Nod32, Kaspersky,Norton,McAfee,F-Prot,AVG,Avast! Most effective?

[Buffalo]

Check here for some interesting results:
http://www.av-comparatives.org/

It seems that in the Feb and Aug 05 On-demand comparative, Norton Anti-Virus is
second in detection, just behind Kaspersky.
Those who use the others, and swear by them, should also check out that site.
How the heck did Norton get up so high?
One answer is their latest engine is better. AFAIK, Norton's 2002,3,and 4's
engines don't do as well.
Any other ideas?

 

[David H. Lipman]

From: "Buffalo" <eric(nospam)@nada.com.invalid>

| Check here for some interesting results:
| http://www.av-comparatives.org/
|
| It seems that in the Feb and Aug 05 On-demand comparative, Norton Anti-Virus is
| second in detection, just behind Kaspersky.
| Those who use the others, and swear by them, should also check out that site.
| How the heck did Norton get up so high?
| One answer is their latest engine is better. AFAIK, Norton's 2002,3,and 4's
| engines don't do as well.
| Any other ideas?
|

One must remember "comparitive tests" are only based upon statistical analysis and the test
process. Both can be biased either intentionally or accidentally.

There are; lies, damn lies, statistcs and benchmarks.

 

[Art]

Check here for some interesting results:
http://www.av-comparatives.org/

It seems that in the Feb and Aug 05 On-demand comparative, Norton Anti-Virus is
second in detection, just behind Kaspersky.
Those who use the others, and swear by them, should also check out that site.
How the heck did Norton get up so high?
One answer is their latest engine is better. AFAIK, Norton's 2002,3,and 4's
engines don't do as well.

I've never used any version of NAV, but I have uploaded many suspect
files to Virus Total and jotti. And I used to use Project VGREP quite
a bit to see what various av products name a malware that KAV alerts
on.

Often, NAV just gives a heuristic "Bloodhound" type of alert. And it
even more often just calls a variety of quite different malware
samples "Trojan Horse".

It would drive me up the wall to have to use such a product

Of course, alerting is at least _something_. The ever so popular
AVG far too often just goes "duh"

McAfee is another case. Its detection is quite good, but it tends
to produce the same name for many different samples far too often
to suit my tastes.

And F-prot is even worse for this sort of thing ... lumping many
different Trojans into just one kind of report such as "dangerous"
or "suspicious".

Art

http://home.epix.net/~artnpeg

 

[Buffalo]

From: "Buffalo" <eric(nospam)@nada.com.invalid>

| Check here for some interesting results:
| http://www.av-comparatives.org/
|
| It seems that in the Feb and Aug 05 On-demand comparative, Norton Anti-Virus is
| second in detection, just behind Kaspersky.
| Those who use the others, and swear by them, should also check out that site.
| How the heck did Norton get up so high?
| One answer is their latest engine is better. AFAIK, Norton's 2002,3,and 4's
| engines don't do as well.
| Any other ideas?
|

One must remember "comparitive tests" are only based upon statistical analysis and the test
process. Both can be biased either intentionally or accidentally.

There are; lies, damn lies, statistcs and benchmarks.

Someone once said, 'If you want favorable answers to your poll, ask the right
questions'.

 

[David H. Lipman]

|
| Someone once said, 'If you want favorable answers to your poll, ask the right
| questions'.
|

And there 'ya go -- intruducing bias into a Poll.

 

[* * Chas]

| From: "Buffalo" <eric(nospam)@nada.com.invalid>
|
| | Check here for some interesting results:
| | http://www.av-comparatives.org/
| |
| | It seems that in the Feb and Aug 05 On-demand comparative, Norton
Anti-Virus is
| | second in detection, just behind Kaspersky.
| | Those who use the others, and swear by them, should also check out
that site.
| | How the heck did Norton get up so high?
| | One answer is their latest engine is better. AFAIK, Norton's
2002,3,and 4's
| | engines don't do as well.
| | Any other ideas?
| |
|
| One must remember "comparitive tests" are only based upon statistical
analysis and the test
| process. Both can be biased either intentionally or accidentally.
|
| There are; lies, damn lies, statistcs and benchmarks.

Figures don't lie but liars figure!

Chas.

 

[David H. Lipman]

From: "* * Chas" <[email protected]>


|
| Figures don't lie but liars figure!
|
| Chas.
|

I know a liar and she has a fantastic figure !!

 

[* * Chas]

| Check here for some interesting results:
| http://www.av-comparatives.org/
|
| It seems that in the Feb and Aug 05 On-demand comparative, Norton
Anti-Virus is
| second in detection, just behind Kaspersky.
| Those who use the others, and swear by them, should also check out
that site.
| How the heck did Norton get up so high?
| One answer is their latest engine is better. AFAIK, Norton's
2002,3,and 4's
| engines don't do as well.
| Any other ideas?
|

One issue that needs to be considered is how much does an AV program
affect your system's performance. Kasperski, NAV and McAfee have a
reputation for being resource hogs.

