Your opinion please?

[Retiredff]

I Know NOD 32 does pretty good in most reviews and in fact is
probably just about unbeatable....(But it costs MONEY!!.).... I have
been using Avast for the past 2 years....and really as far as I am
concerned ...you cant beat it!!.....

I just went through the process of trying to figure out what to replace
Norton AV with, and found some major differences in how many files some
programs scan.

For what it is worth:

Norton- approx. 305,000 files
Avast!- approx. 90,000 files
AVG- approx. 90,000 files
Kaspersky- approx. 455,000 files

If you ask me, a program that will dig deeper to find things that don't
belong provides a heck of a lot more protection then one that just skims the
surface.

 

[Beauregard T. Shagnasty]

If you ask me, a program that will dig deeper to find things that
don't belong provides a heck of a lot more protection then one that
just skims the surface.

All of the programs you mention have options for (wording varies)
standard scan, deep scan, executable files only, and so forth. Be sure
you have the different programs set the same before you compare.

 

[null]

I just went through the process of trying to figure out what to replace
Norton AV with, and found some major differences in how many files some
programs scan.

For what it is worth:

Norton- approx. 305,000 files
Avast!- approx. 90,000 files
AVG- approx. 90,000 files
Kaspersky- approx. 455,000 files

If you ask me, a program that will dig deeper to find things that don't
belong provides a heck of a lot more protection then one that just skims the
surface.

Well, I'm a KAV fan, but your skimpy information doesn't mean
anything. You'd have to specify the scan option settings of each
scanner. Are they all set to scan "all fiiles"? Some may not not be
set to scan within compressed archives such as zips. Some may
not be set (or don't have the capability) to scan email data bases.

Another factor is that scanners differ in the way they count things.
Are some reporting that they're counting "items" rather than "files"?
It takes quite a bit of testing to discover exactly what each scanner
is counting.

Art

http://home.epix.net/~artnpeg

 

[* * Chas]

Antivir, AVG or NOD32?

My system: XPSP2, 3.2 G CPU and 1 G RAM

Thank you all, in advance

NOD32 - best I've ever used in 10 years. I've tried about 20 different
programs during that time. It has a very small footprint, it's fast,
frequent updates that are fast to D/L and it's very configurable.

Chas.

 

[* * Chas]

Kaspersky, F-Prot, and still NOD32. This is not an exhaustive list but I
consider these the tops.

I haven't tried Kaspersky in a number of years - kept have bug
problems between versions and updates so I can't comment. I use both
NOD32 and F-Prot.

NOD32 is definitely my choice, even better than the noble Dr. Solomons
which I used from 1996 until the bitter end.

Chas.

 

[* * Chas]

I just went through the process of trying to figure out what to replace
Norton AV with, and found some major differences in how many files some
programs scan.

For what it is worth:

Norton- approx. 305,000 files
Avast!- approx. 90,000 files
AVG- approx. 90,000 files
Kaspersky- approx. 455,000 files

If you ask me, a program that will dig deeper to find things that don't
belong provides a heck of a lot more protection then one that just skims the
surface.

Pray tell, where did you get those specs and how were they measured?

Chas.

 

[Retiredff]

Well, I'm a KAV fan, but your skimpy information doesn't mean
anything. You'd have to specify the scan option settings of each
scanner. Are they all set to scan "all fiiles"? Some may not not be
set to scan within compressed archives such as zips. Some may
not be set (or don't have the capability) to scan email data bases.

Another factor is that scanners differ in the way they count things.
Are some reporting that they're counting "items" rather than "files"?
It takes quite a bit of testing to discover exactly what each scanner
is counting.

Art

I had all of them set for their maximum scanning capability, whatever their
wording may have been.

If they had the ability to scan within compressed files or e-mail data
bases, then that would have been accomplished by setting it up for the max.
scan.

If they did not have the ability to do so, then it just seems that people
are being short-changed on the protection they are using.

As for 'items' or 'files', I think I understand what your getting at, and it
is something that I'm not sure about. I have never read anything related to
how some programs count one way, and another program counts a different way.

 

[Retiredff]

Pray tell, where did you get those specs and how were they measured?

Chas.

Those are the figures that each AV program reported as being scanned. As to
how they were measured, not sure what you are getting at.

The comments from Art ([email protected]) and my reply to him about 'items' and
'files' might be related to that.

 

[null]

As for 'items' or 'files', I think I understand what your getting at, and it
is something that I'm not sure about. I have never read anything related to
how some programs count one way, and another program counts a different way.

I can't point you to anything other than a discussion on this same
subject here the other day. I'll just give one example. Zip ten files.
Have each scanner scan only that one zip file. See how many "files"
are reported to have been scanned by each. You see, some scanners
might report that just one file has been scanned. Others might report
that ten or eleven were scanned.

To make sure the scanners are really scanning "within" the zip file,
include the eicar.com test file as one of the ten files zipped:

http://www.eicar.org/anti_virus_test_file.htm

All scanners should alert on this harmless test file.

Art

http://home.epix.net/~artnpeg

 

[Roger Wilco]

Those are the figures that each AV program reported as being scanned. As to
how they were measured, not sure what you are getting at.

