Recommend me comprehensive anti-virus software

Dysplastic wrote:

Good to know. Can I set it to scan USB keys as soon as they are put into the computer? They're my biggest scare right now in terms of threat.

I don't know if you can make it automatically scan the USB drive, but if any file from it is copied over, opened or executed (even if you don't manually execute it) you have to let NOD32 scan it first unless you have specifically told it not to in your profile or turned off the local file monitor completely.

Made a similar recent post here: http://www.gamerswithjobs.com/node/4...

Nothing too different from what's posted here though.

Edit: Oh by the way, my own saga has ended in tears: we are being forbidden from quitting LANDesk Management Suite, because we've quote "already spent too much money on it". So we're going to continue dumping money on a product that has hosed productivity worse than any virus I've encountered, and will continue to hog resources and lock up machines.

It's ok, I'm sure we'll just lay off more people to make up for the deficit.

I'm not bitter.

Since this thread is already here, I'll just add my latest:

I was recently on an old desktop that I hardly use, and I noticed that it was acting funny. I also noticed that, unlike our laptops, I never installed and anti-virus or Windows Defender, etc. So I installed AVG Free and Windows Defender, and they've found several instances of something called Vundo.

I have some questions:

1) Must I nuke from orbit to be sure?

2) May I safely evacuate the very large amount of data that I don't want to lose?

See, the reason I was on that computer was that I was backing up my external HD to it so I could re-format the external HD. So now everything that was on it (mostly media) is on the infected computer. =/

Thoughts? And thanks in advance!

In the case of Vundo, I would unfortunately recommend a nuke from orbit unless that's a really difficult option (at the very least, run MalwareBytes on it as it can deal with Vundo quite well now.) As for your data, that should be fine, though I would scan it thoroughly after transferring it. Virtually every virus coming out now infects executable file so data should be no problem. I have successfully removed Vundo with no ill effects afterward but other variants of it I have not been able to get rid of.

PA: are you still offering your virus removal services via remote access?

I'd certainly be willing to take a look at it for you if you want, though I can't assure anything until I get to evaluate it. But if we decide we can't fix it, there's no charge. PM me if you want and we can set something up for the weekend.

MalwareBytes seems to have done the job, thanks for the tip!

With recent discussion in the deals thread I thought this would be a good time to Revive this.

So two questions,
1. What's the best free anti virus these days for windows?
2. What's the best paid AV these days?

Currently I use security essentials that has been deemed bad now, and Avast free.

Avast is definitely one of the top free ones. It's just a shame they're so annoying.

Bitdefender (free) is a big name nowadays and I don't see much mention of them around here.

AVG (free) is still pretty good, but not the best.

Avira and Panda have been making waves in the free market.

At the end of the day you're probably okay using any of them and pairing it with Malwarebytes.

See some tests here: http://www.av-comparatives.org/ and http://www.av-test.org/en/home/

(Talking about free programs here.)

Thanks for the list. I'll check them out tonight.

When I was at my parents' house this week, I had to troubleshoot something on their PC and noticed they're still running MSE. What antivirus would you guys and girls recommend for technophobic users? MSE was wonderful in this regard: one tab for updating and one tab for scanning, done and done! I purchased a 3 year subscription to Kaspersky myself, but that's hardly free

I think you'll find either Avast Free or AVG to work well for technophobes. I service computers for several older people and they all seem to get a kick out of Avast Free when it says "downloading virus updates" or whatever.

I tried Bitdefender for one day.
Now I am requesting a refund.

Holy crap that thing turns your computer into fort knox! I do some web development and it would block out any website coming from a cpanel server once it registered it as a cpanel IP. I would have had to install an older version, booted into safe mode and edited a file all while telling it to not install any updates automaticaly.

no thanks.

now back to the search.

cheeba wrote:

I think you'll find either Avast Free or AVG to work well for technophobes. I service computers for several older people and they all seem to get a kick out of Avast Free when it says "downloading virus updates" or whatever.

I'm going to try Avast. AVG doesn't score well in the reviews linked above, and Avast seems user-friendly enough. Thanks!

I haven't used it for a long time, but F-Prot, once upon a time, was one of the better choices.

I installed Panda last night. We'll see how that goes.

In October 2013 Avira announced they'll no longer have pop-up ads.

I installed it recently - yay ! - and uh, there are Avira pop-up ads about once a day.

f*ck those losers.

Going back to Avast 8.x (Avast 9.x became a bloated nightmare). As long as Avast 8.x keeps accepting signature updates, it will be my golden antivirus.

Malor wrote:

I haven't used it for a long time, but F-Prot, once upon a time, was one of the better choices.

So was Thunderbyte Antivirus but that data is highly outdated. F-Prot has let me down with ignoring week-old threats all too often.

So did Symantec Endpoint Protection.

