I need recomendations for paid anti-virus

Lyric Suite

Limp Gawd
Joined
Mar 19, 2010
Messages
273
And perhaps other security software.

I've been doing some research, and so far it seems TrustPort is the best anti-virus out there. I've tried the trial edition, and its really lightweight (even more then Eset) and according to AV comparatives it has the highest detection rate with a low number of false positives. Only problem is that the website doesn't specify how long the license is, but my pessimist side tells me that it's only for one year which makes this product somewhat pricey.

I'd also like to try a paid spyware removal but so far i haven't found anything i like. Spysweeper seems to be the most popular choice but it was too much of a system hog for me. Superantispyware seemed to work a lot better (despite the ridiculous name), but it tends to slow my computer a lot during boot up or shutdown.

As far as firewall is concerned, right now i'm using Kerio 2.1.5 for outbound, my router for inbound, and geswall for HIPS. This setup works perfectly (and its free too boot!), but you never know, perhaps there is a paid solution out there that works even better.

Any thoughts on all this?
 
it's all a waste of money.

just use MBAM+hijackthis and microsoft security essentials.

(side note, i've never used AV, and ive never gotten a virus, but i'm just damned careful)
 
Microsoft Security Essential slowed down my system considerably. It might become good eventually but right now its too dam buggy. I already have the free version of Malware bytes, which i use as scan on demand, along with Hit Man pro. I tried Immunet for a while but the false positives were just too much. Damn thing started picking stuff off my steam folder.
 
Last edited:
? It's not buggy, I've seen it run awesome on hundreds of machines, though, I have seen it slow down the crap out of a few machines for some odd reason.
 
I'm going to echo MalwareBytes + Microsoft Security Essentials, I also throw SpyBot Search and Destroy into the mix because I like it's integrated tools.

The only reason to pay for A/V is for heuristics, and if you're worried about MSE making your PC slow, wait until everything is being scanned real-time.
 
Signature based anti virus is worthless :)

He wasn't asking for signature base, not what anyone talking about. There aren't that many AV products out there now which don't rely on some form of behaviour/heuristics/cloud checking.
 
Last edited:
An enthusiastic statement, but untrue.

Untrue?

I can generate a payload on the fly that will defeat 99% of the signature based anti viruses out there...

Same thing all of the exploit packs are doing and all of the targeted attacks against corporations.


Look at all the PDF based malware that is flying around right now...A lot of the payloads are generated on the fly and each time its unique antivirus will not detect this.

You know how large companies are detecting these now? Entropy of the character set
 
Last edited:
Untrue?

I can generate a payload on the fly that will defeat 99% of the signature based anti viruses out there...

Same thing all of the exploit packs are doing and all of the targeted attacks against corporations.


Look at all the PDF based malware that is flying around right now...A lot of the payloads are generated on the fly and each time its unique antivirus will not detect this.

You know how large companies are detecting these now? Entropy of the character set

Yes, untrue. You said specifically that signature-based AV is worthless, and it's not. The vast majority of viruses that are picked up by home users have had signatures updated and distributed via a virus definition update.

If the OP needs zero-day AV protection, obviously he needs something that uses a form of heuristics. But in general, it's not necessary unless you go out looking for trouble.
 
it's not necessary unless you go out looking for trouble.

hahaha

Obviously nobody gets hit by drive by 0day attacks...

Look at how people get viruses now a days....Embedded javascript in a legit site that exploits some browser side exploit, Malcious PDF that exploits any of the bugs in adobe reader your anti virus is looking for what? a signature based on the payload

I have been testing various anti virus suites from a number of vendors and have had terrible results with them stopping these attacks.

Next time I speak in front of clients I will make sure to tell them nothing bad will happen unless they go looking for trouble.


SecuniaPSI is a great tool for making sure all software and addons are upto date which is where your most likely to get popped anyways.
 
Last edited:
hahaha

Obviously nobody gets hit by drive by 0day attacks...

