I need recomendations for paid anti-virus

Discussion in 'Networking & Security' started by Lyric Suite, Dec 11, 2010.

  1. Lyric Suite

    Lyric Suite Limp Gawd

    Messages:
    273
    Joined:
    Mar 19, 2010
    And perhaps other security software.

    I've been doing some research, and so far it seems TrustPort is the best anti-virus out there. I've tried the trial edition, and its really lightweight (even more then Eset) and according to AV comparatives it has the highest detection rate with a low number of false positives. Only problem is that the website doesn't specify how long the license is, but my pessimist side tells me that it's only for one year which makes this product somewhat pricey.

    I'd also like to try a paid spyware removal but so far i haven't found anything i like. Spysweeper seems to be the most popular choice but it was too much of a system hog for me. Superantispyware seemed to work a lot better (despite the ridiculous name), but it tends to slow my computer a lot during boot up or shutdown.

    As far as firewall is concerned, right now i'm using Kerio 2.1.5 for outbound, my router for inbound, and geswall for HIPS. This setup works perfectly (and its free too boot!), but you never know, perhaps there is a paid solution out there that works even better.

    Any thoughts on all this?
     
  2. omega-x

    omega-x 2[H]4U

    Messages:
    3,073
    Joined:
    Jun 21, 2003
    it's all a waste of money.

    just use MBAM+hijackthis and microsoft security essentials.

    (side note, i've never used AV, and ive never gotten a virus, but i'm just damned careful)
     
  3. Lyric Suite

    Lyric Suite Limp Gawd

    Messages:
    273
    Joined:
    Mar 19, 2010
    Microsoft Security Essential slowed down my system considerably. It might become good eventually but right now its too dam buggy. I already have the free version of Malware bytes, which i use as scan on demand, along with Hit Man pro. I tried Immunet for a while but the false positives were just too much. Damn thing started picking stuff off my steam folder.
     
    Last edited: Dec 11, 2010
  4. /usr/home

    /usr/home [H]ardness Supreme

    Messages:
    6,164
    Joined:
    Mar 18, 2008
    ? It's not buggy, I've seen it run awesome on hundreds of machines, though, I have seen it slow down the crap out of a few machines for some odd reason.
     
  5. Electrofreak

    Electrofreak [H]ard|Gawd

    Messages:
    1,080
    Joined:
    Aug 5, 2008
    I'm going to echo MalwareBytes + Microsoft Security Essentials, I also throw SpyBot Search and Destroy into the mix because I like it's integrated tools.

    The only reason to pay for A/V is for heuristics, and if you're worried about MSE making your PC slow, wait until everything is being scanned real-time.
     
  6. LZ1

    LZ1 [H]Lite

    Messages:
    108
    Joined:
    Sep 3, 2010
    Signature based anti virus is worthless :)
     
  7. Electrofreak

    Electrofreak [H]ard|Gawd

    Messages:
    1,080
    Joined:
    Aug 5, 2008
    An enthusiastic statement, but untrue.
     
  8. YeOldeStonecat

    YeOldeStonecat [H]ardForum Junkie

    Messages:
    11,330
    Joined:
    Jul 19, 2004
    He wasn't asking for signature base, not what anyone talking about. There aren't that many AV products out there now which don't rely on some form of behaviour/heuristics/cloud checking.
     
    Last edited: Dec 12, 2010
  9. LZ1

    LZ1 [H]Lite

    Messages:
    108
    Joined:
    Sep 3, 2010
    Untrue?

    I can generate a payload on the fly that will defeat 99% of the signature based anti viruses out there...

    Same thing all of the exploit packs are doing and all of the targeted attacks against corporations.


    Look at all the PDF based malware that is flying around right now...A lot of the payloads are generated on the fly and each time its unique antivirus will not detect this.

    You know how large companies are detecting these now? Entropy of the character set
     
    Last edited: Dec 12, 2010
  10. Electrofreak

    Electrofreak [H]ard|Gawd

    Messages:
    1,080
    Joined:
    Aug 5, 2008
    Yes, untrue. You said specifically that signature-based AV is worthless, and it's not. The vast majority of viruses that are picked up by home users have had signatures updated and distributed via a virus definition update.

