Discussion in 'other anti-virus software' started by Mina Guindy, May 11, 2002.
The german Antivir PE, does anyone use it?
any reviews about it in English??
thanx in advance...
personally, I haven't used Antivir PE myself. I believe somewhere else in this forum it was discussed and that it was the same product as AVX. Somebody correct me if I'm wrong !!
Anyhow, the reviews were not that favorable for that AV. If I were looking for a FREE Anti Virus, my first choice by far would be AVG. I think others would agree !! But it's a matter of preference Mina.
Here's the link to AVG AV....
good luck !!
AntiVirPE is not the same product as AVX. I personly do not like it. AntiVirPE has a lot of limitations. Poor detection of complex malware (f. e. metamorphic viruses are not detected), limitation in detecting polymorphic viruses. It has no heuristic (except a poor macro heuristic). Úpdating means that you have most of the times the whole program (4 MByte download) and a restart is required after updating. Other limitations are that runtime packers like upx are not checked and no check for malware in email databases.
For a free anti virus solution I only recommand F-Prot for DOS which is a little bit uncomfortable to use but has the better scan engine and a much better heuristic.
check out this older "security/antivirus string".
Also, isn't F-Prot for DOS an "on demand scanner only" ?? I have it as a backup and on a floppy !!
Also, antivir had (at least when I had it) a tendency to false positives. For a freebie I use AVG on my laptop.
F-Prot for DOS is on-demand only. But this does not matter. You have to be a little bit more carefull and scan all new files before you open them. Better a good on-demand as an average on-access anti virus solution.
So, why not both?
BTW, AVG might be 'average' (although I think that's strictly a matter of opinion) , but it does a lot more than F-Prot for DOS (try going into a hacker newsgroup with just F-Prot for DOS for protection and you'll see what I mean).
When we're talking about programs, I'm going to recommend the one that does more for the user without intervention on their part.
Does F-Prot for DOS provide any type of email protection?
How do you update F-Prot for DOS?
Do you really want to deal with an infection after it's happily residing deep within your computers guts, or do want something that's going to prevent the infection to start with?
That's why I think they'd probably make a pretty good 'team' instead of promoting one over the other. Pete
What has this to do with virus protection? I think visiting a hacker newsgroup has more to do with the save configuration of the newsgroup reader instead of which av software someone is using. BTW what does an on-access scanner do when a virus is not detected?
No really necessary when you use a 'save' email program. You can save the attachment and than scan it before you open it.
Downloading the new signature files and copy it into the f-prot directory.
On-Demand scanning does not mean to handle infections only 'after' an infection. It is the way you use on-demand scanner. On-Demand scanning means that you must have a little more discipline. You have to check every new file before you open it. That is the way how you prevent infections with on-demand.
Sorry, still don't agree.
People (in general) are extremely lax about security as re: attachment handling - if that weren't so, we wouldn't see the massive Internet-wide infections that we do.
In addition, what about emails that contain malware that triggers simply by viewing? Anyone who frequents a board like this knows that (a) you shouldn't be using a 'Preview' pane (if your email program has one) and (b) that their email should be handled in a 'restricted' zone of some type and (c) that their email program should be just as fully 'patched' and kept updated as their browser or OS.
The problem (and the reason for using an on-access scanner that's kept fully-updated) is finding protection for the people who either don't care/haven't learned about protecting themselves and others from the spread of virii/trojans/worms, etc.
A decent on-access scanner takes the burden off the user. They don't have to go thru the extra steps of separating the attachments and scanning them. They don't have to manually get updates and apply them.
Of course, neither AVG or F-Prot will protect anyone if they're not kept updated (at least AVG will automatically check for updates every day at the time of your choice if you set it up to do so - will F-Prot? ).
See, we're back to that 'taking the burden off the user' point again.
" On-Demand scanning means that you must have a little more discipline."
Uh-huh. With the Internet population as a whole, can you point me to where all these discliplined people are at? My point being, protection needs to be as automatic, un-obtrusive and as operator-friendly as possible - or people just aren't going to use it (or use it properly and consistently).
And look, I hope you don't think I'm knocking F-Prot, because I'm not. It's an excellent program for those who are discliplined and who will use it correctly.
Should everyone learn about and be interested enough in their and others freedom from malware to be able to effectively and consistently make use of a program like F-Prot? (Be 'more disciplined, IOW). Of course.
But is it going to happen? Looking at the millions of people affected by each new virus that takes off well (and the millions of dollars lost trying to 'fix' things afterwards) , I'd say the outlook's not good. Pete
Roughly paraphrased: You can lead a user to a terminal, but you can't make him think.
Hey Spy...You are exactly right. I can only speak as a consumer here. Developers shouldn't lose focus. I and a half-dozen people I know are all successful business types who are in the "almost know what we are doing on a computer." We use applications and are serious about protecting them. The only thing we're unanimous about is wanting to manually update - precluding the need to check what applications are calling out and why. Other than that, we all would pay four times the price for effective programs that handle other details.
