Which AV Best For Researching

Discussion in 'other anti-virus software' started by EASTER.2010, Feb 4, 2007.

Thread Status:
Not open for further replies.
  1. EASTER.2010

    EASTER.2010 Guest

    I intensively research locally viruses/malware in all forms plus rootkits. I really would like to make a choice of just one AV that can identify plus offer a user "First" a choice to remove or ignore finds.

    I tried BitDefender, Avast, Avira-AntiVir and a host of others but i always find they are either too heavy (slow) or press a system where you have to stop what you're doing and let it run solitary.

    The critical plan here is to find an AV that is tops in detection but passes the decisions over to a user to make decisions on keep or capture.

    Also the boot-time scans from some inflate those boot-up times which while being efficient take away from my main purpose in utilizing them in the first place. My HIPS intercepts most if not all intrusions that happen to drop installers into c:\ or other folders but i really would like to have the control to determine if the find should be quarantined or bypassed.

    Performance also enters this picture, i like an AV that doesn't hog CPU time or resources/memory too much that can slow simple tasks such as opening explorer windows/programs that are normal.

    Thanks
     
  2. StevieO

    StevieO Registered Member

    Joined:
    Feb 2, 2006
    Posts:
    1,067
    If you're playing with nasties such as those, then i would seriously suggest that you get BOClean. Light as a feather to run, and gives you exactly the options you're looking for. Very fast to set up and configure too.

    I also use avira premium, and don't have any issues with it.

    StevieO
     
  3. btman

    btman Registered Member

    Joined:
    Feb 11, 2006
    Posts:
    576
    BOclean is not an AV if I am correct.
     
  4. Mele20

    Mele20 Former Poster

    Joined:
    Apr 29, 2002
    Posts:
    2,495
    Location:
    Hilo, Hawaii
    BoClean will catch everything except traditional viruses. I recommend it also. You won't know it is running unless you check the systray...it is that light.

    I don't understand how Avira can be characterized as slow and bloated. It also doesn't hog CPU time if you configure it properly. I find it to be extremely light on this XP computer and it can be running a full scan and I can be doing other things on the computer with no noticeable slowdown. Avira will offer you the chance to decide what to do with the virus. I tell it to ignore a lot because I don't like it characterizing something as malware that can also be used for legitimate purposes and it does that with Sysinternals files as one example.
     
  5. WSFuser

    WSFuser Registered Member

    Joined:
    Oct 7, 2004
    Posts:
    10,632
    give NOD32 a try.
     
  6. EASTER.2010

    EASTER.2010 Guest

    I'm seriously entertaining the idea of installing KAV suite w/firewall. Is the firewall aspect of it trustworthy enough to uninstall my COMODO and go with that one?

    Thanks
     
  7. WSFuser

    WSFuser Registered Member

    Joined:
    Oct 7, 2004
    Posts:
    10,632
    teh firewall in KIS is pretty good, though i do prefer Comodo. just give it a try.
     
  8. EASTER.2010

    EASTER.2010 Guest

    Thanks. Theres no decision like a decision from actual experience so i will give it a try.
     
  9. lucas1985

    lucas1985 Retired Moderator

    Joined:
    Nov 9, 2006
    Posts:
    4,047
    Location:
    France, May 1968
    Antivirus for researching? I think there are three kinds of AVs which may fulfill your needs:
    -AVs with "big" databases like Kaspersky (lots of zoo malware) or Symantec(high quality generic signatures).
    -AVs with few FPs like Symantec, AVG, Avast, F-Prot.
    -AVs with great proactive abilities like Antivir, NOD 32 or BitDefender.
     
  10. bazz

    bazz Registered Member

    Joined:
    Jan 24, 2007
    Posts:
    38
    If you seek an light scanner you should try DrWeb.
    It's very light on resources and the updates are something like: 10kb a time!
     
  11. EASTER.2010

    EASTER.2010 Guest

    I went out on a limb and will now authorize the famous KAV suite as the selection of choice.

    It shows no problems whatsoever and is very configurable without hassle.

    I guess all the talk about it here was true. I like it plus it's very light on the system.

    Nothing more need be said. COMODO is a fine firewall in it's own right but KAV's is up to task in meeting the same challenges as far as i see.

    Thank You everyone for your suggestions and encouragement.
     
  12. lodore

    lodore Registered Member

    Joined:
    Jun 22, 2006
    Posts:
    9,006
    glad you like kis6.0!
    you using mp2?
    lodore
     
  13. dawgg

    dawgg Registered Member

    Joined:
    Jun 18, 2006
    Posts:
    817
    Enabeling ProactiveDefenseModule in Kaspersky will also help if you're researching unknown malware.

    Also using a sandbox such as Sandboxie or a VirtualPC also help
     
  14. herbalist

    herbalist Guest

    Kaspersky seems to have a more consistent pattern in assigning names to the various pests than many others, very helpful for research purposes and keeping the files organized. I'm using it via VirusTotal so I can't say if it lets you choose to ignore or not. Locally, I'm using the AVZ AntiViral toolkit, F-Prot for DOS, and an older version of AntiVir that I update manually. These all let you choose what action they take.
    Rick
     
  15. EASTER.2010

    EASTER.2010 Guest

    Indeed Rick you also are correct in your summations. KIS6 for me is more than a researcher could possibly ask for, in addition to
    the mentions above, it also affords the user sole decision as well as the choice to either add to "trusted applications" list or bypass confiscation.

    AVG as one example in my experiences was more (too) agressive in the past of assuming full ownership of any finds and scrambling it's captured files beyond human recovery.

    This is how an AV should conduct it's operation IMO.
     
Loading...
Thread Status:
Not open for further replies.