AVG has been buggy garbage since inception, no trust there.

Kaspersky is full-on security theater. Lets through threats from a few days ago without a peep, but its "protection" will cause a variety of problems, such as DRM crashes or being unable to control the AV interface via remote control.

NOD32 is my preferred choice when I can pay, Avast! is when I cannot.

Yet all of them fail at detecting a virus that's already been executed and became a rootkit, as most of them are these days. For that I use ComboFix.

Yet all of them fail at detecting a virus that's already been executed and became a rootkit, as most of them are these days. For that I use ComboFix.

Once a rootkit has run, you can never again be sure that the computer is clean, without a reinstall.... and from what we're seeing from the NSA stuff lately, maybe not even then, as the NSA is now using BIOS hijacks. Only a matter of time before those techniques fall into private hands.

Combofix is technologically years and years ahead of traditional scan-based detection and removal techniques. It is essentially created by hackers. As long as the rootkit is known to it, it WILL remove it, all the while protecting itself as well.

Unlike it, all antiviruses, w/o exception, in these cases behave like ED-209 when it rolled down the stairs.

With unknown rootkits... yeah, its always tough. For every product. Heuristics are not there yet.

As long as the rootkit is known to it, it WILL remove it, all the while protecting itself as well.

In a word: bullsh*t. This is not logically possible.

When the OS is compromised, there is always another place to hide, and in a world of always-connected devices, code updates can be worldwide in seconds.

You cannot be certain of cleaning an OS when the OS you're running on is compromised. The very best you can get is 'probably clean'. If you want certainly clean, it will take a reinstall.

blah blah blah nothing's safe just throw your pc out and live in a cave..

Malor wrote:
As long as the rootkit is known to it, it WILL remove it, all the while protecting itself as well.

In a word: bullsh*t. This is not logically possible.

When the OS is compromised, there is always another place to hide, and in a world of always-connected devices, code updates can be worldwide in seconds.

You cannot be certain of cleaning an OS when the OS you're running on is compromised. The very best you can get is 'probably clean'. If you want certainly clean, it will take a reinstall.

Yes, code updates can be worldwide in seconds. Writing and testing those code updates so that your rootkit doesn't poop itself and stop responding, thus losing 100,000 zombie machines your customers are paying for, doesn't take "seconds". Changing major functionality of a rootkit can take days, and even so, those changes may not alter how it hides.

ComboFix is updated at least once a day, that I noticed. It is the most up-to-date with what's going on in rootkit world out of any other program I've seen. It terminates running processes, stealths itself, severs network connection if deems necessary, restarts system if necessary to gain control on startup, resets compromised registry settings, unhijacks browsers, and does all kinds of tricky sh*t.

There may not be a perfect solution, but reinstalls certainly aren't perfect either. The system becomes way too customized and well-configured to just wipe it all out and reinstall after every "potential" infection. Imaging the entire disk on regular intervals with modern disk sizes is cumbersome to say the least. Given how asymptomatic and specialized many rootkits are, this sort of paranoia can do more damage to your work than an actual rootkit.

In my opinion and extensive experience with using Combofix, it does its job very well. Your mileage may vary.

The system becomes way too customized and well-configured to just wipe it all out and reinstall after every "potential" infection.

That's a choice you have to make for yourself. But the simple fact is this: once you know malware has run on your machine, the only way to be sure it's clear is a reinstall, unless you're capable of doing a full forensic inspection of the OS, and every other file on the hard drive, from a known-clean system.

If you don't do that, the very best you can get is 'probably clean'. If probably is good enough for you, then that's your decision.

But I would argue that if this is a problem:

The system becomes way too customized and well-configured

then you're not doing your backups properly.

blah blah blah nothing's safe just throw your pc out and live in a cave..

Once you know malware has run on your computer, everything changes. You can stick your head in the sand all you like, but that's how it is.

Argument from ignorance isn't doing anyone any favors.

edit: nope, that's actually wrong. Arguments from ignorance like that are very, very helpful for the people running the botnets of the world.

Malor wrote:
blah blah blah nothing's safe just throw your pc out and live in a cave..

Once you know malware has run on your computer, everything changes. You can stick your head in the sand all you like, but that's how it is.

Argument from ignorance isn't doing anyone any favors.

edit: nope, that's actually wrong. Arguments from ignorance like that are very, very helpful for the people running the botnets of the world.

Dawwwwwww! So adorable.

Malor I would be in your position if I hadn't used ComboFix for years on multiple machines. I am usually the "sure there are no symptoms BUT HOW DO YOU KNOW YOU'RE NOT INFECTED?!" guy, and get in people's face about it all the time.

The thing is, the malware isn't being updated to evade detection all that often, and it certainly isn't being updated for too long. Even if ComboFix didn't get all of it now (which is a rare), it will get the rest later. It is being constantly updated, while "each individual malware" isn't.

