Re: Antivir vs Norton? Which is better?
hihp wrote:Craven de Kere wrote:dlowan wrote:Thok and Neohihp are telling me that Antivir (a free program) is better than Norton.
I disagree very strongly with that. In fact, I think it is one of the worst AV programs on the market and only gets a passing nod (or worse yet, an endorsement) from anyone because it's free.
Frankly, that is not true. Of course right now I can't find it, but a while ago there was a test by (yes, I know) a German computer magazine, and even though AntiVir didn't score in the top, it was a pretty good middle.
I am aware that it scores in mid range in many tests (many of whom do not do security lab testing, but merely "install and check it out" testing), but sometimes the difference between one and two is substantial and in the AV market this is the case, the difference from 2 to middle is night and day.
Perhaps it's hyperbole to say it's one of the worst on the market when you consider all the completely non-functional ones out there, but that it scores among mid range doesn't mean it's not shoddy.
With virus protection grading on the curve doesn't make sense.
Quote:Quote:f) Their update software is fatally flawed in that they do not deploy changelog updates and instead make you download the whole definition library each time. This is one of the most idiotic ways to update an AV program even if it's the simplest (which is why it works this way, simple crappy software cuts corners).
One could also say "free software cuts corners". It's free. You can't expect a free program to be the same as a commercial one, evne though AntiVir actually shares code with their commercial product from what I gather.
In many cases, free programs actually outperform all of the commercial ones out there. But AV isn't one of those cases.
Quote:Quote:90% of the quality difference is not in the program but in the update framework and the definition speed and quality.
This is, I think, the most important part: an AV scanner only can do its job if the environment is right.
If people use Internet Explorer and Outlook Express and surf with an Administrator user, it's really a tough job to keep all malicious code from being executed. Expensive AV software might be a bit better to advance an unsecure system, but it won't be able to prevent everything.
If however you take the necessary measures to make the system secure, the AV scanner is a double net - should something actually manage to get onto your computer AND be executed, the AV is supposed to catch that. These other measures, however, should help in keeping most away so that actually it "takes time" for a virus to get into the system (e.g. if a virus slips a false link into an actualy email from an infected friend or something... THOSE are the virues I'm waiting for) - and then even the cheaper AV will be updated (if you do that often enough. AntiVir usually gets updated twice a day, I think.).
Whether or not a computer is secured the turnaround for definitions is important, as the new exploits are often holes that could not have been secured before it was discivered.
Take, for example, the buffer overrun exploits from software like Real Player (never really became a widespread threat because of the exploit characteristics).
Until they are found there's not really a way to secure them. The update frequency is not the critical factor, it's the speed in writing a suitable definition.
Some hackers have actually followed this progress and claimed that the turnaround was slow. I haven't done so personally, but have noted that when new variants come out, it's npot nearly as fast as Norton in producing a def that actually blocks it.
When it did snag new ones in my tests it's almost always on the basis of heuristics.
Quote:Quote:Those are factors that are invariably affected by money. Norton is simply the best around hands down.
In detection? Maybe, I don't have the facilities to test that.
Hee hee, I get all my samples from Germany. I'm away from home, but I can send you information you need if you ever want to make your own lil' security lab.
I only test to evaluate security software for our IT department, and don't get into the code too deeply.
And with Norton, it's a pain to try to do anything with the malicious code samples even when I want to (which is a good thing when you don't want the code to do anything).
Quote:But Norton has a problem: it makes the system rather unstable. I have a lot of friends who run Norton and often have trouble; I've also seen lots of people in Usenet report problems that vanish after an uninstall of Norton.
Norton suffers from what a lot of software suffers from; bloat.
Especially their suites. This is why I recommend against things like Norton System Works and especially their Win Doctor.
It's like having two OSes in many ways and the sheer dept of their involvement in the OS means they will be party to a lot more conflicts.
Their AV runs a little heavy as well, and I usually disable some of the plugins and registry tweaks it makes.
You seem to do a lot of what an AV program protects from manually, and with users who can do this a lighter footprint is more desireable.
For Corporate IT infrastructure and for advising people like dlowan a more heavy AV program but less involved user is not just preferable, it's a necessity.
Quote:Frankly, a firewall is an unnecessary thign most of the times. I'd recommend using a firewall if people want to prevent programs on their computer from "calling home", but in order to make your system more secure against the outside, it's much more important to set up Windows correctly, i.e. turn off unnecessary services and therefore disabling ports, turnign of NetBIOS and things like that.
Basically, you are recommending that users do all that a firewall would do manually.
I do this very often, it's called "hardening" an OS. Thing is, I do not believe dlowan could do this even if she wanted too.
So a firewall would be good to protect from various threats from outside.
All of the big threats from the last year (like blaster) would be prevented simply by enabling the firewall. Lots of minor annoyances like messenger spam popups are stopped by a basic firewall as well.
Sure, you can turn off all those holes. But in IT, the advice can't always be to be a geek and sometimes had to be tyailored to a luddite.
Expecting a luddite to harden an OS is unrealistic.
Quote:Quote:The best free one is either sygate or zonealarm.
I hope the emphasis lies on "free".
Free and software. A much better solution would be a hardware firewall.
Quote:Quote:I have reasons for disliking zonealarm (unecessary bloat).
Yeah. Like, one for me is that ZoneAlarm prevented legitimate network access on the machine of a co-worker.
That is what software firewalls do unless you tell them otherwise (and it's not always easy to do so).
Windows XP's firewall used to make it impossible to do so, but their latest version does (despite what a lot of security experts say, the firewall was actually improved on, not just enabled by defaul in the SP2).
Quote:Oh, I forgot: we're talking a deactivated ZoneAlarm installation here.
Ask Phoenix what I think of Zone Alarm, it's bloatware. Thing is, it works better than XP's old firewall in some ways (it's a 2-way firewall).
Either way, my software recommendation always has been the XP firewall.
Quote:I actually had to uninstall ZoneAlarm and manually root out its files in order to get the system working.
Odd that. But hey, I'm not gonna defend ZA, I always tell people to get rid of 'em.
Stumble It!
Tweet This
Bookmark on Delicious
Share on Facebook
Share on MySpace