kav vs. mcafee in resource usage

Discussion in 'other anti-virus software' started by rug, May 31, 2004.

Thread Status:
Not open for further replies.
  1. rug

    rug Guest

    Today, I uninstalled kav and installed mcafee (actually net associates that is provided by uni). First thing I noticed is that it is MUCH faster. It does use more memory, but uses alot less cpu time (about 4-5 times less). I was wondering if anyone else has had this experience about kav's awful resource usage?

    Of course, none of them even compare to nod32. For some reason that thing is like a rocket!


    I had been looking at purchasing avk for my main machine but since it also uses kav it would be stupid for me. This is the main reason I am curious about kav performance.

    btw, this is kav 5 personal edition.
     
  2. bigc73542

    bigc73542 Retired Moderator

    Joined:
    Sep 21, 2003
    Posts:
    23,873
    Location:
    SW. Oklahoma
    Mcafee's detection rates are as good as kav and it does seem to run easier and faster on most computers. And you are right nod is the sports car of av's in scan speed.
     
  3. I would concur one of the biggest reasons why NOD32 is like a "rocket" is due to two considerations..

    1. McAfee and KAV have much much stronger unpacking ability.. (The ability to scan for files in a "packed" format..There various types of "packers" and
    McAfee and KAV seem to be the two best on this area...

    2. Although NOD32 has strong heuristics, the highly touted "Advanced Heuristics" they have are only available in IMON (The email scanner) and they are not available to do an on demand or rela time scan with NOD32... Unless you download Paolo Monti's Shell so you can individually scan a file one at a time with AH.. I hear this will be incorporated with the next release of NOD32.. Watch the scan times double and triple... That is what I predict...

    I personally was very impressed with McAfee, but it mucked my system up, and I hated their "Security Center" with a passion.. KAV was great, but ver 5 slwoed my machine to a turtle's pace.. So I went back to NAv..
     
  4. rug

    rug Guest

    Thanks for the responses. I have a license of nod32 for my laptop (where resource usage is extremely important). On my desktop I tried nav, nod32, kav, and mcafee and the network associates version.

    I couldnt even get the consumer mcafee to install so I gave up.

    kav is uber slow

    nav has bad detection rates compared to net associates

    So it seems I will be staying the net associates on my desktop esp since it is free :D

    Thanks again
     
  5. ncs_malaysia

    ncs_malaysia Guest

    2. Although NOD32 has strong heuristics, the highly touted "Advanced Heuristics" ... ... you can individually scan a file one at a time with AH.. I hear this will be incorporated with the next release of NOD32.. Watch the scan times double and triple... That is what I predict...
    I Disagree!!!
    I run on-demand scan with AH and it only take extra 15-20seconds on my PC!!!
    --AMD Athlon XP 2000+ , 512MD DDR RAM , WindowsXP SP1
     
  6. dRag0nMa

    dRag0nMa Registered Member

    Joined:
    Aug 28, 2003
    Posts:
    79
    Location:
    SH China
    why not use nod32 as on-access av and kav/avp as on-demand av?
    i like the combo
     
  7. rug

    rug Guest

    I dont see a reason to pay for two antivirus products instead of one if I can help it. One machine should only require one antivirus license.

    Also, mcafee is quite good. Its not as fast and nod but it is pretty darn fast.

    Lastly, I dont even know what kind of compatibility problems could occur with two antiviruses running on the same system.
     
  8. RejZoR

    RejZoR Guest

    "2. Although NOD32 has strong heuristics, the highly touted "Advanced Heuristics" they have are only available in IMON (The email scanner) and they are not available to do an on demand or rela time scan with NOD32... Unless you download Paolo Monti's Shell so you can individually scan a file one at a time with AH.. I hear this will be incorporated with the next release of NOD32.. Watch the scan times double and triple... That is what I predict..."

    Where did you get that info?! NOD32 uses Heuristics for On-Access too and its not limited to IMON only. I ran many tests and NOD32 definitely uses AH in AMON. Turn of Signature Detection and leave only Heuristic. Extract some test samples of real viruses from encrypted archive and voila lots of them will be detected by heuristic part of AV.

    RejZoR
    www.security-ops.tk
     
  9. backfolder

    backfolder Registered Member

    Joined:
    May 25, 2004
    Posts:
    72
    Location:
    Spain
    Is it posible to get McAfee as on demand scanner? (I supose yes but I prefer to read your opinions). If so, which version do you recomend me?
    TIA,

    backfolder.-
     
  10. Smokey

    Smokey Registered Member

    Joined:
    Apr 1, 2002
    Posts:
    1,513
    Location:
    Annie's Pub
    I have my doubts on this statement, McAfee is a fine AV but the detection rates are less good then KAV.

    Ciao,

    Smokey
     
  11. Firefighter

    Firefighter Registered Member

    Joined:
    Oct 28, 2002
    Posts:
    1,670
    Location:
    Finland
    To Smokey from Firefighter!

    > I have my doubts on this statement, McAfee is a fine AV but the detection rates are less good then KAV.

    I have just finished my own test with McAfee 7.03.6000 including scanengine 4.320. McAfee was even better than KAV 5.0.121 against my virus collection (some 840 viruses; mainly Win32 viruses, I-Worms, IRC-Worms, P2P-Worms etc.) but KAV beated McAfee as my full protection test against 1360 archived infections where was also trojan like malware and riskware within.

    But as a summary. Both have damn good protection against all kind nasties. It's a matter of taste which one you will use if u want the best protection I have tested so far. Personally I like KAV 5.0, McAfee has terrible GUI, it's like a game or something where you have to quess what u are looking for. The every 3 hour updates with KAV are also a plus nowadays, when there are so many new threats ahead all the time.

