dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
5956
share rss forum feed

slajoh01

join:2005-04-23
reply to ubermoe

Re: Unobtrusive Antivirus?

For business I would go for McAfee VirusScan or Symantec Endpoint Protection. Shockingly, these are not so bad as to regards to sucking up system performances.

The home versions are more of a resource hogs beleive it or not.

For home I would go for NOD32. But only get the AV standalone product itself. And not the whole bundled security suite.



AVD
Respice, Adspice, Prospice
Premium
join:2003-02-06
Onion, NJ
kudos:1
reply to joako

Panda Cloud Anti-Virus supplemented by
PcTools Threatfire



ron

@rogers.com

PC Tools Threatfire is not suported anymore, so no white list!


Bob4
Account deleted

join:2012-07-22
New Jersey
Reviews:
·Optimum Online
reply to joako

I use Mcafee Internet Security. It's pretty unobtrusive. e.g., I've never had it interfere with a software install. I don't notice any performance hits at all.

Be selective in what features you enable. e.g., their anti-spam sets up a local email server. I don't use it.



Phoenix22
Death From Above
Premium
join:2001-12-11
SOG C&C Nrth
Reviews:
·Comcast Formerl..

1 edit

1 recommendation

reply to joako

said by joako:

Tried out Bitdefender Antivirus 2013 and it's totally obtrusive it modifies Google, tries to do way more than Antivirus and I just tried to login to my router and I got a popup from Bitdefender asking if I want to use "safe pay."

Any suggestion for a better antivirus?

you can tweak the norton............uninstall the CG........ after you have the norton installed.......turn off the vault...........drop the toolbars...........etc.etc.........norton, mbytes, and rapport get along fine w/ff18.0.2.........you can't beat free!!
--
101ST ABN Div. (AirAssault) "Rendezvous With Destiny!" "Night Stalkers/Phoenix Flight" For Buddy...who lived it! Whiskey for my men and beer for my horses! H.A.L.O!, 5th Grp., MACV SOG, 160TH AVN SOG, Death From Above, VFW, AmLegion


AVD
Respice, Adspice, Prospice
Premium
join:2003-02-06
Onion, NJ
kudos:1
reply to ron

said by ron :

PC Tools Threatfire is not suported anymore, so no white list!

It updates every day (or at least it says it does)
--
* seek help if having trouble coping
--Standard disclaimers apply.--

KitFox

join:2002-10-09
Denver, CO
kudos:1

1 recommendation

reply to joako

Webroot SecureAnywhere. Least intrusive, period.Set, forget, and it just works. The AV version has an egress firewall extender as part of its basic functionality, so you can still use any other firewall out there.

PassMark rates it as disgustingly fast. 90 out of 98 possible while the next best were ESET and Norton at 62.

Complicated and new enough that the high volume testing organizations say they aren't sure how to compare it to other AVs and the low volume professional testers who have plenty of time to test found the first thing that caught every single thing they threw at it within two hours. Other AVs caught more stuff immediately, but what they didn't catch was still there a week and a month later.

Takes up about 8MB of RAM and that's it, the entire installer is under 800k. Scans in under two minutes. Doesn't have gamer mode because it doesn't need it, but it still automatically detects games and changes the way it works to get even lighter. Doesn't bug you about whether you want to allow stuff or not. Doesn't ask you whether stuff is safe because it already knows. Doesn't pop up messages saying "I'm checking this, hold on!"

It just installs, gets out of the way, and works. So well that I've put it on several thousand machines and had precisely two complaints. One being that it was too quiet, the other being that the update button didn't ever update. It's not supposed to. Updates are instant and automatic and constant. The VP of development tracks issues directly and fixes things often within hours.

Webroot SecureAnywhere. Get it. Love it. Be happy.



DrBenGolfing

@verizon.net
reply to joako

Forticlient 5.0 is light, web filter as good as the big boys, totally free. Check out the protection, detection on VB 100.



Sith HMP
I Did What?
Premium
join:2004-04-25
Bloomington, IL
kudos:1
reply to joako

I can second what tmaertin said. Follow his simple instructions after you install Avira Free and you will never hear a peep out of it. The only time you will know it's running is when it stops malware from running. Exactly what it's supposed to do.



joako
Premium
join:2000-09-07
/dev/null
kudos:6
reply to slajoh01

I've been using the NOD32 trial for a few days. I disabled all the "features" that I didn't need and there's no red OMG you are insecure alerts.

