Against Unknown Viruses, Avira AntiVir the Winner For Now

KingofGnG writes "AV-Comparatives, the Austrian team of experts dedicated to antivirus tests acknowledged as a reference point in the field, has published the second part of the mid-year comparative, an ideal addendum to the one already released last September. This time the aim is to evaluate the antimalware tools' effectiveness against unknown threats in a test scenario meant to prove the heuristic part and the generic markers of the on-demand scanning engines." The best in show (of 16 anti-malware packages evaluated), Avira AntiVir was able to find 71% of the unknown malware it was exposed to in the first week, dropping to 67% after the fourth.

mine is better

[SoupGuru]

My custom anti-virus solution is better. It blocks 100% of all known and unknown viruses. Just don't ask what its false positive rate is...

Re:mine is better

[77Punker]

I'm really glad the last sentence of that post was a joke instead of "I run Linux."

Re:mine is better

[Mad+Merlin]

My custom anti-virus solution is better. It blocks 100% of all known and unknown viruses. Just don't ask what its false positive rate is...

Turning off and unplugging your computer?

Re:mine is better

My custom anti-virus solution is better. It blocks 100% of all known and unknown viruses. Just don't ask what its false positive rate is...

Sounds like my sex life: My anti-STD solution is great. It blocks 100% of all known and unknown STD's. Just don't ask what my human-to-human sexual encounter rate is... :(

Re:mine is better

[Lord+Ender]

This one comment demonstrates why the entire article is bogus. Thanks.

Re:mine is better

the av-comparatives report (and the full article of Kingofgng mentions it) contains also a false alarm test, which is why AVIRA did at the end not came out first

Re:mine is better

This one comment demonstrates why your entire life is bogus.

The tests *do* take into account the false positive rates. I gained this information by reading the article. Maybe you could give this a whirl...? It's novel, I know, but it would stop you looking like a pompus jackass.

And hey - thanks.

Re:mine is better

[adisakp]

Komodo firewall has technology to only allow white-listed EXE's to run in a "paranoid" mode. It means you have to manually "approve" newly installed programs and updates (or go into installation mode during the update) but it works pretty well.

Re:mine is better

[Smidge207]

Just don't ask what my human-to-human sexual encounter rate is...

Fair enough, but I am curious as to what your human-to-dog sexual encounter rate is?

What? It's a fair question, he left it wide open to interpretation.

=Smidge=

Re:mine is better

[Thelasko]

This one comment demonstrates why the entire article is bogus. Thanks.

If you actually read the fine article it goes on to note Avira's high rate of false positives and recommends NOD32 instead.

Re:mine is better

[Lord+Ender]

You must be new here.

Re:mine is better

[sveard]

human-to-dog sexual encounter [...] Had that happen to me in Canada at a balmy -30 Celsius.

Yikes!

Re:mine is better

Just don't ask what my human-to-human sexual encounter rate is...

I have more of those encounters than I can count... in a web browser. =P

Re:mine is better

[davester666]

Ah, good old duct tape. Is there any problem it can't fix?

Re:mine is better

Oh, I see your married too.

Re:mine is better

-1 Unfunny.

Re:mine is better

[ClosedEyesSeeing]

Mine is better - remove the cat5 (or phone) cable. I'd like to see the chances of something getting in then! (from the Web, stupid users with viruses on portable media excluded from test results)

Re:mine is better

If your by yourself I think it still counts as a human-to-human sexual encounter..:)

Re:mine is better

[Hordeking]

My custom anti-virus solution is better. It blocks 100% of all known and unknown viruses. Just don't ask what its false positive rate is...

Your solution is a condom on the network interface?

Re:mine is better

[Fozzyuw]

Is there a free version of NOD32? Antivir is still free (albeit with occasional ad pop-ups) for the home version. It also have a very small footprint. How's NOD32's footprint?

Re:mine is better

OMG, I think my liver has a virus! ::cuts out liver::

-Californication

Re:mine is better

[elrous0]

That's no way to treat man's best friend. Now, cats on the other hand...well they're just asking for it. At least, that's what I told the jury anyway.

Re:mine is better

Set execute permissions for avnotify.exe to disallow. Occasional pop-ups go away.

Re:mine is better

[ushering05401]

There is no free version so far as I know.

I have only been using NOD for a few weeks... so far so good.

I was stuck with a Panda solution at work for a couple of years, NOD feels far advanced of that suite.

The nicest thing I have noticed so far is the NOD interface and presentation of options, so my opinion basically boils down to YMMV.

As far as footprints go, I rebooted this machine 29 hours ago according to task manager. The NOD kernel has utilized 28 seconds of processor time.

I just spawned an on-demand scan, and popped back into VS2008.. minor speed hit on standard tasks. Much less that Panda from the feel of it. Nod32.exe (scanning process) is currently topping out at 13% CPU usage, and it doesn't do that annoying throttling garbage that some other AV systems do, NOD stays light on the flops.

Barely noticeable really. Of course, I don't really know how good a job it is doing.

Re:mine is better

[ACMENEWSLLC]

NOD32 is the best imo. If you haven't tried it before, give the demo a shot. Be aware that by default some advanced heuristics are turned off, while leaving normal heuristics on. If you turn some of those advanced heuristics on in realtime, you will see performance issues. Bare in mind these are heuristic checks not typically done by most AV and are there for the truly paranoid.

Re:mine is better

[syousef]

Sounds like my sex life: My anti-STD solution is great. It blocks 100% of all known and unknown STD's. Just don't ask what my human-to-human sexual encounter rate is... :(

I just hope you realize STDs can cross species.

Re:mine is better

[elthicko]

Wireless? Or maybe connected to another PC through the parallel port?

Re:mine is better

I think it still counts as a human-to-human sexual encounter if you're all alone. :)
(only if you are still human)
Robot Legs make you better than human.

Re:mine is better

[lysergic.acid]

still, i think a better (more useful) test would be conducted by:

1. enlisting a 100 or so test subjects from various non-technical (in terms of computer knowledge) backgrounds.
2. give each one of the 9 best-selling anti-virus solutions to 10 different volunteers.
3. give the last 10 volunteers a 2-week course on basic computer security and malware-prevention.
4. subject all 100 subjects to the same gauntlet of viruses/trojans/malware over a 6-month period. (perhaps 4-5 viruses a week, for a total of around 120 threats tested)
5. note how many infections per person each group averaged, how many false-positives each group reported, and how much time/productivity was lost due to the threats & false-positives--for instance, time spent on reboots, reformats, dealing with virus alerts, waiting for anti-virus updates, etc.
6. lastly, measure the cost-effectiveness of the anti-virus solution used in each of the 10 groups.

i suspect that preventative education/training is probably the most effective method of combating viruses & malware. and though it might not be cost-effective in the short-term, it might be cheaper to train long-term employees how to avoid viruses/malware than to pay for yearly-subscriptions and still suffer down-time and loss of productivity from infections.

