Command AntiVirus- an underrated AV

Discussion in 'other anti-virus software' started by Blackcat, Jan 3, 2004.

Thread Status:
Not open for further replies.
  1. Blackcat

    Blackcat Registered Member

    Joined:
    Nov 22, 2002
    Posts:
    4,010
    Location:
    Christchurch, UK
    Despite being one of the AntiVirus programs reviewed and recommended here on Wilders, http://www.wilders.org/anti_viruses.htm, this AV appears to be little used as a home-based AV.

    Recent threads here and at dsl reports;

    http://www.wilderssecurity.com/showthread.php?t=17178

    http://www.dslreports.com/forum/remark,8593435~mode=flat?hilite=Command+AntiVirus

    indicated that relatively few people appear to know or use this underrated AntiVirus program. This is a pity as I have recently started to use CSAV on one of my older computers here and I can certainly recommend it to both newbies and experienced AV users.

    It is not a new AV as Command systems have been in operation since 1983 and the precursor to CSAV, F-Prot Professional was developed in late 1991. This was eventually renamed CSAV in 1997 and Command is now known as Authentium.

    In this post I will list some observations about this AV and hopefully persuade some people to consider using this program at license renewal time of their current AntiVirus program.

    My thanks go to the 2 CSAV experts here at Wilders, Technodrome and Karl_Menshy for their help in putting together this post and their patience in answering my queries.

    Main URL for CSAV; http://www.authentium.com/


    - Fixed link to DSLR thread - LWM
     
  2. Blackcat

    Blackcat Registered Member

    Joined:
    Nov 22, 2002
    Posts:
    4,010
    Location:
    Christchurch, UK
    Advantages I :

    * Has top-notch virus protection as judged in a variety of test sites including Virus Bulletin, and av-test.org.

    http://www.virusbtn.com/vb100/archives/products.xml?command.xml

    http://www.av-test.org/sites/test_details.php3?lang=en&test=2001-11

    Its recent performance over at Virus Bulletin has been very good, where, excluding Linux and Netware, it has obtained the 100% pass in 5 out of 6 tests on Windows platforms since November, 2001. It also performs very well in zoo detection and has over 105,000 malware definitions in its recent database.

    * It contains the well-known and well regarded F-Prot engine but Authentium have their own virus research team and they do not depend solely upon Frisk's updates so CSAV may give better detection than F-Prot. It also contains Holocheck heuristic technology which can identify unknown viruses and it runs the potential virus in active memory, without allowing the virus to activate and infect your computer. Despite this powerful heuristic analysis capability, very few false positives are reported with CSAV.

    * Clear, easy to use GUI ( see attachment )and this AV can be run straight out of the box with its default settings. This is ideal for newbies as you can just install and forget.

    * Scan speed is very fast. Not as fast as NOD (what is?) but much faster than KAV or Dr Web. This is related to its poor unpacking engine. It can scan the following file types; ace, arj, lha, rar, zip, gz, tar and tgz but it cannot unpack runtime packed files. This is not a major problem as CSAV relies on signatures for packed variants of malware. Therefore, as long as these signatures are added quick enough any ITW threat should be covered. Overall, the fast scan speed also makes it an ideal choice as a backup scanner to your main AV.

    * Although it places 6 running performances in memory, (10-11mB, 10,688kb VM) this has little effect on the speed of computer performance, even on older computers. These components can also be enabled or disabled. The Real Time Monitor- Dynamic Virus Protection- has a small memory imprint and overall CSAV is a very stable program with no reported conflicts with any well-known software.



    - Added URL tags to links - LWM
     

    Attached Files:

  3. Blackcat

    Blackcat Registered Member

    Joined:
    Nov 22, 2002
    Posts:
    4,010
    Location:
    Christchurch, UK
    Advantages II:

    * Several viral removal options available, including quarantine and disinfection is very good.

    * Has an e-mail scanner

    * Since the summer, the database has been pumped with many backdoors and Trojans to improve detection of this malware.

    * Runs on all versions of Windows, including 95.

    * Support (UK) is very good and generally replies within hours, if not minutes, of a query. This has been a very pleasant surprise to those of us using the free version of CSAV.

    * A relatively small download (8Mb) which only takes up 8Mb of hard disc space.

    * Has an excellent help file which can be downloaded from the main site.
     

