Antivirus- What is it really supposed to do?.

I was alerted to this the other day and thought it would benefit some discussion.A reader was defending an antivirus which i won't mention{ i've learned that lesson} that had let by trojans which were causing major difficulties for this user.This reader said that antiviruses should not be held accountable for anything but viruses.Now this wasn't my impression of what a good AV was supposed to do.I always thought AV's dealt with everything but spyware which is left up to those scanners.Was he right?.Do we also need a full time running trojan scanner also?.If he is, then i've obviously been too harsh on my critisim of some AV's including Zonealarm's which is doing good against viruses but not trojans.Let me know your thoughts on this and if i have to rethink my security setup of a good AV and a few spyware scanners.I do have a trojan scanner but only run once a month to validate my AV's protection.

 

you might want to add ewido and a2 as your at's

 

Some AV's do pretty well at detecting trojans and worms but usually don't handle them as well as a dedicated AT or AW. An av's primary job is in it's name "Antivirus"

 

Thats bs to be honest. Have you seen any viruses lately (with virus i mean parasitic file infector)? Just few? Just look at signatures and you'll see that large majority of all signatures added are worms, trojans and spyware/adware. So no, "antivirus" doesn't mean antivirus.

 

tobacco,

A good AV should be able to handle all forms of malware to a decently high degree (leaving decently high a little undefined for the moment). That means trojans, and it also means spyware although they really only handle spyware well by nipping it at the downloader stage. So yes, they should be accountable for all types of malware since, basically, this is what the mass market buys these products for - protection in a generic sense. In the past, AV's behaved as the reader you mention notes, but that's simply not commercially viable these days in the mass market.

Now, for me decently high means an Advanced+ rating on either or both of the demand or retrospective tests performed by www.av-comparatives.org. That makes the pool of my current candidates BitDefender/Kaspersky AV/McAfee/NOD32/Symantec-Norton and products that use one or more of their engines. All of these products handle trojans quite well.

From your previous posts, you use F-Secure, which would fall under the Advanced+ rating via association. Do you need a dedicated AT? Probably not, nor do I need one, although I happen to use one (BOClean) running as a process memory scanning backup to my AV (NOD32 or KAV depending on PC) and it has on a couple of occasions nailed something that inched by.

Very decent coverage is afforded by using a NAT router (or software firewall) and a good general antimalware package like F-Secure. One can always augment this type of setup, but the point of diminishing returns is quickly reached even if the products are quite deliberately selected on the basis of clear non-overlapping functional grounds.

Blue

 

RejZoR-Baby is right

 

This is what an antivirus is supposed to do. my favorite antivirus is edward av. Great detection!!!

http://www.homestarrunner.com/sbemail118.html

Alphalutra1

 

Thanks, I needed a laugh.

 

No problem, I just remembered it from a post at the Cnet forums from a guy who was sick of the "what's the best av" posts. I especially liked the rip on linux at the beginning Humor always helps in these usually serious forums

Alphalutra1

 

While athletic individuals may be able to play all sorts of sports, it is usually just one in which they excel. I sort of think of these security protection programs in that vain. They may be able to detect all the various types, but are best in their individual specialty. Currently using seven (7) security related programs, I know for a fact there are other individuals who use many more than that number.

Thanks
Wildman

 

IMHO. I do not care what AV you use. I believe you should always, if you can afford to, have a dedicted AT. (So I guess that puts me in BigC's camp).

As is usually the case the most educational and complete advice is given by Blue.

I use BoClean too. But do not consider it to be the only good one in the universe..... just maybe on earth....

 

It's a matter of literal definition ! AV = antivirus, it's that simple. AT/AS/AW/ARK all instantly conjure up their own specific definitions too.

If a product does more than one initial intended dedicated function, then great who would complain. And if it's all thrown in for the same price, even better.

A lot of people out there who don't visit forums such as this will be confused though i think. So do we now need to re think the terminology, and come up with more inclusive titles for products.

But personally i still feel that dedicated Apps are a much better idea all round, rather than suites and the like.