Re:mine is better

I am really glad this one useless piece of shit post got +5 insightful, slashdot mods sure are doing hardwork making the mod system useless.

Re:mine is better

[lwriemen]

Well one could easily say, "I run OS/2" or "I run eComStation", as these are both virus free platforms that can run on modern hardware and are still useful on today's internet.

Re:mine is better

Only if you're Siamese twins. Mmm, lesbian siamese twin porn!

Re:mine is better

[indi0144]

NOD 32 v2.7 its easy on system resources, it's not so expensive (at least here) and is not annoying like the rest of anti virus solutions I use it besides SpyBot because they work well together, some infections, like WildTangent, are discovered by NOD just After SpyBot find them first, SB can't delete them but NOD tries and 80% of the time it can clean the pc. I don't like NOD32 v3.x, it remembers me when Norton AV started to become bloated.

yay

[circletimessquare]

i've been using antivir for the past 2 years on vista and xp. solid, good antivirus

Re:yay

[Erbo]

Agreed. I've been using it about that long as well, having been introduced to it by my ex-wife, who learned about it from her friends in Finland (including the guy she's now married to). It's free, it works well, and I haven't had it "get in my way" the way McAfee sometimes would for some reason. I wouldn't spend another dime on McAfee at this point. Of course, I do have to contend with AntiVir's ad popup when it updates itself once a day, but oh well. Recommended.

Re:yay

[SpaceLifeForm]

I consider the ad pop-up a feature. It let's you know it is stilling running.

Re:yay

[clone53421]

Most antivirus packages have a nice systray icon for that. It even usually changes colour if something needs attention.

Re:yay

[hairyfeet]

Uuuhhh.....what ad? I have been running AntiVir home and handing it out to my users since AVG put out the "We want to suck as bad as Norton" edition(8 if IIRC) and the closest thing to an "ad" I have seen is the little things that pops up to tell you the AV database updated successfully. Considering how many boned PCs have come across my desk because someone didn't know their AV wasn't able to update I for one am QUITE happy with that little acknowledgment. That way if I have been working on the PC all day and haven't seen it pop up at least once I go and check the logs to see if there are any problems.

But I have been putting AntiVir on many different makes and models of PCs and it does its job without dragging the machine to a crawl like Norton and AVG. So is there some hidden "ad" that I don't know about or are you calling that little notification an ad?

Re:yay

[Erbo]

The free version pops up a "notifier" window when it updates, which is an ad for their paid software. Of course, given that they want you to give 'em money, you gotta expect that.

Re:yay

[thealsir]

Yep, and of course that ad window goes away completely when you buy it. Avira is one of the less verbose suites out there; I'm not sure what the GP is talking about. He might have it confused with AVG...now that is a pop up happy Antivirus.

Re:yay

[clone53421]

Hmm, a notifier saying "don't worry, all's well!" that appears every stinking day vs. a notifier saying "whoops, I couldn't update!" that appears only when appropriate. Shouldn't the choice be really obvious?

Oh, and as other people have already said... any notifier that appears unbidden and steals focus from full-screen applications is just plain wrong.

Re:yay

[Avatar8]

Similar experience here. I've used several, paid and free antivirus for decades. Not only has Antivir updated every day or two and kept me virus free (pop-up is trivial), it's also the least CPU and memory intensive of all the ones I've used.

Norton is the industry standard for most of the companies I've worked for. I recall when Norton's update caused the dir00001 issue and filled up hard drives. My main gripe with Norton is how many processes it runs and how difficult it is to remove it.

I preferred McAfee for a long time. They were more accurate and updated more often than Norton. Unfortunately, as malware and spyware became more prevalent, McAfee continued to increase in footprint size and CPU utilization. In a corporate environment where the PC is left on 24hours and scans and updates can be run at night, it's fine. When you first turn on your computer and missed an update and/or scan, though... you can forget productivity for hours while the background scan runs.

I've been really pleased with Avira and I recommend it to my colleagues and customers at every opportunity.

Re:yay

[hairyfeet]

Uuuhhh......You Do know that you can remove that notifier in like 20 seconds worth of work, right? I can give you the link right here that will fix that in less than 30 seconds if it really bugs you. Like I said me personally I WANT to know that the updates went successfully because I have seen first hand what a useless thing an un-updated Av is so I like to know that it is fully functional without checking log files daily. But considering the kinds of ads and the total "smack you in the face" manner than some free apps go about showing them to you I would say the AntiVir one is pretty benign. But if it bugs you then please use the fix. I use it on my gaming rig and haven't seen the pop up since.

Re:yay

[clone53421]

Yes, manually disabling the annoying behaviour is possible. However, it shouldn't be necessary to cripple software to get it to behave nicely, and once you've killed the automatic reminder, you no longer have the assurance that the automatic update succeeded.

If the stupid reminder was done away with and replaced with an alert that informed you if and only if the update failed, you'd not only not be bothered by the alert, but you'd be assured that the update succeeded because if something was wrong it would tell you.

Ok, so it alerts you if the update succeeds. That's annoying, but I'd like to know what it does if the update fails... does it alert the user telling them it failed? Hopefully it would; not alerting the user if the update fails would be a terrible design. If it does alert the user when an update fails, there's absolutely no reason to alert them if it succeeded.

Re:yay

[Pandora's+Vox]

You can easily change the update notifier so that it just runs minimized.

MalwareBytes?

[oahazmatt]

I'm surprised MalwareBytes isn't on the list. We've come to depend on it for removing zlob from problematic PCs.

Re:MalwareBytes?

[penguin_dance]

Yes, that's the only one I was able to use to help get rid of the pesky Recycled\boot.com virus a couple of weeks back. (It adds a folder called resycled and an autorun.inf, which you can delete, but will recreate itself until you totally clean it out.) That and Crap Cleaner finally got rid of it before it went crazy on my network.

Re:MalwareBytes?

[Mr.+DOS]

I think MBAM is technically classified as anti-spyware, not anti-virus (even though it's marketted as the fairly generic "anti-malware"). It's a great program all the same, and it's the only thing I've found to reliably remove Antivirus XP 2008/2009.