The comments from Art ([email protected]) and my reply to him about 'items' and
'files' might be related to that.

I think Art meant 'objects' and not 'items'. You can probably use Google
groups to find the discussion - though I don't think "art objects' will
suffice. )

 

[Roger Wilco]

Those are the figures that each AV program reported as being scanned. As to
how they were measured, not sure what you are getting at.

The comments from Art ([email protected]) and my reply to him about 'items' and
'files' might be related to that.

http://groups-beta.google.com/group...=scanned+objects+2005&rnum=1#cd7e43cc6dc5a3ce

http://groups-beta.google.com/group...roup=alt.comp.anti-virus&q=art+objects&qt_g=1

I was wrong - art objects seems to give the same message. )

 

[* * Chas]

Those are the figures that each AV program reported as being scanned. As to
how they were measured, not sure what you are getting at.

The comments from Art ([email protected]) and my reply to him about 'items' and
'files' might be related to that.

So you are saying that the AV programs are reporting these numbers
after they finish scanning. As someone else in this thread has
mentioned, these figures can be misleading, depending on how an AV
program is configured and what all it's set to scan.

BTW, 455,000 files, that's an awful lot of data. Is this on a server
or something like it?

Chas.

 

[Retiredff]

I can't point you to anything other than a discussion on this same
subject here the other day. I'll just give one example. Zip ten files.
Have each scanner scan only that one zip file. See how many "files"
are reported to have been scanned by each. You see, some scanners
might report that just one file has been scanned. Others might report
that ten or eleven were scanned.

To make sure the scanners are really scanning "within" the zip file,
include the eicar.com test file as one of the ten files zipped:

http://www.eicar.org/anti_virus_test_file.htm

All scanners should alert on this harmless test file.

Art

http://home.epix.net/~artnpeg

This is all interesting, but, I can only test with Kaspersky, since I
removed the other AV programs!

However, I did find something strange related to the eicar.com test files. I
use Firefox for my browser. As the eicar site said, some people have
problems downloading the eicar.com file. I did, so I used the eicar.com.txt
file (after renaming it).

Kaspersky did not detect the 'virus' in the eicarcom2.zip file, but found it
in the other files. But KAV did not give me a choice of what to do with it.
Only that it had been detected.

I decided to try to download the files using IE. I could not download
eicar.com or the eicar.com.txt files. No problem with the zip files. Here is
where the strange part comes into play. KAV did find the 'virus' in both zip
files.

I did this three times, downloading the files with both Firefix and IE.
There was even a reboot over the 14 or so hour time period I was playing
with this. Each time, KAV would find the 'virus' in the eicarcom2.zip file
that I had downloaded through IE. Each time, it failed to find it in the
downloads through Firefox.

Something strange going on, but I don't have a clue.

Larry

 

[Retiredff]

So you are saying that the AV programs are reporting these numbers
after they finish scanning. As someone else in this thread has
mentioned, these figures can be misleading, depending on how an AV
program is configured and what all it's set to scan.

BTW, 455,000 files, that's an awful lot of data. Is this on a server
or something like it?

Chas.

Yes, it is a lot of files (photos and records from a home weather station
are a large part of them), and they are on a home system. I have two large
drives, and I have backed up a lot of stuff on the second drive, in addition
to my other backup options, just for ease of use. Normally, if I am
satisfied the backups are clean, I would omit them from the scan. But, in
being fair, I had to scan everything to get the same results from each of
the AV programs I played with.

 

[null]

However, I did find something strange related to the eicar.com test files. I
use Firefox for my browser. As the eicar site said, some people have
problems downloading the eicar.com file. I did, so I used the eicar.com.txt
file (after renaming it).

Of course, if you have the realtime monitor enabled, KAV will prevent
eicar.com from being copied to your drive. Maybe you're using some
later version that doesn't allow you to disable it? I'm only familiar
witrh good 'ol version 3.5 that gives users great flexibility in the
use of the scanner.

Kaspersky did not detect the 'virus' in the eicarcom2.zip file, but found it
in the other files.

It's not clear here whether you mean scanning on demand after
downloading or that the realtime monitor failed to prevent you
from downloading just that one file.

But KAV did not give me a choice of what to do with it.
Only that it had been detected.

Again, good 'ol version 3.5 gives you an option when the realtime
monitor pops up its alert.

I decided to try to download the files using IE. I could not download
eicar.com or the eicar.com.txt files. No problem with the zip files. Here is
where the strange part comes into play. KAV did find the 'virus' in both zip
files.

Well, the only difference I know of is that the point of interception
is different between IE and the Gecko browsers. That is to say,
with IE, the folder the downloaded temp file goes to is some IE
temporary content folder, and with the Gecko browsers it's
C:\windows\temp (on my Win 9x/ME PCs).

I did this three times, downloading the files with both Firefix and IE.
There was even a reboot over the 14 or so hour time period I was playing
with this. Each time, KAV would find the 'virus' in the eicarcom2.zip file
that I had downloaded through IE. Each time, it failed to find it in the
downloads through Firefox.

