Some AV protection

Any other tech-related topics
Message
Author
User avatar
joby_toss
Posts: 2970
Joined: Sat Feb 09, 2008 9:57 am
Location: Romania
Contact:

Re: Some AV protection

#31 Post by joby_toss »

Here is my update: no AV and no FW until needed.
I'll start BD AV Free prior to inserting a USB drive and PR FW prior to launching an app that needs monitoring.
Rest of the time... I'll just be careful... :)

User avatar
guinness
Posts: 4118
Joined: Mon Aug 27, 2007 2:00 am
Contact:

Re: Some AV protection

#32 Post by guinness »

I use MSE and that seems to be fine for what you're looking for.

carbonize
Posts: 363
Joined: Wed Jan 09, 2008 1:16 am
Location: Bristol, UK
Contact:

Re: Some AV protection

#33 Post by carbonize »

OK I have been running Qihoo 360 for 45 days now (it actually tells you in big numbers how many days it's been running) and I am kind of impressed but....

I have it set to do a full scan every Sunday morning at 0200. Every Sunday I get up to find it has detected exactly two items, always two never more nor less. The files it has detected are files that have been on my system for years and yet it failed to detect them in the previous scan. Definitely makes you wonder what the heck it's doing.

I will say that the one time I downloaded a virus so I could report it it did stop the download dead.

freakazoid
Posts: 1212
Joined: Wed Jul 18, 2007 5:45 pm

Re: Some AV protection

#34 Post by freakazoid »

Did you try whitelisting the two files in Qihoo 360?

As for me, I'm still using Qihoo 360 alongside Emsisoft's Online Armor firewall. I like this combo! :)

For some older coms, I'm thinking of only running Malwarebytes Anti-Exploit and HitmanPro.Alert (free) with perhaps Webroot SecureAnywhere or EXE Radar Pro (paid). The freebies are very lightweight and should protect against zero-day exploits.

Webroot is lightweight as well but the lack of customization might prevent me from picking this up after my trial ends. EXE Radar Pro only allows programs that you have whitelisted to run. It also has some neat features including password-protecting apps. I haven't tried that app yet though, but it's on my radar (pun intended!) :)
is it stealth? ;)

carbonize
Posts: 363
Joined: Wed Jan 09, 2008 1:16 am
Location: Bristol, UK
Contact:

Re: Some AV protection

#35 Post by carbonize »

It's different two files each time. I whitelist the filters it finds and next time it's found two more files.

freakazoid
Posts: 1212
Joined: Wed Jul 18, 2007 5:45 pm

Re: Some AV protection

#36 Post by freakazoid »

carbonize wrote:It's different two files each time. I whitelist the filters it finds and next time it's found two more files.
Interesting... I've never had this problem.

Qihoo, again, has very high scores for Jan / Feb 2014 on AV-Test.org:
http://www.av-test.org/en/tests/home-us ... nfeb-2014/
is it stealth? ;)

carbonize
Posts: 363
Joined: Wed Jan 09, 2008 1:16 am
Location: Bristol, UK
Contact:

Re: Some AV protection

#37 Post by carbonize »

Gets even weirder. I cleared my whitelist and did a full scan. This time the only thing it detected was AtomicTime and nothing it had detected before. Their cloud engine really is weird.

Marc
Posts: 165
Joined: Sun May 15, 2011 6:06 pm

Re: Some AV protection

#38 Post by Marc »

A bit late, but perhaps still of "contingence".
For years now I have used Emsisoft USB Emergency Kit which is claimed to be portable, it can be used to perform scans on demand when inserting an USB drive.
Back in the years I discovered and even used some 1-year licences giveaways, it scored in the top in some security av tests at that time (I don't recap which ones where :S)
Some months ago I checked back AV-Comparatives.org AV-Test.org and yesterday I checked them all again.
In the real world protection tests and detection tests of AV-Comparatives.org it scored in the top on par with Kaspersky, BitDefender, F-Secure and it received the Silver Award in the Real-World Protection Test in its first year of testing with 99.2%, after Kaspersky with 99.9% (which is the Top Product of the year - 2013).

http://www.av-comparatives.org/wp-conte ... 309_en.pdf
http://www.av-comparatives.org/wp-conte ... 303_en.pdf
http://www.av-comparatives.org/wp-conte ... 13b_en.pdf

In File detection it scores very well too with an average of 99.4 (99.5 in Sept. 99.3 March). But regarding false positives in Sept it scored well with 7 false positives while Kaspersky scored with 5, BitDefender 8, however in March Emsisoft scored 38 false positives (must have improved it's engine by Sept?).

