Which antivirus to trust?
Tags:
- Security
- Internet Security
- Trojan
- Antivirus
- Apps
Last response: in Antivirus / Security / Privacy
aktomjerry
January 25, 2010 12:04:53 PM
Hi...
I am using Quick Heal Internet security 2010 (updated)... it detects a "Trojan Virus" in a file and in a game and deletes it...
The problem is, I scanned the same file and the game with the updated versions of "avast home edition 4.8" , "Kaspersky Internet security 2010" , "Norton Internet security 2010" , "Avira antivirus" , "avg antivirus" , "bit defender", "nod 32" and with "e-scan internet security"...out of which only "e-scan internet security detected" the "Trojan"...
Now I am totally confused... whether should I trust "Quick heal and e-scan" or should I trust the other antiviruses...
I am very confused...... please help me out>>>>>>>
I am using Quick Heal Internet security 2010 (updated)... it detects a "Trojan Virus" in a file and in a game and deletes it...
The problem is, I scanned the same file and the game with the updated versions of "avast home edition 4.8" , "Kaspersky Internet security 2010" , "Norton Internet security 2010" , "Avira antivirus" , "avg antivirus" , "bit defender", "nod 32" and with "e-scan internet security"...out of which only "e-scan internet security detected" the "Trojan"...
Now I am totally confused... whether should I trust "Quick heal and e-scan" or should I trust the other antiviruses...
I am very confused...... please help me out>>>>>>>
More about : antivirus trust
Best solution
btk1w1
January 25, 2010 1:10:23 PM
Most of antivirus programs now employ what's called heuristic detection.
Heuristic malware detection can produce alot of false positives depending on the sensitivity of the scanner.
Basically heuristics is like saying "it walks like a duck, quacks like a duck... so it must be a duck", where as malware detection of the past (and still does) depended on Virus definition signature files. This meant that the scan detects specific coding, instead of identifying coding which "could" be malicious.
Heuristic detection can and will detect alot of legitimate security tools because they might be designed to grant themselves administrator priveledges or use methods which might circumvent certain operating system security measures.
In your situation I would first try an online scan of the file in question. There are at least 2 very reputable sites which use multiple antivirus scanners to detect if the file is malicious after you upload it.
http://virusscan.jotti.org/
http://www.virustotal.com/
Secondly I would download and install Malwarebytes' Anti-Malware:
http://www.malwarebytes.org/mbam.php
If it flags the file for deletion, you can be pretty much rest assured it is correct.
Heuristic malware detection can produce alot of false positives depending on the sensitivity of the scanner.
Basically heuristics is like saying "it walks like a duck, quacks like a duck... so it must be a duck", where as malware detection of the past (and still does) depended on Virus definition signature files. This meant that the scan detects specific coding, instead of identifying coding which "could" be malicious.
Heuristic detection can and will detect alot of legitimate security tools because they might be designed to grant themselves administrator priveledges or use methods which might circumvent certain operating system security measures.
In your situation I would first try an online scan of the file in question. There are at least 2 very reputable sites which use multiple antivirus scanners to detect if the file is malicious after you upload it.
http://virusscan.jotti.org/
http://www.virustotal.com/
Secondly I would download and install Malwarebytes' Anti-Malware:
http://www.malwarebytes.org/mbam.php
If it flags the file for deletion, you can be pretty much rest assured it is correct.
Share
btk1w1
January 25, 2010 1:11:58 PM
Related resources
- Configure security center to trust your anti-virus product - Forum
- E-Trust Anti-virus opened ports - Forum
- Which temp reader should i trust? - Forum
- Which brand can we trust? - Forum
- Which memory compatibility list do I trust? - Forum
stevesullivan14
January 25, 2010 1:48:25 PM
2 part Question for btk1w1,
1st: Regarding the "free AV programs like Avira, malwarebytes, superantispyware..." how do they compare to a paid for version of antivirus software.
2nd: I have heard a ton about the common brands like Kaspersky, Norton, Trend Micro, etc..., how does Webroot Antivirus w/ Spysweeper compare? I was thinking about buying it for a recent laptop purchase...
TIA
1st: Regarding the "free AV programs like Avira, malwarebytes, superantispyware..." how do they compare to a paid for version of antivirus software.