The most obtrusive thing it's done is create by default a folder in Outlook for "Infected Items" which I was able to disable and delete.
--
PRescott7-2097



OverBurn

join:2004-02-21
Greenwood, IN
reply to joako

I like Avira Free the best. It's seems to be the best light weight AV I've found. I block the popups that occur after an update, Google instructions for whatever Windows OS you run.

On most of my PC's I don't run any AV. I just image the drive regularly and if anything happens I restore it byte for byte. Seems easier to follow this route than to worry about AV software these days. It seems no matter what brand you use each version just gets more intrusive and bloated. The curse of all software, AV or other.


KitFox

join:2002-10-09
Denver, CO
kudos:1

1 recommendation

said by OverBurn:

On most of my PC's I don't run any AV. I just image the drive regularly and if anything happens I restore it byte for byte. Seems easier to follow this route than to worry about AV software these days. It seems no matter what brand you use each version just gets more intrusive and bloated. The curse of all software, AV or other.

What happens if you pick up ZeroAccess or TDL4 and don't know it until after the oldest image has it too? I'll stick with Webroot. Can't call ~700k total size to be "bloated", don't have to Google special instructions to turn off annoying parts, don't have to reimage after an infection (how small is your drive?!) and hope the image isn't infected also.


MSE_fan

@rogers.com

What about privacy?

During a Full Scan ALL Files are analyzed in the cloud; even though this is done on MD5 /SHA/CRC, the entity which is behind the cloud is being informed about ALL your files/folders/executable from your PC.

Performing a full scan you willingly surrender your PC to the cloud or whoever is managing the cloud.
This is similar with this situation:

1.The Police Dept. issue a list with dangerous goods and you check this list against whatever you have in your pockets ( this is a classic AV)
OR
2.You go to the Police Dept. once a day and they will strip search you (including cavities!) against the list they have it (AV without resident database / cloud AV)

So, how is the individual privacy affected while using WSA ? (beside EULA)


knarf829

join:2007-06-02
kudos:1
reply to ubermoe

said by ubermoe:

The weird thing is that I don't see any single mention of Kaspersky, it's either because you know something about it that makes it bad which I don't know or it's not that popular.

Didn't Kaspersky just take a dump on its users recently?

Oh, here it is:
»news.cnet.com/8301-1009_3-575677···p-users/

knarf829

join:2007-06-02
kudos:1
reply to joako

Avast in Silent/Gaming mode is the least obtrusive A/V I've ever used (well, except MSE, which let a rootkit through when I was going through random Google results looking for information on Arbor Vitae).

Firefox + NoScript + AdBlock Plus + Avast



jmorlan
Hmm... That's funny.
Premium,MVM
join:2001-02-05
Pacifica, CA
kudos:4
reply to KitFox

said by KitFox:

Webroot SecureAnywhere. Least intrusive, period.Set, forget, and it just works. The AV version has an egress firewall extender as part of its basic functionality, so you can still use any other firewall out there.

PassMark rates it as disgustingly fast. 90 out of 98 possible while the next best were ESET and Norton at 62.
.....
Webroot SecureAnywhere. Get it. Love it. Be happy.

I did a 14 day free trial last week after reading this rave review. I uninstalled it after 2 days. It made Firefox almost unusable by disabling embedded style sheets and JavaScript on certain sites. I was no longer able to upload photos to a photo gallery I manage. My home page was a shambles. It also disabled cookies by default popping up a window every time a site wanted to set a cookie. This was the way their "privacy guard" feature was implemented. It installed toolbars in Firefox and silently on IE. It found three infected files all of which were false positives. It removed autorun.inf files from my two external USB drives without telling me first. It did not quarantine anything, just deleted stuff it didn't like.

Far from being the "least intrusive" it was one of the most intrusive AV's I've ever tested.

My opinion only after a brief test using default settings. Your mileage may vary.
--
"It turns out we're very good at not seeing things" - Jack Hitt

Mele20
Premium
join:2001-06-05
Hilo, HI
kudos:5

KitFox See Profile works for Webroot.