Regarding removal capabilities Emsisoft have some room for improvement, it scored 79, while Kaspersky 98 and BitDefender 97 in the November 2013 Test.
As well as in performance, were BitDefender had slightly less system impact than Kaspersky with 1.0 and 1.6 and Emsisoft with 11.6
But for the effect of a scanner performance/system impact is less relevant.

Here it is the AV-Comparatives Summary Report 2013
http://www.av-comparatives.org/wp-conte ... 312_en.pdf
Along with the results Charts (I recommend sorting by value)
chart.av-comparatives.org/chart1.php

On some side notes, regarding AV-Test.org I really dislike the fact they don't provide exact numbers or percents in the results but instead some dumb rounded results, with the consecuence that when the product/award of the year is choosen you have no way to know why they choose BitDefender instead of for example Kaspersky.
The only info they provided for that decision was a chart with an "average protection score" http://www.av-test.org/uploads/pics/pro ... e_user.png were Kaspersky is slightly behind BitDefender. For Home Users in Windows 7 in somw reports Kaspersky apperas to have slightly less protection score than BitDefender while in the others they are both with max score.
If I divide the grid of six blocks in which the scores are presented (as full or half blocks) it leaves an 8.3% of margin and I found no documentation whatsoever explaining how from rough results these scores are elaborated. Or on what basis are results rounded?
"In the case that two products achieve the same test results, the winner is decided on the basis of the precise results without the results being rounded up."
Also Malware-bytes Anti-malware is "designed to detect and remove infections that most antivirus programs tend to miss or are unable to remove." In other words you should run first a full scan with your antivirus and after install MBAM.
Unfortunately from what I have read in the forums there are no plans for a portable version.

Will try thou the one posted here :D

Edit: I found "USB Detect & Launch" which may be able to run an application upon detection of an USB drive
http://mattcollinge.wordpress.com/softw ... nd-launch/
It was last updated in 2008 and Requires VB6 Runtimes, but might just work in W7 as it support Windows Vista, haven't tried it though.

User avatar
SYSTEM
Posts: 2041
Joined: Sat Jul 31, 2010 1:19 am
Location: Helsinki, Finland

Re: Some AV protection

#39 Post by SYSTEM »

Marc wrote: On some side notes, regarding AV-Test.org I really dislike the fact they don't provide exact numbers or percents in the results but instead some dumb rounded results, with the consecuence that when the product/award of the year is choosen you have no way to know why they choose BitDefender instead of for example Kaspersky.
The only info they provided for that decision was a chart with an "average protection score" http://www.av-test.org/uploads/pics/pro ... e_user.png were Kaspersky is slightly behind BitDefender. For Home Users in Windows 7 in somw reports Kaspersky apperas to have slightly less protection score than BitDefender while in the others they are both with max score.
If I divide the grid of six blocks in which the scores are presented (as full or half blocks) it leaves an 8.3% of margin and I found no documentation whatsoever explaining how from rough results these scores are elaborated. Or on what basis are results rounded?
They do provide more accurate numbers.

BitDefender: http://www.av-test.org/no_cache/en/test ... %5D=134980
Kaspersky: http://www.av-test.org/no_cache/en/test ... %5D=134995
Marc wrote: Edit: I found "USB Detect & Launch" which may be able to run an application upon detection of an USB drive
http://mattcollinge.wordpress.com/softw ... nd-launch/
It was last updated in 2008 and Requires VB6 Runtimes, but might just work in W7 as it support Windows Vista, haven't tried it though.
USBDLM can do that as well. Search for "Global AutoRun settings in the USBDLM.INI" in the manual: http://www.uwe-sieber.de/usbdlm_help_e.html
My YouTube channel | Release date of my 13th playlist: August 24, 2020