2nd: I have heard a ton about the common brands like Kaspersky, Norton, Trend Micro, etc..., how does Webroot Antivirus w/ Spysweeper compare? I was thinking about buying it for a recent laptop purchase...
TIA
m
0
l
stevesullivan14
January 25, 2010 2:50:27 PM
btk1w1
January 25, 2010 2:51:58 PM
Good questions, I can only advise on personal experience and what I read so I hope you understand.
Without me saying you have named a few of my favourite security apps.
I think you have researched so have a more than fair idea of what works and not.
Now I'm going to raise an issue that is highly contentious, my opinion is that there are security apps that are just as good (and mostly better) than paid for applications.
For me... a new laptop...
1st: ditch all the bundled trialware antivirus programs. Norton has come to the forefront as of late and excelled, but I would ditch it in favour of Avira.
Avira just works. It is silent (apart from the nag screen at start-up), light on resources and has one of the best detection and removal rates. Heuristics is heavy so you can expect alot of false positives depending on your surfing / downloading style.
Avast! Is my choice for AV in retrospect. Heavier on resources but will keep you safe. Options such as boot time scan, screen saver scanner, and silent updates (Avira also) make it a winner in it's own regard.
2nd
Malwarebytes or SUPERAntispyware or both for antispyware. They don't run resident like spybot but are very good if coupled with winpatrol.
3rd
winpatrol. For the security conscious. It is brilliant.
For paid applications, I have read that Norton 360 and Kaspersky are the best.
I have never tried them, so I hope others can input more for you.
Without me saying you have named a few of my favourite security apps.
I think you have researched so have a more than fair idea of what works and not.
Now I'm going to raise an issue that is highly contentious, my opinion is that there are security apps that are just as good (and mostly better) than paid for applications.
For me... a new laptop...
1st: ditch all the bundled trialware antivirus programs. Norton has come to the forefront as of late and excelled, but I would ditch it in favour of Avira.
Avira just works. It is silent (apart from the nag screen at start-up), light on resources and has one of the best detection and removal rates. Heuristics is heavy so you can expect alot of false positives depending on your surfing / downloading style.
Avast! Is my choice for AV in retrospect. Heavier on resources but will keep you safe. Options such as boot time scan, screen saver scanner, and silent updates (Avira also) make it a winner in it's own regard.
2nd
Malwarebytes or SUPERAntispyware or both for antispyware. They don't run resident like spybot but are very good if coupled with winpatrol.
3rd
winpatrol. For the security conscious. It is brilliant.
For paid applications, I have read that Norton 360 and Kaspersky are the best.
I have never tried them, so I hope others can input more for you.
m
0
l
stevesullivan14
January 25, 2010 3:01:03 PM
pat mcgroin
January 26, 2010 9:43:51 AM
I havent done a tremendous amount of comparisons.
Btk1w1 is a person that I trust in this regard as I know that he does a good deal of work in the security areas and I have seen his responses in many different places.
I can say from around 10 years of using Avast, I have never had one slip past it.
I am sure that it is possible but it hasn't been a issue for me.
I have been to some pretty dark places on the internet and loaded some things on here that I though for sure would bring it to its knees.
The real time protection for
messageing, p2p, email, and networks make it a good choice and it is much easier on system resources than most.
I wouldnt run Symantic or Mcafee if it was given to me.
I do a lot of work on other peoples computers and between Avast. malewarebytes and super anti spyware there is damn little trouble finding a suspected problem and getting rid of it.
Btk1w1 is a person that I trust in this regard as I know that he does a good deal of work in the security areas and I have seen his responses in many different places.
I can say from around 10 years of using Avast, I have never had one slip past it.
I am sure that it is possible but it hasn't been a issue for me.
I have been to some pretty dark places on the internet and loaded some things on here that I though for sure would bring it to its knees.
The real time protection for
messageing, p2p, email, and networks make it a good choice and it is much easier on system resources than most.
I wouldnt run Symantic or Mcafee if it was given to me.
I do a lot of work on other peoples computers and between Avast. malewarebytes and super anti spyware there is damn little trouble finding a suspected problem and getting rid of it.
m
0
l
aktomjerry
January 27, 2010 6:56:11 AM
btk1w1
January 27, 2010 8:02:22 AM
aktomjerry
January 29, 2010 4:32:43 PM
Hi...
