Avira woes

Don't get me wrong, but I am trying to keep Avira on my system. I'll also add that I am incredibly picky and critical about software that doesn't function like I want them to. And to all who have read my previous posts, you'll probably also note that I really hate any, and I mean any, system slow down at any level of using a computer.

Just a quick question about Avira. Has anyone noticed with Avira guard on:
"For some reason, Avira makes my system "not" idle and thus C:\WINDOWS\Prefetch\Layout.ini seems to take about 5-6 hours (of supposedly idle time) before "updating/defragmenting". No problems with NOD32 or Comodo Antivirus, where it only takes about 10-15 minutes idle time before Layout.ini updates".

Also, opening Avira GUI is very fast, but not as fast as opening NOD32 GUI or Comodo GUI. Needs improvement. That's right...it's a very competitive field out there Avira!

Those are the main complaints for now.

And before I get bashed on this forum, let me say that Avira Free is one of the best AVs out there! Phew.

 

shades of a v/s b v/s c..........but avira takes the about least time...effort and reources to keep a sys clean and kick malware's.......bu....thats the most imp job of an av...imho..

 

well......i am coming from the viewpoint of an ex kis2009 and bitdefender user ... with bitdefender the only thing idle in my sys was bitdefender...and kis has a tool to clear prefetch..but kis 8.056+ was erratic ever now and then it raised its hands saying databases corrupted........so imho i find avira v9 security suite quite light on sys resources...........but that's my personal view.........no idea about cis......i used nodv4 but it deleted firefox and that was it........so see i hv had many woes........too

 

I'll just add that as a hobby malware finder/tester that Avira is way up there with detections but there are way way better security options than any AV can provide.

Sandboxie, Returnil, Defensewall and Shadow Defender would be the best around.

 

agree here,antivirus is a thing of the past

 

Nope, you are a bit wrong here. The real problem with anti-viruses is misusing. AV marketing people promote their solutions as the first line of anti-malware defense as it were before, but, nowadays, the first line are behavioral-based solutions.

 

Frankly, I'm not impressed with Avira Free's BASIC anti-spyware.

You'll have to pay to get the FULL anti-spyware protection.

avast! Home has a better spyware detection rate IMHO, comparable to the paid version.
And that gives you a better sense of security, since spyware is more rampant than viruses these days.

 

may i ask what you are basing this on? avira free and premium run the same engines for scanning, well done for trying to turn this into a A vs B argument but anyway i dont know how you can say avast home has better than avira free when ALL tests prove that avira free does better, has less fps and scans faster.

 

Avira. Pretty small resource usage. Pretty simple interface. Pretty good price - free. Pretty good detection rates, depending on who or what you believe. A pretty little umbrella icon ... no, just kidding about the icon.

Antivirus today, like Avira, being so small on resources, can be employed to help find problems that it can deal with. It is not a cure-all end-all tool. It does one thing (Avira) for me, it finds problems that it knows how. I employ other methods to safeguard myself, but definately have found Avira to pipe up from time to time, just as it should.

You can throw AV away, not use it, and be fine. You can also keep a light one, knowing what it's job is, and still be fine. I prefer to use it because it is no detriment, even if it is not the swiss-army-knife that so many other tools aspire to be.

I have not seen, on XP, the problem you describe, with the latest freeware version.

Sul.

 

Much as I like Avast, in every tests done, Avast doesn't come close to Avira's detection, be it spyware or malware and I mean this for free Avira.

The Avira GUI may not be fancy or fast but heck, as an AV it outdetects all including paid ones and that to me is the only criteria for a AV and nothing else.

 

Yeah Avira indeed detects quite a lot, especially unharmful exe-compressed files which contain no treat at all. Every compressed executable is being flagged as "infected" by Avira Antivir.

 

"every" ? lol.

I have seen this happen on some. Far from every though. Want to know where it happens most? Game cracks. So funny, when I go to a LAN party sometimes you can hear all these beeps from different computers, mostly when they have no-cd cracks and stuff. Seems they are ok to use, but antiviruses pick them up as bad. I one time went to one, and they were starting Battlefield1942 (that shows how long ago that was), and you heard all these 'beeeep beeeeep' sounds. It was humorous.

Avira today is much better about fixing false positives that years ago. Even some upx, which is probably what you are talking about, is flagged as bad, but fixed in a few days. Used to be months.

Sul.

 

Are you saying that the windows idle defrag feature doesn't kick in until 5-6 hours? How do you know this?

