Discussion in 'other anti-virus software' started by hckyo, Sep 23, 2010.
Can't agree more with you!
Note, I do agree with you. Having two real-time AVs can or probably will, at some point, cause problems. But, aren't those problems prone to occur only if both are set to automatically clean the system? Would the same happen if both are set to prompt the user for an action? (Which should be the default behavior, considering false positives that could lead to damage the O.S itself, if detecting and killing some O.S important file/process.)
I consider that having two real-time AVs set to only alert the user and not to clean/kill/quarantine anything, would be the same as being verifying the system with two on-deman antimalware applications at the same time, wouldn't it?
I never took a deep look at antimalware applications, because I mostly make use of what the O.S has to offer me; so, it would be interesting to know what would be the behavior in the scenario I mentioned: both defined to only alert the user and not do any other action until the user decides what to do.
Edit: By the way, when I previously mentioned two AVs, I was strictly considering the hypothesis of a hybrid one, real-time protection by one and web protection of one other, if the other one lacks it, or if not so great.
No doubt they should spend that time!
However, just as a comment in my personal security policy
"block by default, allow by exception" a few FP's is no reason to panic or reject a good AV product.
The product should find the FP and notify user via pop up.
The pop up should allow user to accept, delete or quarantine the exe in question.
If the system now becomes unstable (not good) it should allow user to put the FP back in it's rightful location.
If that fails I simply restore the os C partition and off I go again.
I'd rather have the odd FP than a product that accepted too many parasites while desperately trying to avoid FP's.
It's a question of management of these FP's when you hit them.
That sounds like the best solution to false positives, giving a notification and a choice on how to handle it. Do any of the top AVs do it that way?
Well I think avira does that for users. I use Nod32 here is some data from their help on the matter:
I know that Avira has an option to "Deny access to file" which blocks the file from loading in the memory but doesn't quarantine it or delete it.
Avast has an option for "No Action" which will ignore the detected file and allow it to load into your memory. Of coarse in order to avoid future notifications on both, you have to add the file(s) to the exclusion lists. You need to go into the advanced settings and select the default actions in order to be able to select an option. Most AV's default setting are configured to quarantine (move the chest or virus vault) by default.
What I would love to see in all AV's is the option to "Report False positive and ignore detection of the selected file in question" all in one setting.
Most AV's make it difficult to report false positives and add them to the exclusion lists.
AV-comparatives released the results for a single product test. Qihoo 360 scored 99.2%
That is something to take notice about. I suppose no one here has used it yet?
I wouldn't know. I haven't been here in a while.
Qihoo's numbers are identical to eScan's. They probably using the same engine.
Let's not take this thread Off Topic. That product is posted here:
AV-Comparatives: Qihoo 360 Antivirus 1.1 On-demand detection test
Please continue the Qihoo discussion there. Thanks!
Thanks for the information on how Avira, Avast and NOD32 handle false positives, useful for me as these are the 3 AV's I've been using the most lately.
Removed Off Topic Posts; not related to ronjor's Post.
me too same of you im happy coz avira & avast & nod32 doing good
I'm puzzled, since none of these 3 products are in your signature?
Separate names with a comma.