avast! new version released

[Bear Bottoms]

avast! just released it's new version and it is much improved. IMO it is
holding the number one free antivirus category solidly. The sandbox is
greatly improved and pup scan is much better.

 

[Bear Bottoms]

Better as in "ignore Nirsoft, Cain etc" ?
If I turn PUP detection on, most AV's wipe half my programs.

You /can/ whitelist 'em...might be too much of a pain for ya though.
While avast! is likely the best of the free AVs, I use PandaCloud Beta
with it's firewall on top of Windows Firewall...they play very nice and
I like the virtually real-time updates, it's detection is better than
avast's but not Emsisoft (which has the best by far.) avast's resource
usage is an impressive 7Mb but Panda's is 3MB. My system is fast as
greased lightning which is the way I like it. Boot time for Win7 is 24
seconds.

I don't use anything else other than the safe-hex experience I've gained
over the years...though I do allow UAC with Win7...foolish not to.

I've never gotten any unintentional serious infection since I've been
using computers, which I suppose is because of a mixture of luck and
care. I certainly explore more sites and download and install more than
the average bear...but I've used different techniques over the years to
effectively manage that. Right now, I have an image I use for exploring,
and when I'm done, I pop my regular one back on.

I also have an image I use that has no security programs installed at
all, for intentionally infecting my machine while testing various
security programs that I load...besides being fun, it is very
enlightening.

 

[Dustin]

avast! just released it's new version and it is much improved. IMO it
is holding the number one free antivirus category solidly. The
sandbox is greatly improved and pup scan is much better.

What are the requirements to place on the category list? IE: How do you go
about testing them?

As a side note, I tend to recommend Avast as one of the best free
antivirus myself. Easy to manage, not a royal pain in the arse on the
system. I have no experience with the freshest version myself, however,
based on the majority of opinions I've been reading it won't let me down.

 

[Dustin]

If I turn PUP detection on, most AV's wipe half my programs.

Same here. As well as some of my own. LOL!
I have to be very careful when scanning so as not to damage a collection
of malware in the process. ehehe

 

[Dustin]

You /can/ whitelist 'em...might be too much of a pain for ya though.
While avast! is likely the best of the free AVs, I use PandaCloud
Beta with it's firewall on top of Windows Firewall...they play very
nice and I like the virtually real-time updates, it's detection is
better than avast's but not Emsisoft (which has the best by far.)
avast's resource usage is an impressive 7Mb but Panda's is 3MB. My
system is fast as greased lightning which is the way I like it. Boot
time for Win7 is 24 seconds.

The panda software becomes useless the moment an internet connection is
compromised. Hopefully, it has local definitions it can resort to using?

What procedures and tools do you use to make the determination that
emisoft is better/worse than avast?

By boot time, are you stopping the clock when you see the desktop? What
are your hardware system specs? 24 seconds from dead stop (power off
state) seems... unrealistic, Bear.

I don't use anything else other than the safe-hex experience I've
gained over the years...though I do allow UAC with Win7...foolish not
to.

I havent observed you mention safe(r)-sex until I recently brought it up
during a previous discussion... What is the safe-hex experience as known
to Bear? I'm interested in how it may/may not differ from the standards
I'm familiar with...

I've never gotten any unintentional serious infection since I've been
using computers, which I suppose is because of a mixture of luck and
care. I certainly explore more sites and download and install more
than the average bear...but I've used different techniques over the
years to effectively manage that. Right now, I have an image I use
for exploring, and when I'm done, I pop my regular one back on.

Bear,

In all seriousness... Have you considered the unnecessary wear and tear
you're placing on the hardware by doing all of this image/reload?

I also have an image I use that has no security programs installed at
all, for intentionally infecting my machine while testing various
security programs that I load...besides being fun, it is very
enlightening.

As you most likely aren't playing with viruses, One couldn't really say
you're infecting the computer. However, again, from a research point of
view, I certainly am interested in your methodology for infection, your
testbed configuration and how you keep track of everything.

I am especially interested in whether or not you've verified every sample
in your malware collection is indeed a live viable 1st/2nd gen sample.
Various av/am programs will happily alart on non functional malware
samples. Simply scanning a folder and keeping anything that scores a hit
isn't a good way to process the collection. Just so you know, in the event
you didn't already.

Looking forward to your response(s) to my inquiries.