      --- Mr. DOS

Re:MalwareBytes?

[RudeIota]

combofix is something else that is effective against Antivirus XP 200x and many other infections.

Re:MalwareBytes?

[Mr.+DOS]

Hmm, that name rings a bell. I think I might've taken a cursory look at it at one point; I should go back and try it again. Thanks for the reminder!

      --- Mr. DOS

Re:MalwareBytes?

[thatnerdguy]

I'm glad I wasn't the only one to fall victim to that! Pesky is an understatement in my opinion...it was a nasty little bugger.

Unknown?

[girlintraining]

Okay, how does it detect something that's unknown? I think it would be better phrasing to say "this scanning engine has the best heuristic pattern matching algorithms amongst those products tested." But perhaps that's too techie and we should go with "zomg! finds viruses and kills zem dead! nom nom nom." :)

In either event, I have yet to have any antivirus product I use detect anything using its built-in heuristic scanner. But it sure does slow the machine down, as I'm sure many techies out there reading this from work will know by the curse word "Norton." And if I were a virus writer, I would have every antivirus product in my lab running to test against before releasing it as a matter of course. Could it be this thing is only effective because most virus writers haven't heard of it?

Re:Unknown?

[geminidomino]

In either event, I have yet to have any antivirus product I use detect anything using its built-in heuristic scanner.

I have. Any "packed" EXE apparently triggers a shitfit in AVG and Antivir. even known good ones (written myself, compiled and packed myself) throw up a warning about whatever the AV in question calls a "packed trojan"

Still, gotta use SOMETHING on windows (Ventrilo doesn't work on linux yet...). But when AVG rapes performance and Antivir launches popups with every update... it's easy to get disheartened.

Re:Unknown?

[girlintraining]

I have. Any "packed" EXE apparently triggers a shitfit in AVG and Antivir. even known good ones (written myself, compiled and packed myself) throw up a warning about whatever the AV in question calls a "packed trojan"

Okay, sorry -- you are correct. It does throw a hissy-fit over every day things like that. So does my Comodo firewall ("oh noes! You've updated firefox! Are you SURE it isn't a virus?"), and a lot of other products. But I've never had any of these "alerts" home in on a bona fide threat.

Re:Unknown?

[moderatorrater]

Okay, how does it detect something that's unknown?

If the program doesn't know about the virus beforehand, saying that the virus was unknown to it makes complete sense.

I think it would be better phrasing to say "this scanning engine has the best heuristic pattern matching algorithms amongst those products tested."

That's just a rewrite of the current headline. Heuristic algorithms are there to match the viruses that aren't specifically known about and scanned for.

Re:Unknown?

[spinkham]

Try NOD32. The scanner that actually got top ratings in this test, for finding the highest number of viri without ungodly number of false positives. I've used it for a few years, and it's fast and has a good track record on virus tests. Can't recommend enough.

Re:Unknown?

[Psychotria]

ClamAV also marks malformed .exe and encrypted compressed files (archives) as potential malware. I am not sure if this is a good thing or a bad thing. I run clamav on my linux box and use it to scan my XP box (that I use for games). Some of the things are legitimate system (or service pack) files. Fortunately I know this and don't delete them. I can envisage a situation though where I don't know whether the file is OK or not, and in this case the agressive "hueristics" will do nothing but plant FUD.

In regards to firewalls, I think that is the opposite situation. Firewalls (IMO) *should* be paranoid. I don't want a firewall that "knows" what firefox is and what a firefox update is -- why should a firewall need to know this anyway. Keep them simple and err on the side of caution.

Re:Unknown?

www.eucardsharing.com. Join us there and we can all help each other.

Re:Unknown?

[girlintraining]

In regards to firewalls, I think that is the opposite situation. Firewalls (IMO) *should* be paranoid. I don't want a firewall that "knows" what firefox is and what a firefox update is -- why should a firewall need to know this anyway. Keep them simple and err on the side of caution.

Sure, but as a user... I get sick of both. I just want something that detects "bad stuff", and doesn't tell me when it finds "good stuff", or at least doesn't remind me every day how sad it is that I need all this crap bolted onto my system just so I can browse fanfics.

Re:Unknown?

[Psychotria]

Sure, but as a user... I get sick of both. I just want something that detects "bad stuff", and doesn't tell me when it finds "good stuff", or at least doesn't remind me every day how sad it is that I need all this crap bolted onto my system just so I can browse fanfics.

Yeah I agree. But my firewall doesn't do that, so I think I misunderstood what you were getting at. Alerting the user about "good stuff" is a bit silly. Obviously when I first set up a firewall lots of good stuff gets queried and logged, but after a few days this should go away (after "training" the firewall).

Re:Unknown?

[MMC+Monster]

A good test would be to take the AV package, update it to the latest version, disconnect it from the internet for 6 months, and then reconnect to the internet and run the test without letting it update again.

Re:Unknown?

[tbcpp]

+1 for NOD32 it rocks

Re:Unknown?

[LingNoi]

s (Ventrilo doesn't work on linux yet...).

yes it does

Re:Unknown?

[b0bby]

Yeah, I switched to NOD32 a few years ago after first seeing someone on /. mention it. Been happy with it ever since. My biggest praise for it is that a lot of the users don't even know we're running an antivirus program, despite the little tray icon. We scan our email externally and run squidguard, so there isn't really much for it to do, but it catches stuff once in a while.

Re:Unknown?

71% vs 54%.
17 vs. 7 false positives, in absolute values...

Great tests, lousy ranking.

Go ahead, use NOD lol

Re:Unknown?

[xristoph]

I second that. Been using NOD32 for a few years, never regretted it. While Symantec slows down my work pc for a whole morning (i.e. 2-3 hours) once a week trying to scan the hard drive, NOD32 usually does that in about 20 minutes for my home laptop (whose hard drive, needless to say, is bigger and packed with more stuff), and I can still continue to use it. No, I am not responsible for the software installations at work ;)

Re:Unknown?

[Jorophose]

Wine =! Linux

Re:Unknown?

There are still people that say "viri" or "virii"?

Re:Unknown?

wine is nice for some things, ventrilo is not one of them.

Re:Unknown?

Viruses.

Re:Unknown?

[LingNoi]

WINE is an implementation of the windows libraries to make it work on Linux. You said it doesn't work on Linux, it does work on Linux through WINE.

Re:Unknown?

[geminidomino]

It wasn't me who said that WINE != Linux. I'm a big fan of WINE.

