RAV evaluation...help me with a few thoughts

Discussion in 'other anti-virus software' started by Karl_Menshy, Apr 19, 2003.

Thread Status:
Not open for further replies.
  1. Karl_Menshy

    Karl_Menshy Registered Member

    Joined:
    Apr 18, 2003
    Posts:
    135
    Have been thinking about a few AV choices lately. The task is: Install an all around AV solution on some friend's PC. The scanner should be good in virus and trojan detection, i.e. without the need for an additional AT solution.

    -> NOD is no choice

    Second: The on access scanner should be fast enough to be hardly noticed, so that it can be left monitoring all the time with no user intervention

    -> Kaspersky and Kaspersky based AVs are out, because even with multiple adjustments (thanks to all the helpful comments in the forum :)) the monitor is way too heavy, making even faster PCs feel sluggish.

    Third: Updates should be regular and small (dial-up connection).

    -> F-Prot is out with its 1.5 MB files

    Result: Judging by all the recent reviews and VB tests that leaves DrWeb and RAV in the selection. As I had some troubles with false positives with DrWeb I am afraid it would be no good solution for less experienced PC users.
    I have been evaluating RAV for a few days now and so far I am impressed. The engine is really quick, no bluescreens or other incompatabilities.

    Concerning detection rates: Recent tests mentioned in the forum show quite good overall performance.

    In short: RAV seems to be a competent all in one solution with a fast engine and small and regular updates.

    But I would like to hear your feedback on RAV before buying. Any long time experience? Any known issues?

    Thanks for your help. Oh...one last word: I have been reading the wilders forum for a long time...now it's time to participate ;).
     
  2. Technodrome

    Technodrome Security Expert

    Joined:
    Feb 13, 2002
    Posts:
    2,140
    Location:
    New York
    RAV is a great AV! ;)

    Here are some relatetd topics:

    http://www.wilderssecurity.com/showthread.php?t=6017;start=0

    http://www.wilderssecurity.com/showthread.php?t=6222;start=0

    http://www.wilderssecurity.com/showthread.php?t=2242;start=0


    Technodrome
     
  3. Karl_Menshy

    Karl_Menshy Registered Member

    Joined:
    Apr 18, 2003
    Posts:
    135
    Technodrome: Thank you for the links. Of course I have been searching the forums before ;). But those posts don't contain any long time experiences...so I thought I'd ask again.

    Seems that RAV has not too many users outside its home country...

    Karl
     
  4. Blackcat

    Blackcat Registered Member

    Joined:
    Nov 22, 2002
    Posts:
    4,007
    Location:
    Christchurch, UK
    Hi Karl

    Recently, I did trial RAV and several other AV programs, including E-Scan, AVK, KAV and Dr Web.

    I was impressed by the ease of use of RAV and its detection abilities as judged by several AV test sites.

    I am surprised that you are still finding the KAV monitor resource hungry.

    Another one to try would be AVK, which includes both the KAV and RAV engines. I believe Technodrome has recently purchased AVK! When my licence is due for renewal I will look seriously at both RAV and AVK again.

    The only person I know who posts here and uses RAV is Firefighter. Maybe he will be along to inform you soon.

    I would trial RAV and see how it sits with the rest of your system. In addition send their support people an e-mail ( after the holidays ) to see how fast they respond and what the level of expertise is.

    Detection abilities, speed of updating, compatibility with your system and support response are all very important with your choice.

    If you decide to go with RAV please keep us posted here as most of us would appreciate your feedback on this AV.

    Overall it is considered 'one of the best AV programs'.
     
  5. Patrice

    Patrice Registered Member

    Joined:
    Apr 15, 2003
    Posts:
    571
    Location:
    Antarctica
    Hi Karl_Menshy!

    I really doubt there is a AV-software which is good in virus & trojan detection. My opinion is, that a AV is made to find viruses and that a trojan scanning tool (TDS-3,...) is made to find and deal with trojans. There's no AV-software which can handle both in a satisfying way. If you look at their database, there aren't many trojans AND variants in it.

    If the AV-software is for your friend, then it should be something easy to use and reliable. Something like NAV 2003. Update packets are small and it even works automatically. Overall NAV starts three processes, which aren't that mem consuming.

    Best regards!

    Patrice
     
  6. Blackcat

    Blackcat Registered Member

    Joined:
    Nov 22, 2002
    Posts:
    4,007
    Location:
    Christchurch, UK
    I am no expert but I believe KAV and other AV programs based on the KAV engine have both excellent AV and AT detection abilities. Even the people who are behind TDS have stated this.

    In addition I believe that Kaspersky have a small team working just on the trojan detection part of the AV program.

    The few tests I have seen comparing both AV and AT software and trojan detection have placed KAV as the top program.

