Think I've finally decided what antivirus to use...

It was tough. Really like alot about both Nod32 and Kaspersky.

In the end though... I think I'm going with Kaspersky this round.

What can I say love their ultra fast signature updates and though I only ran a trial of version five... I really like what I'm hearing about the proactive defense that version six features.

These two things coupled with the fact that the heuristics engine is supposed to be improved later this year, to go along with already top of the line sigs and proactive defense, were enough for me to decide it was the one.

I'm only getting it for the one year license as opposed to the two year license. I say this because I want the option of switching in a year to be open, especially if Nod32 version 3 ends up blowing everyone away.

I tend to do the same thing and only get one year licenses for my firewall purchases as well. This way if in a year from now I'm no longer pleased with Zone Alarm Pro, I can switch to Outpost or something similiar.

Even though it ends up saving money buying two year licenses, I'm willing to pay a little more.. if it means I'm not stuck with something.

 

Congrats. You won't be sorry. Go with KIS, it's smooth and really does it all.

 

Why the hell are people talking just about file heuristics? And why the hell is then PDM used for? To scratch my back? Yours maybe? No. It's designed to detect unknown malware. And what else is this than heuristics?
I already look stupid because i keep repeating this over and over again...
They already have killer response times and hourly updates, PDM just fills the gap between hourly updates. And from what i've seen it's very effective.

 

Hi, why u just want to impose ur choice and thinking, every one is free to think and post

 

Yeah, and that's exactly what he does.

 

No, i'm yelling all the time that PDM equals heuristics.
People just think that checkbox with text "Advanced Heuristics" in NOD32 is the only thing out there and they are treating KAV6 like it doesn't have any form of advanced proactive/heuristic detection capabilities. Those new file heuristics scheduled for Q4 2006 are just a small addon, basically just for file servers and email servers where PDM does nothing against malware due to it's nature of detection. PDM or Proactive Defense Module does majority of the heuristic detection on the end user level and is probably far more effective than any other heuristic detection method.

 

I don,t think there is any need to yell for this. Adter all, u are not the creator of KIS or NOD either. Time will tell every thing clearly.
Just wait.

 

Lol and since i'm not the creator of KAV or NOD32 that automatically makes me stupid or what? Belive me, those more techy know quiet a lot about technologies used in AVs even though we aren't it's developers.
Biggets problem is that ppl still think KAV is just a fancy hourly updated AV without any real heuristics like NOD32 has. Looks like Kaspersky Lab will have to hype their PDM a bit like ESET is doing with their AH all the time for everything. Maybe then people will finally get it that KAV6 also has powerful heuristics...

 

The "problem" is here that it's very time consuming to test such things. That makes it more difficult for testers to give some statement how efficent this works since you have to start the malware to see how the defense behaves like. This is completely another story to the on-demand scanning and counting the heuristic detections. Example: If there is one rule changed (maybe because it produced too much alerts) then usually you would have to start testing from scratch. Now i seriously doubt that someone who just started 12.000 trojans manually (there is not really another way for the testers without any special tools) would like to restart over just because a rule was changed. Most likely he will not even notice that something has changed since he's still starting samples. As for all things in life (except beer) it's easily to avoid things. Same for heuristic detections. But it is somehow more difficult, not excluding but more advanced, to fool a real behavior blocker. Mainly because of the reason that a malware doesn't matter with what it's packed or crypted still behaves in the same way as the same unpacked/RAW sample. In the way of "If it looks like a duck and if it makes the same noise and sound as a duck we'll shot it down" regardingless which color it has.

 

Yes, testing is difficult (ask IBK about it hihi), but that doesn't change the fact that it can detect malware in the end the same as with regular on-demand enabled heuristics (just on different level, users aren't quiet familiar with it yet). And as you said yourself, one big advantage is immunity to crypters and packers. It usually always stops here with all sorts of on-demand enabled heuristics if you cannot properly decrypt or unpack the file. But not with behavior blockers (the duck example).

For example i don't care much if it's detected when it enters my PC or when i try to execute it. As long as it gets detected i'm fine with that.
I'm not running file server or email server so On-Execution only heuristic make no difference to me. Now if i take KAV's already excellent unpacking engine, seriously rapid updates and in the end behavior blocker and pack all this in one packet you get quiet powerful punch as result.
Especially because PDM rules can be updated on the fly along with signatures. More malware you get, more exact and aggressive can detection be. It's almost like spam detection based on bayesian filtering, just with exception you're here monitoring files and not emails.

 

Holy thread derailing.

 

Did you look at any other AV's such as AntiVir Premium or BitDefender? Did you consider Prevx 1 for your main AV/anti-malware?

Good luck with your choice.

 

Does it really matter to the end user "how an av detects malware" as long as it does?
Surely what REALLY matters is that whichever av you or I choose to protect our data is that it does protect it and not the method it uses!
Who cares whether its a PDM module,heuristics or sigs(or even magic!!) as long as it works

 

I rather think the PDM in KAV/KIS v6 is more of a behaviour blocker, which is really a form of heuristics I guess, but at the end of the day it is proactive protection, an added bonus to the regularly updated signatures.

 

I've noticed how most or all of the antivirus companies (e.g.: Kaspersky, Eset, F-Prot) are vastly enhancing their products (this year).

I can predict I will have to do a change soon. (One AV might attract me more than another )

It's great to have a choice.

 

There is a vast array of high quality anti-malware products to chose from. To extol the virtues of one over another as if it were your nation's World Cup entry is ludicrous. We should count ourselves fortunate there are such choices. So there.

 

Good post.

I have not figured out why when someone has some criticism of a particular AV, some act as if their mothers had been insulted. It's just software, and one should not be married to it.
"We pays our money and takes our choice."

Jerry

 

That still doesn't change the fact that KAV6's PDM is indeed a heuristic engine...

 

Decided to test KAV for a while and uninstalled NOD32.

I like how it monitors critical areas and its accessible GUI.

It is VERY light on resources in comparison to version 5, and so far, so good

With its Proactive Defense, I can see how KAV would stop spyware from loading on startup and such.