good antivirus...

category: general [glöplog]

I was wondering what antivirus software people here recommended as being:

- Non-irritating
-Not likely to report my demo collection as "suspicious items"

I'm getting more and more irked by AVG getting more burdenous every update, and the latest version has reported every demo I've tried to run (only about 10, but still damned annoying)!
Have you tried whitelisting your demo collection folders?
Also, I'm using CommonSense 2014 here.
added on the 2014-02-03 23:41:47 by Tomoya Tomoya
Have you tried whitelisting your demo collection folders?

That. Everything else will keep your antivirus unnecessarily busy.
good Router (FritzBox)
built-in Firewall
Security Essentials (built-in Virus-Scanner)

SecEssentials never warned me about a single demo/intro.
I even disabled SecEss for a long time, had no virii at all.
The Router and the Firewall should be enough normally, as long as you dont click everything without thinking.
All the fuss about "you need a good virus-protection" is only for people that have no idea of a computer, but still use it, clicking every link in a spam-mail, running every .exe they get send, etc.
As long as you know what you are doing and think before you act, you are fine without a realtime Virus-Scanner. You can still install sth like
AntiMalware from Emsisoft
to start a manual scan by hand if you think you are infected.
That Software is something i can recommend, has superb Ratings from everywhere and is the best scanner i ever tested.
You can simply hit the DOWNLOAD-Button on that page, you´ll get an installer, inside of this installer there´s an option at some point to use it as a free-user, dont choose the Demo-Version, this is just a 30-Days-Trial and installs a realtime-scanner and other unwanted stuff again! Just choose the FreeUser-Version, deselect some other software in the next windows and you have a very good Manual_Scanner you can use forever.
Be sure to uninstall your stupid AVG before installing it tho, else they could collide. If you are paranoid, you can turn off your Internet for the time you are (de-)installing AVG/AntiMalware. ;)
You should have a good Router tho! Else realtime-protection is still a good idea i think.
Deinstalling AVG and trusting Security Essentials (with realtime-protection turned on) should be enough, dont get me wrong. (Good Router is still sth you need, but you need it anyway!)
I just remembered i had one false positive once with it, but turning realtime protection off for some minutes did the trick.

The AntiMalware is just sth i use to have manual extra-scans, i dont completely trust m$ ;)
You can ofcourse use SecEssentials to have a manual scan at any point of time aswell.
I do pretty much what hArDy says, i use MSE for antivirus with a manual malware scan whenever i need to, seems to keep me safe most of the time.
added on the 2014-02-04 00:34:31 by keito keito
I used Eset NOD32 for years - was happy to pay as it had a small footprint so wouldn't lag games out. So that's good for resident protection. On most of the win machines in the house (wife and daughter's and this lappy when I boot into windows) I use AVG and spybot with malwarebytes if anything goes wrong (hasn't yet *touch wood*).

clamav does an excellent job for most linux distro's I used. An occaisional scan with chkroot or rkhunter doen't hurt.
& as it has been a decent router with at least the knowledge of how to tweak it in a browser if not a little knowledge of bash and iptables is never a bad thing.
added on the 2014-02-04 02:56:59 by ringofyre ringofyre
using the brain.exe often works out :D
avbiz.. it's just another bizness.
added on the 2014-02-04 05:15:33 by gentleman gentleman
ɢøød αηէiκεɥւøɢɢεɾ:
էɥρε iէ αււ iη uηiϲøժε αs ϻε, էhε κεɥւøɢɢεɾ ωiււ ϻøsէ ւiκεlɥ ɢø ηuէƶ!
- Non-irritating

Microsoft Security Essentials (or Defender, as it's called now in Windows 8 I think) is hands down the best in this regard.

-Not likely to report my demo collection as "suspicious items"

That, on the other hand, will be hard to achieve. The way demos often get packed (64k and 4k in particular) is very similar to some of the packing and obfuscation technique malware employs, so that raises a red flag for AV software. Fewer reports could mean a better detection engine, but could also mean a heuristic that for the price of fewer false positives also accepts more false negatives, i.e. some malware won't get detected.