Anyone considering trying it might want to first do a search of this forum as that will produce several threads, one maybe only six months ago, on Webroot SecureAnywhere.
--
When governments fear people, there is liberty. When the people fear the government, there is tyranny. Thomas Jefferson


KitFox

join:2002-10-09
Denver, CO
kudos:1

1 recommendation

reply to MSE_fan

said by MSE_fan :

What about privacy?

During a Full Scan ALL Files are analyzed in the cloud; even though this is done on MD5 /SHA/CRC, the entity which is behind the cloud is being informed about ALL your files/folders/executable from your PC.

Performing a full scan you willingly surrender your PC to the cloud or whoever is managing the cloud.

Fun question set.

Non-PE files are ignored, so no, not all files, folders, and executables have information sent to the system. Documents, pictures, music, folder names, etc, are ignored. There is no possibility for "the cloud" to say "Hey, this is a 'stolen' copy of a movie, so let us know everybody who has it" for example.

"Cloud" is simply a term for "Internet-accessible computing resources provided by the AV vendor" in this case. Or, more precisely, "A much bigger computer than you have on your desk" and "much more information about good and bad and unknown things than can be held in definition files" and "Instant correlation worldwide".

Your strip search analogy is amusing. XD Let's take that a little deeper and increase the accuracy...

In both cases you still have a client running on your system that examines stuff. So sorry, you're not checking your pockets, there's Guido the Security Guard doing that for you even with conventional AV. Guido is actually stripping you down a lot harder and probing those cavities deeper with conventional AV, in fact, because conventional AV doesn't know how to determine a PE file from an MP3 or a text document, so it just looks at EVERYTHING.

In regular AV Guido has a limited list of "We know this is bad" that he is referencing with every single check or not. Plus, he checks the details of the ring on your finger every single time, because even though it's not on the Bad list now, it could be in the future. Guido has no way of knowing that ring is known-good.

In Cloud AV as implemented by Webroot, Guido only checks things that can directly affect you. It knows a text file from a PE on basic initial check and doesn't poke the text file or worry about it. Guido takes the hash of the PE files and sends a list for inquiry. That is replied to with "Good", "Bad", or "Unknown". The hash of good stuff is recorded locally and for a while, Guido won't even ask about it. Bad stuff is acted on. Unknown stuff is watched like a hawk and Guido sends regular updates to the cloud on what it does and some extra PE details until it is determined to be good or bad based on that detail.

Can some agency subpoena Webroot for "What is on this computer?" Possibly. They'd need to know the MID of the computer, which means they'd need to have access to the computer first. Then when they have access to the computer, they'd see what's on it anyway or they couldn't get the Webroot MID. And in fact, they wouldn't be able to get the MID anyway, since it's encrypted in the agent and only decrypted by Webroot's servers. Even then, they'd only get a list of MD5s of PE files. No documents, no music, no videos, no pictures. No file itself is sent to the cloud either.

@JMorlan:
It will definitely cause problems with CSS and JS in Firefox if you run the System Cleaner (Complete feature) with FireFox running and ignore the message that says to shut down Firefox. In fact, most of the problems you describe are Complete functionality. The Toolbar (password management, Lastpass-based), asking about cookies (You deleted them with the Cleanup), etc. To recover Firefox CSS/JS stuff, simple clear the cache from within FireFox. Then don't run system cleaner with FireFox running.

Deleted autorun? It won't delete autorun.inf files unless something it considers to be a threat makes them.

I have seen exactly three true FPs on any of several thousands of systems that I have managed, and all of those were easy to understand as VT showed over 50% positives on the files in question. And yes, it does quarantine things recoverably. If it "deletes" something related to cleanup, restoring the item that was the origin will also restore the deleted data fully.

It does not change any browser settings at all other than attempting to install the LastPass-based password toolbar -IF- and -WHEN- you go into the agent and tell it to, and that only in the Internet Security and Complete versions. I specifically recommend only the AV version in your case and don't assume that something is an FP unless you wrote it yourself. otherwise, just shoot a message to support. I've had complaints about FPs that were easy to show as not FPs when I looked at them.

I did specifically say "The AV version", and I said "Install it and forget it". Instead, the Complete version was installed and then poked at tremendously with apparently an incomplete understanding of what the user was doing.

