AV unpackers, KAV resources, KAV v. 5 and other questions

Discussion in 'other anti-virus software' started by halc, Sep 3, 2003.

Thread Status:
Not open for further replies.
  1. halc

    halc Guest

    I have a few questions about various software I'm not using myself:

    1) Why do people think that unpacking security in AV software matter?

    If the program is extracted anyway before running, then shouldn't all anti-viral programs catch the unpacked virus anyway at that point when it's unpacked?

    At least this would seem logical to me for normali archive type packers, I*m not so sure about run-time (exe) packers.

    2) How resource hungry is KAV (latest stable release)?

    Compared to say NOD-32 v2 which is my current choice of AV and which I find personally VERY light on resource use (that is, it's very good).

    I remember trying to use KAV years ago and it was painfully slow in scanning and hogged quite a lot of my subjective system speed.

    Is this still an issue for gamers and hardcore users?

    Resource hogging is also the reason I gave up on NAV when 2002 version came out.

    3) Any information on KAV5?

    I've heard about KAV5 and was wondering if it's due to come out soon and issue any of the problems (if any) with current version of KAV?

    What are the developers promising or does anybody have beta experiences?

    4) KAV Virus bulletin track record
    KAV seems to have somewhat spotty virus bulletin track record, but it scores very well in many other non-pro and pro tests (at least this is the indication I have gathered).

    Can anybody explain this to me in simple terms?

    I'm really eager to know, as my NOD-32 license is up for renewal, but some recent tests indicate that there might be even better choices (in some regards better at least) out there.

    I'm not necessarily looking for any additional new features, just fast speed, little effect on resources and as wide detection capabity of both trojans and virii. I also run TDS-3 as my AT, so any AT performance is an added bonus.

    cheers,
    Halcyon
     
  2. wizard

    wizard Registered Member

    Joined:
    Feb 9, 2002
    Posts:
    818
    Location:
    Europe - Germany - Duesseldorf
    For archive unpacking I fully agree. There is no real need. It is a nice to have feature but no real need. But the story looks different if we are talking about runtime packed or crypted files. These will be automatically executed and only unpacked in memory. So for file scanners (and that is what most AVs are based on) there is no chance to detect a packed trojan (except of the fact of course that the scanner might include the signature of the packed variant as well).

    Compared to NOD32 KAV uses more resources. But it is hard to compare because KAV will scan more archive types and unpack far more *.exe files.

    KAV 4.5 heavily improved in terms of speed compared to previous KAV 4 versions

    There is no fixed release date for KAV 5 yet. Rumors say that the beta is planned for November....

    To understand fully why a program scored 100% or not you have to the articles from VirusBulettin. Most of the time I had a change to figure out why KAV missed it was always hard on the edge to 100%.

    Depends on what your preferences are: If you want to have an av that can handle backdoor trojans as well without running an additional AT software then a KAV based product (KAV Personal, AVK or F-Secure) would be the right choice.

    But if you prefer to have an additional AT program running next an av there is currently no other av scanner that has as many advantages as NOD32. :)

    So if you are running TDS-3 already then the choice should be easy: just take NOD32. :)

    wizard
     
  3. Stranger

    Stranger Registered Member

    Joined:
    Aug 31, 2003
    Posts:
    9
    Here's a list of several avs that have small footprint, quick scan speed and incorporates balanced virus and backdoor/malware detection:

    Kasperky's Avp 3.5

    RAV - came closest to the balance that Avp achieved and in addition is compatible with Win xp.

    Command Antivirus

    F-prot

    Dr. Web.

    Others - maybe be heavy on system's resources and have large footprint plus slow scan speed:

    Kav 4.x

    AVK

    Mcafee

    Escan

    :)
     
  4. octogen

    octogen Registered Member

    Joined:
    Feb 11, 2002
    Posts:
    212
    Would NOD32's AMON and BOClean be considered "true" memory scanners?
     
  5. octogen

    octogen Registered Member

    Joined:
    Feb 11, 2002
    Posts:
    212
    After reading the description of NOD32 on this site, I've concluded that AMON is a true memory scanner...or did I misread? I am not sure about BOClean, though.
     
  6. wizard

    wizard Registered Member

    Joined:
    Feb 9, 2002
    Posts:
    818
    Location:
    Europe - Germany - Duesseldorf
    NOD32 scans not the complete process memory like (some) AT programs do.

    BOClean claims to scan process memory.

    wizard
     
Loading...
Thread Status:
Not open for further replies.