Anti-virus + Anti-spyware: Latest software opinions

[Ian Kenefick]

For my money F-Secure Anti-virus is the best thing going.

Overall detection - reaction times to new threats : yes, certainly one
of the best.

Probably, F-Prot or Nod32.

Yep - I agree with you here!

Huh? What? Assuming you have reasonably up to date hardware and
sufficient RAM who cares. My primary workstation is 1.6GHz P4 with 1GB
of RAM... I can't see any difference in performance with F-Secure
running versus not running.

There is a noticeable difference - without question - I'm surprised
you don't notice - I have similar spec machines also running FSAV

Hmm... Ummm.... Err... I suppose that depends on how you define
"good". Personally, I wouldn't touch it with a ten meter cattle prod.

Giant Antispyware was an excellent program and MS Antispyware is no
different - except for the fact they dont update is as often.


Regards,
Ian Kenefick
http://www.IK-CS.com

 

[Roger Wilco]

"Thomas G. Marshall"

Sigh. Once again.

"Which is best?" is a question that gets asked a great many times in this
group, and I've been following the trends for a while, but am lost as to
what the /current/ opinions are. So hopefully, this post isn't a simple
rehash of all the others in the last couple weeks.

"Doing the same thing and expecting different results is a sign of
insanity"

Used to be it was McAfee vs. Norton for AV, and that was all there was worth
mentioning in the AV universe. The others were piddling nothingness.

Maybe they had the advertising capital that others did not. They are
both good, but they are not the only good ones.

Now it seems that there are a lot of accolades for other apps in the AV
arena. Basically I run both Norton and AVG (Norton full time, and avg "once
in a while").

Sounds good.

I am mostly concerned with bandwidth impact of my continually running 2003
NAV auto-protect.

Yep, it's a hog.

1. What is the best AV considered to be these days?

IMO Kapersky, F-prot, and Sophos (and maybe Norman's sandbox too). I
base my opinion on the lack of problems reported in the virus related
newsgroups, and from good detection rates as reported also. McAfee and
Norton have added too much fluff which bogs down the systems for some
peeps, but they have good detection.

2. Which AV has the least impact on the system (perhaps this need not be a
separate question).

Almost any on-demand AV.

3. Is McAfee considered to be a bigger hog of cpu bandwidth?

Depends on how much stuff (fluff) you have it doing.

4. What is everyone's favorite anti-spyware?

Prevention - safe hex.
Clean-up if prevention fails - both Ad-Aware and Spybot S&D (CWShredder
if CWS is what gotcha).

I am using AdAware, but am
intrigued by McAfee's new app.

Hmmm, never looked into it myself.

*And the whopper spyware question* :

5. Is microsoft's new and free anti-spyware application any good?

Probably, but with any MS product (even one bought from another company)
it is best to let others test it for you. It wouldn't suprise me much if
that app had vulnerabilities or trapdoors.

 

[GEO Me]

Agreed whole heartedly! There is no perfect 'all in one' product. Now
here is an analogy - It's a lot like Shampoo and Conditioner - ever
though the Shampoo and Conditioner all in one is convienient and even
cheaper in most cases - two seperate products, a very good shampoo and
a very good consitioner - sometimes from different brands - offer the
best results

Very apt comparison, but it seems that many people are used to the
Windows model in which one product does everything. Many users don't
want to have to bother learning and deciding among different programs.
If users can't even learn to differenciate between Microsoft and its
programs, you will have people going to a second hand store wanting to
buy MS Word, and saying that they want to buy Microsoft (as told by
the owner of the store).

Geo

 

[Will James]

how is the MS anti-spyware and did you ever try Avast before you used
Kaspersky?

I tried Avast free but it missed a nasty trojan associated with Freshbar
which Kaspersky Personal Pro caught so I switched. You can compare antivirus
record here:
http://www.virusbtn.com/vb100/archives/products.xml?table

Will

 

[Will James]

Overall detection - reaction times to new threats : yes, certainly one
of the best.