No AV product is ever going to be 100% full proof and detect every virus
all of the time. Malware is developed faster than protective measures.
The most realistic solution is to practice Safe Hex, pick a product or
products that you have FAITH in and hope for the best.

Computer users most at risk to malware are those clueless folks who
indiscriminately surf the web, D/L all kinds of junk and open E-mail
attachments etc. without any idea of the potential consequences.

People who frequent porn sites and online gambling are also at high
risk.

With the exception of mass attacks by a new threat, most people who
practice Safe Hex are at a very low risk of catching some kind of
malware.

Chas.

 

[Art]

No AV product is ever going to be 100% full proof and detect every virus
all of the time. Malware is developed faster than protective measures.
The most realistic solution is to practice Safe Hex, pick a product or
products that you have FAITH in and hope for the best.

I say never put any faith in any av. Those who do will take hits.

Art

http://home.epix.net/~artnpeg

 

[kurt wismer]

Check here for some interesting results:
http://www.av-comparatives.org/

It seems that in the Feb and Aug 05 On-demand comparative, Norton Anti-Virus is
second in detection, just behind Kaspersky.
Those who use the others, and swear by them, should also check out that site.
How the heck did Norton get up so high?

i've been saying it for quite some time - the mainstream products are
all close enough to each other that their relative ranks can easily
change from one month to the next...

 

[Morgan Ohlson]

i've been saying it for quite some time - the mainstream products are
all close enough to each other that their relative ranks can easily
change from one month to the next...

For the paying conumer that is not really acceptable. The antivirus is an
assurance to have a working pc... reaching the internet for news, debate and
as a essential office tool.

A future virus-scanner must... constantly identify almost all existing
virus. Only a free scanner can be accepted to perform less then "close to
perfect".


Morgan O.

 

[David H. Lipman]

From: "Morgan Ohlson" <[email protected]>


|
| For the paying conumer that is not really acceptable. The antivirus is an
| assurance to have a working pc... reaching the internet for news, debate and
| as a essential office tool.
|
| A future virus-scanner must... constantly identify almost all existing
| virus. Only a free scanner can be accepted to perform less then "close to
| perfect".
|
| Morgan O.

No !

You put too much emphasis on the software. The most effective and powertool is the user !

One *must* practice Safe Hex and not just rely on software.

 

[Roger Wilco]

I've never used any version of NAV, but I have uploaded many suspect
files to Virus Total and jotti. And I used to use Project VGREP quite
a bit to see what various av products name a malware that KAV alerts
on.

Often, NAV just gives a heuristic "Bloodhound" type of alert. And it
even more often just calls a variety of quite different malware
samples "Trojan Horse".

It would drive me up the wall to have to use such a product

Of course, alerting is at least _something_. The ever so popular
AVG far too often just goes "duh"

McAfee is another case. Its detection is quite good, but it tends
to produce the same name for many different samples far too often
to suit my tastes.

And F-prot is even worse for this sort of thing ... lumping many
different Trojans into just one kind of report such as "dangerous"
or "suspicious".

As far as the 'protection' angle goes, it is sufficient to have high
accuracy in 'detection'. The accuracy in 'identification' is somewhat
less important. You need correct identification for correct removal, but
removal is not a preventative measure. If you use AV as a recovery from
infection tool, you have already lost the battle that AV was designed to
help with - prevention.

I know that I'm 'preaching to the choir' regarding you Art, but since AV
has tacitly admitted defeat in prevention and focussed on cleanup and
on-access scanning instead - it only then becomes important to correctly
identify malware locally with a scanner. Why couldn't the identification
of malware samples be done as a web application? Wouldn't doing so
reduce the number of definitions needed by the local AV program? The
local AV could detect a malware sample and offer to submit it to further
analysis or package a copy of it for you to send.

....but I digress...

Identification is not needed in order for an AV scanner to say "you
probably don't want to execute this program".

 

[Art]

As far as the 'protection' angle goes, it is sufficient to have high
accuracy in 'detection'. The accuracy in 'identification' is somewhat
less important. You need correct identification for correct removal, but
removal is not a preventative measure. If you use AV as a recovery from
infection tool, you have already lost the battle that AV was designed to
help with - prevention.

I know that I'm 'preaching to the choir' regarding you Art, but since AV
has tacitly admitted defeat in prevention and focussed on cleanup and
on-access scanning instead - it only then becomes important to correctly
identify malware locally with a scanner. Why couldn't the identification
of malware samples be done as a web application? Wouldn't doing so
reduce the number of definitions needed by the local AV program? The
local AV could detect a malware sample and offer to submit it to further
analysis or package a copy of it for you to send.

...but I digress...

Identification is not needed in order for an AV scanner to say "you
probably don't want to execute this program".