That said, the winehq page you linked to rates it bronze, at best. In my experience, that means "Works... barely, if the stars are aligned and the great emulation god Huffi-Muffi-Guffi is pleased with your offerings of beer and virgin goats"

Re:Unknown?

[Pandora's+Vox]

That's exactly what AV-Comparitives does. The term for the technique is "retrospective testing".

Re:Unknown?

[GreenTom]

Except that false positives are a security risk. Every time the end user gets a message "Something you've never heard of is trying to do something you don't understand. Ok or Cancel?", they're trained to mindlessly click OK.

Direct Link to results

[phantomcircuit]

http://www.av-comparatives.org/seiten/ergebnisse_2008_08.php
http://www.av-comparatives.org/seiten/ergebnisse_2008_11.php

The tables are in a horrible colors for some reason.

Re:Direct Link to results

The site seems to block direct linking...and gives you a 404. Now that's fucking stupid.

Re:Direct Link to results

[girlintraining]

The site seems to block direct linking...and gives you a 404. Now that's fucking stupid.

I second that motion. Let bombing begin in 10 minutes.

Re:Direct Link to results

[clone53421]

I visited both pages via copy-paste. Who's with me?

firewall

[amclay]

I use a firewall. Thats about it. It blocks unknown incoming traffic. Only stupid people get viruses anymore.

Re:firewall

thats what i thought until i downloaded avg free (which is free btw). evidently trainers downloaded from gamecopyworld can have malware in them along with crackz from the same source. and word/excel documents sent by respectable businesses in the fortune 500 list. even inventory control systems from the same sources. and flash drives (blank). whodathunkit ?

Re:firewall

[floodo1]

Yeah, because no file you ever download could have a virus in it. Seriously, firewalls are for protecting network connections and AV is for protecting files.

Re:firewall

[mini+me]

He claims his firewall blocks all unknown incoming traffic. It would be impossible for him to download a file with a virus as that would be considered unknown incoming traffic.

Re:firewall

[Psychotria]

He claims his firewall blocks all unknown incoming traffic. It would be impossible for him to download a file with a virus as that would be considered unknown incoming traffic.

No offence, but what are you talking about? The incoming file is known traffic, yes. Whether or not that file is a virus or contains a trojan is not known at all by the firewall (and nor should it know or care). It would be perfectly possible to download a file with a virus in it because it's not the virus that the firewall is letting through... it's the file.

Re:firewall

[floodo1]

he was making a joke about how ignorant the parent is

Missing some market leaders

[nicolaiplum]

This is an interesting test, but some market leaders are missing, notably Trend (El Reg quotes Gartner saying Trend has 13.8% market share, third after Symantec and McAfree). If I am to use this research to pick a solution or to pick a better solution, the chances are high that someone in the management is going to "suggest" (try to make me use...) "Trend" because they've heard of it; if they suggest "McAfee" I can use this research to shoot that down, but not Trend.
Meanwhile, to bang the open source drum, they also didn't test Clam AV. I don't know Clam's market share, but I have to say I like it a lot for its ease of integration into my UNIXy infrastructure compared to the commercial ones I've tried, and I consider it worth testing because of its different development methodology with undoubtedly different strengths and weaknesses compared to the big commercial AV vendors.
So it's all very interesting but not entirely useful to me.

Re:Missing some market leaders

[girlintraining]

It could be because Trend Microsystems has gone after people who have tried to benchmark their software in the past, claimed to have exclusive patents to the very concept of antivirus scanning, etc. They don't exactly have a great reputation for supporting fair marketing and being open about how their product works... Witness how many legitimate products get flagged as "hacker tools" (like Angry IP Scanner), while their commercial counterparts are ignored (ostensibly after paying them off to get off their little black list).

I say, it could be.

Re:Missing some market leaders

[nametaken]

My symantec corporate edition flags Angry IP Scanner as well.

Re:Missing some market leaders

[Psychotria]

Meanwhile, to bang the open source drum, they also didn't test Clam AV. I don't know Clam's market share, but I have to say I like it a lot for its ease of integration into my UNIXy infrastructure compared to the commercial ones I've tried...

I also like ClamAV (see my post above). I use it from my linux machines to scan my Windows machines when they're "offline". Had to write a script to get it to work how I wanted... but that's the beauty of the command line.

I believe that there's a GUI front-end for ClamAV as well (klamav I think it's called). I haven't tried it and I think it's still in early development, but I guess I'll check it out one day just for interests sake.

Re:Missing some market leaders

[Phroggy]

ClamWin doesn't support on-access scanning, so it's currently a non-option for a lot of people.

Of course if you're not supporting Windows desktops, you're free to use whatever you like.

Re:Missing some market leaders

I think either they asked to be removed from the test (ie it sucks and so on) or they failed to meet the minimum requirements (ie it sucks and so on).

The oracle should give and answer. "av-comparatives trend micro" :)

Re:Missing some market leaders

SRI Malware Threath Center has got a dailly running comparison (http://mtc.sri.com/live_data/av_rankings/) of around 30 antivirus. Their methodology is quite simple and is based on the results of testing suspicious artifacts collected by their honeynet against Virustotal array of 37 antivirus. Clamav hasn't quite well established itself at the top ten yet but is almost getting there.

Re:Missing some market leaders

ClamAV doesn't have on access scanning atm.

Re:Missing some market leaders

[initialE]

ClamWin is an open source antivirus for Windows that can not scan files in real time, unfortunately. With Winpooch, just associate ClamWin and it will be possible to detect virus in a program before it runs.

http://winpooch.free.fr/page/home.php?lang=en&page=home

Re:Missing some market leaders

[RudeIota]

MoonSecure has an on-access scanner and is based on the ClamAV project.

As much as I want to toot the horn for ClamAV, the fact is, it just isn't 'good' compared to the other Windows AV players. I've used it at least a few dozen times over the span of a few years and it just doesn't find as much (harmful) stuff as the other big AVs. (Scanning infected client systems).

Sorry Clam. :(

Re:Missing some market leaders

[Phroggy]

According to Wikipedia:

In 2008-06-13, The author has announced he quit developing the program, leaving v0.6.6 incompatible with Windows XP Service Pack 3.

And various other things that suggest it's probably not suitable for corporate use.

Now If only . . .

[Cyberllama]

. . . someone could find a way to get rid of its horrible "zomg hackers are after you, give us some monies" pop-up that comes up at 10:30 every tonight and alt-tabs me out of anything else I might be doing. I realize the free version is free, and apparently that pop-up ad justifies, but *must* it also alt-tab me out of games? That's pretty obnoxious.

