Author Topic: Anti Virus and Anti Spyware (Read 1814 times)

Vulcan · « **Reply #15 on:** November 02, 2007, 03:47:57 PM »

Check http://www.av-comparatives.org

Look at both tests, and the last few tests performance.

My choice is NOD32. Althought commercially I like McAfee but its 'good' product is not available to consumers. If you go with AVG, good luck to you.

llama · « **Reply #16 on:** November 02, 2007, 04:35:25 PM »

I just reviewed Norton AV 2008 for CPU Magazine. I found it lighter in weight than Kaspersky (which is generally what I regard as the Gold Standard), but not as light as AVG. That said, Norton AV does a lot more than AVG. I actually recommend it now.

Note that I'm just talking about NAV 2008. 2007 is slower. Norton Internet Security and Norton 360 is still rather bloated and slower. With rebates, you can get NAV2008 for around $20-$30.

For spyware cleaning and prevention, SUPERAntiSpyware is really great. I know it has a silly name. The freeware version just cleans existing problems, while the paid version ($30) actively prevents spyware from taking hold. An annual subscription is $15 a year, but you can prepay $10 for a lifetime subscription when you buy it. It is much lighter in weight than WebRoot SpySweeper, and doesn't cause any of the problems that spysweeper does.

I fix computer problems for businesses for a living in addition to being a reviewer for CPU. I rigorously test this stuff myself. These suggestions are based on my experience rather than reading some article.

Sorry for the terse posting - I'm under deadline right now...

-llama

Eagler · « **Reply #17 on:** November 02, 2007, 04:41:59 PM »

NOD32

KayBayRay · « **Reply #18 on:** November 02, 2007, 05:43:51 PM »

Avast = Free
Adaware = Free
Spybot Search & Destroy = Free
Hijack This = Free

I run Windows XP Pro with Service Pack 2 and the Standard Firewall. Since running all the above programs I have not had one successfull Trojan attack or Virus install on my system. All for FREE too. So save yourself some cash that you can apply to a better joystick or monitor to fly with.

Getback · « **Reply #19 on:** November 05, 2007, 12:40:52 PM »

When I couldn't get a Yellow boxed software to scan for virus' on a friend's funky computer I was able to get Avast to do the job. I would not hesitate to use that software at all. And as mentioned several times prior, it is FREE!

Vulcan · « **Reply #20 on:** November 05, 2007, 01:13:45 PM »

Quote

Originally posted by llama
I fix computer problems for businesses for a living in addition to being a reviewer for CPU. I rigorously test this stuff myself. These suggestions are based on my experience rather than reading some article.

Sorry for the terse posting - I'm under deadline right now...

-llama

I'm a network security pre-sales guy. I specialize in products like Sonicwall, Juniper, Foundry, McAfee (commercial not retail), Foundry, H3C, Aventail, Ciphertrust (now Secure Computing). So I speak from experience too

wrag · « **Reply #21 on:** November 05, 2007, 01:42:45 PM »

AdAware

Spybot Search and destroy

SpywareBlaster

SpywareGuard

Avira Anti-Virus

Comodo Firewall

Comodo BOclean

WinPatrol

All are FREE if you care to check em out.

DerHelm · « **Reply #22 on:** November 05, 2007, 01:52:33 PM »

Calm Win for AV = Free (Open Source)
Coutner Spy for spyware = $20 (the only one I've ever paid for, and worth it)

Made a misteak not to long ago, Spybot, adaware, trend micro... alot of them didn't remove everything. Counter spy actually nailed it and saved me the trouble of a reinstall, since my restores were deleted.

It's free for 2 weeks.

wabbit · « **Reply #23 on:** November 06, 2007, 11:02:02 AM »

AVG Free - Antivirus

Spybot Search & Destroy - for Spyware/adware

Adaware (free) - If you want a backup to spybot

Spywareblaster - (Backup for Spybot's Tea Timer

Comodo Firewall - Faster then Zonealarm and just as good. Vista version is still in beta though, but works pretty good so far.

Windows Firewall is useless. It does little to stop outgoing connects. Zonealarm used to be good at that also, but when a recent version of ZA installed an MS update, without telling clients, that made me start thinking about a replacement.

