Antivir PE

Discussion in 'other anti-virus software' started by Mina Guindy, May 11, 2002.

Thread Status:
Not open for further replies.
  1. Mina Guindy

    Mina Guindy Guest

    The german Antivir PE, does anyone use it?
    any reviews about it in English??

    thanx in advance...
     
  2. eyespy

    eyespy Registered Member

    Joined:
    Feb 20, 2002
    Posts:
    490
    Location:
    Oh Canada !!
    Mina,
           personally, I haven't used Antivir PE myself. I believe somewhere else in this forum it was discussed and that it was the same product as AVX. Somebody correct me if I'm wrong !!
    Anyhow, the reviews were not that favorable for that AV. If I were looking for a FREE Anti Virus, my first choice by far would be AVG. I think others would agree !! But it's a matter of preference Mina.
     Here's the link to AVG AV....
     www.grisoft.com

      good luck !!
                        Bill
     
  3. wizard

    wizard Registered Member

    Joined:
    Feb 9, 2002
    Posts:
    818
    Location:
    Europe - Germany - Duesseldorf
    AntiVirPE is not the  same product as AVX. I personly do not like it. AntiVirPE has a lot of limitations. Poor detection of complex malware (f. e. metamorphic viruses are not detected), limitation in detecting polymorphic viruses. It has no heuristic (except a poor macro heuristic). Úpdating means that you have most of the times the whole program (4 MByte download) and a restart is required after updating. Other limitations are that runtime packers like upx are not checked and no check for malware in email databases.

    For a free anti virus solution I only recommand F-Prot for DOS which is a little bit uncomfortable to use but has the better scan engine and a much better heuristic.

    wizard
     
  4. eyespy

    eyespy Registered Member

    Joined:
    Feb 20, 2002
    Posts:
    490
    Location:
    Oh Canada !!
    Wizard,
              check out this older "security/antivirus  string".
    http://pub24.ezboard.com/fsecureyesecurityfrm4.showMessage?topicID=96.topic
    Also, isn't F-Prot for DOS an "on demand scanner only" ?? I have it as a backup and on a floppy !!
               
                        Bill
     
  5. sig

    sig Registered Member

    Joined:
    Feb 9, 2002
    Posts:
    716
    Also, antivir had (at least when I had it) a tendency to false positives.   For a freebie I use AVG on my laptop.  
     
  6. wizard

    wizard Registered Member

    Joined:
    Feb 9, 2002
    Posts:
    818
    Location:
    Europe - Germany - Duesseldorf
    Hi Billmac,

    F-Prot for DOS is on-demand only. But this does not matter. You have to be a little bit more carefull and scan all new files before you open them. Better a good on-demand as an average on-access anti virus solution.

    wizard
     
  7. spy1

    spy1 Registered Member

    Joined:
    Dec 29, 2002
    Posts:
    3,139
    Location:
    Clover, SC
    So, why not both?

    BTW,  AVG might be 'average' (although I think that's strictly a matter of opinion) , but it does a lot more than F-Prot for DOS (try going into a hacker newsgroup with just F-Prot for DOS for protection and you'll see what I mean).

    When we're talking about programs, I'm going to recommend the one that does more for the user without intervention on their part.

    Does F-Prot for DOS provide any type of email protection?

    How do you update F-Prot for DOS?

    Do you really want to deal with an infection after it's happily residing deep within your computers guts, or do want something that's going to prevent the infection to start with?

    That's why I think they'd probably make a pretty good 'team' instead of promoting one over the other. Pete
     
  8. wizard

    wizard Registered Member

    Joined:
    Feb 9, 2002
    Posts:
    818
    Location:
    Europe - Germany - Duesseldorf
    What has this to do with virus protection? I think visiting a hacker newsgroup has more to do with the save configuration of the newsgroup reader instead of which av software someone is using. BTW what does an on-access scanner do when a virus is not detected?

    No really necessary when you use a 'save' email program. You can save the attachment and than scan it before you open it.

    Downloading the new signature files and copy it into the f-prot directory.

    On-Demand scanning does not mean to handle infections only 'after' an infection. It is the way you use on-demand scanner. On-Demand scanning means that you must have a little more discipline. You have to check every new file before you open it. That is the way how you prevent infections with on-demand.

    wizard
     
  9. spy1

    spy1 Registered Member

    Joined:
    Dec 29, 2002
    Posts:
    3,139
    Location:
    Clover, SC
    Sorry, still don't agree.

    People (in general) are extremely lax about security as re: attachment handling - if that weren't so, we wouldn't see the massive Internet-wide infections that we do.

    In addition, what about emails that contain malware that triggers simply by viewing? Anyone who frequents a board like this  knows that (a) you shouldn't be using a 'Preview' pane (if your email program has one) and (b) that their email should be handled in a 'restricted' zone of some type and (c) that their email program should be just as fully 'patched' and kept updated as their browser or OS.

