• 0

Definitive Best Antivirus 2009

Asked by Barney T.,

 Share

Definitive Best Antivirus  

1,462 members have voted

  1. 1. Your Choice?

    • Antivir
      174
    • Avast!
      129
    • AVG
      139
    • BitDefender
      26
    • Clamwin
      4
    • F-Secure
      6
    • Kaspersky
      215
    • McAfee
      13
    • NOD32
      471
    • Norton
      118
    • Panda
      2
    • Sophos
      4
    • Symantec (Corporate)
      41
    • Trend
      9
    • VBA32
      0
    • Windows OneCare
      25
    • Zone
      3
    • Other (please specify below)
      83

Question

329 answers to this question

Recommended Posts

  • 0
Collaborator

Squall_Leonheart

Posted
Posted

my company is using NOD32, there are 300+ users. I notice that nod32 is not effective at all in detecting viruses. some of the file was name suspiciously like xwsxvbs. this file always automatically occupied any newly created share folder. nod32 just wont detect this as a virus. I tried other antivirus it is detected as a virus.

second scenario, some user brought their thumb drive and inside contains trojans which slow down excel to exact 30 seconds delay. NOD32 just can't detect this one. It is obvious enough this is a mal ware which cause slow down to microsoft office, again i use other antivirus to clean, immediately excel word, and etc start without delay.

third scenario, there is a virus name fujacks in my company and this virus is a network spreading type. I have a nas just to share some files. whenever the user access this drive the virus keep on spreading. What NOD32 does is, it erase any exe infected in the pc. quite good but not enough. again i use other antivirus. the virus is deleted straight away on the share drive before infecting the user pc.

this is just a few real case i like to share, there is more. I just don't understand why NOD32 got so many vote here......I just don't understand. The antivirus that i use is kaspersky....

  • 0
Community Regular

Borimol

Posted
Posted
my company is using NOD32, there are 300+ users. I notice that nod32 is not effective at all in detecting viruses. some of the file was name suspiciously like xwsxvbs. this file always automatically occupied any newly created share folder. nod32 just wont detect this as a virus. I tried other antivirus it is detected as a virus.

second scenario, some user brought their thumb drive and inside contains trojans which slow down excel to exact 30 seconds delay. NOD32 just can't detect this one. It is obvious enough this is a mal ware which cause slow down to microsoft office, again i use other antivirus to clean, immediately excel word, and etc start without delay.

third scenario, there is a virus name fujacks in my company and this virus is a network spreading type. I have a nas just to share some files. whenever the user access this drive the virus keep on spreading. What NOD32 does is, it erase any exe infected in the pc. quite good but not enough. again i use other antivirus. the virus is deleted straight away on the share drive before infecting the user pc.

this is just a few real case i like to share, there is more. I just don't understand why NOD32 got so many vote here......I just don't understand. The antivirus that i use is kaspersky....

Nod32 isn't perfect, no AVs are perfect. In fact Kaspersky have many bugs in Windows 7 such as the Anti-Rookit Scan.

  • 0
Community Regular

PurePhoenix

Posted
Posted

Guys, the title of this thread is "Definitive Best Antivirus 2009"

Not "Voted by popularity contest best AV 2009".

If you're going to do something, do it right.

You want to know what AV is the best, period, so look at the hard facts.

Symantec is the only company on record to have ever had a 100% detection rate.

Norton had it's issues for a while, still does probably in the removal department.

However Symantec Corp is arguably the best on the market.

There's a reason it's still impossible to find test results for it - it still has a 100% detection rate.

It still has zero user input required, it auto updates, scans and protects itself & you constantly.

And contrary to your common beleifs, it has the lowest memory footprint bar Avira perhaps.

Honestly, you must be blind if you think AVG, Nod32, KIS or others have a lower footprint than SAV.

Sure one process for the above might be lower in resources than RvtScan.exe for Symantec, but KIS, Avira, Nod32 and AVG all require more than 1 process running.

The total memory required to run all of these processes always exceeds Symantecs' requirements. Always.

