Why those big three are so lazy in updates?

It's very difficult to catch a PC bug if you're an informed PC user. My system has only intercepted one bug over the last six years. Remember, anti-lock brakes isn't going to benefit an experienced driver as much as a student driver.

The biggest problem with NAV is the subpar reliability of the LiveUpdate module. If LiveUpdate breaks, then the program is NOT receiving new virus def. That's how many NAV protected PCs got infected.

Frequent updates provide several benefits...
1. Keep the update small (important if you're a dialup user)
2. Provide the MAXIMUM protection for novice PC users
3. Let the user know that the update module is working

The ONLY reason why some companies do not provide daily updates is because of the cost of additional infrastructure to support the additional bandwidth traffic!!! Money, $, $$$.

If you're paying good $ for an AV solution, then you should expect the manufacturer to update the AV definition file as it becomes available. Those companies that publish weekly updates are gambling on the fact that your PC will probably not come across that "esoteric" PC bug.

Want more proof about the power of advertising? One will find BOSE audio in many mainstream electronic stores. BOSE audio is crap. There is NO discount. There is no official frequency response chart from the manufacturer. You get a 2.5" paper cone midrange/tweeter. The paper bass driver is untreated and is surrounded by foam that will rot in about 10 years. Yet people still believe that BOSE speakers represent a good value.

In my opinion, BOSE is the SYMANTEC of speakers. Many informed audiophiles believe that Paradigm speakers are #1 when it comes to price and performance. So what is the Paradigm equivalent in the AV business? Go with Avast Home if you want a FREE solution. If you can fork over $, then purchase McAfee Corporate or NOD32. McAfee Corporate is the established standard in many large US corporations.

I don't believe there is a BAD AV solution. However, if you're going to spend $ for an AV, then you might as well purchase one that will give you the most performance.

 

Well thats not exactly true. My causing doesn't know much about PCs and he was using Norton 2004, had problems all the time with malware.
Then i gave him avast!. Problems narowed down but still not ok. Then i gave him KAV5 and ever sisnce then, his PC is completely clean.
I also replaced his browser with Firefox...
My other causin used my McAfee VSE 8.0i and he also had stuff on machine (although i wonder how that even happened). Now he's running NOD32 now and everything is fine so far.

 

Many of them are just from people like me who submit new samples to see what if any scanners are detecting as malware. I have to humbly take issue with your presumption that the scanners you name are so markedly superior in detection to the Big Three, they aren't. And all scanners have f.p.'s too, so one cannot take Jotti's as Gospel.

 

I've heard that all before and reject your experience as being normative for everyone else, it surely doesn't apply to my experience. I have tested on a gigabyte of collected samples and I think I have a reasonably good idea of what is detecting what. Fact is, those scanners you name are not that markedly superior in detection. You may have encountered some anomaly but the Big Three scanners are not as bad as folks like you try to say they are .. I'm not saying your experience is invalid, I'm saying it is inconclusive and cannot be made normative for everyone else {like myself and BigC} .. no offense.

 

I agree, Randy. Personal experiences & anecdotes are largely a waste of time when deciding upon an AV program. A person is far better off to invest 5 minutes in reading objective test results, such as those at AV-comparatives, than wasting time in reading subjective/anecdotal stuff like "he said; she said."

By actual test Norton & McAfee are at the top. Neither of them is my *cup of tea* ( I am a DrWeb aficionado) but they are superb AV programs.

 

If VirusTotal scans are about on the same level than Jotti's, there are so about 1500 malwares per day, quite many!

I think that only KAV can compare to the Big Two IN THE LONG RUN, but before that even those Big Two users have got infected more likely than by using one of those I just mentioned before in this kind of hopeless surfing as I do.

Best regards,
Firefighter!

