VBA32 or KAV

Discussion in 'other anti-virus software' started by n8chavez, May 18, 2006.

Thread Status:
Not open for further replies.
  1. n8chavez

    n8chavez Registered Member

    Joined:
    Jul 19, 2003
    Posts:
    2,305
    Location:
    Location Unknown
    I'm having a hard time deciding which to choose here. On one hand you have VBA32 which is rapidly adding sigs and has strong hueristics (a la Dr Web) and on the other you have KAV (6), and there has been enough said about that. For some reason I'm drawn to VBA32. I have valid licences for both. I decided to ditch nod because of their behavior with v3 and now I have a decision to make.

    HELP!!!
     
  2. .....

    ..... Registered Member

    Joined:
    Jan 14, 2005
    Posts:
    312
    Which one runs the lightest on your system? Which one makes you feel the most secure?

    You can run in realtime and the other demand quite easily.
     
  3. Brian N

    Brian N Registered Member

    Joined:
    Jul 7, 2005
    Posts:
    2,148
    Location:
    Denmark
    Seing the recent movie when KAV scans your harddrive, anything is better.
    I can't believe they actually made that a part of their software...
    Scan a file, its clean NOW, ignore it LATER when we scan again. Sad

    You won't be getting 99% protection, not by a long shot.
     
  4. .....

    ..... Registered Member

    Joined:
    Jan 14, 2005
    Posts:
    312
    Brian, what do you mean?
     
  5. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    17,059
    Hi Brian

    Not sure what movie you;ve seen. But if you are talking about the Iswift, I think that is a fantastic feature. If a file is indeed clean, why keep rescanning it if it hasn't changed. Granted new virus's might be found next week, but if a file is clean today, and next week 10 new things are found, how can a file suddenly be bad IF it hasn't changed?

    Pete
     
  6. Sputnik

    Sputnik Registered Member

    Joined:
    Feb 24, 2005
    Posts:
    1,198
    Location:
    Москва
    Kaspersky's detection rates are in the 99%, so the iShift and iChecker technoligy is quite safe with their level of detection. And besides I'm sure the experts have thoughts of ways to prevent such things from happening... (like the pro-active modules who are always active...)
     
  7. Brian N

    Brian N Registered Member

    Joined:
    Jul 7, 2005
    Posts:
    2,148
    Location:
    Denmark
    Im not sure :p

    But I'm talking about the 'ignore file if it's already been scanned' feature in KAV.
    What if that file is infected? What if it's already in the system making crazy stuff? It get's ignored by Kav because "I scanned this the other day, it's clean man!".
    It's crap, and that's my point of view, they make their costumers feel safe with super speed, when infact they could already be infected with a worm or whatever, which ofcouse KAV will ignore because it already scanned those files....
     
  8. Sputnik

    Sputnik Registered Member

    Joined:
    Feb 24, 2005
    Posts:
    1,198
    Location:
    Москва
    I'm not so sure about your statement Brian N. If malware is active it always shows come kind of activity (sending e-mails, hijacking services, infecting files, showing popups ect. ect.).
     
  9. DonKid

    DonKid Registered Member

    Joined:
    Jun 27, 2004
    Posts:
    566
    Location:
    S?o Paulo, Brazil
    I agree with you. :)
     
  10. Brian N

    Brian N Registered Member

    Joined:
    Jul 7, 2005
    Posts:
    2,148
    Location:
    Denmark
    Then how do you explaing 40 sec scan time of 40000+ files? It can't be done, no way
     
  11. dan_maran

    dan_maran Registered Member

    Joined:
    Aug 30, 2004
    Posts:
    1,053
    Location:
    Stamford, CT

    I have valid licenses for both also and use one on my notebook (VBA) and KAV6 on my Desktop, both offer great protection IMO. I have not been infected while running either, unless I did so myself on accident or purpose. :p

    It is funny you bring this up, because I ran a scan with both lastnight against a small 4974 sample set, cure then delete if not possible the results should be interesting, (I can tell you VBA32 is good at curing macros), so I will PM you a link for the infomation when I get home, as I don't like to publish things like that if they are not done by pro's. Remember no test is perfect, and this one by no means will be any different.

    LK
     
    Last edited: May 18, 2006
  12. Sputnik

    Sputnik Registered Member

    Joined:
    Feb 24, 2005
    Posts:
    1,198
    Location:
    Москва
    Let me try to explain you. iSwift and iChecker technology skip already scanned files that's true. If the file changed it gets scanned again.

    What I mean is when you get infected the malware must be "loaded" in some way. So it'll get detected, also when detection signatures get added later. Besides the new pro-active modules ain't there for nothing either ;)
     
  13. n8chavez

    n8chavez Registered Member

    Joined:
    Jul 19, 2003
    Posts:
    2,305
    Location:
    Location Unknown
    So everyone that has an issue with KAVs use of Iswift, are you saying that you wouold recommend VBA32 because of that? I guess I'm just a little confused.
     
