• We should now be fully online following an overnight outage. Apologies for any inconvenience, we do not expect there to be any further issues.

Best Anti-virus / INTERNET SECURITY!

Page 3 - Seeking answers? Join the AnandTech community: where nearly half-a-million members share solutions and discuss the latest tech.

Ken90630

Golden Member
Mar 6, 2004
1,571
2
81
What's the "best" anti-virus? Depends on your priorities. Here is A-Vcomparatives.org's latest test, done in February. See page 6 for the rankings.

FWIW, they gave the "best" award to NOD32 this time. Taking the most important criteria into account -- detection rates over the wide range of malware, footprint, heuristics effectiveness w/low number of "false alarms," frequency of updates, ease of use, etc. -- it seemed to be the best in their opinion.

Re a Limited Account being the be all, end all for computer security, there are a LOT of computer users out there using QuickBooks, and last I heard, QuickBooks will not run from within a Limited Account. And there is other software that won't either. I realize not many people on this site prolly use QuickBooks :p, but a lot of professionals and other people do. Sure, they can switch back & forth between an Administrator and Limited Account, but it's a hassle for novices.

Also, I've never been clear on whether or not a Limited Account will keep malware out of a computer entirely or whether it just prevents it from executing once it's gotten in. If it's the latter, then that would mean there could be infected/altered files in various places in the computer (including the Registry?) that still might need to be cleaned up even though the Limited Account prevented the malware from actually executing itself (in whatever form it was designed to do). Anyone know the definitive answer on this? Mech?
 

bX510

Golden Member
Feb 11, 2006
1,009
0
0
Originally posted by: gizbug
Originally posted by: bX510
I am looking to buy an anti-virus software. I am looking for best anti-virus / internet security. I heard that trend micro's internet security is good, but I don't think their anti-virus is as good as bitdefender. Well, give me some suggestions.

First, try using the "SEARCH" button. Hundreds of topics on this, no need to be lazy.

Second, NOD32

Originally posted by: gizbug
Originally posted by: bX510
I am looking to buy an anti-virus software. I am looking for best anti-virus / internet security. I heard that trend micro's internet security is good, but I don't think their anti-virus is as good as bitdefender. Well, give me some suggestions.

"Search" function of the board can be your friend, is you let it be.....

Ok, please be sure to tell all those people who asks "What's a good budget build with $1000?" in the General Hardware. Also, I am sure virus scans update very often; therefore, the current "best av" can be different from previous topics.

Thanks for everyone's replies.
 

John

Moderator Emeritus<br>Elite Member
Oct 9, 1999
33,944
4
81
Originally posted by: Ken90630
What's the "best" anti-virus? Depends on your priorities. Here is A-Vcomparatives.org's latest test, done in February. See page 6 for the rankings.

FWIW, they gave the "best" award to NOD32 this time. Taking the most important criteria into account -- detection rates over the wide range of malware, footprint, heuristics effectiveness w/low number of "false alarms," frequency of updates, ease of use, etc. -- it seemed to be the best in their opinion.

Just to clarify, NOD32 failed to reach Advanced+ in the Feb. 2007 comparative, and what you're referring to was the AV-Comparatives Summary Report 2006. At that time Eset was awarded "best for 2006", but as you can see times change and so do the detection rates. One thing that report fails to mention is that Eset is slow to add submitted samples.

The new Eset ESS beta looks interesting.
http://www.wilderssecurity.com/showthread.php?t=170556
 

Lemon law

Lifer
Nov 6, 2005
20,984
3
0
One of the highest rated software firewalls is the one made by comodo. And because of various installation subroutines, its now very network friendly. And it also has a support forum. It may not be as lean as some but its also not bloatware. And unlike the sp2 firewall its a 2 way firewall that filters incoming and outgoing.
 

mechBgon

Super Moderator<br>Elite Member
Oct 31, 1999
30,699
1
0
Re a Limited Account being the be all, end all for computer security, there are a LOT of computer users out there using QuickBooks, and last I heard, QuickBooks will not run from within a Limited Account. And there is other software that won't either. I realize not many people on this site prolly use QuickBooks :p, but a lot of professionals and other people do. Sure, they can switch back & forth between an Administrator and Limited Account, but it's a hassle for novices.
It's a hassle to wear seatbelts in cars too :D Yes, the world is cursed with software that presumes the user will be running software as an Administrator. Windows Vista is going to be an unavoidable wake-up call for the companies doing this stuff.

