How Good is an AntiVirus....

Most of us here know there is know the best for everybody. But the majority of ( Advance ) user would be looking for the same thing, while leaving the world dogs on Norton.

Edit: Nothing Wrong with Norton, but most of advance user dont like it because it is a "REAL" resource hog.

So how good is an AV if it could not Clean an Virus? Which makes me wonder, how does it clean it exactly? Most AV would delete the file. But would different AV have different Cleaning/Disinfect Method which could result in Some AV able to Clean some virus and other AV couldn't. Then you would ask how good is an AV if it could detect 99% of known and Unknown virus, but unable to clean it?

In the F Prot a Newcomer ask an AV is missing Email Scanning. This is a basic question for a lot of users. But we understand in order to execute the code it will have to be downloaded first and therefore the Real Time Scanner will detect it anyway. Since An Attachment will have to be downloaded before you open. And if you download it then you are going to open it ( Otherwise why do you click on download? ) Which brings the question of does an Good AV necessary need Email Scanning?

Actually some of you may have already wonder, yes i am Talking about F Prot.
A soloution to unable to disinfect files and not want to delete it is to put it in Quarantine. Which F Prot Does not offer.

Even F Prot is famaus for low on resources. But ( i am guessing as i am not 100% sure ) for Auto Update to work you need Updater 5 Mb and Scheduler need 15Mb. It would be nice to if only updater could manage to auto update. (Since there is still no update so i can not confirm ) I could then disable Scheduler.

This is not only a thread for F prot. So if you have any other queries about your AV or other things please post here.

 

dear iwod, you already answered one of your own questions. email scanner is not needed when you have a good realtime protector backed by a good database and heuristic rulesets. in this case the resource overhead is lower since you're not using a special scanner for emails. cleaning is more difficult than detecting since you'll have to eradicate the alien code. it becomes more difficult in case of morphing viruses and impossible in case of overwriting bugs. during cleaning the file will work as usual if the whole alien code is removed or if the control is simply handed over to the original code. in the later case you'll still get virus warning though running the file won't cause any problem. some AVs are able to clear all of those alien codes where others just manage to remove parts of them, hence the difference. but look at it this way, if an AV has exceptional detection rate than chances are very low that your files will ever get infected, so little need for cleaning capability. this is just my opinion so please don't start bashing. LOL.

 

Well most of AV's can clean damage which was done by file infectors (those ancient real viruses),some perform better then others. Some even have extra capabilities like avast!'s VRDB (Virus Recovery Database) which can theoretically clean any infection,but there is still a downside (slow database generation) which will be changed into incrimental one someday soon. In these days there are mainly worms and trojans which don't infect anything,they just install/add certain files which are simply deleted by AV.

 

hi AMRX
could you tell me which av has the lowest resource usage?just curious as always
thanks
rita

 

Are you just going for Nod32 becuase of it's speed, or do other criteria play a role as well?
Is Nod32 as good as it is stated everywhere? I know the speed is something, but how important is this speed thing really?
Look at Kav 5.0, everybody is complaining about it slowing down, but most users stick to it, because it's detection is just great (better than Nod32!!!!)
For me detection is the main choice and speed is ok if you scan your system every week, which I really don't!
Just wondering, that's all.......

Putin

 

I think the ideal is an AT/AV that uses real time process-memory scanning with good quality encrypted DEFs. That way if the the nasty is packed, the AV/At will catch it as it unpacks itself and goes to process.
Another thing would be to catch hooks without any kind of DEFs.
Of course we all know another best thing the program be kernel level, which starts up before your login.


Bruce

 

Ok, clear story.....thanks and good luck!

Putin

 

With viruses I disagree, with Trojans, sure, though Nod32 will vastly improve in this area with the new Beta and coming release...

I myself don't care about speed, detection rate and advanced heuristic’s are more important to me. Like Ronjor, I don't go 4 wheel driving across the internet, though I do now have both PC's set up to handle the rough stuff, and it does get tested out with a few guests using my PC in the we hours of the morning...

Cheers

 

Everybody is on the Kernel mode , and loading before login band wagon LOL
It just gets scarrier. Now with the new Video card mem nasties and what not.
But even so, everything has to go through RAM at one point or another.

the point I like to stress is too many programs hacking the Kernel at the same can not be good unless MS has this covered in SP2.
I have learned one lesson in the past two weeks about programs made outside the USA though. Here in the USA it is a softwear programmers ethical code to allow a program to be installed on both your desktop and your laptop.
This for me in an important issue. Might not be for some though.

