Discussion in 'other anti-virus software' started by innerpeace, Nov 25, 2013.
having Sandboxie paid, almost every decent AV will be enough, no need to pay for one.
Because you used Moderate instead of Aggressive. People don't seem to understand modes correctly (though i have to admit that it's not exactly clear from the settings directly either).
This means that every event that would otherwise result in the DeepScreen analysis popup gets automatically blocked without even analyzing a file. If avast! finds it suspicious enough to throw it into the DeepScreen analyzer, Hardened Mode set to Moderate will simply block it and not even care if the later file analysis by DeepScreen would show it as a clean file.
Basically this mode skips DeepScreen functionality altogether and goes by the whitelisting database only. Meaning that stuff that gets blocked by Moderate mode most likely wouldn't get blocked by Aggressive mode at all.
Basically, in a nut shell, Moderate mode is actually more aggressive than the actual Aggressive mode. Moderate mode relies more on suspicious stuff detection with local detection capabilities and then blocks it dead right there, where Aggressive mode mostly relies on cloud whitelist database and doesn't rely on local suspicious detection as much as Moderate mode does.
I know because i've extensively tested Hardened Mode and come to these conclusions. When i was using Moderate mode, a lot of quite usual stuff got blocked (stuff that otherwise just gets analyzed by DeepScreen and is found clean and automatically excluded). Moderate mode will ALWAYS block such events without even bother with analyzing what the file really is. I also had some problems with one game on Steam which refused to work even though i excluded it (and still had Hardened Mode set to Moderate). But then i switched to Aggressive and all the stuff that got blocked by Moderate now worked perfectly fine. It only blocked stuff that hasn't got whitelisted yet (some very new app that just got released and had no digital signature). But it got whitelisted very quickly, i think it took like 1 or 2 days.
Also as another test, i have setup my sisters laptop with avast! 2014 to Hardened Mode (Aggressive) since the avast! 2014 BETA test and locked the whole program with password and since then till now, she never complained over anything getting blocked. Meaning it's working without any issues. But she's not a heavy downloader of apps and drivers, she only installs certain apps to work with photos and hangs on social networks a lot. I've used CIS before on her system and it wasn't as silent and transparent as avast! though. Not that it was constantly blocking stuff but i did get 2 complaints from her about CIS blocking something...
"Basically, in a nut shell, Moderate mode is actually more aggressive than the actual Aggressive mode."
See....that is very confusing....
OK...I'll switch to Aggressive mode later today....
I've used Aggressive mode for a while and considering how often i download new drivers and install new apps, it was very silent. I did get few blocking popups, but i expected a lot more considering my constant activity not exactly common to casual users. So for them, Aggressive Mode should hardly ever block anything other than actual malware for those users.
Granted, CIS and avas! in Hardened Mode (Aggressive) do work in a similar way, both using whitelisting, but CIS seems to be more permissive locally by allowing to run stuff that's not whitelisted in virtual environment, but doesn't seem to have as extensive whitelisting database as avast! for some reason (even though it exists a lot longer). Where avast! only knows allow or block based on whitelist, the whitelist seems to be more extensive. Not sure how they do it, but apparently they have a more efficient way of doing it, if they manage to be more effective in a shorter time of existence than CIS did/is.
Wow! Thanks for all your input. It should make my decision easier. All of the mentioned products seem great and they do well on tests.
Drew said Bitdefender free can't be configured to ask what to do when something is detected. Can someone confirm this? What about Avast?
From my experience:
1) You can not configure actions in BD Free
2) You can configure them in avast
You will be setting up as limited user, meaning she will probably won't install software herself. Is that a correct assumption?
I thought Avast in hardened mode throws a pop-up at the user when something is blocked with the option to allow. Is it possible to change this pop-up to allways deny? IMO implementing a whitelist without a default deny (or default auto-sandbox) kind of defeats the purpose to develop it for security illiterates.
Thank you siketa .
I will set her up with a lua for daily use. If she would install software it would be rare. She lives nearby so I can help with installs and updates.
Am I right in thinking that I shouldn't need to use the admin account unless I'm installing security software? That is what I have been doing on this machine. I've been meaning to ask. There have been a couple of instances on my machine where I needed to run an installer as admin for it to work correctly.
There is a link for File Exclusion (auto-allow) at the bottom of a popup but not for auto-deny.
Also, no custom settings are currently available for Hardened mode.
Let's hope they will include them in future versions.
Is there really any question here ? Not a big fan of Avast but , their free version is very good for what you are looking for .
Why would you need a deny button on a popup that already denied the activity? The button for exclusion can be blocked by password protection.
I was just replying to Kees.
Guess he has his own reason to ask for it.
No you would not need a deny button, you would not want to show an allow button for novice users when hardened mode was intended for users who could not be trusted to make their own decisions (at least this is how they advertise it). When the button for exclusion can be locked with password protection it would serve that purpose (of a deny by default without user overrule).
I still would prefer the auto-sandbox option of CIS though using this setup (strictly controlling what publishers are allowed to update) https://www.wilderssecurity.com/showthread.php?t=339661 This would also take away the need to run as LUA.
Rezjor is a polymorphic wolf in sheeps clothes when it comes to defending Avast
do your Mom a favor and get that Eset Black Friday deal, set it up and forget it. She will love her little boy for a very long time.
that's a big lol comment for me. Avast free = a full-blown security suite?
I personally do not find comodo making too much noice, in fact very little.
Avast is having False-positives problems and i had a experience of it blocking panda cloud av .
With hardened mode god knows what will happen.
To Topic Maker,
Previous 2 versions, 7&8, were a complete disaster as far as stability was concerned and every 15 days a new build came to fix "BSOD" issue. I personally couldn't even complete the installation process, while other security software worked flawlessly.
Version-9 is stable but one has to keep in mind that until quite recently, avast had lagged behind in tests from it's previous scores and other free alternatives.
I suggest you to try AVG Free or Avira based on your taste.
I would highly recommend WRSA. If you must have a free solution (I just bought another year of WRSA on 3pc's for $4.99) - then I would recommend Avira or Avast. I think with a few tweaks that Avira will be quieter.
Panda Cloud is not meant to be used with another Av so You should not be surprised Avast blocked it..
Use Panda Cloud Free else Avira else Avast else MSE...
it flagged it as a possible malware dude, not as un-compatible software
With Win 7 64 set up with a limited user account, Microsoft security essentials IS the way to go.
It really is good enough with the least false positive risk associated, and a good enough detection rate for the most common threat found in the wild.
I'd go with the guys who recommended Avira Free/Avast Free
With LUA the risk of installing something nasty and risk of false positives is minimal. I would opt for an AV that:
- is available in Mom's native language (Mountaineering Country )
- does well against webbased, USB, mail and social engineering threats
Bitdefender is top notch, but its cloud based free version has mixed reviews here on Wilders (and only Available in two languages). I have tried Ad-Aware (with Bitdefender engine). For OEM-BD engines applies the same they seem to have lower scores as the real thing.
When you collect leading available tests the ones really doing well on the aspects mentioned are in order of results:
3. Fortinet (is less tested as Avast, also scoring often better as Avast)
4. Avira (is less tested of all, also scoring often better as Avast)
Pick any of those and she will be fine
Separate names with a comma.