Now I am using Kaspersky Internet Security 2010...Its great...Thanks to you...
While working on the net,It suddenly showed me a message about the detected network threat. I opened the Reports in it and I saw the threats and in the applications column (just next to the threat name) it was written "ABSENT"...
Does that means the Kaspersky detected it but was not able to block it or defend my PC against it or it means something else...please tell me...
And thanx for the reply...
Now I am using Kaspersky Internet Security 2010...Its great...Thanks to you...
While working on the net,It suddenly showed me a message about the detected network threat. I opened the Reports in it and I saw the threats and in the applications column (just next to the threat name) it was written "ABSENT"...
Does that means the Kaspersky detected it but was not able to block it or defend my PC against it or it means something else...please tell me...
And thanx for the reply...
m
0
l
aktomjerry
February 1, 2010 12:01:58 PM
Hi...
Now I am using Kaspersky Internet Security 2010...Its great...Thanks to you...
While working on the net,It suddenly showed me a message about the detected network threat. I opened the Reports in it and I saw the threats and in the applications column (just next to the threat name) it was written "ABSENT"...
Does that means the Kaspersky detected it but was not able to block it or defend my PC against it or it means something else...please tell me...
And thanx for the reply...
Now I am using Kaspersky Internet Security 2010...Its great...Thanks to you...
While working on the net,It suddenly showed me a message about the detected network threat. I opened the Reports in it and I saw the threats and in the applications column (just next to the threat name) it was written "ABSENT"...
Does that means the Kaspersky detected it but was not able to block it or defend my PC against it or it means something else...please tell me...
And thanx for the reply...
m
0
l
stefo
February 2, 2010 12:53:22 PM
aktomjerry said:
I am using Quick Heal Internet security 2010 (updated)... it detects a "Trojan Virus" in a file and in a game and deletes it...The problem is, I scanned the same file and the game with the updated versions of "avast home edition 4.8" , "Kaspersky Internet security 2010" , "Norton Internet security 2010" , "Avira antivirus" , "avg antivirus" , "bit defender", "nod 32" and with "e-scan internet security"...out of which only "e-scan internet security detected" the "Trojan"...
Now I am totally confused... whether should I trust "Quick heal and e-scan" or should I trust the other antiviruses...
I used ESET Smart Security Suite and NOD32 on 6 window machines at home. It is FAST and have the least problems of false positive..
False Positive is a common problem.
I used to run different AV on diff. machines with the believe that it has widest possible security coverage. But false positive drove me nuts, especially with Avira and AVG.
How i know it's a false positive?
* I send/submit the quarantined files to the AV vendor and they check it. Usually the next few updates stops classifying it as a virus.
Some programmers use commercial EXE packers to wrap their applications including game makers. Some virus writer also use the same EXE packer. The problem is AV vendors will misidentify the EXE packer wrapper as the virus code, instead of the actual virus. So any software that uses that particular EXE packer will be misclassified as malware. AV companies have tens or hundreds of code analysts that review/compare the executable binary against their secret database. Analysts are divided into different levels as well as groups.
Not very established AV vendors have few resources to do finer analysis of the file, so they take the approach of if not sure - classify it as a malware - for now. if someone complains, we'll escalate it to more technical teams to do further analysis.
m
0
l
stefo
February 3, 2010 4:36:42 AM
checkout CNET Antivirus Review
http://www.cnet.com/topic-reviews/antivirus.html
another reviewer that i trust is Virus Bulletin magazine (need to register to view reports)
http://www.virusbtn.com
some AV reviews are as good as toilet paper.
not a big fan of free av. they are highly vulnerable and give user a false sense of security.
http://www.cnet.com/topic-reviews/antivirus.html
another reviewer that i trust is Virus Bulletin magazine (need to register to view reports)
http://www.virusbtn.com
some AV reviews are as good as toilet paper.
not a big fan of free av. they are highly vulnerable and give user a false sense of security.
m
0
l
Go for Microsoft Security Essentials
www.microsoft.com/Security_Essentials/
http://www.av-comparatives.org/images/stories/test/summ...
Check with this and decide
www.microsoft.com/Security_Essentials/
http://www.av-comparatives.org/images/stories/test/summ...
