Is an antispyware really useful ?

First I am an AVG Pro user, and like it very much. However when I see reviews by PC Magazine who praises AVG AS on its On Demand Detection, but not its RT capabilities and see AVG AM do poorly in the AV Comparitives Pro Active/Retrospective Tests. It simply becomes my opinion it may not detect well in RT, especially without having any Heuristics in RT.

 

Hi, folks: AS is till useful in the ways:
On-demand--- Yes, I need them once in a while, when my box has a free time, say 30-60 min, I will run a scan for a fun, to see what is catch of the day. SAS free is the best, AG AS is the runner up.
Real time--- I doubt it. Can AS's realtime scanner catch and stop every malware going thru your door? Very unlikely, it may warn you any change in home page, startup entry and so on, but these features are already replaced by more sophisticated HIPS. AG AS' and Bolean's guard are merely monitoring memory for malwares' executions. For this less-desired function, user may have to trade high resource usage for it, not worth it, IMO. A behavior blocker is a high way to go. Take care.

 

I agree with Blackcat.
I see posts where trojans,spyware etc....are not cleaned well by a/v programs.

 

I am always taken aback when I read this kind of comments. Don't get me wrong Perman, this is not against you but do you have any facts or tests that might demonstrate your assessment about SAS ?

 

Me too,i read the Kaspersky help forums daily to see what things are creeping in from the wild etc.
Most folks(myself included) consider Kasp to be one of the better or at least one of the best AV's around for malware detections yet when Kasp fails to cleanup under safemode the experts there send out the SOS to SAS free.More often then not SAS gets the job done

Sweat combo IMO

 

Hi, folks: I am not a cyber security expert, rather an average joe, using computer days in and out, surfing Internet extensively. Therefore, I am making those comments(I would rather call it my hand-on experience) from the bottom of my heart, you or anyone do not have to echo mine. My experiences are practical ones, far apart from those experiments or tests, but are bloody true, and trustworthy, pls read my key strokes. SAS is above the crowds, members here can tell you more than you want to hear, sorry, that is the fact, whether you like or not. Again, I have plenty of facts, not tests , and those facts are compiling everyday. Take care.

 

I rather use ThreatFire or OA Free (which I currently do) with my AV and no AS in RealTime, than just an AS with my AV. I suppose an AS using signatures for RT protection could come into play somehow, but it just seems that a HIPS or Behavior Blocker program would be a better choice in RT with Firefox or Opera.

 

First, it goes without saying that the SAME scanning engine is used for both on-demand and realtime scanning, so maybe PC Magazine thought it'd be okay to omit that obvious piece of information. Secondly, AV-Comparatives doesn't test with spyware at all, so I cannot see how you draw your conclusion from a review that doesn't even include the types of malware you say AVG performs poorly against.

 

Loaded? No, just trying to clarify.

You just said that AS were better at *cleaning* than AVs. I notice people using ASs like to phrase it this way, rather than saying it is better at detection...

Given just your statement, there are 2 ways I can parse your statement...

1) AV and AS detects and stop roughly the same malware pre infection, but once infected AS can clean more

or

2) AS removes and detects more malware sample.


To me there is a great difference between the two scenarios. In 1) the guy using the AV (assuming real time protection) will still be protected, and AS yields little if no effective value from being infected,

Quite a distinction I think.

Rated "standard" sounds like some test... What test are you referring to? I wasn't aware AVcomparitives test antispyware beyond those intergreted as antiviruses or generic anti-malware...

 

Spyware is malware, unless you single out cookies and that is about all the anti-spyware products I use ever find.

 

The point was that AV-C doesn't test with this type of malware.

 

When I see this report and see that AVG AntiMalware only receives an 8% it sets me back a bit, but when I see how poorly it does in detection of "malware" it makes me believe it's Heuristic Real Time capabilities need to be improved. That's all. http://www.av-comparatives.org/seiten/ergebnisse/report14.pdf

 

Per the reasons already stated, it's not valid to use AV-C results to benchmark the performance of antispyware detection.

OT: Regarding the heuristics test, it's really just a review of a very specific area of a product's detection capabilities. Unless you intend to run a product without updating it for 1 month, the on-demand tests are a far more realistic review of a product's detection capabilities.

 

I am not necessarily disagreeing here, as you seem to know much more about these things than I do. Maybe I should just concede by saying because of these things I just rather use ThreatFire, OA Free, or the new Webroot Desktop Firewall in Real Time instead of an Antispyware.

 

It's always beneficial to run a standard blacklist scanner along with the products you mentioned anyway. Just like relying solely on traditional scanners is not always reliable, doing the same for HIPS/behavior blockers has its own problems as well.

 

Just one question : which antispyware apps implement heuristic analysis ?

P.S : I mean, an efficient heuristic analysis!

 

The original question was "Is an antispyware really useful ?"
Having never been a victim of any antispyware my first response is No But then the only way I have of checking whether I have ever had any spyware is by running antispyware so the answer might be Yes.

I'm fairly sure that far too many are running far too much security software and that it is quite possible to run spyware free without any such programs.

 

Hi, folks: By running a sandbox/virtualization app while surfing internet, we may have cut down malware infection rate considerably, therefore, the dependency of AS is subsequently reduced, and then is the user's judgement call as to whether an AS is really useful from that point on. Take care.

 

I totally, almost, agree.

 

I would just like to know if anyone using Firefox and running either SAS, AVG AS, or a-squared Anti-Malware has ever had one of them detect anything in Real Time by using their spyware/malware signatures? Also I know while a-squared didn't seem to slow down my PC which has 512MB of Ram, it ran over 45K with it's two processes, and have read that the AVG AS component in the Security Suite was responsible for using over 60k with its exe.

 

I doubt it... hence my topic !

 

I doubt it... hence my topic !

LOL.

 

But seriously is it really needed to use a paid Antispyware in Real Time these days when you have free HIPS programs like ThreatFire, DSA, SSM Free, and ProSecurity Free that may actually be needed some time? If they're too much for some users then there's always Spyware Terminator that although it doesn't match a-squared and AVG Antispyware with the amount of signatures it has, still from what I have read offers pretty good RT protection with it's Guards and HIPS features. Now there's even Online Armor Free with FW and HIPS, and the new Webroot Desktop Firewall with DSA included. I think if I did buy an AS program though, it would be SuperAntiSpyware because of how Nick is present in this forum and how it keeps improving. Plus I use the free version and like it a lot.

 

Well I have Webroot Desktop Firewall running with Dynamic Security Agent's HIPS active along with you guessed it, an Antispyware. LOL. Actually I am using Spyware Terminator and I like it. Not sure it's the equivalent of a-squared Anti-Malware, but I can always change later. I just read that WDF with DSA seems to run with other RT AS so what the heck.