    If you want a single program which has a high trojan and virus detection rate go with KAV or one of its offspring programs e.g. AVK.

    If you prefer a layered approach to security go with separate AV and AT programs.
     
  7. Patrice

    Patrice Registered Member

    Joined:
    Apr 15, 2003
    Posts:
    571
    Location:
    Antarctica
    Hi Blackcat!

    I completely agree with your statement! KAV is a very good scanning tool, that's right! But unfortunately it takes a lot of ressources, that's why Karl_Menshy doesn't want to have it...

    Greetings!

    Patrice
     
  8. Paul Wilders

    Paul Wilders Administrator

    Joined:
    Jul 1, 2001
    Posts:
    12,472
    Location:
    The Netherlands
    Hi Karl,


    Although I'm in favor of the layered defense system as well,
    we recently have been testing RAV by request of the software company.

    You'll find the review (plus a link to screen shots) on our antivirus page. We've picked at random 2,000 viruses, very recent ones included, to test the software. In our view, it's an antivirus belonging to the top5.

    regards.

    paul
     
  9. Blackcat

    Blackcat Registered Member

    Joined:
    Nov 22, 2002
    Posts:
    4,007
    Location:
    Christchurch, UK
    If you rule out KAV, Dr Web and F-Prot, the only other AV programs I know which are 'supposedly' good at trojan and virus detection are;

    1. McAfee (bloatware?)- I had bad experiences at work with both v.5 & 6 but I believe the recent updated version is a lot better.

    2. F-Secure- no personal experience of this one but it is expensive.

    RAV may be your best choice overall.
     
  10. Patrice

    Patrice Registered Member

    Joined:
    Apr 15, 2003
    Posts:
    571
    Location:
    Antarctica
    Hi Blackcat!

    F-Secure is a very good AV-software, but unfortunately it's very mem consuming... At least seven processes are started and always running. That's why I changed to another AV-software.

    Best regards!

    Patrice
     
  11. Blackcat

    Blackcat Registered Member

    Joined:
    Nov 22, 2002
    Posts:
    4,007
    Location:
    Christchurch, UK
    Could not get into link for screen shots of RAV.

    Is site down or simply busy?
     
  12. Technodrome

    Technodrome Security Expert

    Joined:
    Feb 13, 2002
    Posts:
    2,140
    Location:
    New York

    Many of those processes are using 500 KB of memory or less on Windows XP systems!



    Technodrome
     
  13. Paul Wilders

    Paul Wilders Administrator

    Joined:
    Jul 1, 2001
    Posts:
    12,472
    Location:
    The Netherlands
    Mmm...something seems wrong with that server :rolleyes: - we'll look into that one. Thanks for pointing this out.

    regards.

    paul
     
  14. Patrice

    Patrice Registered Member

    Joined:
    Apr 15, 2003
    Posts:
    571
    Location:
    Antarctica
    Hi Technodrome!

    Yep, you're right, but look at NAV 2003. Three processes are started:

    ccEvtMgr.exe (320KB)
    navapsvc.exe (116KB)
    ccApp.exe (54KB)

    Still less than F-Secure... I prefer tools which don't start that many processes.

    Greetings!

    Patrice
     
  15. Technodrome

    Technodrome Security Expert

    Joined:
    Feb 13, 2002
    Posts:
    2,140
    Location:
    New York
    Hmm... Amazing numbers for Norton (I've never seen such a small numbers for NAV, not even in idle state) but every system is different. ;)

    Last time I check it was around 15 MBs (all together) on my system. But I don't consider 14 MBs of memory usage to be that bad.



    Technodrome
     
  16. Patrice

    Patrice Registered Member

    Joined:
    Apr 15, 2003
    Posts:
    571
    Location:
    Antarctica
    Sorry Technodrome!

    We are talking about apple and pears... It's my fault! I was talking about processes which are started on the startup (which slows down your computer) and you were talking about memory usage. The information you wanted to have, is the following:

    ccEvtMgr.exe (2'452 KB of Memory)
    navapsvc.exe (692 KB of Memory)
    ccApp.exe (6'596 KB of Memory)

    Allover is NAV using 9'740 KB of Memory. Let's say around 10 MB of RAM. I don't know how it is with F-Secure, because I deinstalled it a while ago. Would be interesting if someone could feed us with this information (process & memory).

    Best regards!

    Patrice
     
  17. Technodrome

    Technodrome Security Expert

    Joined:
    Feb 13, 2002
    Posts:
    2,140
    Location:
    New York
    Oh, ok! Got it now! ;)



    Technodrome
     
  18. Karl_Menshy

    Karl_Menshy Registered Member

    Joined:
    Apr 18, 2003
    Posts:
    135
    Thanks all for your input, it is much appreciated.