  14. Brian N

    Brian N Registered Member

    Joined:
    Jul 7, 2005
    Posts:
    2,148
    Location:
    Denmark
    Still, it didn't scan 40k+ files in 2 minutes.
    You like to think that it did though... It just ignored the already checked files (even if they changed) ..
     
  15. .....

    ..... Registered Member

    Joined:
    Jan 14, 2005
    Posts:
    312
    iSwift and iChecker databases are only valid for the same signiture version.

    The ability to scan "new and changed files only" doesn't actually scan files once, rather uses some randomization technology to ensure the file is scanned again too at some interval. This is only valid for default settings and REALTIME monitor only. The startup scanner (ran at every system boot and signiture update) doesn't use this by default. On demand scans don't use this option either, by default.

    Edit: Of course if the file is changed it IS scanned again. You can confirm this yourself by modifying some files and scanning them again.
     
  16. mnosteele

    mnosteele Registered Member

    Joined:
    Oct 19, 2003
    Posts:
    183
    Location:
    Chesapeake, VA USA
    I think you are a little mislead Brian, read HERE about iChecker and iSwift technologies.

    ;)
     
  17. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    5,650
    Location:
    Hawaii
    Thanks Brian. Your posts caused others here to provide information that made me even more of an admirer of KAV. As to VBA32 compared to KAV, the proof is in the pudding. Taste & see.;)
     
  18. Honyak

    Honyak Registered Member

    Joined:
    Jul 19, 2004
    Posts:
    346
    Location:
    Deep South
    Seing the recent movie when KAV scans your harddrive, anything is better.
    I can't believe they actually made that a part of their software...
    Scan a file, its clean NOW, ignore it LATER when we scan again. Sad

    You won't be getting 99% protection, not by a long shot.


    Brian, it seems from this and a lot of your past postings dealing with the subject of KAV that you like to try to point out what you consider a negative point about KAV whenever possible.
    So let me ask, do you have solid evidence to support your statements KAV is not as effective because of the iswift, ichecker setting?
    Have you used KAV6?
    Show what you have to prove that KAV does not provide 99% detection, other than your opinion, av comparatives seems to support the 99% detection rates by KAV.
    It has been mentioned many times how fast NOD32 completes a system scan, and we all know it is an excellent AV, but are you saying users are getting shortchanged by NOD32's scan speed?
    Why not just answer the question about VBA32 or KAV without injecting your opinion which appears to be biased as you are an avid NOD32 user.

    To answer your question N8CHAVEZ:
    I use KAV, DRWEB and have used VBA32 (have trialed just about all others too) and all provide very reliable protection. Try both and decide for yourself which you want to use. My only criticism is that VBA32 has not been thoroughly tested by any of the major test sites to my knowledge.

    Edit: I stand corrected about the testing of VBA32, it is tested at av comparatives.
     
  19. n8chavez

    n8chavez Registered Member

    Joined:
    Jul 19, 2003
    Posts:
    2,305
    Location:
    Location Unknown
    I have used every AV you listed, along with NOD32, and I'm still having trouble making a decision. The only thing about the VBA32 test is that it is still incomplete. And, aside from that, every AV can, and has, had a bad test. Thanks for being objective.
     
  20. Honyak

    Honyak Registered Member

    Joined:
    Jul 19, 2004
    Posts:
    346
    Location:
    Deep South
    Yeah, I know what you mean, it is hard to decide. Good luck.
     
  21. Blackcat

    Blackcat Registered Member

    Joined:
    Nov 22, 2002
    Posts:
    4,010
    Location:
    Christchurch, UK
    Unfortunately, Brian you have no idea how the RTM of KAV 6 works in the "Scan new and changed files only" setting. Did you not read and take in Ian Kenefick's posts today? .

    I am now off to the KAV forum to post my thread on "Malware missed by NOD" just to balance the books out :rolleyes:
     
  22. DonKid

    DonKid Registered Member

    Joined:
    Jun 27, 2004
    Posts:
    566
    Location:
    S?o Paulo, Brazil
    Sorry buddy.

    They closed the thread.
     
  23. TNT

    TNT Registered Member

    Joined:
    Sep 4, 2005
    Posts:
    948
    "Even if they changed"? Looks like there's something not clear to you about what a checksum is... :rolleyes:
     
  24. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    17,059
    Even more to the point. Certain smaller files come under Ichecker. Whether or not they are scanned is a function of a checksum determination. Most of the other files come under ISwift which doesn't use checksums, it uses NTFS file internal descriptors. This means the files aren't rescanned as long as they don't change or don't move.
     
  25. Brian N

    Brian N Registered Member

    Joined:
    Jul 7, 2005
    Posts:
    2,148
    Location:
    Denmark
    Bullcrap. I'm saying what I don't like about a piece of software regardless if it's kaspersky / nod / microsoft / whatever. And I don't like that "feature" in Kav6 because it has the option to ignore nasties.
     
Thread Status:
Not open for further replies.