    The problem (and the reason for using an on-access scanner that's kept fully-updated) is finding protection for the people who either don't care/haven't learned about protecting themselves and others from the spread of virii/trojans/worms, etc.

    A decent on-access scanner takes the burden off the user. They don't have to go thru the extra steps of separating the attachments and scanning them. They don't have to manually get updates and apply them.

    Of course, neither AVG or F-Prot will protect anyone if they're not kept updated (at least AVG will automatically check for updates every day at the time of your choice if you set it up to do so - will F-Prot? ).

    :) See, we're back to that 'taking the burden off the user' point again.

    " On-Demand scanning means that you must have a little more discipline."

    Uh-huh. With the Internet population as a whole, can you point me to where all these discliplined people are at? My point being, protection needs to be as automatic, un-obtrusive and as operator-friendly as possible - or people just aren't going to use it (or use it properly and consistently).

    And look, I hope you don't think I'm knocking F-Prot, because I'm not. It's an excellent program for those who are discliplined and who will use it correctly.

    Should everyone learn about and be interested enough in their and others freedom from malware to be able to effectively and consistently make use of a program like F-Prot? (Be 'more disciplined, IOW). Of course.

    But is it going to happen? Looking at the millions of people affected by each new virus that takes off well (and the millions of dollars lost trying to 'fix' things afterwards) , I'd say the outlook's not good. Pete
     
  10. Checkout

    Checkout Security Rhinoceros

    Joined:
    Feb 11, 2002
    Posts:
    1,226
    Roughly paraphrased:  You can lead a user to a terminal, but you can't make him think.  :)
     
  11. Rickster

    Rickster Guest

    Hey Spy...You are exactly right.  I can only speak as a consumer here.  Developers shouldn't lose focus.  I and a half-dozen people I know are all successful business types who are in the "almost know what we are doing on a computer."  We use applications and are serious about protecting them.  The only thing we're unanimous about is wanting to manually update - precluding the need to check what applications are calling out and why.  Other than that, we all would pay four times the price for effective programs that handle other details.  

    I'm not an MBA, but if you do that and test the living heck out of it prior to release - to ensure profits aren't consumed chasing bugs, you could easily double net revenues - and get a better protected public.  Configurability is actually a snag in the market perspective and stems from within the developer community and it's followers. Wonderful for all of you who dabble in it - but not really wanted by us folks with money to spend (7 voices speaking here).  And don't get us wrong here...we know what is like to scratch for hard earned dollars - but the best programs seem underpriced and the mediocre ones seem over-priced.  Best to you all - and thanks....Later, Rickster
     
  12. wizard

    wizard Registered Member

    Joined:
    Feb 9, 2002
    Posts:
    818
    Location:
    Europe - Germany - Duesseldorf
    Hi Spy1,

    what you recommand to the user is a nice gui which makes him feel save. On access scanning and automatic updates mean nothing if the av software is only average in virus detection.

    So I normal recommandation is commercial av software as you get on-access scanning, automatic updates and very good detection rates.

    So it's the user who should decide what kind of user he is. If he really wants a safe freeware solution on-demand scanning like f-prot does (btw daily updates  and a 3rd party tool for automatic updates available :)) and 'safe computing' are a better choice than a nice looking windows gui which provides a false sense of security. Even with AVG installed I would recommand safe computing, as AVG is not as good as other programs.

    wizard
     
  13. Technodrome

    Technodrome Security Expert

    Joined:
    Feb 13, 2002
    Posts:
    2,140
    Location:
    New York
    In this test some of the commercial av programs have been out-performed by free ones:
    http://www.rokopsecurity.de/main/images/reviews/test402/tabelle.gif

    Würmer-Worms
    Viren-Virus
    Gesamt- Total

    - 5490 Viruses - Bat, Boot, Com, Exe, Macro and Vbs
    - 140 current ITW Worms
    - 120 current ITW Trojaner/Backdoors
    Tested 04/2002

    source: http://www.rokopsecurity.de

    Technodrome
     
  14. eyespy

    eyespy Registered Member

    Joined:
    Feb 20, 2002
    Posts:
    490
    Location:
    Oh Canada !!
    AntiVir looks pretty good, according to these results.
    Never did try that one. Where's AVG ?
     
               Thanks TD,      
                                   Bill    :eek:
     
  15. octogen

    octogen Registered Member

    Joined:
    Feb 11, 2002
    Posts:
    212
    Can someone please explain why AV programs that do well in Virus Bulletin ITW tests (NOD32, F-Prot, etc.) didn't do quite as well here and why those that generally don't do as well in the VB tests (AntivirPE, McAfee) did well here?  Thanks.
     