    Best regards,
    Firefighter!
     
  12. VikingStorm

    VikingStorm Registered Member

    Joined:
    Jun 7, 2003
    Posts:
    387
    I've been testing McAfee VirusScan Enterprise 8.0i Beta II, and it's running pretty great (Never used regular 7.0, but the interface is pretty darn accessible and logical). It can drag a bit on very large packed files, but that's kind of expected.
     
  13. docfleetwood

    docfleetwood Registered Member

    Joined:
    Apr 6, 2004
    Posts:
    36
    Shooter is right on this one. NOD32 "Advanced Heuristics" are only available in IMON and via an add-in Shell Extension/command line parameter. AMON does have "deep heuristics" but this is not as strong as their "Advanced Heuristics." Why would they use these various terms and not incorporate AH in AMON (the on access scanner)? Well that is a topic of ongoing debate in the NOD32 forum. But the NOD32 support folks themselves will tell you that AH is NOT available in AMON. However, that is expected to change very soon with a new beta coming out. IMON will be more powerful and AMON may gain an AH option.

    Doc
     
  14. Firefighter

    Firefighter Registered Member

    Joined:
    Oct 28, 2002
    Posts:
    1,670
    Location:
    Finland
    To docfleetwood from Firefighter!

    When I did my On-Demand scan with AH module installed, it really found 4 worms more from about 390 scanned infected archives than before, when that module was not installed and the heuristic was set to "Deep" position.

    Best regards,
    Firefighter!
     
  15. tazdevl

    tazdevl Registered Member

    Joined:
    May 17, 2004
    Posts:
    837
    Location:
    AZ, USA
    Well, my experience with McAfee hasn't been great. Granted I'm trying out beta 2 of Virusscan Enterprise 8.0. Get a memory error when I try to run an OD scan. Not sure if this is due to a previous compatibility issue with ZA 5.0 or not.

    In general system booted up faster and seemed snappier than with KAV 5.0.

    Detection rates in every test I've seen are as good or nearly as good as KAV.

    www.av-comparatives.com click on the Comparatives button and read the results for February and May.
     
  16. docfleetwood

    docfleetwood Registered Member

    Joined:
    Apr 6, 2004
    Posts:
    36
    Good to know. I look forward to the option to enable AH in their on-access scanner AMON. Seems a little crazy to me that they would limit their program when they obviously have the ability to catch these virii - as noted by your test. Thanks for the info.

    Doc
     
  17. bigc73542

    bigc73542 Retired Moderator

    Joined:
    Sep 21, 2003
    Posts:
    23,873
    Location:
    SW. Oklahoma
    I have used mcafee for a lot of years and in my opinion when mcafee went from 7.03.6000 to version 8 they went down hill. version 7 is much more configurable and you don't have to put up with the version 8 gui.
     
  18. rug

    rug Guest

    As I mentioned before, you can get the network associates version which has a decent gui and is fairly configurable.
     
  19. No, I disagree!
    You are running your scan with "deep" heuristics, not the advanced one...
    There is a difference...
     
  20. Technodrome

    Technodrome Security Expert

    Joined:
    Feb 13, 2002
    Posts:
    2,140
    Location:
    New York
    Running /AH switch you will encounter a slight slowdown but NOTHING major. It’s a matter of minutes rather then hours. ;)

    Fox, we really should focus on topic here…

    Thanks!



    tECHNODROME
     
    Last edited: May 31, 2004
  21. ncs_malaysia

    ncs_malaysia Guest

    Nope.. I disagree..!!! i run on-demand scan using /AH switch!!!
     
  22. RejZoR

    RejZoR Registered Member

    Joined:
    May 31, 2004
    Posts:
    6,426
    Oh please,cant you read. Heuristic is heuristic and its used in all NOD32 modules. Heuristic detection was limited to IMON only in pre v2.0 versions as far as i know. There is also a nice checkmark with Signature and Heuristic detection methods. Uncheck Signature and test it only with Heuristic.
    Look at the attached image as evidence...
     

    Attached Files:

  23. VikingStorm

    VikingStorm Registered Member

    Joined:
    Jun 7, 2003
    Posts:
    387
    Heuristic is heuristic but it's still not Advanced Heuristics.
     
  24. tempnexus

    tempnexus Registered Member

    Joined:
    Apr 16, 2003
    Posts:
    280
    What's a Heretic? :)
     
  25. Arin

    Arin Registered Member

    Joined:
    May 1, 2004
    Posts:
    997
    Location:
    India
    dear RejZor, please open the configuration window of IMON and you'll see the settings for ADVANCED HEURISTICS. its different from usual NOD32 heuristics.
    if you don't trust our words please feel free to drop a line to the ESET guys. they'll tell you everything if they have the time. its a very well known fact so there is very little point in debating over this issue.

    dear Tempnexus, heuristics is something a lot of AVs use now-a-days to detect malicious codes before their signatures are added to the virus database. unknown and new variants of viruses can be caught using this technique. it could be as simple as using wildcards in a generic signature which is called heuristics at the database level or it can be as complex as running a virtual machine inside your computer. for example the SANDBOX technology of NVC or DrWeb's code analyzer. generally when a file is scanned using heuristics, the executable instructions in it are compared to a set of harmful instructions or rules. depending on the number of matches the scanning engine performs a calculation. if the threat level found is beyond the threshold, the alarm is switched on. the positive part is that, you can thus be protected against a new virus. but there is also a negative part. heuristics causes false alarms. sometimes a legitimate file can cause heuristic alarm. so a good scanning engine should have maximum number of detection with minimum number of false alarms. this is the optimum solution.
     
Loading...
Thread Status:
Not open for further replies.