    If the OP needs zero-day AV protection, obviously he needs something that uses a form of heuristics. But in general, it's not necessary unless you go out looking for trouble.
     
  11. Malk-a-mite

    Malk-a-mite [H]ard|Gawd

    Messages:
    2,023
    Joined:
    Feb 16, 2002
  12. YeOldeStonecat

    YeOldeStonecat [H]ardForum Junkie

    Messages:
    11,330
    Joined:
    Jul 19, 2004
  13. LZ1

    LZ1 [H]Lite

    Messages:
    108
    Joined:
    Sep 3, 2010
    hahaha

    Obviously nobody gets hit by drive by 0day attacks...

    Look at how people get viruses now a days....Embedded javascript in a legit site that exploits some browser side exploit, Malcious PDF that exploits any of the bugs in adobe reader your anti virus is looking for what? a signature based on the payload

    I have been testing various anti virus suites from a number of vendors and have had terrible results with them stopping these attacks.

    Next time I speak in front of clients I will make sure to tell them nothing bad will happen unless they go looking for trouble.


    SecuniaPSI is a great tool for making sure all software and addons are upto date which is where your most likely to get popped anyways.
     
    Last edited: Dec 13, 2010
  14. Electrofreak

    Electrofreak [H]ard|Gawd

    Messages:
    1,080
    Joined:
    Aug 5, 2008
    Your reading comprehension isn't too good is it? Everyone else in this thread is talking home AV, you're the only one going on and on about commercial AV.

    In addition, you're putting me into false context. I said "The vast majority of viruses that are picked up by home users have had signatures updated and distributed via a virus definition update." Not "nobody gets zero-day viruses."

    I notice you keep mentioning "clients". Where did I mention businesses there? I think that I specifically said "home users". In fact, I did! Will you look at that...

    I provide tech support to government employees. I get to see the effects of zero-day virus attacks all the time. We certainly don't provide a home AV solution to our client, it isn't appropriate.

    Now the OP didn't specifically state that he needs corporate-level AV protection for zero-day virus attacks. Recommending him a good signature-based AV solution is perfectly fine. We assume he's not having viruses custom-tailored to take him down. He also mentioned a concern with MSE slowing down his system performance. Recommending an AV that uses heuristics (a time-consuming process where the suspected virus is executed in a virtual environment within the AV) is probably not a good idea.

    Somehow billions of home users manage to get by day-by-day with "worthless" signature-based AV. Sure, in your test environment, I'm sure you're able to thwart the anti-virus. It's not a difficult thing to do. But, again, it isn't reality. And in reality, signature-based AV is more than sufficient for home AV use; again, it blocks the vast majority of viruses.
     
  15. LZ1

    LZ1 [H]Lite

    Messages:
    108
    Joined:
    Sep 3, 2010
    lol

    Goverment and Corporate are usually targeted for more specific malware attacks

    Yet home users are usually attacked via drive by attacks have you ever looked at statistics?

    Look at all the new computers that come with Symantec or whatever AV and how many people each day are still getting infected :-\

    Carry on with preaching about a false sense of security
     
  16. YeOldeStonecat

    YeOldeStonecat [H]ardForum Junkie

    Messages:
    11,330
    Joined:
    Jul 19, 2004
    AV engines, when you're comparing home, versus corporate, are pretty much the same. It's the management features (deployment, push install/push upgrades/granular control in policies) and ability to fine tune exclusions that separates the corporate versions, not the AV scanning engine.

    Malware has turned to 3rd party software, commonly web based, such as Flash, PDFs, Java exploits...because Windows has tightened up substantially. It is now cross platform...so the host operating system of the target doesn't matter. The latest Flash exploits can infect Windows, Apple, and *nix machines. They crack into web servers hosting legit sites, and they frequently slip in "advertisements" in advertising subscriptions....check out this following link
    https://threatpost.com/en_us/blogs/major-ad-networks-found-serving-malicious-ads-121210

    Now think about those 2x major ad server companies...their ads are on all types of websites...people at the office, and people at home, will stumble across those.

    I can't even think about any AV software that remains solely definition based.
     