Easy solution here: Get AV-only. Even a trial. Less expensive, doesn't install a Toolbar, doesn't clean up FireFox and allow you to ignore the message that says to shut down FireFox before running the cleanup otherwise there could be problems. And check on those claimed FPs, because they may not be.

At the same time, I can't say that everything will work perfectly for everybody. Heck, I even disable the ID shield on -MY- copy of Webroot because it has some annoying side effects otherwise with the combination of things I run.

If you would like direct advice on "Do this, don't do this, there, you're good to go", feel free to let me know. In summary:
- Get AV-Only
- Install
- Turn off ID Shield if you use a lot of stuff that messes with the keyboard (fake keystrokes, macros, etc) or mouse or screenshots. Or just if you want to be happier, since I have been driven absolutely nuts by the ID shield since the product was first released.
- Don't touch it
-- If it detects something that you swear is an FP, restore from quarantine if you're brave and submit a support ticket for it to be resolved in a few hours at most.

Either way, regardless of what people claim on here, I will continue to install it on several hundred to several thousand consumer and enterprise endpoints per week because it makes my life and other peoples' lives a heck of a lot easier. I will not stop just because of a bad experience due to what matches the fingerprint of user error, and every AV can be made into a nightmare by user error.

@Mele20:
I can state quite plainly and accurately that I am in no way a Webroot employee, nor retained by them, nor paid by them, nor do I make anything from them by recommending them. The current major work I am doing is actually contracted IT Management for an elementary school. Thank you for the acknowledgement of my knowledge of Webroot stuff though.


MSE_fan

@rogers.com

Hi KitFox,

There is a Kit on Webroot forum (Retired Webrooter now) and comparing the style and the enthusiasm in promoting WSA ,there are reason to believe that KitFox and Kit are one and the same person, hence the assumption of Mele20 .

“Non-PE files are ignored….Documents, pictures, music, folder names, etc, are ignored”

Read this aricle:“PDF Virus Demonstrated”
»securitywatch.pcmag.com/none/284···nstrated

If non-PE files are ignored….Documents, pictures, music, folder names, etc, on a Full Scan this is completely wrong or you are misinformed.

“The hash of good stuff is recorded locally and for a while, Guido won't even ask about it”
This is a mechanism implemented by most of the AV developers (if not all) ; for example Avast has “persistent cache”, a mechanism which allows to skip rescanning good files so this is not an argument in adopting WSA.

Anyway, getting back on the initial issue (privacy), your affirmation is enough for me:

Can some agency subpoena Webroot for "What is on this computer?" Possibly

As long as WSA will not have a resident database ,is a no go for me; there are at least 5 other AV’s cheaper, better detection and more secure that WSA , so why anybody would take the risk?



DownTheShore
Honoring The Captain
Premium
join:2003-12-02
Beautiful NJ
kudos:13
Reviews:
·Verizon Online DSL
reply to dandelion

said by dandelion:

I had NIS that I bought for 4-5 years with my XP and with this new computer (Win 7) just got it through comcast ..the year free one..but dont' think you can use just the virus protector, worth a try though. I don't believe in a single security program for protection however. I also have a host file and use firefox with adblocker and noscript. Good luck on whichever one you pick and someone mentioned you need to adjust most you have. I did some minor adjustments on NIS to tell it what I liked.
PS Never had the problems with it you mentioned. Hopefully that doesn't mean you have malware

If you bring up the Advanced screen, you can turn off whatever modules you want, with time spans ranging from 15 minutes to system restart to permanently.
--
Patriotism is not waving a flag, it is living the ideals

I want to retire to the Isle of Sodor and ride the trains.



pizz
bye bye twc. hello Comcast.
Premium
join:2000-10-27
Astoria, NY
Reviews:
·Time Warner Cable
reply to Mele20

i sent mele20 a PM, and she guided me to a great AV. It's GData. It's very light on the PC with this current build. So far so great here.
--
It's ok to say, 'I don't know'. It's even better when someone takes the time to explain what you, 'don't know'.


KitFox

join:2002-10-09
Denver, CO
kudos:1

1 recommendation

reply to MSE_fan

Of course I'm the same person. Please note the "Retired" portion on the community. So it's fully accurate that I do not work for them, and by default, ex-employees usually don't bother with their prior company's work unless they actually personally like it.