The Key protection that both ZA and Comodo give a user is the outgoing protection. If any malware gets past your defenses, it will most likely try and phone home. Both ZA and Comodo will stop this and give the user a chance to say 'Yay or Nay'. That's and excellent backup to your normal defenses.

Firefox - Internet Browser - Don't use internet enema, as it's one of the weakest links in system protection. You have to tweak it a lot just to give you some protection. Firefox does a better job with minimal tweaking. You can also try Opera too. I've never used it, but hear good things about it.

These are all Free programs. I've been installing them in client's systems since the early 90's, (except for comodo which wasn't out then). Never pay for your system protection, the free programs are just as good as the 'pay' bloatware.

I've never had anything get by AVG. Norton and Mcafee are bloatware.

Norton doesn't play well with other software, is a pain-in-the-butt to remove for most end-users, and still lets malware get past it. Ya gotta wonder about a program that has to have a separate 'removal' program on top of the standard uninstaller that comes with it. (Ofcourse norton claims it's for corrupted uninstalls.... yeah right. Do some searching and you'll find a lot of users saying otherwise...)

The important thing here, is not to take anyone's word as gospel on this. Search for reviews on all the products, (end users reviews are better then the 'paid for reviewing sites'), and get a general feeling from them, and what is said here before deciding.

There was an article on one of the major sites recently that said the free programs were performing as good as and in many cases better then the pay programs. I wish I'd bookmarked it, but couldn't find it after a quick search today.

Good Luck!

Wabbit

Vulcan · « **Reply #24 on:** November 06, 2007, 02:41:51 PM »

Quote

Originally posted by wabbit
I've never had anything get by AVG. Norton and Mcafee are bloatware.

Errr I've seen plenty get past AVG, not to mention its high level of false positives. McAfee is not bloatware, McAfee Enterprise 8.5i is one of the best AV scanners I've ever used. If you're experience is limited to the McAfee retail products then I agree.

You really need to look at AV Comparitives retrospective tests ( http://www.av-comparatives.org/ ) to see how poorly products like AVG (which fails the test complete on a regular basis).

BTW your blind faith in ZA and Comodo is amusing. Comodo is probably your best choice in personal firewalls, but having faith that these will stop malware getting out is misplaced: http://www.matousec.com/projects/windows-personal-firewall-analysis/leak-tests-results.php#firewalls-ratings

IMHO personal firewalls are snake oil. They're only good for locking down well behaved applications. If you want to see a good top notch solution look at McAfee 8.5i Enterprise's features, especially Access Protection. Unfortunately this is not a retail product.

As far as end user reviews go I'd also say thats bad advice wabbit. I'm a security person, I'm knee deep in this stuff day after day. I've seen all sorts of reviews, and the reviews all have the same fault - they're written by people completely clueless or without skill in the relevant field (security!).

llama · « **Reply #25 on:** November 06, 2007, 06:42:50 PM »

Now that I have a little more time to pontificate on this...

Here's the thing about antivirus software: for most users, it isn't really needed, but for the rest, the very best is needed. Paradoxical, No?

Here's the deal. In the old days, the main way 99% of users got a virus was via Floppy disk and via email attachments. Floppies are all but dead now and Email attachments are routinely checked by your ISP/Yahoo/AOL/Gmail/Hotmail/whatever before you even download them to your email client. Plus, you can tell a user to NEVER open EXE, COM, VBS, and BAT files (hey, sometimes they listen ).

Here's a true story. I have Kaspersky at my mom's house (uses AOL) and at a particular client's office (10 machines) that used to always get viruses (this latter group wouldn't pay for AV updates, let it lapse, and then viruses would get through - they've changed their ways after they paid me to clean the same user's machine something like 3 times one year). I switched this office to Gmail, BTW.

Anyway, in two years, Kaspersky's logs show NO VIRUSES coming in by email. Z-E-R-O. AOL and Gmail is catching everything before Kaspersky even scans it.

AV scanners are desperately needed, on the other hand, if the user uses Kaazaa or some other P2P program to download illegal and pirated stuff, uses warez sites to get serialz and crackz, or has kids who use instant messenger software to chat with friendz and share files. So much of this stuff is infected with viruses that it's crazy.

