Antivir hyseteria

Discussion in 'other anti-virus software' started by maddawgz, Sep 3, 2006.

Thread Status:
Not open for further replies.
  1. maddawgz

    maddawgz Registered Member

    Joined:
    Aug 13, 2004
    Posts:
    1,276
    Location:
    Earth
    hi all I've noticed afew ppl dropping there's Avs' including me for Antivir understandibly scores better then avast ...... i didnt see Trend on the Comparitives site, ...... thanks
     
  2. kdm31091

    kdm31091 Registered Member

    Joined:
    Jul 18, 2006
    Posts:
    365
    What is your question?
     
  3. Stefan Kurtzhals

    Stefan Kurtzhals AV Expert

    Joined:
    Sep 30, 2003
    Posts:
    701
    I guess he wants to know how Trend Micro did/would score in the test. They don't want to participate, like Sophos. My guess is that their results would be a problem to explain to their customers.

    I know the virus.gr test sucks, but just ignore the "heuristic testing" part of it and look at the rank table covering normal malware detection. It pretty much represents where I would place various antivirus programs currently. And yes, I know, the collection the virus.gr guy uses is crap and full of garbage.
     
  4. pykko

    pykko Registered Member

    Joined:
    Apr 27, 2005
    Posts:
    2,236
    Location:
    Romania...and walking to heaven
    As far as I've tested and heard Trend Micro has poor detection rates for Trojans/Backdoors and Exploits. About Sophos I don't know. I had never tested it.
     
  5. maddawgz

    maddawgz Registered Member

    Joined:
    Aug 13, 2004
    Posts:
    1,276
    Location:
    Earth
    thanks that was my question ...thanks for answering but i do like Antivir free cant belive it so light..thanks for the pop up fix to ! ....MD :D
     
  6. lodore

    lodore Registered Member

    Joined:
    Jun 22, 2006
    Posts:
    9,006
    about the lightness i cant belive it eiether i got it on a budget laptop £350 and it doesnt slow down at all
     
  7. maddawgz

    maddawgz Registered Member

    Joined:
    Aug 13, 2004
    Posts:
    1,276
    Location:
    Earth
    lodore ru running free? i tried the preimium but the free seem's better as far as light? told all my AVG friends to swap over... And its saved my hiney today 3x ....from some webpages trojans..... Impressed.....wonder if the one with firewall will be as light? MD

    in the free version in Expert Mode do i need the Win32 Heurtic ticked or leave it at Macro Heuristic
     
    Last edited: Sep 6, 2006
  8. Stefan Kurtzhals

    Stefan Kurtzhals AV Expert

    Joined:
    Sep 30, 2003
    Posts:
    701
    Turn on the heuristic, even level 3. If you find something, don't delete it. Move it into quarantine and use the send function to send it to Avira for analysing. If it's a false positive, I can quickly adjust the heuristic.

    Also keep in mind that the heuristics must be enabled for each on-demand and on-access seperately.

    BTW, have a look at http://www.virustotal.com - HEUR/ in the statistics is AntiVir's heuristic.
     
    Last edited: Sep 6, 2006
  9. maddawgz

    maddawgz Registered Member

    Joined:
    Aug 13, 2004
    Posts:
    1,276
    Location:
    Earth
    wow that's some detection in virus total..thanks turned on the Win32 file Heurstic at high detection level would that slow things down or not really ? ..... i can always check it.in quarantine any other settings in need or that's pretty much it....... cheers MD
     
  10. Stefan Kurtzhals

    Stefan Kurtzhals AV Expert

    Joined:
    Sep 30, 2003
    Posts:
    701
    No, it won't slow down the scanning down.
     
  11. trjam

    trjam Registered Member

    Joined:
    Aug 18, 2006
    Posts:
    9,057
    Location:
    North Carolina
    They are putting together a great product with a firewall and antispam. This is going to be one product that all of you are going to want to keep a close eye on. They are, (dead) serious, about becoming one of the top 3 choices in reliable security.
     
  12. Stefan Kurtzhals

    Stefan Kurtzhals AV Expert

    Joined:
    Sep 30, 2003
    Posts:
    701
    trjam, we are not *that* fast. ;-)
     
  13. trjam

    trjam Registered Member

    Joined:
    Aug 18, 2006
    Posts:
    9,057
    Location:
    North Carolina
    Time will tell, but impressive so far.
     