What AV program you should use depends on your environment, your experience with IT security and the sensitivity of the information on your computer. If you have a modern Windows, patch all your programs reliably, don't fall for phishing easily and don't have highly valuable information on your computer, Microsoft Security Essentials is great. If at least one of those is not the case, I strongly recommend a commercial AV program with better detection, runtime heuristics, a reputation system etc.
added on the 2014-02-04 13:50:10 by Kylearan Kylearan
i can also recommend that MSE is good enough and also low on resources as it's sort of part of the OS. win8 has it default built-in as windows defender. comparisons with other virusscanners say it's actually quite decent. afaik Avast AV was tested the best. but it's obviously all relative to what obscure websites you check out and which .exes you run from unsafe sources. such trojans are usually the worst. speaking from last week's experience :P
true, unexperienced computer-users should have some good protection! I know some people that got locked out (logged off!) of the internet by their providers, being accused of having distributed Malware! Having had a look on their Systems the only chance of helping em was setting up a whole new OS! ;) Hard to believe how infected a system can get when driven by lamers! ;) Some of em lamers got back their Internet thanks to me, but called me again 2-3 weeks later -> same shit again! ;) Those ppl shouldn´t be allowed to surf in the net, and i told em their provider is right, "you are distributing Malware!" ...since they don´t want to know me anymore! ;) Having helped them for friendship, no money involved, i realized what a moron i am, helping em for hours that could have been paid hours; stopped helping anyone in these regards, lost a good amount of so-called "friends" ;) HAHA, Lamers!
Oops - I lied - It's avast that's pissing me off more and more!! I'll use MSE on my new PC when it arrives!!
anyway, due to the fact that most malware uses drive-by downloads in broken browsers and/or plugins (Adobe Reader, Flash, Java, Shockwave, VLC, Media Player, ...) it is more important to have your browser, email client and plugins updated (and of course have no ports open to the Internet, either by using a good router or properly configuring Windows Firewall) than to have a good antivirus.

Sophisticated malware will update every four hours anyway - and how long does your AV take to catch up on a new threat? (There are even "companies" that "sell" crypter services to the badguys, provide new crypter stubs every 4 hours and guarantee for 0% AV detection in the first 8 hours or "you get your money back"). Therefore, even if you have antivirus, do not switch off your brain, and make sure that drive-by download vulnerabilities in your browser and plugins is fixed. (I don't want to say AV is useless - it is still useful for scanning USB keys that have been unused for a few hours/days, or for the "cheap" malware authors that can't or do not want to afford such a service.)

If you have the spare CPU power, install Secunia Personal Software Inspector (free for private use) which will alert you whenever there is a security related update for your browser, email program or plugins.
added on the 2014-02-04 20:41:17 by mihi mihi
If you want to protect yourself against drive-by attacks (although I'd dispute that "most" malware infection attempts use automatic drive-by exploits, many do), consider using Microsoft EMET in addition to AV and timely patches. It's free, and very powerful in protecting applications like browsers even against many classes of 0day attacks.
added on the 2014-02-04 21:45:00 by Kylearan Kylearan
From what I've read, "most" infection attempts this year are using Java. Last year it was adobe flash + reader. Yesterday Adobe released a critical patch for flash, since they discovered a new vulnerability that was *already being actively exploited*.

Lesson: uninstall flash, reader, java, and all other plugins. Then get a decent browser extension that replaces flash videos with the html5 version that's almost always there but not exposed ;)
added on the 2014-02-05 09:19:11 by psonice psonice
I use MSE. It gets pretty annoying.

Its most annoying when even my own WIP exe packer gets detected. Makes me mad.
added on the 2014-02-05 09:57:05 by mudlord mudlord
+1 for hardy
security essentials and proper router-firewall. and think twice before you click on anything on the internet :)
added on the 2014-02-05 10:00:49 by vincenzo vincenzo
and think twice before you click on anything on the internet :)

1. Random legit website (or ad-server serving a well secured site) gets infected
2. You visit a legit site with your well-patched browser and plugins and don't click on anything dodgy
3. Profit (but not for you ;)

So what hardy said, but uninstall those plugins too or you'll get fucked regardless at some point.
added on the 2014-02-05 11:47:02 by psonice psonice
+1 psonice, plus use EMET.

Oh, and it's always fun to see how decisions of how to protect your computer and thus your personal and sensible information often get made: Just ask in some random forum what other people use. %-)
added on the 2014-02-05 11:51:47 by Kylearan Kylearan
Blocking Plugins, integrated PDF preview, JavaScript, etc. by default and only allowing them manually or with a whitelist also helps reducing the attack surface remarkably.
added on the 2014-02-07 03:10:51 by T$ T$
Noscript in FF and Notscript in chrome is a good start. Adblock plus, obviously. And https everywhere in both.
added on the 2014-02-07 04:40:34 by ringofyre ringofyre