#1
|
|||
|
|||
Ask ExeTools: Best Antivirus & AntiMalware 2017
Hello friends,
Based on your research and experience which antivirus & antimalware software is the best? Commercial or otherwise. "Best" meaning reliable, good to great detection rates etc. |
#2
|
||||
|
||||
Malwarebytes for Malware. I use - very good
Antirus AVG for virus and ransomware - It is very light and does not consume as much resource and online scanning I use eset online scanner - for me one of the best virus scanner cleaner online hxxps://www.pcmag.com/article2/0,2817,2372364,00.asp
__________________
Once finished the game, the king and the laborer they return to the same box Last edited by Zipdecode; 10-28-2017 at 17:22. |
The Following User Says Thank You to Zipdecode For This Useful Post: | ||
abhi93696 (10-28-2017) |
#3
|
|||
|
|||
For antivirus I use Eset Nod32 and for anti-malware I use Malwarebytes.
|
#4
|
|||
|
|||
What exactly is the difference between "antivirus" and "antimalware" supposed to be?
Most companies sell "anti-virus" and "internet security" products. The first include only "anti-virus", the last include "anti-virus" + "firewall" + "<insert any number of words which somehow should sound to a stupid end-user like they do something important>". Since the Windows Firewall has a default "allow all outgoing traffic" rule which you cannot change I would say it's mandatory to use an "internet security" product, not only to block (non-malware) "call home" software, but also to block malware which is not yet detected from connecting to its control server. When you see any tests conducted by a website or a magazine, the rating will always be something like "60% detection rate, 30% resource usage, 5% user interface, 5% other features". This sadly means two things:
Two examples: In nearly all tests Kaspersky and BitDefender are on #1 and #2 in the list. These products might have a good detection and resource usage rate, but:
So my suggestion:
|
The Following 4 Users Say Thank You to Kerlingen For This Useful Post: | ||
abhi93696 (10-28-2017), alekine322 (11-29-2017), chessgod101 (10-29-2017), tonyweb (10-30-2017) |
#5
|
|||
|
|||
Quote:
Yes, but seriously, for "normal users" (meaning those who are not security experts for example) , I would say that McAfee Antivirus+Firewall is a good solution. We'd been using it and recommending it to our clients for more than 25 years and it had always stood strong. Just the McAfee AV+Firewall is enough - don't go for the 10-in-1 suite etc which just slow down your system... Sysmantec (norton) AV used to be good but now it has become too much of a bloat ... Finally, remember that many of the "reviews" online and in mags are mostly paid (many are not aware of it). So its best to take them with a pinch of salt. You may notice that the "good" AV companies rarely bother to pay them to get them better reviews, which is why one does not see them very high up on the list. Around 20 years ago, I remember that AVG AV used to be on the top of the review lists but it did a very sorry job of catching any real malware. The Windows Defender is just Entry-level at best, even now, and fails to catch many of the sophisticated malware that's around. Further, it does slow down the system quite a bit. I know since I removed it off long ago after benchmarking. Finally. most of the security professionals do not have any AV on their system at all Just good security practices keep the system safe. |
The Following 2 Users Say Thank You to TechLord For This Useful Post: | ||
alekine322 (11-29-2017), tonyweb (10-30-2017) |
#6
|
|||
|
|||
Windows firewall control with windows defender and lil bit of caution while executing any random file. I do take back up of the system at regular interval though
|
The Following User Says Thank You to Conquest For This Useful Post: | ||
tonyweb (10-30-2017) |
#7
|
|||
|
|||
All antivirus is a scam, just use Windows Defender and don't be a complete turd when dealing with downloaded files...
|
The Following 8 Users Say Thank You to mr.exodia For This Useful Post: | ||
alekine322 (11-29-2017), cybercoder (11-01-2017), foil (11-01-2017), mm10121991 (11-29-2017), Pansemuckl (11-02-2017), TechLord (10-30-2017), tonyweb (10-30-2017), zeffy (11-06-2017) |
#8
|
|||
|
|||
All antivirus products have complicated engines with a large amount of attack surface increasing your risk. So ensure you do not add such complicated software to your TCB.
If you want to know if a particular executable is flagged as malicious, you should probably just install a few in a couple of different virtual machines, or use virustotal. However virustotal does not have the more CPU intensive desktop versions of many antivirus and so the unpacking/emulation functionality built into most desktop antivirus is not present, so running them yourself in different virtual machines makes sense. Awhile ago I tested a few different antivirus to see how good they were at detecting flagged code that I obfuscated with simple methods. I found that kaspersky and f-secure had the best unpacking/emulation functionality. At the end of the day, the features you might need for your antivirus are specific to your use case. (do you need good historical signatures of DOS malware or not?) (do you need signatures for esoteric platforms like z/OS?) (do you need high quality centralized administration to manage a large corporate network?) |
#9
|
|||
|
|||
Quote:
There are more than enough drive-by-downloads you catch on legitimate and well known websites. What are you supposed to do there? Stop using your computer for 4 or 6 weeks until Windows or your webbrowser gets an update? More likely you will trust that an anti-virus which gets updated several times a day will prevent these kind of exploits until they get fixed by software updates. |
#10
|
|||
|
|||
Win10 here.
