My favourite is Eset NOD32 3.0.

Just the antivirus, all the security suite bs gets on my nerves.

I notice a lot of screenies and integrated OS installs almost always have NOD32 on them. I'm guessing that it's the best, though it doesn't always top reviews. Considering all you leet kids out there, what's your own opinion, what AV are you using?

Been using Nod32 for many years. You should consider upgrading to v4, scanner is faster than 3.

NOD 32 since i met kolor on this site

AVG free as, well, its free. Though i mainly use common sense advanced edition 2009

Tried loads, but i'm happy with Kaspersky (Now on Internet Security Suite 2010)

AVG is pretty crap, even for a free product. It either produces huge lists of false positives or doesn't detect anything.
(EG: the code in this post when compiled will be detected by AVG as some generic downloader trojan. Anyone with even a slight knowledge of the Windows API can see this could not possibly download _anything_!
Click to view attachment
and as you can see only AVG is "smart" enough to detect this.)

Common sense won't keep your system safe for long (flash / drive-by exploits etc), running questionable binaries isn't the only way to get infected.

I'm going to sound like a Nod32 reseller know but for the sake of £30 can you afford not to protect yourself?

well, ive used several anti virus programs, and i hate these 'security suite' things, that give you so much needless shit, like email scanners, firewalls etc, plus AVG, as much as you dislike it, has never done me wrong, saying that, i havnt got a virus in the past two years, so i wouldnt be able to tell the difference between the two anyway.

whats so good about nod32 besides it being the first anti virus to use heuristics anyway? this technology is now commonplace in anti virus scanners, not that id use it as an anti virus that actively monitors system activity is a massive system hog (hello norton anti-computer).

edit: we've had this argument before i believe, or along these lines, its gonna have to be an agree to disagree thing, as i never buy software unless i really have no choice. And as AVG is a valid choice, well, have a free anti virus or pay 30 quid for one.

It's the speed and accuracy of esets heuristic engine that makes it stand out from the crowd, AVG just cannot compete. As per the example above, this is cannot be signature based as AVG's own description of this threat is:


Normally heuristics for a downloader would look for the API's, UrlDownloadToFileA (or InternetOpenA/InternetOpenUrl etc), CreateProcess (or similar) then perhaps a call to ExitProcess, as these would be the basics of a downloader type trojan. As you can see, code as a total of 2 imports and 4 API calls:
> kernel32.dll: Sleep
> user32.dll: FindWindowExA, SendMessageA, FindWindowA

... this really doesn't bode well for a heuritics engine to missflag this.

I'm not saying AVG is worse than nothing (although persoannly I think it gives users a false sense of security), I just personally think for the sake of 30 notes I can save myself a lot of grief and time.
I shall now run a scan of a random customers backup data with Nod32 v4 and AVG 8.5 and compare speed and detection rates and update this thread with findings.

Final link to prove how badly AVG hates MASM (scared of low level languages ??): http://www.masm32.com/board/index.php?topic=9699.0

Files in Target Folder: 16374
Size: 22.2GB

Nod32 v4 Files Scanned: 13502
Nod32 v4 Time: 4m 30s
Nod32 v4 Detections: 6
Nod32 v4 Unique Infections: 3
Nod32 v4 Infection List:
E:\backups\55810 ins claim backup\Documents\LimeWire\Incomplete\Preview-T-81298-lost season 5.zip » ZIP » self_extracting_archive.exe - a variant of Win32/TrojanDownloader.Agent.PDY trojan
E:\backups\55810 ins claim backup\Documents\My Received Files\pic_276-jpeg.zip » ZIP » pic_276-jpeg.zip » ZIP » pic-967.jpeg_*CENSORED*@hotmail.co.uk.com - a variant of Win32/TrojanDownloader.Agent.OIU trojan
E:\backups\55810 ins claim backup\Michael\AppData\Local\Mozilla\Firefox\Profiles\m0o3rbq4.default\Cache\33BA337Ad01 » NSIS » PlayMP3.exe - Win32/Adware.PlayMP3Z application
E:\backups\55810 ins claim backup\Michael\AppData\Local\Mozilla\Firefox\Profiles\m0o3rbq4.default\Cache\33BA337Ad01 » NSIS » ý¢€ - a variant of Win32/Adware.PlayMP3Z application
E:\backups\55810 ins claim backup\Michael\Desktop\PLAY_MP3.exe » NSIS » PlayMP3.exe - Win32/Adware.PlayMP3Z application
E:\backups\55810 ins claim backup\Michael\Desktop\PLAY_MP3s.exe » NSIS » ý¢€ - a variant of Win32/Adware.PlayMP3Z application