Also, I've never been clear on whether or not a Limited Account will keep malware out of a computer entirely or whether it just prevents it from executing once it's gotten in. If it's the latter, then that would mean there could be infected/altered files in various places in the computer (including the Registry?) that still might need to be cleaned up even though the Limited Account prevented the malware from actually executing itself (in whatever form it was designed to do). Anyone know the definitive answer on this? Mech?
A non-Admin user account is still not utterly bulletproof, but it lacks the power to do many things that are crucial to the malware's success. You might find my WMF Exploit test interesting here: http://www.antisource.com/forums/viewtopic.php?t=128 If you read the summary, you see that yeah, malicious files could get left on the HDD. They can't self-execute, though; the WMF Exploit gets the ball rolling, but if it gets stopped by anything, then it's game over for the bad guys.

In that test, a Limited account stopped the progress because of normal Windows NTFS file-system security/permissions. Namely, the exploit was trying to put a file in the root of C:\, but since the exploit had stolen its powers from a Limited account, it did not have the power to do that. If that file had been put in the user's Desktop screen, it would've run, but if the eventual goal was to install SpyAxe & etc, that still would've failed later because Limited user accounts can't install new programs in the Program Files directory.

Besides file-system restrictions, a Limited user (or something exploiting it) can't take down the Windows Firewall or add exceptions. It can't add, delete or modify stuff in the Windows directory (including the HOSTS file for example, or a rootkit). It can't delete your antivirus software from Program Files or stop its services. It can't register new services of its own. Most of the crucial parts of the Registry typically modified by malware are read-only for a Limited account.

All of those tactics are quite common; pick some malware writeups at Symantec Threat Explorer, hit the Technical Details tabs, read what the malwares do, and compare them to what a Limited account is capable of doing. Basically, a non-Admin account takes away almost all the good toys, and leaves the bad guys with a blunt Popsicle stick to try to break in with :evil:

/ rambling
 

Ken90630

Golden Member
Mar 6, 2004
1,571
2
81
Originally posted by: John
Originally posted by: Ken90630
What's the "best" anti-virus? Depends on your priorities. Here is A-Vcomparatives.org's latest test, done in February. See page 6 for the rankings.

FWIW, they gave the "best" award to NOD32 this time. Taking the most important criteria into account -- detection rates over the wide range of malware, footprint, heuristics effectiveness w/low number of "false alarms," frequency of updates, ease of use, etc. -- it seemed to be the best in their opinion.

Just to clarify, NOD32 failed to reach Advanced+ in the Feb. 2007 comparative, and what you're referring to was the AV-Comparatives Summary Report 2006. At that time Eset was awarded "best for 2006", but as you can see times change and so do the detection rates. One thing that report fails to mention is that Eset is slow to add submitted samples.

The new Eset ESS beta looks interesting.
http://www.wilderssecurity.com/showthread.php?t=170556

Yeah, I noticed that too. But there isn't a huge difference between the Advanced and Advanced + ratings, and all these companies ebb & flow in terms of being on top over one period of time and then slipping a little, then coming back .... Who knows -- maybe NOD32 will be back at Advanced + next time and one of the other top dogs will have slipped a bit. What suprised me a bit was McAfee's comparatively poor showing.

I also remember just a few years ago when Kaspersky was just another a-v product on the market with performance that wasn't anything to get excited about. Now they're at or near the top. Ditto F-Secure.

I don't think there necessarily is a "best" anti-virus product on the market. It depends on a person's priorities and also their vulnerabilities in context with their entire computer security plan. I, for instance, would prolly prefer a product that scored Advanced rather than Advanced + in one test if that product was better in other areas that are also important to me. The chances of receiving one of the very small number of viruses that NOD32 or the other "Advanced" products might miss are pretty slim, and as long as they 'catch up' and get the necessary definitions released in a reasonable amount of time, I wouldn't lose sleep over it if I used one of those products.

I'll be particularly interested to see the next round of AVComparatives' tests, which they say will include rootkit detection performance. Since rootkits are reportedly all the rage among the malware-writing scum, we might see a real distinction between "the men & the boys" next time since a lot of a-v products don't have any rootkit protection at all. We'll see. :)
 

Ken90630

Golden Member
Mar 6, 2004
1,571
2
81
Originally posted by: mechBgon
A non-Admin user account is still not utterly bulletproof, but it lacks the power to do many things that are crucial to the malware's success. You might find my WMF Exploit test interesting here: http://www.antisource.com/forums/viewtopic.php?t=128 If you read the summary, you see that yeah, malicious files could get left on the HDD. They can't self-execute, though; the WMF Exploit gets the ball rolling, but if it gets stopped by anything, then it's game over for the bad guys.[/quote]

That was what I suspected, although I wasn't sure until you confirmed it here. :D

