Which antivirus to trust?

Status
Not open for further replies.

aktomjerry

Distinguished
Jan 5, 2010
73
0
18,630
Hi... :hello:

I am using Quick Heal Internet security 2010 (updated)... it detects a "Trojan Virus" in a file and in a game and deletes it...

The problem is, I scanned the same file and the game with the updated versions of "avast home edition 4.8" , "Kaspersky Internet security 2010" , "Norton Internet security 2010" , "Avira antivirus" , "avg antivirus" , "bit defender", "nod 32" and with "e-scan internet security"...out of which only "e-scan internet security detected" the "Trojan"...

Now I am totally confused... whether should I trust "Quick heal and e-scan" or should I trust the other antiviruses...

I am very confused...... please help me out>>>>>>> :pfff:
 
Solution
Most of antivirus programs now employ what's called heuristic detection.

Heuristic malware detection can produce alot of false positives depending on the sensitivity of the scanner.

Basically heuristics is like saying "it walks like a duck, quacks like a duck... so it must be a duck", where as malware detection of the past (and still does) depended on Virus definition signature files. This meant that the scan detects specific coding, instead of identifying coding which "could" be malicious.

Heuristic detection can and will detect alot of legitimate security tools because they might be designed to grant themselves administrator priveledges or use methods which might circumvent certain operating system security measures.

In your...

btk1w1

Distinguished
Oct 13, 2008
744
0
19,060
Most of antivirus programs now employ what's called heuristic detection.

Heuristic malware detection can produce alot of false positives depending on the sensitivity of the scanner.

Basically heuristics is like saying "it walks like a duck, quacks like a duck... so it must be a duck", where as malware detection of the past (and still does) depended on Virus definition signature files. This meant that the scan detects specific coding, instead of identifying coding which "could" be malicious.

Heuristic detection can and will detect alot of legitimate security tools because they might be designed to grant themselves administrator priveledges or use methods which might circumvent certain operating system security measures.

In your situation I would first try an online scan of the file in question. There are at least 2 very reputable sites which use multiple antivirus scanners to detect if the file is malicious after you upload it.

http://virusscan.jotti.org/

http://www.virustotal.com/

Secondly I would download and install Malwarebytes' Anti-Malware:

http://www.malwarebytes.org/mbam.php

If it flags the file for deletion, you can be pretty much rest assured it is correct.
 
Solution

stevesullivan14

Distinguished
Jan 21, 2010
19
0
18,510
2 part Question for btk1w1,
1st: Regarding the "free AV programs like Avira, malwarebytes, superantispyware..." how do they compare to a paid for version of antivirus software.
2nd: I have heard a ton about the common brands like Kaspersky, Norton, Trend Micro, etc..., how does Webroot Antivirus w/ Spysweeper compare? I was thinking about buying it for a recent laptop purchase...

TIA
 

btk1w1

Distinguished
Oct 13, 2008
744
0
19,060
Good questions, I can only advise on personal experience and what I read so I hope you understand.

Without me saying you have named a few of my favourite security apps.

I think you have researched so have a more than fair idea of what works and not.

Now I'm going to raise an issue that is highly contentious, my opinion is that there are security apps that are just as good (and mostly better) than paid for applications.

For me... a new laptop...

1st: ditch all the bundled trialware antivirus programs. Norton has come to the forefront as of late and excelled, but I would ditch it in favour of Avira.

Avira just works. It is silent (apart from the nag screen at start-up), light on resources and has one of the best detection and removal rates. Heuristics is heavy so you can expect alot of false positives depending on your surfing / downloading style.

Avast! Is my choice for AV in retrospect. Heavier on resources but will keep you safe. Options such as boot time scan, screen saver scanner, and silent updates (Avira also) make it a winner in it's own regard.

2nd

Malwarebytes or SUPERAntispyware or both for antispyware. They don't run resident like spybot but are very good if coupled with winpatrol.

3rd

winpatrol. For the security conscious. It is brilliant.

For paid applications, I have read that Norton 360 and Kaspersky are the best.

I have never tried them, so I hope others can input more for you.
 

pat mcgroin

Distinguished
Nov 21, 2007
1,687
0
19,960
I havent done a tremendous amount of comparisons.