StevieO

 

I should not be surprised but , I am . What a question . Better yet , where is Happy coming from ? OMG . Guess I need to switch . StevieO got it right ! Antivirus is just that . Some detect trojans better than others BUT , they are AntiVIRUS programs ! And Happy believes it is not ? Ok . No problem . With this new info , I will switch . And when Eset decides that Happy is correct and renames their AV to an AntiMalware program , I will look into again . I used to respect some of the people here but , sheesh ! Save your money and buy a dictionary !

 

Yeh, but even the free AV's do well against viruses.It's catching the worms, trojans, on top of that which seperates the good ones from the others.If we used that thinking, then we could all use AVG for viruses, then a seperate trojan scanner, worm scanner, where do you stop.Do you think it's asking too much from one product to do these well?.I don't and there are products that do it well.

 

Viruses have evolved over the years to become more complex, and now are classified under different categories including trojans and spyware. Some even cross the line with infection routines that utilise mixtures of more than one type. AVs need to keep pace as they can no longer be just targeting "viruses".

 

It's all about well known naming scheme. AVs got it's name in the virus era (the parasitic ones), but environment changed but name persisted.
Would you rename your "Ferrari 360 Spider" brand to "Ugibuggybrumbrum" ? I guess not.
Same is with AVs. Everyone know that if you want to protect PC you need antivirus. It's a common term.

Ok, lets turn the thing around. Anti-TROJANs also detect spyware, worms and viruses. Wait, you said they are ment just for trojans? Eeeeee wrong.
They should also be called Anti-Malware, but they're not. So who's wrong now? And we again return to well known regular Joe terminology which includes word "antivirus"...

 

I didn't expect such an unqualified behavior, especally from you.
You should have noticed that spyware and "border crossing applications" between lets call them good programs and programs which claim to be good but aren't are incrased dramatically in the lets say past 2 years.

There's a huge market open with spyware, adware and lets call it scumware detections. Do you really think that the AV industry would just let it go down the drain and give such parts to much smaller, often with only 3 or 4 persons running companies?

 

... and for example, the ESET already call its AV as Anti-Threat because it already covers almost all malware...

 

Would any of you agree with my post #10, or am I out to lunch on this thinking?

Thanks
Wildman

 

I think the responses in this post generally reflect whatever product your using and the ones agreeing with my opinion of what an AV has to do in todays enviroment, appear to have a program that has adapted well to various forms of malware, not just " viruses".It is these defensive responses however that i truly don't understand.I guess if you have some sort of fianancial ties to a product, that would explain it as we all know "Money talks", but i can't comprehend any other reason but your pride being hurt that your using something that's performing not as well as others right now.And continuing to defend and support these AV's in IMHO, won't help them get any better.There is no incentive to adapt until sales take a hit.If they can't adapt like some of the others, then do all computer users a favor and get out of the market.

 

In this area, if a company only try to be good in one type of malware, it will not have any future, because if we already have a very good solutions for the main malware, why buy a program that only protect us agains't one type of threat, and why have a computer with a lot of programs that will only slow down our systems?

 

The danger of entrusting one App to protect your PC, is that should for any reason it goes down, then you could be in deep poo !

So once again the layered approach is wiser i feel. These days with GHz procs and Gb Ram etc, overhead is just fine. I don't run the fastest etc PC and suffer no ill effects from this approach. In fact i feel safer all round.


StevieO

 

I also don't like to use an overall program protection, but we could use "some" programs that can protect us for our needs...

I like to have a balance between speed and security, and now I really have it...

 

I don't think anyone is saying to use one program for everything and one program only.I feel that you have to have a strong first line of defense and by strong i mean, very good at different types of malware not just viruses.Then you can add and build around it to help support it.But you have to count on your first line of defense to give you the best protection.If its only good with viruses, then what your actually doing is counting on your 2nd or 3rd level of protection and that is when users find themselves in alot of trouble.

 

Well now . Since AV programs detect everything nowadays , I think we need to choose the one that detects the most crap . Guess NOD needs to be dumped in favor of KAV . Never thought I would say that but , this is a circus . I choose AV programs based on virus detection and use other programs that SPECIALIZE in other crapware . But , now that you all agree that an AV is not a specialized program , I guess a firewall with KAV and Ewido for backup for crapware and I am set . I never knew I could get rid of all of these programs I use . Wow ! Thanks for the help guys
By the way , maybe you guys need to get all these AV companies to change their genre' . Oh yea . AV is not a genre' . Oops . Sorry