Marc
Posts: 165
Joined: Sun May 15, 2011 6:06 pm

Re: Some AV protection

#40 Post by Marc »

Yes but, I guess what bugs me is that I can't tell how results are rounded. AV-Comparatives charts results include up to xx.x% and in the sumary report they tell "average result over the year" for the winners of each test type, and as far as I can tell there's no rounding.
Considering that BitDefender and F-Secure socred the same in the chart, as well GData and Kasperky and there's plenty of other examples, why not using precise results in the first place? So considering that those more accurate results are most likely rounded (otherwise 92.9 would be 92) and base on that an even more rounded representation is used with a difference of 8.3% and only 12 possibles values from which an average is calculated and that is the critheria used for defining the winners/awards, I wonder whether using exact values the results would be different.
SYSTEM wrote: USBDLM can do that as well. Search for "Global AutoRun settings in the USBDLM.INI" in the manual: http://www.uwe-sieber.de/usbdlm_help_e.html
Does it require AutRun to be enabled for the task? Also it would be great if it was portable.
btw the reason I suggested USB Detect & Launch was
Is there some free tool that I can run on-demand to scan USB devices before I can safely access their contents?
=)

User avatar
SYSTEM
Posts: 2041
Joined: Sat Jul 31, 2010 1:19 am
Location: Helsinki, Finland

Re: Some AV protection

#41 Post by SYSTEM »

Marc wrote:
SYSTEM wrote: USBDLM can do that as well. Search for "Global AutoRun settings in the USBDLM.INI" in the manual: http://www.uwe-sieber.de/usbdlm_help_e.html
Does it require AutRun to be enabled for the task?
No, it doesn't. It has its own implementation.
Marc wrote: Also it would be great if it was portable.
Well, portability has its costs. As mentioned in the homepage of USBDLM: "Running as service makes it independent of the logged on user's privileges, so there is no need to give the users the privilege to change drive letters."
My YouTube channel | Release date of my 13th playlist: August 24, 2020

User avatar
joby_toss
Posts: 2970
Joined: Sat Feb 09, 2008 9:57 am
Location: Romania
Contact:

Re: Some AV protection

#42 Post by joby_toss »

Status update: I run no (resident) antivirus on my system. I'm tired of performance issues and overall lack of efficiency in my case (your mileage may vary).
I disabled autoplay/autorun and just use common sense when browsing/running apps.
I use Private Firewall free which features also a Process Monitor module that alerts me every time an app tries to run without my knowledge.
Occasionally I scan some file using VirusTotal online service.
I'll post here if I get into any trouble.

User avatar
webfork
Posts: 10818
Joined: Wed Apr 11, 2007 8:06 pm
Location: US, Texas
Contact:

Re: Some AV protection

#43 Post by webfork »

joby_toss wrote:Status update: I run no (resident) antivirus on my system. I'm tired of performance issues and overall lack of efficiency in my case (your mileage may vary).
I disabled autoplay/autorun and just use common sense when browsing/running apps.
I use Private Firewall free which features also a Process Monitor module that alerts me every time an app tries to run without my knowledge.
Occasionally I scan some file using VirusTotal online service.
I'll post here if I get into any trouble.
I survived without antivirus for a long time and I still submit things to VirusTotal. I mainly started using Avast for checking non-program files (still reading about MS Office threats).

User avatar
joby_toss
Posts: 2970
Joined: Sat Feb 09, 2008 9:57 am
Location: Romania
Contact:

Re: Some AV protection

#44 Post by joby_toss »

Status update: it's been ~6 months now since I quit using a resident AV.
Just the other day I scanned my system using ClamAV, SpybotSD and MalwarebytesAM and found nothing (nothing that I didn't already know about, anyway :) ).
Result: joby is a happy camper!

User avatar
joby_toss
Posts: 2970
Joined: Sat Feb 09, 2008 9:57 am
Location: Romania
Contact:

Re: Some AV protection

#45 Post by joby_toss »

Hello, my name is Joby and it's been 9 month since my last AV usage. No problems so far, fingers crossed! :)

Nice article about huge flaws in a major AV player, written by a hacker (both author and product come from my country): http://www.offensivebits.com/?p=23

Post Reply