Nod32 is by far and wide a dead AV. It doesn't disable when you tell it to. It has far too many false positives (As does KIS/KAV).

Settings do not apply even if you restart the computer or manually restart all Nod32 services.

Most disturbing of all, there is no option to auto quarantine or delete infections.

Do you have any idea how rediculous that is? No quarantine / deletion makes an infection at least 4 times more likely to succeed at taking control of your PC.

Moreso even if it succeeds in cleaning the infection, cleaning itself causes corruption because it modifies the executible!

I honestly wouldn't use Nod32 if you paid me.

If you honestly like that crap, you need to find another industry to work in - because anyone who ignores the glaring, obvious facts like those mentioned above, fails automatically as a competent PC user - you can completely and utterly forget about qualifying yourself as a proffessional.

  • 0
Community Regular

PurePhoenix

Posted
Posted

lol, cheeky one eh.

These claims about symantec are all supported by hundreds of websites, since it's been that way for over a decade.

As for the Nod32 info.. well... after seeing it with my own eyes i'm inclined to call every nod32 fanboy an outright lier.

I can install it right now and prove my claims, that's the beauty of desktop video recording apps.

  • 0
Community Regular

justmike

Posted
Posted

Well if I include malware in this review for best Antivirus, then MSE Beta as of September to now was and is the best in my book. I've taken off many other virus scanners that were still running, and caught nothing, installed MSE, and it finds them. Not only a couple, but in a few cases it found over 20 different ones that were in the red. So until the malware designers and other companies destroy it, it is now the best for today 2009. I really do not know what the definition of a virus scanner is these days, and I suspect each company has their own definition.

  • 0
Collaborator

Squall_Leonheart

Posted
Posted
Nod32 isn't perfect, no AVs are perfect. In fact Kaspersky have many bugs in Windows 7 such as the Anti-Rookit Scan.

yes no av is perfect infect no software is without bug. like human we are also imperfect thats what make us a human, but nod32 is reaching a level which make me hard to tolerate. in my third scenario, it is not a bug, it is the design of the software. In all i still can't accept NOD32. It is just a toy.

  • 0
Grand Master

goretsky Supervisor

Posted
  • Supervisor
Posted

Hello,

Sounds like you are having a lot of problems with your deployment of NOD32. have you checked with their technical support department to see why these problems are occuring? Perhaps there is a configuration error.

You should always send undetected malware to your anti-malware vendor, that way they can add signatures to detect it. I found ESET's instructions here on their web site.

Regards,

Aryeh Goretsky

my company is using NOD32, there are 300+ users. I notice that nod32 is not effective at all in detecting viruses. some of the file was name suspiciously like xwsxvbs. this file always automatically occupied any newly created share folder. nod32 just wont detect this as a virus. I tried other antivirus it is detected as a virus.

second scenario, some user brought their thumb drive and inside contains trojans which slow down excel to exact 30 seconds delay. NOD32 just can't detect this one. It is obvious enough this is a mal ware which cause slow down to microsoft office, again i use other antivirus to clean, immediately excel word, and etc start without delay.

third scenario, there is a virus name fujacks in my company and this virus is a network spreading type. I have a nas just to share some files. whenever the user access this drive the virus keep on spreading. What NOD32 does is, it erase any exe infected in the pc. quite good but not enough. again i use other antivirus. the virus is deleted straight away on the share drive before infecting the user pc.

this is just a few real case i like to share, there is more. I just don't understand why NOD32 got so many vote here......I just don't understand. The antivirus that i use is kaspersky....

  • 0
Grand Master

goretsky Supervisor

Posted
  • Supervisor
Posted

[Quick edit to fix some typographical errors I made. AG]

Hello,

I really try to avoid A versus B type discussions since they tend to be unresolvable for various reasons, but something about your message caught my eye, and I did want to ask you about it.