My comment about Limited Accounts not being the be all, end all security measure was mainly in response to spikespiegal's post basically saying it was. I just respectfully disagree. It seems to me that it'd be best to use a Limited Account and a top A-V program and a top anti-spyware program in tandem. I can't speak for others, but I personally wouldn't want any malware files left on my hard drive -- where God only knows how or when they could interact with other files in the future -- even though the Limited Account prevented them from doing their intended mischief. Having fragments of malware code potentially 'hanging around' on a HD is just a bad idea, IMHO. With top-tier A-V and anti-spyware programs not only scanning the POP3 data stream but also Web traffic, and also scanning all files upon opening or execution, they're going to catch ~97% or more of all malware before a Limited Account even gets a chance to slam the door on it. I'd rather keep it out in the first place than rely solely on a Limited Account to stop it after it's gotten in.

This isn't to say I'm not a huge proponent of Limited Accounts like you, 'cuz I am. :) I just don't agree that it's the only security measure needed and that all A-V and anti-spyware products are unnecessary. If I'm mistaken about any of this, feel free to correct me, anyone. :)


 

John

Moderator Emeritus<br>Elite Member
Oct 9, 1999
33,944
4
81
Originally posted by: Ken90630
Yeah, I noticed that too. But there isn't a huge difference between the Advanced and Advanced + ratings, and all these companies ebb & flow in terms of being on top over one period of time and then slipping a little, then coming back .... Who knows -- maybe NOD32 will be back at Advanced + next time and one of the other top dogs will have slipped a bit. What suprised me a bit was McAfee's comparatively poor showing.
Yea NOD32 missed Advanced+ by <2% IIRC :( Esets advantage is in heuristics, and their downfall is adding samples and lack of signatures.

I also remember just a few years ago when Kaspersky was just another a-v product on the market with performance that wasn't anything to get excited about. Now they're at or near the top. Ditto F-Secure.
F-Secure uses the Kaspersky engine. :) So do several other well known AV companies.

I don't think there necessarily is a "best" anti-virus product on the market. It depends on a person's priorities and also their vulnerabilities in context with their entire computer security plan. I, for instance, would prolly prefer a product that scored Advanced rather than Advanced + in one test if that product was better in other areas that are also important to me. The chances of receiving one of the very small number of viruses that NOD32 or the other "Advanced" products might miss are pretty slim, and as long as they 'catch up' and get the necessary definitions released in a reasonable amount of time, I wouldn't lose sleep over it if I used one of those products.

I agree. It's not all about the detection rate, although that should be high on the prioroty list. Low resource usage, update frequency, gui, support, and other areas should be considered when choosing an AV. It's all subjective, and the independent reviews should be used a guide when making your decision. However as it stands you can't go wrong with the Kaspersky engine. Version 7 is in beta and the new heuristics module should rival Eset's.

I'll be particularly interested to see the next round of AVComparatives' tests, which they say will include rootkit detection performance. Since rootkits are reportedly all the rage among the malware-writing scum, we might see a real distinction between "the men & the boys" next time since a lot of a-v products don't have any rootkit protection at all. We'll see. :)

Avira added rootkit detection to their free version last week. In fact I think it's the only freebie with RK detection. Speaking of detection, check out the new PC World AV tests that were conducted by av-test.org which is one of the most trusted independent test labs.

http://www.pcworld.com/article/id,130869/article.html

 

mechBgon

Super Moderator<br>Elite Member
Oct 31, 1999
30,699
1
0
I can't speak for others, but I personally wouldn't want any malware files left on my hard drive -- where God only knows how or when they could interact with other files in the future -- even though the Limited Account prevented them from doing their intended mischief. Having fragments of malware code potentially 'hanging around' on a HD is just a bad idea, IMHO.
You don't want to see my system, then :evil: At one point I had about 2000 copies of various Zlob and DNSChanger trojans laying around on my HDD, along with a few others I snared along the way. I had to create a special "ignore this stuff" folder so Kaspersky wouldn't keep going AAAAGHHHH, I HAVE FOUND MALWARE and deleting it all while making that hair-raising pig-squeal noise over and over :D

With top-tier A-V and anti-spyware programs not only scanning the POP3 data stream but also Web traffic, and also scanning all files upon opening or execution, they're going to catch ~97% or more of all malware before a Limited Account even gets a chance to slam the door on it. I'd rather keep it out in the first place than rely solely on a Limited Account to stop it after it's gotten in.
Unless you are trying to collect malware from in-the-wild sources, of course :D

