Avast WEBforum
Consumer Products => Avast Free Antivirus / Premium Security (legacy Pro Antivirus, Internet Security, Premier) => Topic started by: theinvulnerable on March 30, 2009, 04:32:39 PM
-
recently i have avast pro installed on my pc thats my friend license, but i uninstalled it and replace by avgfree 8.5 because im disappointed about the virus that avast not detected it, even if it is updated daily and i often scanning for viruses. One time i make a word document save to my new flashdrive. Then when i print out at the shop that uses avgfree 8.5 they detect it. But now i also want to installed avast home because it has an anti-rootkit that avgfree don't have. Now my question, what you would recommend me to run in the background in terms of resident scanner, the avast or avg? Im dissapointed also when im scanning avgfree 8.5 takes 1 hour 40 min while avast just nearly an hour. Im hoping for your best and honest answer.
Thanks...
-
I think using avast would be better choice because as you said it has more features than AVG and avast! is better in catching malware. ( you can check virus test web sites ) If you use additional softwares like Windows Defender, Spyware Terminator or ThreatFire everything will be fine.
And please use web shield with silent mode because according to my experiences sometimes web shield can be leaky eventhough you press Abort Connection and standart shield catches the threat. With silent mode web shield immediatelly aborts the connection and it doensn't give time to the threat to download itself.
-
No one program is going to detect everything 100% in a recent comparison avast gained a 98.2% detection rate, avg8 was I believe behind that, that still leaves 1.8% no one got 100%
As you found avast is faster coming forth in the test with avg8 behind it.
I abandoned avg a little over 5 years ago for avast and I haven't looked back.
Another fact that just because one AV detects it doesn't mean that it it is actually infected and all AV suffer to some degree from false positive detections, avast is no different. There is a site virustotal with 40 different scanners that we have people check suspect files at to confirm or deny the detection.
So without any detailed information or analysis I can't say one way or another, what I can say is if you changed your AV every time it missed a single detection it wouldn't take long before you tried them all.
You can only have one resident AV and my recommendation is use one that suits your needs and that is a decision only you can make. Me I know what suits me and has looked after me in the five years that I have had avast, not to mention in the free avg version it doesn't have anti-spyware or anti-rootkit detection or some of the other functions that are available in the free version of avast.
-
How to configure it silent mode? btw the virus i'm talking about is brontok, i don't remember the exact name. I know its not 100% thats why i want to use 2 antivirus installed on 1 pc. Is that possible or not? I have spybot S&D teatimer is active on startup and malwarebytes. The antivirus currently installed is avgfree 8.5, and i want to installed also avast home. Tell me how to mixed it up this softwares for a 512mb of ram ddr2.
-
Having two resident scanners installed is not recommended as rather than provide twice the protection it can cause conflicts that could leave you more vulnerable. Resident AVs have low level device drivers that could conflict that conflict could be minor in multiple alerts on the same file to serious locking your system to very serious a failure to boot.
I'm not entirely sure what you mean to configure silent mode given your trying to run two AVs.
-
To use web shield with silent mode click on avast ball > web shield > customize > advanced and check the box.
-
Personally I wouldn't use silent mode as the web is a potential mine field and you want all the notice you can get of malware on a site.
-
My experience is similar to that of DavidR.
I believe the free version of Avast will perform better than the free version of AVG. In fact, I wouldn't be surprised if it performs as well as or better than the paid version of AVG.
Slightly off topic, I have never experienced the web shield failing to block malware downloading while awaiting a response from the user (and I've seen the webshield alert a lot of times.) Are you absolutely sure that's what happened, ilker, and did you report it on the forum at all?
-
No i haven't reported it because i don't experience this very often. I saw that the download was active until i press abort connection. Also i can show you a video of it and you will understand me better.
http://www.youtube.com/watch?v=iquamx6LY0w [01:55]
In the video you will see that the user presses abort button but then we see standart shield alert because part of malware downloaded to temporary int. files until we decide what to do.
-
I do see that, but wonder why the caution window is being displayed by the security centre on the system tray?
Also wonder, since this is about number three on a series of random tests, whether it is one of the previous tests that cause that alert?
Interesting video, but to tell the truth I am unconvinced.
I suspect you've disabled the firewall to facilitate the tests (hence the yellow shield).
-
Personally I wouldn't use silent mode as the web is a potential mine field and you want all the notice you can get of malware on a site.
When it is set to silent mode, you will be noticed by a notification just above the system tray if a malicious content is detected on a website. At the same time the web shield will quarantine the content and will abort the connection immediately. So you'll be noticed both when it is set to silent mode and when it is not.