PDF Virus:
2010, PDF reader buffer overflow exploit causing execution of code within the PDF in the context of Adobe Reader (and Foxit at the time). So no, it is accurate that this PDF would not be seen by WSA. Nor would it work on updated copies of PDF readers. A user would need to explicitly have a vulnerable version of the PDF reader installed specifically to allow that "PDF Virus" to work. You really want your AV to scan for something that can't affect you unless you make an explicit effort to allow it to? It's less effort to just turn off the AV to allow an infection than to get a specific faulty version of a PDF reader and find a PoC malware item.

Either way, it's moot, because said PDF virus (and other JS/Java/PDF/Insert-TLA-Here exploits) has enough space within its framework to do minimal items within the buffer overflow context or the sandbox escape context. In this case, it replicates to other PDFs. In most cases, the goal is to bootstrap a larger payload by downloading and executing that payload. PE is downloaded and executed, which matches the "Checks PEs".

Persistent Cache:
Addresses your concern that the network has a constant, ongoing list of what is on your computer, since the data is no longer sent to the cloud.

Privacy:
Your lack of comprehension is disturbing. But I'll admit, text doesn't show sarcasm very well. "Possibly" is sarcasm.
How about this:
Can an agency subpoena MSE_fan for the color of Hillary Clinton's undergarments? Possibly.

They would need to give MSE_fan access to their security cameras to find out, but then they could see it themselves via the same cameras.

Make more sense now?

The testing agencies have already acknowledged that they cannot accurately test the detection rate on Webroot. So you can't quote any tests for detection rate.

Cheaper? Didn't know you were so broke. Hey, Avast is free and they were very excited when they were "As good as some paid AV".

Why would anybody take the risk? Because they're smart and they listen to smart people who have more experience than you saying it's not a risk.

I provide subscription computer services, flat rate. That means that when a threat gets by an AV on a computer under a subscription plan, I have more work to do and less profit, or sometimes cost beyond income for that machine. It doesn't take a lot of sense to see that in that case I want to put the most effective AV on the system as possible, because my livelihood is at stake. I've used everything, and I still allow customers to choose their own AV (though I very strongly push Webroot), however my contract includes a clause that if they are not using Webroot, after the second infection removal in a year, they will get a copy of Webroot for free from me to continue receiving the coverage for malware removal. After that, I see them only for regular tune-ups and check-ups and don't have to do any costly malware removals or full system restores.

With experience in the security industry since 1996 and seeing how everything works and working on thousands of machines and making a living from having good AV on customers' machines, I won't take the risk of using anything else. You can discuss PoCs and tests until your fingers fall off, but I know what works in reality across a huge set of systems, not just "My PC".

Feel free to risk your computer with other things, but I won't risk mine or my customers' systems.



MSE_fan

@rogers.com

Nice to hear that Kit from Webroot is the same person with KitFox from dslreports! Now everything makes sense.

If you make a living from computer services based on a flat rate makes sense to recommend WSA; as per their advertising they will disinfect the pc for free, so all you have to do is to transfer the work from your shoulders to Webroot’s employees shoulders.

I am somehow convinced that if you have had informed your customers in an open way about privacy issues with WSA many of them would have been reluctant to accept it on their pc.(I hope you will not get in any trouble if they read this )

Funny thing: every time I argue with somebody about WSA , either “20-30-40 years experience in programming” or “thousand of pc’s” are thrown into the picture.

I do not have “thousand” of pc to manage, only 3; I have MSE4 (free)+MBAM (one time pay)+PCToolsFirewallPlus+; never had an infection on any of them.

So, why would I pay 49$ /year for WSA (BestBuy) and have my pc exposed naked to the cloud or whoever is behind cloud????


KitFox

join:2002-10-09
Denver, CO
kudos:1

1 recommendation

I'm faster at malware removal because I used to do it for Webroot and it's a lot easier to be physically at the computer. But regardless, they don't call Webroot to get it done for free either. They just don't get infected.

I advise every single one of them of the privacy information. I provide them with a copy of the EULA ("We don't care about your stuff, we don't look at your stuff, we don't store your stuff, we don't use a list of your stuff for anything or give it to anybody), point out the MD5s in the logs, and point out that we absolutely know that the cloud gets a list of those MD5s and can associate them with a computer if somebody gets, decrypts, and provides the MID off the computer to the company with a subpoena. Not a single person has a problem with it. I work with normal people, not paranoid folks.

