Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
This is a place for us to start seriously talking about vendors. Who's great, who's not, what's it cost, how does it relate to their competitors and would we buy it? A place to talk about snakeoil, and brilliant products alike. Marketing fluff is forbidden. 
Go to Topic: PreviousNext
Go to: Forum ListMessage ListNew TopicSearchLog In
Avast
Posted by: rsnake
Date: March 19, 2008 09:47AM

Whelp, this appears to be a major false positive for Avast: http://ha.ckers.org/blog/20080318/yahoo-mail-gives-users-trojan-horses/#comment-66615

Anyone have any better luck with the other AV vendors for this kind of detection? I've played with half a dozen and most of them appear to be so-so, but I've also done almost no testing against the different signatures out there.

- RSnake
Gotta love it. http://ha.ckers.org

Options: ReplyQuote
Re: Avast
Posted by: Malkav
Date: March 19, 2008 10:23AM

1 : i would subject yahoo's answer to much caution given their shitty track record in term of technical expertise

2 : i do not have access to samples of the binary, and can't have access to the eventually rogue iFramed page. would you provide binary sample i'd provide analysis :)

3 : avast has no known false positive signature to this day, false positive in sense of malcrafted signature recognizing known good binary as malware, but i had a couple of time where signature DB was corrupted one way or the other, and avast started considering the whole world as baddies. fixed with a signature update though.

4 : as currently ongoing rogue iframe malware distribution campaigns do not target anything else than windows systems, anyone with anything else than microshaft os should be ok. will check mwcollect.org though.

----------------------------------------------------------------------------------------------------------------

Those that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety.
--Benjamin Franklin

Options: ReplyQuote
Re: Avast
Posted by: thrill
Date: March 19, 2008 11:26AM

We run avast here at my work and there have been times when I've had to disable it, especially when visiting this site and the worm sample pages..

Obviously, it's hard to separate on what is hidden content and what is being displayed, but I think in a case like this, you're better off safe than sorry..

I've never experienced a false positive other than that though.

--thrill

---

It is not the degrees you hold, but the mind you possess. - thrill

Options: ReplyQuote
Re: Avast
Date: March 19, 2008 11:24PM

Don't want to hijack the thread, but I was hoping perhaps the members of sla.ckers can also determine how Avast measures up compared to free anti-virus applications such as AVG, consumer-level software such as Norton, and commercial virus scanners? I'm quite curious because I've heard such wonderful things about AVG's free utility, and in my own experience I prefer it to products such as Norton and McAfee, but I also often see it criticized by Avast fanboys.


Awesome AnDrEw - That's The Sound Of Your Brain Crackin'
http://www.awesomeandrew.net/

Options: ReplyQuote
Re: Avast
Posted by: tx
Date: March 19, 2008 11:35PM

Not to post a 'me too' response but... me too!
I've been curious about the same thing. My defense is usually ClamWin (which has had its share of vulns recently) and some custom firewall rules on my windoze box. (This current box actually has no AV on it, but I'm reformatting in less than an hour.) Anyway, I'm curious how the competition stacks up...

-tx

Awesome AnDrEw Wrote:
-------------------------------------------------------
> Don't want to hijack the thread, but I was hoping
> perhaps the members of sla.ckers can also
> determine how Avast measures up compared to free
> anti-virus applications such as AVG,
> consumer-level software such as Norton, and
> commercial virus scanners? I'm quite curious
> because I've heard such wonderful things about
> AVG's free utility, and in my own experience I
> prefer it to products such as Norton and McAfee,
> but I also often see it criticized by Avast
> fanboys.

-tx @ lowtech-labs.org

Options: ReplyQuote
Re: Avast
Posted by: Malkav
Date: March 20, 2008 03:41AM

on what i have seen, the avast engine does a pretty great job in term of speed/space trade off and the signature db is good. i think signature powered engine are pretty much equivalent in modern AV, but the clear drawback of many commercial AV is their ├╝berbloatedness, norton being a winner here. on the few windows machine i had to use, i prefered kaspersky antivirus though, which is a good trade off between speed/bloat and has a great behavioral engine. it demands a little work to train, but it's overall efficiency is excellent.

on unix machine the winner is without a doubt ClamAV. it had it's share of vulns, but they are quickly patched, and their analysis engine is blinding fast, be it for mail flow analysis or filesystem analysis on a standalone/workstation

----------------------------------------------------------------------------------------------------------------

Those that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety.
--Benjamin Franklin

Options: ReplyQuote
Re: Avast
Posted by: thrill
Date: March 20, 2008 11:33AM

We use avast exclusively here at work (of course, our mail server runs clamav), and unfortunately I've not had the time to really dig into it's possibilities. The programmers of course complain that it slows down compiling, so most of them have disabled it.

When I find the time, I want to get it running in a streamlined form so that it doesn't bother in checking anything that's being compiled, or any of the actual code while it's being transferred from our svn repository.

As for AVG, I did run into an issue that while I had it installed, it kept finding the same virus over and over, almost as if it was actually creating the file itself and infecting it. I removed it, ran McAffee stinger to see if it could find that particular virus and it never did..

--thrill

---

It is not the degrees you hold, but the mind you possess. - thrill

Options: ReplyQuote
Re: Avast
Posted by: br0kan
Date: September 18, 2008 05:10PM

I've been using Trend for awhile now and really like it. I think that running any AV is going to have issues that it catches and misses. In fact AV is hardly even close to my primary defense mechanism when it comes to issues. It's more like the Alamo for me. It's a line of defense but I know it's eventually going to fall if tested to hard.

Regardless, if you are trying to run a personal bakeoff check out www.virustotal.com. you can run mutltiple AV solutions against a single file to determine who catches the issue and who doesn't. I'm tell you though, AV is really about what integrates best onto your system with the smallest footprint.

Options: ReplyQuote
Re: Avast
Posted by: albertjames
Date: September 19, 2008 08:12AM

My problem is with Avast!, however. If I have it installed (4.7.892) alongside Windows Vista (RTM), I will receive that Video Error every time I try to use Transcode360 on my XBox360. If I "Stop On-Access Protection", I STILL get that error. BUT, if I UNINSTALL Avast!, the error goes away completely, and I have no problems playing the videos!

------------
albertjames
Lifetime ads

Options: ReplyQuote


Sorry, only registered users may post in this forum.