Antivirus ratings

I got hacked off wirh Norton so I uninstalled and tried the demo of NOD32, 3days later bought a year licence for it (and prolly stick with it from now on)

AT work our computer network and machines have ground to a halt cause Norton-corporate (cant remember the exact command that was hogging the resource).

It has been like that for 2days!!! and IT cannot stop the scanning.
I am an engineer and I have just been working in the lab and only found out abt it late yesterday when one of our simulators came to me asking what this process is that is hogging his CPU

Now IT are gonna fix it, but I would like to recomend NOD32 to onsite-IT as well as some mates.

I ahve mentioned it to my mates but they are stickin with what they know (Norton) any independent reviews out there?

do a search for antivirus ratings on the forum -- there's an independant website that reviews a few (AVG, Norton, Kapersky, Nod32....)

good luck. Ice Czar can probably tell you the site off the top of his head

Try out AVG antivirus its my fav and free

In an IT environment, Norton still has one of the 'better' management interfaces, but the last few releases are dipping in quality...a LOT. Nod32 is good, so is Kapersky. What you want to look for is a review of the corporate editions.

Edit: Doublepost

Here you have it.

http://www.wilders.org/anti_viruses.htm

At the link, you will see another link to The Virus Bulletin, an independent virus scan testing organization. They last tested scanners in June of 2005. At that time NOD32 beat all comers, including the highly rated Kaspersky, and also the resource hog, that "Sin Against God" Symantec.

Shane said:

Try out AVG antivirus its my fav and free

Click to expand...

Maybe it is a favorite, but it sucks. AVG passed, but overall it was nowhere close to the top contenders. It had nine passes, in contrast to NOD32's thirty-two passes. This was the paid version of AVG mind you, not the no-frills freeware version.
Symantec had twenty-eight passes, and Kaspersky had twenty-seven. Next down was McAfee and some others with twenty passes. Symantec cannot be faulted for its detection rate, but its implementation leaves a lot to be desired, and that is an understatement.

Here is a story about NOD32. One Sunday, not so long ago, I was browsing through photos of [H]ard members' desktops that had been posted in a thread at the Software Forum when NOD32 found an online exploit buried inside a .jepg of some guy's desktop. No other brand of scanner had picked it up, so I started a thread down in General Mayhem about it. General Mayhem is a good forum to join, by the way. It is linked at the bottom of the forum index, but I digress. Anyway, no one could detect the exploit with any other scanner. Only NOD32 detected it, and it was not a false positive because I intentionally let it into my machine to see how difficult it was to remove. It seemed to be fairly benign, but it did indeed exist. A mod who also has NOD32 removed the offending .jpeg, and notified the owner. The guy had a pretty desktop, but he wasn't on top of security. Personally, I want a scanner that detects everything, and NOD32 comes closer than the others.

Another point to be made is that NOD32 updates as definitions are created, sometimes hourly, rather than waiting until a certain day of the week, like Norton and most others. Also, it does it silently without distraction to those workers on the network. I have never noticed any usage of resources to speak of.

In conclusion:
If your IT insists on setting about with a bloody virus scanner what's more than a bit dodgy, he gets what he deserves, then don't he? It's bloody stupid is what.

I can speak a fairly accurate British working class -
It's all in good fun, of course.

We at work use Panda..well we sell it so thats why we use it..sell it to customers for 39 bucks for a year, not a bad deal.

I have noticed more reciently though, that panda is getting snippy on the machines in the shop, but we have so much shit on these servers (backup servers) thats im not suprised.

I have personally never had trouble with Symantec corporate AV. It sure as hell beats their consumer junk. For a business of reasonable size you are going to want a corporate license of something for the sake of managing it at the very least.

I am not familiar with their corporate products specfically but in my experience NOD32 and Kaspersky are the two most effective and reliable AV packages. The only corporate license I have used other than Symantec was Trend Micro, which I found to be well done.

symantec/mcafee/pc-cillin are among my favorites

The Bryophyte said:

I have personally never had trouble with Symantec corporate AV. It sure as hell beats their consumer junk. For a business of reasonable size you are going to want a corporate license of something for the sake of managing it at the very least.

