Antivirus Programs

[RWIndiana]

Hello all, I currently have Norton's Antivirus, but since my subscription just ran out, I thought I would take the opportunity to look into other solutions which may be cheaper and/or better. Once again, I believed this group to be the right one to ask.
So the question is, should I stick with Norton and renew my subscription, or buy the 2005 upgrade? OR should I ditch Norton and get something better?
Thanks for your any advice!




Rod

 

[mubs]

Most here will puke if you mention Norton, but I've never had a problem with it in terms of protection. Just don't depend on LiveUpdate; it never works. They've been steadily jacking up their online renewal rates, and you'll pay an arm and a leg if you do that. Cheaper to buy the retail product which almost always comes with rebates, so net cost is ~$5.

 

[Will Rickards]

NOD32 http://www.eset.com
It has won more virus bulletin awards than any other AV.
It costs real money, $39 first time, $27.30 each year thereafter.
It is not a resource hog like norton or mcafee.
Buy it now, don't listen to anybody else.

 

[JKKJ]

You could practice safe-computing and do without. I had NAV on my home system for a year; it never found anything, so I've ditched it. Depends on what you do, and whether you share the system with anyone. And you may like the "peace of mind" afforded by an up-to-date AV program

We use Symantec Antivirus Corporate at work, and it seems to have kept 25 of us virus-free for a couple of years. Didn't help the guy who couldn't figure out why his homepage was always a pr0n site though....

 

[time]

Eset NOD32 is certainly not perfect, but I still think it's more effective than anything else.

Antivirus software relies chiefly on recognising code fragments, or signatures. Without regular and timely updates, it's useless. Eset is fast and consistent in updating their virus signature lists (it's not unusual to see two or three updates in one day), which is why they score so well on "in the wild" viruses in the Virus Bulletin tests.

They spend far less effort on "zoo" viruses, which is what antivirus programs used to be tested against. If you want to detect zoo viruses, get Kaspersky. Personally, I'm only interested in viruses that are catchable.

Eset has also been making a big noise about heuristic detection, i.e. if a file smells like a virus, it probably is one. They claim this has detected some major viruses without signature updates.

So here's an idea: what if we had a time machine and could test antivirus programs against future viruses that don't yet exist? Well, this site has actually done it - by freezing signatures, waiting three months, and pitting the A/V programs against new viruses! (see November 2004 Retrospective/ProActive test)

In the past few months, Eset has greatly improved trojan detection and removal (unlike Norton, the software can be upgraded as part of the automated update). If you're feeling paranoid, you can also change the settings to increase heuristic sensitivity (plus tell it to look for spyware attributes, although this may yield false positives).

Finally, although not as fast as it used to be, NOD32 has very low impact on a system and I consider it to be one of the least invasive A/V programs on the market (unlike F-Secure, which stunned me with the amount of resource-eating crap that it installed).

 

[ddrueding]

I'll third NOD32. I got it on reccomendation from here a few weeks ago. and now have it installed on a bunch of machines, I also am using their remote admin package and their MS Exchange plugin. All are working very well and without hassle.

I was quite amazed at the simplicity of their MS Exchange component; it drops right into the standard AV app as another config page, and started scanning the message store right after I configured it.

Before testing this on my current machine, I've been running without AV software on my personal machine since...ever. I'll likely remove it during my next OCD performance freak system streamlining, I've never had a virus on my own machine.

 

[Buck]

NOD32

Time, whatever happened with that system that seemed to have the NOD files infected?

 

[JKKJ]

(unlike Norton, the software can be upgraded as part of the automated update)

I thought LiveUpdate did program updates too (not that Norton issues a lot of them).

 

[RWIndiana]

So, it appears NOD32 is the general consensus. . . I have one more question: If I install it on multiple computers, do I have to buy a license for each one?

 

[Mercutio]

Use Linux.

 

[Buck]

So, it appears NOD32 is the general consensus. . . I have one more question: If I install it on multiple computers, do I have to buy a license for each one?

Yes, you should.

 

[miksmi]

Grisoft AVG

Grisoft AVG is free for home users; I learned of it here. How does it stack up against NOD32?

 

[Clocker]

I've been very happy with AVG. They just upgraded the free version to v7 about a month or two ago. I've installed it on PCs of all of my friends and family and they have never had any virus related problems (and they don't exactly practice the safest computing habits). Free automatic updates is what really makes this product great.