AVG 8.5 Files Scanned: 74967
AVG 8.5 Time: 23m 46s
AVG 8.5 Detections: 3
AVG 8.5 Unique Infections: 1
AVG 8.5 Infection List:
E:\backups\55810 ins claim backup\Documents\My Received Files\pic_276-jpeg.zip";"Trojan horse Downloader.Generic7.BCEW"
E:\backups\55810 ins claim backup\Documents\My Received Files\pic_276-jpeg.zip:\pic_276-jpeg.zip";"Trojan horse Downloader.Generic7.BCEW";
E:\backups\55810 ins claim backup\Documents\My Received Files\pic_276-jpeg.zip:\pic_276-jpeg.zip:\pic-967.jpeg_*CENSORED*@hotmail.co.uk.com"

os x

well, you show figures and they say nod32 is better, i might try it, well, i will, as ive found a copy on TPB

ill report back in a few days

edit: discard that, cracked version is only for 32bit technology, no use

edit 2: gonna try avira, just out of curiosity

sav ce

I used AVG for a couple years and yeah... started getting all sorts of false positives and got sick of it. After some research, it seemed to me that Avira was the best free anti-virus, so that's what I switched to. I've been using it ever since and it's done well, no false-positives either.

Look, download trial from eset and give it a try, if you like it and still don't want to fork out the money try www.nod321.com or www.nod325.com, just dont use any of thier update patches / reg fixes.

I have been using windows live onecare for about 2 years now and absolutely love it. since having it I have NEVER had any problems with spyware or viruses. I tried everything before that and had several massive problems with viruses, etc. I swear by onecare now.

I use another free one... Avast Antivirus. Several years, only once got a trojan.

One program to keep on hand (also free) is Antibytes Anti-Malware. Awesome program that removes almost anything if you get hit.

Very good program for spyware and adware but not great on viruses / worms as it's a signature based scanner.

tried avira, and it was gonna take one hour to update, which involved downloading a 3mb file, basically avira update servers are shit.

ill give nod32 trial a go, at the moment though its back to reliable AVG, it just works

I agree AVG is crap. i download alot of cracks off PAT and audionews and it always identifies the KeyGens are virus's when they are not. I use McAfee atm, but i got that free with my laptop....anyone recommend a good free alternative i can use when my mcafee runs out?

I was using AVG Free for quite some years. But when they forced me to upgrade to 8.0, I got sick of it since the new version slowed everything down, even the start menu (did it check the lnk files there or what? lol).
Then, a year ago, I decided to switch to Avast Home - which is free again (and that's the main criterion). And I am very satisfied with it.
You will get false positives in cracks from most AV programs anyway. Once I disabled the antivirus since I thought it was a false positive (a worm of some "Generic" name, as always) but in the end it turned out my computer became infected. Luckily I was able to recover it in no time

Actually using .lnk files is a valid infection vector as the shotcut can link to anything, and with use of "echo" and ">>" etc an attacker could simple pipe out a batch file (containing ftp commands) or vbs script that would download and execute a program of choice. So this is not as silly as it might seem.

I hate every antivirus, just slows down your PC and why would you download a virus?
It doesn't get on your pc by luck...
And even when you download a crack and you dont fully trust it or whatever you can allways do an online file scan that uses all antiviri so your 100% sure its clean and your pc isn't lagged by a stupid program running for nothing.

lol

Once I brought a souvenir on my USB stick from a local copy shop - it was one of the famous Autorun viruses. How would you prevent that? Even if you have autorun disabled, it still is the default menu option on double-clicking the drive in windows explorer

Dunno, but it nicked the trojan I got and nothing else I tried (Windows Malicious Removal Tool, and a host of other things) detected it.