 

I don't really care what "scientific" malware database checks say. I was watching The Realworld situation which couldn't get any more real than that. Word ItW is a ***** compared to this. It doesn't matter what it was, all it matters is that it was there and it was some sort of malware. I know from my point of view.
I use NOD32 and its superior heuristics don't help me as much as to someone who use POP3 based mail client using mail service without any scanners and who might get all the mass mail worms there is. I use NOD32 because it's fast, it has all i need and detection is far from bad.
I'm on GMail and i haven't seen anything malware like for ages (it's a year and a half now). Just few spam mails here and there. In such cases KAV is better than anything else. Also that "Kaspersky is adding trash" bullshit doesn't exactly fit into my way of understanding. If ESET guys say that for defense, fine. But basically i really don't care (i'm completely neutral about this statement). If it's trash, even partial and non working. Why it should be there? They don't seem to have any problems with database maintaining so i can't argue with their way of malware adding and detection.
Response times, updates frequency and very good unpacking support makes it a real challange to others for years.

What you meant with "those scanners you meantioned aren't that great"?
avast! is no worse than Trend Micro. KAV is ultimate AV for years. And i can say the same for NOD32 2.5 which is a real detection devil in the last 6 months or so.

Hey i haven't made that one up. It has been proven over and over and over again that KAV is excellent in all areas. Same goes for NOD32 which is proving with every and each worm outbreak that it's extremely capable of detecting new threats + comparison with old database entries for modified stuff.
Anything new for Norton? Well i haven't heard and seen anything specially since year 2000. And guess what, scanner is the same except it has nicer interface and more processes. Sure it detects more than before but nothing too impressive. McAfee is another thing. Leave alone the Security Center thing. They at least provide daily updates (thats something), they tend to use generic detection whenever possible and their heuristics aren't that bad (although some tend to be packer based only). Thats a bigger improvement.
Or for example Panda. Sure it's heavy, but look what they managed to create if we look back? TruPrevent is very effective, their anti-spyware capabilities of detection and cleaning are excellent. But yet everyone say wow when Symantec finally integrated spyware detection into on-access. Wow, avast! has been doing that for ages, same for KAV. But no, Sym needed 3 revisions to get that (2004 was first with spyware detection,2005 was just an upgrade and they finally got it in 2006). Thats slow and not impressive don't you think? So yeah dumping NAV and installing KAV for my causin solved the problem. It's as easy as that. Rocket science free solution

 

KAV is very good, but it is very slow with older PCs. NOD32 is almost transparent, from 500MHz up to the latest custom rig.

 

Yeah NOD32 is really light. But KAV 2006 is like day and night compared to KAV5 speed and memory usage wise.

 

Hi Randy Bell. Are you using NAV 2006 yet? If you are, can you confirm if it updates daily, including weekends, through LiveUpdate? I've read conflicting stories, and since you are the NAV expert, I figure you would be the one to ask.

 

Hi GrayStoke, I have been conducting "business as usual" since I upgraded to NIS 2006 and have not utilized the daily LU that others talk about. Since I am Updates Forum Helper, and I usually post the NAV IU -- I have continued to download the IU and sometimes I get the rapidrelease definitions too, because I submit a lot of samples which when the closed ticket returns from SARC, can only be detected in rapidrelease. For people who have broadband {fast connection} and want HOURLY updates, there is a batch file program which can be put in the Task Scheduler to d/l rapidrelease every hour. So I would say that NAV users can update as much as they want, although practically speaking, dialup users will only use the LiveUpdate {LU} facility. I will look into the "daily LU" option in NAV 2006 and PM you rather than make another post here. HTH ..

 

For the personal user I think it all boils down to what works on the individuals' system, and most likely what the individual can understand. I know from my own experience that over the years I have learned much, but I still am smart enough to know that I have many more questions. I also now have come to the conclusion that some of this stuff is nothing more than hype. Does it work well on my system, does it detect what it should, does it clean the detected items has become the criteria for me. Trying to determine these factors is not that easy either, so again "safe computing" is still the best policy.

