What AV does the experts here use?

Does the KAV religion have more holidays than the cult of NOD? If so I may convert.

 

Oh it is not a religion it is an obsession

 

The vast majority of clients I use KAV Personal 5, currently 5.383, but some business clients have the small business optimal package. I have installed it hundreds of times on every type of pc configuration and have never seen anything happen like what happened to bigc73542. The only driver I have seen it mistakenly detect as a virus (using the extended database) is one from Creative, but even with that the sound card still worked ok. His issues sounds to me like more of a conflict between one of KAVs drivers and something on his pc, I could be wrong, but I have never seen any program cause so much damage that a reformat was needed. Personally I would narrowed down the issue, even if just for my own satisfaction, to know what the actual issue was. I find it hard to believe that safe mode didn't work to see KAV's log and fix the issue.

 

mnosteele,

I have run into situations where the only quick recourse has been a nuke and pave of the system. I probably could have worked through it, but the clean reinstall was looking to be faster. I use my machine a lot, so I went with the fast solution. In the cases in which I've used this option, safemode was not helpful. What I have done is to create two boot partitions on separate physical drives and this has allowed me to have immediate recovery from incidents such as this and provided for a more controlled recovery. I don't recommend it for everyone, but with the cost and size of drives these days, it is a viable insurance policy for those needing immediate recovery.

On the thread topic, I use a combination of KAV WS 5.0 and NOD32 depending on the specific machine. Both are fine, as are a number of other veteran and newer AV/AT options. I'm not an expert, just a user like many here.

As for bigC's experience, off hours scans are run nightly on my machines. The KAV WS equipped machines showed no flagged files, nor was anything flagged when I elevated detections to include riskware (I generally have that off) and manually rescanned.

I assume that the specific events experienced by bigC are not general, but reflective of his specific hardware and software platform. I do believe the implied caution is generally applicable. Automated cleaning of suspected malware is a decidedly double edged sword. Novice users are removed from the decision loop, so they won't inappropriately let malware through, but you may run into situations like this in which the cure clearly results in the death of the patient. In all cases, a primary objective should be to do no harm. I always configure my protection to prompt the user, automated cleaning just seems too aggressive in light of potential false positives. I realize that the false positives may be low frequency, but even if it is on the order of once every couple of years, the impact can be severe as bigC has clearly described. I also do not set detection sensitivity to the maximum level. On my KAV machines, I don't use the extended bases or flag riskware. Again, aggressive settings such as these have potential downsides that users should be cognizant of.

Regarding those looking for AV/AT solutions, the detection statistics arms race can have some unintended consequences. While comprehensive detection is certainly a goal of all AV/AT vendors, within the upper tier of program options there are secondary factors which can determine the best option for a specific user. It is critical for users to realize that the occupant of the nominal top of the heap may or may not be their best option. That's just my opinion, others may differ...

Blue

 

I have never used KAV but I can tell you I have seen Nortons and Mcafee releases in the past do this exact same thing on many systems causing a reformat and clean install as the only option. If an app can destory the right system files, your hosed. Now at one point I had even resorted to using another hard drive with an another os install that I could boot to and then access the hosed drive and copy back the missing system files manually. This was however a PITA and after the apps got more advanced they sometimes not only deleted the system files but also hosed the registry itself. Then re-install was the only way to go. I have also seen this with firewalls such as the notorious Black Ice which I would not even give to my enemies. All in all when someone has that kind of bad experience with an app it is hard not to become biased against it. Especially if it is a new user who doesn't undesrtand how to reload their own system. If you add this to the fact that alot of computers don't even come with a restore disk or the OS disk anymore, you can imagine what a problem it is for them.

 

There are two problems with such a setup - the first is that you do run the risk of a false positive (especially if you have the "riskware" category selected).

The second (and arguably as serious an issue for novice users) is if they don't know that KAV is removing malware, they don't know that they were in danger - being informed of when malware is detected is fundamental in letting users know what activities are "high risk" (not to mention getting them to appreciate their need for protection).

Of course, this does mean having to deal with the dreaded pig squeal but that would probably be their greatest incentive to practice safe hex...

 

Thats all fine and dandy for us. However after talking to friends who are computer savy, when they setup computers for their wives they usually find there is more peace and quiet in their lives if the programs(AV/AT etc) are set to do everything without the Missus seeing an alert.

 

The pig squeal is easily more obnoxious than any piece of malware could possibly be.

Rich

 

Off-topic post by guest removed

 

Except there is no pop3 email scanning for Lookout Distress (oops, Outlook Express) as far as I can remember.

 

This leads me to a worthy point, but it is contrary to your own. I wouldn't take whatever oil a mechanic chose to use in his own car over what he recommended for mine. Every engine is different, and maybe he knowingly chooses an oil that is cheap but far from the best, because he knows that he'll only be rebuilding the engine in six months. Or, maybe he uses another type of oil, which is best, but which is extremely expensive, or very hard to find. Or, maybe he uses a type of oil that works well in his engine, but which will cause my (different) engine to overheat and seize.

Likewise, every computer and computer user is different. Maybe an "AV expert" (and I struggle not to laugh at such a phrase) uses a weak-but-fast scanner, because s/he has the knowledge to use it safely. That doesn't make the scanner "best", but rather only something that fits the trade-off of an expert.

I stopped reading here because these threads are boring and utterly redundant. In fact, I have only added to the boredom and redundancy here. Oh well.

 

I am currently using NOD32 2.5 and very happy with it.

Last year I was looking for a virus scanner for my PC ( trustly old p3 450, nor replaced with a 800mhz laptop).

My personal short list as I remember excluded symantec due to god damn aweful experience with norton system suite 2000, vowed never again to touch a product of theirs. In the office at work we used Mcafee enterprise, web scan crashes too often, auto updates fail to connect to server (LAN or internet), also let in 2 viruses (big wild ones) into our network over past 4 years ive been there.

So looking at features that I wanted and reading reviews, my personal shortlist came down to Kaspersky 4.5, at the time I liked NOD32, but i did want good trojan scanning which at the time it did'nt have, F-secure was too bloated and was not happy with the slow down, Panda was not stable for whatever reason, and pc-cillin I was not comfortable with the UI and lack of configuration options.
I ran Kaspersky 4.5 for a year until my licence expired a few months ago.

I automatically tried Kaspersky 5... the istream feature caused too much disc I/O for my laptop, detrimental to precious battery life. I contacted Kaspersky about this issue, uninstalled KAv 5 to remove the ADS streams and installed without ADS streams... thats a seperate rant. To be honest after I had ran it for a few weeks I felt that it did'nt seem a huge step forward from 4.5 (esp when I read it was the same engine under the hood, just a new pretty interface), I decided to trial NOD 2.5.
I've been running it a week now and am am impressed with it low system impact on performance. Has given a much more positive impression than KAV 5 did, without even considering how good the scanning is.

Dunno if/what I will trial next, but definatly after something with low system impact like NOD32, never thought about it, but my laptop is much snappier than with KAV 4.5 or 5 and it does make it nicer to use.

PS accidently downloaded a Sober varient off Sharaza last night and NOD picked it up (was in a self extracting zip file hidden as patch 10 for mcafee viruscan 8 enterprise that I run on my servers).