Re:Now If only . . .

[clone53421]

That's enough to ensure that I will never install it.

Re:Now If only . . .

[monkeyfromx]

How about this? http://www.tipsfor.us/2007/08/15/make-avira-antivir-free-edition-more-usable/

Re:Now If only . . .

[jacob.lcl]

Create a software restriction policy path rule to deny C:/..../avnotify.exe. Problem solved.

Re:Now If only . . .

You can disable the popups. http://www.elitekiller.com/files/disable_antivir_nag.htm explains how pretty well.

Re:Now If only . . .

Just set it to update at a time when you're not likely to be using the PC...

Re:Now If only . . .

http://www.avira.com/en/support/faq/details.html?id=211

http://www.elitekiller.com/files/disable_antivir_nag.htm

Why so low?

Why are these numbers so low? 67%? 30%?

If these malware are "known", why haven't the anti-virus/malware companies jumped all over them? I get a database update on my AV at least once a week (often daily), and an engine upgrade every month or two - shouldn't these be included on one of them? I would have expected the differences to be 99% coverage vs 95% or similar.

Something seems fishy to me; I have a hard time believing that AV-Comparatives somehow have access to hundreds of malware which the AV companies don't have/can't detect.

Re:Why so low?

[kneemoe]

Because we aren't talking about 'known' we're talking about *unknown* threats.......

Re:Why so low?

Something seems fishy to me; I have a hard time believing that you somehow have access to millions of braincells which don't know how to read.

Re:Why so low?

[I)_MaLaClYpSe_(I]

Okey, I will take the time to explain it to you.

1. Set up a honeypot. Catch any number of relatively new viruses with these.

2. Use an AV product with signature files from a date before you started to capture the new viruses.

3. Tadaaa...

4. Of course... profit!

Now, was that so hard to come up with by yourself?

TFA paints a more complete picture

[floodo1]

It's worth pointing out that when you take false positives into account Eset Nod32 becomes the only AV solution to achieve the "Advanced+" rating. Apparently it detects 20% fewer "unknown" threats but had only 7 false positives, compared with 17 for AntiVir. This places AntiVir in the same category ("Advanced") as Kaspersky, Mircosoft, Symantec, McAfee, and GData. Hopefully people bother to read the TFA, and not just this /. article

Re:TFA paints a more complete picture

[street+struttin']

Why read the article? You just told us what we'd miss if we didn't.

Re:TFA paints a more complete picture

[jinx_]

It's worth pointing out that when you take false positives into account Eset Nod32 becomes the only AV solution to achieve the "Advanced+" rating.

it's also worth pointing out that avira's 17 false positives when looking at 46,000 files is pretty damn small. i think i'll take the 17 false positives over the 7 false positives knowing that it caught 20% more of the REAL threats any day.

so what if you miss out on that "legit" ecard.exe your grammy mailed you because avira thought it was fishy...? nod32 has a higher chance of letting the real malware through while avira is more likely to stop it.

i wonder which company is employing real researchers and which company is riding on the output of virustotal.com.

Re:TFA paints a more complete picture

[b0bby]

It also says that with default settings Avira would have less false positives but still detect over 50%. So I'm guessing you can tune the aggressiveness of Avira. I'm still happy with NOD32; these tests can never be comprehensive, and no program will ever be perfect.

Re:TFA paints a more complete picture

[Voyager529]

Agreed. The problem with this test is that they already know what is a virus and what isn't. While it's crucial to the test, it's also problematic in that they already know exactly which files to look for. As such, being able to tune the sensitivity and recording the results is like going on a treasure hunt while already knowing exactly where the treasure is just to see the distance if you take different routes. To the average end user (and probably a decent chunk of slashdotters), discerning the positives from the false positives is a crapshoot.

Joey

Re:TFA paints a more complete picture

He said people, not /. readers.

Re:TFA paints a more complete picture

[I)_MaLaClYpSe_(I]

Yes, but where AV-Comparatives clearly fails, IMHO, is on the point of speed:

They do not take into account, how fast an AV vendor is updating their signature after the release of a new malware specimen. In this category in my experience, some AV vendors are much better then others. E.g. Kaspersky and F-Secure are way better than Symantec in this respective. And for me (and the security of the infrastructure I protect) this is a very important criteria.

Re:TFA paints a more complete picture

[I)_MaLaClYpSe_(I]

"in this perspective" of course. Grammer Nazis, go away, I know, I know. Mea culpa, mea maxime culpa.

Re:TFA paints a more complete picture

[floodo1]

oh how i'd mod you up if my karma wasnt hosed

Re:TFA paints a more complete picture

[floodo1]

I agree with you, if I didn't already have Nod32 then I would get Avira, I just thought it was worth pointing out that TFA does put another software package above Avira

Re:TFA paints a more complete picture

[floodo1]

Well TFA isn't exactly about who is the best overall, because they also don't consider system perforamce impact. TFA is focused on which software is able to deal with threats that are NOT in their signature databases. So during the time between signature updates Avira's AV does the best job of protecting you from novel malware, giving you the best chance of surviving until the next signature update comes down.

Re:TFA paints a more complete picture

[clone53421]

"in this respect". Two can play this game. ;p

Re:TFA paints a more complete picture

[jinx_]

i realize they do, i just disagree with that decision. a 10 false positive difference over 46,000 samples does not justify a 20% less overall detection rate.

Free Stuff

[FuturePastNow]

I've been switching between the different free AV software to see which I liked, and I have mixed feelings about Avira Antivir.

On the one hand, it found a trojan on my computer that AVG and Clamwin had both missed. On the other hand, it seems to have really limited options. For example, I can't get it to scan only my PC's internal drives, without also scanning my terabyte external drive, which takes forever. Avira also pops up a window advertising the pro version periodically.

AVG 8 sucks system resources and ClamWin couldn't detect a virus if it punched it in the face. I guess I'll try Avast next.

Re:Free Stuff

[VJ42]

I've been switching between the different free AV software to see which I liked, and I have mixed feelings about Avira Antivir.

On the one hand, it found a trojan on my computer that AVG and Clamwin had both missed. On the other hand, it seems to have really limited options. For example, I can't get it to scan only my PC's internal drives, without also scanning my terabyte external drive, which takes forever. Avira also pops up a window advertising the pro version periodically.

AVG 8 sucks system resources and ClamWin couldn't detect a virus if it punched it in the face. I guess I'll try Avast next.