I do not think that I have ever heard of an anti-malware program which claims 100% detection against all threats, going as far back as Patricia Hoffman's VSUM listing and reports from the Virus Test Centre at the University of Hamburg and the Virus Research Unit at the University of Tampere from the late 1980s to today's tests from the AV-Comparatives and AV-Test organizations and the venerable Virus Bulletin Magazine. One may see that a program gets awarded a detection of 100% of threats on a particular test, but tests are, by definition, not going to be wholly representative of a real world environment. The infrastructure to measure the tests and allow the results to be consistently reproduced over and over again is not going to be the sort of thing companies use in production environments (unless, perhaps, they are in the test and measurement business, but I digress...). What tests actually are great for, though, are to take a snapshot of a particular environment, an anti-malware program, its threat signature database, operating systems and applications and drivers at certain version levels, and see how the antimalware program performs. One of the most important things to keep in mind, though, is that all you are reviewing is that particular snapshot. One module or threat signature database version newer?or older?and the results are going to be different.

Part of the value comes from in tests is the ability to look at trends over time. Assuming that the methodologies are good (relevant samples, computer configurations that make sense and so forth), you can take a look over months, quarters, years or maybe even longer and be able to determine if a program's detection capabilities is getting better, getting worse or staying about the same. A fantastic example of this is Microsoft's Windows Live One Care which initially received very poor reviews of its detection capabilities before coming up to speed and greatly improving.

Getting back the issue at hand, though, there's no such as a 100% detection rate for all malware. You mentioned, for example, Symantec Corp.'s Norton (which I assume could be Norton Antivirus, Norton Internet Security, Norton 360 or one of their other products) "auto updates." Now, wouldn't a program with a 100% detection rate not require updates? After all, 100% detection implies detection of all malicious logic, past, present and future. The fact that threat signature database updates are required in order to add detection for new, previously undetected threats means that the true detection rate is not 100%.

I do not know what the memory requirements are for various programs, and they tend to vary based on things like the size of the in-memory threat signature database, so cannot make any specific comments there, other than to recommend that you do not rely on something so imprecise as, say, the Windows Task Manager but instead use tools like Microsoft's VMMap to make sure you fully understand how a program allocates memory from the system.

As far as the number of processes goes, well, again, I do not have much information about all the programs you mentioned. I was playing with a copy of ESET NOD32 Antivirus v4.0.467.0 under Microsoft Windows Vista Ultimate Edition x86 SP2 the other day, though, and found that I could disable the egui.exe application which runs in the Notification Area, leaving the ekrn.exe application running and was still protected against threats. I would imagine the other programs offer similar behavii.e. a service which performs the scanning and a GUI component that runs in userland to allow the computer operator to interact with the service.

I know there is an option in the context menu to disable scanning and it does work?a couple of weeks ago I was copying a large set of files (program files, runtime packed, compressed executables, the type of stuff that can contain malware and can be tricky to analyze) on a computer running ESET NOD32 Antivirus, and disabling the realtime scanning allowed the copy operation to speed up. The last version has some self-protection features designed to prevent the program from being disabled/unloaded from memory. Perhaps that is what you are thinking of? That is actually by design, but it can be turned off somewhere in the user interface.

As far as automatically quarantining or deleting files goes, I'm pretty sure that has been in their product for several generations. Perhaps a configuration error? One thing about the program is that the user interface could still be friendly, I think.

No idea about the false positive issue. I'd love to see some sort of empirical study showing the false positive rate on anti-malware programs. The closest I can think of is Virus Bulletin's VB100 Award, from which companies are disqualified if they have a false positive against a clean set of files. I believe AV-Comparatives does something similar in their reports, but on a sliding scale. I cannot recall any sort of focused testing specifically on false positives, though.

Cleaning?that is, disinfecting?a classic parasitic file infecting virus (actual computer viruses, by the way, account for probably just under 10% of what your anti-malware vendor sees these days) always involves modifying the executable program file, because you have to unlink, truncate or otherwise overwrite the malicious code, fixing the PE file header, import table or whatever the virus modified to their original locations, et cetera. I think that all programs which offer this as an option generally have some shortcomings. Keep in mind, though, that a lot of file infectors (Win32/Virut comes to mind) overwrite the host program's instructions when they infect it, damaging the executable file at the time of infection. Cleaning may remove the malicious code, but it is not going to be able to restore the original instructions. The only way I can think of getting around that is if the anti-malware program was deeply integrated with some sort of backup program and could somehow request the backup agent restore the damaged file from a pristine copy. I have never seen that level of integration, though, and there's a whole host of issues it would generate (authentication of the client-side request, proper archiving of the client-side programs on the backup server, integrity issues, probably even software licensing issues, et cetera) but it is an interesting idea, at least in theory.

