Have been thinking about a few AV choices lately. The task is: Install an all around AV solution on some friend's PC. The scanner should be good in virus and trojan detection, i.e. without the need for an additional AT solution.

-> NOD is no choice

Second: The on access scanner should be fast enough to be hardly noticed, so that it can be left monitoring all the time with no user intervention

-> Kaspersky and Kaspersky based AVs are out, because even with multiple adjustments (thanks to all the helpful comments in the forum :)) the monitor is way too heavy, making even faster PCs feel sluggish.

Third: Updates should be regular and small (dial-up connection).

-> F-Prot is out with its 1.5 MB files

Result: Judging by all the recent reviews and VB tests that leaves DrWeb and RAV in the selection. As I had some troubles with false positives with DrWeb I am afraid it would be no good solution for less experienced PC users.
I have been evaluating RAV for a few days now and so far I am impressed. The engine is really quick, no bluescreens or other incompatabilities.

Concerning detection rates: Recent tests mentioned in the forum show quite good overall performance.

In short: RAV seems to be a competent all in one solution with a fast engine and small and regular updates.

But I would like to hear your feedback on RAV before buying. Any long time experience? Any known issues?

Thanks for your help. Oh...one last word: I have been reading the wilders forum for a long time...now it's time to participate ;).

RAV is a great AV! ;)

Here are some relatetd topics:

http://www.wilderssecurity.com/showthread.php?t=6017;start=0

http://www.wilderssecurity.com/showthread.php?t=6222;start=0

http://www.wilderssecurity.com/showthread.php?t=2242;start=0


Technodrome

Technodrome: Thank you for the links. Of course I have been searching the forums before ;). But those posts don't contain any long time experiences...so I thought I'd ask again.

Seems that RAV has not too many users outside its home country...

Karl

Hi Karl

Recently, I did trial RAV and several other AV programs, including E-Scan, AVK, KAV and Dr Web.

I was impressed by the ease of use of RAV and its detection abilities as judged by several AV test sites.

I am surprised that you are still finding the KAV monitor resource hungry.

Another one to try would be AVK, which includes both the KAV and RAV engines. I believe Technodrome has recently purchased AVK! When my licence is due for renewal I will look seriously at both RAV and AVK again.

The only person I know who posts here and uses RAV is Firefighter. Maybe he will be along to inform you soon.

I would trial RAV and see how it sits with the rest of your system. In addition send their support people an e-mail ( after the holidays ) to see how fast they respond and what the level of expertise is.

Detection abilities, speed of updating, compatibility with your system and support response are all very important with your choice.

If you decide to go with RAV please keep us posted here as most of us would appreciate your feedback on this AV.

Overall it is considered 'one of the best AV programs'.

Hi Karl_Menshy!

I really doubt there is a AV-software which is good in virus & trojan detection. My opinion is, that a AV is made to find viruses and that a trojan scanning tool (TDS-3,...) is made to find and deal with trojans. There's no AV-software which can handle both in a satisfying way. If you look at their database, there aren't many trojans AND variants in it.

If the AV-software is for your friend, then it should be something easy to use and reliable. Something like NAV 2003. Update packets are small and it even works automatically. Overall NAV starts three processes, which aren't that mem consuming.

Best regards!

Patrice

I am no expert but I believe KAV and other AV programs based on the KAV engine have both excellent AV and AT detection abilities. Even the people who are behind TDS have stated this.

In addition I believe that Kaspersky have a small team working just on the trojan detection part of the AV program.

The few tests I have seen comparing both AV and AT software and trojan detection have placed KAV as the top program.

If you want a single program which has a high trojan and virus detection rate go with KAV or one of its offspring programs e.g. AVK.

If you prefer a layered approach to security go with separate AV and AT programs.

Hi Blackcat!

I completely agree with your statement! KAV is a very good scanning tool, that's right! But unfortunately it takes a lot of ressources, that's why Karl_Menshy doesn't want to have it...

Greetings!

Patrice

Hi Karl,

-{ Quote: "But I would like to hear your feedback on RAV before buying. Any long time experience? Any known issues?" }-


Although I'm in favor of the layered defense system as well,
we recently have been testing RAV by request of the software company.