 

[Shadow]

avast! just released it's new version and it is much improved. IMO it is
holding the number one free antivirus category solidly. The sandbox is
greatly improved and pup scan is much better.

Better as in "ignore Nirsoft, Cain etc" ?
If I turn PUP detection on, most AV's wipe half my programs.

[]'s

 

[Dustin]

Keep your Zoo in an encrypted archive file.

I did that once, I really did. Then I discovered a horrible problem with
the archiving version I had been using.. now, it's multiple rars. hehehe

 

[Shadow]

avast! just released it's new version and it is much improved. IMO it is
holding the number one free antivirus category solidly. The sandbox is
greatly improved and pup scan is much better.

Better as in "ignore Nirsoft, Cain etc" ?
If I turn PUP detection on, most AV's wipe half my programs.

[]'s

You put those utilities in a folder and put the folder in as a scan
exception.

Is what I do with my nasty malware files.
But I prefer to disable PUP detection. (Advanced options in
Avira - the resident AV I favour)
A recent Kaspersky USB scan found 138 PUPS, with high
heuristics and "all" categories selected. None were malicious. (unless
someone has access to my PC).
PS I'm still fishing for the nasties. They are ignoring me.

[]'s

 

[Bear Bottoms]

What are the requirements to place on the category list? IE: How do
you go about testing them?

I do a bunch of stuff, but an incomplete summary quickly is I read as
many tech reviews from those that I respect as I can find...and they are
numerous - especially with this one, and I install the program on an
image I use for testing security programs, collect a few thousand new
malware samples and 20 or so fresh links from a source I have and try it
against a couple of other quality antivirus apps I put through the same
test with the same malware...and see how it does. I also give the
program to a friend in the IT security division of my company and he
runs some tests on it for me...and give me a summary of his findings.

avast! with pup turned off caught about 80% of the samples and with it
on about 90%...it's sandbox was the most active. Emsisoft caught 98%.

That is about the best I can do for my own satisfaction. I also do not
like publishing these findings other than my summary opinion as I'm not
a professional malware tester and only use samples for a general
conclusion as to how the program does and reacts to them...but it does
satisfy my concerns.

Microsoft Security Essentials and AVG have been left in the dust.
Antivir does OK, but not as good as avast!...used to be the other way
around not so long ago.

 

[Bear Bottoms]

The panda software becomes useless the moment an internet connection
is compromised. Hopefully, it has local definitions it can resort to
using?

The moment that happens, you are infected. I deal with that...it's for
prevention as best as can be.

What procedures and tools do you use to make the determination that
emisoft is better/worse than avast?

kinda answered in the other thread.

By boot time, are you stopping the clock when you see the desktop?
What are your hardware system specs? 24 seconds from dead stop (power
off state) seems... unrealistic, Bear.

24 seconds from the time I hit enter at login till my wireless comes
online...that is the last TSR to load . I'm not counting the time to
login.

I havent observed you mention safe(r)-sex until I recently brought it
up during a previous discussion... What is the safe-hex experience as
known to Bear? I'm interested in how it may/may not differ from the
standards I'm familiar with...

Safe hex is discussed in my comprehensive security plan posted on my
website ...has been for years. My post here have been excerpts of a
complete security plan...for the purpose of discussing that phase. I
don't think I've mentioned wifi security, identity theft, anti-
keylogging, banking, software & system updates, routine malware scans,
rescue CD's, password and form management, proxies, or some of the other
of many security concerns which should be addressed in a comprehensive
discussion about security. That takes more time than I wish to spend
when I post about a specific topic I wish to discuss.

I'm not that safe as I visit a lot of websites and download and install
a lot of software each month...but I use images to do that, and when I'm
done, I revert to a clean image as things can inject themselves without
me noticing. I also do the standard stuff as far as unknown senders of
email/attachements, etc. My main practice is to use my clean image until
a MS Update or I decide to make a permanent change, then I reload that
image, make the change and reimage. Then I use that image until the next
change. Such works very well for me.

Bear,

In all seriousness... Have you considered the unnecessary wear and
tear you're placing on the hardware by doing all of this image/reload?

LOL...none the more so of all the other things I do.

As you most likely aren't playing with viruses, One couldn't really
say you're infecting the computer. However, again, from a research
point of view, I certainly am interested in your methodology for
infection, your testbed configuration and how you keep track of
everything.