While I can't say 20, 30, 40 years of experience, I can give proof to information security experience since early 1996. Ahh, the old days when Back Orifice was one of the premier threats and people made Malware for fun and bragging rights. *Nostalgiaficates all over* Now the malware is all about profit and a heck of a lot more complicated. A good chunk of the old stuff won't even run on contemporary systems at all. Now it's gotten into MBR infections, hidden partitions, kernel drivers, and even BIOS infections. Integrated ADB to infect phones that are plugged in, dropping code on and reconfiguring routers, and all sorts of other fun stuff. Prior to 1996 it was school daze with nothing prior to Apple IIe at school around 1985 or so, then teaching Apple Logo and some IBM PCs to my class around 1986. That was fun. First Tandy computer in 1989. Yay for 8088 CPUs and memory in the Sub-Megabyte range. 720K floppy disks and swap out several to load Deskmate. Then an upgrade to a Tandy 1000 RL/HD in 1992 IIRC

I also don't see why you consider this an argument. If you take that attitude, then you're going into it all wrong. You bring up what you see as valid concerns and they are addressed in return. An argument stems from unrectifiable differences of opinion and a desire to try to damage the other with one's opinion. I'll point out facts when you have some incorrect and try to assuage concerns you may have, but I'm not specifically trying to get you personally to use Webroot. No need to bash it based on inaccuracies though.

The reason I point out the thousands of seats is because while you can point out that your three PCs have not been infected with your choice of solutions, I can point out that when the sample size is larger, the numbers change. Otherwise it's like claiming that because you yourself have never been hit by a car while walking across the street, nobody ever is.

MBAM: Highly sensitive to "new threats" but also very touchy. In actual removal work, it has missed a tremendous amount of things (which I then remove by hand) and has displayed a habit of damaging systems with overzealous removal. Legitimate software accidentally looking at it funny is frequently bent over and killed. While it makes a very good quick recommendation for free help for infected machines, I've always viewed it like throwing powerful antibiotics at an undiagnosed illness. It can do a great job, but it can also miss or mess things up. I'd trust Avast or MSE for realtime better and only use free MBAM if there are no other options at the time or for doing a quick pre-sweep of something that replicates furiously in a non-expendable directory.

MSE: Free stuff, which has that benefit. Highly targetable and the best threats out there have writers who need no special investment to ensure that their malware evades it. A careful roll out of targeted malware gets past MSE no problem. If the malware hits a distribution of 1000 copies and is not detected for two weeks, chances are it never will be unless it becomes epidemic. Definitely better than nothing at all though and not ineffective, but also not as light and not as good for my uses.

PCTFWP: It's a firewall. You can still use it with WSA.

Why would you pay $49.95 a year from Best Buy? I dunno. I wouldn't. The same thing is $29.99 from Webroot directly, and then you can get three years at once as well. Discounts on the site are not uncommon and AV-only is 39.99 regular price. I did recommend AV-only.

Why would you get it at all? You personally might not. If you have a solution you are satisfied with and it works, then stick with it. Change is scary, remember? However somebody who recognizes that Webroot is a set of "good guys" and doesn't expose their data any more than any other solution can, works exceptionally well, and takes up almost no local resources... and is willing to not poke it with a stick XD... will likely use it. They want something more proven-effective and lighter than MSE with a guarantee of removal for free and less-militant and more effective than MBAM and less-complex than dealing with three things at once.

Assuming you allow MSE and MBAM to update their own definitions though, how do you know that your data will never be taken by MBAM or MSE and sent to their network systems? That's all "the cloud" is. Network computer resources. It's a way of saying the definitions are stored there and your tiny list of content hashes is sent there for checking against the huge list instead of being checked against a much-smaller list locally.

Are you always installing definitions from downloads on another computer copied to the computer in question and placed in manually? Are you blocking the other AV from touching the internet at all? If not, it's trivial for them to, under subpoena or court order or as they desire, send up a quick list of the data you're worried about the cloud getting.


sparky57

join:2003-05-18
New Bedford, MA
reply to jaykaykay

Agree with you on that jkk. I use it and it stays out of my face.


grreyeyezz

join:2002-01-05
Cleveland, OH
reply to joako

I just dumped avast went back to avira, boy did avast slow my browsing down with all those shields, way overrated.