  16. octogen

    octogen Registered Member

    Joined:
    Feb 11, 2002
    Posts:
    212
    I'm sorry...when I said "here", I meant in Rokop tests. :)
     
  17. Technodrome

    Technodrome Security Expert

    Joined:
    Feb 13, 2002
    Posts:
    2,140
    Location:
    New York
    Virus Bulletin testing only for ITW (in the wild) viruses.
    They are not going beside ITW!!!

    Technodrome
     
  18. spy1

    spy1 Registered Member

    Joined:
    Dec 29, 2002
    Posts:
    3,139
    Location:
    Clover, SC
    AVG served me excellently when I was using it as my primary AV on two computers (I'm using NOD32 now, but I still use AVG when dealing with email responses).

    Real-life protection (of which I experienced many examples when I used AVG) mean more to me than any 'survey'.

    Should my financial condition change, and I have to go back to using a free AV program, AVG will be the one.

    Because it never let me down. Pete
     
  19. wizard

    wizard Registered Member

    Joined:
    Feb 9, 2002
    Posts:
    818
    Location:
    Europe - Germany - Duesseldorf
    Before reading the test you should take in concern the following issues. Which were partly also stated in the review. Technodrome has only taken the numbers.

    First of all: Take for example the trojan detection: 99,2 % for rate for AntiVirPE looks impressive but is uselsess. Just take a simple runtime packer like UPX and redo the test. Result: 0% detection.

    Second example: VBS detection. The main issue of VBS malware is that when a sample gets in ITW than a lot of variants appear because it is very easy for script kiddies to change the source code. Love Letter is a good example for this. Even this year new variants came out. So when taking a closer look to AntiVirPE you will find out that AntiVirPE has no vbs heuristic. That means while other programs can detect most variants with heuristics AntiVirPE needs to be updated each time.

    And the story goes on: Macro viruses (I do not know if this problem is solved): AntiVirPE claims to have a macro heuristic. So I tried last year in a proof-of-concept to copy the source code of a simple melissa-virus variant (famous macro virus) into a new Office2000 document. AntiVirPE was enable to detect it. Further investigation took me to the point that it is possible to move the source code out of an old office document into a new one and than the macro virus can not be detected anymore by AntiVirPE. KAV for example can not be fooled with that. As I said before this problem maybe fixed.

    But the greatest issue about the test was that it only uses old DOS viruses (many of them older than 10 years). DOS viruses can not infect windows files and most of theses viruses used in the test are not working anymore on modern windows systems. That is why some vendors already removed the detection of such old crap.

    What is more interessting how the program could handle actual Win32-viruses. These viruses are much more complex than the old DOS viruses. AntiVirPE for example can not handle metamorphic viruses and also there are problems with polymorphic viruses. The test of Rokop-Security did not test polymorphic viruses as the viruses used in the test can not be executed anymore. See additional test notes.

    So there are much more issues in anti virus software tests as the figures shows.

    wizard
     
  20. Technodrome

    Technodrome Security Expert

    Joined:
    Feb 13, 2002
    Posts:
    2,140
    Location:
    New York
    I am very curios to see this proof ?

    What you said above is correct but this will not only effect Antivir....It will effect many other commercial products as well.


    Technodrome
     
  21. wizard

    wizard Registered Member

    Joined:
    Feb 9, 2002
    Posts:
    818
    Location:
    Europe - Germany - Duesseldorf
    Correct. It is not a AntiVirPE related problem but AntiVirPE still has signatures that other vendors removed to decrease their signature files size. So the size of updates was never a matter for AntiVirPE. In most cases you have to update the whole program (~4 MByte).

    wizard
     
  22. dqa

    dqa Registered Member

    Joined:
    Mar 17, 2002
    Posts:
    33
    Location:
    London
    A word in response to the original question from Mina about AVPE:

    I have used Antivir PE for the last couple of years, supplemented by a stand-alone anti-trojan app, ZA Free and caution in general computing practice.

    I have found AVPE to be an excellent piece of FREE software which has kept me safe from virus-infection.

    It *is* subject to a few false alarms, and one *does* often have to download the full prog in order to update.

    However, the latter point doesn't matter much to me cos I have a cable broadband connection and can download the entire file in a minute. As for the former, I'm prepared to put up with it from a product which I don't have to pay for.

    Although I have lots of respect for the analysis and comment here at Wilders, most of it from people whose expertise is greater than my own, I must say that I have nothing but good to report about Antivir, and that I must dissent from the general Wilders opinion on Antivir, which is a real freeware goodie...

    ;)

    Regards,

    dqa
     
  23. Paul Wilders

    Paul Wilders Administrator

    Joined:
    Jul 1, 2001
    Posts:
    12,472
    Location:
    The Netherlands
    Welcome dqa,

    Nothing wrong with that; anyone surely is entitled to his own opinion  ;).

    regards.

    paul
     
Thread Status:
Not open for further replies.