Yep - I agree with you here! snip
Regards,
Ian Kenefick
http://www.IK-CS.com

I found ca ETrust EZ Antivirus very light on resources also..

Will

 

[somekiss]

I've got both Adaware and Spybot S&D installed... Neither of them has
ever found anything other than the occasion "tracking cookie".

How on earth can Ad-Aware find anything when every definition update file
is smaller than the previous one? This means they're eliminating spyware
which has a statistical sampling of lower infections, although there's
still a chance you can dl it.

 

[David W. Hodgins]

How on earth can Ad-Aware find anything when every definition update file
is smaller than the previous one? This means they're eliminating spyware
which has a statistical sampling of lower infections, although there's
still a chance you can dl it.

Downloading "updates" is not the same as downloading the complete definition
database. The "updates" should only include newly detected spyware, and/or
corrections to existing definitions. It should not be deleting existing spyware
detection signatures from the database, unless they were false positives.

In the years I used adaware, I never saw an update result in a decrease in the
number of items in the database.

Regards, Dave Hodgins

 

[Thomas G. Marshall]

Jeffrey A. Setaro coughed up:

skydiver coughed up:

"Which is best?"

Avast gets my nod. [...]

Ok, wait a sec. I'm reading over and over the following:

Avast is great

and now I'm also reading in this thread

Kaperksy is great

*How are these two compared to NAV and McAfee* ?

And do either Kapersky or Avast have reasonable anti-spyware?

Kaspersky has the ability to detect spyware... It's not enabled by
default though. I memory serves there's an option in the updater to
include the spyware detection information in the updates.

Ah, but that would be detection /after/ the fact, no? Don't most ASW's
/prevent/ the spy implant, or hijack, etc., before it happens?

I really wish there were a more definitive metric on AV and ASW quality. A
rating system, or somesuch. But unfortunately, part of what I've discovered
is that even if you have an outstanding virus scanner, if the database
hasn't caught up with what's out there then the point is moot.

Given that, it seems there are two distinct metrics:

1. scanning ability
2. viral database

Which really, IMO, just boils down to the following metric:

1. number of times it misses a major virus

....which is nearly impossible to gauge.

 

[Thomas G. Marshall]

Roger Wilco coughed up:

"Thomas G. Marshall"


"Doing the same thing and expecting different results is a sign of
insanity"

Which explains why I'm going to post this question again next week

Maybe they had the advertising capital that others did not. They are
both good, but they are not the only good ones.


Sounds good.


Yep, it's a hog.


IMO Kapersky, F-prot, and Sophos (and maybe Norman's sandbox too). I
base my opinion on the lack of problems reported in the virus related
newsgroups, and from good detection rates as reported also. McAfee and
Norton have added too much fluff which bogs down the systems for some
peeps, but they have good detection.


Almost any on-demand AV.


Depends on how much stuff (fluff) you have it doing.


Prevention - safe hex.
Clean-up if prevention fails - both Ad-Aware and Spybot S&D
(CWShredder if CWS is what gotcha).

Tried CWShredder, and it didn't remove the CWS hijack that a friend of mine
got.

 

[Alias]

| Practicing safe hex is
| the best "program" though.

What is "safe hex"?

Thanks,

 

[Melissa]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi Alias,

What is "safe hex"?

Basically, it means "safe practices". Here's one place that mentions
a few ideas to get started with:

http://www.claymania.com/safe-hex.html

- --
Melissa

-----BEGIN PGP SIGNATURE-----

iD8DBQFB+icYKgHVMc6ouYMRAjimAJ4mSdYcDPXHFar5er2jOmI1V4xwWACgxWwX
DnCIVylGmerYdZAk7CUs/zk=
=z8v9
-----END PGP SIGNATURE-----

 

[Beauregard T. Shagnasty]

| Practicing safe hex is the best "program" though.