This isn't to say I'm not a huge proponent of Limited Accounts like you, 'cuz I am. :) I just don't agree that it's the only security measure needed and that all A-V and anti-spyware products are unnecessary. If I'm mistaken about any of this, feel free to correct me, anyone. :)
I agree that defense-in-depth is good. The Zlob and DNSChangers I mentioned are a good example of why "reactive" signature-based solutions such as antispyware and antivirus can fall short... these things are sometimes repacked over 15 times per day, rendering even hourly antivirus signatures a hit-or-miss solution (and daily signature updates a joke). Looking at Kaspersky's VirusWatch Lite several times a day, I see that Zlob and DNSChanger are just one of many families of malware that are repacked constantly. The bad guys aren't dumb ;)
 

Ken90630

Golden Member
Mar 6, 2004
1,571
2
81
Originally posted by: John
Originally posted by: Ken90630
Yeah, I noticed that too. But there isn't a huge difference between the Advanced and Advanced + ratings, and all these companies ebb & flow in terms of being on top over one period of time and then slipping a little, then coming back .... Who knows -- maybe NOD32 will be back at Advanced + next time and one of the other top dogs will have slipped a bit. What suprised me a bit was McAfee's comparatively poor showing.
Yea NOD32 missed Advanced+ by <2% IIRC :( Esets advantage is in heuristics, and their downfall is adding samples and lack of signatures.

I also remember just a few years ago when Kaspersky was just another a-v product on the market with performance that wasn't anything to get excited about. Now they're at or near the top. Ditto F-Secure.
F-Secure uses the Kaspersky engine. :) So do several other well known AV companies.

I don't think there necessarily is a "best" anti-virus product on the market. It depends on a person's priorities and also their vulnerabilities in context with their entire computer security plan. I, for instance, would prolly prefer a product that scored Advanced rather than Advanced + in one test if that product was better in other areas that are also important to me. The chances of receiving one of the very small number of viruses that NOD32 or the other "Advanced" products might miss are pretty slim, and as long as they 'catch up' and get the necessary definitions released in a reasonable amount of time, I wouldn't lose sleep over it if I used one of those products.

I agree. It's not all about the detection rate, although that should be high on the prioroty list. Low resource usage, update frequency, gui, support, and other areas should be considered when choosing an AV. It's all subjective, and the independent reviews should be used a guide when making your decision. However as it stands you can't go wrong with the Kaspersky engine. Version 7 is in beta and the new heuristics module should rival Eset's.

I'll be particularly interested to see the next round of AVComparatives' tests, which they say will include rootkit detection performance. Since rootkits are reportedly all the rage among the malware-writing scum, we might see a real distinction between "the men & the boys" next time since a lot of a-v products don't have any rootkit protection at all. We'll see. :)

Avira added rootkit detection to their free version last week. In fact I think it's the only freebie with RK detection. Speaking of detection, check out the new PC World AV tests that were conducted by av-test.org which is one of the most trusted independent test labs.

http://www.pcworld.com/article/id,130869/article.html
Yeah, I think we're in agreement on pretty much all of this. :) And yeah, I knew F-Secure and others use the Kaspersky engine (hence their effectiveness!). As you prolly know, reportedly the only drawback to the "multi-engine" products, like those that combine two or even three engines in an attempt to get higher detection rates (an admirable goal, of course), is that scan speed suffers. But hey, it wouldn't bother me much to have a scan take an extra few minutes or whatever if it increases the detection rate by a few percentage points. Actually, NOD32 performs pretty darn well considering it's a single-engine product (and it costs a bit less than Kas or F-Secure, presumably because eset isn't having to pay a licensing fee to Kaspersky and/or others to use their engine). Whatever -- they're all good.

One thing I've been thinking about more & more is the importance of overall detection rates of known viruses vs. heuristics. I'm not a NOD32 fanboy or anything, but to me, I'm not that concerned with my A-V program's ability to detect some 2-year-old virus that reached its peak infection rate long ago and is all but out of circulation now. If I had to prioritize, I'd rather my A-V program have excellent heuristics, since it would seem that an attempted infection by the newer, more-difficult-to-catch viruses (and their variants) would be more likely to occur and more important to stop. Particularly when they're "zero day" malware that the A-V companies don't have definitions for yet. Whaddya think -- would you agree or disagree?

And yeah, if Kaspersky's new heuristics rival those of NOD32, Kas is gonna be tough to beat. I just wish they weren't headquartered in a country (Russia) that still has nuclear missiles pointed at you, me and our families. That's really the only reason I don't use Kaspersky myself.

I checked out those PC World rankings. Without knowing the scope of A-Vtest.org's testing procedure, I can't really comment on those findings. (And what's up with BitDefender supposedly having a 124% system slowdown rating? Is that a typo? :confused: ) I will say that, like a lot of computer products tests/reviews, the results on A-V products tend to vary considerably depending on who does the testing. So yeah, like you say, just use them as a guide.

