why does avira always do so bad in other tests

Discussion in 'other anti-virus software' started by zfactor, Nov 3, 2007.

Thread Status:
Not open for further replies.
  1. Mele20

    Mele20 Former Poster

    Joined:
    Apr 29, 2002
    Posts:
    2,495
    Location:
    Hilo, Hawaii
    Yep. No one but Avira alerts on EvID4226Patch or tools from Sysinternals for instance. I have to commend Avira though for removing Application and SPR from the default extended threat categories as those two categories are what produce most of the FP's. Avira's refusal to remove EvID4226Patch from detection is based on morals - no other reason. The patch is "bad" and should be detected, according to Avira, because it is used by folks who do P2P.
     
  2. 19monty64

    19monty64 Registered Member

    Joined:
    Apr 10, 2006
    Posts:
    1,302
    Location:
    Nunya, BZ
    I'll need clarification on this one. Sysinternal tools cause me no alerts from Avira. What am I missing hereo_O
     
  3. TonyKlein

    TonyKlein Security Expert

    Joined:
    Feb 9, 2002
    Posts:
    4,360
    Location:
    The Netherlands
    Neither do they here, but then again I have 'Applications' UNchecked in Extended Threat Categories. That may account for it.

    That said, I 've had hardly any FP's during the five months I've been using Avira
     
  4. Bunkhouse Buck

    Bunkhouse Buck Registered Member

    Joined:
    May 29, 2007
    Posts:
    1,058
    Location:
    Las Vegas
    Not for the reasons you think. My issue with the Avira Firewall is that it does not stealth all ports on any setting (you must add a rule to make that possible). The alleged importance of an outbound firewall is a delusion-if they can get in your house they can get the data out. IMO, Windows XP firewall is all you need unless you are running a suite. The premise is to keep them out-and Avira and NOD32 are at the top of the list.
     
    Last edited: Nov 18, 2007
  5. Bunkhouse Buck

    Bunkhouse Buck Registered Member

    Joined:
    May 29, 2007
    Posts:
    1,058
    Location:
    Las Vegas
    It is by far the best on my boxes- and I have several. For me, the most important feature is keeping the bad stuff of your machine to start with, and Avira is at the top of the list for that function.
     
  6. Arup

    Arup Guest

    Same here, a very satisfied client of Avira, its for keeps on my system.
     
  7. 19monty64

    19monty64 Registered Member

    Joined:
    Apr 10, 2006
    Posts:
    1,302
    Location:
    Nunya, BZ
    I was wondering why some bring up the matter of FP's with Avira, as I've not seen one yet. Other than the scheduler, I've left all settings at default.
     
  8. Bunkhouse Buck

    Bunkhouse Buck Registered Member

    Joined:
    May 29, 2007
    Posts:
    1,058
    Location:
    Las Vegas
    If you increase heuristics to high from say the low or medium detection level, you will get more fps. The algorithm will simply find more things that look suspicious. I have all of mine on high in the suite and have never had a fp and I have 60gb of data and am on the net 12 hours a day.
     
  9. Mele20

    Mele20 Former Poster

    Joined:
    Apr 29, 2002
    Posts:
    2,495
    Location:
    Hilo, Hawaii
    Just check Application and SPR under extended threat category. Application denotes a program "of dubious origin or which might be hazardous to use". Sysinternals is "dubious"? :D It has to be under the second category...surely. You should read the scathing comments in the sysinternals forum regarding this. WELL, WELL....MOST INTERESTING. Avira goes crazy on Sysinternals Suite from just before Microsoft bought it in 2006 and changed the Eulas (I have Steve Gibson's grab), on Sysinternals Suite after Microsoft bought it (with the Microsoft Eulas), and on Sysinternals Suite from April 2007. BUT on the very latest Suite that I downloaded about a week ago it doesn't alert! That means though that Sysinternals changed something probably because they were tired of all the posts from Avira users in their forums. :D

    When I got Avira in January, both Application and SPR were checked by default. I didn't uncheck them and I left heuristics at medium (default). I ran a full scan and there were a bunch of FP's. I have never had an AV find so many FP's. I knew none of them were anything but FP's. Stefan posted here just about that time and asked that all Avira FP's be sent to him because he was the cause of them..meaning he was updating heuristic detection. So, I sent them to him and some of them Avira fixed...but others they would not fix.
     