Btk1w1 is a person that I trust in this regard as I know that he does a good deal of work in the security areas and I have seen his responses in many different places.

I can say from around 10 years of using Avast, I have never had one slip past it.
I am sure that it is possible but it hasn't been a issue for me.
I have been to some pretty dark places on the internet and loaded some things on here that I though for sure would bring it to its knees.

The real time protection for
messageing, p2p, email, and networks make it a good choice and it is much easier on system resources than most.
I wouldnt run Symantic or Mcafee if it was given to me.

I do a lot of work on other peoples computers and between Avast. malewarebytes and super anti spyware there is damn little trouble finding a suspected problem and getting rid of it.
 

aktomjerry

Distinguished
Jan 5, 2010
73
0
18,630
Hi...

Now I am using Kaspersky Internet Security 2010...Its great...Thanks to you... :)

While working on the net,It suddenly showed me a message about the detected network threat. I opened the Reports in it and I saw the threats and in the applications column (just next to the threat name) it was written "ABSENT"...

Does that means the Kaspersky detected it but was not able to block it or defend my PC against it or it means something else...please tell me...

And thanx for the reply... :wahoo:
 

aktomjerry

Distinguished
Jan 5, 2010
73
0
18,630
Hi...

Now I am using Kaspersky Internet Security 2010...Its great...Thanks to you... :)

While working on the net,It suddenly showed me a message about the detected network threat. I opened the Reports in it and I saw the threats and in the applications column (just next to the threat name) it was written "ABSENT"...

Does that means the Kaspersky detected it but was not able to block it or defend my PC against it or it means something else...please tell me...

And thanx for the reply... :wahoo:
 

stefo

Distinguished
Nov 21, 2009
78
0
18,640


I used ESET Smart Security Suite and NOD32 on 6 window machines at home. It is FAST and have the least problems of false positive..

False Positive is a common problem.

I used to run different AV on diff. machines with the believe that it has widest possible security coverage. But false positive drove me nuts, especially with Avira and AVG.

How i know it's a false positive?

* I send/submit the quarantined files to the AV vendor and they check it. Usually the next few updates stops classifying it as a virus.

Some programmers use commercial EXE packers to wrap their applications including game makers. Some virus writer also use the same EXE packer. The problem is AV vendors will misidentify the EXE packer wrapper as the virus code, instead of the actual virus. So any software that uses that particular EXE packer will be misclassified as malware. AV companies have tens or hundreds of code analysts that review/compare the executable binary against their secret database. Analysts are divided into different levels as well as groups.

Not very established AV vendors have few resources to do finer analysis of the file, so they take the approach of if not sure - classify it as a malware - for now. if someone complains, we'll escalate it to more technical teams to do further analysis.



 

aktomjerry

Distinguished
Jan 5, 2010
73
0
18,630
Hi... :hello:

what is this microsoft security essential thing...Is this more powerful than my Kaspersky Internet security 2010...If yes then tell me its rate and it compatibility with the other OS...

:bounce:
 

saran008

Distinguished
Go to that Microsoft link and See about Microsoft Security Essentials :

Microsoft Security Essentials is a free* download from Microsoft that is simple to install, easy to use, and always kept up to date so you can be assured your PC is protected by the latest technology. It’s easy to tell if your PC is secure — when you’re green, you’re good. It’s that simple.

Microsoft Security Essentials runs quietly and efficiently in the background so that you are free to use your Windows-based PC the way you want—without interruptions or long computer wait times.

*Your PC must run genuine Windows to install Microsoft Security Essentials.

PS: I afraid that Microsoft Security Essential will run only on Windows(XP/Vista (both 32/64 bit)/Window 7 (both 32&64bit), that too in a geniune version. It won't run in any other OS. :( :)
 

aktomjerry

Distinguished
Jan 5, 2010
73
0
18,630
Hey man... then who is going to use it coz most of the people uses pirated windows and the company knows it too...

But is it more powerful than Kaspersky Internet security 2010....

Please answer me..... :pt1cable:
 
Status
Not open for further replies.