I am not familiar with their corporate products specfically but in my experience NOD32 and Kaspersky are the two most effective and reliable AV packages. The only corporate license I have used other than Symantec was Trend Micro, which I found to be well done.

Click to expand...

Overall, I had no trouble with the client itself, or the servers pushing down the updates. Symantec is a decent product with one major fault...it misses stuff, and that can drive you batty.

there is an Enterprise Edition of NOD32
basically NOD32 w\ Remote Administrator
http://www.nod32.com/products/ra.htm


as far as reviews, they have beat out Norton for the total number of VB100% awards
and that is a test by platform of all the "In the Wild" viruses

http://www.virusbtn.com/

they have passed every VB100% since 1998 and have a total of 31 at this point I think
if your looking for lite on the resources, fast and really good protection, its a great combination, your IT department will need to assess the Remote Administration package
but NOD32 was far far ahead of the game when it came to heuristics over signitures
they still employ signitures, but the hueristics catch malware that hasnt even been ID'd yet.

of course a virus scanner is but one layer in a defense
and if a network is big enough, its damn near impossible to secure, so segmentation, containment and firecontrol are big big issues

PS they just released a 64bit version

As Ice said, the administrative package would be the big question mark for an IT department. I'm using antivir at the moment on my home system, but am thinking to switching to NOD32 in the near future. There's no denying that the reviews on the client side seem to weigh in heavy favor of NOD32 but if the centralized management control is not up to par, it can easily cause more problems then it can fix.

For the record I recently purchased the NOD32 corporate product for our company and have it running at the office. It does everything you'd want in a corporate product including installing/deploying, and managing across a network from one machine. Also lock settings to prevent users from playing around. It actually has much more to it than NAV corporate and less resources used. A great report generator.
BTW - we used to run NAV corporate. After installing NOD32 I ran the "in depth analysis" on all computers and a number of them had some stuff NAV missed. One thing I noticed is NAV is not very good at detecting java viruses. A lot of undetected virii were located in java folders.

What Mister Natural says is as I expected. I cannot imagine the people at NOD32 deviating from a philosophy of quiet efficiency. It is good to know that they haven't.

I've used McAfee 7 now for almost 4 years and have been without problem.

NOD32 is simply the best out there! Me and all my friends have been using it for 2 years now! I convinced then


What helped me was when they saw how fast my system was, and how NOD32 uses very little reosurces they immediately switched from the resource hogs. IE. Norton AntiVirus and the even worse McAfee Virus Scan

three_sixteen said:

I've used McAfee 7 now for almost 4 years and have been without problem.

Click to expand...

Ah, Grasshopper, but you do not walk where others fear to go.

Check the test. McAfee is a full one third less effective than NOD32. It is fact, not opinion.

Mister Natural said:

For the record I recently purchased the NOD32 corporate product for our company and have it running at the office. It does everything you'd want in a corporate product including installing/deploying, and managing across a network from one machine. Also lock settings to prevent users from playing around. It actually has much more to it than NAV corporate and less resources used. A great report generator.
BTW - we used to run NAV corporate. After installing NOD32 I ran the "in depth analysis" on all computers and a number of them had some stuff NAV missed. One thing I noticed is NAV is not very good at detecting java viruses. A lot of undetected virii were located in java folders.

Click to expand...

That's cool, but its still subjective to your environment. What if you are running mixed environments, such as Novell and Linux and Windows? There are lots of things to test, a Novell client upgrade might bork the box or fail to update. Ya just don't know. I myself would love to convince the retards, i mean, people in charge of my organization to look into NOD32, but they are stubborn and backward thinking

FYI - one of our remote offices runs Novell. NOD32 runs fine there.
Don't mess with Linux much, just don't have the time, but my guess is it wouldn't be a problem. I'm sure there are bound to be some Linux users around here who are using it.

BTW - Our mainframes are alpha's running Open VMS. While NOD32 isn't running directly on those systems, it has played nice and hasn't borked anything on the alpha's.

I use Kaspersky myself.. in all the reviews I've read about AV products, Kaspersky always highes the highest detection rate over every other product.. I really don't see where any product could be better, if it's detection rate is not the highest..