    Attached Files:

  4. Blackcat

    Blackcat Registered Member

    Joined:
    Nov 22, 2002
    Posts:
    4,010
    Location:
    Christchurch, UK
    Advantages III*


    *Can make rescue discs from the main interface and also it is very easy to schedule scans.

    * Updates can be set to automatic where specific tray icons inform you of the updater response(see attachment). The program can also check for updates manually. New virus definitions do not require a reboot.

    * Command (Authentium) updates both their scan engine and program files quite often which gives them the opportunity to fix any bugs on a regular basis. This patching system means that there are no install/uninstall cycles, as with other AV's, when a new program/version update appears.

    * Authentium provides offline installers for patches and updates on their site so CSAV can be used on systems with no internet access. This means that updates and patches can be downloaded via a web browser and not only through the updater, which overall means that you can copy to CD and use on any off-line computers.

    * Installation is very smooth and the uninstaller is very good (it removes the program file without even a reboot!).

    * Has been available free for a number of years in the UK with various computer magazines, with some offers giving up to 12 months of updates. When you consider that CSAV with its small imprint might delay the need for a CPU/system upgrade it can also be viewed as a relatively cheap commercial AV to non-UK residents ($2:cool:.
     

    Attached Files:

  5. Blackcat

    Blackcat Registered Member

    Joined:
    Nov 22, 2002
    Posts:
    4,010
    Location:
    Christchurch, UK
    * An extensive Malware Library, showing the Trojans/viruses that the program presently detects is present within the main program and is updated continuously.
     

    Attached Files:

  6. Blackcat

    Blackcat Registered Member

    Joined:
    Nov 22, 2002
    Posts:
    4,010
    Location:
    Christchurch, UK
    Disadvantages

    * Updates are generally weekly but over the recent holiday period there was not an update for 9 days! Although an update would be put out immediately if there was a major threat, I would like the frequency of updates to be more often than it is at present. In addition, some people, including Karl, have reported problems with downloading in that there has been no immediate response of the servers.

    I had initial problems downloading, particularly from the UK site but after a fresh install and a change to the USA download site, I have had no problems. This may be related to the bandwidth available, as UK users are initially recommended to use the UK site for updates rather than the more responsive USA site. Technodrome has never had any problems with the update procedure from the USA site.

    * Many Trojans and backdoors are vaguely labelled as 'security risk or a backdoor program' and despite the recent pumping up of the Trojan/backdoor database, this AV would probably benefit from running an Anti-trojan alongside it.

    * No active forum and CSAV is better known as a network/corporate AV rather than a home AV.

    * Updating files are rather large as there are no incremental updates, which can be a pain for those of us still restricted to dial-up. The updating procedure can be daunting for the first time for newbies as it uses the Windows Installer for updating, which can be confusing, particularly when the system tray icon disappears!!!(You are still protected).

    * E-mail scanner is only for Outlook.

    * The RTM can be very sensitive at times e.g. it did not like me uploading attachments to this thread and I had to switch it off to send them in the end.

    * There are some reports of bad uninstalls, as noted by bigc73542, which Authentium acknowledge can happen on some systems. But they offer a specific removal tool on their site and I have uninstalled/installed numerous times on Win 2000/XP Pro boxes with no side effects at all so far.
     

    Attached Files:

  7. Blackcat

    Blackcat Registered Member

    Joined:
    Nov 22, 2002
    Posts:
    4,010
    Location:
    Christchurch, UK
    Here's one to show the exclude function and the extensions which are scanned.
     

    Attached Files:

  8. Blackcat

    Blackcat Registered Member

    Joined:
    Nov 22, 2002
    Posts:
    4,010
    Location:
    Christchurch, UK
    One to show the options available when using the automatic downloader.
     

    Attached Files:

  9. Blackcat

    Blackcat Registered Member

    Joined:
    Nov 22, 2002
    Posts:
    4,010
    Location:
    Christchurch, UK
    Overall, CSAV is definitely a very good AV program which will give you excellent protection against viruses, on both new and old computers. It is ideal for newbies with its default settings as it can be run straight out of the box. It would make both an excellent primary or backup scanner and CSAV 5 is just around the corner.
     

