Testing method for a new AV?

Discussion in 'other anti-virus software' started by asyland, Jun 10, 2006.

Thread Status:
Not open for further replies.
  1. asyland

    asyland Registered Member

    Joined:
    Jun 5, 2006
    Posts:
    90
    I must admit I am a relative newb when it comes to antivirus, at least compared to most of the people here. I am currently searching for a new AV, dumping CA etrust ( it's what came with my ZA firewall). I've done some research (primarily here, av-comparitives, av test.org, and VB), and narrowed my choice down to three: KAV, NOD32, and G-Data. I've downloaded all 3, and I'm going to run them all, to judge for myself, and to avoid being one of those people who pop into a forum and ask the members to "pick out something pretty for me". My questions are: how long do you normally test out an AV? What sort of tests (other than on demand scanning, of course) do you put them through?
    I've heard that KAV has an excellent outbreak-response time (1-2 hrs). I couldn't find response times on the other two.
    At av comparitives, G-Data had the best overall detection rate for on demand detection (99.89%), while NOD32 had the best proactive detection of new samples (58%)
    I've also read that G-Data's scan time can be excruciatingly slow, up to an hour on a home PC (The New Virus Fighters-PC World w/AV Test.org)
    Last I should mention that while detection rate, success in cleaning detected malware, and response time to new threats are of primary importance, I use my computer for gaming, so I count resource usage as an important secondary consideration. I currently have a P4 3.4 GHz HT CPU, and 2 gigs of RAM.
    I apologize for the length of this post, but I did not want to stumble in your front door and ask you to make my choice for me. Your views on effective AV testing (what to look for), and any thoughts in general on these three (or other if you feel I've overlooked a good program), would be truly appreciated.
    All the best.
     
  2. WSFuser

    WSFuser Registered Member

    Joined:
    Oct 7, 2004
    Posts:
    10,632
    when i test AVs, i primarily focus on resource usage, settings, and scan speed.

    when i install an AV, ill first max all settings (if any) then ill update the definitions or vice versa. for resource usage, the first thing ill notice is how longer it takes explorer to load files when im browsing my drives. any slowndowns during normal comp usage and startup/shutdown are given attention as well. if the resident protection doesnt slow down my comp, then ill just run an on-demand scan and see how that goes.

    if i want to know the latest detection rates, ill just visit av-comparitives. sometimes i may test the AV against the eicar virus but most AV do detect it anyways.
     
  3. asyland

    asyland Registered Member

    Joined:
    Jun 5, 2006
    Posts:
    90
    Seems like a good path to follow.
    Thanks for lending your time WSF.
     
  4. Albinoni

    Albinoni Registered Member

    Joined:
    Feb 17, 2005
    Posts:
    709
    Location:
    Perth, Western Australia
    And I think that Gdata uses both the NOD32 and KAV Engines, someone pls correct me if I'm wrong here.
     
  5. wawy

    wawy Registered Member

    Joined:
    Feb 17, 2006
    Posts:
    23
    wrong gdata=bitdefender+kaspersky engines
     
  6. TAP

    TAP Registered Member

    Joined:
    Aug 17, 2004
    Posts:
    344
    That's why this antivirus is sooooo slow. :-*
     
  7. Blackcat

    Blackcat Registered Member

    Joined:
    Nov 22, 2002
    Posts:
    4,010
    Location:
    Christchurch, UK
    Not always, so a very necessary test to check that your AV is working correctly.
     
  8. asyland

    asyland Registered Member

    Joined:
    Jun 5, 2006
    Posts:
    90
    www.eicar.org Is that the test you're referring to? Or is it a type of test that's found at different sites?
     
  9. Blackcat

    Blackcat Registered Member

    Joined:
    Nov 22, 2002
    Posts:
    4,010
    Location:
    Christchurch, UK
    Yes, that's the main eicar test-site.
     