You'll find the review (plus a link to screen shots) on our antivirus page (http://www.wilders.org/anti_viruses.htm). We've picked at random 2,000 viruses, very recent ones included, to test the software. In our view, it's an antivirus belonging to the top5.

regards.

paul

If you rule out KAV, Dr Web and F-Prot, the only other AV programs I know which are 'supposedly' good at trojan and virus detection are;

1. McAfee (bloatware?)- I had bad experiences at work with both v.5 & 6 but I believe the recent updated version is a lot better.

2. F-Secure- no personal experience of this one but it is expensive.

RAV may be your best choice overall.

Hi Blackcat!

F-Secure is a very good AV-software, but unfortunately it's very mem consuming... At least seven processes are started and always running. That's why I changed to another AV-software.

Best regards!

Patrice

Could not get into link for screen shots of RAV.

Is site down or simply busy?

-{ Quote: " quoting: Patrice link=board=24;threadid=8587;start=0#55626 date=1050765717]
Hi Blackcat!

At least seven processes are started and always running. That's why I changed to another AV-software.

Best regards!

Patrice
" }-


Many of those processes are using 500 KB of memory or less on Windows XP systems!



Technodrome

-{ Quote: " quoting: Blackcat link=board=24;threadid=8587;start=0#55629 date=1050765823]
Could not get into link for screen shots of RAV.

Is site down or simply busy?
" }-

Mmm...something seems wrong with that server ::) - we'll look into that one. Thanks for pointing this out.

regards.

paul

Hi Technodrome!

Yep, you're right, but look at NAV 2003. Three processes are started:

ccEvtMgr.exe (320KB)
navapsvc.exe (116KB)
ccApp.exe (54KB)

Still less than F-Secure... I prefer tools which don't start that many processes.

Greetings!

Patrice

-{ Quote: " quoting: Patrice link=board=24;threadid=8587;start=0#55635 date=1050766373]
ccEvtMgr.exe (320KB)
navapsvc.exe (116KB)
ccApp.exe (54KB)
" }-

Hmm... Amazing numbers for Norton (I've never seen such a small numbers for NAV, not even in idle state) but every system is different. ;)

Last time I check it was around 15 MBs (all together) on my system. But I don't consider 14 MBs of memory usage to be that bad.



Technodrome

Sorry Technodrome!

We are talking about apple and pears... It's my fault! I was talking about processes which are started on the startup (which slows down your computer) and you were talking about memory usage. The information you wanted to have, is the following:

ccEvtMgr.exe (2'452 KB of Memory)
navapsvc.exe (692 KB of Memory)
ccApp.exe (6'596 KB of Memory)

Allover is NAV using 9'740 KB of Memory. Let's say around 10 MB of RAM. I don't know how it is with F-Secure, because I deinstalled it a while ago. Would be interesting if someone could feed us with this information (process & memory).

Best regards!

Patrice

Oh, ok! Got it now! ;)



Technodrome

Thanks all for your input, it is much appreciated.

Just a few additional thoughts about the replies:

1) I agree with all of you that the KAV engine is the best overall av/at solution. No doubt about that. But the on-access monitor is way to slow. Especially when accessing directories with many files. Furthermore there is a severe incompatability with the monitor and certain UDF packet writing software. KAV monitor would block reading/writing to UDF formatted media in some cases. So I am very sad to say that KAV is no alternative for the scenario I mentioned above. I would recommend it as a backup for on demand scanning, but again, my friend is not overly paranoid and wants just one solution.

2) I did download the RAV trial and so far it works great. But I found out about KAV/UDF after quite some time...so somtimes things show up after longer use only.

3) I read the recent thread about Bitdefender with great interest. The VB track record is somewhat bad, but several other reviews suggest that the Bitdefender engine is on pair with RAV...so this one might be a candidate too. Will have to test the impact on access.

Again, thanks for your opinions.

Karl

I have been using rave for two months now, and I find it great. I download alot from Kazaa and it has caught every virus thrown at it. It is easy to config and is low on resources. I find it to give similiar protection as Kav, but without the resources that Kav uses. I have Kav on my son's machine, it is great also. I highly recommend it.