When I review AV stuff these days, (and I used to be the primary AV guy for Windows Magazine back in the day), I find my tests mirror what av-comparatives come up with pretty closely. I have my own email server, and it defaults to sending all EXE, BAT, COM, and VBS attachments to a separate account, so I get a very large fresh sample in just a couple of days (about a thousand in a week is average these days). I also download various exes from P2P systems. Then I copy these files over to my various test systems in my lab, install and update the various AV programs, unplug the network cables, and then let a lot of these viruses run wild, and see what happens. NOD32, AntiVir, Kaspersky, and Norton AV do very well. AVG does not. MacAfee is usually somewhere in between.

If you never do this "risky behavior," AVG is perfectly fine, and resource-light and free to boot. But if you do this sort of stuff, even just once, it simply isn't enough.

Norton AV gets a bad rap for being bloated these days for two reasons: 1. most people don't get norton AV by itself; they get Norton Internet Security (which has NAV baked in) or Norton 360 (ditto) and these two can easily overload a system, and 2. they haven't tried it since NAV2007 came out, which really killed the bloat, and NAV2008 did it even more.

Firewalls: You just gotta get a hardware firewall if you at all care about security. Period. Even if you just have 1 PC and DSL, you should get a consumer-grade hardware firewall and let it block the inbound stuff, AND CHANGE THE BLOODY DEFAULT PASSWORD.

For software firewalls, Comodo is quite good, but you know, if you don't care about outbound blocking (and I don't most of the time) the XP default firewall is pretty OK, especially when a hardware firewall is really taking care of business.

Your AV and Antispyware programs should be the things killing rogue apps that are trying to phone home BEFORE an outbound firewall tries to block them. If your software firewall blocking a rogue app, then it's too late - the rogue app is installed and broadcasting.

So, to sum up: the original poster is asking for what we think the best apps are for security. For me, I would recommend, based on my tests and my experience with clients:

AV: Kaspersky 2007 or NAV 2008
Spyware: NOTHING if you're having no problems. If you suspect problems, then Spybot Search & Destroy and Ad-Aware for cleaning (both are free). If Spyware continues to trouble you, then SUPERAntiSpyware to clean the system and to try to keep new stuff out.
Firewall: Nothing or WinXP's, plus a hardware firewall. If you insist on outbound blocking, then Comodo.

Browser: Firefox. Blocks a lot of crud that IE is happy to let in.

And Windows Update turned on to full automatic mode.

-Llama

JB73 · « **Reply #26 on:** November 06, 2007, 07:04:49 PM »

OK I got a legit question for you llama about personal routers with and without "firewalls" in them.

Am I mistaken in my understanding that to get past the router they basically have to "hack" through it? with the router tables and internal / external IP's they can't "see" your PC without going after the router correct?

Now I know there are ways past these, but if you are smart, change the admin password to something legitimately secure, and re-configure the internal IP scheme you should be relatively safe... especially if you do not open any ports.

I will take my home system for example. I have a custom router name, host name, domain name, local IP of the 10.xxx.xxx.xxx variety, custom subnet to allow only 2 IP's (for my 2 PC's), custom password of 16 chars / symbols.

I went over 2 years not running any anti-virus, or spyware, I do go to "bad" sites, and every 8-12 months or so just for fun check my system out. never gotten a thing, not even a sign. I do use firefox (with adblock and noscript) for everything except win updates, and do those manually.

so is it luck, or my router that has kept me "safe"?

llama · « **Reply #27 on:** November 06, 2007, 08:27:31 PM »

JB,

Intersting question.

(And for the record, my my primary machine is XP WITHOUT any AV, Antispyware, and with no sofware firewall turned on, but it's behind a consumer-grade firewall/router. It is Ghosted regularly, so I always have a fallback backup, but for fun I installed two of my recommended AV apps and let it scan last month. Results: 0. "Risky" behavior? Just a litte on this machine. I have a dedicated machine - or use a virtual machine in VMWare on this machine - to "test" the risky behavior. This mirrors your experience.)

Re: Hacking through a router: you are basically correct (but there's a gotcha) in that the router/firewall blocks direct access from the internet to your machine for the purposes of hacking through to it. BUT you COULD have a background program initiating the connection to the outside world through which a hack can occur, ESPECIALLY if you have UPnP turned on with the router (this opens up ports on the fly so things like Kaazaa can get through without you having to manually open up ports.) I generally turn UPnP off and manually open ports and manually direct them to specific static IP addresses on my LAN.

