antivirus tests

Discussion in 'other anti-virus software' started by sofasofe, Dec 20, 2003.

Thread Status:
Not open for further replies.
  1. sofasofe

    sofasofe Guest

    anyone have test results of latest test by www.virus.gr ??

    Im buying AV software and i wanna buy best AV by them!

    thanks
     
  2. sir_carew

    sir_carew Registered Member

    Joined:
    Sep 2, 2003
    Posts:
    884
    Location:
    Santiago, Chile
    Hi,
    I personally think that the most antiviruses test sucks. The best is that you take time, and Install the AV that you like, probe it, the performance, updates, etc and decide what is the right choice for you.
    However, I personally recommend the following AV:
    -NOD32: Use low resources, the heuristic is one of the best, available in many languajes, good features, quick scan, the incoming mail scanner is excellent, it work as winsock level.
    -KAV: Good detection rates, the best in this, heuristic so so, daily update, normally 2 per day or more, available in several languajes, good support, but if you plan install it, I recommend a good computer, 564 ram or higher, it AV use many resources than any other!.
    -McAfee: Good heuristic scan and highly effective.
    -Dr.Web: Light on resources, good heuristic, good detection rate.
    I hope that this info will help you.
    Regards.
     
  3. wizard

    wizard Registered Member

    Joined:
    Feb 9, 2002
    Posts:
    818
    Location:
    Europe - Germany - Duesseldorf
    You might want to have a look into this threat:

    http://www.wilderssecurity.com/showthread.php?t=17092

    wizard
     
  4. Chuck57

    Chuck57 Registered Member

    Joined:
    Sep 2, 2002
    Posts:
    1,422
    Location:
    New Mexico, USA
    I can vouch for Kaspersky using a LOT of resources. I recently broke down and got their v4.5 Personal Pro and can't do anything on my box while it's running a scan. I've got a 1.3G Athlon processor and 512RAM.

    I've scheduled my weekly scan for late in the evening, when I'm finished using the computer. I'm still trying to figure out all the things this version can do. I'm impressed but think I could have saved a lot of money by going with the Personal version. This one does a lot more things than I'll ever use.
     
  5. Buddel

    Buddel Guest

    This is also my opinion. There are many good AV's out there, but not all of them may run smoothly on your computer. I personally like KAV very much, but my computer seems to be unable to cope with this "resource-hungry" AV. Therefore, I do hope KAV 5.0 will cause less problems.

    I also think that NOD32 is pretty good, but the Eset folks shouldn't rest on their laurels. This AV still has many weaknesses. Anyway, if Eset improves both their AV and their support, NOD32 may soon be as popular as other leading AV's.
     
  6. wizard

    wizard Registered Member

    Joined:
    Feb 9, 2002
    Posts:
    818
    Location:
    Europe - Germany - Duesseldorf
    I don't think Eset does that. Development goes on and on and don't forget that they released this year a major program upgrade with massive improvments compared to the previous version of NOD32.

    I don't say NOD32 is perfect (no av is that) but I don't think that there are "many weaknesses" left. Maybe you can give a list of what is in your opinion missing in NOD32 to be a "leading av".

    wizard
     
  7. Buddel

    Buddel Guest

    When I said Eset shouldn't rest on their laurels I was thinking of their support in particular, which, IMHO, has not always been that good. In order to find out about NOD's problems, just read the threads in the "official" NOD32 forum. There you will find the problems encountered by many people (well, I'm one of them). Some problems: shutdown protection, trojan detection, scanning inside SFX archives etc.

    I do think NOD32 is a promising AV, but in my opinion, it does not (yet) belong to the leading AV's such as KAV and McAfee. Nevertheless, if both NOD32 and Eset's support improve, I'm sure NOD32 will soon be a top-notch AV.
     
  8. wizard

    wizard Registered Member

    Joined:
    Feb 9, 2002
    Posts:
    818
    Location:
    Europe - Germany - Duesseldorf
    Let's see
    a) shutdown protection: not really necessary. If NOD32 picks up malware before it executes there is no way for the malware to shut down NOD32. And if malware bypasses NOD32 than you have to worry about much more than just that your av software is not shutdown

    b) trojan detection: agreed, but this counts for nearly all antivirus programs except of those KAV-based ones.

    c) Useless. If you start malware that is inside a SFX archive the malware has first be unpacked somewhere on disc before it really be executed and that's when the on-access scanner AMON catches the malware - early enough.

    wizard
     
  9. Buddel

    Buddel Guest

    a) shutdown protection
    I think it is necessary. Yes, if NOD32 picks up malware before it executes, there is no way for the malware to shut down NOD32. But: what if NOD32 fails to detect it?

    b) trojan detection
    You are right: I was thinking primarily of KAV-based AV's.

    c) scanning inside SFX archives
    It's not useless in my opinion. You are right again: AMON will catch the nasty as soon as it is executed. However, I would like to know that there's crap on my computer before it is executed.
     