I recently switched from Antivir to avast! after getting annoyed with it; I can't say that I've noticed a huge difference in system performance, I've not had any viruses and I' finally rid of that damn popup that Antivir kept shoving in my face after every update. I personally like it better, and though I've never tried it the settings seem indicate that you can choose which discs to scan like you want.

Re:Free Stuff

[sh33333p]

Actually, if you go to Local Protection->Scanner->Manual Selection, you can select individual drives to scan. If you only want to scan specific directories, right click on them in windows explorer. Avira uses avnotify.exe to display a pop-up ad only when it updates virus defs, which should be once a day. If you have XP pro, you can software restriction policies to block this program from ever running, without impacting the definition updates. I've tested Avast, and it's less efficient than Avira with system resources, while providing (from what I have seen from AVcomparitives) a worse detection rate. My advise is to stick with Avira if you want a free AV, until something better comes along. If I was to buy an AV, it would be Eset Nod32, hands down. Much lighter than anything else I tested while often delivering better protection than any of the bigger brand name products.

More evidence for a white list.

[khasim]

I'm still waiting for one of the anti-virus vendors to just start implementing a white list to cut down on the false positives.

It's not really a "virus detector" if it hits more often on non-viruses on your system. It's a "new software is being installed" detector.

Re:More evidence for a white list.

[dordoka]

Have you ever tried Panda? http://www.pandasecurity.com/ It's got that said whitelist (internal though). Anyways, I dunno why the hell it's not in the comparative, Panda is no.4 in sales worldwide (after Symantec, Karspersky & McAfee).

False positives

[Thelasko]

The summary left out some important information. From TFA:

...the samples detection rates are only one of the two elements evaluated for the antivirus final classification, being the number of false positives the other. Rising a false alarm about a malware on a legit software can cause as much troubles like a real infection, the report states, and it is for this reason that AVIRA, Kaspersky and other products, even if they have obtained very good results in identifying samples, have been penalized with a lower classification.

So the certification level ADVANCED+ has been achieved by ESET NOD32 only, that has detected 20% less of the samples that AVIRA AntiVir has discovered but has triggered only 7 false alarms.

SELinux...

[V!NCENT]

Best against unknown viruses...

And you Windows users know it but oh... the pain... the pain...

Re:SELinux...

As we speak, sealert on F10 just generated these. The log is full of them. Am I hacked? Nope, just annoyed.

SELinux is preventing npviewer.bin (nsplugin_t) "write" to ./.fontconfig (unlabeled_t).
SELinux is preventing evince (nsplugin_t) "getattr" to /home/dwb/.gnome2 (unlabeled_t).

Also, sealert is showing 19MB of _resident_ memory in top. It is often one of the real piggies on my Gnome desktop, and that's saying something. Question is: WHY?

Re:SELinux...

[V!NCENT]

Why? F10 (I am using Fedora for the first time in my life, but haven't ran into problems yet although I am using the KDE4 spin) has a stricter SEL policy then F9.

Re:SELinux...

[kwabbles]

Also, sealert is showing 19MB of _resident_ memory in top. It is often one of the real piggies on my Gnome desktop, and that's saying something. Question is: WHY?

bah... just do an "echo 0 >/selinux/enforce" and that will take care of that

I can do 100%

[gsgriffin]

I don't know, my computer has never had a virus and never will. This TRS-80 Model I Level II runs like a dream. Just have to get the hang of loading and saving programs with the tape cassette player/recorder.

Re:I can do 100%

If your feeling left out, I could probably dig something infectious out for that which could let you join in with the modern world and enjoy being infected too. (OK, it wouldn't stay resident once you power off and would need a 'bit' of help to get it spread, but a little bit of social engineering too and who knows)

More seriously - I know of one 'infectious' agent which was coded for a BBC micro which stayed resident in sideways ram over a soft reboot and would infect other disks. It needed the user to be suckered in to running it in the first place, so was more of a trojan than a virus or worm, but don't think that "old" means "secure"

I just want to also comment how ironic it is that the capatch I need to type for this post is "parasite" - honest!

Re:I can do 100%

Get with the program, daddy-o! I've upgraded to a model III with *dual* 5 1/4" floppies - no more tape dropout nightmares for me!

My antivirus research for my IT department

[Khopesh]

We use Kaspersky for Windows systems at work (and ClamAV on Linux for mail, though that might change to Kaspersky as I believe we have a license for it). When employees ask if they can use our licenses for their personal machines, I point them at Avira AntiVir because it's about as good and it's FREE FOR PERSONAL USE (although the free version has less spyware detection). It blows AVG out of the water.

Here are some useful links from my research, which included the above site:

• Wikipedia:Antivirus software's external links are very useful.
• Top 9 Windows Antivirus, a review at About.com, ranking Avira, Kaspersky, BitDefender, and McAfee as #1, 2, 3, and 4 respectively.
• Virus.gr measured detection rates of tweaked settings, ranking in order: G DATA, F-Secure, TrustPort, then Kaspersky.
• AntiVirus Software Review 2009 - TopTenREVIEWS, ranking in order: BitDefender, Kaspersky, ESET, then AVG.
• Virus Bulletin's latest test results (no direct ranking).

From the Wikipedia links and other research that I didn't bother to note to my colleagues (who were also doing this research), I determined that Kaspersky's software was among the most efficient and CPU-friendly. It's only downside was a less-than-optimal user interface, especially on the administrative side for the corporate product. We didn't mind its UI flaws in the free trial period, so we purchased it. We're still happy with it several months later.

The main arguments for our switching from Trend Micro were that it was slow, had poor performance, missed several viruses, we wanted to boycott it, and we were tied to a very old version (since it out-performs the newer ones in reviews). Arguments for switching to Kaspersky included: it doesn't feel bloated (remember when that was the norm?), great performance, well received across the board in reviews, dirt cheap (new licenses are 70% the current renewal cost of Trend Micro, which is an ever-growing target), we liked the UI that prevented reviewers from giving it a perfect score, and it's the de-facto number one scanner in Russia and surrounding area (you know, where all the viruses come from?). Kaspersky is also growing rapidly in deployments; you can now get computers installed with it.

Re:My antivirus research for my IT department

[St.+Alfonzo]

"[...]it's the de-facto number one scanner in Russia and surrounding area (you know, where all the viruses come from?)."

Ignoring the assumption that all viruses come from Russia, wouldn't that make it more likely that the virus developers would make sure their viruses can evade detection under it?