Web shield is so important since a website containing a malware which is detected by avast may possibly have more malicious content that avast may not detect, and the possible threats will be mostly prevented by aborting the connection immediately. Hence the web shield should cut the website connection as fast as it can. If you wait for pressing "Abort connection" button for a while, the web content will carry on flowing to the hard disk during that while. In this connection i agree with what ilker stated. :)
-
This can easily be missed as it isn't there very long and what information displayed, exact page and malware name would not remain visible as in the alert window.
Sorry but your understanding of how the web shield works isn't correct - The web shield doesn't quarantine anything, it just aborts the connection in silent mode.
The alert window is effectively an abort connection as the file is still in the web shield proxy (well an avast temp location as a unp9999999.tmp file, the 999999 are random numbers) and not on your system so there is no problem in taking your time to gather and take in the information displayed. I do this lots when investigating alerts reported by users in the forums and the file is never downloaded to the temporary internet files/browser cache, my default browser is firefox 3.0.8.
-
Well, here is difficult to find a non-biased info.
I'm an ex-AVG user and I drop it due to lack of updates (number of servers), lack of configurability, lack of support (specially on forums).
Not a software is perfect and maybe avast could lose some malware. But AVG will do the same in other times, for sure.
The on-demand scanning time of avast has improved (but still there are room for improvement).
Well, I'm not theinvulnerable ;)
-
Sorry but your understanding of how the web shield works isn't correct - The web shield doesn't quarantine anything, it just aborts the connection in silent mode.
Yes, sorry, i was wrong here, i didn't wanna mean that actually. The object (which isn't restorable) in the quarantine is just for notification for users (when the silent mode is enabled). See the attachment.
This can easily be missed as it isn't there very long and what information displayed, exact page and malware name would not remain visible as in the alert window.
You can also take a look at the quarantine. Avast puts a notification there too, just as in the attachment.
The alert window is effectively an abort connection as the file is still in the web shield proxy (well an avast temp location as a unp9999999.tmp file, the 999999 are random numbers) and not on your system so there is no problem in taking your time to gather and take in the information displayed. I do this lots when investigating alerts reported by users in the forums and the file is never downloaded to the temporary internet files/browser cache, my default browser is firefox 3.0.8.
Ok, it holds the concerned content without letting it enter to the system until we press the abort connection button - as it should be. What about the rest of the content of the web site? Does web shield let them flow or not? I think it will not interfere with them unless it detects sth. I'm trying to tell this. And my statement is that it should abort the connection immediately to prevent even the possible threats which i mentioned in my previous message.
-
It would entirely depend on what was detected as infected if it was the actual html page then nothing would be displayed as the html page wouldn't get into the browser cache. If it were another element like an image then perhaps a partial page load would occur.
Since you haven't expanded the column we can't see what the file name is as it is unusual to see a URL in the Name field and a blank original location field.
-
I clicked on the eicar test files. Now i scanned a few of them in the chest, avast gave alerts. So they are real objects then.
http://www.eicar.org/download/eicarcom2.zip
http://www.eicar.org/download/eicar.com.txt
As you stated they are not actual html pages. But why does this difference occur? Why does web shield quarantine the objects only when silent mode is enabled?
Let's think about surfing a web site, not a direct download process. Do you have any certain idea about the rest of the content of a web site in which avast catch a malware? I asked previously this question, and i think it is as what i said.
-
So u mean guyz i should replace avgfree 8.5 by avast home. And not installed two AV at the same time even if the one is just a scanner and the other one is the resident running on startup?
-
So u mean guyz i should replace avgfree 8.5 by avast home. And not installed two AV at the same time even if the one is just a scanner and the other one is the resident running on startup?
Use only one resident shield (avast) and you can use another one only for on demand scans. But the one you use for scanning your pc, should be deactivated. I recommend you use Avira Antivir free for on demand scans because
1) it's faster than AVG
2) better detection ability
3) has antirootkit and antispyware scanner
-
It seems a bit of a waste of time and resource to me to install a similar application that is supposed to do the same job, to improve the chance of finding a virus by maybe 1%.
A lot of them will not run together, even if one is set to be a demand scanner only. (I believe Avira can be installed without the resident; I don't think the same is true of AVG.) I would uninstall it and run the AVG removal tool http://www.avg.com/download-tools (http://www.avg.com/download-tools).
For the investment in time, computer resource, and bandwidth, I'd be more inclined to install an application that belongs to a different category. Such as a firewall, and/or a HIPS, and/or something to confer immunity (eg: "Immunize" in Spybot,or SpywareBlaster, or a hosts file), and/or some other kind of behaviour blocker, such as Threatfire by PCTools, or Winpatrol from BillP studios. Any of these will run OK with Avast.