Also recommended it to someone else here and I think it fixed his problems as well.

You can take certain step to mitigate this attack such as disabling autorun and you can create a blank file on the penstick named autorun.inf, set this to read only and with sys attributes. you can do this by opening a command prompt (cmd.exe) navigating to the USB stick (type drive letter followed by colon, eg F:) and finally setting the attributes (attrib +S +R autorun.inf)

wow, this is a tricky solution - didn't come to my mind before, but, yeah, cool

I don't use anti-virus. I use common-sense.

When friends need something these days, I usually install Avira. Really though, unless you're doing high-risk things or don't know what you're doing, you shouldn't need AV. Most of the competent Windows users I know don't run with anti-virus software. I haven't found anything that wasn't totally shit and didn't leave its hooks all through my operating system. I hate that crap.

I hear this argument often in my line of work.
Common sense has it's place but that might go so far as not opening unknown attachments and keeping your operating system up to date. Great. That stops a lot of things dead in its tracks. However, we're not living in 2000 any more. Malware these days is far less likely to come in via a temptingly named email attachment, and more likely to come in the for or browser (or browser accessible controls) / OS exploits.
So maybe you do keep your OS up to date, but then we have 0day threats. EG: Microsoft releases it's updates on the second Tuesday of the month, "Patch Tuesday", but people then forget about "Exploit Wednesday", these are when the bad guys release there PoC code, or actively use it in the wild, knowing full well that Microsoft vary rarely release out of band patches (IE last month and WMF a few years are ago are of the handful of such patches). This gives the bad guys 30 days to actively attack websites (mass SQL injection seems the trend these days) injecting their malicious scripts and real in their helpless victims. I say helpless as they have no means to patch the holes that are being leveraged. So what _can_ users do? Well, Microsoft might not react for 30 days, but any AV worth buying will ... and fast. AV's might update 4 - 5 times daily, updating signature files, new rules for malware families, unpacking scripts, .... 0 day exploit attempts!

...

Point being, in an arse about tit kinda way, common sense will only protect you so far, but the bad guys have serious weapons at their disposal, and there is no substitute for a competent antivirus solution.

Remember, just because you can't see any outward signs on an infection, doesn't mean you have been rooted up to the hilt.

I was using Nod32 business as I absolutely CANNOT STAND security suites - then I reloaded and the patch thing went all wonky so I got Avast! Professional and it was absolutely FANTASTIC unfortunately Avast caught on and offered an amnesty period for stolen/pirated/scammed keys along with an avast popup saying that the key may have been stolen -

So I uninstalled it using Revo Uninstaller - then got the Microsoft Security Essentials Beta along with IObit Security 360 -- light easy etc...I have heard the entire argument about not using AVs , I know people that successfully do this but also like to torture themselves with removing viruses manually - But I also dont download crap from TPB and am REALLY REALLY careful about demonoid ( note -- READ THE REPLIES for torrents at those sites ).

Anyway, If someone doesnt want to us AV then I suggest two things, get sandboxie and also bookmark virustotal.com which allows you to upload files for a scan of about 55 antivirus engines with results ( usually anything 35% or higher is a falsey or a trojan, anything over 50% is a trojan/virus )

Links --
Avast! Home Edition
( you have to re-register for a key every year )

IObit 360 Security ( beta )

Sandboxie Homepage Download Page Here

Virustotal Online Virus Scanner

---

Also, I am using a combination of these firefox addons

AdBlock Plus

Cookie Monster

Ghostery

NoScript

Close N Forget

Ill leave it to those who want to look through / at those firefox addons ..

enjoy!

Nowadays almost all cracks & keygens are considered as trojans, cause these programs use the same method as trojans...

I'm using KIS, eats my ram a bit ~46mb.

I get what you're saying, but there aren't any security precautions that can totally remove this risk either. What's more, antivirus software gives people a false sense of security.

For all you've said, you still have yet to make a cogent argument on how antivirus software prevents all this badness. It doesn't. Few pieces of antivirus software will make any difference at all to the things you're describing.

anti virus software isnt as awesome as most people think it is, i tried explaining it before but my input was ignored.

