a good or bad move? Thanks.

EDIT: Proper forum??

Good.

It,s bad. Reason: too many false positives.

-{ Quote: "It,s bad. Reason: too many false positives." }-

I'd rather a FP then a missed detection. False positives make me feel safe :) :P

-{ Quote: "I'd rather a FP then a missed detection. False positives make me feel safe :) :P" }-
For ordinary users, false positives are as annoying as malware. We are talking of general users here, i think.

IMO, the best choice between the top engines... fresh and rapidly evolving engine. False positives? Never had a single one. I only found them while reading AV tests ;)

Fax

They need to hurry up and develop a 64-bit compatible version.

-{ Quote: "It,s bad. Reason: too many false positives." }-

I often read here that A-Squared has many FP. I believe the Wilders users, but I'v been used it for a weekly on demand scan from 4 years and the only FPs that A-Squared gave to me are 2 joke files - java scripts - that I have in Documents.

-{ Quote: "Hi, I use and really like Online Armor AV++. They have recently switched the AV portion from Kaspersky to the A2/Ikarus engine. Your opinion..is this a good or bad move? Thanks.

EDIT: Proper forum??" }-

Not saying that Kaspersky was a bad choice either, but I think the switch was a good move. You get engines from two decent programs-animalware and antivirus.

Just a minor correction, the new AV+ is called OA++ not AV++.

Now about the KAV to EMSI change, well all I got to say is "Two scanners are better than one". :D

dja2k

-{ Quote: "It,s bad. Reason: too many false positives." }-


Hey there,

Well, as long as the so called “false positives” are NOT critical Windows system files I wouldn't mind an AV engine getting some FPs every now and then.

I've read horror stories about major AV vendors whose AV's have crippled Windows installations for mistakenly flagging Windows files as viruses. Right?


Best regards,

Carlos

-{ Quote: "Hey there,

Well, as long as the so called “false positives” are NOT critical Windows system files I wouldn't mind an AV engine getting some FPs every now and then.

I've read horror stories about major AV vendors whose AV's have crippled Windows installations for mistakenly flagging Windows files as viruses. Right?


Best regards,

Carlos" }-
or missing a nasty virus cause it coudnt detected:argh:

Hi Aigle,

I had a couple of false positives with the Emsi engine, but only on a couple of internal tools that we had developed. That's not too bad really.

Remember, OA has its own whitelist and other logic as well, so even if there were FPS (and that has not been my experience) then the rest of OA will mitigate this.

When we detect a virus , we're also checking against OASIS as an FP filter. This means that if we get FP reports, we can actually take care of them ourselves (at least for OA users).

It's not just an engine switch, there's a lot of extra thinking gone in too.

I'm very excited about OA++


Mike

-{ Quote: "They need to hurry up and develop a 64-bit compatible version." }-

I know. We've been working in background on this, and as soon as our release is done we'll be on Win7 and x64

Hi,

Where do I get OA++ ?

It seems like it's not on the official website. :-\

Thanks in advance.

-{ Quote: "Hi,

Where do I get OA++ ?

It seems like it's not on the official website. :-\

Thanks in advance." }-
Hi HJO! The OA++ version is in Public Beta testing phase right now and can only be downloaded in our forum at http://support.tallemu.com/vbforum/showthread.php?t=9010 but you need a key to use it as there is no trial version.

dja2k

-{ Quote: "For ordinary users, false positives are as annoying as malware. We are talking of general users here, i think." }-

Testing ++ now, and actually FPs number is higher than with KAV, but .. most of FPs are for the programs average user never uses and even never heard of :) I still didn't notice FPs for the popular programs like FF, Opera, CCleaner, known P2P clients etc. So, for average user I'd say this is rather good (due to high detection rate) than bad.

I'll say this about the Ikarus engine. I have scanned my computer with a few major a/v engines and Ikarus always shows detections for cracks, keygens, and other files of that sort that the others usually don't show. Is this good? Is it bad? I assume that since these types of software do contain malicious code that it's a positive thing. So I continue to use it. That's my two cents on Ikarus and the extra 'false positive' detections. Just an opinion.

-{ Quote: "

When we detect a virus , we're also checking against OASIS as an FP filter. This means that if we get FP reports, we can actually take care of them ourselves (at least for OA users)." }-It wil be really good if it can be fixed pretty fast.
I think i need to give it just a trial scan on my notebook to see how many false positives i get. I wil see if i get some time.

-{ Quote: "I'll say this about the Ikarus engine. I have scanned my computer with a few major a/v engines and Ikarus always shows detections for cracks, keygens, and other files of that sort that the others usually don't show. Is this good? Is it bad? I assume that since these types of software do contain malicious code that it's a positive thing. So I continue to use it. That's my two cents on Ikarus and the extra 'false positive' detections. Just an opinion." }-

Ikarus is worth of the respect in any case. As far as I know this company developed a language to describe computer viruses back in 80th. I'm afraid from all the currently known players they are the most experienced :)

The Ikarus engine was only used in Austria. After A2 decided to add it to its A2 malware package. Due to the world wide customer scope of A2, Ikarus hgad to be tuned to decrease FP's. This is normal. With the increased user base of OA, this will happen again. After some time it will be solved. This is a normal thing to happen when user scope is increased. So i would not worry about it.