Well, I use the term infected as a general description to malware that
inserted into my machine. It's what most people do or say. We could make
up another term to use if that would please you, but I would likely not
use it.

I am especially interested in whether or not you've verified every
sample in your malware collection is indeed a live viable 1st/2nd gen
sample. Various av/am programs will happily alart on non functional
malware samples. Simply scanning a folder and keeping anything that
scores a hit isn't a good way to process the collection. Just so you
know, in the event you didn't already.

I'm collecting general information for my own purposes...not scientific
data for a foundation. What I do is generally a good indication of how
it compares to another AV or program...and as I said, good enough for my
purposes...much better than just trusting what someone else says they do
or did, as I've found many of even the experts tests and conclusions
faulty.

 

[Bear Bottoms]

That really interests me.
I manage about 1 a week, when I'm lucky. I'm sure David would
be happy if you could share just 5% of them with him.
Are they on your site ? Maybe you could give a dropbox url ?

They are not for re-distribution.

 

[Shadow]

I install the program on an
image I use for testing security programs, collect a few thousand new
malware samples

That really interests me.
I manage about 1 a week, when I'm lucky. I'm sure David would
be happy if you could share just 5% of them with him.
Are they on your site ? Maybe you could give a dropbox url ?
[]'s

 

[Dustin]

The moment that happens, you are infected. I deal with that...it's
for prevention as best as can be.

Not necessarily. Loss of an internet connection doesn't automatically
mean infected. Technically, unless you're dealing with a virus you
aren't infected anyway. Trojans (fake antimalware scanners that beg for
a credit card) are not infectious on their own. They don't replicate.

As far as best as can be, that's simply a personal opinion. Based on the
knowledge you don't! display here, it's a bad opinion that probably
shouldn't be followed.

kinda answered in the other thread.

I must have missed it. So why not either retype or do a copy/paste?

24 seconds from the time I hit enter at login till my wireless comes
online...that is the last TSR to load . I'm not counting the time to
login.

TSR? Windows 7 doesn't have tsrs. You probably mean windows/or wireless
manu app indicator loads. As the drivers are already loaded and online
prior to your login prompt, just so you know. You accuse me of not
sharing information and hoarding it all to myself, so I thought I'd
share a little with you now.

You shouldn't call it a 24 second boot time then, as it's misleading.
Either that or you don't know what boottime means. The information
you've provided doesn't allow me to get even the foggiest idea of what
your boottime maybe. Only that you don't know how to measure it. hehe.

Safe hex is discussed in my comprehensive security plan posted on my
website ...has been for years. My post here have been excerpts of a
complete security plan...for the purpose of discussing that phase. I
don't think I've mentioned wifi security, identity theft, anti-
keylogging, banking, software & system updates, routine malware
scans, rescue CD's, password and form management, proxies, or some of
the other of many security concerns which should be addressed in a
comprehensive discussion about security. That takes more time than I
wish to spend when I post about a specific topic I wish to discuss.

Understood. I've frequented your site as I'm sure you know. The majority
of the information offered isn't actually written by you tho. Surely you
don't take full credit for the material on that site?

use my clean image until a MS Update or I decide to make a permanent
change, then I reload that image, make the change and reimage. Then I
use that image until the next change. Such works very well for me.

Understood. It places you in a good way in the event hardware failure
occurs or something seriously borks the software. It's not a good way to
deal with malware tho. As in some cases, it's overkill.

LOL...none the more so of all the other things I do.

Ok. I just don't really understand the point of filling a landfill
someplace sooner than one needs to. I run my hardware well into the
ground before it's scrap. And even then, I'm known to keep it for extra
caps, diodes, etc.

Well, I use the term infected as a general description to malware
that inserted into my machine. It's what most people do or say. We
could make up another term to use if that would please you, but I
would likely not use it.

I see no need to make up terms. It would make more sense to use the ones
which are already well defined and exist. What most people do or say
doesn't mean it's done correctly nor accurate.

As you feel in some way superior to my lowly blue collar self, You of
all educated people! (bow bow) should understand the importance in the
differential as explained.

I'm collecting general information for my own purposes...not
scientific data for a foundation. What I do is generally a good
indication of how it compares to another AV or program...and as I
said, good enough for my purposes...much better than just trusting
what someone else says they do or did, as I've found many of even the
experts tests and conclusions faulty.

