I actually did look in to Antivir. Their paid version tested very well, better in general than Nod or Kaspersky in fact. What turned me off from it though was the high number of false positives it produced. While I could probably research out a false positive or two, the people I'm researching for wouldn't know what was a false positive and what was not.
Schadenfroh
Elite Member
- Mar 8, 2003
- 38,416
- 4
- 0
If you are getting a good deal, you can always throttle back the heuristics. It has three sensitivity levels (not counting off).
What I'm curious about is, if the high level of heuristics were responsible for its higher detection ratings, what throttling down the heuristics would do for its detection ability?
Lemon law
Lifer
- Nov 6, 2005
- 20,984
- 3
- 0
What I am curious about Azaran, is how you conclude that antivirus has a high false positive rate? I have learned my lesson, its clear that you are serious and through in your testing and research methods. So now I somewhat wonder if you have some test bed of viruses you are firing at the various AV's you are testing or are just doing plenty of web surfing at possibly dangerous websites. Or alternately it could be based on extensive reading or something else I am not considering.
Because I have been running the antivirus comodo three combination for many months and have yet to see antivirus pop up warning of a virus. False positive or not. That may speak some to having many layers of security and practicing safe surfing. My antivirus is set in expert mode with medium heuristics.
So hence the question of how you make a conclusion that rapidly?
Because I have been running the antivirus comodo three combination for many months and have yet to see antivirus pop up warning of a virus. False positive or not. That may speak some to having many layers of security and practicing safe surfing. My antivirus is set in expert mode with medium heuristics.
So hence the question of how you make a conclusion that rapidly?
Sadly no I don't have a series of test beds to run the AV tests on. While I could throw viruses at my system I dont have the tools for realiably testing it out. For the raw data, that I'm leaving that to sites such as av-comparatives.org, AV-Test.org, etc. I figure why reinvent the wheel if it doesn't need to.
Based off the general conclusions of those sites I selected the various software suites. Since these sites run the AV-softwares at default, its most like what the average person will use. My testing was to determine ease of use/learning curve, feature sets, system resource impact, stability, and general annoyance factor. Scientific? No, much of this is subjective with the exception of stability and system resources which are easily identified. But then thats why I'm relying on these reputable sites for the comparative data.
As for the false positives, depending on the review/report you to go, some will report on it. AV-comparatives.org for instance, reports on it as part of their Nov 2007 ProActive report.
http://www.av-comparatives.org...rgebnisse/report16.pdf
Granted yes it is a few months out of date, and I'm sure updates have been made. There is always a lag on the time between updates and reports so I have to deal with the data I'm given. Their new ProActive report is due out next month so I'd be interested in seeing if any of the big offenders fix their ratings.
Oh and a note on my previous install of Kaspersky and Comodo... After I installed Nod32 in place of Kaspersky every problem I mentioned having, up and disappeared. I really hope Kaspersky can get their software to play better with Comodo since I think they make two of the strongest products out there.
lxskllr
No Lifer
- Nov 30, 2004
- 59,405
- 9,929
- 126
My personal experience with Antivir doesn't have many false positives for the typical office worker. It usually only flags some of my system utilities that could have uses for hacking. The one that comes to mind is my password recoverer, otherwise it doesn't really give false positives. I have it setup with medium heuristics on, and scanning for all threat categories.
I generally run in to the same issue, primarily password hacking tools. Almost every AV I've tried flags that. What I got surprised by was the HIGH number of false positives I got with the AV software I'm testing now. AEC Trustport was rated pretty high, in part because it uses 4 or so Antivirus engines. But when doing a scan last night it flagged 13 false positives in the first hour, all from safe programs including my firewall software. The weird thing was, it wasn't main program executables it was flagging but random files deep in the program directory.
If I hadn't set it to notify instead of automatically clean/delete/quarantine.. well I don't want to know what kind of nightmare I'd have faced having to find what programs got screwed up, and attempt to fix.
And yes, before someone asks, I checked each discovered "problem" file and found they were normal program files, or known to be flase positives on some anti-maleware/AV programs. I know every AV out there will occasionally come up with false positives but its kind of disconcerting to not be able to trust my AV enough to not destroy needed system files as part of its regular scan.
lxskllr
No Lifer
- Nov 30, 2004
- 59,405
- 9,929
- 126
I'd never let my AV decide autonomously what to do with suspect files, I always want to make the decision. I'd probably figure it out eventually, but you could end up with some strange mystery problems if the AV removed files, and you didn't think to check the logs.
Personally I never let the AV decide for me either. However most people stick with the defaults and that means the AV does what it feels it has to, thus missing program files. This is why I'm concerned with false positives since this whole project started as a way of testing AV's for a non tech savvy group of people. The other reason I was concerned with the false positives is it makes me wonder just how accurate a scanner is vs how lucky it was.
