WHAT DO YOU THINK ABOUT DR. WEB ANTIVIRUS PROGRAM? IS IT ONE OF THE BEST? THE NUMBER ONE OR TWO? IS IT DATABASE GOOD? IS IT'S HEURISTCS GOOD ENOUGH? THANKS FOR ANSWERING.

I have only trialed it but I thought it was very good.

Top 3-5 in my book... the only ones which I like better are KAV, RAV, Nod32 (in no particular order). Kind of how the wilders site rated it ;)

I think its database is also quite good but probably not as extensive as KAV or RAV.

Its heuristics are excellent, in some cases too good.

It hasnt performed very well in some recent AV tests that I have seen on this board though. I dont know if that is something to be concerned about.

Dr.Web is a very good program with very high detection, but let down by a high ration of false alarms.

SSP

I think DrWeb is in the top 3. Please see my reply here.
http://www.wilderssecurity.com/showthread.php?t=9712

With F-Prot for Windows, Dr Web is one of the least demanding AV programs on both memory and system resources. Used it as my main running monitor on my low-spec 'test' computer - a lowly Pentium II.

There have been some false positives, but probably only 3-4 in six months or so. Because of the strong heuristics, probably not recommended for complete newbies. I had second thoughts on placing it on my daughter's laptop!

However, I have had stability problems with the program e.g. I could never successfully load and keep the spidermail component running continuously despite help from here and their support section. But this was not a major problem, as the running SpiderGuard can protect against e-mail viruses.

And I think it is quite sensitive to other AV programs on the same computer. It certainly did not like any trialing of other AV software!

This was supported by my experiences of the Dr Web Clone- Virus Chaser- on another computer. Virus Chaser appears to be hypersensitive to other installed AV and Anti-trojan programs.

Virus Detection rate is supposedly very good and I have also seen test sites were it performs reasonably well against trojan attacks as well. Moreover, the Russian support response has always been quick and very helpful.

Overall, I would recommend it ( maybe my stability problems have been due to my unique system!).

Dr Web is continually improving and is one AV program to keep an eye on in the future. Now if they can only improve the dated GUI on the Scanner component!!! ;D

In addition, check out the AV section here, where they run through some recommended settings, both for the Monitor and the Scanner.

thanks, good answers ;D

I was not knocking Dr.Web for making too many false alarms, only stating that it does. I like the program for high detection, I renewed my licence last month, but I would not use it for my first defence. I will not run its on access sections.

SSP

SO THAT WE COULD SAY THE BEST ANTIVIRUS PROGRAMS ARE: NOD32, RAV,KAV AND DR.WEB!!!

I would say statiscally based on recent av test that the best are Fsecure, KAV, Mcafee, Rav and so on....etc..

-{ Quote: " quoting: crazykidjoe link=board=24;threadid=9782;start=0#msg64179 date=1054552760]
I would say statiscally based on recent av test that the best are Fsecure, KAV, Mcafee, Rav and so on....etc..
" }-

Hi crazykidjoe,

Would you mind reading the question before posting unrelated remarks?

Thank you,

Pieter

I'm aware, SSP, that you're not knocking DrWeb for false alarms, so I'm not directing this specifically at you.
But I would like to know why this statement is constantly made about DrWeb. The review at wilders.org also says the same thing about its heuristics.
In almost a year of using it, I've had very few false alarms. RegProt is flagged as a possible win.exe virus, so I simply exclude it. Plus, I had a virus-like writing to a file alarm recently. And I think that's it.
So my question, and it's sincere, is: Does this belief about DrWeb's heuristics come from professional tests, or from personal experience?

Regards,
Douglas

-{ Quote: " quoting: Douglas link=board=24;threadid=9782;start=0#msg64184 date=1054556339]
Does this belief about DrWeb's heuristics come from professional tests, or from personal experience?

Regards,
Douglas
" }-

Probably more so on personal experience?
Out of personal experience I see far more false positives in DrWeb than other AVs I have tried. But I do think DrWeb has improved in this area as of late. And usually the false positives are pretty easy to identify (as you mentioned). But even 3-4 false positives is usually 3-4 MORE false positives than you would see in another AV, so I guess that is why it is mentioned so much. I actually dont think it is a fault, I kind of like the idea of unusually strong heuristics heh.

I saw the thread at the NOD32 Forum about the GEGA-IT tests, and I believe a representative from GEGA-IT posted a small scale heuristics tests that they had conducted. But the only AV that I would have liked to have seen was not there... DrWeb.

-{ Quote: " But even 3-4 false positives is usually 3-4 MORE false positives than you would see in another AV" }-
Good point, I_lack_commonsense.

-{ Quote: "I actually dont think it is a fault, I kind of like the idea of unusually strong heuristics" }-
In total agreement.

Thanks,
Douglas

I made several AV Tests in one test Drweb reached position Nr.1 because of its good heuristic. Altogether the best AV/ATs are KAV/RAV/AVK/TDS3 and Gladiator was on a very good way, because of the effective heuristic.

DrWeb found a rootkit long before KAV found it.

Problem of DrWeb is the massive amount of false Alarm.

Just a few comments of a long time DrWeb user (more than 3 years now... :))

1) There are more false alarms in DrWeb than in other products, but usually DrWeb flags them as a possible virus, so it is quite easy to do a re-check with a second opinion scanner. In a daily normal use environment you might not even notice the higher false alarm rate.

2) However, the good about this is: Sometimes DrWeb can find still unknown viruses with its heuristics.

3) About resource usage: It is true that DrWeb is a small and beautiful package. Whether you will notice the impact of the on-access scanner on your system will depend on your choice of options. DrWeb has a mode, so called "smart", which scans files only when they are opened for write access, e.g. changed/modified. As exe files are opened read-only when started, spider (the on-access component of DrWeb) will not scan them. The good about this is, that the impact on system resources is very low; the bad is, that executable files are checked only once: When created the first time. While this is no security risk in general use, there might be a scenario when malware slips past spider (maybe bec bases are not up-to-date etc.) and afterwards goes unscanned.
So you can optionally enable scanning of files whenever you start them - but this comes at a cost: The impact of spider is much heavier, esp. on packed executables, e.g. opera main exe.

4) The comment about DrWeb being a small package applies to updates, too. Very small (few kb) and quite often, usually several times a day.

5) Would like to stress one last point: The support of DrWeb is excellent; always quick and very helpful up to the point of sending custom modified files to see if it fixes a problem.

So overall: I agree with other opinions, DrWeb is a really good AV program.

Dr.Web, sent me the eicar trojan, is it only to prove my antivirus or something else?

Zorrito, EICAR is a test virus not Trojan: Here is an explanatory link: http://www.eicar.org/anti_virus_test_file.htm Notice that you can download the various flavours at the bottom of the page.

HTH Pilli