C

 

[Clocker]

Here's a link directly to the free AVG download. Once nice thing they added is that there's no longer any e-mail verification required to register. Just download, install, and go.

http://free.grisoft.com/freeweb.php/doc/2/

C

 

[Will Rickards]

I don't recommend AVG if you are on dial-up or don't leave your computer on. It doesn't update automagically except at the specified time you set. It was quite annoying to have installed it for other people then return months later to find it horribly out of date.

 

[Fushigi]

I've been using AVG on the non-work systems I use & support. No problems with it.

 

[time]

Re: Grisoft AVG

Grisoft AVG is free for home users; I learned of it here. How does it stack up against NOD32?

The latest VB100% test is still only for subscribers, but you can read the Virus Bulletin June comparison. (285kB PDF)

 

[RWIndiana]

Okay I like the sound of AVG (Free!), I hope it's as good as Norton.

Merc, I thought about going with Linux just to spite Microsoft. They (Microsoft) are going to have to step it up a notch to keep their dominance.

 

[Mercutio]

I am going to give you a bit of advice that will sound flippant, but I am serious about it:

suprnova.org has every AV product under the sun availble. If there's one that doesn't have an official free demo, I assure you there's an unofficial one available there.

I think of all anti-virus software as a concession to the fallibility of others. I don't believe that computers should be compelled to have it - no matter what those idiotic popups on XP SP2 say - and I don't want to deal with it.

McAffee and Symantec/Norton both regularly prove to be fallible, even on fully up-to-date PCs (corrupt might be a better word - they're more like virus nets or sieves than virus walls)... but I've had AVG find viruses that Housecall didn't catch and vice versa.

I am almost convinced that the cure for viruses and spyware is almost worse than the disease. At this point I'd guess that 75% of my activities as a PC tech boil down to dealing with one or the other. That's just not right.

So when I say "use Linux", understand that, yes, it is a joke, but it's also completely serious. No spyware, no viruses. With ports or up2date or apt-get there's very little opportunity for a game-breaking worm to really hurt you, and with default security that's actually fairly sensible you're much less likely to hose your machine while you're messing with it.

 

[RWIndiana]

You're so right Merc. The cure is worse than the disease. Basically, Norton is just a virus that keeps some of the other viruses away. I have an old Pentium III laptop (500mhz) that runs nearly as fast as my 2.0ghz machine, mainly because it has the minimum of software running in the background. No antivirus, firewall, no protection at all. So far it is the only computer I have that has NEVER gotten a virus . . . I thrive on irony. lol


By the way, I decided for now to just renew one computer with Norton rather than putting it on all of them or switching to a new one. There is basically only one computer we use for internet anyway (besides my unprotected laptop. I think people around here just have dangerous surfing habits), and I can scan the others via the network.

 

[CityK]

I've been using AVG for a good while now. Works fine for me. Additionally, the new (v7) free release seems to be a lot better then the former version -- faster at: updating definitions and engines, boot times....

 

[Vanilla]

Another vote for AVG. Been using it for years.

Personally I consider bloated software like Norton to be awful

 

[blakerwry]

How do you delete viruses using the new free version based on 7.0?

As far as I can tell it will detect the virus scan after scan without any attempt at deleting the file automatically or manually. Atleast with the 6.0 based free version you were given the option to delete the virus in plain sight.

 

[CityK]

Blake,

I just tried the eicar.com test file, and (when I finally got it to actually save to my intended target, without the AV cancelling the d/l) I was able to manually delete it without any problem.

 

[blakerwry]

Yeah, but how does that help my parents when they have a dozen virus candidates 10 directories deep?

Should they be forced to use Explorer?

 

[Clocker]

My understanding is the AVG7 'quarntines' the viruses and you can empty the 'virus vault' whenever you want.

 

[CityK]

I see what you mean Blake.

Using AVG as I did earlier with eicar.com, I was directly able to delete or move to the virus fault. And this is consistant with what AVG says:

For infected and directly accessible objects (i.e. they are not compressed in an archive), you can use the available Heal, Move to Vault and Delete file buttons to remove the virus.

So it sure sounds like your SOL with an embedded infected file. And testing with eicar.com.zip proves this. You could scan until the sun came up and AVG won't remove it. So, yep explorer is the only option then.

And your right, v6 did allow you to nuke it -- I know cause I remember testing it out (standalone, embedded, email).

I'll check what happens with infected email in the morning.

Hopefully they will correct this, or this is the last time I'm buying one of their products :evil: .... oh wait.....