OA with A2 will provide more synergy in future than OA with Kapersky.

Just my 2 cents thought

What isn't open to debate is the quality of the detection rate of the A2 dual engines,if FPs can be minimised this will be an awesome suite IMO.
What I like about A2 is the quality of their signatures and the way they keep the overall number to a reasonable level.As an example on Wednesday they numbered over 3 million,today 2.5 million,it all helps to keep it feeling light on the system.

-{ Quote: "The Ikarus engine was only used in Austria. After A2 decided to add it to its A2 malware package. Due to the world wide customer scope of A2, Ikarus hgad to be tuned to decrease FP's. This is normal. With the increased user base of OA, this will happen again. After some time it will be solved. This is a normal thing to happen when user scope is increased. So i would not worry about it.

OA with A2 will provide more synergy in future than OA with Kapersky.

Just my 2 cents thought" }-

I think the same. Kaspersky would hardly go beyond the OEM, while Emsi and Tall Emu mastered true partnership and I hope it will go mutually beneficial.

Some subtle results of this alliance start to show themselves already:

http://malwareresearchgroup.com/?p=942

-{ Quote: "I think the same. Kaspersky would hardly go beyond the OEM, while Emsi and Tall Emu mastered true partnership and I hope it will go mutually beneficial.

Some subtle results of this alliance start to show themselves already:

http://malwareresearchgroup.com/?p=942" }-

Encouraging signs there:thumb:

-{ Quote: "I think the same. Kaspersky would hardly go beyond the OEM, while Emsi and Tall Emu mastered true partnership and I hope it will go mutually beneficial.

Some subtle results of this alliance start to show themselves already:

http://malwareresearchgroup.com/?p=942" }-

I agree, this may become a powerful security suite. As far as I know it is not final yet, is it?

I love it, it`s great, it runs light without issues. Good work Mike and TallEmu guys :thumb:

But i don`t understand Ikarus false positives. Heuristics will have false alarms, that`s okay, but Ikarus often flags legitimate files as trojan Hupigon and whatever. It really shouldn`t do this. It`s too much IMHO.

-{ Quote: "I agree, this may become a powerful security suite. As far as I know it is not final yet, is it?" }-

Close, but not yet. I think something almost more important then detection and FP's is the way the two key people are working together.

Pete

-{ Quote: "Close, but not yet. I think something almost more important then detection and FP's is the way the two key people are working together.

Pete" }-

I agree 100%:)

-{ Quote: "Close, but not yet. I think something almost more important then detection and FP's is the way the two key people are working together.

Pete" }-

I agree too, but if FP becomes too much of an issue, OA++ could degrade from outstanding to just excellent ;)

-{ Quote: "I agree too, but if FP becomes too much of an issue, OA++ could degrade from outstanding to just excellent ;)" }-

I have a crystal ball that tells me that isn't about to happen.;D

Pete

-{ Quote: "I have a crystal ball that tells me that isn't about to happen.;D

Pete" }-

any chance to rent it ? :)

Hi, I read that OA ++ can be used in conjunction with another installed anti-virus program.? If the already installed anti-virus is A-Squared Anti-Malware Premium, can OA ++ be used with that? Probably silly question but...;D

-{ Quote: "I love it, it`s great, it runs light without issues. Good work Mike and TallEmu guys :thumb:

But i don`t understand Ikarus false positives. Heuristics will have false alarms, that`s okay, but Ikarus often flags legitimate files as trojan Hupigon and whatever. It really shouldn`t do this. It`s too much IMHO." }-



Did you get any false positives? The only FP I saw was in part of our rootkit detector, but this was tuned up just before release.

Remember, OA has a whitelist - so even in the event that a virus is detected, OA won't alert on it if the whitelist overrides. This should take care of much of the potential for FP.

-{ Quote: "Did you get any false positives? The only FP I saw was in part of our rootkit detector, but this was tuned up just before release.

Remember, OA has a whitelist - so even in the event that a virus is detected, OA won't alert on it if the whitelist overrides. This should take care of much of the potential for FP." }-

Yes, a backdoor hupigon in a legit file (can`t remember which), even without heuristics. It was fixed pretty fast, so no big issue. The file propably got whitelisted, and it took care of it, i guess.

But a false positive upload feature would be nice. Already posted the feature request in your forums.

-{ Quote: "Yes, a backdoor hupigon in a legit file (can`t remember which), even without heuristics. It was fixed pretty fast, so no big issue. The file propably got whitelisted, and it took care of it, i guess.

But a false positive upload feature would be nice. Already posted the feature request in your forums." }-

It's planned :)

We'll be getting and prioritising FP reports I guess, but we will automatically be flowing them on to Emsisoft, who will automatically flow them on to Ikarus.

Nice surprise about b29 is it seems to be able to detect and deactivate rootkits:

very intresting :) OA removes rootkits too;) cool

Quite impressive :)