What is the best Antivirus?

If you submit them they will no longer be detected, see below:

-----

Nearly all the AV's now detect spyware/adware, I don't see how this can be anything but beneficial.

Londonbeat

 

You are such a mind reader

Let's see....how does it go. Discuss the topic and leave the personal swipes at mothers and other family members out of the discussion Please.

As such....certain posts were edited and\or removed.

Bubba

 

~removed personal swipe....Bubba~

i for one dont say dr.web is #1 or another product is etc, there are many good ones out there, and to label any as #1 is a bad thing to do, all have good points of the software, but all also have bad points too.

i do mention good and bad things about my AV and i 'try' to set valid points of truth, but to come on and dissagree with them all with lies was just annoying to read, thats for sure, especially as its not the first time he has done it.

i think there are many good antivirus companys out there, and out of the bunch, i wouldnt recommend CA or microsoft, and the ones i would highly recommend are of course dr.web, kaspersky, avg and f-secure, ive really been impressed by the 2007 version of norton too.

best antivirus?....what does that actually mean?

 

Ok....
I tried Dr.Web and i hate it.....
It is because of the "Virus Found" Screen.
I don't know why there is an Shutdown button on that screen . Very Annoying.
Maybe i'll get Dr.Web if they change a few things:

1.The Virus Found screen. Now the text doesn't fit in the Box + There is an Shutdown button which i accidentally press all the time.

2.Vista Support ( But i don't have vista , yet.)

3. The GUI , I don't care it's 95 style but it's kind of messy.

4.The False Positives..... I didn't have a problem with it (yet) but www.avcomparatives.org has ......

That's it. I like 1 thing about Dr.Web Very much: They Answer FAST. If you submit an sample they will add it in about 1 hour! It's true..... (I live in timezone GMT+1 they in MSK which hasn't got a very different time)

 

yeah i can agree some-what with the text not fitting, but i think the option to give a shutdown is a good one, maybe you could try not to click it.

i think dr.web are already working on 3 of the 4 points you made for the upcoming releases, maybe all 4, i dont know if they are changing the virus found pop up box with options thing.

 

Ok.
So ill wait for the Next Release.
When will it come?

 

erm, i dont know... the current beta still has the pop up your talking about, but it has a new virus engine and spam too with it.

but most people are waiting for version 5, with a new GUI and faster scan speed and some other things too.

dont know when, IBK also wants to know when the next version is released, me too actually *lol*

as for the pop up thing, try requesting it from them at http://bugs.drweb.com with the 'feature request'.


-edit
well done, you took my advice for submitting it

im sure someone will tell you something soon

 

just NOD32.

 

And why?
I don't like NOD32. When it finds an virus whole my screen is filled with the box.


IMPORTANT FOR ALL AV'S= The "Virus Found" Screen. It must be simple/not to big/Auto-Closing = AVG . Avg's Virus Found Screen= Good.

 

They are all useless when it comes to zero day attacks.Look at Sandboxie,Bufferzone,Greenbnorder or similar.
Defensewall being one of the best!

 

I have sandboxie But i don't always use it. Sometimes i open things like : "Greeting Postcard.exe" with normal explorer.
Not smart.
I think the best AV is:

1.Good Brain (ask yourself Is this an Safe file)
2.If you don't know sure : first open it in Sandboxie : if you see it's a virus shutdown and empty the Sandbox and "Nothing Happened".

 

Dunno how to desribe "best" in this but if You prefer free scanner
AVG and Avast are ok. When You have to pay ....I use Panda Antivirus
2007 + Firewall. Somehow they all are ok , now i have been happy with Panda , allmost 2 years without viruses when ADSL-connection.

 

KAV/KIS PDM is not useless against zero day attacks, just see all what it can detect:

Stack overflow

Stack overflow is one of the most common techniques today for gaining unauthorized access to a system.

Data execution

This technique uses errors in software installed on your computer. The errors used are errors that replace correct data with data provided by a malicious object, which cause these data to be processed incorrectly.

Hidden Install

Hidden Install is the process of installing a malicious program or running executable files without notifying the user of such. A hidden install process can be detected using standard tools, such as Microsoft Windows Task Manager, but since there are no standard installation windows on screen when the malicious program is installed, it is unlikely that a user would think to track the processes running in the system.

Hidden Object

Hidden Object is a process that standard tools (Microsoft Windows Task Manager, Process Explorer, etc.) cannot detect. A rootkit, in other words, a toolkit for gaining root user rights, is a program or set of programs for hidden control of a hacked system. This term came from UNIX.

Root Shell

This vulnerability consists of rerouting input/output of the command prompt (usually to the network), which generally is used to gain remote access to a computer.

The malicious object attempts to gain access to the command line on the victim computer from which future commands will be executed. Access is usually gained through a remote attack and running a scripted that takes advantage of this vulnerability. The script launches a command line interpreter on the computer connected via TCP. The hacker can then control the system remotely.

Starting Internet Browser

Browsers can be started hidden and data can be sent to it for hackers to exploit later. Monitoring browsers being opened enables you to intercept this.

Strange Behaviour

This refers to detection not of dangerous or suspicious behaviour of a specific process but of a change in state of the operating system itself, such as direct memory access or modification of an R0-R3 access point.

Dangerous behavior detected (generic behavior)

This group of malicious action detectors includes Trojan.generic, Worm.generic, and Worm.P2P.generic, fairly complex algorithms for detecting dangerous behavior. A verdict is issued that a certain process is most likely an unknown malicious process based on analysis of a set of actions, not on one or two factors. The Generic verdict is not assigned the first time a suspicious action is attempted. Each time a suspicious action is made, the suspicion rating of the process rises. Proactive Defense processes it as soon as it reaches a critical level. This method ensures an extremely low level of false positives. The likelihood of a good program displaying several aspects of malicious activity immediately is extremely low.