 

Have you tried adding the file into AntiVir's Guard exclusion list? And what OS are you using?

I'll look into this issue, as well -- I use AntiVir Free. Layout.ini is the file that manages the boot optimize feature of Windows, correct? If so, then this would definitely be a huge issue for me, too. One thing I really hate about Vista is how long it takes to boot up, and the fact that I've spent nearly a month trying to find ways to speed it up .

Rant aside, I do have a small question of my own: how many times a day should I update AntiVir? I've created a rule that will update it at my computer startup (If anyone is wondering how to do this, set the update frequency to Daily at time 0:00 h, and check "Repeat job if time has expired".) Is this enough (i.e. once a day)?

 

I will check out if there is a problem with Avira affecting the idle behaviour of XP.

I never understood why people think those kind of tools can replace an AV. They don't detect malware when it is intruding your system. They are perfect cleanup tools after an infection. But then, how you notice the infection?
What about malware that directly performs its intended malicious actions such as sending out your credit card information as soon it is launched? Yes, on next reboot the malware is gone. Your data was stolen already anyway. The malware was able to run all the time until the reboot. And how does it help against scareware? The users are tricked into willingly installing those programs. No behaviour blocker or sandboxing will help.

Also, with the past experience of how malware does evolve and adapt, I think it is only a question of time until the malware authors find a way to break out of the sandboxes and bypass the cleanup on reboot. I wouldn't be surprised if this is already the case. Concidering the insane amount of malware that is out there, no one can test those tools against all of them.

So, as any other security solution, sandboxing apps / restoring systems is not a bullet proof thing.

 

For the toughest in the virtualisation arena (hardware virtualisation). allready true, see https://www.wilderssecurity.com/showthread.php?t=239227

So for software virtualisation only a matter of time (since this should be easier to evade in theory than hardware virtualisation).

There is some Wilders Member with a Borg quote "All your base are belong to us"

Stefan's remark not a Scifi story, but a fact of life

 

Neither do I.

 

x3

 

I must have been busy writing one of those insane i-detect-all-packed-samples generics.

Speaking of which, can someone explain to me why Themida added an option "anti av-detection"? I mean, Themida claims to be a commercial protector, why they would need anti-AV features? If a company adds features to it's products that their customers demand, I *really* have to wonder what kind of "customers" Orens actually has... The funny thing is - in breaking my Themida detection they actually *rise* the false positive ratio on Themida packed programs. Instead of Themida, I will detect it as an unknown cryptor... Great plan, really! NOT!

 

hi Stefan,
can you finished crypter pack dedection?
(malwaretestlabs test packs)

 

guest, yes - I am just working on finishing the aeheur module for the release today.

 

I would rather run Avira+LUA and hardware DEP with SRP, a light and better compatible layer of security which should provide the necessary protection.

 

i will be happy, if you can say when you released.
i sent comodo also, they finished but mostly not generic.
i packed some other malware, comodo cant dedect them.

is it hard job?
is generic malware fingerprint generation hard? or packed files dedection?

 

Stefan, you already talk about different techologies, with different means and objectives.
DW is policy based, and so you can forbid access to some critical areas or files per policy at kernel level.
Returnil, that I don't really know, is totally different in the concept (virtualizing modifications and then let the possibility to undo them?) and because of this has nothing to do with protection of sensitive data for example.

I am an intensive user now of policy restrictions and rules. I have your free version of antivir installed on my computer, except the guard, and use it to check all the programs I download.
For my credit card, I can't access it from LUA, as I modified the ntfs rules. My images and movies can be stolen, or even destroyed, I have a copy on external disk and these are private stuff, that nobody cares in my opinion.
If a new generation of malware was to appear, able to break through all of this..., well, I am not ready to sacrifice the risk of false positive, the use of cpu, ... to the hypothetical risk of a super malware.

Security is a process, not a tool.

 

That's the point. The probability, in my own opinion, to restore because of this, and compatibility issues..., is higher than because of a malware.

And no, I (when I say I, I mean just I) don't like the idea of having another process running 100% of the time for a potential problem, which might not even happen at all.

To finish, the main point is that antivirus softwares adapted to the behaviour of users and implementation of OSes, that is, allow everything. So they have to be anti-all-stuff. In this view. There is a thread about the new mebroot rootkit: many antimalware softwares do not recognise it yet. Well, fair enough: this is definitely not any kind of issue in unix-based systems as LUA windows based systems...