Thanks
Wildman

 

The problem is most people like you that have nothing good to say about Nav are usually the ones that don't use it and just go along with the flow following the self made av guru's here that have nothing good to say about any product except the one they like and expect everyone to like also. Nav has improved their product greatly in the last couple of years. It works very well it install well and it will uninstall very well if needed. According to these av gurus nav's detection sucks. Well the first site they usually quote as having the best test results and the best testing practices is AV-Comparatives. They don't like VB where Nav has almost an equal testing result history as Nod32. Well they ought to look at the testing results at their testing site and actually look at the detection percentages and then come back and make up another excuse as to why Nav is supposed to have bad detection. They can come up with their excuses as to why they think Nav sucks or Mcafee is no good or why TrendMicro is really bad. The fact is these are very well made av's that work with very little problems and that actually have good detection rates and do protect your computer very well. In the last fifteen years or so the only internet bourne malware I have ever had was when I was running Nod 32 so hueristics don't impress me that much. Kav does pretty well with just mediocre huesterics, but a good sound defination base will never be replaced with hueristics.


That is enough said from me, so you can make up your own mind and just hope you made a good choice, it is up to you.

bigc

 

Straight from the horses mouth. Take a look here.

LiveUpdate
Virus definitions are offered through LiveUpdate on a daily basis for these products:

• Symantec AntiVirus Corporate Edition 10.x

• Norton AntiVirus 2006

• Norton Internet Security 2006

Yes GrayStoke,
You can get daily updates.
I get them myself.

 

OK thanks hardyhar, saved me some time and PM to GrayStoke.

 

My pleasure.

 

I've had more malware on my computer running avast/nod32 than running trend, I'm no av-expert but I think most people who bash norton/mcafee(which is dumb since it's very, very good) and trend just panic when a dropper gets on thier system.

To this day, I'll use fprot over most av's with the exception of kav/mcafee/panda. I think most people who complain about norton don't even run weekly scans on their computer. To me, all av's has the ability to let something past the RTM, it's the On demand that really counts when it comes to catching malware.

Since most use Norton and most complain that it's crap that's really my only understanding of this problem, also I think that no all myoualware is bad malware, some just drop into your computer and do nothing, or drop and activate when another program is activated by that time a av should be able to catch it.

I can understand total crap like avg or quickheal....fine but norton isn't a bad av and mcafee is in no way possible a bad av, it's number #2 right now and no one with common sense can really deny that. Signature detection still destroys good heuristics anyday...maybe in the future that will change...

If you watch porn, mp3, warex, cracks then god help you, NO AV is going to offer you decent protection with that stuff.

I use Trend Micro and I just got my second upgrade within 10 minutes, it warned me of a new worm and upgrades def again, I like that, that's really all I need.


If

 

You call AVG "total crap"! Would you like to tell us why you think that is true? You know I have had my say about AntiVir, but at least I tried to tell why I thought that way, so please do the same in regards to AVG.

Thanks
Wildman

 

I really would like to know all the In's and outs about this testing stuff. Perhaps one of you could take us through the process. I am not so sure that relying on the results of tests can be depended upon, so educate me please.

Thanks
Wildman

 

Thank you Randy Bell and thank you hardyhar for confirming that you get daily updates through LiveUpdate. That is good to know.

 

Bigc, i don't care about VB100%. And especially i don't care about NOD32 VB100% awards. I'm well aware that there are other products like Kaspersky,McAfee,Norton, F-Prot and lets say Norman that have a very very good VB100% track record. But hey, thats just a logo. Thing i care more were those detailed reports available for certain tests. Limited though, but still.
I'm also well aware of NAV track record and i was even using NAV from version 2000 till 2005. Thats 5 years. And nothing really serious happened and i was kinda very happy with NAV2000 through 2003. Things went down with 2004 and up again with 2005. But i learned there are other AVs too and that was the point where i left Norton. But who knows, maybe i'll someday use NAV2007...
My causin was also using NAV2004 and it was about to expire so i gave him avast! 4.6. But nothing unusual was happening on his PC. Same now when he's with avast! (he doesn't know too much about PCs and malware but he listens to me and learns fast about these things).
But i noticed Sym doesn't impliment anything really interesting or improve anything drastically (feature wise). avast!, Kaspersky, AntiVir, NOD32 etc are constantly evolving while NAV and to some degree McAfee too are almost hibernating (although McAfee at least upgrades their engine with noticeable difference compared to older one). Ok, Sym added Worm Blocker which is usually more an annoyance than protection and spyware detection but i don't know, thats nothing really new for 5 years period. Processes number is just increasing and trust me it's nothing worse than opening Task Manager to check something and you have to search for regualar processes betwen all those "sym*" named ones.
At least i can say Trend Micro improved significantly since their earlier versions.
Their latest Internet Security suite offer many new features that older didn't have. Detection is still not exactly what some might expect from TOP3 AV but ok...