  14. SSK

    SSK Registered Member

    Joined:
    Nov 28, 2004
    Posts:
    976
    Location:
    Amsterdam
    How many of these "HEUR/" detections are valid, and how many are FP's?

    (No bashing intended, just interested! :) )
     
  15. Stefan Kurtzhals

    Stefan Kurtzhals AV Expert

    Joined:
    Sep 30, 2003
    Posts:
    701
    I can't tell how many of those are FP, I don't have direct access to the VT samples - yet. I guess there are some false positives, there was a bump in those after the release of engine 7.1.1.11 last week. But the number of files I get send from support or directly via heuristik2 account went down already.

    Most people don't enable the heuristic (it's off by default) so the feedback is kinda low. :(
     
  16. RejZoR

    RejZoR Registered Member

    Joined:
    May 31, 2004
    Posts:
    6,426
    But why is disabled by default? Wouldn't it be better to use Medium heuristics sensitivity and provide quarantine with automatic submission of heuristic detected samples. I mean you have strong heuristics but they aren't used at all by default. It's like throwing away all the potential you have (or for example like NOD32 with by default disabled AH or BitDefender with by default disabled B-HAVE or Norman with by default disabled Sandbox...). So if you have it enabled you detect more stuff you get more samples, you can finetune heuristics, you again detect even more stuff and you lower the number of false positives. It's a logical thing, only problem is to decide when to start this since you'll certanly have problems at beginning, one or another way. But over some period of time you'd certanly get results from this process.
     
  17. Stefan Kurtzhals

    Stefan Kurtzhals AV Expert

    Joined:
    Sep 30, 2003
    Posts:
    701
    Rejzor, I fully agree with you, alas it is not my decision to make. Also, the AntiVir GUI has currently no good mechanism to exclude files from heuristic scanning in case false positives happen.
     
  18. FastGame

    FastGame Registered Member

    Joined:
    Jan 15, 2005
    Posts:
    677
    Location:
    Blasters worm farm
    Stefan, maybe its time to move on, Avast is one Kurtzhals away from being awesome, maybe F-Prot has an extra Inspector cap, that has a nice ring to it...Inspector Kurtzhals :)
     
  19. RejZoR

    RejZoR Registered Member

    Joined:
    May 31, 2004
    Posts:
    6,426
    Hehe, i wouldn't mind such heuristics in avast! :D
     
  20. pilotart

    pilotart Registered Member

    Joined:
    Feb 14, 2006
    Posts:
    377
    Just experienced my second FP (third if you count the PandaScan in AntiVir Version 6).

    Stefan has very quickly Updated my system with New Heuristic Search Engine, (avewin32.V7.01.01.14) so a rescan is clean now.

    I had always kept the Detection Levels set to High for both Scanner and Guard, this latest detection was apitrap.dll from an old CleanSweep Program.

    As soon as the 30AUG Update loaded new avewin32.V7.01.01.11, the Guard had Frozen my system and blocked a restart at the point of AntiVir loading, resulting in a completely blank desktop until entering Safe mode
    and (after system scan) resetting Guard's HUER to Medium. Malware no longer detected by the Guard and System Operation completely normal, with no freeze. (Uninstalling CleanSweep had also stopped freeze)
     
  21. pilotart

    pilotart Registered Member

    Joined:
    Feb 14, 2006
    Posts:
    377
    exclude files from heuristic

    Stefan,
    Thank you for the new edition of your marvelous Hueristic Search Engine less than one day after my submission of the old file in question.

    "...no good mechanism to exclude files from heuristic scanning..."

    Would that not be what [​IMG]
    this would be used foro_O?
     

    Attached Files:

  22. Stefan Kurtzhals

    Stefan Kurtzhals AV Expert

    Joined:
    Sep 30, 2003
    Posts:
    701
    pilotart, of course you can exclude files using that dialog. But I don't find it very intuitive. A normal user won't even find that option dialog. I want an exclusion option in the "found something" dialog window, including an option to exclude a file from heuristic scanning only.

    False positive or not - the system should not freeze because of the alert. :(
     
  23. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    What pop up fix u are talking?
     
  24. lu_chin

    lu_chin Registered Member

    Joined:
    Oct 27, 2005
    Posts:
    294
    I think he was referring to avnotifier in Antivir Personal Edition.

     
  25. lodore

    lodore Registered Member

    Joined:
    Jun 22, 2006
    Posts:
    9,006
    woops i knida forgot to anser i am running the payed version on the laptop and i think it runs lighter
     
Thread Status:
Not open for further replies.