What antivirus to use on a computer that is often reverted back to an old state?

Right now, the test system is a virtual machine. I use HitmanPro, Prevx, Autoruns (compare before and after), and other programs on it. I update it very seldomly because none of the above either need to update, or they update quickly. I need a free replacement for Prevx though. Also, I'd like to use a real machine for testing if I suspect malware because some malware behave differently when run in a virtual machine. I was initially thinking I could get by without updating the new test system often, but upon further reflection, it's probably best to keep whatever realtime AV program I will use on the test system reasonably up to date.

 

I have same, only clean image gets updated every month, with an install version on NAS. Install version gets only updated for drivers etc. I only use HMP.

 

In addition to Bitdefender free, another top candidate for realtime AV is Panda Cloud Antivirus. The one AV-Comparatives report in which Panda Cloud Antivirus trails Bitdefender significantly is the most recent Retrospective/Proactive report, in which Bitdefender scored 97% protection rate with few false positives, while Panda Cloud Antivirus scored 78% protection rate with many false positives. The Retrospective/Proactive report is done without internet access. Using Panda Cloud Antivirus might allow me to update the test system state much less often compared to Bitdefender.

 

BitDefender Free : fewer detections than paid ?
Is Bitdefender "Free edition" deserves the trust ?

 

From https://www.wilderssecurity.com/showpost.php?p=2186176&postcount=993:

 

Correct WSA will scan and detect but not remove malware and no protection after the trial. @PIInfinity thanks for the hit over the head LOL!

HTH,

TH

 

Is this documented on the WSA website? I didn't know that.

 

comodo for sure

 

You're welcome buddy.

TH knows.

 

Comodo is on my short list of candidates for realtime AV, due to its strong showing in the latest AV-Test results. If there are any test results that show how good Comodo is in heuristics/behavior blocking, I'd love to know.

 

Matousec tests.

 

Thanks . I'd also be very interested in tests of various AV including Comodo of very new malware vs. somewhat older definitions, with no internet access.

 

Hi MrBrian, FYI I believe this is what you're looking for.
Read PDF found here: http://www.av-comparatives.org/heuristic-behaviour-test-march-2013/

Though Comodo is not included they don't participate in the tests by AV-C.

 

Thanks . I have seen that already. The lack of inclusion of Comodo makes somewhat hesitant to use it as the realtime AV, because I believe that particular test is very important. On the other hand, it has HIPS for single behavior detection.

This is my current list of candidates for realtime AV for the test machine:
Bitdefender
Qihoo 360
Panda Cloud
Comodo
Avast (because of DeepScreen technology)
Avira

If Webroot is still functional as a detector after its trial is over, and if it's also compatible to used with another realtime AV, I would consider adding it. Same with Immunet.

 

I see, unfortunately it's the only test I know of where they test with older defs and no internet access

 

It probably takes a lot of man-hours to do such a test. Bitdefender and Qihoo 360 are well above the other tested products in that test. Qihoo chose not to be tested in the 2013 test though, which seems strange given its performance in the 2012 test.

 

Avast didn't stand out in the AV-Comparatives tests, but I'm considering using it anyway as the realtime AV for the test system because, due to its DeepScreen behavioral analysis technology, it can later convict malware on access (i.e. before installation) that DeepScreen earlier monitored during execution. The key is that the potential malware needs to be scanned on access some period of time later than after its behavior was monitored. I saw this happen personally on a malware file that I intentionally altered to make it unique (by hash). Avast DeepScreen monitored it but didn't label it malware at execution time. But the next day, when I clicked on the same file in Windows Explorer, Avast labelled it malware.

I know that Prevx/Webroot can do this as well; see http://www.webroot.com/blog/2012/07/19/webroot-bulletin-regarding-av-comparatives-results/ for example. Panda Cloud probably works this way as well, but I need to look into it further.

 

Here's a whitepaper on the heuristic and behavioral analysis technology in Bitdefender: https://www.wilderssecurity.com/showpost.php?p=2327145&postcount=2841. Active Virus Control continuously monitors your system for signs of malicious activity.

 

I meant that with respect to just those products that are free, or have a free edition.