My thoughts about AntiVir vs. other anti-virus programs

[stalker]

My story with anti-virus programs goes like this. First I used EZ eTrust 6.1.7.0 a SHAREWARE anti-virus program from Computer Associates for quite some time, but later I discovered that this particular 6.1.7.0 version of EZ eTrust anti-virus program, and probably its driver-level protection was causing an annoying FILE_SYSTEM BSOD on every shutdown/reboot/logon/logoff. Of course, I first blamed other software and it has driven me to countless installations/un-installations, modifications, tests, reboots, etc., before I realised it was EZ eTrust's fault.


So I first switched to FREEWARE version of AVG 6, but it was just at the time of upgrading the program to version 7, and then I somehow didn't like this new AVG 7 version's interface. Therefore I switched once more and started using a Personal Edition of also FREEWARE program called AntiVir. It is more and more popular and trusted anti-virus program from H+BEDV company, located somewhere in Germany, Europe.


Now I just couldn't live without its three crucial features listed below (again, at least crucial for me personally):

1. The "Filters" feature, which enables you to exclude up-to 12 processes from real-time scanning/protection. I think that this one doesn't require further explanation on why it is useful.

2. The "Write / Read only", i.e. an option for its real-time scanning that enables you to monitor only file-write or only file-read file-system operations (of course; or both)

3. The "Activate/Deactivate" feature through the system-tray icon; compare to for instance first invogking the GUI and then un-checking all the real-time scanning options in AVG. Generally I disable the real-time protection when I am off-line (quite often as a dial-up user), before defragmenting hard-disk, before software installations, driver-updates and all the similar "low-level" procedures.


Regarding the "Filters" feature mentioned above. I exclude programs for which I know that under normal circumstances are not "affected" by viruses; for instance DNSKong program (a caching, filtering and blocking "local-only" DNS server), Folding@Home program related processes, AntiVir's updating-feature related process are few programs/processes of this "type". And further, programs for which the above is true (i.e. they're not "affected" by viruses), and additionaly for which I know that they write to files a lot (so to put some stress of the AntiVir's kernel-mode filtering driver); for instance again the DNSKong program, which constantly writes to its "dnskong.log.txt" log-file and to its "presets.txt" config file (IPs resolved to host-names), then similarly Folding@Home "core" processes etc.


Here is a complete list from my "Avwin.ini" file:

OnAccessExcludeProcessNames=blackbox.exe,Contig.exe,DNSKong.exe,FahCore_65.exe,
FahCore_78.exe,FahCore_82.exe,Inetupd.exe,slsk.exe,Sync.exe,thunderbird.exe,totalcmd.exe,WGET.EXE,


While for my p2p application Soulseek ("slsk.exe" process) with which I only download very huge multimedia files, i.e. .mp3s, .avis and .mpgs, then for WackGet program ("WGET.EXE" process) with which I download only setup files from known programs (my favorite ones) and occasionally .pdfs, and for other programs too; I could simply scan those files with an on-demand scanner (I wrote "could" because I don't), and also I am not as paraniod as I was, and that is of a great significance here.


P.S., Any of the three well-known and trusted anti-virus programs, beginning with the letter "A": AntiVir, Avast! or AVG, however, for my needs and computing princples, the AntiVir is far best from these three. If anyone is interested; I wrote more "extended" review about AntiVir for the CastleCops site (a shorter one): AntiVir PE Review, and the second one for The Geek Culture forums (a longer one): Review: H+BEDV AntiVir program


stalker

[RejZoR]

Well AntiVir is ok regarding detection but these 3 features aren't anything special tbh:

Quote:

1. The "Filters" feature, which enables you to exclude up-to 12 processes from real-time scanning/protection. I think that this one doesn't require further explanation on why it is useful.

2. The "Write / Read only", i.e. an option for its real-time scanning that enables you to monitor only file-write or only file-read file-system operations (of course; or both)

3. The "Activate/Deactivate" feature through the system-tray icon; compare to for instance first invogking the GUI and then un-checking all the real-time scanning options in AVG. Generally I disable the real-time protection when I am off-line (quite often as a dial-up user), before defragmenting hard-disk, before software installations, driver-updates and all the similar "low-level" procedures.

