The KAV of ATs

Discussion in 'other anti-trojan software' started by sinbad370, Jul 19, 2005.

Thread Status:
Not open for further replies.
  1. sinbad370

    sinbad370 Registered Member

    Joined:
    Mar 1, 2005
    Posts:
    68
    Location:
    Georgia
    I am not asking which AT is the best but which one catches the most Nastiest (this includes cookies or anything that can affect privacy). In other words, which one would you consider the KAV of ATs and why?
     
  2. Randy_Bell

    Randy_Bell Registered Member

    Joined:
    May 24, 2002
    Posts:
    3,004
    Location:
    Santa Clara, CA
  3. richrf

    richrf Registered Member

    Joined:
    Dec 11, 2003
    Posts:
    1,907
    Hi,

    I would definitely agree with Randy that Ewido, in my experiences, exhibits the best overall anti-malware capabilities in both real-time (using memory process scanning) and on-demand (during this phase it may pick up less malicious malware such as tracking cookies).

    In terms of pure AT capabilities, I would have to go with TDS-3. I rarely run a scan of a system without running both TDS-3 and Ewido.

    But, in truth, the KAV of ATs, is probably KAV itself. Its scanning/detection capabilities constantly astound me. I have no idea how Kaspersky Labs is able to keep its engine and database so solid. But somehow they do it. But you are probably looking for a backup for KAV and my choice, given your criteria, would be Ewido. But try out A-squared also. It really tough for me to say one is better than the other - especially if KAV is already on the machine.

    Cya,
    Rich
     
  4. TopperID

    TopperID Registered Member

    Joined:
    Oct 1, 2004
    Posts:
    1,527
    Location:
    London
    There are only 5 choices to select from, and of those Trojan Hunter and BOClean can be immediately discounted. TDS-3 also, is too specialised to trojans.

    That only leaves two choices for expanded threats: A2 and ewido

    Both have thumping great sig bases and will also be finding lesser things like Cookies, Reg traces etc. But in terms of realtime protection they are working differently from one another. Maybe A2 can stop things, through its IDS technology, that sig based scanners can't find; but then again maybe ewido is better at cleaning infected machines. Probably both have something to offer.
     
  5. sinbad370

    sinbad370 Registered Member

    Joined:
    Mar 1, 2005
    Posts:
    68
    Location:
    Georgia
    I know that the market place will always have room for both approaches but I wonder which method will dominate (specialization or the expanded threat approach)?
     
  6. WSFuser

    WSFuser Registered Member

    Joined:
    Oct 7, 2004
    Posts:
    10,632
    im thinking all-in-ones will dominate as people want more protection with less products, just look at most any antivirus, they now detect trojans, worms, adware, spyware and in some cases even rootkits.
     
  7. TopperID

    TopperID Registered Member

    Joined:
    Oct 1, 2004
    Posts:
    1,527
    Location:
    London
    I think what Fuser says is correct. Most people expect their AV to catch all the Trojans they come across, which leaves very little for progs like Trojan Hunter and BOClean to do. Looking at the longer term I think such programs will become redundant, they were useful when AVs couldn't catch Trojans but they are less useful now.

    Ewido and A2 though are finding a niche for themselves by going for a wide range of bugs that it is not reasonable to expect an AV to look out for. Ewido is not going to help you much with a self replicating malware infection by virus or worm - that is for your AV - but if you have a nasty spyware infection (like the recent nail.exe problem hitting so many people) then ewido is about the only scanner that can defuse and clean the problem. Working with your AV ewido therefore provides very worthwhile additional coverage.

    Similarly for A2 which can stop certain completely new baddies which nothing else can recognise. The main problem being that the realtime protection can be too vigorous at times and does require a bit of common sense on the user's part to know what to delete. The demand scanner can also give FPs but nonetheless gives a very worthwhile scan in addition to your AV.

    Whether we ever have the holy grail of one scanner that really does cover everything, I rather doubt so I'm more than happy to run an additional AT which for me means A2 or ewido 'cos they are the ones with the width of coverage.
     