There are demand-only AV's that are designed to run with another AV installed, such as DrWeb's Cureit. http://www.freedrweb.com/cureit/ (http://www.freedrweb.com/cureit/) This one doesn't update, you re-download the application afresh each time you want to scan. It runs from the download location.
Of at least equal importance is keeping the operating system and programs patched and up to date, (especially Java and flash player) and having a regular backup of your important data, photos etc.
Keeping the OS updated will often prevent stuff your AV will catch from exploiting the system, too.
-
i have heard some time that AVG 8.X are bogs your computer so im not sure if its true but i know that avast antivirus is way better than AVG anti virus !
-
I clicked on the eicar test files. Now i scanned a few of them in the chest, avast gave alerts. So they are real objects then.
hXXp://www.eicar.org/download/eicarcom2.zip
hXXp://www.eicar.org/download/eicar.com.txt
They are physical files in the chest, but that file name is a right royal screw up (technical term) as it incorporates the URL.
As you stated they are not actual html pages. But why does this difference occur? Why does web shield quarantine the objects only when silent mode is enabled?
Well this is something that isn't documented and I certainly didn't expect it, having just set the web shield to silent mode and clicked both of the links in your post. images 1&2
a) The connection is aborted and a firefox error 'The document contains no data' displayed, but no avast alert pop-up (as expected), but none on the bottom of the screen either, totally silent.
b) The same happened on the second link, so I think you can see the point I was raising that the user could be totally in the dark about it being a virus problem if all they see is 'the document contains no data' if using firefox or a similar alert in IE or Opera, etc.
Let's think about surfing a web site, not a direct download process. Do you have any certain idea about the rest of the content of a web site in which avast catch a malware? I asked previously this question, and i think it is as what i said.
You misunderstand what I said, as there can be no certainty in what may be displayed. As I said it depends on what the alert is on, if the .html page then nothing could be displayed. If another element then something 'may' be displayed but there is no guarantee as again it depends on what that element is, it could be that it is a flash element that makes up all or the majority of the content of the page.
So it is a crap shoot and there is no certainty to say what if anything will be displayed from one alert to the next. That is the problem all that the users sees is a problem displaying the page or elements of the page and is tearing out their hair trying to find out why, with not the slightest idea it may be virus related unless by some freak of chance they look in the virus chest.
After running the tests I looked in the chest and found the two screwed up file names, my view of this is that if this is to happen, a) it should be documented (see image 3) and b) the file name should be just that the file name and the URL placed in the Original location field, but I guess that isn't too easy.
By creating a name that includes the URL it breaks the standard windows file naming conventions (see image 4) and if the user tries to extract the file from the chest, to say check the detection at virustotal, it would fail. So to my way of thinking the file name in this format stops checking if the detection is good or bad limiting any good reason to sent it to the chest.
-
Aww, really thanks for your detailed reply, David. Now i can understand you more clearly, and it gets more complicated when it is examined more deeply. :)
Today i came across with a malicious website, the web shield reacted only for the concerned content (the silent mode was enabled), and the rest of the website loaded. So you are definitely right that it depends on what the element type is. Again thanks for the time you spent to tell me what you're considering about this subject.
Between, i haven't given a suggestion to the one who opened this topic. Now i'm saying: Just drop avg, and switch to avast right now. lol ;D
You can take a look at the comparison table for the avg products - http://free.avg.com/download-avg-anti-virus-free-edition . The free version has a limitation for the anti-rootkit protection (despite of this limitation, it can catch some rootkits as every software uses different signature defining methods). It hasn't a web guard protection. And the database of avast is absolutely larger and you'll get a better real time protection due to the effective shields. ;)
-
You're welcome, now you have a better understanding of the web shield and whay may happen on detection.
-
I had avast 4.7 before and it served me well. i unstalled it and i upgraded to avast 4.8 professional. the 4.8 professional gave me trouble when trying to browse the web using firefox. i would like to know why this happens. it browse the wed well when i take out the web shield but is this safe.... somebody help me.
-i have windows firewall
-only avast as an antivirus
-
did you allowed the ashweb (im not sure for the ash thingy :D) if not then allow it by trought the windows firewall
-
I had avast 4.7 before and it served me well. i unstalled it and i upgraded to avast 4.8 professional. the 4.8 professional gave me trouble when trying to browse the web using firefox. i would like to know why this happens. it browse the wed well when i take out the web shield but is this safe.... somebody help me.
-i have windows firewall
-only avast as an antivirus
Which was your previous antivirus? How did you uninstall it?
-
Tech :) He sayed that he was having Avast 4.7 Before so valentino tell us how you uninstalled it :)
-
Tech :) He sayed that he was having Avast 4.7 Before so valentino tell us how you uninstalled it :)
Sorry, my fault.
Maybe he can say how did he get the 4.8 professional key, where did you buy it?