For example avast! has all of them plus more.
Filters exclude only processes. But there isn't any file/folder based exclusions and that's a big no.

Write/Read Only is nothing else than scan on create (write) or scan on execute (read). Just rephrased. Both avast! and AVG can do that.
avast! goes even further regarding suspension of scan services.
You can just pause them separately (each provider as it's own module) or completely stop them to disable and unload them from memory.

[pcalvert]

Stalker,

If you want people to reply, you should fix your post so it no longer tortures people who are trying to read it (it is too wide). I believe that the line that's causing the problem is this one:

> OnAccessExcludeProcessNames=blackbox.exe,Contig.exe,DNSKong.exe,...

Solution: Edit your post and break that line up into several lines.


Phil

[ellison64]

Each have thier pros and cons.Im currently using registered antivir premium on a 98 system and find it very stable and reliable .I did have a problem with the mail scanner which was solved when i uninstalled look n stop firewall.A con with antivir is the support which to my mind isnt that good (not only in the official forum but actual support from hbedv for registerd users) , and isnt even comparable to the excellent support you would get at the avast forums.Also updating of the free version isnt as good as avast or other comaparable free avs ,(although it was possible to update at certain times of the day for me)Avast on the other hand does not like my system at all.I had a freeze on installation and also later when it detected a malicious script at a warez site (i usually test avs at such sites to see how they react...if at all).I would encourage prospective users to try each ,and see how thier systems behave.
ellison

[wildman]

Quote:

Originally Posted by ellison64

Each have their pros and cons.I'm currently using registered antivir premium on a 98 system and find it very stable and reliable .I did have a problem with the mail scanner which was solved when i uninstalled look n stop firewall.A con with antivir is the support which to my mind isn't that good (not only in the official forum but actual support from hbedv for registered users) , and isn't even comparable to the excellent support you would get at the avast forums.Also updating of the free version isn't as good as avast or other comparable free avs ,(although it was possible to update at certain times of the day for me)Avast on the other hand does not like my system at all.I had a freeze on installation and also later when it detected a malicious script at a warez site (i usually test avs at such sites to see how they react...if at all).I would encourage prospective users to try each ,and see how their systems behave.
ellison

What I have been saying for a while now. The "best" is the one that works well on your system. As years go by I learn more about this subject, and as much as I hate to say it, quiet a bit appears to be nothing but hype.

Thanks
Wildman

I don't know if anybody else has noticed, but in the last week the Updates DL speed have been significantly faster than ever before.

It could be a fluke, or fortunate DL times, or maybe they have taken on board Wildmans suggestions at last.

I hope it stays this way from now on anyway !

If they have upgraded things, then thanks are in order.


StevieO

[wildman]

Quote:

Originally Posted by StevieO

I don't know if anybody else has noticed, but in the last week the Updates DL speed have been significantly faster than ever before.

It could be a fluke, or fortunate DL times, or maybe they have taken on board Wildmans suggestions at last.

I hope it stays this way from now on anyway !

If they have upgraded things, then thanks are in order.


StevieO

What has been the capability to access the server(s) been like? Has that been good or bad?

Thanks
Wildman

Only one of my hourly scheduled updates has given me a "Download error" this week. So the updates have significantly improved since the incremental updates, or atleast for me.

[stalker]

Well, sorry all for "digging out" this outdated thread, but I just need to let you all know about ...


