AV tests effecting personal setups

Discussion in 'other anti-virus software' started by Kees1958, Dec 1, 2008.

Thread Status:
Not open for further replies.
  1. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    Hi all,

    After reading the AV comparatives retrospective test and the discussion it triggered, I wondered how those test impact personal set up decisions. Reason for doing so is that most Wilders members have a layered security setup, this impacts the valluation of for instance the effects of false positives. Also most members adopt a specific security philosophy, which impacts their choices in setting up the different elements of their indivual security components.

    We often discuss our opinions without explaining our motives for stating so. I think that is a pity because a pro versus contra discussion loses some of the insights without knowing the phylosophy of the debater.

    I value other members opinions when I can relate to their motives. Therefore I am opening this thread with a statement followed by a motivation in regard to my choice of AV.

    Statement 1
    When a HIPS is allowed to trigger a pop-up, leaving the decision to the user, why is the REAL TIME HEURISTICS of my AV NOT allowed to issue a pop-up (including False Positives).

    Motivation 1
    I have setup Avira free to check only at writes (the new arrivals) of executable (smart) like files. For this purpose I have set the heuristics to high. I would like to keep my harddrive as clean as possible. On execution containment is in my case not handled by my AV, but is taken care of by my HIPS.

    Summary 1
    So I would like the detection as high as posisble, because my AV tackels new arrivals, a false positive does not ruine/deletes an old valuable executable. My HIPS also throws the occasional FP (on execution), I do not mind this either.

    Statement 2
    When doing a full scan I do not like FP of my AV, because it effects all my files, I do not want a FP to quarantaine a critical executable when it is not infected. Therefore I have set my Avira HEURISTICS for scan to LOW.

    Motivation 2
    Recovering from a FP can be a tedious process, because it can cause non-functioning of the OS or heavily used aps. Becasue I a full scan for a backup, I have to relay on the image to be backed up next. After image backup I recover from a previous (current - 2) image, check it with mu updated AV with heuristics on low, assuming the time difference has reduced the chances of zero day malware not being recognised by my AV.

    Summary 2
    For full scans I would like high detection with the lowest possible false poistives.


    What is your usage and ergo opinion of detection and FP rate?
     
  2. Boost

    Boost Registered Member

    Joined:
    Feb 2, 2007
    Posts:
    1,293
    Everything on my Avira free setup is set on high,period.

    I do not get false postives either :D

    It scans on read and write as well.

    No worries,no problems on my end.
     
  3. doktornotor

    doktornotor Registered Member

    Joined:
    Jul 19, 2008
    Posts:
    2,047
    It's a matter of ratio (missed malware vs. FPs). If I get one FP every couple of weeks, I couldn't care less. If I'm bothered several times a day, such product is unusable for me. If a product has zero FPs but fails to detect half of the malware that it's equally useless for me, it's like having a broken car that refuses to start half of the time.

    Otherwise:

    1/ For realtime filesystem protection, never allow any product to delete something without previous backup (quarantine). Why? Well, e.g. losing a XX megs of zipped backup with all your precious documents just because the AV vendor is having a bad day completely sucks, ditto for unbootable system. For one I'd prefer to have a separate setting for dealing with stuff identified by heuristic detection and the overhyped "in-the-cloud" stuff (as opposed to signature-based detections) but I don't recall any AV product offering this off hand.

    2/ For email scanning, just wipe the thing and stop bothering me. There's enough junk in my mailbox as it is so if someone sends me sucky attachments or fishy HTML content, they are out of luck.

    3/ Not really a big fan of those HTTP scanners, they tend to slow things down and cause various compatibility issues, this is something I can live without for sure.

    4/ I don't use the scheduled full scans at all, consider this a waste of time. Something sitting on your HDD without doing anything poses no threat and active malware should get picked up by the realtime protection. If I want to scan something, I'll scan the particular file/archive with a right-click scan, no need for an AV to crunch all the cruft on my drives every night or whatnot.
     
