Which AV Best For Researching

I intensively research locally viruses/malware in all forms plus rootkits. I really would like to make a choice of just one AV that can identify plus offer a user "First" a choice to remove or ignore finds.

I tried BitDefender, Avast, Avira-AntiVir and a host of others but i always find they are either too heavy (slow) or press a system where you have to stop what you're doing and let it run solitary.

The critical plan here is to find an AV that is tops in detection but passes the decisions over to a user to make decisions on keep or capture.

Also the boot-time scans from some inflate those boot-up times which while being efficient take away from my main purpose in utilizing them in the first place. My HIPS intercepts most if not all intrusions that happen to drop installers into c:\ or other folders but i really would like to have the control to determine if the find should be quarantined or bypassed.

Performance also enters this picture, i like an AV that doesn't hog CPU time or resources/memory too much that can slow simple tasks such as opening explorer windows/programs that are normal.

Thanks

 

If you're playing with nasties such as those, then i would seriously suggest that you get BOClean. Light as a feather to run, and gives you exactly the options you're looking for. Very fast to set up and configure too.

I also use avira premium, and don't have any issues with it.

StevieO

 

BOclean is not an AV if I am correct.

 

BoClean will catch everything except traditional viruses. I recommend it also. You won't know it is running unless you check the systray...it is that light.

I don't understand how Avira can be characterized as slow and bloated. It also doesn't hog CPU time if you configure it properly. I find it to be extremely light on this XP computer and it can be running a full scan and I can be doing other things on the computer with no noticeable slowdown. Avira will offer you the chance to decide what to do with the virus. I tell it to ignore a lot because I don't like it characterizing something as malware that can also be used for legitimate purposes and it does that with Sysinternals files as one example.

 

give NOD32 a try.

 

I'm seriously entertaining the idea of installing KAV suite w/firewall. Is the firewall aspect of it trustworthy enough to uninstall my COMODO and go with that one?

Thanks

 

teh firewall in KIS is pretty good, though i do prefer Comodo. just give it a try.

 

Thanks. Theres no decision like a decision from actual experience so i will give it a try.

 

Antivirus for researching? I think there are three kinds of AVs which may fulfill your needs:
-AVs with "big" databases like Kaspersky (lots of zoo malware) or Symantec(high quality generic signatures).
-AVs with few FPs like Symantec, AVG, Avast, F-Prot.
-AVs with great proactive abilities like Antivir, NOD 32 or BitDefender.

 

If you seek an light scanner you should try DrWeb.
It's very light on resources and the updates are something like: 10kb a time!

 

I went out on a limb and will now authorize the famous KAV suite as the selection of choice.

It shows no problems whatsoever and is very configurable without hassle.

I guess all the talk about it here was true. I like it plus it's very light on the system.

Nothing more need be said. COMODO is a fine firewall in it's own right but KAV's is up to task in meeting the same challenges as far as i see.

Thank You everyone for your suggestions and encouragement.

 

glad you like kis6.0!
you using mp2?
lodore

 

Enabeling ProactiveDefenseModule in Kaspersky will also help if you're researching unknown malware.

Also using a sandbox such as Sandboxie or a VirtualPC also help

 

Kaspersky seems to have a more consistent pattern in assigning names to the various pests than many others, very helpful for research purposes and keeping the files organized. I'm using it via VirusTotal so I can't say if it lets you choose to ignore or not. Locally, I'm using the AVZ AntiViral toolkit, F-Prot for DOS, and an older version of AntiVir that I update manually. These all let you choose what action they take.
Rick

 

Indeed Rick you also are correct in your summations. KIS6 for me is more than a researcher could possibly ask for, in addition to
the mentions above, it also affords the user sole decision as well as the choice to either add to "trusted applications" list or bypass confiscation.

AVG as one example in my experiences was more (too) agressive in the past of assuming full ownership of any finds and scrambling it's captured files beyond human recovery.

This is how an AV should conduct it's operation IMO.