I was not looking at this from the POV of prevention but from the POV
of a user who gets a vague detection report. One wonders how effective
a product can be that can't pinpoint and ID a particular malware and
variant. What are you supposed to do next when you scan your drive on
demand and it reports something vague, and it's unable to do anything
about it? That sucks

I think your web app idea might have some merit, but my first critical
thought is of the many malwares nowdays for which the user shouldn't
be on line .... RATs and Worms. And he may need to be in Safe mode
or using a alternate OS for removal. But think it and work it through
some more and then elaborate

The crux of your idea or thought seems to involve the use of a
hypothetical heuristic-heavy scanner that's "lightweight" in both
defs and bloat .... that somehow turns over the chore to "something
else" to determine exactly what it is that it found ... a fp or a
actual malware ... and pinpoint the malware and its variant. But
again, that "something else" can't require a connection to the
internet. Maybe a rf (radio waves) link to that "something else". Who
knows what might evolve in the future.

Art

http://home.epix.net/~artnpeg

 

[What's in a Name?]

Someone once said, 'If you want favorable answers to your poll,
ask the right questions'.

"I didn't lie.I only said some things that later, seemed to be
untrue."-Richard Nixon

--
Playing Nice on Usenet:
http://oakroadsystems.com/genl/unice.htm#xpost
My Pages: http://home.neo.rr.com/manna4u/
Change nomail.afraid.org to yahoo.com to reply.
Registered Linux User #393236

 

[* * Chas]

| |
| >
| > | >> From: "Buffalo" <eric(nospam)@nada.com.invalid>
| >>
| >> | Check here for some interesting results:
| >> | http://www.av-comparatives.org/
| >> |
| >> | It seems that in the Feb and Aug 05 On-demand comparative,
| >> | Norton Anti-Virus
| > is
| >> | second in detection, just behind Kaspersky.
| >> | Those who use the others, and swear by them, should also check
| >> | out that
| > site.
| >> | How the heck did Norton get up so high?
| >> | One answer is their latest engine is better. AFAIK, Norton's
| >> | 2002,3,and 4's engines don't do as well.
| >> | Any other ideas?
| >> |
| >>
| >> One must remember "comparitive tests" are only based upon
| >> statistical analysis
| > and the test
| >> process. Both can be biased either intentionally or
| >> accidentally.
| >>
| >> There are; lies, damn lies, statistcs and benchmarks.
| >
| > Someone once said, 'If you want favorable answers to your poll,
| > ask the right questions'.
| >
| >
|
| "I didn't lie.I only said some things that later, seemed to be
| untrue."-Richard Nixon

"I am not a crook"! - Richard Nixon

 

[* * Chas]

| On Mon, 5 Sep 2005 13:13:14 -0700, "* * Chas" <[email protected]>
| wrote:
|
| >No AV product is ever going to be 100% full proof and detect every
virus
| >all of the time. Malware is developed faster than protective
measures.
| >The most realistic solution is to practice Safe Hex, pick a product
or
| >products that you have FAITH in and hope for the best.
|
| I say never put any faith in any av. Those who do will take hits.
|
| Art

That's why it's capitalized!

Chas.

 

[* * Chas]

| From: "Morgan Ohlson" <[email protected]>
|
|
| |
| | For the paying conumer that is not really acceptable. The antivirus
is an
| | assurance to have a working pc... reaching the internet for news,
debate and
| | as a essential office tool.
| |
| | A future virus-scanner must... constantly identify almost all
existing
| | virus. Only a free scanner can be accepted to perform less then
"close to
| | perfect".
| |
| | Morgan O.
|
| No !
|
| You put too much emphasis on the software. The most effective and
powertool is the user !
|
| One *must* practice Safe Hex and not just rely on software.
|
| --
| Dave

I've never seen any AV product that gives advice or help to users on how
to avoid malware problems!

Chas.

 

[Morgan Ohlson]

| Check here for some interesting results:
| http://www.av-comparatives.org/
|
| It seems that in the Feb and Aug 05 On-demand comparative, Norton
Anti-Virus is
| second in detection, just behind Kaspersky.
| Those who use the others, and swear by them, should also check out
that site.
| How the heck did Norton get up so high?
| One answer is their latest engine is better. AFAIK, Norton's
2002,3,and 4's
| engines don't do as well.
| Any other ideas?
|

One issue that needs to be considered is how much does an AV program
affect your system's performance.

Whats the problem?

No AV product is ever going to be 100% full proof and detect every virus
all of the time.

No, but if one scanner leaves you with 1 virus on hdd and the other leave 10
Which IS ACTUALLY THE CASE!!!

....it's hell of a difference.

Malware is developed faster than protective measures.

So we have to pay mor för better scanners.

The most realistic solution is to practice Safe Hex, pick a product or
products that you have FAITH in and hope for the best.

Surely it improves more then a little.

Computer users most at risk to malware are those clueless folks who
indiscriminately surf the web, D/L all kinds of junk and open E-mail
attachments etc. without any idea of the potential consequences.

....and above that never wash.

With the exception of mass attacks by a new threat, most people who
practice Safe Hex are at a very low risk of catching some kind of
malware.

1. Safe Hex... very good precation. Probably pays well!!!

2. But, if and when you get any of the nasty plagues a very efficient virus
scanner is needed.

1 and 2 doesn't exclude each other... just make things easier depending on
situation.

Morgan O.

 

[Guest]

"I did not inhale."
"It depends on what you mean by 'is'."