-{ Quote: " quoting: Karl_Menshy link=board=24;threadid=8587;start=15#55723 date=1050791315]
But the on-access monitor is way to slow. Especially when accessing directories with many files.
" }-

Yes and i tell you why:
Explorer try's to get out the ICON of the exutable files -> means fileaccess from the system without doing anything.
If you have many executables in one folder it does slow down. That's right.
And thats why some AV's does catch viruses even if you only open a folder without "manual touch" of this file.
This depends on the filter driver settings how to act.
There are Kernel Mode Flags for (such as READ, QUERY etc.) and if the filter driver becomes such a event he send's data to a service (NT Service for instance) and via this Service you can communicate with a Win32 User Mode Application (The Scanner with unpacking support for instance).

This means the files are scanned without a "human access".
On a network drive it is more critical, the windows explorer has here the sad thing that he try's to reload (refresh) all times to show new files with icons.


Michael

-{ Quote: " quoting: xor link=board=24;threadid=8587;start=15#55924 date=1050877175]
-{ Quote: " quoting: Karl_Menshy link=board=24;threadid=8587;start=15#55723 date=1050791315]
But the on-access monitor is way to slow. Especially when accessing directories with many files.
" }-

Yes and i tell you why:
Explorer try's to get out the ICON of the exutable files -> means fileaccess from the system without doing anything.
If you have many executables in one folder it does slow down. That's right.
And thats why some AV's does catch viruses even if you only open a folder without "manual touch" of this file.
This depends on the filter driver settings how to act.
There are Kernel Mode Flags for (such as READ, QUERY etc.) and if the filter driver becomes such a event he send's data to a service (NT Service for instance) and via this Service you can communicate with a Win32 User Mode Application (The Scanner with unpacking support for instance).

This means the files are scanned without a "human access".
On a network drive it is more critical, the windows explorer has here the sad thing that he try's to reload (refresh) all times to show new files with icons.


Michael
" }-

Michael, I am quite aware of that reason (earn my living with programming ;))...and about several others why KAV is slow. Thorough checking and some conceptional issues demand a lot of processing power.
What I miss is an intelligent concept like DrWeb's smart mode, distinguishing between different file access types. For a "heavy" AV like KAV it would be a nice solution.

Karl

Sorry to butt in, however i know no new AV's were asked to be mentioned but everyone has been talking about KAV and its memory usage along with its great detection rate, perhaps a compromise might be, as mentioned in other threads, choosing AVP from the swiss site, the great KAV detection rate and engine, same defs but smaller memory footprint. Its absolutly worth consideration, especially if you recognize KAV as a great AV. The Swiss AVP should run much lighter for you.

Hope this helps.

http://www.avp.ch/mindex.stm

Peace,
Jonas

Does RAV have an e-mail scanner for Outlook Express, POP3, and web based e-mail such as Hotmail? I didn't see any mention of it at their site. It only mentions an Outlook plug in.

RAV is not a choice. It was one of the best programs ever made in Romania but it has been bought by Microsoft. So there will be no more RAV soon, I'm sad to say that. Anyone buying it has no guarantee he'll receive the one year updates. Yes, it was a great program, and it was very sensitive. My internet provider here has RAV on its servers(and it's also the biggest mobile phone company in Romania).But RAV is now history, as far as I know, Microsoft wants to include an antivirus in its upcoming operating system so it bought RAV, in order to include it's technology in that future OS antivirus. Try whatever else, RAV is a thing of the past.

hi
i'm a rav user and a recent e-mail from rav confirmed me that support for rav will continue.
overall performance of rav is great, depending on how you set the rtm up. it can be set up to slow you down. check the box with scan only extensions, and it will be faster
the smart scan is very fast, fast enough to use it daily, once a week i do a scan with more thorough settings.
it has an e-mail scanner.. pretty much everything that comes into your pc gets scanned...
and it's good against trojans, with good unpackers and heuristics it has caught every trojan i have thrown at it.. but i still have trojan hunter to back it