What is "safe hex"?

You go to the local pharmacy and buy an extra large condom ... and ...
slip it on over your computer ... you don't want to have unprotected
communications with the Internet.

Heehee. As Melissa said, safe practices. if you weren't aware, "hex"
is short for, and a play on the word, hexadecimal, the base 16 number
system.

 

[Jeremy]

I really wish there were a more definitive metric on AV and ASW quality. A
rating system, or somesuch. But unfortunately, part of what I've discovered
is that even if you have an outstanding virus scanner, if the database
hasn't caught up with what's out there then the point is moot.

Given that, it seems there are two distinct metrics:

1. scanning ability
2. viral database

My AVG Anti-Virus program also has heueristics--the ability to detect
certain suspicious types of code, even though there is no virus signature
that would identify it as a known virus.

Admittedly, this is not foolproof, and it might result in an occasional
false positive, but AVG estimates that it can detect about 50% of new
viruses that have not yet been officially identified.

But you are correct when you say that no antivirus application is perfect.
It's the new viruses that cause all the problems, because until someone
takes the hit and it is identified as a virus, (and is downloaded into our
antivirus updates) we are all vulnerable. I believe this is why email-borne
viruses are so devastating. They circulate faster than the ability of the
antivirus peoples' ability to distribute their signatures to users.

 

[Ian Kenefick]

My AVG Anti-Virus program also has heueristics--the ability to detect
certain suspicious types of code, even though there is no virus signature
that would identify it as a known virus.

Admittedly, this is not foolproof, and it might result in an occasional
false positive, but AVG estimates that it can detect about 50% of new
viruses that have not yet been officially identified.

Heuristics statistics by antivirus companies are waaay over stated -
the only Apps I have come accross with Good Heuristics are NOD32 and
Dr.Web and to a lesser extent F-Prot Neural Network - others like
Kaspersky who say something like 82% of new threats detected by
Heuristics which is bullshit.


Regards,
Ian Kenefick
http://www.IK-CS.com

 

[Melissa]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi Ian,

Heuristics statistics by antivirus companies are waaay over stated -
the only Apps I have come accross with Good Heuristics are NOD32
and Dr.Web and to a lesser extent F-Prot Neural Network - others
like Kaspersky who say something like 82% of new threats detected
by Heuristics which is bullshit.

Even though I'm a happy user of NOD32, and respect their heuristics,
the best heuristic detection is still our own careful practices, and
knowing what to be wary of in both specific and general terms. That
said, I wish we didn't have to spend (waste?) so much of our time
even thinking about all this stuff. Not because I think the AVs
should be so much better, but because...

Most of us, I presume, didn't get a computer so that we could spend
so much time and energy learning about and dealing with viruses and
such in the first place. I know that some people thrive on geeky
challenges, regardless of what they are, and that's fine for them
(and we can be grateful for their efforts on our behalf), but for
most of the rest of us, we'd probably be able to find plenty of other
things to do with our time - in my case, especially things away from
the computer. Though I'm very grateful for forums like these,
through which I've learned so many useful, and in fact, necessary
things over the years, I wish I never felt the need to be here at
all.

Viruses, worms, Trojans, spyware, spam, etc. are, in my view, social
problems even more than they are technical annoyances; at least at
their root. Certainly, those who would purposely inflict these
annoyances upon us are suffering from social problems, and in turn,
the rest of us suffer as well.

Over these past five years that I've been online, I've become a fairly
competent amateur geek (albeit reluctantly so), so in addition to
learning about all this stuff, and constantly trying to keep up with
it all, I've become the "resident helper" for many amongst my family
and friends. I'm happy to help them sort out their problems, and
eventually, I can teach most of them to not get into so much trouble
in the first place, but again, I do this not because I especially
enjoy the particular technical challenges, but just because simply I
care about them and want to help. All this however, eats up
additional time and energies I could be spending in truly more
productive ways...both at the computer and away from it (again,
especially away from it).

