Which AV to Choose - General Questoins.

Discussion in 'other anti-virus software' started by iwod, Jan 9, 2005.

Thread Status:
Not open for further replies.
  1. iwod

    iwod Registered Member

    Jun 25, 2004
    I currently can have the following Virus Free to use

    Mcafee ViS 8.0 i
    Symantec AV Cooperate 9.x
    Nod32 120 days Trial From My Brother's laptop.
    Trend Micro 2005 from my laptop.

    I have finished using F-Prot ><

    Last year i read, and ask and came to the conclusion of F-Prot when i ditch NOD32 because of its poor Trojan detection ( At that time )

    Now i have read more and more in Wilders, it has become a harder choice....

    I have learned that from another thread on c't magazine.
    KAV is not a good Av because it can be easily fooled by editing entry point.
    And NOD32 with AH is not vanlauble ( speeling ) to this.

    Now this has just suddenly trashed the usefuless of having a huge DB like KAV.

    An another thread which has just been moved to NOD32 forum, stated that NOD32 could detect ITW virus without AH......... True?

    The reason i specficly picked KAV and NOD32 t otalk about is because they stand for 2 side of Virus,one is signatures DB based one is more AH based.

    Then another questions comes... Doesn't other AV has H as well? Such as Norton Bloodhood? Are they totally useless? Does Mcafee have it as well?
    ( I mean what use is H if it can't detect ITW ? )

    Then comes to Resource Questions, How do i measure it? I heard there is Ram usage but Task manager is not accurate and some Ram are actually VM. How do i measure CPU resource usage? I know there is some people measure this By running the Av and measure a Game Frame Rate drop..... ( I think this is over the top :D )

    I read there is one or two Moderators in here build there security around other type of product and use AV as a secound line. Namely Tiny Firewall Sandbox and Prevx. But One thing in my mind is that there are complicated to set up or they take up resources. I only have an PIII 1 Ghz and i can't afford to have 50+ Mb of Ram used up only for Security.............

    My views on those product above and other choices -

    The following i missed out because they are either Resource hungry or they are not good....

    EZAmor - Tested it on 12 month trial.......... and if have Mcafee i don't see the advantage of it.
    KAV / MKS - Resources Hungry
    I actually used to think Symantec is pretty good. Than i found out it is child play against New trojan and update is slow. Bloodhound doesn't work. And Detetction isn't as good as Mcafee VS 8.0i
    NOD32 is very good.The only problem is that i only have xx more days left. And i am wondering if it is a sensible decision to buy it even if i have right to use Mcafee VS 8.0i

    I have read all Moderators post. And Because small users like us tend to think Moderators knows abit more than their config must be a good starting point. However the more i read the more i relaize every moderators have totally different Config and some does not even build there security around an AV ( As mention above )

    I think it would be interesting to have a section for all moderators to list there Security Config for starting point. (* If mod don't mind, that is :p )

    ( Sometime i think if i am Not Neo than i would rather be control by the matrix... the less i know the better, why? Because not i know even viewing a xxxx jpeg will get virus. )
    A year after viewing in Wilders, i changed to Firefox. And actually feel more secure with less Security apps. :p
  2. RejZoR

    RejZoR Registered Member

    May 31, 2004
    If i were you,i'd go with McAfee VSE 8.0i.
    I'm also wondering what people see so good on F-Prot. When i tried it i dumped it after few seconds. Yuck,even avast!,AVG and AntiVir are far better in almost everything and they are free.
    Oh,you can first try NOD32 and after trial ends switch to McAfee VSE 8.0i ;)
  3. jlo

    jlo Registered Member

    Nov 29, 2004

    Well yes you are right that lots of AV programs have Heuristics but their effectiveness is very different?

    For instance I have AVG (Just for fun) as on demand to see what it detects and regularly visit Jotti's scanner (Which has 10 scanners) when submitting new samples.

    AVG even though it has 'heuristics' has never found a new virus sample. (they do add the samples once I have sent them in though) OK AV for low user and if you are not prepared to pay! Other freebees are Avast (No heuristics on onaccess scanner but has on e mail scanner) and Antivir personal (Good heuristics but no e mail scanner)

    NOD32 (I use for my main scanner) with advanced Heuristics switched on finds the majority of new samples that I come across and I rank it as one of the best. Very light on resources

    KAV is not so hot on Heuristics (But does find some new samples) but has a fanastic database and is updated every 3 hours. With regards detection KAV is the winner but if they virus resiearcher have not seen the virus yet (Zero day virus) then this is no good.

    Dr Web, Good detection and very good Heuristics (Not as good as Nod32) and light on resources

    Mcafee does have a very good scan engine and detection rates. Not quite as good as KAV for database but better than KAV for Heuristics.

    Fprot used to be very very good but I think detection rates are lower than some of the other leading AV's. When using Jotti' scanner http://virusscan.jotti.dhs.org/ Fprot seems to not detect as much stuff as the other scanners.

    Bitdefender seems good at heuristics and quite liked (Although I have not used it except for seeing results on Jotti scanner)

    Norman AV has a sandbox for e mail scanning and ondemand scanning but not on 'onaccess' scanner. The Sandbox works well for e mail worms etc and gives a report of the new file found but the 'virus database' seems to lack and new samples do not seem to be added (Which I send in anyway) I wonder if they have a policy of just adding stuff that is atchually in the wild (seen more than 1 report) rather than just adding everything so I am not trying to rubbish Norman here! I would just be happier if they kept up with the other as far as detection rates.

    Anyway all that above are my personal thoughts and are not scientificly proven by any means and am sure other will be along to coment to.

