New member with a stupid question

Well Max, I would say zero day malware is more important eh?

 

Franklin,

You are mild, I had offered him a side salad to go with Zorin's hat

Let's say I am happy with company's like A2, MBAM, SAS offering free scan on demand software. Before running an image backup, I always run those 3, just for good practise.

 

If you think MBAM and SAS are of no use and do not remove malware as well as "standard apps" that's your business. But I am not buying it. How many virus infections occur these days as compared to spyware, trojans and rogue anti-spyware/av's? Removal is important. And of the tests I have read and seen MBAM and SAS are usually better at removing these type of infections.

Likewise, not having constant false positives is important. If you do not think A2 has false positives then you have not used it very long. And unless there have been some major changes since their last version the FP issue still remains.

I am not saying A2 is a bad app. I have had several full version licenses of it but always uninstall after a few days and go back to SAS. But A2 just works better for me as an on demand scanner. It has a good detection ability, albeit a high number of false positive (and that was before incorporating Ikarus). A2 has a nice support forum as well. I wish they and Ad Muncher would figure out why the two programs will not work together. It has something to do with the Malware-IDS. That issue has been known for 2+ years now. I'll take my Nod32/SAS combo and my Kaspersky/SAS combo over your Ikarus/A2 combo any day.

 

Yes, hardly a large or scientific test - unlike these below - and PLEASE - would the usual suspects avoid embarsing themselves by pretending the tests are flawed in order to explain why their app is last!

http://ssupdater.com/modules/Forums/index.php?showtopic=3746
http://ssupdater.com/modules/Forums/index.php?showtopic=3938

The same site has also done a specific test om MBAM V Avira on a sample of 324 pieces of malware, less than 30 days old. MBAM detected only 13, whereas Avira (free edition) detected all but one.

If users are happy using MBAM, SAS etc, then fine, but it is irisponsible to always advise novice users to use these. Im forever seeing people say use MBAM etc - use it as a free on demand scanner by all means - but dont make the mistake of thinking it offers any measurable widescale protection - as it has been proven not to.

Speaking of hats - I believe you get a tin foil one with every registered copy of MBAM or SAS!

MZ

 

Ad a: be a sport (not a Max Zorin, great nick name by the way), you said ANY, do not change the bet

Ad b: You will always find a lot of blind 'follow the masses' advices. I appreciate members who spice up the discussion (like you), only be fair (see a).

Cheers

 

Max, thanks for the links.

I think all tests are different, all can be useful.

For example, the user here Guest, kindly tested most programs against his 80 000 sample (about this many I think). What he found, most AVs couldn't even load to begin detecting/removing problem files. From memory, A-Squared, Avast performed ok, tools such as AVZ didn't. The majority struggled to be installed, and once installed, struggled to remove many of those problem start-up entries bombarding a user with prompts and alerts.

SAS was able to load and remove most of these problem programs, especially the ones at startup. So although it may have missed files which lay dormant, the active ones screwing a person's system up, were taken care of. With the malware tested in that one test, combined with an AV, SAS could have removed those 'new problem threats', although only being maybe several problem files, these may have prevented the AV from functioning.

What I learned from that one test, programs like MBAM and SAS work with your AV and focus on new threats while your AV will most likely take care of the older viruses.

But all tests are different as the amount of 'malware' in circulation is in the many millions (or more).

 

Im sure SAS and MBAM do remove some things that some AVs miss, but on the whole, I do not subscribe to the belief that these niche scanners have some property that the main AVs dont. Yep, you may cite an example of a specific instance where SAS / MBAM removes something KAV or Avira misses - but this is misleading, as it is a fact that one could cite hundreds more instances where the AVs remove nasties where the AMs fail.

My fundamental point is that I dont believe (as there is no evidence) that these niche AMs are better able to detect or remove nasties than wider spectrum scanners. There is a myth put out that in being narow spectum, this in itself gives them some super ability - this is not so.

See below to see a test showing A2 REMOVES more than many AVs:

http://ssupdater.com/modules/Forums/index.php?showtopic=3589

the reason I always recoment A2 is because it is a wide spectrum scanner and uses several methods to provide protection - including the Mamutu HIPS. If someone was going to pick just one app to run alongside their AV, it would NOT be logical or sensible to select MBAM or SAS over A2 - given A2 detects more, has more functionality and uses several protection methods - the HIPS is crucial here.

As for FPs, yes, A2 does have some - but many fewer than it did. I have not had any on my system in about a month - and Im always toying with it. I would prefer to have occasional FPs - which you can verify / test with any number of online scanners, than have something that misses new threats or modified nasties.

I do own a license for SAS - and Trojanhunter!! - but dont have it installed. None of the dedicated AMs I have used have ever found anything - ever - only A2 - which detected a piece of malware even Avira missed.

As a point of interest, I installed MBAM to see if it detected the same malware (a rogue installer) and it did not. I submitted the file to MBAM and Avira at the same time. Avira analysed it, gave me feedback and updated their database within a few hours (2-3) - so it detected it. After 24 hours MBAM had not. In total, I sent the same sample three times over a week - but it was never added!

MZ

 

Well, indeed - I remember many years ago some 'strange' and 'new' - for most people - dedicated software like Tauscan and, yes, TDS-3. DiamondCS was light years ahead in my humble opinion.

