Hardest AVs to fool?

I'm wondering if there are certain AVs that are harder to fool than others.

 

The hardest antivirus to fool?.....thats easy.......DRWEB!!!!!!! This is the best antivirus out there. Next in line is KAV.

barney

 

In my opinion the big names in the av market would be harder to fool. Such as computer associates
nod32
kav
mcafee
norton
command
f-prot
f-secure
Dr. web
and there are a few more that in my opinion would be the harder ones to fool. but none of them are fool proof. There are a few good free AV'S but IMO they are not quite the quality of the others.

 

I have KAV and it would be nice to know that KAV is among the hardest to fool.

 

KAV is a very good AV probably as hard to fool as there is.

 

Thanks for the replies.

 

Fool in what way ?

Almost ALL antivirus software is at risk of malware editing, to make it no longer detected. There is no real way around this, even changing signatures wont help against an experienced attacker. Layer those defenses and above all, be careful what you allow to run on your machine !

 

I think GDATA is the one you are looking for...

 

Gavin - why do you say ALMOST all? Yes, that's what I meant - strong signatures are important.

 

"Strong" signatures makes it just harder for the scriptkiddies but not impossible. I think a good combination out of multiple products can also be real helpfull. Imagine a case where somebody is using TDS-3 and NOD32.

For TDS-3 the scriptkiddie has to patch the file string detection, memory detection string, mutex, various heuristics strings and so on. And for NOD32 it is to "fool" the advanced heuristics and of course the detection string.

wizard

 

Gavin is right and so is Wizard. i'd like to suggest Process Guard from DCS, the makers of TDS3. well all the AVs are softwares and softwares can have known or unknown vulnerabilities. for example in 9x platform you can just delete the database files of Trend Micro or F-Prot. they won't complain and they won't mind. as for the mighty KAV, you place a ; infront of the database filename in KAV.SET and KAV stops using that file. i don't know if the Kaspersky guys fixed this. DrWeb is pretty strong in this way and so is NOD32 though its CRC selfcheck isn't that good. one more AV like that is F-Secure, its very hard to fool it.

 

I agree that NOD32 is at the top, based on my experience with 3 of the top 5 on BigC's list. Can anyone tell me WHY the most popular computer magazines, like PC World and PC Magazine, always rate McAffee and Norton on the top? I don't ever think I've seen NOD32 or KAV mentioned in any of their security articles.

 

That's an easy and commonly known one: money plus marketing - no connection in any way with the real strength from softwares.

Blue

 

I always suspected that. Glad I didn't renew my subscription.

 

Well, probably KAV fixed it if it's that simple. I run BOClean with KAV just to be safe. I have BitDefender as backup AV.

 

Im a newb here. When someone says he runs an AV program as a backup does that mean that that person has both programs installed and one has the real-time san turned off? Sorry for the stupid question.

 

Yes that is what it means, It is nice to be able to scan with a different scanner sometimes since the av programs don't all scan just alike. One might find somethind the other one missed

bigc

 

Correct VinceVega!

Both installed. One running on-demand scanning only, the other always running in background. I always disable the main AV prior to running the on-demand scanner, though.

 

mcafee actually is a very good antivirus with almost-kavlike-trojan detection and unpacking

norton too is a good VIRUS scanner, no doubt about it.

just happens to be one of the biggest advertisers too, and a wise dog doesn't bite the hand that feeds him

 

If you would like to see whether a file of your AV has been changed, use a file-integrity-checker and put those files in its database
Of course changes in those files can be very legitimate: a simply definitions-update
It's the user who decides whether a change was legitimate or not.

 

What about the heuristics in DrWeb & now NOD32 -- they have pretty good shots at detecting stuff, even if it's new or the signature has been disguised, don't they? Or do they?

~~~~~~~~~
Ah well, heur today & Guam to Maui............ bellicose

 

Bellgamin - Great question!! There have been a couple of posts as of late that refere to viri that are not detected by various AV's. Why are these hueristic algorithims not working in these cases? Which AV has the best hueristics algorithm?

 

Well I suppose it's kind of like a paradox. Let's pretend NOD32 & DrWeb are the current popular Symantec and McAfee. The majority of the malware that will be spread would most likely not be detected by their heuristics (as there is no perfect heuristic alg), since the virii creators would concentrate on bypassing the heuristics as one of their main criteria.

 

You know it is funny you hear so much about this AV or that AV and what they can or can not do that you can get a lot of misconceptions. Let me ask you a question, If you were to go to the big corporations around the world and ask them which AV software they are useing which five av's do you think probably at least 85% of them would tell you they are running. They are running them because they work not because of advertising or a lot of hype. They can not afford to run security software that doesn't work very well. My opinion on those four AV's would be.

Nerwork Associates (mcafee)
Symantec (norton)
Trend Micro
Computer Associates
sophos
Test's are great to get an idea how an AV might work like in the real world. But these four AV's have have earned their place in the market. People can say that it is money and advertising that got them there but I will disagree, I believe that they worked hard to develope their product and earned a place in the market with products that work where it really counts.