AVG or SuperAntispyware

the paid version of SAS is worth every penney.

 

Hi duke1959

Without wishing to stray to off topic but somehow trying to encompass what you are now seeking.Here goes my spin on things from my own personal experience and acquired level of security knowledge.
First off i'm not a professional but an avid hobbyist,so i have no formal training in computer security and all is self taught by resources off the web and c/o personal experiences with malwares and security softwares.

Re AntiVir found a trojan that the other 2 missed,this can happen and will happen irrespective of the brands involved,3 possibilities exist for this scenario.

1)First off did the AV bust this *trojan* in realtime because an AV acts before a Botkiller when sniffing a file for known fingerprint as it enters onto a PC.As soon as the AV smells a baddie it triggers the alarm bells and the file is nailed at that point.If the AV was not in the equation and realtime botkiller was on patrol it would sniff the file after it had downloaded onto the pc before being able to sound the *alarm* on the malware.So in that sense if the AV has caught the trojan and stopped it there is nothing for the botkillers to detect.

2) The trojan fingerprint was in AV software but not in the botkillers database.This happens more than people would believe but is is a sympton of the malware problem on the WWW today.Here's the truth at anyone given time all the combined AV's,AT's and ASW's databases would not detect 100% of all the malware files in existance on the WWW period

Why is this.....because *new* stuff is being created virtually nonstop,some malwares might only effect 1 PC before polymorphing and changing its MD5 serverside for its next victim.It is a logistical impossibility for the 100% figure to be achieved,so all databases will miss stuff and all will find stuff.At the end of the day whether using heuristic detection or known fingerprint a signature based software can only ever detect what it is capable of detecting.This will always result in the potential scenario's of brand X catching something that brand y and z missed.

BTW i did use AntiVir PE for a while as an additional cleaning tool for Virii/worms(on demand) until 2 worms variants infected its executable files into not working.At that point it was SOS for the Kaspersky AV trial to disinfect the effected executables on the computer.So swings and roundabouts but again nothing is 100% bulletproof.

3) and finally the occasional False/Positive detection aka a false alarm which do happen and more so with heuristic's based softwares.

Back on topic to AVG vs SAS

I have installed both SAS free and AVG free on my collection computer,i do not need them to secure my PC but i use principally SAS to clean my computer which i intentionally infect with 2-8 unique malware infections daily inorder to collect new emerging threats and put up at MIRT(see link).My principal target infections are Vundo,LopC2,VX/CWS,Gromozon,Look2Me.Qoologic,free codec aka Morphin z-lob,and Wareout.

I intentionally maximize the attack surfaces inorder to collect a wider range of malwares so my use of the cleaners is just that(for cleaning)after i grabbed them bots & worms dropped .

AVG(& others) are there because i like to test them once in a while to see where SAS is at for comparitive in terms of overall effectiveness against the new stuff.For sometime now SAS has been outperforming AVG & many others in the detection and cleaning stakes against these malware infections.

I'm just a little shocked and somewhat dismayed at so called *experts* around the HJT training centres/help forums that still use AVG as a tool of choice for malware cleanups and still have to get the victim to download specialized tools such as ComboFix,SmitRem,WareFix,CWS Shredder,AboutBuster,PrevX Gromozon tool and VX killer into the equation because AVG has not suceeded in weeding out the respective infections.

Like i've said and as long as i am observing it on a daily basis,that SAS has a high sucess rate of ripping these infections and their entrails out of an infected machine,at least more so then AVG.They could make life easiar for themselves and the victims with potentially quicker clean ups and less posting/time& effor required in a clean up but then its not like there inundated is it

Before anyone takes exception to that last point of view please bare in mind that alot of the *canned* fix's/tools also utilize file identification based on signatures like the commercial cleaners and thus are only as effective as their latest revision allows.If they don't do it then you see the reg hacks or killbox coming out to play

I will and always stand behind the statement if you want to see how effective SAS is then let it lose on an infected PC,see what it eats and if your fammiliar with use of quarantine(restore the malwares to the computer)Reboot to allow malware infection to revive and test any of other cleaner <insert brand of choice here>.

duke1959

Applying the logic that a software can block or at least sound the alarm on malwares that it knows then SAS protection would in all theories be slightly more effective then AVG against emerging threats but that said i cannot confirm this since i do not test the Pro version.

Disclaimer
What i can confirm for thoes who don't already know is that any malwares/infections that SAS fails to clean during the course of my malware hunting for MIRT are submitted* directly to the NicK S @SAS and are added to the SAS database within 6-48hrs
*This will continue as long as Nick continues to provide a *free* fully functioning detection & cleaning engine
** and as if its not obvious i'm SAS free fanboy#1

 

both are good products. but avg did save my friends pc, he was infected with the following (i even posted in the ewido forums looking for help):
"Dropper.Delf.bw"
and
"Trojan.VB.aut"

they were causing his pc to display popups like mad and when i told him to update and scan his machine with superantispyware, nothing was found. i then told him to download avg antispyware and run a scan, it found those two virii and actually removed them (no more popups, although his taskmanager, right click context menus, regedit, and internet options were still disabled because of the virii).