    Just a few additional thoughts about the replies:

    1) I agree with all of you that the KAV engine is the best overall av/at solution. No doubt about that. But the on-access monitor is way to slow. Especially when accessing directories with many files. Furthermore there is a severe incompatability with the monitor and certain UDF packet writing software. KAV monitor would block reading/writing to UDF formatted media in some cases. So I am very sad to say that KAV is no alternative for the scenario I mentioned above. I would recommend it as a backup for on demand scanning, but again, my friend is not overly paranoid and wants just one solution.

    2) I did download the RAV trial and so far it works great. But I found out about KAV/UDF after quite some time...so somtimes things show up after longer use only.

    3) I read the recent thread about Bitdefender with great interest. The VB track record is somewhat bad, but several other reviews suggest that the Bitdefender engine is on pair with RAV...so this one might be a candidate too. Will have to test the impact on access.

    Again, thanks for your opinions.

    Karl
     
  19. girobb

    girobb Registered Member

    Joined:
    Dec 16, 2002
    Posts:
    9
    Location:
    covington va
    I have been using rave for two months now, and I find it great. I download alot from Kazaa and it has caught every virus thrown at it. It is easy to config and is low on resources. I find it to give similiar protection as Kav, but without the resources that Kav uses. I have Kav on my son's machine, it is great also. I highly recommend it.
     
  20. xor

    xor Guest

    Yes and i tell you why:
    Explorer try's to get out the ICON of the exutable files -> means fileaccess from the system without doing anything.
    If you have many executables in one folder it does slow down. That's right.
    And thats why some AV's does catch viruses even if you only open a folder without "manual touch" of this file.
    This depends on the filter driver settings how to act.
    There are Kernel Mode Flags for (such as READ, QUERY etc.) and if the filter driver becomes such a event he send's data to a service (NT Service for instance) and via this Service you can communicate with a Win32 User Mode Application (The Scanner with unpacking support for instance).

    This means the files are scanned without a "human access".
    On a network drive it is more critical, the windows explorer has here the sad thing that he try's to reload (refresh) all times to show new files with icons.


    Michael
     
  21. Karl_Menshy

    Karl_Menshy Registered Member

    Joined:
    Apr 18, 2003
    Posts:
    135
    Michael, I am quite aware of that reason (earn my living with programming ;))...and about several others why KAV is slow. Thorough checking and some conceptional issues demand a lot of processing power.
    What I miss is an intelligent concept like DrWeb's smart mode, distinguishing between different file access types. For a "heavy" AV like KAV it would be a nice solution.

    Karl
     
  22. Jonas

    Jonas Registered Member

    Joined:
    Oct 30, 2002
    Posts:
    46
    Sorry to butt in, however i know no new AV's were asked to be mentioned but everyone has been talking about KAV and its memory usage along with its great detection rate, perhaps a compromise might be, as mentioned in other threads, choosing AVP from the swiss site, the great KAV detection rate and engine, same defs but smaller memory footprint. Its absolutly worth consideration, especially if you recognize KAV as a great AV. The Swiss AVP should run much lighter for you.

    Hope this helps.

    http://www.avp.ch/mindex.stm

    Peace,
    Jonas
     
  23. Graystoke

    Graystoke Guest

    Does RAV have an e-mail scanner for Outlook Express, POP3, and web based e-mail such as Hotmail? I didn't see any mention of it at their site. It only mentions an Outlook plug in.
     
  24. vrf

    vrf Registered Member

    Joined:
    Jun 10, 2003
    Posts:
    29
    RAV is not a choice. It was one of the best programs ever made in Romania but it has been bought by Microsoft. So there will be no more RAV soon, I'm sad to say that. Anyone buying it has no guarantee he'll receive the one year updates. Yes, it was a great program, and it was very sensitive. My internet provider here has RAV on its servers(and it's also the biggest mobile phone company in Romania).But RAV is now history, as far as I know, Microsoft wants to include an antivirus in its upcoming operating system so it bought RAV, in order to include it's technology in that future OS antivirus. Try whatever else, RAV is a thing of the past.
     
  25. illukka

    illukka Spyware Fighter

    Joined:
    Jun 23, 2003
    Posts:
    632
    Location:
    S.A.V.O
    hi
    i'm a rav user and a recent e-mail from rav confirmed me that support for rav will continue.
    overall performance of rav is great, depending on how you set the rtm up. it can be set up to slow you down. check the box with scan only extensions, and it will be faster
    the smart scan is very fast, fast enough to use it daily, once a week i do a scan with more thorough settings.
    it has an e-mail scanner.. pretty much everything that comes into your pc gets scanned...
    and it's good against trojans, with good unpackers and heuristics it has caught every trojan i have thrown at it.. but i still have trojan hunter to back it
     
Loading...
Thread Status:
Not open for further replies.