  4. RejZoR

    RejZoR Registered Member

    Joined:
    May 31, 2004
    Posts:
    6,426
    Well, usually i decide between avast! and AntiVir. First one because of features and uncrippled detection, features and contact with devs, second for brute proactive detection and updates frequency but dislike it because it lacks spyware detection and has to be hacked to makde it half useful.
    AVG is just out of the option. Crippled in all directions and still very mediocre.
    But in the end i always return and keep on insisting on avast!.
    It simply works the best, has loads of features, good detection and i always have their devs there to ask anything i want. It's really not something you have chance to do with McAfee/Symantec or other big corporations. And thats what's making avast! my favorite even if its raw detection is not the best of the best.
     
  5. Onslaught3566

    Onslaught3566 Registered Member

    Joined:
    Nov 23, 2008
    Posts:
    14
    Avast is great I recommend it to anyone that needs protection and does not want to pay.In my opinion it is the best free antivirus out there.Even better than some paid.I use NIS 2009 as my main software but I really like Avast and they just keep improving everyday.
     
  6. pbw3

    pbw3 Registered Member

    Joined:
    Nov 12, 2007
    Posts:
    113
    Location:
    UK
    Interesting angle!

    My motivation is driven by a practical need for flight of foot / lightweight usability. Primary use is work / with data back up, say rather than entertainment etc. Surfing tends to be relatively benign (and careful), and I don't load new software too often. Known source e-mails in and out (and with data files) and occasional client USB file transfers (for larger data volumes) - generally from corporate networks - are the other key "vulnerabilities".

    In all these years, I have never actually had any kind of virus alert on any machine of my own (ignoring FP's) - but then, unlike some of you guys, I don't go looking (the only threats have occasionally come from the security software packages themselves...).

    Hence, blistering detection rates on the AV are not as crucial to me as they will be to some - whereas lightness, lack of bloat, lack of FP's, and reliability, are all things that are important to me if I am actually going to run with an AV. As long as detection rates are pretty good, that's great; but for me detection is not the overarching criteria that it would be for someone who was regularly being infected or warned, and hence where 99% really might possibly make a difference over 98% or whatever (assuming of course that reported signature percentages are genuinely relevant to real day to day usage / exposure).

    Also, after reading lots on here, am starting to realise how many other possibilities exist (HIPS / BB / virtualisation etc) compared to what used to be considered traditional; I suspect that will impact my motivation re AV in due course? The most difficult call sometimes seems to be judging how much of all of this threat is actually genuine, as opposed to product sales hype.

    Peter
     
    Last edited: Dec 12, 2008
  7. progress

    progress Guest

    Avira Free has a very good detection, but there is no antispyware modul and I had a lot of problems with the updates :ouch:

    Avast and AVG Free both have spyware detection and there are no problems with the updates on my machine. Avast has an antirootkit modul and AVG Free has the very nice linkscanner feature. So I had to make a decision: AVG Free! The GUI is much better, Avast reminds me of a labyrinth with old menue style :gack: If Avast would change the GUI up to date maybe I would use Avast.

    Now I'm using AVG Free + antirootkit tool (F-Secure Blacklight or Panda Anti-Rootkit) on all my machines :-*
     
    Last edited by a moderator: Dec 9, 2008
  8. Dark Shadow

    Dark Shadow Registered Member

    Joined:
    Oct 11, 2007
    Posts:
    4,553
    Location:
    USA
    1.I like and use Nod32 because its impact on my system is bearly noticeable making it worth the extra layer of protection.

    2.I have Nod32 security at its maxed security settings for its full potential as long as there is no adverse effects.

    3.I am not bothered with false positive on a continues bases while still providing very good protection.

    4.All though AV testing doesn't influence my final decision of a product its nice to see it will compete no matter what the outcome.

    5.I like Nod32 because it normally gets along with everything running along side it,at this point.

    6.The updates Go quick and smooth.

    7.I can uninstall and reinstall any time with out a hitch.

    8.If It does detect something false,It allows my to restore it to its orginal location.

    Antivirus test do not effect my set ups,but what does effect my set ups is any antivirus that cripples my pc No matter what its detection ability is.Hypothetical IF it was a 100 percent detection but sloowed do my pc to a not enjoyable experience or conflicks with many other programs then it renders useless,and leaves little room for expansion to security.
     
    Last edited: Dec 11, 2008
Loading...
Thread Status:
Not open for further replies.