based of AV scanners tests, which is better
Avast32 or Antivir PE?
also why Antivir Pe does not like script sentry???!!
when i start a manual scan (while doind the pre-scan tests) it tells me that a registry key was found (Script sentry reg. key) and if it caused problems i have to send the program log file to ur company !!!!

Mina - Sorry, don't have any actual experience with either, but based on what I've heard in different places, I'd give Avast a try, especially given Antivir's proclivity to choke on SS's registry key on your machine (can't you get it to ignore that particular hit? You know, 'exclude' it? ). Pete

Try AVG, also free WWW.GRISOFT.COM

Both are not good. F-Prot for DOS might be a good choice but is less comfortable to use.

wizard

kindly check: http://www.virusbtn.com/vb100/archives/tests.xml?200206)

avg is not that good at tests, i need a good free AV the has some kind of a background protection (like NAV's autoprotect)

thanx

Hello; I just checked the virusbtn site. Seems very good, despite the fact that the only tests regarding free-av I managed to find are dating way back in the past ! Those 1998 tests were failed, and no other new tetsing was ever done on free-av. That seems a little odd to me, because I think any opinion that has to be drawn today should be drawn following presently valid testing.

I 've recently been using free-av a while in an attempt to draw some personal opinion by myself. It did a very fine job, and intercepted some viruses I had rather not have on my machine. Furthermora, the guys at free-av are updating their product (not only signatures, but also engine) on a very regular basis and rapid clip.

Couldn't find any information on f-prot for dos on virusbtn either...

Rgds, Crockett

crockett - Welcome to the forum.

I'm a little confused here (my normal state of affairs ;D ).

Is there a program named "FreeAV"?

How about a link to whatever program you're actually talking about? Pete

Hi Pete, thanks for the welcome.

You're right, I should be a little more clearer. The program I'm referring to is actually AntiVir Personal Edition, which can be downloaded free from www.free-av.com.

I guess this anti-virus stuff is gonna last forever, each of us preferring one over the other... Unless some developer comes along with a new 'ultimate' software which would be as efficient as well tolerated by computers...

Can't wait to see that...

hey guys,

Here's a Test results for Fprot for dos and AVG, its a lil bit old well maybe that will help.

Fprot for Dos:
http://www.staff.uiuc.edu/~ehowes/trojans/tr-tests.htm

AVG:
http://www.staff.uiuc.edu/~ehowes/trojans/tr-tests-2.htm



YODA

AntiVirPE is known for false positives. Also when I look through the list of detected viruses I found out that AntiVirPE is detecting viruses that do not exists. It is more or less good in detecting simple malware. But with complex polymorphic or even metamorphic malware AntiVirPE is very weak.

wizard

Hi;
Correcting sthg I wrote earlier, i.e. that f-prot was not to be found on www.virusbtn.com. It is to be looked after under Frisk, the company now owning the product, I guess. BUT, nothing seems to be mentioning that the products f-prot and f-prot for DOS are to be regarded similar in kind or performance...!?

So I'm not sure the conclusions drawn as regards f-prot are the same to be drawn for f-prot for DOS.

The f-prot recent results reported by virusbtn don't seem very impressive indeed. So I'm not sure what to think about all this.

Think I'll sleep on it . :)

>AntiVirPE is known for false positives.

In the last 2 month i didn't see a false positive anywhere.

>Also when I look through the list of detected viruses I found out that AntiVirPE is detecting viruses that do
>not exists.

How did you verified this statement?

>It is more or less good in detecting simple malware.
>But with complex polymorphic

They had some problems with magistr but they changed there emulation. Its much better now and some complex polymorphic worms aren't an issue now.

>even metamorphic malware AntiVirPE is very weak.

Metamorphic viruses are a problem for all anti virus scanners for kaspersky and nod32, too.

-{ Quote: " quoting: Andreas Haak link=board=24;threadid=2498;start=0#17395 date=1027251827]How did you verified this statement
" }-

I have look in their list of detected malware. There are some viruses where only one variant is existing and AntiVirPE claims to detect two or more variants.

And for Magistr.b it took them more than 14 days to deliver an update that was detecting the worm correct. Do you really think AntiVirPE uses emulation techniques? I do not think so but this is my personal experience. BTW I think your new company has a realationship with theses AntiVirPE guys. So no wonder that you are not talking anything bad about the software. ;)

wizard

>I have look in their list of detected malware. There are some viruses where only one variant is existing and
>AntiVirPE claims to detect two or more variants.