Just to give you a little bit of background and explain my personal biases, I have worked at a couple of computer security companies over the years, mostly in support, engineering and research roles. No computer security program is bug-free, nor do they protect against all threats. What they do offer, though, is protection against many threats and, if or when one gets through, a source of expertise in helping you remediate that threat. There is a tendency for people to think of security software as some kind of invisible force-field that magically protects their computers from threats, whether they are IT staff trying to protect their network against malware brought in by employees on USB flash drives or self-inflicted by people who willfully download pirated software from peer-to-peer networks thinking that they can do so with impunity because their magical suit of armor is going to protect them. While sometimes security software does seem like that, I think in another way it is kind of like having automobile insurance: You probably have better things to spend your money on, and buy it not because you're a bad driver, but to protect yourself against all the other bad drivers out there. When you do get into an accident, though, you are certainly glad you had it.

Regards,

Aryeh Goretsky

Guys, the title of this thread is "Definitive Best Antivirus 2009"

Not "Voted by popularity contest best AV 2009".

If you're going to do somethiright.right.

You want to know what best, best, period, so lohard facts.facts.

Symantec is the only company on record to have ever had a 100% detection rate.

Norton had it's issues for a while, still does probably in the removal department.

However Symantec Corp is arguably the best on the market.

There's a reason it's still impossible to find test results fostill hasll has a 100% detection still hasll has zero user input required, it auto updates, scans and protects itself & you constantly.

And contrary to your common beleifs, it has the lowest memory footprint bar Avira perhaps.

Honestly, you must be blind if you think AVG, Nod32, KIS or others have a lower footprint than SAV.

Sure one process for the above might be lower in resources than RvtScan.exe for Symantec, but KIS, Avira, Nod32 and AVG all require more than 1 process running.

The total memory required to run all of these processes always exceeds Symantecs' requAlways.lways.

Nod32 is by far and wide a dead AV. It doesn't disable when you tell it to. It has far too many false positives (As does KIS/KAV).

Settings do not apply even if you restart the computer or manually restart all Nod32 services.

Most disturbing of all, there is no option to auto quarantine or delete infections.

Do you have any idea how rediculous that is? No quarantine / deletion makes an infection at least 4 times more likely to succeed at taking control of your PC.

Moreso even if it succeeds in cleaning the infection, cleaning itself causes corruption because it modifies the executible!

I honestly wouldn't if you paid me.id me.

If you honestly like that crap, you need to find another industry to work in - because anyone who igglaring, obviousbvious facts like those mentioned above, fails automatically as a competent PC user - you can completely and utterly forget about qualifying yourproffessional.ional.

  • 0
Community Regular

PurePhoenix

Posted
Posted (edited)

That's a massive wall of text :) Why didn't you try google before writing it?

http://www.allbusiness.com/technology/soft.../5687427-1.html

Definition of the AB100 award;

http://www.virusbtn.com/vb100/index

* It detects all In the Wild viruses during both on-demand and on-access scanning.

* It generates no false positives when scanning a set of clean files.

The product must fulfil these criteria in its default state.

EDIT:

Symantec Corp.'s Norton (which I assume could be Norton Antivirus, Norton Internet Security, Norton 360 or one of their other products) "auto updates."

nooo... read it again, i said Symantec Anti-virus corporate, NOT Nortons.

It means ONE anti-virus and only one, SAV. Not nortons, not N360, not NIS; Symantec Anti-Virus Corporate. Abbreviation SAV.

The fact that threat signature database updates are required in order to add detection for new, previously undetected threats means that the true detection rate is not 100%.

