DownTheShore
Maddie Knows Poopie
Premium
join:2003-12-02
Beautiful NJ
clubs:
| Now Trying Avira AntiVir Premium
My Norton AV 2009 trial expired, and though I really liked the program, I don't have the funds right now to spring for it. So I moved on to a trial of Avira AntiVir Premium.
For those of you that use it, a question. Is Avira more aggressive in its labeling of suspicious items, or just more accurate?
The scenario is this: all the files on my computer were subject to my former NOD32 AV when they were downloaded to my computer, ditto for the ones that were subsequently unzipped. Last week I did a full scan using NAV and it came up with one possible trojan and some adware. I ran a full scan with Avira yesterday and it turned up 29 items that it quarantined - 5 different trojans, and items that "contains recognition pattern of of the ADSPY/..." and "contains HEUR/Crypted suspicious code" and "contains suspicious code GEN/PwdRAR". One item is even in my H drive, the recover partion of my drive that I don't access directly (that one refers to a BAE.dll).
--
Patriotism is not waving a flag, it is living the ideals |
|
Craig08
join:2008-03-31
.
 ·Verizon Online DSL
1 edit | I'd get that PC looked at... Post hijack logs,etc.. Here »forum.avira.com/wbb/index.php?pa···ID=18826 Is a post about submissions, but I have mainly just uploaded files through their webpage tho.
quote:
Is Avira more aggressive in its labeling of suspicious items, or just more accurate
Its just the best at detecting all forms of malware. |
|
CUBS_FAN
Next Year Again..
join:2005-04-28
Chicago, IL
 ·Comcast
 ·Vonage
1 edit | Maybe Avira detected items that was quarantined or ignored by NAV. I did notice certain websites that I visited for years being declared as having a "Suspicious code" by Avira.
F.W.I.W I like Avira because it's almost invisible to my old circa 2002 AMD XP 1900 processor. AVG 8.0 became too much of a load. |
|
DownTheShore
Maddie Knows Poopie
Premium
join:2003-12-02
Beautiful NJ
clubs:
| reply to Craig08
It didn't pick up anything in any running processes or installed programs. These were just downloaded files that had cracks/keygens - I know that kind of software is dicey to begin with. I'm wondering if Avira automatically flags those. Went back and checked the sources to see if people were complaining the software programs, and the only alerts that people seemed to have pop-up were from Avira.
Out of curiosity, I ran one of the files through Jotti, and Avira was the only one that found spyware.
--
Patriotism is not waving a flag, it is living the ideals |
|
Thug21
Just Chillin'
Premium
join:2005-08-21 | I believe Avira does not remove FP detections for cracks, etc. |
|
planet
join:2001-11-05
Olmsted Falls, OH
·Cox HSI
1 edit | said by DownTheShore :
One item is even in my H drive, the recover partion of my drive that I don't access directly (that one refers to a BAE.dll).
See this thread »nod32 v2.7 and bae.dll
edit:
and AV comparatives:
»www.av-comparatives.org/ |
|
DownTheShore
Maddie Knows Poopie
Premium
join:2003-12-02
Beautiful NJ
clubs:
| Thank you for that reminder. I'd forgotten that NOD32 had turned up that alert.
3-second memory... 
--
Patriotism is not waving a flag, it is living the ideals |
|
Mele20
Premium
join:2001-06-05
Hilo, HI
| reply to Thug21
Did you change the default settings? I think you must have checked the unchecked boxes Applications and Security Privacy Risk under the Extended Threats category. With Avira 8, those are UNchecked by default. I think the reason is because of folks like me with Avira 7 who got about 40 viruses listed when we first ran Avira and those were checked by default and we left them checked when we did our first scan. Most of those 40 on my computer that Avira alerted on was because of those two categories.
It even alerts on some files from Sysinternals if you have those two checked. I have some files that I downloaded about 4-5 years ago years ago with cracks and keygens and Avira alerted like mad on them. I've had Nod32, Kaspersky and FProt since I got those files and they never alerted. I submitted all 40 to Avira as FP's and many were fixed by Avira, but Avira refused to do anything about the keygen ones. Then this year with ver 8 they removed Applications and SPR from default and made ignoring them default.
So, you can either uncheck Applications and SPR or exclude each of them for both scanners.
