TDS + Software Firewall + << ?? A-V here >>

Discussion in 'other anti-virus software' started by Hummer, Sep 12, 2002.

Thread Status:
Not open for further replies.
  1. Hummer

    Hummer Registered Member

    Joined:
    Sep 11, 2002
    Posts:
    18
    Hi All,

    I'm about to purchase TDS-3 for trojan protection and was curious what A-V I should go for.. I'm seeing strong reviews for Kaspersky Pro version, NOD32, Dr-Web, and F-Secure. Let's say I'm fine in trojan protection and I want a strong heuristic / 99% virus catching / worm catching A-V program. Kaspersky pro seems perfect but its out of my budget for a A-V program alone. Would appreciate any info on the above programs, in comparing each other. Thanks in advance!
     
  2. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    For TDs i think you've made the best choice in that area; for KAV you could decide to look at the KAV /AVP personal version, which is half as pricy as the Pro, more because you have to renew yearly and they are willing to lower the renewal price 20% so that certainly is a point of consideration. It has strong heuristic and other aspects.
    NOD32 is the specialist in viruses i read here in the forum, the others you mention people have different opinions on. I'd say of possible give them a try for a trial period and who knows you can with that bridge the time till DCS comes with new tools for us (i suppose they will keep concentrating on the trojans and worms in which they are specialists, but i don't know for certain of course).
    Look what more you see here in all the comments in the forum, for sure and try how it behaves on your own system.
     
  3. wizard

    wizard Registered Member

    Joined:
    Feb 9, 2002
    Posts:
    818
    Location:
    Europe - Germany - Duesseldorf
    Kaspersky Pro is too expensive but they sell a 'normal' version of the program called Kaspersky Anti Virus Personal which is only two tools less (Office Guard and Integrity checker). F-Secure is a good program which uses F-Prot and KAV Engine. It is also more on the expensive site.

    DrWeb is a good scanner but in many cases not user friendly. Also the heuristic produces a lot of false positives. So only recommended to experienced users.

    My favourite scanner at the moment is NOD32. NOD32 is fast, has strong heuristics, extrem good results on ITW malware and it is not that expensive as other scanners. As you chose your trojan protection already with TDS-3 then I would say go with NOD32. :)

    wizard
     
  4. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    You could even consider the money you spare on the KAV Personal Pro to get KAV Personal and put the money you save with that difference in WormGuard to have a marvelous protection against worms, besides the TDS trojans protection you would have with that already. Not sure what the other tools lagter this year from DCs will be, so like said and suggested by others in several threads in the forums here, take your time, try what you like, and just try to get used to them.
    As far as i remember F-secure (i had an older version longer ago) has indeed F-Prot and AVP included, but in my old version it did not include the heuristic scanning which has the original stand alone KAV/ AVP version. Not sure if that has changed now.
    As NOD32 is especially for the viruses, i think the advise to start with that beside TDS and WG would be a wonderful combination, and if you ever want one more the KAV personal is excellent beside that too. NOD32 is really strong and has a good email scanner too among others.
     
  5. wizard

    wizard Registered Member

    Joined:
    Feb 9, 2002
    Posts:
    818
    Location:
    Europe - Germany - Duesseldorf
    F-Secure comes with a third heuristic only scan engine. This third engine does only work on NT-based windows versions (e.g. Win2k, WinXP)

    wizard
     
  6. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    Aha, that explains! and my version was long ago, so it could have been changed in the meantime :)
    Think the combination we mentioned TDS - NOD32 - WG would be marvelous! to have trojans, viruses, worms, scripts, emails, website infections etc all covered.
     
  7. Hummer

    Hummer Registered Member

    Joined:
    Sep 11, 2002
    Posts:
    18
    Thanks for all the input!

    I forgot to mention this earlier, a few questions:

    Am I right in that a virus only activates on the initial .exe unless it is compressed? Anything that is activated subliminally (not at the time of execution) is something that would be found in TDS)

    On that note, any comparison results between NOD32 and KAV on compression scanning. Would a setup.exe be considered compression or is it only zip/cab/rars. My main focus is finding malicious files before I open them.

    [me=Hummer]posts newbie questions. [/me]

    Thx
     
  8. Vampirefo

    Vampirefo Guest

    I don't care for heuristic, but you do, So Drweb would probably be the best choice for you, If you are looking for a free AVP, AV6 is a great one. It's free and does a good job but it's limited.

    I use NAV 2002 myself, one thing though you should look at is your resources, if you are using a version of windows less then the NT kernel. ie W95-ME. A lot of AVP's are resource hogs, they use a lot of resources, if you use the AVP as a full time scanner, rather than as a on demand scanner.

    Also do you plan on run TDS-3 full time or on demand? full time is going to use a lot of resource, so you have to determine, how many resources you have left, if you run TDS-3 full time, plus take in to account how many other programs start with windows, and how many you wish to start yourself.
     
  9. Technodrome

    Technodrome Security Expert

    Joined:
    Feb 13, 2002
    Posts:
    2,140
    Location:
    New York
    KAV has better results in regards of compression scanning (it supports more archives)

    NOD32 has better heuristic code analyzer then KAV!

    If you are going to use TDS3 then go absolutely with NOD32.

    Zip/cab/rars are archives (compressed files)


    Technodrome
     
  10. Tinribs

    Tinribs Registered Member

    Joined:
    Mar 14, 2002
    Posts:
    734
    Location:
    England
    With tds I think Nod32 is perfect,I run it and in all my years of security applications testing Its the most 'system' friendly.
     
  11. Hummer

    Hummer Registered Member

    Joined:
    Sep 11, 2002
    Posts:
    18
    excellent responses, thanks all.

    One thing I forgot to ask. Does NOD32 support LAN drive scans? Tried looking on nod32's site, no luck.

    -Hummer
     
  12. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    For TDS: i see it on a win98se system with 8,4 MB load, (correct me if i'm wrong, but i read on NT/2000/XP it would use less) but as long as it's in rest not actively scanning, you won't notice too much, till you do a full scan for instance. With that it uses several threads at a time to speed up the scanning process and more is used of course. But you will not be full time scanning; the exec protection hook is checking really quick the executables and uses little.
    You might like to use at times such programs as taskinfo2000 or the kind to see what are the space consuming programs.

    With the scanoptions all checked in the TDS scan you get all possible finds, and if you uncheck the zip/rar and compressed you would only get possible live trojans.
    With TDS you can scan the whole network logical drives, but the memory parts only from the system where it's installed.
     
  13. bubs

    bubs Registered Member

    Joined:
    Apr 28, 2002
    Posts:
    106
    Location:
    Suffolk, England
    One thing I forgot to ask. Does NOD32 support LAN drive scans? Tried looking on nod32's site, no luck.

    -Hummer


    Yes. Click on the NOD32 green cross, and in 'targets', you,ll see radio buttons for 'local' and 'network'. Mapped drives show on the list, but are not 'targetted' by default.
     
  14. Paul Wilders

    Paul Wilders Administrator

    Joined:
    Jul 1, 2001
    Posts:
    12,472
    Location:
    The Netherlands
    Quite so, bubs ;)
     

    Attached Files:

    • nod.gif
      nod.gif
      File size:
      8.1 KB
      Views:
      1,925
Thread Status:
Not open for further replies.