Wrong. By default Heuristics is off for SAV. Off entirely. And it still detects every known & unknown virus. With heuristics it can probably operate without updates whatsoever, to be honest who really cares wether it can or not? The fact is, it has a 100% detection rate without even having all of it's features enabled.

Maybe the database updates are just so the scanner can identify WHICH virus it is or to work as a redundancy backup IN CASE it comes accross something it's not sure about.

Honestly that's a rather rediculous question =/ What does it really matter? It doesn't really matter. Symantec know what they're doing and they release updates every week or so. Get them.

Notification Area, leaving the ekrn.exe application running and was still protected against threats.

No, you're not protected, Nod32 doesn't update unless the GUI is running.

Symantec will. RVTScan is a completely independant scanner

As far as automatically quarantining or deleting files goes, I'm pretty sure that has been in their product for several generation

I'm pretty sure you're wrong. I'm one of the most advanced PC users you will find & even i couldn't find a way to change the default action to quarantine or delete.

I know there is an option in the context menu to disable scanning and it does work

I tried running STEAM, Crysis and a few others, even with the realtime scan disabled in the tray icon it detected both the Crysis 64 exe and steam exe's as trojans =/

The official ****ing exe's on softwares that have been out for years. That's bloody ****-poor & pathetic.

I tried manually disabling the service through services.msc and the GUI was still detecting false positives.

I closed the GUI application and i'm just about convinced this crap hooks into system.exe or another core app because it still ****ing detected it.

I litterally could not run over 1/2 my games PERIOD until i completely removed the ****.

The only way I can think of getting around that is if the anti-malware program was deeply integrated with some sort of backup program and could somehow request the backup agent restore the damaged file from a pristine copy. I have never seen that level of integration, though, and there's a whole host of issues it would generate (authentication of the client-side request, proper archiving of the client-side programs on the backup server, integrity issues, probably even software licensing issues, et cetera) but it is an interesting idea, at least in theory.

Yes there are major issues with it. Symantec and others use a system where the cleansed file is first de-compiled & reviewed; Next any missing code is guessed at and the best probable match is added, then the file is re-compiled.

The java virutal machine does this as well, but it's re-coding on the fly, the "optimised" code is never written to hard drive thus you never see any corruption, it's all discarded when the application is shut down. However, that's 99% of the reason why Java apps are so damn unstable.

If only one of the two data streams for NTFS is infected then an AV will usually try to delete the entire infected stream and copy over the clean one to restore the file to working order.

What they do offer, though, is protection against many threats and, if or when one gets through, a source of expertise in helping you remediate that threat. There is a tendency for people to think of security software as some kind of invisible force-field that magically protects their computers from threats

AND that's exactly why SAV works. It's an anti-virus, not an anti-malware.

Remember what i said just a few lines ago about virii specifically trying to damage your files?

Symantec looks specifically and only for file damaging activity and intercepts it.

Honestly, how many file damaging techniques do you think there are? I'll give you a hint, there's about five.

99% of a virus' code isn't designed to damage your system - that's the GOAL of the virus, but to SUCCEED it has to attack yuor security first.

E.g like give itself permission to run as a service.

Symantec monitors these kinds of suspicious behaviours and looks for file damaging instructions in the code of the suspicious file.

All in all i think you're drastically over-estimating viral abilities.

Edited by PurePhoenix
  • 0
Collaborator

Squall_Leonheart

Posted
Posted
Hello,

Sounds like you are having a lot of problems with your deployment of NOD32. have you checked with their technical support department to see why these problems are occuring? Perhaps there is a configuration error.

You should always send undetected malware to your anti-malware vendor, that way they can add signatures to detect it. I found ESET's instructions here on their web site.