I would like to know your solution of doing system backups which retain customization, don't get terribly out of date, are quick to restore, and yet don't retain rootkits that may have been included in the backup.

Further reading:

The anti-virus age is over

Is Anti-Virus Really Dead? A Real-World Simulation Created for Forensic Data Yields Surprising Results

(their conclusion: A/V does nothing against any attacker with a clue. All it stops is script kiddies.)

Symantec And Security Starlets Say Anti-Virus Is Dead

“The overall detection by anti-virus software in January was disappointing — only 70.62 percent. For February it is even worse — only 64.77 percent was detected. And in March the average detection was 73.56 percent. That might not sound too bad but it means that 29 percent, 35 percent and 26 percent was not detected,” the company’s report read.

Video link: Why Antivirus doesn't work.

Per that source: there are 200,000 unique pieces of malware being released every day.

Dawwwwwww! So adorable.

Aggressive ignorance... doubling down on foolishness. I know what the f*ck I'm talking about.

Educate yourself.

The thing is, the malware isn't being updated to evade detection all that often,

You guys aren't keeping up with the state of things.

A huge number of current infections aren't detected by malware scanners, because they're semi-unique. Any individual variant may exist on only a few hundred machines, worldwide. I saw an estimate a couple months ago that something like 45% of persistent infections these days are like this. Most antivirus companies may never even get a sample of a given piece of malware, because the cross section for each one is so small. There's just a lot OF them.

You hear about, and ComboFix goes after, the bulk ones, the infect-millions-of-PCs monsters. But the thing is, nearly all modern rootkits have download-and-install capabilities. So you get nailed by the big common thing, which goes and gets something semi-unique, just for you and a few hundred other people. Then ComboFix or your virus scanner detects the big one, and removes it, but the unique program is left behind.

ComboFix says you're clean, and you think you're clean, but you aren't.

Antivirus companies are starting to admit how bad this problem is becoming; it's becoming larger than they can handle. There are so many trojan/virus/malware variants out there, in such small cross sections, that they're losing any hope of keeping up.

I tell you three times: after you know malware has run on your PC, a reinstall is the only way to be sure of disinfection. Ignore that advice if you wish, but you are not serving your own best interests by doing so. And you are most emphatically not serving the interests of anyone you encourage to follow your poor security choices.

1) You're kind of preaching to the choir about antivirus obsolescence, at least when it comes to dealing with viruses post-infection. Yes, IMO overall antivirus technology is quite outdated.

2) Antiviruses aren't obsolete. Polymorphism existed since the time of DOS, it's nothing new, and the corresponding detection engines were in an arms race with it forever. It is better to have a good antivirus than NOT to have one.

3) Symantec has been a sh*t company in the 21st century. Symantec Endpoint Protection, which I followed through several iterations, consistently let through two-week old viruses that my parents would catch through various ad-laden Russian websites. It's a complete joke of a company and their opinion means nothing.

4) Modern _good_ antiviruses use some techniques that actually work, i.e. "enumerating goodness" instead of only "enumerating badness". Namely, they verify the executables you run against those ran by other users, as well as those with generally good known reputation. Where an antivirus couldn't possibly afford the CPU time to run a sandboxed emulation analysis for every single file you run, it can single out those it has doubts about, which makes this process sensible.

5) The web attack vector (i.e. virus loading into an HTML5 tab and never caching to disk) can be caught by a web scanner intercept or a browser plugin - as long as their signatures and polymorphic detection heuristics are up to par.

6) You consistently lump ComboFix into the generic "antivirus" pile while I've made an effort to explain that it is very different from any other anti-malware product I've used.

I'm no longer sure what this argument is about. It still remains a fact that ComboFix is the most efficient and reliable rootkit removal utility I've used, that antiviruses are still useful at interception stage, and that it's better to have a good antivirus than not to have one.

Whether you choose to nuke your system at every suspicion of malware remains your personal choice.

6) You consistently lump ComboFix into the generic "antivirus" pile while I've made an effort to explain that it is very different from any other anti-malware product I've used.

Two hundred thousand viruses A DAY. A day, Louis, a day.

ComboFix will not catch them all. It won't even catch most of them.

Malor wrote:
6) You consistently lump ComboFix into the generic "antivirus" pile while I've made an effort to explain that it is very different from any other anti-malware product I've used.

Two hundred thousand viruses A DAY. A day, Louis, a day.

ComboFix will not catch them all. It won't even catch most of them.

Or, Combofix only has to catch up to the code of a few popular kits which are used to generate them, in order to detect them.

Somehow I doubt that most of those viruses are an all original work that achieves any degree of penetration without crapping all over itself. There aren't that many competent, professional hackers out there, and writing a stable virus is hard work.