Look at how people get viruses now a days....Embedded javascript in a legit site that exploits some browser side exploit, Malcious PDF that exploits any of the bugs in adobe reader your anti virus is looking for what? a signature based on the payload

I have been testing various anti virus suites from a number of vendors and have had terrible results with them stopping these attacks.

Next time I speak in front of clients I will make sure to tell them nothing bad will happen unless they go looking for trouble.


SecuniaPSI is a great tool for making sure all software and addons are upto date which is where your most likely to get popped anyways.

Your reading comprehension isn't too good is it? Everyone else in this thread is talking home AV, you're the only one going on and on about commercial AV.

In addition, you're putting me into false context. I said "The vast majority of viruses that are picked up by home users have had signatures updated and distributed via a virus definition update." Not "nobody gets zero-day viruses."

I notice you keep mentioning "clients". Where did I mention businesses there? I think that I specifically said "home users". In fact, I did! Will you look at that...

I provide tech support to government employees. I get to see the effects of zero-day virus attacks all the time. We certainly don't provide a home AV solution to our client, it isn't appropriate.

Now the OP didn't specifically state that he needs corporate-level AV protection for zero-day virus attacks. Recommending him a good signature-based AV solution is perfectly fine. We assume he's not having viruses custom-tailored to take him down. He also mentioned a concern with MSE slowing down his system performance. Recommending an AV that uses heuristics (a time-consuming process where the suspected virus is executed in a virtual environment within the AV) is probably not a good idea.

Somehow billions of home users manage to get by day-by-day with "worthless" signature-based AV. Sure, in your test environment, I'm sure you're able to thwart the anti-virus. It's not a difficult thing to do. But, again, it isn't reality. And in reality, signature-based AV is more than sufficient for home AV use; again, it blocks the vast majority of viruses.
 
lol

Goverment and Corporate are usually targeted for more specific malware attacks

Yet home users are usually attacked via drive by attacks have you ever looked at statistics?

Look at all the new computers that come with Symantec or whatever AV and how many people each day are still getting infected :-\

Carry on with preaching about a false sense of security
 
Somehow billions of home users manage to get by day-by-day with "worthless" signature-based AV. Sure, in your test environment, I'm sure you're able to thwart the anti-virus. It's not a difficult thing to do. But, again, it isn't reality. And in reality, signature-based AV is more than sufficient for home AV use; again, it blocks the vast majority of viruses.

AV engines, when you're comparing home, versus corporate, are pretty much the same. It's the management features (deployment, push install/push upgrades/granular control in policies) and ability to fine tune exclusions that separates the corporate versions, not the AV scanning engine.

Malware has turned to 3rd party software, commonly web based, such as Flash, PDFs, Java exploits...because Windows has tightened up substantially. It is now cross platform...so the host operating system of the target doesn't matter. The latest Flash exploits can infect Windows, Apple, and *nix machines. They crack into web servers hosting legit sites, and they frequently slip in "advertisements" in advertising subscriptions....check out this following link
https://threatpost.com/en_us/blogs/major-ad-networks-found-serving-malicious-ads-121210

Now think about those 2x major ad server companies...their ads are on all types of websites...people at the office, and people at home, will stumble across those.

I can't even think about any AV software that remains solely definition based.
 
lol

Goverment and Corporate are usually targeted for more specific malware attacks

Yet home users are usually attacked via drive by attacks have you ever looked at statistics?

Look at all the new computers that come with Symantec or whatever AV and how many people each day are still getting infected :-\

Carry on with preaching about a false sense of security

Funny, because that's just not what I see at work every day. I'm talking from my own experience here. And sure, people are still getting infected, but a significantly smaller portion than the people who are not, using "worthless" signature-based AV. Throughout this argument, I've yet to see you really recommend a product to the OP.

AV engines, when you're comparing home, versus corporate, are pretty much the same. It's the management features (deployment, push install/push upgrades/granular control in policies) and ability to fine tune exclusions that separates the corporate versions, not the AV scanning engine.