I'm not an MBA, but if you do that and test the living heck out of it prior to release - to ensure profits aren't consumed chasing bugs, you could easily double net revenues - and get a better protected public. Configurability is actually a snag in the market perspective and stems from within the developer community and it's followers. Wonderful for all of you who dabble in it - but not really wanted by us folks with money to spend (7 voices speaking here). And don't get us wrong here...we know what is like to scratch for hard earned dollars - but the best programs seem underpriced and the mediocre ones seem over-priced. Best to you all - and thanks....Later, Rickster
what you recommand to the user is a nice gui which makes him feel save. On access scanning and automatic updates mean nothing if the av software is only average in virus detection.
So I normal recommandation is commercial av software as you get on-access scanning, automatic updates and very good detection rates.
So it's the user who should decide what kind of user he is. If he really wants a safe freeware solution on-demand scanning like f-prot does (btw daily updates and a 3rd party tool for automatic updates available ) and 'safe computing' are a better choice than a nice looking windows gui which provides a false sense of security. Even with AVG installed I would recommand safe computing, as AVG is not as good as other programs.
In this test some of the commercial av programs have been out-performed by free ones:
- 5490 Viruses - Bat, Boot, Com, Exe, Macro and Vbs
- 140 current ITW Worms
- 120 current ITW Trojaner/Backdoors
AntiVir looks pretty good, according to these results.
Never did try that one. Where's AVG ?
Can someone please explain why AV programs that do well in Virus Bulletin ITW tests (NOD32, F-Prot, etc.) didn't do quite as well here and why those that generally don't do as well in the VB tests (AntivirPE, McAfee) did well here? Thanks.
I'm sorry...when I said "here", I meant in Rokop tests.
Virus Bulletin testing only for ITW (in the wild) viruses.
They are not going beside ITW!!!
AVG served me excellently when I was using it as my primary AV on two computers (I'm using NOD32 now, but I still use AVG when dealing with email responses).
Real-life protection (of which I experienced many examples when I used AVG) mean more to me than any 'survey'.
Should my financial condition change, and I have to go back to using a free AV program, AVG will be the one.
Because it never let me down. Pete
Before reading the test you should take in concern the following issues. Which were partly also stated in the review. Technodrome has only taken the numbers.
First of all: Take for example the trojan detection: 99,2 % for rate for AntiVirPE looks impressive but is uselsess. Just take a simple runtime packer like UPX and redo the test. Result: 0% detection.
Second example: VBS detection. The main issue of VBS malware is that when a sample gets in ITW than a lot of variants appear because it is very easy for script kiddies to change the source code. Love Letter is a good example for this. Even this year new variants came out. So when taking a closer look to AntiVirPE you will find out that AntiVirPE has no vbs heuristic. That means while other programs can detect most variants with heuristics AntiVirPE needs to be updated each time.
And the story goes on: Macro viruses (I do not know if this problem is solved): AntiVirPE claims to have a macro heuristic. So I tried last year in a proof-of-concept to copy the source code of a simple melissa-virus variant (famous macro virus) into a new Office2000 document. AntiVirPE was enable to detect it. Further investigation took me to the point that it is possible to move the source code out of an old office document into a new one and than the macro virus can not be detected anymore by AntiVirPE. KAV for example can not be fooled with that. As I said before this problem maybe fixed.
But the greatest issue about the test was that it only uses old DOS viruses (many of them older than 10 years). DOS viruses can not infect windows files and most of theses viruses used in the test are not working anymore on modern windows systems. That is why some vendors already removed the detection of such old crap.
What is more interessting how the program could handle actual Win32-viruses. These viruses are much more complex than the old DOS viruses. AntiVirPE for example can not handle metamorphic viruses and also there are problems with polymorphic viruses. The test of Rokop-Security did not test polymorphic viruses as the viruses used in the test can not be executed anymore. See additional test notes.
So there are much more issues in anti virus software tests as the figures shows.
I am very curios to see this proof ?
What you said above is correct but this will not only effect Antivir....It will effect many other commercial products as well.
Correct. It is not a AntiVirPE related problem but AntiVirPE still has signatures that other vendors removed to decrease their signature files size. So the size of updates was never a matter for AntiVirPE. In most cases you have to update the whole program (~4 MByte).
A word in response to the original question from Mina about AVPE:
I have used Antivir PE for the last couple of years, supplemented by a stand-alone anti-trojan app, ZA Free and caution in general computing practice.
I have found AVPE to be an excellent piece of FREE software which has kept me safe from virus-infection.
It *is* subject to a few false alarms, and one *does* often have to download the full prog in order to update.
However, the latter point doesn't matter much to me cos I have a cable broadband connection and can download the entire file in a minute. As for the former, I'm prepared to put up with it from a product which I don't have to pay for.
Although I have lots of respect for the analysis and comment here at Wilders, most of it from people whose expertise is greater than my own, I must say that I have nothing but good to report about Antivir, and that I must dissent from the general Wilders opinion on Antivir, which is a real freeware goodie...
Nothing wrong with that; anyone surely is entitled to his own opinion .