  10. rothko

    rothko Registered Member

    Joined:
    Jan 12, 2005
    Posts:
    579
    Location:
    UK
    if only this was the case!:D
     
  11. Albinoni

    Albinoni Registered Member

    Joined:
    Feb 17, 2005
    Posts:
    709
    Location:
    Perth, Western Australia
    Ahhhhhh damm sorry I meant Bitdefender not NOD32, why the hell did I type NOD32 for :mad:
     
  12. ellison64

    ellison64 Registered Member

    Joined:
    Oct 5, 2003
    Posts:
    2,499
    Regarding trial lengths for testing an av....dont rush it.You usually find that all seems well and good and then a problem arises that may not initially be apparent,or the detection for certain criteria may not be as good as you first envisaged like in other malware (ad/spyware detection etc)Try each for at least a week ,make sure it runs well with your other programmes and that all is well with computer restarting ,shutting down etc.
    ellison
     
  13. asyland

    asyland Registered Member

    Joined:
    Jun 5, 2006
    Posts:
    90
    Re: Testing method for a new AV? GData

    One week sounds fine, thanks. Thanks as well to Black Cat, I’ve already taken G Data for a test drive at eicar.org.
    As for G Data, I won’t need a week for this one.
    The install went smoothly enough, it got along fine with the ZA firewall, and no problems with my other security programs, real time or scanning. I was then informed that I could not update virus definitions using the 30 day trial. Wasn’t thrilled about that, but fair enough, I guess. The interface is clear enough, opening to a status window, and having buttons that lead you to windows for the scanner, schedule, quarantine, and log file. One quirk in the schedule section, there is no am/pm indicator. I had to set the auto run for 5 min. ahead of the current time to see if the scan would start. It did, and that was the only way I knew I had it set for 10:00 AM. It let’s you choose what drive and directories you want to scan for the on demand, and scheduled scans,, and there’s a context menu entry to scan individual files and folders.
    It did very well at eicar .org. I chose to download the double zip archive to test it’s archive scanning capabilities. I was not even allowed to download the file. G Data stopped the download, filling my screen with a big red warning window. It correctly identified the file, and then cancelled the download. Not bad.
    Now, the downside. First off, memory usage is huge. Between the four processes it runs the memory usage is about 48,000K:
    AVKWCtl.exe-34,000
    AVKService.exe-3,500
    AVKProxy.exe-7,100
    AVKTray.exe-3,500
    You’d better have a hefty amount of RAM if you’re going to run this.
    The second, and worst problem is the scan time. I had mentioned earlier that I’d read that G Data could have a scan time of up to an hour on a home PC. Well just scanning my primary drive took 1:25:35. I’m only using 15 gigs of a 150 gig HD. If I had scanned both my drives, I could have been looking at over 2 hrs. To be fair, I ran the scan again to see if subsequent scans would be quicker (what the hell, it’s Sunday). It took just as long.
    The third problem is mine. I’m not rolling in money. G Data costs 44.95 EUR which comes to about $57.00 US according to oanda.com. That’s just for the Antivirus Kit not the whole Security Suite. Too steep for me.
    I created a restore point before this with Acronis, so I’ll be rolling back to that, and moving on to Kaspersky.
    Thanks again for the advice, and all the best.
     
  14. Blackcat

    Blackcat Registered Member

    Joined:
    Nov 22, 2002
    Posts:
    4,010
    Location:
    Christchurch, UK
    Your remaining choices, KAV and NOD are excellent AV's and both have better support than GDATA, particularly in their forums.

    If money is tight, newegg has KAV for $25 or, another possibility, you could migrate from eTrust to Dr Web for $17.
     