You see, it's that now that I am using Avast! anti-virus program for some time, I can says that it's definitely MUCH more resources UN-FRIENDLY and also MUCH more unfriendly to the hard-disk (again, all this applies only to enabled "On-Access Protection") than for instance AntiVir that I've been using before for quite some time; btw. see this thread here: A note on why I don't use AntiVir anymore that I opened on CastleCops forum back then regarding why I don't use it anymore (it's quite a banal reason though)


Namely, as I wrote in that thread: opening my most used files like various .doc and .html documents (even .txt ones), takes-up up to two seconds more than previously with AntiVir running as a resident anti-virus software. It's of course the same when launcing .exes, and there are many other similar cases; for example opening a "Process Properties" sub-window in Sysinternals Process Explorer causes various Windows system files to be checked by the Avast's main service "ashServ.exe" process (I assume this is its "Standard Shield" provider's fault), while additionally, I also noticed that Avast is also MUCH more unfriendly to the hard-disk, i.e. again, compare to AntiVir program it writes and reads stuff into/from various files, i.e. in particular also into/from its own configuration and various database files, as well as Windows system files. I too discovered that it causes that "svchost.exe" process (the one hosting RPC service) writes constantly *smething" into the files (namely "OBJECTS.DATA", "OBJECTS.MAP", "INDEX.MAP", "INDEX.BTR", "MAPPING2.MAP" etc.) located under the "D:\WINDOWS\system32\wbem\Repository\FS" directory. I clearly see all this hard-disk related stuff with the Filemon program from Sysinternals.


cheers, stalker

[lodore]

i like it the post and antivir funny enough i installed it on my sisters laptop today and the heristics are great. im thinking of getting ti for my desktop soon

[duke1959]

I gotta say, Antivir PE is hard to beat. You can schedule it to update more than once. It runs light, and has better detection rates than AVG Free and Avast. For me though, I just couldn't get past that darn Notifier Window that would greet me when I got on the PC in the morning after Antivir had already updated. I did start a thread on AOL AVS three free Antiviruses rolled into one? And so far I'm very happy with that Antivirus. I guess tomorrows August AV Comparitives will let us all know how well these AV's did this time, but I will most likely stay with AVS.

[Graystoke]

I recently switched back to AntiVir PE Premium after giving BitDefender 10 a try. I was really hoping I would like the new BD 10, but some very quirky things kept happening with it. I like AntiVir better. After figuring out how to get it to perform a full system scan, with the help of some of the friendly people here, I have no problems with it. The GUI is pretty straight forward. It also runs much lighter on my computer than BD 10.

[stalker]

Quote:

Originally Posted by stalker

Now I just couldn't live without its three crucial features listed below (again, at least crucial for me personally):

1. The "Filters" feature, which enables you to exclude up-to 12 processes from real-time scanning/protection. I think that this one doesn't require further explanation on why it is useful.

2. The "Write / Read only", i.e. an option for its real-time scanning that enables you to monitor only file-write or only file-read file-system operations (of course; or both)

3. The "Activate/Deactivate" feature through the system-tray icon; compare to for instance first invogking the GUI and then un-checking all the real-time scanning options in AVG. Generally I disable the real-time protection when I am off-line (quite often as a dial-up user), before defragmenting hard-disk, before software installations, driver-updates and all the similar "low-level" procedures.

/UPDATE: Oh and I forgot to update the first post in this thread, i.e. in my recent posts on other forums etc.) where I mentioned this, I usually added also the, in my opinion, 4th AntiVir's indispensable feature:

Quote:

4. The "Scheduler" feature, another awesome AntiVir's feature that is not only an "internal one" (updating its virus-definitions), but it actually works as a "full Windows scheduler", i.e. it's capable to execute arbitrary programs.

/edited: one minor formatting fix


stalker

[lodore]

hey the lastest av-comparitves backup your good points about antivir lol.

what i like about antivir is the easy user interface. low resourse useage.
sedguler. just add silent hourly update and daily and weekly scan and setup the options and your set.

I like the fact its just get guard and email scanner no webscanner or anything like that. sure some might thing is a bad thing but people have tested it and the guard will block it all.

it updates alot and on windows xp people dont seem to have problems.

lodore

[duke1959]

Well Antivir did quite well,even beat KAV. I am so tempted to go back to Antivir PE, but the unnoticed updates of AOL AVS verses Notifier Window of Antivir PE, isn't worth gaining the small amount of extra detection I would get.