  10. Mele20

    Mele20 Former Poster

    Joined:
    Apr 29, 2002
    Posts:
    2,495
    Location:
    Hilo, Hawaii
    Anyone installing Avira after the Sept upgrade would likely not see many FP's if heuristics is left at default. The reason is because Avira changed Application and SPR under extended threats from checked by default to unchecked by default and that has cut out a lot of the FP's.

    There are still a lot more FP's with Avira than any other AV I have used ...a LOT more. Look at the Rising AV FP which is plain silly. I find a lot of unpacker FP's and I wish Avira would fix that. Anyone who installs a lot of software will find a LOT of FP's with Avira and I hate that. If Symantec wasn't so bloated and still doesn't update often enough, etc. I'd use it because it is rare for Symantec to have an FP (it has the lowest FP rate of all AV) and that is a main reason Symantec is so popular with businesses and corporations. Plus, I really like Avira's GUI. Funny, as that is something that many criticize but I like it and don't want them to change it but I think they will next year.
     
  11. SystemJunkie

    SystemJunkie Resident Conspiracy Theorist

    Joined:
    Mar 3, 2006
    Posts:
    1,500
    Location:
    Germany
    Good idea, even a bit better in detection then avira if you are concerned about crypted and packed malware.

    Ah okay that was a mistake then.

    Yep easy to use and best selfprotection on the market especially the ssdt restore protection. I found it out per chance because it´s one of my habits that I sometimes like to unhook everything and found out OA is a little extraordinary exception that can´t unhooked that way.
     
  12. twl845

    twl845 Registered Member

    Joined:
    Apr 12, 2005
    Posts:
    4,186
    Location:
    USA
    Can I inject a simple Avira question in here at the risk of being off topic? I just installed the Avira free version on my Son's computer, which is at his house and I can't access at the moment. If I am correct, I saw an expiration date on the main page of May 2008. Does the free version time out after about 6 months? If so, can you reinstall it using the original .exe file? Thanks in advance.:)
     
  13. 19monty64

    19monty64 Registered Member

    Joined:
    Apr 10, 2006
    Posts:
    1,302
    Location:
    Nunya, BZ
    Yes, I remember the Sept. upgrade. I still haven't been able to install the rk-scanner without issues. Main reason for re-trying ThreatFire. Worked out to be a plus for me...
    I do a lot installs, betas too. Guess I've been lucky so far...
    I had NIS 2007 earlier this year, it was a good experience...
    As long as they keep the umbrella, I'll be happy...
     
  14. pilotart

    pilotart Registered Member

    Joined:
    Feb 14, 2006
    Posts:
    377
    A month to six weeks before that 5/31/2008, a normal auto-update will install a new 'build' of the Program and extend the license for another six months or so.

    Classic {free} users can expect severe AVIRA Server overload for about ten days around that update.:cautious:
     
  15. 19monty64

    19monty64 Registered Member

    Joined:
    Apr 10, 2006
    Posts:
    1,302
    Location:
    Nunya, BZ
    That figures. The Classic has never worked long enough on my pc to convince me to purchase the Premium. I'll purchase based on quality, not harassment. lol If Avira is still working for me 6/1/2008 without issue, I'll trial the Premium! My luck the trial will bugger up...
     
  16. Diver

    Diver Registered Member

    Joined:
    Feb 6, 2005
    Posts:
    1,444
    Location:
    Deep Underwater
    There seems to be a difference in opinion on the causes and solutions for Avira FP's. Some say its the heuristics level, others say its the settings under extended threats. Anyone able to settle this with facts or an expert opinion?

    When searching on this isue there appear to be many complaints regarding the application or SPR category. Definitely I can see how the "unusual packers" category could be a problem as it does not distinguish what is in the packed executable.