This is something that I've been thinking about fairly recently. Having all the arsenal of on-demand scanners like MBAM, SAS, A2 and more - does it really make sense to use it, while my realtime protection (i.e. resident AV's like Avira, Drive Sentry, not to mention D+. TF and all the rest) is not that weak at all?
On the other hand, I remember that once or twice BOClean and others did detect something that my AV missed. The question is - where is the line after crossing which, using more and more AM (by which I mean a general Anti/Malware/Virusware/Whatever-Is-Bad-Ware) simply doesn't make sense?

What about a Drive Sentry then? It also offers a community protection, moreover - as Kees1958 stated somewhere - quite qood registry support out of the box. So, let's assume that software like DS, Prevx Edge offer a wider spectrum of protection in comparison to the likes of SAS, MBAM. Would it make sense to change them for their more wide-reaching competition?
I'm asking because I've been using both SAS realtime and DS and if it wasn't for the BSOD & ntfs.sys bug with combination of DS * SBIE I would have stayed with the combination of Avira and Drive Sentry.

But what if adding, like I said above - software like - let it be an example - Prevx Edge or Drive Sentry gives you additional gain that is more than this '1/20th' of protection to the system, where, you have - let it be an example again - only Avira and, say, Threatfire?

Someone could say - "What about CPU overhead, memory usage?" - well, I don't care as long as all the active software isn't conflicting with each other and doesn't make me click ten buttons to launch Photoshop.

One point could be interesting - would it be possible that dedicated AM's have their databases enriched with the more 'classical' threat signatures/their engines boosted to detect more 'classical' stuff so that they could compete with their bigger competition like Avira or, say, KAV or is this unlikely?

Best regards

 

@swordfish - The original question posted was asking if the user needed to add anything to ESET to secure his system - and I think the answer is "not really"

Adding any AM app which has very narrow detection capabilities / detects small No of nasties will add almost nothing to the security of the system, but adding a wider spectrum scanner will marginally improve security.

Its not a good idea to run two AVs as they can conflict with eachother and result in worse protection than just one. A-squared and Prevx Edge are wide spectrum scanners, but do not conflict with any AVs (I know A2 uses the Ikarus engine, but it is implemented in such a way that it does not conflict).

I know there are several other wide spectrum scanners out there - but Im not familiar with them. Im confident these others would be a valuable second line of defence in support of an AV.

AM apps which dont just rely on signatures must be a good idea as well - a HIPS is very useful as will be community based detection.

As to the possibility of the narrow spectrum AM apps out there increasing the size of their detaction databases - 1) whats the point? - all the AVs out there do that already. 2) the vendors in question say they dont want to "bloat" their databases - excuse me while I laugh... 3) the vendors in question have small databases as they dont have the resources to have larger ones.

You will have noticed that over the last 10 years, various security apps have merged in to packages - firewalls, AV, HIPS, popup blockers and AMs commonly are found in a single package - this is the way it is going. in the next 1-2 yrs, the AM vendors in question wont be here.

 

The first thing that I think of when seeing those test results is whether the test bed is an accurate representative sample with what is found in the real world. For instance, the test bed consists of "Windows Viruses, Trojans, Backdoors, Worms, Spyware, Adware, Rootkits, Exploits, Keyloggers, Hacking Tools, Malicious Scripts and other malware". But I do not see how many samples are in each category. If the samples are- say- 90% windows viruses and the remaining 10% spread out among the other categories, then that would easily explain why MBAM and SAS do not test very well as they are not anti-virus products. And for added argument, if the test bed is 90% windows viruses but in the real world only 50% of infections are caused by windows viruses, then the test results are misleading. Again, that is just pure speculation as I do not know. But it is something worth considering.

 

Seems to be nothing more than an A vs B thread with some people going with one site results and others with a different site.What is the point?Can anyone prove which site is correct?I think not!

 

It is clearly not an A vs B thread - why say such a thing - read the thread, its called debete - you learn from it. Try it some time!

 

OK, teach me something you can prove 100% correct with your pointless debate as you call it.Can you?

 

Please dont try to sabotage this thread. You are not forced to read it if you dont like it!

 

Many valid opinions/options.

You might be able to get a compatible and effective antispyware application with real-time protection, although I can't give even one example !
On-demand antispyware applications, free and otherwise are more abundant.

I don't know much about ESET smart security.

Patching holes in your programs, removing vulnerable applications, and configuring your browser safely are important.

Virtualization is becoming more popular, programs like Sandboxie and Returnil could be valuable assests, although I've never used them.

Other, more technical 'fixes' are available, but it's too complex for me to handle that issue.

A particular removal tool: imaging software and hardware (external harddisk), like Acronis, although it's said that the later versions are more bloated. This way, every time something goes wrong on your computer you can restore a clean image.

 

I would never sabotage a thread.My point if you need help understanding is you can't prove anything with you site,link test and nither can any others with their's.I gave my take on this as don't follow,Do,as in and for yourself.People speak of what they think they know,not what they truly know.

 

As Max pointed out, I think ESET will be more than enough for most users. But it depends on your browsing behaviour. For example, do you spend most of your time reading on forums, or do you prefer to download unknown torrents and programs all day?

Using a-squared free, is definitely a good backup program. And although a full scan takes awhile, you can't go past Dr.Web's CureIt for another backup scanner that doesn't need to install and has proven itself as 'curing' or cleaning files effectively.

I'd stick with ESET, and do a full scan with a-squared free or CureIt once every couple of weeks. If you find that these additional programs are finding 'stuff' they shouldn't be, then it might be time to invest in using something like 'DefenseWall' or 'sandboxie'.