Avast! VS AVG(Free Editions)

[aigle]

Quote:

Originally Posted by Firecat

I'm pretty sure that the difference between Avast and AVG Pro would be approximately 1 to 1.5% and AV-comparatives' percentages do not take spyware detection into account. However, I completely forgot about spyware, and since Avast detects spyware while AVG (free edition) does not, I suppose in the real world Avast would be a lot better. My mistake. I am getting VERY forgetful these days. )

In that case I can say that for a safe surfer and who is not installing doubtful software, AVG AV might be as effective as AVG antimalware( Pro).

BTW really Firecat I think AVG AS has a significant contribution to good detection by AVG malware. I have AVG AS on-demand and I see it detecting more and more trojans/ spyware. Though ofcourse my experience is much limited than u.

[Firecat]

Quote:

Originally Posted by aigle

In that case I can say that for a safe surfer and who is not installing doubtful software, AVG AV might be as effective as AVD antimalware( Pro).

BTW really Firecat I think AVG AS has a significant contribution to good detection by AVG malware. I have AVG AS on-demand and I see it detecting more and more trojans/ spyware. Though ofcourse my experience is much limited than u.

Not very significant, but yes it makes a difference. For example, I recently got 135 samples. AVG without Anti-Spyware engine (i.e. AVG Pro) detects 116, while AVG AV+AS (i.e. Anti-Malware) detects 132. So overall, not too significant, but yes it contributes a lot to the detection rate. Also nowadays Ewido adds my samples faster than AVG itself does.

[Escalader]

Hi Firecat and aigle and others here on this thread:

Glad to see you are all enjoying yourselves!

Just some of learning questions from me:

1) Where/How do you get these "malware samples"?
2) Isn't the very act of getting them a threat to your own PC's?
3) Or maybe you are using a test or high risk PC only for that work?
4) Why not just use the AV comparative work?
5) If I wanted to test your samples against my setup how would I go about it?

[aigle]

Quote:

Originally Posted by Escalader

1) Where/How do you get these "malware samples"?
2) Isn't the very act of getting them a threat to your own PC's?
3) Or maybe you are using a test or high risk PC only for that work?
4) Why not just use the AV comparative work?
5) If I wanted to test your samples against my setup how would I go about it?

1- From here n there, I have to PM to some memberes here.
2- Not really. SSM, GW, ATI
3- No test PC- ATI
4- Just curiosity
5- PM, but u need reliable backup and/ or a test PC.

[Firecat]

Quote:

Originally Posted by Escalader

Hi Firecat and aigle and others here on this thread:

Glad to see you are all enjoying yourselves!

Just some of learning questions from me:

1) Where/How do you get these "malware samples"?
2) Isn't the very act of getting them a threat to your own PC's?
3) Or maybe you are using a test or high risk PC only for that work?
4) Why not just use the AV comparative work?
5) If I wanted to test your samples against my setup how would I go about it?

OK, here are your answers

1) Through various sources, such as PMing certain members. Also, if you have a base sample set, you can always trade these with VXers to get new ones.

2) As long as you keep them safely locked in password protected archives, it is no threat. If you are extra paranoid, use Virtual Machine software while handling such malware samples.

3) A separate folder that is full of these nasties locked up in password protected archives.

4) Good point, but the point of my testing is not really to test detection rates and compare AVs but rather to submit the undetected samples for analysis. This way more users may be protected, and besides, there is no guarantee that my samples may also be a part of IBK's test set. The detection rates are secondary, but obviously the one that detects more protects me better and hence is good for me.

Of course, when I submit undetected samples for analysis, often I am also told which of the samples are corrupted ones (and hence pose no threat), and those samples can be deleted.

5) Contact some of the members here and ask around, and ask them to always send the samples in password protected archives. Then, use the password and extract the archives to a separate folder created for this purpose. Next, right click that folder and run your on-demand scanner to see what is detected and what is not. And submit the undetected ones to whoever you want.

BTW, sometimes these samples may occasionally expose a bug or two in the real-time scanner of your AV/AS/AT program. This is not a common occurence, however, and should you come across a situation where your RTM crashes or a file is detected on-demand but not real-time, do not panic. Submit the sample along with a description of the problem to your product vendor. Again, this is not a common occurrence and you should not worry about it, as such bugs occur very rarely.

Also, I would like to say that almost all AV/AS/AT vendors have priorities and need to add signatures on the basis of importance, since manpower and workforce is limited. If you have got a reply from a vendor that your samples will be added, and they are not added into the next signature database, please wait for at least 2-3 days more so as to give the vendor some time to add the samples. One cannot expect all samples to be added within 24 hours.