Anti-Malware Comparison 2009

[karachidude]

@karachidude:

Trojan Remover?

One doesn't need such program if one have safe practices to follow.

but i like it poping up after every restart to start scanning :P

[manpe]

Manpe.... Can your friend make a comparison of Antivirus? That will really helpful. ^_^

He is planning to in the future... how distant in the future? I have no clue. He says he wants to make a new for his security site... For further spreading he also plans to make it in English too (Estonian is the default language of the site). This comparison I presented here will not be published on the site because it's semi-private (semi thanks to me :P)

[DKT27]

Tell him thanx from me. ;)

He has gone a great job. :)

[zzzzzz]

a-sqared this antispyware + antiwirus so have more discoverable than stand-alone programs

a-sqared antispyware

a-sqared antispyware + ikarus antivirus

[RadioActive]

+a firewall + Trojan Remover :lol:

"Trojan Remover" falls under the "anti-malware" category, so... :P

[karachidude]

i love Trojan Remover :wub:

[majithia23]

help guys ..

asquare did pick up some infections in my pc ,,, which mbam missed and also nod32!!,,, but i have no clue as to what some of these are ,,

see the attached scan page ...

1-- BS player ???? is that a malware .

and more over i dont have it in my pc now . i used to some time back .

2-- slingo deluxe . its a game . but why a threat ?

3--no idea ... :unsure:

4-- tvunetworks.com .. wtf is this ????? :think:

5-- BS player

6-- game cheats ?????

7-- a trojan ! :excl:

8-- fraud tool . what is this ????

9-- key gens

neither did mbam nor ad aware nor superantispyware pick any of these !! i ran a full pc scan before runnin asquared .

so it has a good detection but ,,,,

but the catch is asquared is still runnin the scan as m typing this post !!!!!! its been 5+ hrs on my 250 gigs ( its just 30 % empty , but still , this is way too much )

on AMD Turionx2 2.2 Ghz with 3 gigs ram .

and its still running and is heavy on pc ...

tell me guys what to do with these , if and when a scan is finished :D

thanks ...

[DKT27]

Well can you can go here and try to find all the meanings of the infections found - http://www.microsoft.com/security/portal/Threat/Encyclopedia/Browse.aspx

But as you know, not all are real infections(the infections found in the scan), some are false positives.

[someone]

I think it show BSplayer because it is ad supported (hxxp://www.softpedia.com/get/Multimedia/Video/Video-Players/BS-Player.shtml)

Reasons why this program is marked as ad-supported:

· Attempts to change the homepage for web browsers installed on the system.

· Attempts to change the default search engine for web browsers installed on the system.

· Offers to download or install software or components that the program does not require to fully function: BS.ControlBar

So if some of the ad components are there(even if not installed) it is marked.

Normally it show keygens, patches and this type of stuff as hacktools or riskware.

The registry traces and the trojan gen you need search because i never used any of this apps. (but possible junk from something not that good installed)

anyway beware with FPs. Ikarus engine (IK! in the end of the detection) have some, but they correct fast and is getting better and better.

[Lite]

I'll just add: There is more to any tool than detection ratio's! Feature set, frequency of updates and number of false positives are all important things aswell (alongside lots of other things). Use this only as a guide and trial a tool before determining it is the "best". Someone that is "the best" for me, most likely won't be for others.

Good post non the less.

[LeetPirate]

I think it show BSplayer because it is ad supported (hxxp://www.softpedia.com/get/Multimedia/Video/Video-Players/BS-Player.shtml)

Reasons why this program is marked as ad-supported:

· Attempts to change the homepage for web browsers installed on the system.

· Attempts to change the default search engine for web browsers installed on the system.

· Offers to download or install software or components that the program does not require to fully function: BS.ControlBar

So if some of the ad components are there(even if not installed) it is marked.

Normally it show keygens, patches and this type of stuff as hacktools or riskware.

The registry traces and the trojan gen you need search because i never used any of this apps. (but possible junk from something not that good installed)

anyway beware with FPs. Ikarus engine (IK! in the end of the detection) have some, but they correct fast and is getting better and better.