CylonRed
Premium,MVM
join:2000-07-06
Bloom County
reply to tmaertin

said by tmaertin:

One trick - to prevent those annoying ads to buy from coming up in the free version, you can block the .exe's that run ads from running (avnotify.exe and ipmgui.exe in the Program Files\Avira folder).

I still can't get any of these methods to work in Win 7 Pro 64 bit with the newest Avira. Started last year with XP, even local policy does not stop the popups (disallow both exe's) and the registry edit to prevent the popups - tried it today and it does not work either. Really getting irritating as the popups seem to be more frequent.
--
Brian

"It drops into your stomach like a Abrams's tank.... driven by Rosanne Barr..." A. Bourdain

Mele20
Premium
join:2001-06-05
Hilo, HI
kudos:5
reply to grreyeyezz

said by grreyeyezz:

I just dumped avast went back to avira, boy did avast slow my browsing down with all those shields, way overrated.

Why didn't you uninstall the shields you didn't want? Or at least disable them. I always used ONLY real time and on demand and the network shields. Avast was light and fast (it still had a ton of FP's....serious ones...and that is why I stopped using it)).
--
When governments fear people, there is liberty. When the people fear the government, there is tyranny. Thomas Jefferson


jmorlan
Hmm... That's funny.
Premium,MVM
join:2001-02-05
Pacifica, CA
kudos:4
reply to KitFox

said by KitFox:

@JMorlan:
It will definitely cause problems with CSS and JS in Firefox if you run the System Cleaner (Complete feature) with FireFox running and ignore the message that says to shut down Firefox. In fact, most of the problems you describe are Complete functionality. The Toolbar (password management, Lastpass-based), asking about cookies (You deleted them with the Cleanup), etc. To recover Firefox CSS/JS stuff, simple clear the cache from within FireFox. Then don't run system cleaner with FireFox running.

Deleted autorun? It won't delete autorun.inf files unless something it considers to be a threat makes them.

I have seen exactly three true FPs on any of several thousands of systems that I have managed, and all of those were easy to understand as VT showed over 50% positives on the files in question. And yes, it does quarantine things recoverably. If it "deletes" something related to cleanup, restoring the item that was the origin will also restore the deleted data fully.

It does not change any browser settings at all other than attempting to install the LastPass-based password toolbar -IF- and -WHEN- you go into the agent and tell it to, and that only in the Internet Security and Complete versions. I specifically recommend only the AV version in your case and don't assume that something is an FP unless you wrote it yourself. otherwise, just shoot a message to support. I've had complaints about FPs that were easy to show as not FPs when I looked at them.

I did specifically say "The AV version", and I said "Install it and forget it". Instead, the Complete version was installed and then poked at tremendously with apparently an incomplete understanding of what the user was doing.

Easy solution here: Get AV-only. Even a trial. Less expensive, doesn't install a Toolbar, doesn't clean up FireFox and allow you to ignore the message that says to shut down FireFox before running the cleanup otherwise there could be problems. And check on those claimed FPs, because they may not be.

At the same time, I can't say that everything will work perfectly for everybody. Heck, I even disable the ID shield on -MY- copy of Webroot because it has some annoying side effects otherwise with the combination of things I run.

If you would like direct advice on "Do this, don't do this, there, you're good to go", feel free to let me know. In summary:
- Get AV-Only
- Install
- Turn off ID Shield if you use a lot of stuff that messes with the keyboard (fake keystrokes, macros, etc) or mouse or screenshots. Or just if you want to be happier, since I have been driven absolutely nuts by the ID shield since the product was first released.
- Don't touch it
-- If it detects something that you swear is an FP, restore from quarantine if you're brave and submit a support ticket for it to be resolved in a few hours at most.

Either way, regardless of what people claim on here, I will continue to install it on several hundred to several thousand consumer and enterprise endpoints per week because it makes my life and other peoples' lives a heck of a lot easier. I will not stop just because of a bad experience due to what matches the fingerprint of user error, and every AV can be made into a nightmare by user error.

A lot of points there, and not easy to respond to all of it, but we were talking about an UNOBTRUSIVE antivirus and you recommended

quote:
Webroot SecureAnywhere. Least intrusive, period.Set, forget, and it just works.
You did not specifically recommend the AV only version. You did mention something about the AV having an "egress firewall extender." It turns out that there are three different products all called "SecureAnywhere." At this point I'm not sure exactly which one I tested.