  10. wizard

    wizard Registered Member

    Joined:
    Feb 9, 2002
    Posts:
    818
    Location:
    Europe - Germany - Duesseldorf
    Let's try an example: NOD32 (with assumed shutdown protection) fails to detect malware. NOD32 keeps happily running while malware does damage to your computer or steal your data.

    NOD32 (without shutdown protection) fails to detect malware. The malware shuts down NOD32. You are warned that something is wrong with your computer and can take counter measures.

    But anyway in both cases: Sh*t happend and there is no gain by having a shutdown protection at all.

    At the moment I know only one av program that comes close to what you want: KAV. But still KAV does not support all kind of intallers or sfx-packers, archives and so on. At the end also KAV relies on one single technique: wait untill the file is unpacked and stop the malware from execution. So personally I think there is no much gain from this kind of feature from a security point of view.

    The "cost" for that fantastic feature of scanning in all kind of installers, archives and so is that KAV uses a lot of resources and the scanning speed is extremely slow.

    Don't think that's the way Eset should follow. I hope that they will keep the approach on focusing on the real points that are important for security and keep NOD32 fast and resource light.

    For those who want all archive scanning features they better stick to KAV anyhow, as Kaspersky is in these areas of unpacking/archive scanning miles ahead of nearly everybody in the av industry. :)

    wizard
     
  11. Buddel

    Buddel Guest

    Couldn't agree more. :)

    Anyway, I still think shutdown protection is important (even though there may be more important things to implement into NOD32 at the moment):
    If a virus which NOD32 is capable of detecting simply shuts down this AV, my data will be damaged because NOD32 is unable to block it. NOD32 knows this virus, but it just cannot stop it from getting on my system.
    However, if a virus which NOD32 is capable of detcting is blocked by this AV through shutdown protection, my data may not necessarily be damaged because the virus cannot get on my system.

    I don't really care how much time an AV needs to scan my computer as long as it scans it thoroughly. What's the use of a "Formula One AV" if it fails to detect malware on my computer?

    The fact that NOD32 is very "resource-friendly" was the main reason for me to have a closer look at this promising AV.
     
  12. wizard

    wizard Registered Member

    Joined:
    Feb 9, 2002
    Posts:
    818
    Location:
    Europe - Germany - Duesseldorf
    If NOD32 detects a malware it stops it. There is no way for malware that is know to NOD32 to execute (and therefore to shutdown NOD32) except of two cases:
    a) the user allows the malware to execute
    b) the user executes the malware without having AMON running

    wizard
     
  13. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    5,648
    Location:
    Hawaii
    DrWeb is pretty good at this, too, isn't he, Wiz?
     
  14. wizard

    wizard Registered Member

    Joined:
    Feb 9, 2002
    Posts:
    818
    Location:
    Europe - Germany - Duesseldorf
    I agree, not as good as KAV in this field but overall there is nothing bad to say about DrWeb. :)

    wizard
     
  15. IBK

    IBK AV Expert

    Joined:
    Dec 22, 2003
    Posts:
    1,818
    Location:
    Innsbruck (Austria)
    Hello all,

    just a little hint: starting from February 2004 there will be a new source for AV comparatives ;-)
    About 10-12 of good AV products will be tested.
    I will let you know the link as soon as the webpage is online.

    Regards,
    Andreas
     
  16. bigc73542

    bigc73542 Retired Moderator

    Joined:
    Sep 21, 2003
    Posts:
    23,873
    Location:
    SW. Oklahoma
    I keep hearing how good kav is but in every test I have seen there is another av that is always tied or beats kav. It is mcafee virusscan. I know a lot of people don't like it but the fact is it is a very good av. Here is a screen shot from a rokop test taken 08/24/03
     

    Attached Files:

  17. sir_carew

    sir_carew Registered Member

    Joined:
    Sep 2, 2003
    Posts:
    884
    Location:
    Santiago, Chile
    The rokop test are bad. Rokop's people don't use the extended bases for KAV, if rokop people was used the extended kav bases of kav, kav will be the winner, moreover the rokop test don't use the advanced heuristic for nod, and I don't believe that the NORTON AV detect more than NOD, it's impossible, I've been using NAV with large years, and the "heuristic" joke called BloodHound jajaja is useless, it don't detect any mass-mailing, p2p, vbs, and others worms that McAfee and NOD detect proactively.
    I've VBS.Cling, KAV detect proactively as Type_Script, NOD (with normal heuristic) as Probably new Script Virus, and dr.web as Probably new script virus.
    Please, is impossible that NAV detect more than NOD. LOL.
     