    Attached Files:

  10. c0ltran3

    c0ltran3 Registered Member

    Joined:
    Nov 8, 2003
    Posts:
    172
    I've been using Command Antivirus for a month. As it has been said the scan is fast, the program is well accepted by other antvirus (no problems or clashes).
    I've got a doubt onlY: this antivirus scans a short extent of files. There are about 100,000 files on my PC and only 25,000 can be processed.
    So I ask if might be failures in detection.
     
  11. Trans

    Trans Registered Member

    Joined:
    Dec 30, 2003
    Posts:
    76
    Did you set it to scan all files ?
    Every AV has different settings...
    (Executables only,user defined file masks,archives...)
     
  12. VikingStorm

    VikingStorm Registered Member

    Joined:
    Jun 7, 2003
    Posts:
    387
    Isn't that kind of an odd behavior for a RTM to stop files from being attached(sent)?
     
  13. c0ltran3

    c0ltran3 Registered Member

    Joined:
    Nov 8, 2003
    Posts:
    172
    Command Antivirus scans only predefined extensions. See the images in this post. Others extensions are to be included manually
     
  14. Technodrome

    Technodrome Security Expert

    Joined:
    Feb 13, 2002
    Posts:
    2,140
    Location:
    New York
    Thats for the RTM only. However On-Demand scaner has an option that allows you to scan all files .



    tECHNODROME
     
  15. Technodrome

    Technodrome Security Expert

    Joined:
    Feb 13, 2002
    Posts:
    2,140
    Location:
    New York
    Keep in mind that every AV counts differently. try this for example. Zip 5-10 files and scan them with Command. Only one file will be reported. Now, add eicar test file to this archive. Scan. Command reports 1 file scanned but flags infected file inside this archive(meaning CSAV scans them all but doesn't report them individually).


    tECHNODROME


    tECHNODROME
     
  16. the Tester

    the Tester Registered Member

    Joined:
    Jul 28, 2002
    Posts:
    2,854
    Location:
    The Gateway to the Blue Hills,WI.
    Hey BlackCat.

    Congrats on another excellent review of an antivirus program.
    Well Done!
     
  17. LowWaterMark

    LowWaterMark Administrator

    Joined:
    Aug 10, 2002
    Posts:
    17,877
    Location:
    New England
    Yes indeed. A lot of hard work goes into assembling a thread like this! Nice job Blackcat!!
     
  18. c0ltran3

    c0ltran3 Registered Member

    Joined:
    Nov 8, 2003
    Posts:
    172
    My questions:

    1) I use as Command and F-Prot as on demand scanner . Are they too similar?
    2) How wide is trojans'detection in Command ?
     
  19. Blackcat

    Blackcat Registered Member

    Joined:
    Nov 22, 2002
    Posts:
    4,010
    Location:
    Christchurch, UK
    Although Authentium do add additional malware definitions to the Frisk engine, the overall difference in the RANGE of malware definitions may be slight. Therefore you may obtain better OVERALL detection/protection by using a different combination of backup scanners than CSAV and F-Prot together.

    Which combination would obviously depend upon your Primary AV.

    If you do not use it as your main AV, I would suggest that a KAV/KAV clone would be a better choice as a backup scanner with CSAV rather than CSAV and F-Prot. The strong unpacking engine in KAV would compensate for the relatively very weak unpacking engine found in CSAV/F-Prot.

    As regards trojan detection, as with most other AV's, apart from KAV/KAV clones, McAfee or Dr Web, you may find a layered defense with an Anti-trojan program may be a good idea if not using one of these programs as your primary AV. I am using BOClean with CSAV on one of my computers here.
     
  20. Karl_Menshy

    Karl_Menshy Registered Member

    Joined:
    Apr 18, 2003
    Posts:
    135
    ...and even the RTM allows for the * wildcard...
     
  21. Primrose

    Primrose Registered Member

    Joined:
    Sep 21, 2002
    Posts:
    2,743
    Medical Centers here in Myrtle beach SC...150 seats 7 building seperated by 20 or more miles in the network.

    Been using Command AntiVirus for One Year,,including laptops taken off the network and used elsewhere.

    No problems or exploits. But then the IT know what he is doing and the Network is secure in anycase.
     
  22. Technodrome

    Technodrome Security Expert

    Joined:
    Feb 13, 2002
    Posts:
    2,140
    Location:
    New York
    Correct! ;)


    tECHNODROME
     
Loading...
Thread Status:
Not open for further replies.