Re:My antivirus research for my IT department

[Khopesh]

Ignoring the assumption that all viruses come from Russia, wouldn't that make it more likely that the virus developers would make sure their viruses can evade detection under it?

First, that assumption was a joke. My humblest apologies if that offended anybody. Second, it's a common practice to not "pee in your own pool," which is to say that viruses are written for a target, which should not include the writers' personal systems (since they know better). The assumption that I am making is that this target is more likely to be one or more of the top three anti-virus solutions (McAfee, Symantec, Trend Micro).

Furthermore, the areas Kaspersky is developed and popular in could be viewed as having a larger number of people who may have had sophomoric experience writing viruses but who have since reformed. That means that their personal background might make them quite qualified to choose an anti-virus solution. It also means that Kaspersky has a better pool of applicants when hiring developers than the competition.

I can also attest to the results of Soviet education helping here; my company's offshore developers in ex-Soviet regions are very well prepared for software development. I have friends and I've had (on-shore) co-workers who also fit this bill.

Re:My antivirus research for my IT department

[swb]

Ha! I work for Kaspersky reseller, and while I find it to be much more effective than other products, it still has problems.

The default settings want to do CriticalArea and StartupItem scans when you boot your machine, and this makes the icky Windows-is-slow-at-startup even worse. We've also had a couple of problems with updates crippling the client, and worse, the Exchange product.

The first couple of client problems were with older 6.x clients not taking updates, we updated them to newer application versions and it fixed the updating problem. This summer there was an update that literally crippled the client; Kaspersky came out with a fix, but by that time I'd already just removed and reinstalled.

The Exchange AV product has had bad updates that cause it to shut down store.exe. This is a huge show stopper, naturally, and its happened more than once.

The AdminKit is a hot mess, too.

I'd like to see us do some NOD32 installs, I seem to hear good things about it.

Re:My antivirus research for my IT department

[Khopesh]

You'll find crap in any of the vendors. Hell, the whole industry is a con; this is one of the few items that actually SHOULD be bundled into the operating system (IMHO), and the fact that Windows Update doesn't have it built-in is a comedic result of the anti-trust issues Microsoft has earned from its abuse of that concept in other areas.

Yes, Kaspersky's defaults on those two areas are stupid. Fortunately for my company, I can change that on the server so that new installs never need to worry about it. The fact that AdminKit uses MMC rather than its own UI is also host to a ton of issues, and I'm still waiting for a web-based administration option (like with Trend Micro, but hopefully without requiring ActiveX).

I never did understand hosting mail on a Windows server... Exchange may be nice, but I don't intend to ever find out.

NOD32, BitDefender, and Avira all look just as viable as Kaspersky. I'm sure each one has its own baggage. Good luck.

Re:My antivirus research for my IT department

[Khopesh]

I got so entangled in defending my joke assumption that I forgot one of the real reasons I liked Kaspersky's headquartering in Russia: It's not in America or any of its corporation-friendly, overprotective, terrorist-fearing peers, and it's not in a nation that is easily bullied by America, its peers, or corporations.

This means it doesn't need some "Homeland Security" back-door, it doesn't need to turn a blind eye to corporate root-kits and other DRM-enforcers, and it can be harsh on corporate spyware.

Re:My antivirus research for my IT department

[duplicate-nickname]

We when through the same process as the parent post (replacing Trendmicro Officescan as it has gone to crap). I ended up deciding on NOD32 over Kaspersky, but they were two we liked best. NOD32 has had a few minor problems, and the initial configuration can be time consuming, but overall it is a huge improvement over Trend at a considerably better price.

With Trend, it frequently missed malware and viruses but NOD32 has been great (our infection rate is probably 10% of what it used to be).

I can't believe you chuckleheads didn't notice

The best in show (of 16 anti-malware packages evaluated), Avira AntiVir was able to find 71% of the unkown malware it was exposed to in the first week, dropping to 67% after the fourth.

So yeah, they couldn't even bother to run a spellcheck this time. Usually it's a grammatical error that a spellcheck would not have fixed anyway, but this time, they couldn't even be bothered to use a spell checker. What a bunch of goofs.

Bogus rehash - don't bother.

[lancejjj]

Do we really need yet another analysis that talks about the same exact products on the same exact platforms?

Instead of a focus on complete information security, this kind of analysis, once again, ignores BlackBerry and Macintosh and Linux - some very common platforms that are growing in both the enterprise and home markets. How a repeated focus on the most commonly discussed platform helps anyone is a mystery. It just continues to say "all these products are different, we rank them according to our exclusive analysis." Are you going to switch AV vendor given their unconvincing analysis? Not likely.

In the end, the analysis sounds hollow; "My AV software isn't on the top of their list". Given their strategy, who cares?

The self-declared "security experts" completely miss the point by completely ignoring platforms other than Windows. Sure, perhaps the BlackBerry is only found in 70% of corporate environments, and the Mac only has 7% market penetration, and Linux is perhaps only 20% of back-end servers - but I'd fathom that nearly 95% of the businesses out there use one of these platforms and need them to be SECURE - in order to keep their corporate (or personal) data and networks safe.

All these "security experts" are failing their potential customers by rehashing the same discussion, instead of analyzing products and methods that address the mostly unhandled attack vectors of other mission-critical platforms.

Re:Bogus rehash - don't bother.

[dbIII]

Instead of a focus on complete information security, this kind of analysis, once again, ignores BlackBerry and Macintosh and Linux

It's talking about computer virusus and similar malware so of course they are talking about the home computer Microsoft platform. Other things have completely different problems and other solutions.

Live with it, this garbage is only MS Windows compatable on badly managed systems of that type so that is what is being talked about. The point has not been missed by any of the experts complained about.

Re:Bogus rehash - don't bother.

This garbage is only MS Windows compatable on badly managed systems of that type so that is what is being talked about.

So, in conclusion, the article was written by experts for those who would never bother to pay attention to experts.

If true, then these experts ain't that smart.

What about the free versions?

[gelfling]

Avira, Bitdefender, Avast and others have free and fee versions. What are the material differences?

The truly paranoid windows user...

...will take the system offline every so often and scan with multiple antivirus programs in a different OS environment, like linux.

How does scanning a running operating system for viruses even cause a dent? Most viruses that I've ever seen have a tendency to hide and/or protect itself from antivirus software. The software is usually completely helpless on an already infected system.

I recommend an offline scanning solution like TRK for an already infected system.