  18. bigc73542

    bigc73542 Retired Moderator

    Joined:
    Sep 21, 2003
    Posts:
    23,873
    Location:
    SW. Oklahoma
    Hey I am not a av tester and they are Maybe they do it right and maybe they don't but I will not claim to know more than they do. I do not base my trust in a product from one groups test. I take rokops test for what it is,one groups test but the results are interesting, Kav ,nod, mcafee I don't believe there is a (best) av they all have benefits and weaknesses. Like I have seen it said here on the forums a dozen times if it works for you then at the time it is the best for your situation but because it is the best for you you can't try to tell someone else that it is the best for them to. It just wont work that way. For a while the etrust armor free av and firewall was the hot thing. I know that it is not a bad av at all but it would not work on my comp's configuration so it was not so good for me. And maybe it worked perfect for someone else. It just goes to show you no matter where you go there you are. Which means there is no end to the question which is the best. :D
     
  19. sir_carew

    sir_carew Registered Member

    Joined:
    Sep 2, 2003
    Posts:
    884
    Location:
    Santiago, Chile
    I'm agree that no av is the better, but exist some Antiviruses that really are bad, here are my fundament, because my opinions and fundament are based in my own experience:
    I've a .AVC (AVP/KAV bases), it's a old interesting a proof-of-concept viruses made years ago, but not detected by some AV, including NOD and NAV, KAV detect it as Trojan.Hoho.a
    I send it to Symantec and Eset. Eset was add it as Hoho.A and Symantec answer me: The file is clean!, what type of ignorant do Symantec have?, maybe the "best" antivirus don't exist, however there are many BAD antiviruses, and one of the best example is Symantec.
     
  20. Buddel

    Buddel Guest

    I agree, but what happens if this virus shuts down NOD32 before this AV can detect it?

    I'm just thinking of some dialers which had and perhaps still have the ability to shut down certain anti-dialer programs. These dialers simply killed these programs, so that expensive numbers could be dialled. If these programs had had better shutdown protection, this would not have happened. So if a virus simply kills the NOD32 process before this nasty is detected, my computer may get infected. This is the reason why I do think that shutdown protection is important.

    Nevertheless, NOD32 is a good, promising AV. I have been using it myself for a couple of months and I still like it. Perhaps it is not as good as KAV-based AV's, but if you are looking for an AV that is both light on resources and reliable, NOD32 is definitely a good choice.
     
  21. sir_carew

    sir_carew Registered Member

    Joined:
    Sep 2, 2003
    Posts:
    884
    Location:
    Santiago, Chile
    >I agree, but what happens if this virus shuts down NOD32 before this AV can detect it?
    If NOD32 detect a certain virus, AMON will stop the virus before the virus can shut down any program, damage the pc, etc. the only problem is what happend if a dropper, kill the nodkrn.exe process and drop a know virus, in this case, NOD will not detect the known dropped virus.
    >Perhaps it is not as good as KAV-based
    KAV-bases AV are good detecting "known" viruses, however the KAV heuristic isn't good, and in this case, NOD is much good than KAV, so KAV is better than NOD only detecting old known viruses, and not newly worms.
     
  22. Buddel

    Buddel Guest

    Hm... this is not the experience many other people have made. o_O I can't confirm this either.
     
  23. wizard

    wizard Registered Member

    Joined:
    Feb 9, 2002
    Posts:
    818
    Location:
    Europe - Germany - Duesseldorf
    I can't agree to this statement. ;)

    In this special case KAV would not have been "better" while using the extended signature bases. Compared to McAfee KAV just missed one or two packer/crypter in this test.

    No it's not. Depending on whatever is in the testset or you can let every program look like the winner or the looser. ;)

    wizard
     
  24. illukka

    illukka Spyware Fighter

    Joined:
    Jun 23, 2003
    Posts:
    633
    Location:
    S.A.V.O
    regarding shutdown protection there's a nice feature in kav: when a nasty tries to shutdown kav(avpM.exe) it will display a message in control center: dangerous situation, process ****** tries to shut down anti virus monitor.. so although kav is generally unkillable, the user is notified..
    now do you listen ESET folks?

    kav heuristics bad? i can't confirm that either.. perhaps not the best(that would be nod or dr web), but it is good believe me
     
  25. Buddel

    Buddel Guest

    Would be nice if there was such a feature in NOD32, too.
     
Loading...
Thread Status:
Not open for further replies.