  17. Electrofreak

    Electrofreak [H]ard|Gawd

    Messages:
    1,080
    Joined:
    Aug 5, 2008
    Funny, because that's just not what I see at work every day. I'm talking from my own experience here. And sure, people are still getting infected, but a significantly smaller portion than the people who are not, using "worthless" signature-based AV. Throughout this argument, I've yet to see you really recommend a product to the OP.

    You make a valid point; but LZ1's whole argument was about signature-based AV products, and most are. Most AV that uses heuristics heavily uses signature detection as a starting point.

    Specifically I was referring to AV that is built primarily to withstand zero-day virus attacks against a business (focused heavily on heuristics), and how it's generally overkill for most home users. There's always a new worm or variation on a theme working its way through a corporate email system. Sure, home users can get these viruses too, but the stuff I've seen the most with home users are scareware viruses (pay us for us to "remove" the virus) and malware. This is the stuff that signature-based AV doesn't have much trouble picking up. Anti-malware is entirely separate issue.

    I'm not here to disclose the kind of attacks my government client is experiencing, but suffice to say they're getting hit hard with custom-tailored viruses specifically built to compromise accounts (from within a domain), and the attacks are socially engineered. This is a very different brand of virus than the crap I used to wipe off PCs during my time as a desktop tech.

    But lets get back to the point here: the caller wants a paid AV solution that isn't going to slow down his PC like MSE did. I disputed (and continue to dispute) LZ1's claims that signature-based AV software is "worthless". It's simply not; there are quality AV products on the market that use virus definitions as the primary means of detection and have very good detection rates. I'd like to see a better product recommended that is going to suit the OP.
     
    Last edited: Dec 13, 2010
  18. YeOldeStonecat

    YeOldeStonecat [H]ardForum Junkie

    Messages:
    11,330
    Joined:
    Jul 19, 2004
    I just looked at AV-Comparatives recent "retrospective" test (heuristics), as well as their latest "on demand scan" (definitions).

    Trust Port only earned an "Advanced" rating in both (which is underneath Advanced +).
    It also earned "Many" false positives ratings in both.

    So, where did you see "is the best anti-virus" out there, and "low number of false positives"?

    I just looked at their website too....and logically I went to where I figured the facts about the license would be...in the purchase section (eStore). Right there amongst the other facts it states under LICENSING: "Valid for 1 year". Just like most other paid AV products.

    You've had one of the consistent better products rated at AV-C....Eset.
    I find MSE to be lighter on systems than Esets current product....and this is based on huge volumes of each on many many different systems. Eset is stronger in detection and heuristics...but MSE is one of the top free options.

    And you have one of the, if not THE, best malware scanner/remover products...MalwareBytes.

    If you install too many products on your PC...yuck...get ready for a bumpy sluggish ride. Tis better to keep your PC lean and mean, than bog it down with tons of security products that end up conflicting with each other with all sorts of various real time protections running.
     
  19. marley1

    marley1 [H]ardness Supreme

    Messages:
    5,447
    Joined:
    Jul 18, 2000
    MSE is not lighter, load it up on some older systems. ESET on 512MB systems runs okay, MSE on those are not good.
     
  20. Lyric Suite

    Lyric Suite Limp Gawd

    Messages:
    273
    Joined:
    Mar 19, 2010
    It must have been an older comparison. Can't believe how quickly those programs change. MSE seems to be very good but i just tried installing it again and i got the same problem (perhaps its because i'm using windows xp). My system just randomly slows down for no apparent reason and the issue revolves only when i deactivate the AV.
     
  21. YeOldeStonecat

    YeOldeStonecat [H]ardForum Junkie

    Messages:
    11,330
    Joined:
    Jul 19, 2004
    Before I got my wife her new laptop last XMas, she was using an old Dell with an early Pentium 4 1.8GHz, 512 megs, XPp....prior to that I had Eset on there...with 2.7 it was fine, with 3.0 some slowdowns, with the newer 4.0 it got unbearable, and then MSE came out...off with Eset, tried MSE...ran much better. I'm an Eset reseller, well tuned to Eset and how it runs on many different systems, and install MSE on all the smaller freebie jobs..and it runs better time after time. Gotta be something leftover on your system which MSE is conflicting with.
     