But hey, ppl buy American cars too... LOL.. j/k!!!! I own a jeep..

Barnaby said:

I use Kaspersky myself.. in all the reviews I've read about AV products, Kaspersky always highes the highest detection rate over every other product.. I really don't see where any product could be better, if it's detection rate is not the highest..

But hey, ppl buy American cars too... LOL.. j/k!!!! I own a jeep..

Click to expand...

NOD32 recently did a major upgrade to the program that not only improved its "virus in the wild" detection ability, but now it detects trojans and other exploits better, too. As a result, it now tops Kaspersky in performance. You are currently using the second best scanner out there. Still, Kaspersky is not shabby by any stretch of the imagination. It just ain't the best anymore.

I was under the impression that F-Secure's AV 2005's 3 engines provided the most comprehensive protection (KAV being one of them, not sure the other two).

I use Trend Micro’s PC-cillin home security pack with the standard 3 PC licensing for my home network. I switched from Norton to PC-cillin a few years ago when I suspected I had a virus but Norton insisted I was clean. So I went to Trend Micro’s website and ran house call. Sure enough it found a virus. So soon there after I made the switch and I am quite happy I did. The Anti virus updates it self every few hours and I have not had one virus successfully make it on to my PC since I switched.

Anyone know how well PC-cillin stacks up to NOD32?

these days you simply cant depend on a single ap to be a reliable and uncorruptable solution, its imperative you employ an indepth defense

the short list of what I do is patch and update the OS (with CDs or Knoppix)
secure the OS. and baseline the install with RootKitRevealer and HijackThis
Install and configure the AntiVirus & Firewall, Install ProcessGuard (full version or at the least the freeware on a clients box) and then set a Filechecker to watch all the security .exe and .dlls

rootkits that hide malware are becoming depresingly common and you have to adapt
thats just a part of what Im currently doing and unfortunately my Rampant Paranoia 101 is in need of yet another overhaul, but its not suprising that Norton was compromised, it wouldnt suprise me to see each and every single AV scanner out there compromised, either now or eventually, anything that can be coded can be defeated, but the depth of your defense sets tripwires so you know when something is amiss

when judging AVs, they are only as good as thier latest signiture base or thier heuristics engine
but something like ProcessGuard is an exe protection, that is more or less a firewall for the Kernal itself, provided you dont tell it to allow something that is infected to install (which is why you have the AV Scanner and verify checksums of software downloads)

IceCzar is right, as usual.

Here's my current setup....

AV: AVK - thinking of migrating to F-Secure or NOD32
Software Firewall: Sygate 5.5 Pro (Should I move to Kerio 4.2 or something else?)
AntiSpyware - Spybot S&D
Backend- Prevx Pro 2005 (Is process guard better, with a lower footprint?)

Any suggestions?

all my links are freeware

(or freeware version available in the case of ProcessGuard)
I re-baseline w\ RootKitRevealer, and Hijavckthis after each software install
I have to allow the install and write a rule for it in ProcessGuard, I have to do the same at the Firewall, and of course I scan the piss out of it before I attempt to install it.

Then after its installed I verify the checksums on the security aps, just to see if they have changed with filechecker

other things I do, is lockout IE altogether except for automatic updates (which I approve)
I employ Firefox or Deer Park w\ the NoScript extention and write rules for the sites I visit. Ive been ripping out parts of W2K and XP with XPLite, Ive been employing a different shell for the OS, Ive been locking down the OS so hard it squeals (see protecting or removing file association and processes / services in the Rampant Paranoia link) and finally when I go "slumming" I employ a LiveCD like Knoppix, pretty hard to corrupt a CDROM and a RAMDrive
they tend not to last past a reboot (not that I have ever detected one)

and finally keep an ear to the ground for new exploits
all the above wouldnt do squat against another sasser or MSBlaster worm
a direct exploit against the OS is unstoppable (if it slips past the firewall)

you want scary, I got scary, try port knocking on for size
http://netsecurity.about.com/cs/generalsecurity/a/aa032004.htm
http://www.portknocking.org/

between that and a rootkit, you can seem to be clean as a whistle and yet still be completely pwnd
even after extensive port scanning, thats where you need to be looking at IDS and traffic matching

I think AVG is the best and its free !