  15. asyland

    asyland Registered Member

    Joined:
    Jun 5, 2006
    Posts:
    90
    Thanks, I had planned to check out newegg, but I didn't know that about Dr Web. Since I only spent a day with G Data, I'll definitely check out Dr Web. I 've read some good things about it here and at other forums.
    A co-worker of mine suggested Windows One Care.
    I just smiled and went on my way.
    Thanks again, and all the best
     
  16. asyland

    asyland Registered Member

    Joined:
    Jun 5, 2006
    Posts:
    90
    So, I've spent nearly a month trying out new AV's. I won't bore you with all the details, but suffice to say it's down to KAV and NOD32.
    Resource usage is about the same: NOD32-17,500K, KAV-19,000K. With 2 gigs of RAM I won't sweat the 1,500 difference
    As far as detection, both are superior and live up to what I've read. (posted above)
    They both stood up well to my attempts to terminate them using Diamond's Advanced Process Termination. The first 12 kill methods failed on both. I was able to take down NOD, but it immediately retstarted itself. KAV, I think, took the lead as it did not even need to restart, it simply would not be killed. Even using Kernal Kill, it prompted me before it would let itself be shut down. Nice.
    NOD32 was about 10 min. faster on a full system scan, but both were fine at around 30 min. and that's for 2 internal and one external.
    Both interfaces are simple enough and both allow for a good amount of customizing/rule-setting.
    In the two weeks that I devoted to these 2, I found no compatability issues with my other software, including Comodo's firewall.
    So, here I sit. Which one?
    What I want to know is; has anyone had either had one of these two really let them down? Specifically in terms of compatability. For example, ZA would freak out whenever I opened up the Nvidia Contol Panel (the new one), spiking the cpu to 100% and then freezing, forcing me to do a hard reboot. I would also be interested in feedback re: detection (false positives), or support. Support could be the deciding factor.
    I realize every system is different, which is why I've been testing, but I'm really at a fork in the road, they're both outstanding. Any insight would be greatly appreciated.
    Oh, I use Firefox, T-Bird (unloaded EMON in NOD32), no instant messaging, no P2P if that makes a difference.
    All the best
     
  17. WSFuser

    WSFuser Registered Member

    Joined:
    Oct 7, 2004
    Posts:
    10,632
    i myself have had no FP or compatibility issues with either one and id enthusiastically recommend them both.

    right now tho, im a bit partial to KAV because i finally got it running on my comp and it has great detection.

    if neccessary, u could make the price your deciding factor.
     
  18. dah145

    dah145 Registered Member

    Joined:
    Jul 3, 2006
    Posts:
    262
    Location:
    n/a
    The KAV 6 Proactive Defense is a great advantage amongst other antivirus, it blocks all the the firewall leaktests I did :) (I am actually using KIS but is the same as KAV only Anti Hacker is the difference).
     
  19. WSFuser

    WSFuser Registered Member

    Joined:
    Oct 7, 2004
    Posts:
    10,632
    and Anti-Spy too :)
     
  20. fosius

    fosius Registered Member

    Joined:
    Oct 14, 2004
    Posts:
    479
    Location:
    Partizanske, Slovakia
    Don't forget about NOD32's Advanced Heuristics which block a lot of new threats immediately without update ;)
     
  21. zapjb

    zapjb Registered Member

    Joined:
    Nov 15, 2005
    Posts:
    3,522
    Location:
    USA - Back in a real State in time for a real Pres
    Can't help you. As I use both NOD32 & KAV6. NOD32 realtime & KAV6 ondemand. Ime can't go wrong with either.
     
  22. dah145

    dah145 Registered Member

    Joined:
    Jul 3, 2006
    Posts:
    262
    Location:
    n/a
    The Proactive Defense of KAV is a similar to the HIPS.
     
  23. asyland

    asyland Registered Member

    Joined:
    Jun 5, 2006
    Posts:
    90
    Thanks everyone,

    Good advice and insight all around. I guess when you have two AV's this close in quality, in production and actual performance on your system, you have to go with what feels the best to you. That's KAV for me. Thanks again for the help.
    All the best
     
  24. dah145

    dah145 Registered Member

    Joined:
    Jul 3, 2006
    Posts:
    262
    Location:
    n/a
    Good luck, :cool: they are both great antivirus.
     
Loading...
Thread Status:
Not open for further replies.