Regards,

Aryeh Goretsky

yes i have contact their technical support at my country. for a few time they come down and for a few time they are storm with no answer. always ask for log file, safe mode scan log file etc. Undetected virus list submited 3weeks before, still no answer. Really i'm not comparing product or bias to certain product. I beieve that whatever av that can free me more time to let me do more research and finding for other much more useful things, i'll go for it. It is that simply. I am very sure that NOD32 is just not the av that you can trust for a corporate environment. Home pc that can afford to reformat, reformat and reformat again has no concern with this product. Hope nod32 CEO read this and get more concern on their product not on the marketing. Thanks

  • 0
Grand Master

goretsky Supervisor

Posted
  • Supervisor
Posted

Hello,

First off, I hope you don't mind if I don't quote inline. I'm not very good at that and sometimes mess things up, so would like to avoid any mistakes like that. Since your are obviously so passionate about the subject and wrote such an interesting message, I felt I had to at least had to try and match your own efforts.

Thank you for providing the link to Symantec's press release from 2003 announcing their nineteenth VB100 Award. I did take a look at it, but am afraid I did not see anything which appeared very different from the sorts of press releases vendors put out when then receive a VB100 Award. Was there something especially unique or telling about this one?

Symantec's actually gone on and acheived a bunch more VB100's since then. If you take a look at Symantec's VB100 Results Overview page here on Virus Bulletin's web site, you'll see that they have received the award 51 times, missed it 7 times, and did not participate 8 times. Those are excellent results, and Symantec should be quite proud of them. In comparison, Kaspersky has received the award 49 times and failed to receive it 17 times (so far, they have not passed on participating in any of the VB100 tests). McAfee's Results Overview page here reports 42 wins, 21 failures and they did not participate 3 times, which sound like strong results to me, too. Interestingly, enough, McAfee has a separate page here for McAfee Total Security reporting 1 success, 0 failures and 65 non-participations. I'm not sure why that's listed separately from their other page. As for ESET, well, VB's Results Overview page here lists 58 successes, 3 failures and they didn't participate in 5 tests. By the way, just to clarify, not participating doesn't mean a missed VB100 Award, it means the company didn't submit a product for testing that time. That could be because they were in the middle of re-writing it, or maybe they didn't support the platform which was being tested at the time. Virus Bulletin Magazine performs testing on all sorts of platforms besides Microsoft Windows, and they might have peformed a VB100 test on some platform the vendor no longer supports, like Novell NetWare, DOS, UNIX and so forth.

By the way, for those who are just reading this thread and may not be familiar with Virus Bulletin Magazine's VB100 tests, one of the test components is a check against In the Wild (ItW) viruses, which is a specific list of threats reported to the WildList Organization by virus researchers. As of this writing, the latest online listing is for September 2009 and can be found here on their web site. It lists 986 threats for that month.

Thank you for explaining to me that you specifically meant the corporate version of Symantec's product, SAV. It was not clear to me before which product(s) you meant. That makes thigns a lot clearer now. I did not see any mention in the articles you cited of whether its heuristics were enabled or disabled during testing, or what effect they had, if any, in the seven times Symantec's products missed a VB100 Award. Since the point of your earlier post seemed to be the percentagewise detection of threats without specific techniques, I really wasn't going to get into that. In any case, I think pretty much all anti-malware programs have heuristic detection these days (even if it is not enabled by default as you said in SAV) and there are certainly plenty of other techniques to detect threats besides having a specific signaturelike generic (fuzzy-logic) signatures, behavioral analysis, HIPS, sandboxing, white-listing, black-listing, and reputation analysis. Each vendors' implementations have their own strengths and weaknesses and some work better than others.

Are you certain that Symantec only provides weekly signature updates? The reason that I ask is because their blog states here that they use a technology called Pulse Updates which provides signature updates every fifteen minutes or so, with orthodox updates every shift (well, about every eight hours, but that sounds like a virus analyst's shift to me). Perhaps there is something else they offer on their web site that is updated weekly? By the way, AV-Test provides reports on virus signature database update frequencies here. It is interesting reading, but keep in mind that frequency of updates has no equivalency to effectiveness of those updates.

I am reasonably sure that NOD32's update mechanism is part of its kernel service and not its graphic user interface. This is easy enough to verify by installing the program, starting a packet capture, scheduling an update, killing the GUI component, and watching the service query their update servers. I can certainly believe, though, that it might not report the update correctly after the GUI restarted until the next update.