--
"The same ferocity that our founders devoted to protect the freedom and independence of the press is now appropriate for our defense of the freedom of the internet. The stakes are the same: the survival of our Republic". Al Gore, The Assault on Reason |
|
DownTheShore
Maddie Knows Poopie
Premium
join:2003-12-02
Beautiful NJ
clubs:
| Thanks for that information, but those boxes are unchecked - that section is still on the default setting. The only changes I made to the scan program was to do the rootkit search before the scan, and I excluded some folders from the scan (pictures, etc).
I restored the files from quarantine, but Avira kept alerting me to them, even when I checked "Ignore" in the alert box - which was annoying. I deleted all mention of them from the Quarantine section, and so far haven't received any more alerts. I screened a few more of the alert files with Jotti and Avira is the only one triggering a malware notice. I'll just scan the others to be sure.
I'll have to see what turns up the next time I do a scan. At least I know from this website to be suspicious and think about false positives. Don't know if I would want to keep a program that comes up with these many FP's.
--
Patriotism is not waving a flag, it is living the ideals |
|
Kayrac
Premium
join:2001-09-29
Rochester, NH | reply to DownTheShore
price you pay for the best detection, could always try out CIS, been working well for me  |
|
Mele20
Premium
join:2001-06-05
Hilo, HI
| reply to DownTheShore
Did you post about this in the Avira forum? Somebody did yesterday and I replied...was that you? That user was irritated by Guard continuing to alert when they told it to ignore a file. That IS irritating. All you can do is exclude the file, submit to Aivra as a possible FP, and then when fixed you can remove the file from exclusion. The only files Avira will not fix as FP's are keygens and warez. They feel very strongly about this. I went round about with them when I got Avira and had all these alerts that no other AV (including KAV ever alerted on) and they wouldn't fix some of them. I ended up excluding them and that was not as easy to do as it should be and I think we may be getting a simple exclusion with one click from the Guard alert window in Version 9 which should be available to us beta testers in about a week. Several users besides myself have asked for an easier exclusion process.
After two years with Avira, I don't mind that they don't fix a few of the FPs. Their company's strong ethical and moral ethos permeates everything about Avira and 99% of the time that makes them an excellent company to do business with, a company that takes great pride in its products and who has talented, happy and satistifed employees as the company doesn't dance to its shareholders demands but to its own high standards and the interests of its three founders who are still hands on workers heavily involved in Avira.
I completely understand your reluctance to keep a program with a lot of FP's. I felt the same when I got a bunch of FP's in the beginning. Stefan Berka, who is responsible for at least part of the heuristics detection, was right in the middle of a lot of changes in the heuristic engine and he cheerfully told me that he was the cause of many of my FP's in the beginning and told me to send them directly to him. And he fixed them all....except for the keygens. If you have heuristically detected ones that aren't keygens or warez then you can send them to him at heuristik2@avira.com.
After that first scan, and those were fixed, I never got a lot of FP's and this year a huge improvement with much less FP's as Avira has worked very hard to clean those up. They are quite aware that number one in detection doesn't mean that much if there also are a lot of FP's. They don't finger system files...at least not in the two years I have had Avira. So, they don't have incidences like AVG and Symantec where they cripple hundreds of thousands of computers. I really think you won't have a bunch more. You may get an occasional odd one like about a year ago, I had Avira alert on Kaspersky's removal tool. I knew that was an FP.  More recently, very briefly, they detected SpyWare Blaster! But I'd much rather have that sort of detection that I am almost certain is a FP than detection of a system file or anything that I would be more suspicious about. If you are using Webguard that is another story. It has a fair number of false alerts from what I read in the forums. I don't use it because it messes up my speed tests.
--
"The same ferocity that our founders devoted to protect the freedom and independence of the press is now appropriate for our defense of the freedom of the internet. The stakes are the same: the survival of our Republic". Al Gore, The Assault on Reason |
|
DownTheShore
Maddie Knows Poopie
Premium
join:2003-12-02
Beautiful NJ
clubs:
| No, that wasn't me on the Avira forum; I haven't posted there.
Thanks for that in-depth information about Avira and the info regarding where to send the heuristically detected ones. Good to know that after the initial bout of FP's they will decrease. Sounds like their customer service is a good one, too. I like dealing with a company that actually listens to their customers and tries to resolve problems quickly.