 

I partially agree with that, and partially disagree. Based on my own "in the real world experience", I'd say that a lot can be prevented by a consciencious consultant.

There are some preventative measures that I install on my deployments. I take the time to be "pro-active". I do not deploy any workstation or server to a client until I install every single windows update, and among the other nice touches I do such as install various utilities, I also slap in Spybot, updated and immunized, Adaware, updated, before I became a NOD32 reseller/user, I'd also put in SpywareBlaster, updated and protected. Also CCleaner. Google Toolbar to help cut down on the innocent clicks on popups which may lead down a bad path. Microsoft Antispyware too. Besides all the other little installs like the latest Adobe Acrobat, Quicktime, Macromedias, Java, etc. Plus every Office update. That's why I charge 4x hours minimum just to install a workstation (unless they buy workstations in larger numbers)

Each time I visit my clients, as I sit down at each machine to do whatever...I'll take an extra minute or two to update the utilities I've installed, like Spybot, etc.

Compare my networks, with typical users, for one year, against the network of some other shoemaker consultant who just takes the computer out of the box, sets it up for the client without windows updates or other measures of protection...at the end of that years that person network health compared to mine. I've seen it with my own eyes, I've seen other peoples networks..and it seems to me they seem riddled with problems which I without question feel can be easily prevented by the extra steps I take.

What's that saying..."An ounce of prevention is worth a pound of cure?" It's especially worth it for me...I make more money doing bigger projects, it's a waste of my time to go to a clients to go mop up a simple adware infestation.

I agree, you cannot make it 100% bulletproof. But you can still arm it with a decent amount of protection to make it quite resistant.

 

@YeOldeStonecat: That's Great, kudos to you for being conscientious to install those security measures for your client workstations etc. that is commendable!

@RejZoR: You have a point about Symantec needing to improve in certain areas; however they have added {which you didn't mention}:

** IM protection {MSN, Yahoo, AIM} -- implemented with 2003 and higher engines.

** realtime scanning of compressed files [including runtime compressed] -- implemented with 2004 and higher engines. also,

** more runtime packers [unpackers] included, starting with 2004 and higher engines.

** improved alerts and aggressive response to adware-spyware and other nonviral security risks -- implemented with 2006 engine, [and of course expanded threats were introduced with 2004 and higher}.

** daily LiveUpdate -- implemented in 2006 version. Of course the manual daily IU and manual hourly beta [rapidrelease] has always been around for all versions still covered by virusdefs updates {2000 and higher}.

I would like to see SARC improve the submission system and response time to new submissions.

 

It's a good question...
I sent virus samples to antivirus companies and some (Symantec, Trendmicro, Grisoft and other) only add to database 1, 2, 3, 4 weeks later... while Kaspersky, eScan, Dr.Web, Antivir in some hours...
I think it's very important to an antivirus software.
Today I send the samples to eScan (cause I use it) and Kaspersky. Maybe Antivir and Dr.Web.

 

I think that in most cases those people who had submitted samples to an av-vendor, have already encountered problems. It's simply a pure customer underrating or just this quy who submitted these samples were only breaking off the daily golf session of the employees in the av-vendor?

Best regards,
Firefighter!