I appreciate the incongruousness, if not nastiness, of posting a question like this on the avast forum, but I have faith in you guys in presenting me with the truth.
I have been reading that Avast is no longer a frontrunner in the antivirus industry; but I do not harbor respect for the promulgators.
So, I ask you whether Avast is still at the top; if not, then will it become a major player again? I am debating whether I should subscribe to the Professional Edition.
The subject you raise is too often clouded by personal beliefs (sometimes not based on fact), personal preferences and sometimes vested interests. How well any particular software functions is often also determined by the physical characteristics of the PC on which it is run and the operating system in use. What may function well for someone on a modern fast platform with lots of resources may not be acceptable to others with slower, memory starved machines.
In the end regardless of whether someone else says it’s a frontrunner or not, and regardless of whether it comes at a cost or is free, you have to be happy with the way it works for you in your particular situation. Over the years I have run quite a number of AV systems and suites, some paid, some free. Avast does what I need (see personal opinion again) better than any other package I have tried. I must admit I don’t pay a lot of attention to AV reviews - I have seen too many PC with high price security suites riddled with infections.
I have three PC’s on my own network, plus several other networks I look after, all with Avast. On the platforms in question it’s effect on performance is quite acceptable, and after nearly 12 months, none of the PC’s have had a single infection, and to me, that’s what counts.
You have to ground your decisions on your own personal experience and I have been using avast for almost four and a half years and have seen good improvements in both detection and functionality and it is still up there with the other major players.
The site that I feel bests represents that is http://www.av-comparatives.org/, is avast the best, which can be very subjective and depends on your criteria if you base it only on detection there are better (but you can do much to help yourself in this matter on day 0 infections), but that doesn’t detract from the fact avast is still a good AV.
For many it is almost the only AV as the larger players abandon those with win9x and winME, etc. There is also the anti-rootkit function recently introduced not on all other AVs, boot-time scan, web shield, P2P shield, email scanning, etc. some of which aren’t included in AVs with supposedly better detections.
So the user has a complex decision to make and it isn’t simply one based on detection alone. Support is also a major factor, as is cost so it is difficult to make a simple comparison. So IMHO avast is still a very good AV, but a single application isn’t going to catch everything and why I mention helping yourself on 0 day matters (multi application approach to security, practice safe hex, etc.).
Thanks Dave. I have used Avast exclusively for more than a year and have had excellent results – except that I would not know false negatives because I have never scanned with another AV. But, what is a “day 0 infection,” and why is it significant in this immediate context?
are you saying that you have not encountered an AV review that you respect? (neither have I!)
none of the PC's have had a single infection, and to me, that's what counts.
But therein lies the rub: how can you be sure that you are not encountering false negatives? I do not venture where angels fear to tread, but the question remains: what happens if I inadvertently visit a nasty site that masquerades with a pleasing shape? Avast has saved me many times from email trojans and worms, but I don't believe that I have ever subjected Avast to an acid test.
Day 0 (zero) is effectively the day of creation of new malware and one that is undetected malware. So in this context your anti-virus isn’t going to protect you until it can detect this new variant, so in this time frame you have to take precautions to limit your exposure and potential damage.
Exercise safe Hex, beware of dodgy web sites (those you have never visited before, free screen savers are commonly higher risk, p-o-r-n or adult sites, something that appears to be too good to be true), these can be pre scanned with something like linkscanner on-line or DrWeb assuming you can get it to work.
Don’t open attachments or click links in unsolicited emails, they are still a common source of attack.
Use a browser that isn’t as susceptible to attack and or gives tools that can combat attacks, like firefox with its NoScript add-on which stops scripts on all sites unless you allow it to do so, handy for visiting unknown sites.
Run as a limited user account, if you can’t do that use something like DropMyRights for all applications that connect to the internet, browsers, email programs, etc. Obviously not your security applications as they may require higher privileges.
Firefox is only a little better than IE as it does not permit ActiveX by default.
ActiveX in of itself is not bad but the malware purveyors have found a new toy to exploit so practicing Safe Hex is good advice: http://www.claymania.com/safe-hex.html
The concept of Day Zero malware/virus is a term that really describes what ever period it is between the malware/virus first being sent out, and the AV or antispyware products being able catch up and provide updates to detect it and perhaps remove it. It is a (generally very short) period where signature based detection most likely is not effective. Products using Heuristic detection may pick it up, but not always, and the down side to that technique is a higher incidence of false positives (falsely indicating a problem when there isn’t one).
You ask how I know whether I have not encountered “false negatives”. I assume you mean where the detection products I use have falsely indicated there is no infection when there actually is, which sort of gets back to the Day Zero concept. That situation is very transient and because both my active protection and my on demand protection is regularly updated, and I have a strict housekeeping routine in regards to scans, it would only be a short time before they were picked up by one or more of the products.
And when/if that occurs, and it hasn’t yet, I have no intention of wasting hours trying to find and remove the infection, and then really not knowing at the end whether the removal has been 100% successful. I have a multi tiered backup regimen for all my data, involving A,B, C & D sets and full partion imaging for all of my PC’s done on a weekly basis. So when/if an infection is detected, I can replace an entire partition with one that is a max of one week old then rescan that and if it was also infected, it would be most unlikely that the next one back would be as well. As I have said, I haven’t experienced any infections in any of the PC’s in the last 12 months.
The image replacement gets used from time to time (and it is critically important to know that this works). If I trial any new software, decide not to keep it, and there is any doubt that the uninstaller has removed it all, I simply replace the partition. It turns terminal hard drive failures from a disaster to simply a mild inconvenience, and it also works well for assorted other problems for example like the recent Microsoft update that reacted badly with Zone Alarm.
So in short as the other have said, the first line of defence is to not venture into unsafe places. After that I believe in taking a reasonable amount of precautions but within the limits that doing so does not significantly reduce the PC’s ability to do its primary purpose.
No it isn’t easily achievable to determine the exact day a new piece of malware was created, olddog give a very good explanation of the term.
With Firefox you can install many different security add-ons, NoScript, WOT, Javascript options, McAfee site advisor, Stealthier, Better Privacy, Cookie Safe, etc. etc.
Not to mention:
that Firefox isn’t an integral part of the OS and if compromised it has effectively compromised the OS.
it doesn’t have activeX another common attack vector.
it doesn’t have BHOs (Browser Helper Objects) yet another common malware attack point.
So it is a combination of all of these that I believe makes firefox more secure than IE. The same is true to a certain extent for Opera as it doesn’t have any of the three points mentioned but doesn’t have anywhere near the number of security add-ons as firefox has.
So it is a combination of all of these that I believe makes firefox more secure than IE.
I just don't like Firefox!
Discussing the merits of Firefox vs IE vs Opera vs Safari is like discussing whether chocolate Ice Cream is better than Black Cherry: http://www.mackaysicecream.com/icecream.html