A-Vcomparatives.org's testing seems to be pretty exhaustive, I will say that. But like you also said, the "best" product is subjective. It would also be pretty hard to buy a product that is guaranteed to be the best and stay the best, by whatever criteria you choose, for very long. The differences among the top-tier products seem to be relatively small, and they change from year to year, so even the "best" product today might not be the best anymore six months or a year from now. I personally don't want to change A-V programs that often, so I think it's best just to pick one of the top 3 or 4 programs and stick with it as long as it works well for you.

Interesting thread. :cool:
 

Ken90630

Golden Member
Mar 6, 2004
1,571
2
81
Originally posted by: mechBgon
I can't speak for others, but I personally wouldn't want any malware files left on my hard drive -- where God only knows how or when they could interact with other files in the future -- even though the Limited Account prevented them from doing their intended mischief. Having fragments of malware code potentially 'hanging around' on a HD is just a bad idea, IMHO.
You don't want to see my system, then :evil: At one point I had about 2000 copies of various Zlob and DNSChanger trojans laying around on my HDD, along with a few others I snared along the way. I had to create a special "ignore this stuff" folder so Kaspersky wouldn't keep going AAAAGHHHH, I HAVE FOUND MALWARE and deleting it all while making that hair-raising pig-squeal noise over and over :D

With top-tier A-V and anti-spyware programs not only scanning the POP3 data stream but also Web traffic, and also scanning all files upon opening or execution, they're going to catch ~97% or more of all malware before a Limited Account even gets a chance to slam the door on it. I'd rather keep it out in the first place than rely solely on a Limited Account to stop it after it's gotten in.
Unless you are trying to collect malware from in-the-wild sources, of course :D

This isn't to say I'm not a huge proponent of Limited Accounts like you, 'cuz I am. :) I just don't agree that it's the only security measure needed and that all A-V and anti-spyware products are unnecessary. If I'm mistaken about any of this, feel free to correct me, anyone. :)
I agree that defense-in-depth is good. The Zlob and DNSChangers I mentioned are a good example of why "reactive" signature-based solutions such as antispyware and antivirus can fall short... these things are sometimes repacked over 15 times per day, rendering even hourly antivirus signatures a hit-or-miss solution (and daily signature updates a joke). Looking at Kaspersky's VirusWatch Lite several times a day, I see that Zlob and DNSChanger are just one of many families of malware that are repacked constantly. The bad guys aren't dumb ;)

Okay, you know I have to ask: How on earth did you -- the Grand Poobah of Computer Security? :D -- get "about 2000 copies of various Zlob and DNSChanger trojans laying around" on your HD? :Q Was that intentional, vis-a-vis your previous I.T. job? Like for research or somethin'?

Heh heh ... how'd you like to have a job writing signatures for an A-V company? Talk about a never-ending task. You might feel good for about 5 minutes, then along comes a variant and ... dang -- back to the drawing board! :p
 

mechBgon

Super Moderator<br>Elite Member
Oct 31, 1999
30,699
1
0
Originally posted by: Ken90630
Originally posted by: mechBgon
I can't speak for others, but I personally wouldn't want any malware files left on my hard drive -- where God only knows how or when they could interact with other files in the future -- even though the Limited Account prevented them from doing their intended mischief. Having fragments of malware code potentially 'hanging around' on a HD is just a bad idea, IMHO.
You don't want to see my system, then :evil: At one point I had about 2000 copies of various Zlob and DNSChanger trojans laying around on my HDD, along with a few others I snared along the way. I had to create a special "ignore this stuff" folder so Kaspersky wouldn't keep going AAAAGHHHH, I HAVE FOUND MALWARE and deleting it all while making that hair-raising pig-squeal noise over and over :D

With top-tier A-V and anti-spyware programs not only scanning the POP3 data stream but also Web traffic, and also scanning all files upon opening or execution, they're going to catch ~97% or more of all malware before a Limited Account even gets a chance to slam the door on it. I'd rather keep it out in the first place than rely solely on a Limited Account to stop it after it's gotten in.
Unless you are trying to collect malware from in-the-wild sources, of course :D

This isn't to say I'm not a huge proponent of Limited Accounts like you, 'cuz I am. :) I just don't agree that it's the only security measure needed and that all A-V and anti-spyware products are unnecessary. If I'm mistaken about any of this, feel free to correct me, anyone. :)
I agree that defense-in-depth is good. The Zlob and DNSChangers I mentioned are a good example of why "reactive" signature-based solutions such as antispyware and antivirus can fall short... these things are sometimes repacked over 15 times per day, rendering even hourly antivirus signatures a hit-or-miss solution (and daily signature updates a joke). Looking at Kaspersky's VirusWatch Lite several times a day, I see that Zlob and DNSChanger are just one of many families of malware that are repacked constantly. The bad guys aren't dumb ;)