Malware has turned to 3rd party software, commonly web based, such as Flash, PDFs, Java exploits...because Windows has tightened up substantially. It is now cross platform...so the host operating system of the target doesn't matter. The latest Flash exploits can infect Windows, Apple, and *nix machines. They crack into web servers hosting legit sites, and they frequently slip in "advertisements" in advertising subscriptions....check out this following link
https://threatpost.com/en_us/blogs/major-ad-networks-found-serving-malicious-ads-121210

Now think about those 2x major ad server companies...their ads are on all types of websites...people at the office, and people at home, will stumble across those.

I can't even think about any AV software that remains solely definition based.

You make a valid point; but LZ1's whole argument was about signature-based AV products, and most are. Most AV that uses heuristics heavily uses signature detection as a starting point.

Specifically I was referring to AV that is built primarily to withstand zero-day virus attacks against a business (focused heavily on heuristics), and how it's generally overkill for most home users. There's always a new worm or variation on a theme working its way through a corporate email system. Sure, home users can get these viruses too, but the stuff I've seen the most with home users are scareware viruses (pay us for us to "remove" the virus) and malware. This is the stuff that signature-based AV doesn't have much trouble picking up. Anti-malware is entirely separate issue.

I'm not here to disclose the kind of attacks my government client is experiencing, but suffice to say they're getting hit hard with custom-tailored viruses specifically built to compromise accounts (from within a domain), and the attacks are socially engineered. This is a very different brand of virus than the crap I used to wipe off PCs during my time as a desktop tech.

But lets get back to the point here: the caller wants a paid AV solution that isn't going to slow down his PC like MSE did. I disputed (and continue to dispute) LZ1's claims that signature-based AV software is "worthless". It's simply not; there are quality AV products on the market that use virus definitions as the primary means of detection and have very good detection rates. I'd like to see a better product recommended that is going to suit the OP.
 
Last edited:
And perhaps other security software.

I've been doing some research, and so far it seems TrustPort is the best anti-virus out there. I've tried the trial edition, and its really lightweight (even more then Eset) and according to AV comparatives it has the highest detection rate with a low number of false positives.?

I just looked at AV-Comparatives recent "retrospective" test (heuristics), as well as their latest "on demand scan" (definitions).

Trust Port only earned an "Advanced" rating in both (which is underneath Advanced +).
It also earned "Many" false positives ratings in both.

So, where did you see "is the best anti-virus" out there, and "low number of false positives"?

Only problem is that the website doesn't specify how long the license is

I just looked at their website too....and logically I went to where I figured the facts about the license would be...in the purchase section (eStore). Right there amongst the other facts it states under LICENSING: "Valid for 1 year". Just like most other paid AV products.

You've had one of the consistent better products rated at AV-C....Eset.
I find MSE to be lighter on systems than Esets current product....and this is based on huge volumes of each on many many different systems. Eset is stronger in detection and heuristics...but MSE is one of the top free options.

And you have one of the, if not THE, best malware scanner/remover products...MalwareBytes.

If you install too many products on your PC...yuck...get ready for a bumpy sluggish ride. Tis better to keep your PC lean and mean, than bog it down with tons of security products that end up conflicting with each other with all sorts of various real time protections running.
 
MSE is not lighter, load it up on some older systems. ESET on 512MB systems runs okay, MSE on those are not good.
 
I just looked at AV-Comparatives recent "retrospective" test (heuristics), as well as their latest "on demand scan" (definitions).

Trust Port only earned an "Advanced" rating in both (which is underneath Advanced +).
It also earned "Many" false positives ratings in both.

So, where did you see "is the best anti-virus" out there, and "low number of false positives"?

It must have been an older comparison. Can't believe how quickly those programs change. MSE seems to be very good but i just tried installing it again and i got the same problem (perhaps its because i'm using windows xp). My system just randomly slows down for no apparent reason and the issue revolves only when i deactivate the AV.
 
It must have been an older comparison. Can't believe how quickly those programs change. MSE seems to be very good but i just tried installing it again and i got the same problem (perhaps its because i'm using windows xp). My system just randomly slows down for no apparent reason and the issue revolves only when i deactivate the AV.