 

[CityK]

My understanding is the AVG7 'quarntines' the viruses and you can empty the 'virus vault' whenever you want.

Nope, not with embedded viruses.

 

[CityK]

I just typed up a detailed post regarding how the emc plugin behaved upon detecting a virus. Sadly, I blindly touched some combination of keys and the browser closed. Given I'm kind of reeling mad about that one, the bottom line was, after a whole lot of hassle, I wasn't able to assess AVG's behaviour of AVG because my ISP, unbeknownst to me, has email AV (norton) protection (Norton protction - isn't that like an oxymoron....anyway), and which apparently rips the content out of the infected attachments, leaving a harmless shell in their place.

So, the jury is still out on how AVG's email functionality works.

 

[CityK]

Ok...this is too funny. As I'm posting the last reply, my AVG auto updates, and its a biggy. So, right after it finishes, I tested with eicar.zip again.

Result: it now lists two entries for the file -- it lists that the zip file contains an infected file, and you can move the zip file to the virus vaulf. Its other entry is for the embedded file within the zip, but it states something like because it is embedded it can't be healed.

 

[sechs]

Bloated software like Norton has an easier to understand interface....

 

[Santilli]

Kind of shocked no one uses Trendmicro Housecall,free, and, or, their software. Been using it for a month, and it seems pretty good at catching email stuff, my main problem.

Now, should I really have to slow my computer down, just to use email on it?

While I like doing email on the Dual Xeons, my mac works fine, with 9.22, and, has an interface I like more then Linux.


s

 

[Handruin]

Housecall is only a web based utility, no? I use it (only by the web), but it doesn't run actively all the time so I don't think it's the same as the others mentioned here. Also, I think you have to use Internet Explorer to use their product. last time I tried with Firefox (which was a while ago) I was not successful.

 

[Tannin]

Gaaaa... You know better than that, Handruin. That is the whole point of Internet Explorer: it was designed to allow any random web-based application to trawl through your entire hard drive, doing whatever it likes.

Now with 99.99% of websites, that is exactly what you don't want, which is why you never use Internet Explorer on the web, only Firefox, Mozilla, Opera - whichever of the current-century browsers you prefer.


For Housecall, however (and also for Windows Update) you want the browser to be insecure, you want the browser to provide free access to your files to the remote site. This is why you use Explorer for Housecall. Hacking a real browser into something so insecure that you can run Housecall on it is just plain dumb. If you are ging to do that, why bother having a modern browser in the first place.

Err ... Now, what was the question?

 

[Santilli]

Problem is, most of those mentioned suck, as far as use.

s

 

[Groltz]

Err ... Now, what was the question?

All I can say, Tony, is that your wording: ..."any random web-based application to trawl through your entire hard drive, doing whatever it likes..." struck me as so funny I almost ejected a piece of chewing gum during the laughter outburst.


My own $0.02 to this topic would be this:

If you run Windows, use NOD32.
NOD32 is very good and has a small footprint compared to big-league AV's.

Avoid IE when possible, use an alternate such as Firefox.

 

[Tea]

He does get a bit carried away, doesn't he, Groltz.

If he'd spent a bitmore time answering the question and a bit less time frothing at the mouth, he might have remembered to mention that we all like the Trend Micro products. Highly recommended.

Mind you, we don't actually use them ourselves, we just practice safe computing from behind a quality fiirewall - and we have never yet been infected.

Compare that to the customer machiones we see come in running NAV and absolutely riddled with viruses. Honerstly, I haveno idea why the Norton team has lost the plot so badly of late. ZEvery week - and I'm serious, I mean every week, Kristi and I get machines come into the workshop running Norton Anti-virus - yes, latest version, all updates installed, running like a 286 because of all the crap routines Norton loads - and riddled with viruses. Two, three, five different ones, and none of them new or unusual. I just don't get it. How can an anti-virus product be so bad?

 

[Santilli]

Everytime I try and run one of those browsers it doesn't do something, or conflicts with something, that IE doesn't. Last night I was browsing with the new firefox, and it froze while I was using WinDVD creator 2. IE doesn't do that.

s

 

[ddrueding]

When I sell people on Firefox, I explain that it is a tradeoff. You gain system security, at the potential cost that something might now work the way it used to. Not really a choice in my opinion, why live with something that will slowly kill you?

 

[Santilli]

Email is my major problem. I'm trying to get used to Firefox, but it just seems to take 3 clicks, or moves, to do what I could do with one on IE.


I'll keep the email on the mac, even if it's a pain, I think.

s