I usually used Windows Defender and BWMeter firewall/meter for internet blocking/etc. But... I want my Antivirus disabled for long periods of time, i could use exceptions in folders, as i tend to have tons of "weird" files in my pc, not only cracks or keygens, that i know they are not virus/malware, but the antivirus tend to block, delete them. But also i tend to deal with programming and using packers, hacks, etc... So... in Windows defender i can disable completely the antivirus, but it will be enabled automatically after some time. I hate coming back to my pc and seeing 1000 detections... Finally switched to Eset, i disable it until next reboot (usually weeks). Of course, i know what i am doing, if i need to scan something or execute something i send it to virustotal or even to a online sandbox. Regards! |
#11
|
|||
|
|||
All the major hacks and Advanced Persistent Threats (APT) stats show that AV solutions don't work; sure it might flag a really really well-known malware family in your mailbox or dubious website; but any 0day variant will - by definition - not be detected; even heuristics won't help much for bigger campaigns (malware developers test as well you know )
It's also shockingly easy to take any random well known malware family and make it undetectable; it's even - probably the easiest - part of the OSCE exam. Then add the fact that for performance reasons it will not even detect really old malware anymore and performance-impact is still noticable; I can't recommend ANY (locally installed) antivirus/malware solution to start with. Even very expensive enterprise ones still have false positives and true negatives and thus using AV-solutions can actually give a false sense of security; you're not as secure as you think your are. Have it on the mailserver doesn't really hurt; but for local stuff, just do your updates, use a restricted account and the OS built-in firewall (assuming recent OSes, not talking WinXP here). For playing with untrusted downloads just use a VM with optionally Sandboxie within that VM and rollback to your snapshot afterwards, just to be sure. For non-tech savy people / "end users", just scare them to death to never ever click any fake updates, download or bill they got sent by e-mail and install the AV that got first place in a big AV test for this Quarter (like: best effort for the given moment). |
The Following User Says Thank You to SKiLLa For This Useful Post: | ||
niculaita (11-01-2017) |
#12
|
|||
|
|||
It is a famous "cat and mouse" game as you always have to stay current. Yes you can always wrap something and make it undetectable but the importance of staying current is an issue.
I always go with Windows Defender, a properly configured router, and care when running strange binaries by sandboxing/VM. Yes the random malware that infects legitimate sites like the one that occurred recently in CCleaner right after Avast, an antivirus company acquired it, is hilariously ironic in this case but its not so common that it cannot be dealt with as a one off. The problem with AV, is its hard to measure future detection rates. And we don't care about the past so much here. The question on detection rate, is if some arbitrary malware comes out, how long it would take before that particular AV detects it or if not what % will it achieve. So we are left with our own empirical evidence and feelings and some configurability on top of a black box engine which we indeed can do nothing but speculate about. Most of the malware nonsense is just fun and games anyway and questionable beyond at a big enterprise or for a sysadmin maintaining a lot of computers, or for really naïve users who would never be able to do a self repair. It is only interesting if we are talking about BIOS hacking, and hypervisor chips and what the real racketeers hiding behind agencies are up to. Then well, really, someone probably already "owns yours box" especially if you browse this forum. And since they can physically break in and enter with almost no effort, unless you are going to design an unhackable chipset, you probably won't even be able to guard a new purchase past a week. But if anyone manages to beat the big crooks, it would be interesting. But its non trivial and would require a huge amount of work. And you are not getting much help from big hardware business these days who are largely trying to lock up their corners of the financial markets by complying and bending over backwards to the nearest government power structure. But the AV companies stay out of here too. And the hardware companies have dumped firmwares containing extremely sophisticated monitoring and harassment packages and keep their lips shut. |
#13
|
|||
|
|||
I don't remember of having any issue with virus since a DOS 11 disks game a friend gave me like.. 25 years ago (the so called virus was even able to change it's filename, that was super cool at that time I loved it).
Using trusted sources, being smart with what you use + set up proper backups <-- Then, just pray not to get any new kind of worm - there also is a bit of chance here sometimes. There will always be someone looking for new vulnerabilities, that would pass your AV + Firewall solutions. And since you can't spend all your time to search yourself for the same (not even talking about the skills required - i certainly don't have them), somehow you just have to continue your usual life, and most probably everything will be ok for years without anything wrong happening. I still use ESET smart security. Don't know if it's really worth it, but as Kerlingen pointed out, you need at least to be able to block outgoing traffic (for malwares, and of course you want to control app that are calling home while reversing) plus I guess having a basic AV which is not using to much resources is still something to do ; but as I said, I rely *way* more on my backups than on anything else... |
#14
|
|||
|
|||
im happy with smadav, it suits my needs. any unreliable software source are run inside vmware for extra safety
|
#15
|
|||
|
|||
I keep Malwarebytes around for browser exploits..
I highly recommend GlassWire as a firewall though! It's extremely light, and has really nice monitoring, graphs, and control. |
Thread Tools | |
Display Modes | |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
Best Antivirus Engine | mantovano | General Discussion | 102 | 02-16-2011 18:13 |
Antivirus API | just4urim | General Discussion | 4 | 02-06-2005 02:49 |
Anti Antivirus = ? Virus ?? Trojan ?? | drasd_20002 | General Discussion | 3 | 06-05-2003 00:03 |