Hardest AVs to fool?

Discussion in 'other anti-virus software' started by mvdu, May 10, 2004.

Thread Status:
Not open for further replies.
  1. mvdu

    mvdu Registered Member

    Joined:
    Oct 14, 2003
    Posts:
    1,151
    Location:
    PA
    I'm wondering if there are certain AVs that are harder to fool than others.
     
  2. Barney

    Barney Registered Member

    Joined:
    Jun 17, 2003
    Posts:
    119
    The hardest antivirus to fool?.....thats easy.......DRWEB!!!!!!! This is the best antivirus out there. Next in line is KAV.

    barney
     
  3. bigc73542

    bigc73542 Retired Moderator

    Joined:
    Sep 21, 2003
    Posts:
    23,873
    Location:
    SW. Oklahoma
    In my opinion the big names in the av market would be harder to fool. Such as computer associates
    nod32
    kav
    mcafee
    norton
    command
    f-prot
    f-secure
    Dr. web
    and there are a few more that in my opinion would be the harder ones to fool. but none of them are fool proof. There are a few good free AV'S but IMO they are not quite the quality of the others.
     
  4. mvdu

    mvdu Registered Member

    Joined:
    Oct 14, 2003
    Posts:
    1,151
    Location:
    PA
    I have KAV and it would be nice to know that KAV is among the hardest to fool.
     
  5. bigc73542

    bigc73542 Retired Moderator

    Joined:
    Sep 21, 2003
    Posts:
    23,873
    Location:
    SW. Oklahoma
    KAV is a very good AV probably as hard to fool as there is.
     
  6. mvdu

    mvdu Registered Member

    Joined:
    Oct 14, 2003
    Posts:
    1,151
    Location:
    PA
    Thanks for the replies. :)
     
  7. Gavin - DiamondCS

    Gavin - DiamondCS Former DCS Moderator

    Joined:
    Feb 10, 2002
    Posts:
    2,080
    Location:
    Perth, Western Australia
    Fool in what way ?

    Almost ALL antivirus software is at risk of malware editing, to make it no longer detected. There is no real way around this, even changing signatures wont help against an experienced attacker. Layer those defenses and above all, be careful what you allow to run on your machine !
     
  8. OPTIMIZER

    OPTIMIZER Guest

    I think GDATA is the one you are looking for...
     
  9. mvdu

    mvdu Registered Member

    Joined:
    Oct 14, 2003
    Posts:
    1,151
    Location:
    PA
    Gavin - why do you say ALMOST all? Yes, that's what I meant - strong signatures are important.
     
  10. wizard

    wizard Registered Member

    Joined:
    Feb 9, 2002
    Posts:
    818
    Location:
    Europe - Germany - Duesseldorf
    "Strong" signatures makes it just harder for the scriptkiddies but not impossible. I think a good combination out of multiple products can also be real helpfull. Imagine a case where somebody is using TDS-3 and NOD32.

    For TDS-3 the scriptkiddie has to patch the file string detection, memory detection string, mutex, various heuristics strings and so on. And for NOD32 it is to "fool" the advanced heuristics and of course the detection string.

    wizard
     
  11. Arin

    Arin Registered Member

    Joined:
    May 1, 2004
    Posts:
    997
    Location:
    India
    Gavin is right and so is Wizard. i'd like to suggest Process Guard from DCS, the makers of TDS3. well all the AVs are softwares and softwares can have known or unknown vulnerabilities. for example in 9x platform you can just delete the database files of Trend Micro or F-Prot. they won't complain and they won't mind. as for the mighty KAV, you place a ; infront of the database filename in KAV.SET and KAV stops using that file. i don't know if the Kaspersky guys fixed this. DrWeb is pretty strong in this way and so is NOD32 though its CRC selfcheck isn't that good. one more AV like that is F-Secure, its very hard to fool it.
     
  12. Dazed_and_Confused

    Dazed_and_Confused Registered Member

    Joined:
    Mar 4, 2004
    Posts:
    1,831
    Location:
    USA
    I agree that NOD32 is at the top, based on my experience with 3 of the top 5 on BigC's list. Can anyone tell me WHY the most popular computer magazines, like PC World and PC Magazine, always rate McAffee and Norton on the top? I don't ever think I've seen NOD32 or KAV mentioned in any of their security articles.
     
  13. BlueMoon

    BlueMoon Guest

    That's an easy and commonly known one: money plus marketing - no connection in any way with the real strength from softwares.

    Blue
     
  14. Dazed_and_Confused

    Dazed_and_Confused Registered Member

    Joined:
    Mar 4, 2004
    Posts:
    1,831
    Location:
    USA
    I always suspected that. Glad I didn't renew my subscription.
     
  15. mvdu

    mvdu Registered Member

    Joined:
    Oct 14, 2003
    Posts:
    1,151
    Location:
    PA
    Well, probably KAV fixed it if it's that simple. I run BOClean with KAV just to be safe. I have BitDefender as backup AV.
     
  16. vincevega

    vincevega Registered Member

    Joined:
    May 4, 2004
    Posts:
    41
    Im a newb here. When someone says he runs an AV program as a backup does that mean that that person has both programs installed and one has the real-time san turned off? Sorry for the stupid question.
     