Sometimes I wish my Luddite leanings would finally convince me to
pull the plug on this silly machine, but what I feel I gain from the
*good things* about being online will most likely keep me online.

Oh well, I guess I've had my little rant for the morning.

- --
Melissa

-----BEGIN PGP SIGNATURE-----

iD8DBQFB+oj6KgHVMc6ouYMRAsOJAJ46aAcZp4szznM67T5Zc+GAzvhIawCaA13U
I2k7mIlNAwFgHeUJ1AqIBkU=
=Kjxe
-----END PGP SIGNATURE-----

 

[Art]

On Fri, 28 Jan 2005 10:48:39 -0800, Melissa

Though I'm very grateful for forums like these,
through which I've learned so many useful, and in fact, necessary
things over the years, I wish I never felt the need to be here at
all.

Viruses, worms, Trojans, spyware, spam, etc. are, in my view, social
problems even more than they are technical annoyances; at least at
their root. Certainly, those who would purposely inflict these
annoyances upon us are suffering from social problems, and in turn,
the rest of us suffer as well.

Over these past five years that I've been online, I've become a fairly
competent amateur geek (albeit reluctantly so), so in addition to
learning about all this stuff, and constantly trying to keep up with
it all, I've become the "resident helper" for many amongst my family
and friends. I'm happy to help them sort out their problems, and
eventually, I can teach most of them to not get into so much trouble
in the first place, but again, I do this not because I especially
enjoy the particular technical challenges, but just because simply I
care about them and want to help. All this however, eats up
additional time and energies I could be spending in truly more
productive ways...both at the computer and away from it (again,
especially away from it).

Indeed. Those of us who aren't making a living off of the social
problem of malicious code are wasting our time with newsgroups
such as these, beyond a certain point in the learning curve. Some
of us stay addicted to these newsgoups far too long.

Yesterday, I dumped my old av oriented web site and started
fresh with a new theme. It felt good


http://home.epix.net/~artnpeg

 

[Melissa]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi Art,

Yesterday, I dumped my old av oriented web site and started fresh
with a new theme. It felt good

http://home.epix.net/~artnpeg

I'm glad for you! The help you've offered so many people here has
been, and will always be, much appreciated; even if you move on to
other pursuits! I don't spend much time in these places anymore
either, but now and then, I pop in to see if there's something I
really should be "up to date" with, and for this, I'm still grateful
for these types of forums.

Nice to see you Art!

- --
Melissa

-----BEGIN PGP SIGNATURE-----

iD8DBQFB+pnnKgHVMc6ouYMRAl6FAKCczfcJnb0SJQElOxbkME8aoNCPuACg8fUn
TKaiSSHGay3Y0Op0M6EUCUk=
=06VZ
-----END PGP SIGNATURE-----

 

[Ian Kenefick]

Yesterday, I dumped my old av oriented web site and started
fresh with a new theme. It felt good

You'll be back - admit it Art - you will be back. You can't keep your
overly opinionated posts out of ACV / ACA-V forever mwuuuuaaahhhh


Regards,
Ian Kenefick
http://www.IK-CS.com

 

[Ian Kenefick]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi Ian,

Even though I'm a happy user of NOD32, and respect their heuristics,
the best heuristic detection is still our own careful practices, and
knowing what to be wary of in both specific and general terms.

One must ask why you subscribe to any of these newsgroups?




Regards,
Ian Kenefick
http://www.IK-CS.com

 

[Alias]

| -----BEGIN PGP SIGNED MESSAGE-----
| Hash: SHA1
|
| Hi Alias,
|
| On Fri, 28 Jan 2005 12:46:57 +0100, you wrote:
|
| > What is "safe hex"?
|
| Basically, it means "safe practices". Here's one place that mentions
| a few ideas to get started with:
|
| http://www.claymania.com/safe-hex.html
|
| - --
| Melissa

Oh, OK, thanks.