It sounds as though you know a bit about TCP/IP, and that's good. What you've done essentially prevents additional machines from joining your LAN, which is good, but that really isn't necessary if you're just trying to block hacks in. The router set to NOT forward ports unnecessarily is enough.

Basically, you should only open up those ports you need opened. My router lets port 80 (and a few others for mail, FTP, SSH, and others) in to my server, a handfull of very high ports for a certain online game to my gaming machine (the one without any protection, BTW), and then a few more ports to another machine for P2P testing and torrents. All the others bounce away.

BTW, based on what you've said, I'm guessing you have a NetGear brand firewall/router. Am i right? ;-)

Merely visiting "bad websites" and not getting infected is really a function of the web browser's security, or perhaps your AV software (in some cases). I'm guessing you're using Firefox or Opera (oh wait, you said you did. good.), which resist "drive-by downloads" much better than IE. Good.

The risky behavior I'm talking about is downloading EXE files that are supposed to be the latest PhotoShop, or maybe a crack for photoshop, or some new screensaver that has naked women pole dancing during idle times. Installing that stuff is risky alright, and I'm not talking about the WifeAck. Your firewall won't help you there. That's what AV is for.

-Llama

Vulcan · « **Reply #28 on:** November 06, 2007, 10:10:27 PM »

Sorry llama, but your advice is ok for 2 years ago. It needs a bit of an update. If you visit ***ANY*** website then you are participating in risky behaviour.

To assume that by avoiding 'risky' websites such as porn sites will save you (or even using browsers other than IE) is a mistake.

You have to understand malware is no longer the realm of script kiddies doing stuff for kicks or a reputation. Malware biggest culprits are organized crime (ie the russian mafia). No I am not joking, malware is big business now.

Just today someone hit 40,000 chinese web servers with a javascript malware injection. I've seen websites such as Asus hit with malware injections, theres even been banking websites hit.

My recommendation? Make sure you have a good router/firewall, minimum spec should list "Stateful Packet Inspection". Make sure you have good commercial grade AV, Nod32, Symantec, McAfee, check the av-comparitives reports. Make sure you have good commercial grade antispyware.

Finally, if you do online banking and you bank supports two factor authentication GET IT. Or at least enquire.

llama · « **Reply #29 on:** November 07, 2007, 01:04:55 PM »

Quote

Originally posted by Vulcan
Sorry llama, but your advice is ok for 2 years ago. It needs a bit of an update. If you visit ***ANY*** website then you are participating in risky behaviour.

To assume that by avoiding 'risky' websites such as porn sites will save you (or even using browsers other than IE) is a mistake.

I guess we'll have to agree to disagree on this, because I don't agree with you.

As a professional reviewer, it is also my job to filter out what is a vendor's sales pitch, what is a scare tactic, and what is a legitimate concern, based on my experience with other products and what I see in the field at clients.

I know what I have to clean off of client systems, how often I do it, and what the logs of various security programs say, and it just doesn't jive with "any" website being a risk, provided you get regular Windows/Firefox/Opera/Safari updates.

I was just at a major security vendor's HQ in San Francisco two months ago, for example. This was a hard core technical meeting spanning 3 days - no press relations or marketing people there other than to make introductions. One of the security programs protects against "drive by downloads," which is what we're talking about here.

In order to demonstrate this product's effectiveness, the browser HAD to be an older version (IE6 and Firefox 1.5.something, I beleive, PLUS a few patches behind for IE). Indeed, the security caught and stopped the drive-by download all the time from a variety of sites, but when I insisted we install the latest IE7 and Firefox 2.0.0.3 (I beleive), this security component never found anything. Why? Becasue the browser blocked it before the security app had a chance to. Two software engineers confirmed this with me. Ultimately, the marketing gal informed me that this level of protection is intended for users who are lax in their browser updates. Two weeks later. Over the phone. Riiiight.

BTW, what are the odds that a user who is lax about OS/Browser updates will also be lax about updating their security suite? About 95% as far as I'm concerned. This makes the drive-by-downloading protection a fairly weak feature in the real world, and I've reported as such.

And finally, I think this is a good debate, and I'm hoping to be proved wrong, for if I am, I think it will be a service to my readers and my clients.

I just don't think you've done it yet. ;-)

Respectfully,
Llama