Before I got my wife her new laptop last XMas, she was using an old Dell with an early Pentium 4 1.8GHz, 512 megs, XPp....prior to that I had Eset on there...with 2.7 it was fine, with 3.0 some slowdowns, with the newer 4.0 it got unbearable, and then MSE came out...off with Eset, tried MSE...ran much better. I'm an Eset reseller, well tuned to Eset and how it runs on many different systems, and install MSE on all the smaller freebie jobs..and it runs better time after time. Gotta be something leftover on your system which MSE is conflicting with.
 
I use MSE and NOD32 on my computers at home. MSE I use on unimportant machines and NOD32 on important.

The reason: About 3 months ago I got computer infected even though I had MSE intalled.

So far I'm happy with NOD and MSE. No slowdowns.
 
The reason: About 3 months ago I got computer infected even though I had MSE intalled.
.

You'll find that will happen no matter what AV you have. I have thousands of clients out there running Eset.....and they even get hit with these rogue/fake alerts. We see machines coming in that got infected that were running most of the brands out there....AntiVir, Avast, Trend, Panda, Symantec, McCrapee, AVG (lol no surprise there though), Eset, Kaspersky, ...the list keeps going. These rogues/fake alerts get past them all!


The facts are....
*No antivirus is 100% effective
*Most antivirus software averages about 96-98% effectiveness against traditional viruses/worms
*The best antivirus software averages ONLY about 65% effectiveness against todays current wave of rogue/fake alert rootkits...and it goes downhill from here.

Hence the reason to keep your web apps updated...Adobe PDFs and Flash and Shockwave, Java, etc. Since Microsoft has tightened up Windows and its products fairly well, the rogue/fake alert spreaders have turn to those web apps to spread their bugs.
 
I do more spyware/malware cleanups then YeOlde since we still service home users. He hit the nail on the head no AV is 100%

I have seen every type of antivirus running and still have spyware running. I have seen some of the bigger rootkit type ones that dont allow you to run combofix/mbam in the user profile and MSE, McAfee, Norton all sit there with no issue of a problem.

Business clients we have behind ESET and OpenDNS soon to be Untangle, far less issues.
 
NOD32 has never given me any reason to recommend anything but NOD32.
 
Just about every malware mess I have to clean up is from a drive-by.

Any site using rotating ad's from an ad server is vulnerable IMHO. NOD32 caught one at a site yesterday when I went to it.

hahaha

Obviously nobody gets hit by drive by 0day attacks...

Look at how people get viruses now a days....Embedded javascript in a legit site that exploits some browser side exploit, Malcious PDF that exploits any of the bugs in adobe reader your anti virus is looking for what? a signature based on the payload

I have been testing various anti virus suites from a number of vendors and have had terrible results with them stopping these attacks.

Next time I speak in front of clients I will make sure to tell them nothing bad will happen unless they go looking for trouble.


SecuniaPSI is a great tool for making sure all software and addons are upto date which is where your most likely to get popped anyways.
 
(side note, i've never used AV, and ive never gotten a virus, but i'm just damned careful)
You've never gotten a virus? You mean you haven't realized your computer's already been compromised, right?

Another +1 for Eset, its great for use for old computers, but still good for high performance ones too.
 
All these people who have seen cases of updated AV and PCs that still get infected are prime examples of my argument.

:)

I understand signature based AV worked in the past but the majority of REAL/CURRENT threats to PCs can't be stopped by looking for signatures which is why people still get infected.

Signature will never go away but you need to find use products that are moving away from that model.

Here go use metasploits msfencode and now you can go defeat most AV...here are a couple videos.

http://www.securitytube.net/Using-Metasploit-to-Bypass-AntiVirus-Detection-video.aspx

http://www.youtube.com/watch?v=jYF83yfcTHs

Just a couple of thoughts when shopping for a product
 
Last edited:
So it seems that many AVs are more or less on the same level, and the only deciding factor is how light on resources they are. On that note, the lightest AV i found (even more then MSE) is the one from Vipre (not included in the AV comparatives test). Anybody has any information on it? If the detection rates are good i might just settle with this one.
 
Back
Top