  22. almalino

    almalino [H]ard|Gawd

    Messages:
    1,553
    Joined:
    Sep 15, 2009
    I use MSE and NOD32 on my computers at home. MSE I use on unimportant machines and NOD32 on important.

    The reason: About 3 months ago I got computer infected even though I had MSE intalled.

    So far I'm happy with NOD and MSE. No slowdowns.
     
  23. YeOldeStonecat

    YeOldeStonecat [H]ardForum Junkie

    Messages:
    11,330
    Joined:
    Jul 19, 2004
    You'll find that will happen no matter what AV you have. I have thousands of clients out there running Eset.....and they even get hit with these rogue/fake alerts. We see machines coming in that got infected that were running most of the brands out there....AntiVir, Avast, Trend, Panda, Symantec, McCrapee, AVG (lol no surprise there though), Eset, Kaspersky, ...the list keeps going. These rogues/fake alerts get past them all!


    The facts are....
    *No antivirus is 100% effective
    *Most antivirus software averages about 96-98% effectiveness against traditional viruses/worms
    *The best antivirus software averages ONLY about 65% effectiveness against todays current wave of rogue/fake alert rootkits...and it goes downhill from here.

    Hence the reason to keep your web apps updated...Adobe PDFs and Flash and Shockwave, Java, etc. Since Microsoft has tightened up Windows and its products fairly well, the rogue/fake alert spreaders have turn to those web apps to spread their bugs.
     
  24. marley1

    marley1 [H]ardness Supreme

    Messages:
    5,447
    Joined:
    Jul 18, 2000
    I do more spyware/malware cleanups then YeOlde since we still service home users. He hit the nail on the head no AV is 100%

    I have seen every type of antivirus running and still have spyware running. I have seen some of the bigger rootkit type ones that dont allow you to run combofix/mbam in the user profile and MSE, McAfee, Norton all sit there with no issue of a problem.

    Business clients we have behind ESET and OpenDNS soon to be Untangle, far less issues.
     
  25. TechLarry

    TechLarry Can't find the G Spot

    Messages:
    30,104
    Joined:
    Aug 9, 2005
    NOD32 has never given me any reason to recommend anything but NOD32.
     
  26. TechLarry

    TechLarry Can't find the G Spot

    Messages:
    30,104
    Joined:
    Aug 9, 2005
    Just about every malware mess I have to clean up is from a drive-by.

    Any site using rotating ad's from an ad server is vulnerable IMHO. NOD32 caught one at a site yesterday when I went to it.

     
  27. ShadowStriker

    ShadowStriker [H]ard|Gawd

    Messages:
    1,669
    Joined:
    Oct 8, 2009
    You've never gotten a virus? You mean you haven't realized your computer's already been compromised, right?

    Another +1 for Eset, its great for use for old computers, but still good for high performance ones too.
     
  28. LZ1

    LZ1 [H]Lite

    Messages:
    108
    Joined:
    Sep 3, 2010
    All these people who have seen cases of updated AV and PCs that still get infected are prime examples of my argument.

    :)

    I understand signature based AV worked in the past but the majority of REAL/CURRENT threats to PCs can't be stopped by looking for signatures which is why people still get infected.

    Signature will never go away but you need to find use products that are moving away from that model.

    Here go use metasploits msfencode and now you can go defeat most AV...here are a couple videos.

    http://www.securitytube.net/Using-Metasploit-to-Bypass-AntiVirus-Detection-video.aspx

    http://www.youtube.com/watch?v=jYF83yfcTHs

    Just a couple of thoughts when shopping for a product
     
    Last edited: Dec 15, 2010
  29. Lyric Suite

    Lyric Suite Limp Gawd

    Messages:
    273
    Joined:
    Mar 19, 2010
    So it seems that many AVs are more or less on the same level, and the only deciding factor is how light on resources they are. On that note, the lightest AV i found (even more then MSE) is the one from Vipre (not included in the AV comparatives test). Anybody has any information on it? If the detection rates are good i might just settle with this one.