Yay for uber-dorks

[cavemanf16]

I downloaded one of the reports from this AV testing company/lab. Yeah, their report used Courier New throughout. Seriously, it's not that hard to just use the default Times New Roman or Arial fonts for reports. I don't expect perfection in presentation, but to intentionally choose a difficult-to-read font because it's what programmers use on the command line reeks of annoying.

Re:Yay for uber-dorks

[maxume]

When you open a plain text file in Word, Courier New is the default.

It's pretty easy to select the text and change it, but they probably did use the default...

Your married...

[Hurricane78]

What about my married?

Because I can't see your married. Where did you hide it?

-- A formed babby

What about the other types of malware?

[BoogieChile]

Are there any similar types of reports for the other types of malware?

A comparison of products that protect against the types of malware targetted by the like of MalwareBytes, AdAware and Spybot would be really handy.

Conflict of Interest?

I wonder if there is a conflict of interest in AV-Comparatives' reporting.

They are an Austrian company that has recommended a German company with Austrian subsidiary.

Probably nothing but a coincidence that matters not.

+1 for NOD32 is you have to use a Microscrap Windows product.

+1 for just using a flavor of Linux.

Re:Conflict of Interest?

[CountSmackula]

-1 for egregious hypothetical FUD .

-1 for using the term "Microscrap".

-1 for being a Linux tool.

My Little Chicken

[tunapez]

This reminds me of the timeless Adam Sandler love ballad...

If an egg fits in there,

why can't I?

Re:My Little Chicken

[elrous0]

Still can't top the greatest Sandler love ballad ever, "Medium Pace." Now, if you'll excuse me, I have a date with a shampoo bottle.

Re:My Little Chicken

This idea was invented by Shampoo.

NOD32

[Voyager529]

Disclaimer: I do not work for NOD32, nor any of its affiliates, subsidiaries, blah blah blah

Isn't free, so Antivir wins there. NOD32's footprint used to be incredibly small (25MBytes installed), though as they're trying to go more mainstream they have beefed up a bit. The antivirus is somewhere in the ballpark of 45-55MBytes installed, and their kitchen sink "Smart Security" suite is a little over 100MBytes installed. In their defense, the newer interface (which likely accounts for the majority of size balloon) is much more user friendly. It more closely mimics the de facto standardized UI of Norton/McAffee/TrendMicro/Panda, making it alot more palatable for new users. Compared to the aforementioned security suites, it is still MUCH less taxing than most of the big-name suites.

As far as system resources, I've yet to have a friend, family member, or client who *hasn't* noticed a performance boost after ditching their old virus scanner in lieu of NOD32. Granted none of them were coming from Antivir, but I would still say that they are very good as far as detection rate and removal rate, in addition to having an impressively small system footprint (although again it is bigger than it used to be).

Joey

Wrong

[I)_MaLaClYpSe_(I]

Witness how many legitimate products get flagged as "hacker tools" (like Angry IP Scanner)

A port scanner is a hacker tool. Of course you can use it for legitimate purposes as you can with many other tools. I can even use a malicious virus as a tool for testing my AV engines. But it is still a virus. If you are in the position to legitimately use a port scanner you obviously should also be in the position to get this program on your machine from being excluded by the corporate antivirus.

Apart from that, if I would discover some of my users to use such a tool without entitlement and the AV engine would not detect it, I would demand for a signature to be added by the AV vendor.

Apart from that the last time I checked they mentioned that not every AV vendor is used for comparison because they have to fullfill certain minimal requirements. But as a matter of fact I just checked again and concerning Trend they say:

TrendMicro may be tested separatly in 2008 and will be included in future

Oh, and:

[...]while their commercial counterparts are ignored (ostensibly after paying them off to get off their little black list).

Do you notice how I am much less likely to submit potential evil software for inclusion in the next signature update if it is commercial sw, as my users (and supposedly many hackers) are more likely to use the freely available software to piss me off?

Re:Wrong

[girlintraining]

Are you stupid or something? A virus is a virus, and an anti-virus product should find viruses, not everything else that could be objectionable. Why not scan for .MP3 files too and flag those as viruses as long as we're on "corporate"-think.

Re:Sheep is better

[aqk]

A "farmer" here. And no diskdrive jokes please!

My last ewe died this year. Of old-age.

And it was convenient, just as my tumescence was failing due to old age.
(sound familiar, /.ers?)

I mean.. she was really starting to look good! Those big blue trusting eyes...add a little lipstick, and...

Well, are you guys with the dog/STD jokes... ummm, really joking after all?
And no rubber-boot jokes please!
.

        -

Re:goldmine is better

Oh, I see your married too

You see my married?

Whar's mah shotgun? Damn prevert peepin' toms!

Some o' these /. boys been spendin' too much time in Mom's basement!

Re:Plastic bag is better

[aqk]

A condom?

No... It's a plastic bag.
Condoms are too small. .... And WAY TOO SMALL for the PC!

OMG! This reminds me of My greasy old Bell Boutique bag!
How embarrassing!

. ..

NOD32 won the test and not Avira

[methamorph]

From the article: "So the certification level ADVANCED+ has been achieved by ESET NOD32 only, that has detected 20% less of the samples that AVIRA AntiVir has discovered but has triggered only 7 false alarms. AntiVir, on the contrary, with its 17 false positives hasn't gone beyond the ADVANCED certification level, which also includes Kaspersky, Microsoft, Symantec, McAfee and GDATA." So the subject of this Slashdot article is obviously wrong and misleading.

The real enviroment?

This is all good and well, but tests do not reflect the true enviroment and never will. I'd rather follow something like http://www.shadowserver.org/wiki/pmwiki.php?n=Stats.Virus90-DayStats

The reason I link to the 90 days stats is that it shows consistency. Judging a product using limited dataset is illogical.

best defence against unknown malware is ..

[rs232]

The best defence against unknown malware is to make an Operating System that don't get compromised by clicking on an URL or opening an email attachment ..

Odd...

[shadowedsilence]

Interesting that they are recommending AntiVir as an antispyware/antivirus utility. Strange when I run spybot/malwarebytes on infected machines, it cites Antivir as an infection. Now whether or not this is the same AntiVir that I've seen on machines in the past remains to be seen, but I do find it suspect that they would chose such a well known name of a spyware program... I guess if they didn't use the classic "AntiVir" spelling, I might feel less inclined to think this.

It's meme time...

"A cat is fine, too..."

anti virus & malware detection is old tech

Whitelisting is the latest technology which gives 100% protection from existing or future virus/malware.

Run only what you trust..