Application Changed

This event signifies that the executable file of the monitored application has been modified since it was last run. It should be pointed out that an executable file could have been modified by malicious code injecting itself into the application or by a standard program update, such as the executable file for Microsoft Internet Explorer being modified by Microsoft Windows updates.

Intergity Violation

An integrity violation is when one or several modules of a monitored application could have been modified since the time the application was last run. It could have been modified by program updates and not only by malicious code injecting itself into the application (for example, the libraries used by Microsoft Internet Explorer could be modified by a Microsoft Windows update).

Running as child

There are a number of malicious programs that use well known programs to create data leaks or to download malicious code from the Internet. To do so, the malicious program opens a standard program that the firewall rules and other defense tools grant access to the Internet (a web browser, for example). When this happens, the monitored application is run as a child process.

Hosts file modification

The hosts file is one of the most important system files of Microsoft Windows. It is designed to redirect access to websites by transforming URL addresses into IP address on the DNS servers, but right on the local computer. The hosts file is a plain text file, with each line defining the correlation between the character name of a server (URL) and its IP address.

Invader / Loader

There are countless varieties of malicious programs that are masked as executable files, libraries, or plug-ins for well-known programs and load themselves into standard processes. A data leak from the user's computer can be orchestrated in this way. Network traffic initiated by malicious code will pass through the firewall freely, since the firewall thinks that this traffic belongs to an application that is allowed to access the Internet.

Keyloggers

Keyloggers are programs that record every key you press on your keyboard. This type of malware can send information harvested from the keyboard (logins, passwords, and credit card numbers) to a hacker. However, standard programs can also log keys. Keylogging is often used to call up program functions from different applications using hotkeys.

Registry access

Registry access tracks modifications to registry keys.

Malicious programs modify the registry to register themselves so they start automatically when you start your operating system, to change your homepage in Microsoft Internet Explorer, and other destructive actions. However, remember that standard applications might also access the system registry.

Registry strange

The module enables you to intercept attempts to create hidden keys in the registry that are not displayed by standard programs, such as regedit. Keys are created with incorrect names so that the registry editor cannot display these values correctly, which makes it more difficult to diagnose malicious software in the system.

Trojan downloader

Trojan Downloader is a program with the chief function of hiding unauthorized downloads of software from the Internet. Hacker sites are the best known source of Trojan Downloaders. A Trojan downloader is not a direct threat on its own. They are dangerous namely because they download and start software uncontrolled. Trojan Downloaders are mostly used for downloading and running viruses, Trojans, and spyware.

That is what I call a good zero-day threats protection

 

And you use sandboxie ;p

 

l0l, Very useful for testing toolbars and extensions safely on firefox.

 

@ dah145

Didn't know that my PDM was protecting me this way

Kaspersky is the best

 

Yes, Stefan replied almost immediately to the email I sent with a bunch of FP's. He said the ones detected by heuristics are FP's and he will try to fix those.

However, the signature ones he feels should remain detected. The entire sysinternals zip folder is detected (it is the one that Steve Gibson grabbed before the Microsoft takeover and posted to his NG briefly) as is PSTools and pskill.exe files within. Other tools that I have such as an XP keyfinder and a tool that patches TCPIP.SYS for XP SP2 users will remain detected as possible malware. His reasoning is that these tools can be used for good purposes and bad purposes hence he feels they should be detected. I understand the reasoning, but it makes for a headache for users of the tools because simply excluding pskill.exe from any scanning, both real time and on demand, is not enough to stop aVira alerting so it takes some time to get everything excluded that I feel is a useful tool and not being used for malware purposes.

I was thinking only from the point of view of a home user too. Stefan pointed out that a keyfinder is perfectly fine to use if you have lost your XP key but is not right to use if you use the tool as an employee to discover the key and then take that home and use it on a personal machine. I can see where detecting some of these for businesses would be needed and I was not considering that aspect. I may decide to not scan for SPR and that would solve the problem instantly. I can always reinstate that type of scanning if I have reason to think I might have picked up a keylogger or something or I could do that type of scan deliberately on the first day of each month but not routinely all the time.

 

too drnunk to read all that, but to anser the thread, there is no best av, jut good and bad, and most are good.

'most' people shoud just nit worry about their av, most likely its fine.

 

LOL, Kaplunksy's a goodun so I've heard, or Nod off after 32 pints....

 

For me, the best antivirus has been AVG, I have actively used this antivirus on my primary machine since July 1999. I think it provides excellent protection for the value. I recently upgraded my subscription to the new anti-malware product, the combined antivirus/anti-malware detection and removal is a nice combination. On my laptop I have been running Nod32 for the past 8 months, but will not be renewing that subscription and returning to AVG free when it expires. Nod32 has been a problematic and troublesome antivirus. I also liked Mcafee Virusscan 2007 if I were to go with a main stream antivirus solution.

 

NOD32 and Bitdefend...

Its up to individual... cos these boots are make for walking, its look good in you but might not be good for me

 

I'm using : AVG FREE,Sandboxie,Superantispyware,Superadblocker, My Brains =P and that's it.

 

Can be a buggy program at times.

 

KAV (Kaspersky) is the best!

 

If detection of viruses is your biggest concern Kaspersky is the best with the best detection rates-99.5 %