    The PUP or potentially unwanted programs area is a quagmire at best. Different vendors have widely differing ideas over what qualifies and many legitimate diagnostic and repair tools wind up being classified as PUPs. I just pack these up in a password protected archive and try to forget the whole thing.
     
  17. Thug21

    Thug21 Registered Member

    Joined:
    Jun 17, 2007
    Posts:
    141
    Location:
    Illinois
    I'd say the bigger issue is that on the default "medium" setting, it doesn't even close all your ports. When using the high setting, I feel safe enough. I think Stem did say that stealth isn't that important.

    As far as the issue about Avira's cleaning ability, I can't tell you first hand as I haven't ever been badly infected.
    It's say the cleaning is average but hopefully they will improve it as it is a feature request.
     
  18. lucas1985

    lucas1985 Retired Moderator

    Joined:
    Nov 9, 2006
    Posts:
    4,047
    Location:
    France, May 1968
    Well, I'm not an expert but the FPs I've seen from Avira are mostly heuristic-based (HEUR-Crypted, HTML-Exploit). Also, I've seen some signature-based FPs.
    However, I wouldn't be surprised to see many FPs from the extended threats cathegory.
    When you choose an AV with above-average FP rate, you should use the exclusion feature. It's a useful function.

    As you said, detection of greyware varies greatly between vendors. AFAIK, ESET doesn't seem to add many commercial keyloggers while Symantec often ignores remote admin tools. Cracks, password finders, jokes, "low-risk adware", malware removal tools also add to the mess.
     
  19. Mele20

    Mele20 Former Poster

    Joined:
    Apr 29, 2002
    Posts:
    2,495
    Location:
    Hilo, Hawaii
    But using exclusion is part of the problem with Avira. It is difficult to use it. We have asked Avira to make it easier and their response was that if they do so then all the average users might get infected. So, we replied ...ok...then give us warnings but still please fix exclusions so it is not so difficult to exclude. I've always used exclusions with any AV. The first thing I do is put system restore in there. I don't want my AV rummaging around in system restore as it will corrupt restore points. The problem with the FP's though is that there may be a variety of paths to the FP and you have to type in every one of them and not make a single mistake. You can't copy/paste or even more ridiculously you cannot simply tell Avira, when it alerts on an FP, to put it in exclusions! Avira says if they allow that then all the average users will get infected. Avira finally said though that if we are willing to put up with a lot of warning boxes (aimed at the average users) then they may fix this problem.
     
  20. Mele20

    Mele20 Former Poster

    Joined:
    Apr 29, 2002
    Posts:
    2,495
    Location:
    Hilo, Hawaii
    Alright!! :)

    Avira not only alerts now on the nasty (TR/Agent.cpz.1) from gav1577 when unpacked and just the .exe file is scanned, but Lukefilewalker alerts ALSO on the UNPACKED RAR file as downloaded and not yet unpacked!! GREAT! If Avira starts doing more of this then I will be one very happy camper. :)
     

    Attached Files:

  21. solcroft

    solcroft Registered Member

    Joined:
    Jun 1, 2006
    Posts:
    1,639
    You're using the words "packed" and "unpacked" with reckless abandon. Please realize that RAR is not a packer format, it's just a compression/archive format.
     
  22. trjam

    trjam Registered Member

    Joined:
    Aug 18, 2006
    Posts:
    9,102
    Location:
    North Carolina USA
    you can post what you want, say what you want, but it really doesnt matter. Test after test after test, shows it always at or right near the top. Do you want protection or what, it really is as simple as that.:)
     
  23. Arup

    Arup Guest


    Correct..........Avira keeps coming out at top.
     
  24. solcroft

    solcroft Registered Member

    Joined:
    Jun 1, 2006
    Posts:
    1,639
    Gee, funny how it's always the things that "don't matter" that tend to rile people, eh?

    Yep, and we all know Fortinet has the best heuristics on the planet.

    I can turn off my computer. Oh wow, instant impenetrable security! ;)
     
  25. trjam

    trjam Registered Member

    Joined:
    Aug 18, 2006
    Posts:
    9,102
    Location:
    North Carolina USA
    Ok, so I lied.;)
     
Loading...
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.