What antivirus to use on a computer that is often reverted back to an old state?

Discussion in 'other anti-virus software' started by MrBrian, Jan 7, 2014.

Thread Status:
Not open for further replies.
  1. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
    Objective: determine if a given program is likely malware or not before installing it on my daily-use system. I'll use a computer that is often reverted back to a perhaps years-old initial state.

    What programs and/or technologies do you recommend that I research for this purpose? Please exclude any technology (such as sending a suspect program installer to VirusTotal) that can be safely done on my daily-use system. Any program that takes too long to update when using a newly-reverted initial state should be excluded from consideration.

    Here's my list of things to research so far:
    1. AV programs that use the cloud
    2. Online virus scanners
    3. Programs that do behavioral analysis
    4. Programs that warn on specific behaviors
    5. Programs that have good heuristics techniques
    6. Programs and techniques for manual analysis
     
    Last edited: Jan 7, 2014
  2. xxJackxx

    xxJackxx Registered Member

    Joined:
    Oct 23, 2008
    Posts:
    4,047
    Location:
    USA
    I would likely throw Malwarebytes on there for starters. What OS?
     
  3. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
    Thanks for the suggestion :). I do have that on the candidate program list that I'm writing, because Malwarebytes updates its definitions fairly quickly.

    I'm using Win 7 x64, but people using other operating systems may find this thread useful as well.
     
  4. Cruise

    Cruise Registered Member

    Joined:
    Jun 10, 2010
    Posts:
    1,024
    Location:
    USA
    MrBrian,

    Reverting over such a long period would likely create a confused state for most local AV's. Considering your main intent for this system I would suggest going with an ISR-type of program (such as AX64 or Shadow Defender).

    Cruise
     
    Last edited: Jan 7, 2014
  5. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
    Thanks for the suggestion :). Have you experienced this with any AV? I've been doing this for years with VirtualBox and Prevx and HitmanPro. I might use a real computer instead though due to malware that behaves differently in a virtual machine.

    --------

    Adding to the list of technologies:
    7. Portable AV that can be kept up to date separately
     
    Last edited: Jan 7, 2014
  6. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    5,060
    You can try with HitmanPro. No definition updating, it only updates itself.

    Regards, hqsec
     
  7. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
    Thanks :).

    Here's the candidate list so far:
    HitmanPro
    Malwarebytes
    Immunet
    Panda Cloud
    herdProtect
    Crystal Security
    Avast with DeepScreen
    Autoruns (comparison)
    Noriben
    Comodo Internet Security
    Prevx
    Buster Sandbox Analyzer
    SandboxDiff
    SandDiff
    Adobe Malware Classifier
    VT Hash Checker
    Emsisoft Emergency Kit (updated elsewhere)
    360 Internet Security
    Comodo Cloud Scanner
     
  8. xxJackxx

    xxJackxx Registered Member

    Joined:
    Oct 23, 2008
    Posts:
    4,047
    Location:
    USA
    The list looks good so far. I would avoid software like Norton and Kaspersky in this particular situation, as they do not take kindly to such rollbacks. The activation would likely break.
     
  9. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
    Adding to the list of technologies:
    8. Anti-rootkit programs

    --------

    List of candidates so far:

    HitmanPro
    Malwarebytes Anti-Malware
    Immunet
    Panda Cloud AV
    Panda Cloud Cleaner
    herdProtect
    Crystal Security
    Avast with DeepScreen
    Autoruns (comparison)
    Noriben
    Comodo Internet Security
    Buster Sandbox Analyzer
    SandboxDiff
    SandDiff
    Adobe Malware Classifier
    VT Hash Checker
    Emsisoft Emergency Kit
    360 Internet Security
    Comodo Cloud Scanner
    WinPatrol
    Xyvos Antivirus
    Online Armor
    Norton Power Eraser
    Norton Security Scan
    Avira Protection Cloud
    Comodo Cleaning Essentials
    F-Secure Easy Clean
    System Security Guard
    System Explorer
    Cezurity Antivirus Scanner
    FreeFixer
    TDSSKiller
    Malwarebytes Anti-Rootkit
    McAfee GetSusp
    RogueKiller
    Phrozen VirusTotal Uploader
    WinMHR
    Kaspersky Security Scan
    Malware Scene Investigator
    Norascan
    Bitdefender 60-Second Virus Scanner
    Privatefirewall
    (various online scanners)
    Kingsoft Antivirus
    Baidu Antivirus
    ZoneAlarm Antivirus
    ESET Online Scanner
    Webroot SecureAnywhere Antivirus
    TrendMicro HouseCall
     
  10. The Hammer

    The Hammer Registered Member

    Joined:
    May 12, 2005
    Posts:
    5,619
    Location:
    Toronto Canada
    Avira Protection Cloud isn't a stand alone product.
     
  11. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
    It's still available on the Web though. However, I'm not sure if it still works?
     
  12. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
    Sorry, I meant that the test machine is a computer that's not updated often, perhaps not for years. After each use, it will be reverted back to the state it was in upon last update.
     