Oh and Muse, the reason for the recovery utilities is for the times a client doesn't remember their password(s). Also in my case back when I was a tech for a chain o stores, a client would drop off their password protected computer and then disappear for a week. Kind of hard to get in to the system if its all closed off.
Oh and Muse, the reason for the recovery utilities is for the times a client doesn't remember their password(s). Also in my case back when I was a tech for a chain o stores, a client would drop off their password protected computer and then disappear for a week. Kind of hard to get in to the system if its all closed off.
looking over that report the first thing i noticed is half the false positives are from using the "high" setting. Be interesting to see with a medium setting how many false positives it owuld have found. Either way 16 false positives out of the 25,000 testbed isnt that alarming in my opinion. especially when it still has the high dectetion rate with 81% with nod32 at 72% and the next highest in the 60's and it drops to most being around 50%. You want the best protection AntiVir appears to offer the best protection and you *may& have to deal with a few false positives if you have it set to high.
Just one thing to point out is that test is On Demand and not the real time scanning. Sure you knew that but just making sure.
Just one thing to point out is that test is On Demand and not the real time scanning. Sure you knew that but just making sure.
I will recommend McAfee VirusScan. My previous company uses it and it has been great. When it detects a file with virus, it will just delete it straightaway. The company offers free license for its employees and I have the same corporate edition in my computer now and it just works good.
Touch wood. I have gotten any virus alarm since then.
Touch wood. I have gotten any virus alarm since then.
(What was supposed to be a quick reply got very long. So grab some popcorn and get comfy)
This brings up a question. Should someone just deal with a few false positives?
In general, the people who come this this forum or post in it are fairly high in their tech levels. I don't think any of us would consider ourselves anything less than a power user. For many of us, a false positive isn't a big concern. We know what to look out for and correct it if something happens. Most of us know to back up critical information in the event of something blowing up the workstation.
But what about the average user? What I started this topic over a month ago it was about setting up the best Anti-virus, for what would be considered an office full of average users. These are people without an IT staffer. People that, if you told them they had to worry about false positives they'd look at you like you were speaking Greek.
So do we expect an average user to just deal with a few false positives, hoping that it wont kill an important process or program? We know they wont research it, trusting the AV to do its job. Or do we go for something that has a lower detection rating (but still above the average) but is less susceptible to false positives?
About two weeks ago someone posted a question about a worm that A-squared picked up. It wanted to quarantine his explorer.exe file. Turns out it was a false positive and A-squared fixed the issue within a few hours of it happening. But a few hours is all thats needed to bring down a computer. In A-squared's own forums there was discussion on it (how I found out about it) and talk of how it brought down peoples computers. I have my personal home computers set up so that I can come up from a total drive failure and be 100% within a couple hours. My work station, hell 2 ghost floppies and 30 min and I'm good. What about the users who cant do this, where quarantining a critical windows file means, at best, an entire day of business lost?
As much as many of us would hate to admit it, the standard for AV seems to be Symantec or McAfee. This is what people know and are often the first to be picked up. How many of us use a enterprise or corp version of them at work? My last three jobs did. So when you look at AV's, that at their lowest detentionare 20-30% higher than the "standard" (in this case Nod32), what becomes important?
The whole concept of the best AV isn't just what has the highest detection ratings. If it was, this topic would have lasted all of 5 posts, and my verbose self would have long since gone away. Its about what makes up a good AV. In this instance its not just detection but also realizability. How much a user can trust their AV to not damage their system. There are other factors involved, User friendly UI, Footprint, etc. But for the most part thats secondary to how the core of the AV performs.
So with all this in mind, should someone just deal with a few false positives?
lxskllr
No Lifer
- Nov 30, 2004
- 59,405
- 9,929
- 126
Interesting take on the situation. I'm not sure which way I'd go. Ideally at least 1 person in that office would be the "guru" that the others could go to for assistance. Barring that, I think I would go for the reduced protection, but no(few) false positives.
Have you made a decision on which one to get? Familiarity be damned, I wouldn't allow Symantec or McAfee on any system I setup. I think the one I would choose is AVG. It doesn't have the best detection rates, but afaik we haven't had any false positives in my office where we use that.
Have you made a decision on which one to get? Familiarity be damned, I wouldn't allow Symantec or McAfee on any system I setup. I think the one I would choose is AVG. It doesn't have the best detection rates, but afaik we haven't had any false positives in my office where we use that.
lxskllr
Sadly, I cant even say they have anyone that could be called a guru. Best they have is my friend who got them to install AVG so they at least had an AV system. And that was based off the fact that I threw it on her home computer as a temp fix when her McAfee subscription died off.