Okay, you know I have to ask: How on earth did you -- the Grand Poobah of Computer Security? :D -- get "about 2000 copies of various Zlob and DNSChanger trojans laying around" on your HD? :Q Was that intentional, vis-a-vis your previous I.T. job? Like for research or somethin'?
Of course it was intentional, and very educational about the shortcomings of signature-based protection setups alone. I don't do nearly as much of that as I used to, but I still do some: SiteAdvisor ratings

On these families of Trojans, based on VirusTotal and Jotti scanner results, I think that:
  • Kaspersky Antivirus 6 is best overall on detection of Zlob and DNSChanger. If they detect Zlob or DNSChanger, it's always signature-based detection, never heuristic detection. Hourly updates probably have a lot to do with Kaspersky's dominance.*
  • AntiVir is best on heuristics-based detection for the Zlobs in particular. But overall, Kaspersky's signatures > AntiVir's heuristics, due to Kaspersky's aggressive signature updates and not turning a blind eye to Zlob, unlike Some Companies I Could Mention.
  • Some of the other big names are dismal on either type of detection, judging by Jotti and VirusTotal scanner results as well as using their online virus scanners to scan a folder chock-full of known Trojans.
  • Windows Defender is almost completely useless on Zlob, DNSChanger, and even on a lot of stuff that it really should detect, like Amaena's scumware, e.g. WinFixer :frown: They need to take the gloves off, stop worrying about getting sued, and get updates out at least daily, IMHO. I gave up sending false-negative samples to the OneCare and Defender submission addresses after a few weeks of being ignored.
  • A non-Admin user account with a SRP is 100% ironclad protection against Zlob and DNSChanger Trojans, as long as the user doesn't get suckered and override his/her own protection. Costs nothing, no performance loss, no signatures to update... but not always practical for non-geeks. Vista improves this quite a bit, though, one reason I'm a Vista fanboy :D

*Sometimes I would download malware samples that didn't trigger my Kaspersky, but VirusTotal's Kaspersky engine did detect it. So I'd update my Kaspersky sigs, which were maybe 30 minutes old, and now I had detection too. That's how much of a cat-&-mouse game is going on out there.
 

mechBgon

Super Moderator<br>Elite Member
Oct 31, 1999
30,699
1
0
BTW here is a recent Symantec malware analysis that I've overlaid to show where a non-Admin user account would present obstacles: click here :camera: I made one error, but I think the point comes across. Look at lots of malware descriptions, and the patterns emerge. It's no wonder Microsoft is trying to get people away from running apps at Admin level when it's not necessary.
 

Ken90630

Golden Member
Mar 6, 2004
1,571
2
81
Interesting stuff. When you mention some of the "big name companies" being "dismal," in the tests you ran, care to name names? :D Are you referring to eset or Norton or McAfee ... any of those? Just curious.

BTW, if you haven't used NOD32 in those tests of yours, I'd be curious to see not only how its detection rates fare but also its heurisitics (which is supposedly about the best out there right now). I think you can download a free 30-day trial off their Website if you're so inclined and have nothing better to do. Heh heh. :p

Originally posted by: mechBgon
BTW here is a recent Symantec malware analysis that I've overlaid to show where a non-Admin user account would present obstacles: click here :camera: I made one error, but I think the point comes across. Look at lots of malware descriptions, and the patterns emerge. It's no wonder Microsoft is trying to get people away from running apps at Admin level when it's not necessary.

I couldn't really read the text of that screen shot (way too blurry), but the red circles got the point across.

BTW, I jotted down a short list of things one couldn't do with a Limited Account awhile back and now can't seem to find it (I think I just printed it out and didn't save it). Besides QuickBooks, care to refresh my memory on the other programs you can't run or things you can't do with a LA? I know there were other things besides QB that non-geeks would be annoyed at not being able to do. I think one of the company's auto updates (was it Norton?) wouldn't work or somethin', but it's been awhile and I just don't recall.

 

Lemon law

Lifer
Nov 6, 2005
20,984
3
0
I have to agree with MechBgon---prevention is always the key---and some of the malware just hides better---but I recently had the adverse experience of buying a used PC cheap.
And it arrived with some 4000 pieces of malware included at no extra charge--some 94% yielded easily to lesser quality scanners with old definitions---updating definitions got another 4%.
And long after every passive scanner on the planet---Kaspersky included pronounced my PC clean---I was still finding malware with hijack logfiles. With rootkits another worry entirely.
 