Just to check, are you certain that you were not infected? The reason I ask is because when an anti-malware program false positives on Windows operating system files, popular applications like Microsoft Office or Adobe Reader or games, you typically read about it online in the trade press, and I don't recall seeing anything like that. I even visited ESET's support forum and looked around. I found a message talking about Steam interoperability issues which didn't sound very pleasant, but that semed like a far cry from detecting the programs as Trojan horses. Also, when an anti-malware program tends to have gross false positive alarm issues, it typically is because the signature detects a particular runtime library or common piece of code generated by a compiler. A report of just games being detected as being infected sounds unlikely, though, of course I have certainly heard of stranger things.

Your description of how a binary program file is disinfected pretty much sounds like how all anti-malware programs perform the removal of a parasitic file infection, these days.

Thank you for the explanation of computer viruses and how SAV works. Also, thank you for taking the time to have a polite conversation about it; all too often message threads like these degenerate into unverifiable assertions and name-calling, and it is nice to have a civil discussion with someone who is more interested in things like underlying technologies.

Regards,

Aryeh Goretsky

That's a massive wall of text Why didn't you try google before writing it?

http://www.allbusiness.com/technology/soft.../5687427-1.html

Definition of the AB100 award;

http://www.virusbtn.com/vb100/index

EDIT:

nooo... read it again, i said Symantec Anti-virus corporate, NOT Nortons.

It means ONE anti-virus and only one, SAV. Not nortons, not N360, not NIS; Symantec Anti-Virus Corporate. Abbreviation SAV.

Wrong. By default Heuristics is off for SAV. Off entirely. And it still detects every known & unknown virus. With heuristics it can probably operate without updates whatsoever, to be honest who really cares wether it can or not? The fact is, it has a 100% detection rate without even having all of it's features enabled.

Maybe the database updates are just so the scanner can identify WHICH virus it is or to work as a redundancy backup IN CASE it comes accross something it's not sure about.

Honestly that's a rather rediculous question =/ What does it really matter? It doesn't really matter. Symantec know what they're doing and they release updates every week or so. Get them.

No, you're not protected, Nod32 doesn't update unless the GUI is running.

Symantec will. RVTScan is a completely independant scanner

I'm pretty sure you're wrong. I'm one of the most advanced PC users you will find & even i couldn't find a way to change the default action to quarantine or delete.

I tried running STEAM, Crysis and a few others, even with the realtime scan disabled in the tray icon it detected both the Crysis 64 exe and steam exe's as trojans =/

The official ****ing exe's on softwares that have been out for years. That's bloody ****-poor & pathetic.

I tried manually disabling the service through services.msc and the GUI was still detecting false positives.

I closed the GUI application and i'm just about convinced this crap hooks into system.exe or another core app because it still ****ing detected it.

I litterally could not run over 1/2 my games PERIOD until i completely removed the ****.

Yes there are major issues with it. Symantec and others use a system where the cleansed file is first de-compiled & reviewed; Next any missing code is guessed at and the best probable match is added, then the file is re-compiled.

The java virutal machine does this as well, but it's re-coding on the fly, the "optimised" code is never written to hard drive thus you never see any corruption, it's all discarded when the application is shut down. However, that's 99% of the reason why Java apps are so damn unstable.

If only one of the two data streams for NTFS is infected then an AV will usually try to delete the entire infected stream and copy over the clean one to restore the file to working order.

AND that's exactly why SAV works. It's an anti-virus, not an anti-malware.

Remember what i said just a few lines ago about virii specifically trying to damage your files?

Symantec looks specifically and only for file damaging activity and intercepts it.

Honestly, how many file damaging techniques do you think there are? I'll give you a hint, there's about five.

99% of a virus' code isn't designed to damage your system - that's the GOAL of the virus, but to SUCCEED it has to attack yuor security first.

E.g like give itself permission to run as a service.

Symantec monitors these kinds of suspicious behaviours and looks for file damaging instructions in the code of the suspicious file.