  8. Iagree

    Iagree Guest

    I agree, Ewido and A2 are probably the best, and both have free versions available too. :) But if I had to go with just one it would probably be Ewido.

    Though even if you do use both of these programs, and the mighty KAV along with them to detect malware, you still need a good anti-keylogger and anti-rootkit protection, at least that what my tests show.
     
  9. richrf

    richrf Registered Member

    Joined:
    Dec 11, 2003
    Posts:
    1,907
    I agree with Iagree.
     
  10. HD rider UK

    HD rider UK Registered Member

    Joined:
    Feb 16, 2005
    Posts:
    121
    Location:
    Gloucestershire, UK
    The other thing to bear in mind is your OS. Ewido does not run on Win95, 98 or ME. It requires Win2000 or XP. A2 will however run on all Win OS from win95 up.

    My personal preference is Ewido as the "trial"period is anonymous, ie they dont get your email unless you purchase.
    A2 on the other hand requires a valid emaill addy before you can even run the trial version.

    HD Rider UK
     
  11. Andreas Haak

    Andreas Haak Guest

    KAV of AT is defnitly ewido. I can say that cause I guess I know both mentioned programs quite well ;).

    Comparing ewido and a-squared is kind of pointless. The idea behind both programs is completely diffrent.

    Ewido put all their efforts in building a reliable and powerfull engine focusing in detecting known threats. Thats why ewido has a superior engine above all AT applications available currently - compareable to KAV in AV sector. Maybe their engine is even more powerfull than several AV engines out there.

    A-squared is built around very powerfull heuristic based concepts. We never planned to have a reliable scanners - its more a gimmick. We put all our effort in building a system to detect malware without relying on signatures and other "old school detection techniques" and we surely focus on detecting new threats. Maybe we are DrWeb of AT ;).

    Sure we can scan files too, but we defnitly won't achieve such a high detection rate as ewido when it comes to file scanning only. On the other hand ewido has heuristics, but won't detect as many new threads generic as we do.

    So if you want a powerfull file scanner that relies on strong file scanning abilities like KAV does, buy ewido. If you want a tool with a more generic and heuristic approach, buy a-squared.
     
    Last edited by a moderator: Jul 19, 2005
  12. Andreas Haak

    Andreas Haak Guest

    We dropped support for Windows 95 recently. It might run - but we won't invest any time to fix bugs if they appear on Windows 95 only. In fact Windows 95 users are only 0,12% of all our users but it would cost us quite a lot of time to keep a-squared compatible to it. So the cost-value ratio is quite bad.
     
  13. mercurie

    mercurie A Friendly Creature

    Joined:
    Nov 28, 2003
    Posts:
    2,442
    Location:
    Sky over the Wilders Forest
    Some expect AV to catch all trojans. True enough AV's are getting better. But those who expect AVs to catch all trojans...can expect away all they want. It is not happening yet. Best choice, get a dedicated AT and a dedicated AV. Maybe one day one App. that covers it all, but it ain't here yet imho. Be wise build your own suite of security apps. ;)
     
  14. richrf

    richrf Registered Member

    Joined:
    Dec 11, 2003
    Posts:
    1,907
    My personal experiences are much different. In one recent experience, KAV caught malware (in ADS) that Ewido and TDS-3 missed. KAV seems to catch all the trojans, on my machine, before Ewido ever has a chance. The AV-Comparative tests also seem to confirm this, but possibly I am reading them wrong. Would others care to comment on their experiences.

    Rich
     
  15. mercurie

    mercurie A Friendly Creature

    Joined:
    Nov 28, 2003
    Posts:
    2,442
    Location:
    Sky over the Wilders Forest
    Richrf,
    I still say one is better off with a dedicated AT. BUT I have told other creatures who have said they just can not afford both to then go with KAV. I do agree based on research that KAV is the best advertised AV I know of for catching both. ;)

    Also I think BoClean yields to AV first.
     
  16. The Hammer

    The Hammer Registered Member

    Joined:
    May 12, 2005
    Posts:
    5,619
    Location:
    Toronto Canada
    According to the BOClean website that is correct.
     