Check with this and decide
m
0
l
aktomjerry
February 4, 2010 7:33:36 AM
Go to that Microsoft link and See about Microsoft Security Essentials :
Microsoft Security Essentials is a free* download from Microsoft that is simple to install, easy to use, and always kept up to date so you can be assured your PC is protected by the latest technology. It’s easy to tell if your PC is secure — when you’re green, you’re good. It’s that simple.
Microsoft Security Essentials runs quietly and efficiently in the background so that you are free to use your Windows-based PC the way you want—without interruptions or long computer wait times.
*Your PC must run genuine Windows to install Microsoft Security Essentials.
PS: I afraid that Microsoft Security Essential will run only on Windows(XP/Vista (both 32/64 bit)/Window 7 (both 32&64bit), that too in a geniune version. It won't run in any other OS.
Microsoft Security Essentials is a free* download from Microsoft that is simple to install, easy to use, and always kept up to date so you can be assured your PC is protected by the latest technology. It’s easy to tell if your PC is secure — when you’re green, you’re good. It’s that simple.
Microsoft Security Essentials runs quietly and efficiently in the background so that you are free to use your Windows-based PC the way you want—without interruptions or long computer wait times.
*Your PC must run genuine Windows to install Microsoft Security Essentials.
PS: I afraid that Microsoft Security Essential will run only on Windows(XP/Vista (both 32/64 bit)/Window 7 (both 32&64bit), that too in a geniune version. It won't run in any other OS.
m
0
l
aktomjerry
February 5, 2010 3:47:29 AM
aktomjerry said:
Hey man... then who is going to use it coz most of the people uses pirated windows and the company knows it too...But is it more powerful than Kaspersky Internet security 2010....
Please answer me.....
I don't think MOST people use pirated windows. Microsoft supposedly sold 60 million copies of windows 7 already.
http://www.pcadvisor.co.uk/news/index.cfm?RSS&NewsID=32...
Guilty conscience?
m
0
l
negril
February 14, 2010 10:14:56 AM
Sounds like you guys have a handle on security and I'm wondering if using different security packages on different computers in a home network would cause any problems for me. I have a brand new Win7 computer which came with Norton 2010 installed and I'm pleased with it after about two weeks of use. I have 1.5 Tb storage and I'm not concerned with file space. I'm running an AMD Phenom II x4 955 on an AM3 motherboard with 8 g DDR 3 so speed or lag time is also not a big concern. My other two computers are currently using McAfee which I haven't updated in ages. Believe me, I hate McAfee but couldn't find a way to rid my computers of it. I'd like to update the two older computers with Kaspersky 2010 and I'm wondering if they will work together once I introduce my new computer to my home network. Just for your information Costco has Kaspersky 2010 @ three packages for $19.95. Thats as good as free in my thinking. I appreciate your comments.
m
0
l
btk1w1
February 15, 2010 12:04:47 AM
^ +1 for Afords response.
Negril, after you uninstall Mcafee with add / remove programs use their removal tool (MCPR.exe) to clean the rest of it out.
The page linked below has full instructions and a link to the removal tool:
http://service.mcafee.com/FAQDocument.aspx?id=TS100507
Negril, after you uninstall Mcafee with add / remove programs use their removal tool (MCPR.exe) to clean the rest of it out.
The page linked below has full instructions and a link to the removal tool:
http://service.mcafee.com/FAQDocument.aspx?id=TS100507
m
0
l
negril
February 15, 2010 11:50:29 PM
I ordered Kaspersky yesterday and should have it later this week. I'll follow your tip using the McAfee removal tool. Will post back with the results. I have two computers needing protection and the package I bought has three copies. If I like it better than Norton I may install it on this machine also.
m
0
l
negril
February 19, 2010 10:41:13 PM
btk1w1 said:
^ +1 for Afords response.Negril, after you uninstall Mcafee with add / remove programs use their removal tool (MCPR.exe) to clean the rest of it out.
The page linked below has full instructions and a link to the removal tool:
http://service.mcafee.com/FAQDocument.aspx?id=TS100507
Thanx for the tip on MCPR.exe. After I uninstalled the McAfee programs under control panel I would have thought I was finished. I was amazed at what the dowloaded program did. Appreciate the information. I'm presently installing Kaspersky on two of my machines.