Bruce

 

@ AMRX - So there is a different between Cleaning Ablity. But what you said was right. If the detection rate is really 99% that what is cleaning for? I "Personally" agree with this theory. Don't start bashing, LOL

@ RejZoR - I think you are right and even though i knew it i completely forgotten to take this into account! How many Virus today that does damages like CIH in Win98 days? But it would be interesting to know How many of Todays virus are Worms or Trojen.

@ ronjor - That is the first time i heard that. Indeed Memory and CPU usage are one thing. How "YOU" felt the system is running is more important. This small lagging is what i have experience sometimes but i never thought it was due to f Prot. Because it is common anyway that it some time lag due to a lot of other factor and reason. But this may be worth me to investigate later.

@ Others - Yeah i agree that Having Virus to protect you is important. But we shouldn't totally rely on it.

Another questions that pops up my head ( After reading a bit of NOD32 discussion ) is Large DB question.

Disinfecting virus is not as important if you have an high detection rate. But This high detection rate means it can detect Virus that will harm your OS or your platform. Hence I read NOD32 keep their DB clean and don't detect DOS Virus ( Which won't work on XP ). But wouldn't a User ( may be only me ) want to clear out these Useless files as well? Even though they are not harmful. ( I hope you understand what i mean as i don't think i am good at explaning my thought out in this case........... )

One of the reason why I choose F-Prot instead of NOD32.

 

Hello

If this has allready been mentioned 100 times I appologize.

The new world we live in today is not so much a virus world.
Only script kiddies are using those. The real threat lies in trojans-worms-droppers. An experienced hacker will not shut down your AV/AT, since that would cause alarm.
The bad guys or just spys for their own agenda are using trojans to steal your
account information on credit cards. Some want your SSI info for fack ID's.
This would be more espionage type work. The government had high hopes of echelon, magic lantern. From what I hear, these turned out to be pipe dreams. The code was bad

Some want your computer as a weapon against other sites. Kiddie-internet war gang stuff again.

There are people that write specialized varients for a price. Of course this is becomming way more common now days. These are the ones not detected.

OH MY then we have the ROOT KIT, kernel mode, usermode thang going on.

Yes I agree, as the world becomes more advanced, we all want things to work faster and want time to move slower LOL
You notice this more as you grow older. Slow down and savor that program or cup of coffee or steak dinner.

Well I better run and get another cup a joe for work.

have a nice day or night whereever you are

Bruce

 

> The new world we live in today is not so much a virus world.
Only script kiddies are using those. The real threat lies in trojans-worms-droppers

I totally agree with you, that why I choose a real/strong/robust anti-malware such as Kaspersky to be my first defence line to combat those aggressive malware.

I don't care if KAV so slow to does an on-demand scan but if it does its best to protect me from possible aggressive malware so KAV is the best for me. I don't want an illusory or false sense of security or a replied e-mail from anti-virus company's support that says " sorry, our product doesn't detect this kind of malware " so if some anti-viruses don't deal well or don't cover some kind of malware but why those anti-viruses don't state on their website to make their customer clear for what they will get from their favorite anti-virus programs.

 

It has not, and a very good point, controler. This is why, recently, a lot of AV companies are trying to improve the detection of this malware.

 

dear rita, IMHO the lightest AV is definately F-Prot. do one thing, use Winamp to play some song with the buffer level to its default settings. click on some files and you'll see that NOD32 causes some skips where F-Prot doesn't. for example when the file is the 15MB setup of Acrobat Reader, NOD32 makes Winamp to skip a beat. if you're not doing anything then NOD32 and F-Prot both will run just fine but the memory usage is visibly lower for F-Prot. you won't find any performance degradation with both of them but listening to a song makes things more delicate and you ear will pick up the negligible difference. if you lower the buffer level than the test will become more delicate. this is one of my crazy theories and works if you don't own things like WinRunner or LoadRunner.

 

What's a dropper?

 

A dropper is a program that has been designed or modified to "install" a virus onto the target system. The virus code is usually contained in a dropper in such a way that it won't be detected by virus scanners that normally detect that virus. While quite uncommon, a few droppers have been discovered. A dropper is effectively a Trojan Horse whose payload is installing a virus infection. A dropper which installs a virus only in memory is sometimes called an "injector".

www.ualberta.ca/CNS/VIRUS/glossary.html

Hope this helps...

Cheers