  17. Notok

    Notok Registered Member

    Joined:
    May 28, 2004
    Posts:
    2,969
    Location:
    Portland, OR (USA)
    I believe most ATs would yield to AVs, although I imagine it would have a lot to do with how the AV works.

    I full agree that a dedicated AT is the way to go for trojans. AVs are generally purely file scanners, some have only basic memory scanning.. there are just too many ways for malware to evade these. A dedicated AT will have a thorough memory scanner that the malware is much less likely to evade. If the malware writer takes the same piece of malware and re-packages it, the AVs will have to write a new signature, where the ATs will still catch it with the same sig due to the nature of how it works (not just scanning the un-executed file).

    Since spyware is using these same tricks more and more, I see Ewido as the way to go as well. I'm very happy with it. TDS-3 gets my vote for purely trojan scanning, however.. I've seen it pick up quite a bit of stuff that the eScan toolkit has missed (KAV based w/ extended sigs). It fills it's niche well, however, as it does not attempt to replace your AV (nor does Ewido or BOClean, for that matter.. ATs are meant to effectively be an add-on to your AV).

    Heck, get em all! :D
     
  18. Painkiller

    Painkiller Registered Member

    Joined:
    Aug 24, 2004
    Posts:
    42
    Answering sinbad370

    I think that the best method that will rule the AT market is Virtualization like Trustware and Greenborder , you cant Scan for AT you need to block them ... and using Whitelist and Virtualization is the best solution ... like i always say "Prevention is the Cure".

    Painkiller
     
  19. Moggy

    Moggy Guest

    PestPatrol. Although it's not very good at detecting trojans compared to the biggies, it covers a range of malware that no other AT can match, and that includes Ewido. It's big problem is that it covers such a wide array of malware that it's not great at any one thing. But if you want to know which product has the largest coverage of malware types, then PestPatrol wins hands down!
     
  20. july20

    july20 Guest

    can a-squared and ewido be running realtime on same computer at same time since they do thing differently?
     
  21. Andreas Haak

    Andreas Haak Guest

    There aren't any known incompatabilites.
     
  22. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    5,648
    Location:
    Hawaii
    You are probably correct. There is something that has me puzzled, however. Namely, I have an AV (DrWeb) which is unnoticeable as to impact on my computer. Plus I have an AT (a-squared) which also is unnoticeable as to impact. On the other hand, when I trialed KAV -- which can serve as both an At & AV -- it brought my computer to its knees.

    So my puzzlement is this: if separate programs can be so light, why is a do-it-all program so heavy?
     
  23. Infinity

    Infinity Registered Member

    Joined:
    May 31, 2004
    Posts:
    2,651
    my deepest respect for you Andreas!! I don't know many vendors that be honest!! at least that's a major pluspoint in this case!


    so regards Andreas, best wishes.
     
  24. WSFuser

    WSFuser Registered Member

    Joined:
    Oct 7, 2004
    Posts:
    10,632
    i think it is for the same reason that an all-in-one may have a good AV, bad FW, and okay anti-spyware. not every company can make a "light" product, secondly KAV is heavy compared to both a-squared and dr web.
     
  25. richrf

    richrf Registered Member

    Joined:
    Dec 11, 2003
    Posts:
    1,907
    Hi bellgamin,

    I could, if I was so inclined, run the following programs simultaneously on my machine, with no conflict or noticeable slowdown: KAV 5, Ewido, BOClean, A-squared Guard, SpywareGuard, Giant AS, RegDefend, ProcessGuard, UnHackMe, ZoneAlarm Pro.

    My machine is 512mb, 2.5Ghz, which is nice but no monster. However, every machine configuration is different and conflicts between software do arise which may cause slowdowns. There certainly are noticeable effects when my son plays online games.

    So it is difficult to say any one piece of software is a "resource hog". Experiences do differ, so it is nice that vendors offer free trials so users can determine for themselves whether a given software product will cause slowdowns on a machine. However, I think potential KAV users should not be dissuaded from trying out a truly excellent product because of resource concerns. Give it a try and see.

    Rich
     
    Last edited: Jul 20, 2005
Thread Status:
Not open for further replies.