Shane said:

I think AVG is the best and its free !

Click to expand...

Shane,
Don't think too hard. Your head might explode.

Sorry, I couldn't resist it. It's just that people come on here and say they like AVG. Why? Because it's free. They don't bother to read threads, but they know that AVG is free. Whether it works, or not, is neither here, nor there. It doesn't work that well, by the way. Hey, reformatting doesn't take that long.

mosin said:

Shane,
Don't think too hard. Your head might explode.

Sorry, I couldn't resist it. It's just that people come on here and say they like AVG. Why? Because it's free. They don't bother to read threads, but they know that AVG is free. Whether it works, or not, is neither here, nor there. It doesn't work that well, by the way. Hey, reformatting doesn't take that long.

Click to expand...

LOL. I used to preach the free approach, but over the past couple of years I've come to realize good AV/AT/IDS/HIPS is worth some $$. I've been using KAV, but am now trialing Nod32. Only thing I don't like about NOd32 (& I'm aware it's probably specific to my setup) is I'm having troubles w/ scheduled updates--for some reason, my event log shows errors when Nod is trying to connect to Eset servers for updates. My current definition version is dated 8/12/05, version 1.1193. In a weird way, I hope there's a server issue b/c I'm used to the multiple daily updates from Kaspersky. I hope Nod updates are more frequent only b/c it makes me feel better (yes, I am aware of Nod's purported heueristics supremacy, thus maybe not requiring as high a volume of updates as a signatures based system would)....

feverfive,

As of 7:45 AM Central Time 8/14, the latest signatures are 20050812. That information will be noted after the program release when you place your mouse over the icon in the taskbar. There are a high number of releases, so set NOD32 to check hourly, and you will be fine. Actually, you probably are fine now. If not, maybe you should reinstall the program. NOD32 will check until the server isn't busy, however. I don't keep logs, or I would check to see if there has been any problem connecting from here.

Tnx all, I have passed the relevant links onto our IT lot

They are hacked off with this Norton fook-up at the mo, they keep getting calls to the helpdesk that ppl's PC are not responding. This is now been going on for over a week!!!!.

Sicne it is an engineering place where I work we dont use our PC (just) for word and email

with 256meg of RAM and I think 1.4gig processors every bit of resource is needed,

condicering I use Matlab/Simulink every bit of resource means a simulation is completed faster. I have actually started using my work laptop that I have Admin for and disabling everything just to get it working at a resonalble rate (norton is disabled, alot of services, lots-o-IT spying stuff)

So much so I have a VHDL compiling down from 40min to 15min.

Unfortunenetly I cannto do that with the desktops, even a small decrease in CPU overhead will make a massive amount of difference

i have been using AVG because its free, I would love to go over to NOD , but I dont want to pay for it.

DR_K13 said:

i have been using AVG because its free, I would love to go over to NOD , but I dont want to pay for it.

Click to expand...

its £23, thats not alot
How much do you pay on games?

I think I pay like, $40 a year for NOD32. I see it as like buying insurance. I have a huge DVD collection (450GB's) along with other neat stuff on my computer that I would hate to lose.

see I maintain a large storage array and workstation as well
but that part of my LAN isnt directly connected to the internet
and is only intermittently connected to boxes that are,
more often then not data is transfered by flash, CD\DVD or HDD where it gets a thorough scan at both ends
(in the case of CD\DVD its backed up to media before it goes onto the array an added bonus)

of course the larger the network the harder it is to secure
especially if devices are joining it behind the firewall, there is just bound to be someone eventually infected
but mine is a personal LAN w\ dedicated boxes, a luxury Im sure can't be afforded in the office

Ice Czar said:

(edited for beivity)mine is a personal LAN w\ dedicated boxes, a luxury Im sure can't be afforded in the office

Click to expand...

I am tempted to go on a rant about what equipment that typical ITs and offices buy, but I won't. I will say, however, that good equipment does indeed make a difference in productivity. Screwed up bad stuff is harder to get straight than screwed up good stuff.

I'll stop there before I start naming names.