*lol* ... . H+BEDV is specialised in removing malware. Therefore its neccessary to detect every variant to clean in 100% correctly. If there is a worm and there are 2 versions which differ in only one byte bigger av companies will only add 1 signature for both. But cause AntiVir needs this variant detection they will add 2 signatures to clean them correctly. Its neccessary for them :o).

>And for Magistr.b it took them more than 14 days to deliver an update that was detecting the worm
>correct.

Yes, they had to improver their emulation.

>Do you really think AntiVirPE uses emulation techniques? I do not think so but this is my personal
>experience.

EVERY av programm HAS to use emulation if they want to find polymorphic viruses.

>BTW I think your new company has a realationship with theses AntiVirPE guys. So no wonder that you are
>not talking anything bad about the software. ;)

No we don't. Its the same realationship like to eset, kaspersky, norton, mcafee and co :o). And by the way:

Tjark Auerbach (owner of H+BEDV) adviced my boss to fire me cause i said something against AntiVir in the AntiVir forum *g*.

-{ Quote: " quoting: Andreas Haak link=board=24;threadid=2498;start=0#17407 date=1027262976]EVERY av programm HAS to use emulation if they want to find polymorphic viruses." }-

That is the way it should work but as I know at least one program (it is a trojan scanner) which works differently in this case and I highly suspect AntiVirPE to do the same. But if you say AntiVirPE is using emulation techniques that might be right.

I still have my problem with AntiVirPE. From all programs I have tested over the last years AntiVirPE left the badest impression.

wizard

>That is the way it should work but as I know at least one program (it is a trojan scanner) which works

Which trojan scanner? :o)

>differently in this case and I highly suspect AntiVirPE to do the same. But if you say AntiVirPE is using
>emulation techniques that might be right.

No - its impossible to find polymorphic viruses at level 5 or 6 without emulation. And AntiVir catches that viruses defnitly.

>I still have my problem with AntiVirPE. From all programs I have tested over the last years AntiVirPE left the
>badest impression.

Did you ever try IKARUS? *g* If you want i will send you a registered version for free.

"Did you ever try IKARUS? *g* If you want i will send you a registered version for free."

Yes I will take a registered version for free....

Thank You very much :D

this was an offer for wizard only ;o).

-{ Quote: " quoting: Andreas Haak link=board=24;threadid=2498;start=15#17430 date=1027288971]Which trojan scanner? :o)" }-

You really do not want to now that. :) But I tell you the method. Simply create a lot of variants and than add them as signature. You won't get 100% detection but at least you can claim to detect the polymorphic worm. ;)

-{ Quote: "No - its impossible to find polymorphic viruses at level 5 or 6 without emulation. And AntiVir catches that viruses defnitly." }-

We will see. I planed a test with polymorphic and metamorphic viruses for a long time but it will come and it would be fun. I expect many programs to fail (not even AntiVirPE). ;)

-{ Quote: "Did you ever try IKARUS? *g* If you want i will send you a registered version for free." }-

Ikarus I never tested. Never found the program worth to take a closer look at it. But maybe I should do now - just to see if you are doing your job right. ;D

wizard

Hehe :o). I can't influence the T2 Engine. I only did GUI programming and analysis ;o).

-{ Quote: " quoting: Andreas Haak link=board=24;threadid=2498;start=0#17407 date=1027262976]No we don't. Its the same realationship like to eset, kaspersky, norton, mcafee and co :o). And by the way:" }-

But Ikarus is also selling AntiVir or am I wrong? ;)

wizard

nope - only antivir for novell server and nvc for os/2 and exchange server, cause we didn't have own products in this areas.

-{ Quote: " quoting: Andreas Haak link=board=24;threadid=2498;start=15#17532 date=1027370367]
nope - only antivir for novell server and nvc for os/2 and exchange server, cause we didn't have own products in this areas.
" }-

Couldn't you sell something better? ;)

wizard

No problem, I can take a hint... :P

>Couldn't you sell something better? ;)

Support ist much more important for firms. So we sell products from LOCAL producers or from producers that have LOCAL settlements.

Andreas,
is this the Andreas that's working on Ants ??
We're waiting !!

bill ;)

By the time ANTS 3.0 gets ready for Beta, we won't be interested anylonger ;) I am going to stop thinking about it and move on.

It's your loss! ;)


Technodrome

-{ Quote: " quoting: eyespy link=board=24;threadid=2498;start=15#17890 date=1027641329]
Andreas,
is this the Andreas that's working on Ants ??
We're waiting !!

bill ;)
" }-

Yes it is this Andreas ;o).