    Best Wishes

  4. iwod

    iwod Registered Member

    Jun 25, 2004
    is there any reference for that?
  5. jlo

    jlo Registered Member

    Nov 29, 2004
    Hi Iwod,

    There have been some AV comparision tests that you can search on this forum.

    My coments were made on my experence. When I come across a new sample which some AV sofware does not recognise, nomrally Mcafee and KAV detect. I also know that a lot of new worms are detected as 'new malware or generic I Worm etc etc' but it is NOT on the same scane as Nod32 Adanced Heuristics.

    For evidence with Nod32 lood at http://www.nod32.com/home/home.htm

    Zafi, Sober, Baggle varients all detected with AH.

    Good luck


    PS Got to fly to Prugue now. Back on Thursday :D
  6. Blackcat

    Blackcat Registered Member

    Nov 22, 2002
    Christchurch, UK
    All AV's have weak points, there is no perfect AV. So your list of potential AV's grows longer and longer.

    Any of these AV's will give you good protection, the choice is yours. I know which one I would select but this may not suit you or your machine.

    Do not widen this range of AV's to consider. Save your money and choose from any of the above.
  7. iwod

    iwod Registered Member

    Jun 25, 2004
    OH... please tell me what you choose........

    And what is the weak point anyway for NOD32, Apart from lower detection rate.
    What would you choose between NOD32 and Mcafee VS 8.0i?
  8. Blackspear

    Blackspear Global Moderator

    Dec 2, 2002
    Gold Coast, Queensland, Australia
    Hi Iwod, this is what works really well for me, very simple to use and maintain.

    You may want to take a look here for further discussion on security and how to make your system that much stronger and here for more.

    Let us know how you go…

    Cheers :D
  9. kareldjag

    kareldjag Registered Member

    Nov 13, 2004

    In this link you will find an independent test about many AV.
    I don't give the right page because the webmaster prohibit it, so click on the last test (november 2004).


    I have McAfee and it's very efficient and easy to use.
    But Nod32 and Kaspersky are a great choice too.

    If you're an advanced user who doesn't like updated signatures, there's Viguard:


    Have you're personal right choice.

  10. BlueZannetti

    BlueZannetti Registered Member

    Oct 19, 2003

    I posted this earlier here, but let me reproduce it below with some additional comment. In terms of realtime protection, this configuration is leaner than Blackspear's (and somewhat more vulnerable because of that), but overall it has roughly the same coverage.

    I generally run "light" on the realtime, with a fair amount of on-demand backup, have tools preinstalled if I need help, and have a realtime backup OS/security installation that I can switch to it things get hairy. The only context in which I have used the backup OS install is immediate recovery from some occasional beta test problems. It is akin to having an image backup (which I also have on a Maxtor external HDD), except I don't have to reinstall to get running again in the event of problems. The installs are on separate physical drives. Could both installs be compromised at the same time? In principle, sure, but I view that as a very low frequency potential.

    In terms of security, the two boot partitions which are basically the same aside from installed AV. The running applications are
    • AV - NOD32 or KAV 5.0 WS. The NOD32 based partition also has Arcavir 2005 (mks_vir 2005) installed, but disabled aside from context menu access. So, one boot partition is very light and really heuristics focused (this is generally the partition I work from), the other yields a slightly slower system but has the most comprehensive malware database available today. From a design perspective though, the coverage philosophies of the AV's on the two partitions are somewhat distinct, and therefore somewhat complementary.
    • firewall - I use Outpost Pro, the economy of a family license was the driver and the informal forum is a great resource
    • AT - BOClean (maybe not absolutely needed on the KAV partition). If anything gets by NOD32/KAV due to entry point editing, it should be caught here.
    • ProcessGuard
    and that's it for realtime protection. This is augmented with a ZyXel 10W router as my hardware firewall. On-demand coverage/diagnostics/analysis includeI also have on hand the following useful utilities

    I have a lot of tools available, but I try to run lean realtime, so these systems are not overloaded by any stretch of the imagination and coverage is fairly extensive.

  11. rdsu

    rdsu Registered Member

    Jun 28, 2003
    I tested the McAfee, Symantec and NOD32...

    I advice you to go with NOD32...

    - McAfee VSE is a very good AV but only have support for Outlook and Lotus emails client, and they take some time to release new signature updates...
    - Symantec AV is very good too, but it takes some time to release signature updates...
    - F-Prot is good AV with excelent detection but doesn't have support for email client and doesn't incremental updates... Maybe in the inew ncoming version...
  12. TAP

    TAP Registered Member

    Aug 17, 2004
    I used to use new AVG Free Edition 7 just for fun on my laptop but now I think I will stick with it. AVG FE almost has what I want from AV program to use in my real-life usage, it doesn't cause any glitches, not introduce any slowdown, runs very smooth and does a good job by catching every worms that came via e-mail by its signature and attachment filter altogether. Since I don't want to pay for AV program to used on laptop so AVG FE is my very good choice.

    I also use Kerio 2.1.5 rule-based firewall and utilize sandboxing by Prevx Home for zero-day/hour protection on my laptop, all these tools are free and does a good job for me. :cool:
  13. Nickie

    Nickie Registered Member

    Jan 2, 2005
    You are wrong about the on-access scanner. Of course there is one. And if you right click on the Norman icon in the system tray, you can stop and start it from there.

    And it checks for updates to your virus database on a daily basis - if you allow it access to Norman's servers.
  14. Frens

    Frens Registered Member

    Jan 9, 2005
    Hi Iwod

    Well, I would certainly NOT choose Norton antivirus 2005. It messed my computer up, fortunately I could repair the damage which Norton caused.

    Choose for NOD32 or for KAV.

    Regards and good luck!

Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.