I understand your collecting information and making BearWear
recommendations based on the results of the information. So, it's not
just for your private use; People may make bad/good decisions based on
it. It's irresponsible to make information public and recommendations
based on it if the information itself is bad.

So, I will ask again, what testing methodology do you practice?
As it reads, you likely are doing what I jokingly referred to. I can
help, if that's the case. You just need to be on the level here.

 

[Dustin]

I do a bunch of stuff, but an incomplete summary quickly is I read as
many tech reviews from those that I respect as I can find...and they
are numerous - especially with this one, and I install the program on
an image I use for testing security programs, collect a few thousand
new malware samples and 20 or so fresh links from a source I have and
try it against a couple of other quality antivirus apps I put through
the same test with the same malware...and see how it does. I also
give the program to a friend in the IT security division of my
company and he runs some tests on it for me...and give me a summary
of his findings.

With regard to the samples.. How exactly do you test them? How do you
know they are infact, actually malware? Malware Research is pretty
serious business ya see, I've done it professionally and still practice
the arts on my own time. I'll even be reviving the bughunter app soon
for the older oses which are still online, that probably shouldnt be.

avast! with pup turned off caught about 80% of the samples and with
it on about 90%...it's sandbox was the most active. Emsisoft caught
98%.

Your statistical information is worthless without knowing your testing
methodology.

That is about the best I can do for my own satisfaction. I also do
not like publishing these findings other than my summary opinion as
I'm not a professional malware tester and only use samples for a
general conclusion as to how the program does and reacts to
them...but it does satisfy my concerns.

Bear,

I suspect the lack of interest in publishing is because you must atleast
suspect it has problems. The way your general recommendations read is
not of that as an amateurs , but as a professional recommending this or
that security app and then providing statistics like 80% for this app, %
98% for that app. You don't disclose any of this when you claim emisoft
is the best, followed by sas and then by mbam. Nor do you disclose your
hobbyist skillset when providing the stats as you calculated them.

That's very misleading Bear and unprofessional.

Microsoft Security Essentials and AVG have been left in the dust.
Antivir does OK, but not as good as avast!...used to be the other way
around not so long ago.

This is an excellent example of what I was writing about above. What do
you base any of those claims on? Why do you not disclose the fact you
don't know much/anything about malware and these are based on your own
personal tests that you won't publish? Atleast that way it wouldn't be
so misleading.

 

[Dustin]

That really interests me.
I manage about 1 a week, when I'm lucky. I'm sure David would
be happy if you could share just 5% of them with him.

Indeed. I'd really like to see what it is he actually has.

 

[Bear Bottoms]

As you feel in some way superior to my lowly blue collar self, You of
all educated people! (bow bow) should understand the importance in the
differential as explained.

I figured this discussion would go south...but the information I shared is
still good. Carry on Dustin.

 

[Bear Bottoms]

Why on earth not ? We are all white-hat here. The more working
on solutions, the better. Munge the url, zip and password protect
them, so the innocent won't be harmed, and we can test our malware
defenses. I'm really impressed by your Emsisoft results, but I would
like to conduct my own tests before I switch.

They are not for re-distribution.

There are sources that are available to you to obtain new malware
samples and links to malware distribution sites...you could search for
one that you like. I have my own reliable sources that are /not/
available to the public.

 

[Shadow]

They are not for re-distribution.

Why on earth not ? We are all white-hat here. The more working
on solutions, the better. Munge the url, zip and password protect
them, so the innocent won't be harmed, and we can test our malware
defenses. I'm really impressed by your Emsisoft results, but I would
like to conduct my own tests before I switch.
TIA
[]'s

 

[G. Morgan]

That really interests me.
I manage about 1 a week, when I'm lucky. I'm sure David would
be happy if you could share just 5% of them with him.
Are they on your site ? Maybe you could give a dropbox url ?

You can find tons of live viruses here:

hxxp://vx.netlux.org/

 

[Shadow]

You can find tons of live viruses here:

hxxp://vx.netlux.org/

I have sites that offer megabyte.rars of malware, but my Avira
picks up every one of them.
They are all tame.Interesting to study though. I'm more
interested in Bear's wild ones. The ones the main AVs don't detect. No
point testing my AV against tame ones.
Thanks for the site. Another one for my bookmarks.

[]'s

PS did you see my comments about PDFZilla in alt.comp.freeware
?
Message-ID: <[email protected]>
Am I paranoid ?