Jerry
m
0
l
Canuck1
February 28, 2010 1:11:36 PM
btk1w1
February 28, 2010 6:02:04 PM
Neither Avira NOR MBAM detected a virus and something else did?
What was the name of this virus and what caught it?
What 2nd opinion did you get that this was a virus? Did you upload the infected object to virustotal or jotti? Did you run an online scan to confirm your suspicions?
You'd want to hope that you didn't let a false positive sway you away from 2 of the highest rated security apps in their class! And that's from multiple sources, not just my personal opinion.
I agree with Afords sentiments also.
What was the name of this virus and what caught it?
What 2nd opinion did you get that this was a virus? Did you upload the infected object to virustotal or jotti? Did you run an online scan to confirm your suspicions?
You'd want to hope that you didn't let a false positive sway you away from 2 of the highest rated security apps in their class! And that's from multiple sources, not just my personal opinion.
I agree with Afords sentiments also.
m
0
l
btk1w1
March 1, 2010 3:44:14 PM
Canuck, I come across your other thread in regards to the virus.
Those rogue antispyware malwares are becoming more and more difficult to combat, they usually cause quite a bit of grief when they attack. I can unerstand your frustration.
As good as MBAM is, the team at malwarebytes.org do have a tough time keeping up. It seems every day there a multitude of new variants, and the malware writers are including programming which denies PC users access to sites that host the application, and in case anyone can get the application they include measures to prevent its install. Because of MBAM's success it appears to be directly targeted by malware. Often the need to run a second tool, or significantly adjust computer settings is required to allow MBAM to run.
As for Avira I think I have seen rogues running along side nearly every AV. The malware writers continually change the way the program looks to AV's and silently run the installers at the highest privelege, administrator.
There is one free tool that would have alerted you of the drive-by install by letting you know of attempted unauthorised changes to your system and that is WinPatrol by BillP Studios. Significant changes of this nature you have to grant permission to. I have used it for years and can't fault it. It is light on resources too. Give it a test run if you're keen.
Had I known the exact nature of the infection I wouldn't have responded as such in the above post so I apologise if it offended. I assumed you found an infected file, not a full blown system compromise.
Those rogue antispyware malwares are becoming more and more difficult to combat, they usually cause quite a bit of grief when they attack. I can unerstand your frustration.
As good as MBAM is, the team at malwarebytes.org do have a tough time keeping up. It seems every day there a multitude of new variants, and the malware writers are including programming which denies PC users access to sites that host the application, and in case anyone can get the application they include measures to prevent its install. Because of MBAM's success it appears to be directly targeted by malware. Often the need to run a second tool, or significantly adjust computer settings is required to allow MBAM to run.
As for Avira I think I have seen rogues running along side nearly every AV. The malware writers continually change the way the program looks to AV's and silently run the installers at the highest privelege, administrator.
There is one free tool that would have alerted you of the drive-by install by letting you know of attempted unauthorised changes to your system and that is WinPatrol by BillP Studios. Significant changes of this nature you have to grant permission to. I have used it for years and can't fault it. It is light on resources too. Give it a test run if you're keen.
Had I known the exact nature of the infection I wouldn't have responded as such in the above post so I apologise if it offended. I assumed you found an infected file, not a full blown system compromise.
m
0
l
negril
March 2, 2010 4:28:27 PM
negril
March 2, 2010 4:34:07 PM
Related resources
- Which should I trust? MSI or CoreTemp? Forum
- SolvedWhich PSU wattage calculator should I trust? Forum
- SolvedWhich temperature reading to trust? Forum
- SolvedWhich program should I trust Forum
- which cpu temp program should i trust? Forum
- SolvedWhich antivirus to use Forum
- SolvedWhich Free Antivirus Should I choose? Forum
- Solvedi have 1gbram celeron processor 2.26ghz which antivirus is good this confg Forum
- Which Anti-Virus question. Forum
- SolvedWhich drivers and anti-virus software do i need? Forum
- SolvedWhich version of avira antivirus should i get? Forum
- Solvedi have disk of antivirus which i got with my new laptop but i am not aware that how i will install it in my laptop. Forum
- Which temperature do I trust? HW Monitor Forum
- Solvedwhich antivirus to use? Forum
- FurMark or GPU-Z, which one to trust? Forum
- More resources
!