 

I use AVG, but I also Have SuperAdBlocker installed as well, and I'm sure SUPERAntiSpy will concur with me that it has SUPERAntiSpyware Incorporated,and can be set fro Real Time Protection or as a secondary option, Personally I have both Active Real Time

 

Just to put a different perspective on things, the latest test results from Malware-test:-

http://www.malware-test.com/antispyware.html

 

By their own admission they used Honeypots/Honeynets as the sample sources for these tests, and you can see by the high-scoring marks received by the anti-virus vendors, most of the samples they used are/were viruses.

Their tests have been all over the board on each test set.

 

The one thing they are consistent on (with one exception) is AVG-AS (ewido) outperforms SuperAntiSpyware on these tests. People may wish to factor that into account before going overboard on fcukdat's admittedly amateur observations. The argument is not all one way traffic!

 

Ewido "outperforms" SUPERAntiSpyware on this round. They (Ewido) are now owned by AVG, an anti-virus company, so it would make perfect sense that their defintions are stronger against viruses with AVG's definition set in addition to the Ewido set. On most of the previous tests, something out performing by a few % means nothing as the data set is so small, meaning 5% on 100 samples, is 5 samples or registry keys.

Malware-Test.com's tests are pretty much bogus - they are not testing against real "live" infections, they use old definition sets, etc. I don't think any product gets a "fair shake" in their tests. They don't differentiate between harmful components and errant registry keys or data files, etc.

I wrote a blog on the subject of testing methodology here (for those interested):
http://superantispyware.blogspot.com/2006/09/importance-of-testing-methodology.html

On the previous round, SUPERAntiSpyware clearly outpeformed Ewido on their tests as shown below:

12th Round (November 21, 2006):

Cleanup Success Rate for Entry-based Viewpoint:

‧PC Tools Spyware Doctor: 49.64%
‧F-Secure Internet Security: 44.53%
‧Norton Internet Security: 40.88%
‧Ahnlab SpyZero: 40.88%
‧SUPERAntispyware: 40.15%
‧Microsoft Windows Defender: 39.42%
‧Trend Micro Anti-Spyware: 37.96%
‧Agnitum Outpost Firewall Pro: 33.58%
‧ZoneAlarm Anti-spyware: 31.39%
‧Computer Associate Anti-Spyware: 30.66%
‧McAfee antispyware: 29.20%
‧Webroot Spy Sweeper: 27.01%
‧ewido anti-spyware: 25.55%
‧Lavasoft Ad-Aware: 21.17%

The bottom line in all of this, is that no single product will ever be "best", nor catch everything on a given day. Ewido is a great product and SUPERAntiSpyware often catches items they miss. Layered protection is the only way to catch a vast majority of the spyware in today's world.

 

Why thank you for the bouquet

I clearly state my observations are not tests but actual usage against very current infections sources with very current malware samples in reallife cleaning scenarios(ie active malware infections gathered daily).

Here's some pointers
http://www.castlecops.com/f269-Malware_Listserv.html

I have posted 500+ malware samples since MIRT was created.Quite possibly MIRT's most prolific malware uploader alongside Nossirah for sure).This computer is getting hosed 2-8 times a day,i don't use VM because certain new evo's of malwares refuse to come out to play in VM enviroment.I don't use rollback/imaging since a certain CWS/VX component was coded to bork hal.dll into borking a system with imaging switched on.I don't slave a second drive.I use my *amateur* head and *amateur* tools

All recovery is c/o my cleaning tools listed here
https://www.wilderssecurity.com/showpost.php?p=909549&postcount=905
and occaisionally a manual hack when they fell.BTW just because someone is not employed by a security vendor dose not equate to a lack of knowledge with reguards to cleaning infected machines effectively

My obsevations are not *tests* but relaying of information from the frontline as such dealing with previously stated infections in an earliar post on a daily/bi daily basis.

I cannot reference *legacy* malware since i do not infect my machine with old stuff nor can i reference a comparison in realtime protection between the 2 to some accuracy because i use niether for realtime protection.

FYI I have never labelled Ewido/AVG as bad infact the opposite and if you see any of the malware help postings i do around the forums you'll find that i usually give 2x links to Botkillers and guess what...AVG free is the second link for some unknown reason

I hope that explains more of my *standpoint* and how i have arrived at my observations/conclusions are based on very *current* infections and why i formed my *amateur* opinion of which was the best of the 2 for me

HTH

 

I totally concur with Lucas1985 - 'nuff said

 

For added protection I use both...on demand scanners for free.

 

SuperAntiSpyware Pro you will NOT regret a penny !!!

 

I run both as full time. They do not conflict, and since I have lifetime licenses for both it is not costly.
If I HAD to choose I would choose SAS to go with KAV, and F-Secure on the two machines.

Best,
Jerry