Maybe BSplayer is just BS to start with. :P

[DKT27]

Well as far I know, the person who has made this guide, has already registered on nsaneforums, on yesterday, I'm just waitin for him to post. I just wanna plus rep him for his valuable work :) , as I have seen many AV reports, many firewall reports but I have never seen a AM report. Author please post something. I'll be watin for it.

[someone]

I'll just add: There is more to any tool than detection ratio's! Feature set, frequency of updates and number of false positives are all important things aswell (alongside lots of other things). Use this only as a guide and trial a tool before determining it is the "best". Someone that is "the best" for me, most likely won't be for others.

Good post non the less.

Very well said. will only add a POV for the FP part: Tests that count FPs and use it to decrease the total score of the apps need make a rank of the importance of the FP. For me a FP with explorer.exe, svchost.exe or a well know software is tottally different from a FP with a unknown software from a unknown company that is used for only 0,0000000000000000000000000000000000000000000001% of people.

[HX1]

A-squared is quite good .. I used to use it for individual scans..back when I was testing for myself or in question of my AV at the time being the best it could be..that and Sunbelt Counterspy.. I used those two for quite a while, along side a few more programs they had...and I had ISS BlackICE firewall..

I remember BlackICE. :D I think that project is dead now though right? Back in the day BlackICE was the firewall of choice, I don't know what happened to them.

Yeah actually BlackICE is dead .. sort of.. I still have an old one somewhere, I think.. but yeah that things was quite a firewall.. They discontinued support of the software in 05 or 07..not fr sure which.. but it wouldn't update anymore..BUT they have actually moved to hardware firewall for the answer now from IBM.. so that is basically.. where it went..

[Jota.Ce]

@majithia: TVUNetworks is the manufacturer of TVUPlayer, a P2PTV program.

@heath: I also think SpyBot should not be considered in this test, it only looks for "installed" spyware, so it doesn't scan your folders. I use it 4-5 timer per year to ensure nothing is running in my backward.

It used to mark the "Disabled Security Center" and many cookies as risks. First one -> fuck you M$. Cookies: i ended installing CS Lite to control cookies (giving session permissions usually to avoid infinite time page loading), but i don't like SpyBot blocking feature since it adds tons of entries in my browser's cookie blacklist (+hosts file i guess, and it might slow you down).

I've tried MBAM 2-3 times and i've don't see anything special.

With the 2 i've only used manual scans, nothing more. But i got 2 rootkits (executing eMule downloded shit) and SpyBot got rid of it (didn't try MBAM for these). The 2nd one was a very irritating one since ANY file that i tried to create/rename to SpyBotSD.exe was immediately deleted by the rootkit, so it ensured i didn't execute the program.

Anyway, i also think there's no need to have multiple security solutions running. In most of cases only a suite + common sense, as you all remark several times.

And... finally: Don't you have fun when you got an infection ? So much security avoids all that fun !!! xDDDDDDDDD

[HX1]

Yeah immunizing your browser and doing global as well as including SpyBot's list does GREATLY increase its size.. All this does is disallow connection to a know threat.. disallows your system from connecting to these places to send information..and blocks your active access as well...So its kind of like a HIPS option..( notice not talking about HIDS ) I personally do notice a split second difference..

There is a little program called HostsMan..that can be useful as well...allows for several options and manipulation/management of the Hosts file..

.. and Peer Guardian which is nice for blocking a large amount of this communication and quite a few great features with the filters..

[manpe]

Peer Guardian is yesterday's news Heath... PeerBlock is the new PG.

[HX1]

Yes I know all about PeerBlock's spin-off.. Thing is I have never experienced issues with Peer Guardian and until I do I am not going to use a software rip .. of the main program..

EDIT: I don't mean that in a negative manner .. as negative as it may sound..BUT IMO if your going to FIX a program that is abandon-ware.. give the damn thing some new features and make it worth while.. Like the ability to enter in individual IP's...into our own list and exclusions .. Like Ad Block Plus for example...Give it new life...

I mean the fixes that I read about in the program.. I don't have to worry with since I use improved lists which I went and got on my own.. ( I have XP so I really don't run into issues like some Vista users and 7 users have.. whats even more odd is that I never have even on Vista Ultimate.. ) .. So technically while they guy seemed to pick up further development.. with a few small fixes and supposed major changes on the way.. I still use it..( PG2 ).. the original..