[Don Pelotas]

Quote:

Originally Posted by duke1959

Well Antivir did quite well,even beat KAV. I am so tempted to go back to Antivir PE, but the unnoticed updates of AOL AVS verses Notifier Window of Antivir PE, isn't worth gaining the small amount of extra detection I would get.

Don' change your AV because of a AV-comparatives test, all this test shows you is that AntiVir has (in this one test) reached the same level as Kaspersky (where they have been for quite a while), if you change for such differences, then you're going to change a lot, because trust me a difference of 0.45% is nothing in realworld terms. They basicly both have a 99% detection which is as good as you can expect.

[woobook]

I like on-access more. AV-comparatives test is a reference only. As a newbie I am cautious to avoid misunderstanding the result.

[duke1959]

I must say that Antivir did better than Kapersky in the AV Comparitives Proactive Tests by a larger margin than the On Demand Tests, maybe because of it's heuristics. I can tell you though, that if I were to buy either product, it would be based on the one that frustrates me less with their free version. In that comparison AVS wins hands down because of the Notifier Window remaining after an update, and the way the Guard Icon disappears during it.

[pilotart]

Quote:

Originally Posted by duke1959

"... AVS wins hands down because of the Notifier Window remaining after an update, and the way the Guard Icon disappears during it.

If the protection from the AntiVir 'Guard' were dropped during an Update, I would be complaining, but watch Task Manager and you will see that it is not.

As for the AvNotify 'PopUp'; I would endure that if I had to, given all the benefits of using the free version of AntiVir

But, thanks to;

Quote:

Originally Posted by shek

It's better to use path rule instead of hash rule to block the avnotify.exe.

The following method applies to win2k/xp.

control panel-> administrative tools-> local security policy->software restriction policies->additional rules->new path rule-> choose the path of avnotify.exe (default is C:\Program Files\AntiVir PersonalEdition Classic\avnotify.exe) and the security level (disallowed).

The above method has kept the PopUp (and firewall warning) off my screen now for four months with no further action, it has been reported that different methods are necessary for OS's other than win2k/xpPRO and they are outlined in {The balance of this Thread} hope all can find relief from there.

Whenever I encounter an especially obnoxious promotional invasion, my reaction is to just avoid what is promoted.

So I must respect duke1959's choice to remain with AVS, but for me AOL had driven me to the wall long, long ago.

A local County Commission Candidate that I would have voted for switched my vote to his opponent by having his recording machine call me on the telephone.

[duke1959]

pilotart, I want to say I am actually looking for reasons to use Antivir again like for example it's great heuristics. It's just that I don't believe Windows XP has local security policies and the rest of what you listed. I have to click on Performance and Maintenance after Control Panel before even getting to Administrative Tools, and then when I get there I can't find the other things you listed after I click on Admin Tools. I think that examole is for XP Pro. Also I know the protection is still there during update, and I remember reading somewhere that Antivir will soon be changing how the Guard disappears during updates to improve the speed of the update. I will say that I am beginning to think my PC ran faster with Antivir on my 512MB of RAM PC, than AVS currently is. So i now have two reasons to switch back. I just want the third and final reason to be no more Notifier Window. Thanks for your post though, it helped a little bit in pushing me closer to installing Antivir again.

[lodore]

antivir doesnt slow down a a budget laptop £350 even on max settings aka scanning all files etc. the other day when i put f-secure on scan all files i couldnt evdn use it because it was so slow. i find antivir a dream av light on rsourse and easy interface.

[kdm31091]

Antivir is very light and easy to use. When the firewall comes out of beta it'll be a really cool suite.

[mercurie]

Quote:

Originally Posted by kdm31091

Antivir is very light and easy to use. When the firewall comes out of beta it'll be a really cool suite.

Suites! Will those of us who want this good AV be able to just get the AV?

[kdm31091]

Quote:

Originally Posted by mercurie

Suites! Will those of us who want this good AV be able to just get the AV?

Well, if not, Avira is still light even with the firewall and the spyware protection is part of the AV.

For "just an AV" I guess they'll always be AVG free. Avast detects some spyware I think.

[lodore]

nod32 will have a just av in nod32 3.0 i belive