--
Patriotism is not waving a flag, it is living the ideals |
|
Mele20
Premium
join:2001-06-05
Hilo, HI
| If you do decide to keep Avira, you should register at the forum. Avira doesn't do email or phone support. There is limited phone support if you are in Europe and they will do email support for customer relations problems such as not being able to successfully enter one's license after purchase when trying to install Avira. But support is in the forum mostly. At first, you will only be able to start new threads and post in your own threads. I'm mentioning this because we get so many queries in the forum from folks who are new to Avira and puzzled by this. Early this year, on the German side of the forum, there was a big ruckus with some evidently extremely rude, unruly members. I only post on the English side so I was unaware of it because the English forum has always been very well behaved members and a really nice forum to post in.
The problems on the German were severe enough that Avira, with great reluctance, decided to, with the new forum software we got in August, I think it was, to restrict new members in the beginning to posting only in their own threads. After one has been a forum member for a bit that member can apply for Trusted Member status which is given about once a week to most, if not all, who have applied. A Trusted Member can post in other threads. I mention this because some new members, knowing nothing of the reasons why the forum is set up this way, get really upset about not being able in the beginning to post anywhere they please in the forum. Trusted Member also gives you access to Miscellaneous forum. Barrie, one the mods, is great and you can send him private messages if needed.
»forum.avira.com/wbb/index.php?langid=1
--
"The same ferocity that our founders devoted to protect the freedom and independence of the press is now appropriate for our defense of the freedom of the internet. The stakes are the same: the survival of our Republic". Al Gore, The Assault on Reason |
|
Hiram Abiff
@anonymouse.org
| reply to DownTheShore
said by DownTheShore  :My Norton AV 2009 trial expired, and though I really liked the program, I don't have the funds right now to spring for it. So I moved on to a trial of Avira AntiVir Premium. Welcome to the world of false alarms! |
|
StraitShoot
Who Loves Ya Baby? - Theo Kojak
Premium
join:2003-02-08
Clinton, MA | reply to DownTheShore
I found Avira the most expensive for the least amount of support in the USA with the highest amount of FP's.... |
|
Mele20
Premium
join:2001-06-05
Hilo, HI
| But Jim....you never tried DrWeb did you? I'm sure you didn't because they are the king of FP's.
Everyone gets the same support.USA is not singled out for less support. I said Europe has limited phone support because the user pays for the call and that would be sort of expensive if further away than Europe. Symantec doesn't have free phone support now do they? They used to have the worse online support I have ever encountered....even back when I had Norton and liked it the support was the worst of all...even worse than McAfee which I had before Norton. So, has Symantec got a great forum now and free phone support? (If a user wants an AV with one on one support the best one is probably still Trend Micro because they have free phone support).
I do agree though that Avira should get an office in the USA with a USA subsidiary website or something...maybe like Kaspersky with ICE as the official USA distributor.
Avira, when on sale, is not very expensive. Last sale, about a month ago, was $20 (plus some change) for a year for Personal Premium.
--
"The same ferocity that our founders devoted to protect the freedom and independence of the press is now appropriate for our defense of the freedom of the internet. The stakes are the same: the survival of our Republic". Al Gore, The Assault on Reason |
|
Trel
Good Evening
Premium
join:2002-10-08
Hillsborough, NJ
1 edit | reply to DownTheShore
For what it's worth, I personally have only had one false positive other than keygens.
The false postitive I had was on the installer for Unreal IRCd.
I submitted it to them and they fixed it within two days.
Other than that, it's been quite accurate in what it finds.
(And the low resource usage is awesome)
--
/chown -R us:us /yourbase |
|
kcazzie
One Of Jerry's Kids
Premium
join:2000-08-13
Morton Grove, IL | reply to DownTheShore
It seems I've tried them all and they are all good, they just fit different ppls needs... It's gets very hard to make a choice...
Good luck OP ...  ... |
|
booger
join:2008-10-15
| reply to DownTheShore
Regardless of your final decision on Avira, do you think you'll trial another app?
Reason I ask is because of GData's AntiVirusKit (AVK) 2009's continued strong showing in testing. I don't see it mentioned here much and don't know why .. wondered what you thought of a possible trial?
--
A sticky proposition. |
|
DownTheShore
Maddie Knows Poopie
Premium
join:2003-12-02
Beautiful NJ
clubs:
| I don't know anything about that one - I'll look into it.
I'll probably trial other ones - it's been a few years since I've done that, since I was happy with NOD32. But since I'm being rather frugal at the moment, I'll probably travel the free trial route for a while. Avast will probably be the next one I try (I tried AVG a few years ago and wasn't impressed).
--
Patriotism is not waving a flag, it is living the ideals |
|