Something strange going on, but I don't have a clue.

Again, I'm a litle confused by your description. It seems you're
saying that when you use FF, that KAV doesn't intercept and
block the download (actually the copy) but it does when you use IE?
I have no idea why that would happen. It certainly shouldn't.

To avoid confusion, I suggest that you download all the different
versions of eicar.com to a empty folder and scan them on-demand.
Keep your realtime monitor off, if you can. That would give you
a baseline as to what KAV detects. It should alert on all the various
forms (six I think) as long as you have both archive scanning and "all
files" selected in the options.

Again, I'm at a disadvantage since I use the older version of KAV
and you probably don't. I guess newer versions have taken a lot
of control and options out of the hands of users. That would drive
me nuts

Art

http://home.epix.net/~artnpeg

 

[RH710]

NOD32 - best I've ever used in 10 years. I've tried about 20 different
programs during that time. It has a very small footprint, it's fast,
frequent updates that are fast to D/L and it's very configurable.

Chas.

I am with Chas,Nod32 is awsome.and version 2.5 is even better..RH710

 

[Retiredff]

Remarks in-line:

Of course, if you have the real-time monitor enabled, KAV will prevent
eicar.com from being copied to your drive. Maybe you're using some
later version that doesn't allow you to disable it? I'm only familiar
witrh good 'ol version 3.5 that gives users great flexibility in the
use of the scanner.

I'm using the latest, v. 5.whatever. Some of the time, you don't see the
simple things. Yes, the real-time monitor was enabled, and you can still
disable it in this version. You will have a hard time convincing me to do so
while online

It's not clear here whether you mean scanning on demand after
downloading or that the real-time monitor failed to prevent you
from downloading just that one file.

Both. But only when using Firefox.

Again, good 'ol version 3.5 gives you an option when the real-time
monitor pops up its alert.


Well, the only difference I know of is that the point of interception
is different between IE and the Gecko browsers. That is to say,
with IE, the folder the downloaded temp file goes to is some IE
temporary content folder, and with the Gecko browsers it's
C:\windows\temp (on my Win 9x/ME PCs).


Again, I'm a litle confused by your description. It seems you're
saying that when you use FF, that KAV doesn't intercept and
block the download (actually the copy) but it does when you use IE?
I have no idea why that would happen. It certainly shouldn't.

Downloading with FF would block eicar.com, but not eicar.com.txt.
Downloading with IE would block both files.

To avoid confusion, I suggest that you download all the different
versions of eicar.com to a empty folder and scan them on-demand.

That is what I did, but with real-time monitoring enabled. When I downloaded
eicar.com.txt, I just copied it to a couple of other test folders so I could
play with them.

Keep your real-time monitor off, if you can. That would give you
a baseline as to what KAV detects. It should alert on all the various
forms (six I think) as long as you have both archive scanning and "all
files" selected in the options.

You mean disable real-time after downloading, but before the on demand scan,
right? That I did not do, but will do the next time I give this a try.

Again, I'm at a disadvantage since I use the older version of KAV
and you probably don't. I guess newer versions have taken a lot
of control and options out of the hands of users. That would drive
me nuts

The controls are there. Part of my problem is learning KAV. I used Norton
for 12+ years, so I became very comfortable with its controls.

I think I am going to post some of this stuff in the Kaspersky forum and see
what some of those guys think about the differences that occur when using
the two different browsers to download.

I might also try digging some and try to find out how the other AV programs
count files/objects/what-ever.

This has been interesting and fun for someone who has no formal training in
computers, but is very comfortable around them. I have always been very
security conscious, and don't mind getting my hands dirty trying to figure
this stuff out.

Larry

 

[null]

I'm using the latest, v. 5.whatever. Some of the time, you don't see the
simple things. Yes, the real-time monitor was enabled, and you can still
disable it in this version. You will have a hard time convincing me to do so
while online

I have no wish to convince you do anything you feel uncomfortable
doing. "Safe hex" involves a number of key items and considerations.
Basically though, If you're using a firewall or have otherwise made
sure all your ports are at least closed, there isn't any reason why
you can't use either IE or FF just to access the eicar.org site with
the KAV realtime monitor disabled.

Both. But only when using Firefox.

But while scanning on-demand there's no need to be on line or
use a browser. You _must_ do your on-demand scanning without
the realtime monitor to prevent the realtime monitor from interfering.

Downloading with FF would block eicar.com, but not eicar.com.txt.
Downloading with IE would block both files.

Odd. I don't know why that might happen.

You mean disable real-time after downloading, but before the on demand scan,
right?
Yes.

I think I am going to post some of this stuff in the Kaspersky forum and see
what some of those guys think about the differences that occur when using
the two different browsers to download.

I might also try digging some and try to find out how the other AV programs
count files/objects/what-ever.

This has been interesting and fun for someone who has no formal training in
computers, but is very comfortable around them. I have always been very
security conscious, and don't mind getting my hands dirty trying to figure
this stuff out.

That's what I've always done, and I agree it can be fun

Art

http://home.epix.net/~artnpeg