  13. aaa839

    aaa839 Registered Member

    Joined:
    Oct 11, 2012
    Posts:
    244
    Location:
    Hong Kong
    it was outdated apps and not working anymore after the protection cloud tech preview test has been ended
     
  14. Solarlynx

    Solarlynx Registered Member

    Joined:
    Jun 25, 2011
    Posts:
    1,915
    MrBrian, I have such an issue on my 4 PC: 3 PC with a snapshot time machines (Eaz-Fix and Comodo) and 1 PC with just an image from Paragon. What I do when I revert PC to an old snapshot/image - I just update or reinstall the AV there. For this aim I have fresh installer before restoration.

    Some baseline snapshots or images are even with uninstalled AV. Meaning that the first thing I do after restoration is installing the newest AV from an off-line installer.

    So I see no other way except update or reinstall.
     
  15. ichito

    ichito Registered Member

    Joined:
    Jan 14, 2011
    Posts:
    1,485
    Location:
    Poland - Cracow
    I understand that you so often revert only system but not all data? Because there are sometime some problems with upgrading an old (long-not-updated) version of standalone AV so my point of view is that - maybe not classic/cloud standalone AV but only scanner on demand even more localised on other (on non system) local disk? Maybe EEK, Eset Online Scanner, HitmanPro and tools like AVZ-AT would be enough?
    These tools in such case would be allways on-time and updated and ready to use "from shot".
     
  16. sm1

    sm1 Registered Member

    Joined:
    Jan 1, 2011
    Posts:
    520
  17. RejZoR

    RejZoR Registered Member

    Joined:
    May 31, 2004
    Posts:
    6,426
    avast! is sort of known to have problems with System Restore. Though, from my experience, only if you restore the system to a time before you installed avast!. Because this means System Restore will remove parts of avast! (because it wasn't isnatlled before that point) and some parts will remain due to Self-Defense. If you restore the system, but to a point after installation, everything should be fine. At least it was when i was restoring the system few times.

    But i think most antiviruses with self-defense will have such problems when you revert the system to a state prior to antivirus installation.
     
  18. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
    Whatever method I use to revert to prior state won't be a partial revert method like System Restore, due to concerns such as those mentioned by RejZoR. I don't understand why local AV would be confused if a non-partial revert method is used, since that's functionally the same as not turning on your computer for a long time.

    HitmanPro and Malwarebytes' Anti-Malware are almost certain to make the final cut.

    @sm1: thanks for the list; I hadn't mentioned those because they can be done from my daily use system also.

    @ichito: I'm considering using Emsisoft Emergency Kit on my daily use system, then copying its contents to the test system whenever I want it to be up to date, if this is possible.

    Some questions:
    1. I'm strongly considering Avast Free due to DeepScreen. Is there anything else available for free that is similar to DeepScreen?

    2. Is there anything available for free from a major developer that is similar to Avira Protection Cloud?
     
  19. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
    @ichito: using a portable AV on a separate partition is a great idea :thumb:.
     
  20. RejZoR

    RejZoR Registered Member

    Joined:
    May 31, 2004
    Posts:
    6,426
    If you'll perform full system restoring, then it doesn't matter what AV you use. Mostly because when you'll fully restore older image, you will entirely restore older program, where AV program will just detect that it's signatures or program version is older and it will auto update or offer you a program update back to the latest version.

    So, just use whatever you like the most and that's it. Talking from experience, have been restoring system partitions as a whole for several years without any problems.
     
  21. ams963

    ams963 Registered Member

    Joined:
    May 3, 2011
    Posts:
    5,965
    Location:
    Parallel Universe
  22. pajenn

    pajenn Registered Member

    Joined:
    Oct 26, 2009
    Posts:
    930
    Maybe look into a portable AV (so it's up-to-date even after system restores/recoveries assuming you have it installed on a non-system partition). The ones I know are on-demand scanners only - I use a2cmd, aka Emsisoft Emergency Kit), but maybe you can find something more real-time or configure a "proper" AV that's stable with your base system to run portably or to keep its files, folders, drivers and registry entries backed up outside the system partition for quick update after a system recovery.
     
  23. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
    @PIInfinity: I am currently using Prevx, but I know it's outdated. Do you know what functionality (if any) Webroot SecureAnywhere retains after the trial period is over? Can it still be used as a real-time scanner without cleanup after the trial period is over?

    @pajenn: Thanks for the tip :). Your post https://www.wilderssecurity.com/showpost.php?p=2304588&postcount=27 saved me some research time on how to use Emsisoft Emergency Kit in the context menu.
     
  24. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
    Upon further reflection, I'll probably update the state of the test system with AV updates once a month. Then each time I use the test system, I can download the latest AV updates, which should be at most 1 month's worth.

    -------

    I've looked at the two most recent reports of each type from AV-Comparatives, except for the cleaning reports. Of the free products with an English interface, Bitdefender looks to be a very good performer across the board, and with much superior results compared to most other products on the Retrospective/Proactive reports. They tested the Plus edition of Bitdefender, but I believe the same results would be achieved by the free edition. Some info I found on Bitdefender:
    http://forum.bitdefender.com/index.php?showtopic=40732&mode=threaded&pid=180324

    Qihoo 360 Internet Security, which uses the Bitdefender engine, also did well across the board, except for the Whole Product Dynamic report.
     
    Last edited: Jan 10, 2014
  25. steve1955

    steve1955 Registered Member

    Joined:
    Feb 7, 2004
    Posts:
    1,384
    Location:
    Sunny(in my dreams)Manchester,England
    just out of curiosity:-why do you revert the PC back so often and so far?
     
Loading...
Thread Status:
Not open for further replies.