I mean eventually one of two things will happen.. Phoenix Labs will disappear and no longer support PG2, which they virtually don't now.. They even refer people to Peer Block...and it will take its place.. or someone will code a completely new program..Which IMO would be the way to go, offering this 'gen' features .. utilizing new techniques ... UI, customization.. so on..

Bottom line I am sure PeerBlock is fine but I had rather wait for a couple of versions..Or move on to the next forward thinking candidate..

[RadioActive]

Yes I know all about PeerBlock's spin-off.. Thing is I have never experienced issues with Peer Guardian and until I do I am not going to use a software rip .. of the main program..

EDIT: I don't mean that in a negative manner .. as negative as it may sound..BUT IMO if your going to FIX a program that is abandon-ware.. give the damn thing some new features and make it worth while.. Like the ability to enter in individual IP's...into our own list and exclusions .. Like Ad Block Plus for example...Give it new life...

I mean the fixes that I read about in the program.. I don't have to worry with since I use improved lists which I went and got on my own.. ( I have XP so I really don't run into issues like some Vista users and 7 users have.. whats even more odd is that I never have even on Vista Ultimate.. ) .. So technically while they guy seemed to pick up further development.. with a few small fixes and supposed major changes on the way.. I still use it..( PG2 ).. the original..

I mean eventually one of two things will happen.. Phoenix Labs will disappear and no longer support PG2, which they virtually don't now.. They even refer people to Peer Block...and it will take its place.. or someone will code a completely new program..Which IMO would be the way to go, offering this 'gen' features .. utilizing new techniques ... UI, customization.. so on..

Bottom line I am sure PeerBlock is fine but I had rather wait for a couple of versions..Or move on to the next forward thinking candidate..

I tried PG once and slowed my download A LOT, so I didn't bother with again and I haven't even tried PeerBlock, I'm not sure I even need either anyways.

[DKT27]

I am usin PeerBlock only for torrents. I really like it on many reasons I don't need to specify as the program is itself known to what great thing it does. But the only problem I have with PeerBlock is that I don't need to close it, it automatically crashes, not really often, just once in a day or two when I'm usin it. Otherwise it's a great software.

[HX1]

If your on Xp try the Original PG2.. see if that helps with the crashes.. also you should configure regular maintenance in your logs.. and clear your DB often..on show the blocked IP's.. and do a bit of optimizing in either one to make sure your DB file stays small and defragmented..You may also try wiping out your lists ad then doing an update.. just to check if there is any corruption in your lists..

If you only use it for torrents.. why don't you try using the built in filter.. with updater for uT?

[DKT27]

Well PeerBlock seems to be based on PG2 as the crash error I get says thank you for ............ PG2.

I use both, updated uTorrent filter and PeerBlock.

[HX1]

Well your right, but you see PB was created to fix an issue.. which in effect with some systems.. particularly XP.. a fix for Vista Ultimate, or Windows 7.. may cause a crash.. which is why there are several builds of the original...that is why I suggested IF your on XP to try the original FOR XP..

[DKT27]

Well OK, I'll try it. Some questions, is PG or PG2 easy to use? Does it still update it's definitions or similar?

[HX1]

It updates its blocklists according to how you set it.. or you can do it manually as per usual..and I recommend these list in either program..HTTP will block online access to places in the list through HTTP protocol as well .. using TCP, ICMP, IGMP, and UDP ( I think ) in normal mode..

1. Government = http://peerguardian.sourceforge.net/lists/gov.php

2. iBlocklist - Level 1 = http://list.iblocklist.com/?list=bt_level1

3. iBlocklist - Level 2 = http://list.iblocklist.com/?list=bt_level2

4. iBlocklist - Level 3 = http://list.iblocklist.com/?list=bt_level3

5. iBlocklist - Education = http://list.iblocklist.com/?list=bt_edu

6. iBlocklist - Ads = http://list.iblocklist.com/?list=bt_ads

7. iBlocklist - Spyware = http://list.iblocklist.com/?list=bt_spyware

8. iBlocklist - Nexus23 = http://list.iblocklist.com/?list=nxs23_ipfilterx

I have four more that are useful.. with the remaining additional four being from the original installation of PG2..but they are not in use .. only the ones that I have listed above are the ones that I actively update and have turned on..