Ken90630

Golden Member
Mar 6, 2004
1,571
2
81
Originally posted by: Lemon law
I have to agree with MechBgon---prevention is always the key---and some of the malware just hides better---but I recently had the adverse experience of buying a used PC cheap.
And it arrived with some 4000 pieces of malware included at no extra charge--some 94% yielded easily to lesser quality scanners with old definitions---updating definitions got another 4%.
And long after every passive scanner on the planet---Kaspersky included pronounced my PC clean---I was still finding malware with hijack logfiles. With rootkits another worry entirely.
Yeah, I know what you mean. My computer has only been infected once (several years ago when I didn't know much about security). My McAfee scanner at the time was able to identify the Trojan, but it wasn't able to even get close to disinfecting and/or getting rid of all the infected files. And yeah, I followed all the instructions on their Web site at the time. I had to reformat and do a clean install (this was Windows 98SE). That did the trick, but it was quite an ordeal at the time.

While we're on the subject, awhile back I read somewhere that there are certain kinds of malware that can actually survive a low-level reformat. What do you guys know about that, and how does one do a "high level reformat"?

Heh heh ... that was nice of the previous owner to throw in all that malware for no extra charge. :laugh: 4000 pieces -- good grief. :Q
 

HardWarrior

Diamond Member
Jan 26, 2004
4,400
23
81
Originally posted by: bX510
I am looking to buy an anti-virus software. I am looking for best anti-virus / internet security. I heard that trend micro's internet security is good, but I don't think their anti-virus is as good as bitdefender. Well, give me some suggestions.

I'm using Kapersky Internet Security. I made my decision based on 2-years of using KAV and reviews. Some of the components found in KIS are overkill for me, since I have a great SPI router, but everything works and is easy to understand/configure.

 

mechBgon

Super Moderator<br>Elite Member
Oct 31, 1999
30,699
1
0
Originally posted by: Ken90630
Interesting stuff. When you mention some of the "big name companies" being "dismal," in the tests you ran, care to name names? :D Are you referring to eset or Norton or McAfee ... any of those? Just curious.
McAfee and Microsoft OneCare were pretty lame. Even AVG was doing way better than them on these families. But they had plenty of company, because when malware comes out up to 15 times a day, and virus definitions maybe once a day for many companies, the advantage lies with the bad guys.

BTW, if you haven't used NOD32 in those tests of yours, I'd be curious to see not only how its detection rates fare but also its heurisitics (which is supposedly about the best out there right now). I think you can download a free 30-day trial off their Website if you're so inclined and have nothing better to do. Heh heh. :p
I could test by means of VirusTotal, which includes the NOD32 scanner. The .EXEs are simple to collect and submit. I'll drop you a PM if I get some definite impressions to report.

I couldn't really read the text of that screen shot (way too blurry), but the red circles got the point across.
Disable your browser's image resizing so the image displays at full size.

BTW, I jotted down a short list of things one couldn't do with a Limited Account awhile back and now can't seem to find it (I think I just printed it out and didn't save it). Besides QuickBooks, care to refresh my memory on the other programs you can't run or things you can't do with a LA? I know there were other things besides QB that non-geeks would be annoyed at not being able to do. I think one of the company's auto updates (was it Norton?) wouldn't work or somethin', but it's been awhile and I just don't recall.
Norton's Live Update wouldn't work when triggered manually by a Limited user, although the automatic updates would work fine. In general, a non-Admin account only gets Read-Only access to the Windows directory and the Program Files directory and their subdirectories, as well as lots of important sections of the Registry, the root of hard drives, the services generally, Windows Firewall settings and many other important settings. Vista has some tricks up its sleeve to help overcome issues; for example, on WinXP I can only run the Mechwarrior4-series games as an Admin, but Vista fools them into running from a Standard account.

I don't have a comprehensive list of what software doesn't run right with a Limited account on WinXP. There's plenty of it around still.

 

Mem

Lifer
Apr 23, 2000
21,476
13
81
And yeah, if Kaspersky's new heuristics rival those of NOD32, Kas is gonna be tough to beat. I just wish they weren't headquartered in a country (Russia) that still has nuclear missiles pointed at you, me and our families. That's really the only reason I don't use Kaspersky myself.

I checked out those PC World rankings. Without knowing the scope of A-Vtest.org's testing procedure, I can't really comment on those findings. (And what's up with BitDefender supposedly having a 124% system slowdown rating? Is that a typo? ) I will say that, like a lot of computer products tests/reviews, the results on A-V products tend to vary considerably depending on who does the testing. So yeah, like you say, just use them as a guide.