An anti virus only scans what is on your computer, it does not, and cannot, reach out and scan hard drives of web servers, so exploits still have to be downloaded, and youd be surprised to find out that any half decent virus coder does actually code workarounds for anti virus software as well (hell, look them up online).

Once a virus is downloaded, the damage is done, your best bet is just not to visit shady sites/watch beastiality

First part is correct, the second part however is totally incorrect.
Anti Virus solutions use low level drives to "hook" API calls. (WriteFileA, CreateFileA, CreateProcess, CreateRemoteThread etc etc). All call's to these functions must first be passed through the anti virus, which it either processes or denies, leading to my next point ...



Right you seem to think that some XOR/RC4/Custom obfuscated binary is some kind of new and exciting idea in the underground world. It isn't. Really. Viruses since the 80's have been self encrypting in an attempt to thwart signature detection. However back then the fight was easy with just a handful of few samples each year and that fact that the decryptor would have to remain largely static. So the virus writters stepped things up a notch with been polymorphic, metamorphic and oligomorphic code in the early 90's. This was a big change and actually killed a few AV's who just could not keep up trying to write sigs for every new sample (and anual submissions where still only in the thousands).

The only difference between the "evading" software that you mention is that today they are sold (yes there is a market for this) as stand alone applications designed to make a detected binary undetected instead on in self replicating code. They will take a binary, scramble it and either add it as a resource to a "stub" executable or prepend it the file. When the stub runs it decrypts the file and either drops and runs it, or runs it in the stubs or another executables process space. Problem for them is that here we go back to to API hooking. What may have been undetected by a scan before is now stopped dead in it's tracks.
Even the stub may struggle past heuristics as the function of it's code is very suspicious as legitimate applications just don't act like that when a behavioural pattern is found.

Eset Nod 32, simple and effective

Clamav (And ClamWin for Windows users) all the way. It's free, it's fast, it's definitions are just as updated as any commercial software you'll find, and it doesn't have a bunch of bloat/useless checkbox features found in the competition.

http://www.clamwin.org

No antivirus...

Back when I used Windows, my 1 and 2 were Kaspersky and NOD32 (partly because Kaspersky has a nicer-looking tray icon ).

If I was helping a friend install a system, I'd slap Avira on it. Better than nothing, and better than AVG.

But yes, OS X.

That pig squeal when KAV finds a threat has to be the most single annoying (and fucking scary when you ain't expecting it) noise ever to grace a computer. And I'm including Windows 95/98 error sound in that.

Avast! Home Edition works great for me.

Haha. I think I remember that. You can turn it off pretty easily though, no?

NOD 32!

i dont use any... probly i'll need to get one as soon as osx gets more popular

AVG or Norton...

shut up n00b...

Avast Blast...

Fixes stuff before it can hide behind windows.

will check out others suggested here to.............except AVG...........mmmmmmm i cant delete it of my pc..

my dick head brother thought it would be a good idea to install it for me.......great idea....really helpful.....Takes 10 seconds to get the start menu up, tried (not too hard i must admit cos i got bored of my computer spastically trying to work) tried to find a way i can uninstall completely but no luck....


noob!! shut up!! lol

that felt good!

Try Revo Uninstaller to completely remove the AVG remnants, if that doesnt work then get CCleaner and let that analyze for left over files etc... and after that let it run its registry scan and delete all unused registry entries...

(make sure you back up you registry via CCleaners request!)

p.s. both those apps are totally free!

hes my n00bish brother lol

never norton....it drains too much....PC slows down, takes forever to boot, in fact, fuck norton wholly...its gotta be the worst available....too bad it comes bundled with most pcs these days and is hard to remove for your average pc user...

used kaspersky and while i thought it was effective i now think that was only because my cracked version was the program attracting all the viruses and trojans......AVG free seemed pretty cool but the proof is in the pudding as they sayand you'll never get a free version better than a commercial version, unless its open source....

now using Nod32, after a geek recommended it....have a trial version valid till 2050.... is easy to use, light on resources and stable....recommended

avast + outpost firewall