All in all i think you're drastically over-estimating viral abilities.

  • 0
Community Regular

PurePhoenix

Posted
Posted

Understanding the underlying technologies is what seperates the dreamers for the bread makers IMO :)

I'm glad i've given you some food for thought and comparison so you can form your own opinion about which is the best AV.

Personally SAV wins for me because of the low input requirement, the end user or staff member doesn't need to interact with it whatsoever and infact you can lock them out of it if you so desire, leaving your technical staff with the sole responsibility and ability to manipulate the software. I personally value this very highly since 99% of staff and end users just don't give 2 hoots if your corporate network is infected; that's an attitude which gives administrators real headaches and Symantec provides the ability to lock end users out so they can't fiddle and jepourdise the security of the network.

As i've said, i've caught the pulse updates before 6 times in the one day and been satisfied that i'm getting that level of service. Nortons as far as i know will not pulse update, they do a daily BETA definitions release that MAY not be accurate, with a finalised definitions update every wednesday. The latter being the only release which is guaranteed stable and guaranteed not to cause issues like BSOD's. I've seen more than once a daily update for norton AV causing BSOD's, i'll be the first to admit that at least until 2009, perhaps 2008 it's reputation was fully deserved.

If you have test via packet sniffing a update pulse for Nod32s' core service then i applaud you; after seeing it's other short-comings i honestly didn't bother.

You seem like a very straight-up no nonsense kind of person so i can trust your words to a large extent; i'll have to see it update without the GUI with my own eyes to be absolutely sure however that's nothing against you that's just the attitude that is required of administrators these days; Don't trust 2nd-hand information.

If i were prone to conjecture, i'd say symantec skipped / chose not to participate in tests when SAV 8 had already been tested. SAV 8 did last quite a few years and it was onyl the last year or two that SAV10 was released. That is possibly the reason behind Symantec choosing not to participate in the AB100 examination.

Just to check, are you certain that you were not infected?

Well so far i've had no data stolen, no unorthodox crashing and the same executibles passed SAV 10's scan when i rebooted to XP SP2. So i am quite sure they weren't actually infected. Due to modern DLC and other licensing authentification techniques i wouldn't be surprised if STEAM and Crysis etc had virus-like code, however that shouldn't justify a false positive out of both KAV and Nod32.

My last point of interest from your post was the AB100 awards segment; I was quite surprised that KAV and Nod32 both passed. Especailly passing that many times makes me beleive the test results are faked because i've tested KAV on XP myself with STEAM and noticed false positives; One of the requirements of the AB100 is no false positives so unless STEAM is software excluded from the false-positivity test i'm inclined to say so far that there is a considerable amuont of under-the-coutner trading happening with A-V Comparatives.

Going back as many years as you have to (2000? 1995?) When SAV first was rated at a 100% detection rate, it starts to get hard to remember which source rated them at 100%.

I might have to invest some more time soon in finding the original verdict and source which rated SAV at 100% since the legitimacy of the A-V Comparatives AB100 award has so suddenly been called into question.

For myself, the trust i have in SAV is borne purely from testing it against other AV's. Certainly, my experiences may differ to yours and 2nd-hand information is never to be trusted as a general rule of thumb. Suffice to say, i already knew SAV had a 100% detection rate before i even had to research it via online documentation to prove it a couple of years ago.

At the end of the day, the best way to guage an AV is to install it and test it yourself. My personal results were such that my business network, home location and external customer base all resulted in virii found when i installed SAV to triple check the cleanliness of their systems.

Since then i haven't looked back as the AV's used prior to my SAV scan listed in the double digits.

  • 0
Mentor

Salty Wagyu

Posted
Posted
Ok I just started using MSE, pretty nice. Question ... can I make it gtfo my taskbar and only be in my system tray?

Press X instead of minimize, it will still continue to run in the system tray.

If that doesn't work, ensure the MSE icon on your taskbar isn't pinned to the taskbar. (only applies to Windows 7)

This topic is now closed to further replies.
 Share
Go to question listing

  • Recently Browsing   0 members

    • No registered users viewing this page.