I'm with you on not allowing Symantec of McAfee on their computers. They are subpar AV's to begin with and both have their own host of problems. I know a lot of people have had good experiences with the corporate editions but still, I cant recommend the engine.
Since it is a business technically they shouldn't be using AVG, but beyond that there is an issue. What kicked all this off was they got a keylogger as an email attachment and AVG missed it. To make matters worse it was on one of the computers they use for all their financial records and online bank transactions. This is just the latest of what has been a nightmare of employee's bringing in viruses from email, surfing (who really needs to surf porn at 9am at work, I mean really) etc.
Sadly, I cant even say they have anyone that could be called a guru. Best they have is my friend who got them to install AVG so they at least had an AV system. And that was based off the fact that I threw it on her home computer as a temp fix when her McAfee subscription died off.
I'm with you on not allowing Symantec of McAfee on their computers. They are subpar AV's to begin with and both have their own host of problems. I know a lot of people have had good experiences with the corporate editions but still, I cant recommend the engine.
Since it is a business technically they shouldn't be using AVG, but beyond that there is an issue. What kicked all this off was they got a keylogger as an email attachment and AVG missed it. To make matters worse it was on one of the computers they use for all their financial records and online bank transactions. This is just the latest of what has been a nightmare of employee's bringing in viruses from email, surfing (who really needs to surf porn at 9am at work, I mean really) etc.
lxskllr
No Lifer
- Nov 30, 2004
- 59,405
- 9,929
- 126
I kind of went against my own advice by recommending AVG. I picked that because we use it at work with no issues. We don't have problems with people doing things they shouldn't either though :^D Maybe give Antivir a try with medium or low heuristics. The only office worker type false positives I've had with mine set to medium were with Foobar2000, a Vista sidebar gadget(Now Playing), and perhaps 3 other apps in the whole time I've been using it(5 years now I think).
I don't know if you're up to it, or if the business is willing to pay, but maybe you could give classes on safe computing. All the software in the world can't make up for ignorance, and paying somebody to teach them how to use a computer would pay for itself in the long run. If there was even 1 person interested in learning a bit, they could help out the others by giving advice when necessary if you could teach them.
Here's an interesting article on Ars Technica that touches on the changing priorities of antivirus software. I think heuristics is the future of antivirus, and a 100% or close accuracy rate isn't feasible.
I don't know if you're up to it, or if the business is willing to pay, but maybe you could give classes on safe computing. All the software in the world can't make up for ignorance, and paying somebody to teach them how to use a computer would pay for itself in the long run. If there was even 1 person interested in learning a bit, they could help out the others by giving advice when necessary if you could teach them.
Here's an interesting article on Ars Technica that touches on the changing priorities of antivirus software. I think heuristics is the future of antivirus, and a 100% or close accuracy rate isn't feasible.
You know that hadn't really occurred to me. You make a good point, the whole teach a man to fish and you feed him for life kind of route. I'll make mention of it to them and see if thats something they'd be willing to try out.
Muse
Lifer
- Jul 11, 2001
- 40,434
- 9,941
- 136
I'm using AVG free 7.5 on my main machine. It scans email, updates every morning automatically, scans automatically (once a week, I think). Runs all the time in the background.
Waiting for the morning update to complete is a PITA, but after 20-30 seconds it's over. Then there's a window that comes up that tells you it's just updated and counts down from 30 seconds and disappears sooner if you click OK. Unfortunately, that 30 seconds doesn't look to be configurable.
I like it much better than the Norton AV I used to run (part of Systemworks), which wanted me to resubscribe yearly. Norton only updated weekly (Wednesdays), but just try to uninstall Norton and you'll learn to hate it intensely.
Waiting for the morning update to complete is a PITA, but after 20-30 seconds it's over. Then there's a window that comes up that tells you it's just updated and counts down from 30 seconds and disappears sooner if you click OK. Unfortunately, that 30 seconds doesn't look to be configurable.
I like it much better than the Norton AV I used to run (part of Systemworks), which wanted me to resubscribe yearly. Norton only updated weekly (Wednesdays), but just try to uninstall Norton and you'll learn to hate it intensely.
Yeah I used to have to uninstall Norton on a fairly regular basis when I was a tech rat. Once you knew what you were doing it was easy but it still took about 40 minutes to clean out all the crap it left behind and repair the damage it did to Windows.
TRENDING THREADS
-
Discussion Zen 5 Speculation (EPYC Turin and Strix Point/Granite Ridge - Ryzen 9000)- Started by DisEnchantment
- Replies: 25K
-
Discussion Intel Meteor, Arrow, Lunar & Panther Lakes Discussion Threads
- Started by Tigerick
- Replies: 21K
-
Discussion Intel current and future Lakes & Rapids thread- Started by TheF34RChannel
- Replies: 23K
-
-
Facebook
Twitter