So what you saying is USA and other countries don't have missles pointed at other countries?...Don't be so naive ;),getting back on topic I have not had any slow downs or problems when I was using Bitdefender 10 Plus on WinXP,however since January I have been trying out Avast Home AV (free version) on Vista x64,I would have to say it has been great on stability,pretty good on memory usage too,today I reinstalled Kaspersky 6 on my Vista x64 just to see how good Avast had been doing over the last few months and if it let anything through,Kaspersky 6 found nothing with a full scan ,so Avast free version did a decent job.


I'm not trying to say Avast is the greatest AV out there or equal to Kaspersky far from it,just my experience on how it performed over the last few months with Vista x64,btw I did notice Kaspersky 6 uses slightly less memory then Avast, however you won't notice that in the real world.I'm going to leave Kaspersky 6 on my PC for awhile.


I really should not be comparing Kaspersky 6 to Avast since one is free and the other (Kaspersky) is regarded as one of the very best AV with very frequent updates,anyway just thought I give some feedback for what it's worth.
I would still recommend Kaspersky for no.1 for Vista x64,as for free AV version for Vista x64, I would have to say Avast at this time.


 

John

Moderator Emeritus<br>Elite Member
Oct 9, 1999
33,944
4
81
Mem, I am not trying to discredit your opinion, but you seem like a savvy user and could probably get by without an AV. When you compare Avast! to KAV, or any other AV, it isn't really doing any justice. It no different than saying Ad-Aware is as good as Spy Sweeper since neither detect any malware on your pc. :p
 

Mem

Lifer
Apr 23, 2000
21,476
13
81
Originally posted by: John
Mem, I am not trying to discredit your opinion, but you seem like a savvy user and could probably get by without an AV. When you compare Avast! to KAV, or any other AV, it isn't really doing any justice. It no different than saying Ad-Aware is as good as Spy Sweeper since neither detect any malware on your pc. :p

I think you are missing the point I was trying to make,I was trying out Avast to see how it was on stability as well,lets be honest using common sense when browsing ,opening attachments etc...goes a long way ,I 'm not saying Avast is as good as Kaspersky far from it (detection rate,updates on Kaspersky are far superior),however for Vista x64 you have less choice for anti-virus software at this time,and you'll always get some people looking for a free AV regardless of how good or bad it is .I cannot fault stability of Avast on Vista x64 ,just my opinion over the last few months of using it.


We can all say and even agree Kaspersky is probably the best,but we all know the weakest link is the user.


I would feel naked without an AV to be honest John, even with my safe habits when it comes to security etc...besides I like to give my dual core and 4GB of ram some work to do,especially with emails etc... ;).
You want the best you have to pay for it in general ,with free versions don't expect the performance or detection rate/updates to be anywhere near as good,possible exception is AOL ActiveVirus shield,which is made by Kaspersky .
 

eelw

Lifer
Dec 4, 1999
10,337
5,489
136
No antivirus is needed with smart surfing and keeping an eye on your running processes/startup group. But to be safe, I monthly run a rootkit scan just to ensure nothing gets past.
 

Mem

Lifer
Apr 23, 2000
21,476
13
81
John any ETA on AOL Active Virus Shield for Vista x68/x64 ,I know some people that are interested in it for Vista.


Updated:Looks like due in May,see a few posts below for more info.
 

mechBgon

Super Moderator<br>Elite Member
Oct 31, 1999
30,699
1
0
Originally posted by: eelw
No antivirus is needed with smart surfing
I partly disagree with this on general principle, because normally-safe websites can and do get compromised. Asus's website was a recent example. Or have you ever clicked a link to a pic at http://pics.bbzzdd.com (one of AT's popular free pics-hosting sites)? They had an exploit incident a while back.

There are relatively safe ways to surf even very nasty websites without antivirus software, but I'm not sure many people use them. Yet, anyway.
 

Ken90630

Golden Member
Mar 6, 2004
1,571
2
81
Originally posted by: Mem
So what you saying is USA and other countries don't have missles pointed at other countries?...Don't be so naive ;)

No, I wasn't saying anything of the sort. Nor is it a matter of being "naive." :roll: I'm disappointed that you would make such a dishonest misrepresentation of what I said.

As satisfying as it might be to debate you regarding whether or not there's a moral equivalency between Russia and the U.S., and why the respective countries have missiles pointed at others (which is the real issue), we both know that it will be a waste of time since neither of us is going to change the other's mind. And we could spend all night arguing back & forth & not even scratch the surface of such a complex topic. I'd prefer to discuss computers rather than politics.

For the record, my original comment was a result of kinda wishing such a good product wasn't being made in a country hostile to mine. I'd like to use it, but for ethical reasons choose not to. That's all. Let's not make a mountain out of a molehill here. :)