  17. bigc73542

    bigc73542 Retired Moderator

    Joined:
    Sep 21, 2003
    Posts:
    23,873
    Location:
    SW. Oklahoma

    Yes that is what it means, It is nice to be able to scan with a different scanner sometimes since the av programs don't all scan just alike. One might find somethind the other one missed ;)

    bigc
     
  18. Dazed_and_Confused

    Dazed_and_Confused Registered Member

    Joined:
    Mar 4, 2004
    Posts:
    1,831
    Location:
    USA
    Correct VinceVega!

    Both installed. One running on-demand scanning only, the other always running in background. I always disable the main AV prior to running the on-demand scanner, though.
     
  19. illukka

    illukka Spyware Fighter

    Joined:
    Jun 23, 2003
    Posts:
    633
    Location:
    S.A.V.O

    mcafee actually is a very good antivirus with almost-kavlike-trojan detection and unpacking

    norton too is a good VIRUS scanner, no doubt about it.

    just happens to be one of the biggest advertisers too, and a wise dog doesn't bite the hand that feeds him
     
  20. FanJ

    FanJ Guest

    If you would like to see whether a file of your AV has been changed, use a file-integrity-checker and put those files in its database ;)
    Of course changes in those files can be very legitimate: a simply definitions-update :)
    It's the user who decides whether a change was legitimate or not.
     
  21. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    5,648
    Location:
    Hawaii
    What about the heuristics in DrWeb & now NOD32 -- they have pretty good shots at detecting stuff, even if it's new or the signature has been disguised, don't they? Or do they?

    ~~~~~~~~~
    Ah well, heur today & Guam to Maui............ :) bellicose
     
  22. Dazed_and_Confused

    Dazed_and_Confused Registered Member

    Joined:
    Mar 4, 2004
    Posts:
    1,831
    Location:
    USA
    Bellgamin - Great question!! There have been a couple of posts as of late that refere to viri that are not detected by various AV's. Why are these hueristic algorithims not working in these cases? Which AV has the best hueristics algorithm?
     
  23. VikingStorm

    VikingStorm Registered Member

    Joined:
    Jun 7, 2003
    Posts:
    387
    Well I suppose it's kind of like a paradox. Let's pretend NOD32 & DrWeb are the current popular Symantec and McAfee. The majority of the malware that will be spread would most likely not be detected by their heuristics (as there is no perfect heuristic alg), since the virii creators would concentrate on bypassing the heuristics as one of their main criteria.
     
  24. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,728
    Location:
    Texas
    I posted this in the Nod forum too. Probably get my knuckles rapped.


    NEW GENERATION' ANTIVIRUS SOFTWARE BLOCKS MOST VIRUSES, WITHOUT UPDATES
    Netsky, Bagle, MyDoom, Hiton, Sobig, Nimda, Swen etc. no threat to NOD32 users
    March 7, 2004
    NOD32's new 'next generation' antivirus software has detected > 80% of all new in-the-wild viruses in the last six months without needing specific signature updates, and without 'false-alarms'.

    In this era of fast infecting, mass-emailing viruses, any delay in providing protection can have a huge impact on virus spread. NOD32's performance in stopping most viruses without any need for a signature update is highly significant.

    'While most antivirus makers were scrambling to create signature updates NOD32 users were already protected even before anyone knew what these infections were.' commented Kirk Parker, NOD32 Corporate's Technical Manager.

    'Many antivirus products use a combination of signature and heuristic detection methods, but few give much attention to the heuristic side,' commented Richard Marko, NOD32's head of Strategic Development.

    NOD32 antivirus is the exception, with new, world-leading technology in both signature and heuristic detection. NOD32 was able to block these latest infected messages using its 'Advanced Heuristics', detecting more than 80% of new 'in-the-wild' viruses without a signature update. Viruses pre-detected by NOD32's heuristics include LoveLetter, Marburg,
    Badtrans, Swen, Bugbear, Sobig, Kournikova, Lovsan, Lablan, Mapson, Sobig Mimail, Klez, Sircam, Nimda, Bagle and Netsky. Signature updates are released as often as needed.

    NOD32 has been awarded more VB100% awards (by Virus Bulletin Magazine UK) than any other antivirus product, and actually has not missed a single 'in-the-wild' virus in over 5 years of testing by Virus Bulletin Magazine.
     
  25. bigc73542

    bigc73542 Retired Moderator

    Joined:
    Sep 21, 2003
    Posts:
    23,873
    Location:
    SW. Oklahoma
    You know it is funny you hear so much about this AV or that AV and what they can or can not do that you can get a lot of misconceptions. Let me ask you a question, If you were to go to the big corporations around the world and ask them which AV software they are useing which five av's do you think probably at least 85% of them would tell you they are running. They are running them because they work not because of advertising or a lot of hype. They can not afford to run security software that doesn't work very well. My opinion on those four AV's would be.

    Nerwork Associates (mcafee)
    Symantec (norton)
    Trend Micro
    Computer Associates
    sophos
    Test's are great to get an idea how an AV might work like in the real world. But these four AV's have have earned their place in the market. People can say that it is money and advertising that got them there but I will disagree, I believe that they worked hard to develope their product and earned a place in the market with products that work where it really counts.
     
    Last edited: May 12, 2004
Loading...
Thread Status:
Not open for further replies.