You are undoubtedly correct that many of my Firefox problems were caused by running a cleanup while Firefox was open. However, I did not "ignore warnings." There were no warnings that I saw. If there were warnings, they were buried somewhere and not immediately obvious to me, a new user. On the other hand, the auto blocking of cookies by default was extremely annoying and the popups to allow cookies were very intrusive and I certainly noticed them.

As I said, a toolbar was installed silently in IE and with permission in Firefox. It seemed to be unaware that I already had "LastPass" installed on both of those browsers. Clearly the toolbars were redundant over what I already had. Furthermore I will bet that redundancy was part of the cause of the problems I encountered even before I ran a cleanup.

The false positives were definitely false positives as far as I am concerned. Webroot claimed they were Trojans which they were not. They may have been somewhat dodgy in other ways, but they were definitely not trojans as claimed. Claiming a trojan when a file is actually better classified as "potentially unwanted software" is a false positive as far as I am concerned.

You say the files could be restored from quarantine. I never found any quarantine in the program, nor was it immediately obvious how to restore any of the files that appeared to be deleted. Perhaps I should have read the manual, but we were talking about a set-and-forget unobtrusive AV. I really didn't want to spend a lot of time going into settings. When I uninstalled the program, there was no option to save anything from quarantine. I'm not convinced the program ever set up a quarantine at all. If it did, I was not made aware of it.

Yes, it deleted without warning, both autorun.inf files from my external hard disks. You can believe me or chose not to believe me, but those files were there before I installed the program and gone after I removed it. I seriously doubt there was some other program that removed those files.

Heck even the code for the trial didn't work at first. Trying to make it work, it turned out that a lot of users have reported the same problem. They have to contact support when their key doesn't work.

I'm not saying it's a bad program or a good program. I didn't run it long enough to say either way. I am saying that for me it was not "unobtrusive," nor was it "set-and-forget."

Anyway, that's my story and I'm sticking to it.
--
"It turns out we're very good at not seeing things" - Jack Hitt

KitFox

join:2002-10-09
Denver, CO
kudos:1

1 recommendation

said by jmorlan:

You did not specifically recommend the AV only version. You did mention something about the AV having an "egress firewall extender." It turns out that there are three different products all called "SecureAnywhere." At this point I'm not sure exactly which one I tested.

One is called "SecureAnywhere Antivirus", one is "SecureAnywhere Internet Security Plus" and one is "SecureAnywhere Complete". I was under the impression that the combination of my mention of the antivirus specifically plus your request for AV specifically would be sufficient for you to interpolate your personal desires and click on the Antivirus version.

The one you tried to get the results you describe would be "Complete".

said by jmorlan:

You are undoubtedly correct that many of my Firefox problems were caused by running a cleanup while Firefox was open. However, I did not "ignore warnings." There were no warnings that I saw. If there were warnings, they were buried somewhere and not immediately obvious to me, a new user. On the other hand, the auto blocking of cookies by default was extremely annoying and the popups to allow cookies were very intrusive and I certainly noticed them.

The FireFox cleaning would require you to actively open the agent, click the System Tools tab at the top, and click the "Clean Up Now" button. At that point, if "Mozilla Firefox - Cached Files" is selected under the Applications section of System Cleaner Settings (which it is by default), it should pop up a warning advising you to close Firefox before clicking OK to run the cleanup.

SecureAnywhere makes no changes whatsoever to cookie settings in any browser. However if you have Internet Explorer set to prompt for cookie handling separately and also modify the system cleaner settings in SecureAnywhere to delete IE cookies followed by running a cleanup, then you will get re-prompted for the cookies you just deleted.

said by jmorlan:

As I said, a toolbar was installed silently in IE



Which puts your IE version quite out of date, as standard Windows updates made that impossible.

said by jmorlan:

and with permission in Firefox. It seemed to be unaware that I already had "LastPass" installed on both of those browsers. Clearly the toolbars were redundant over what I already had. Furthermore I will bet that redundancy was part of the cause of the problems I encountered even before I ran a cleanup.



Strange. When I install it on a system with LastPass installed, the Webroot-branded LastPass toolbar refuses to install because there is a copy of LastPass there already. Did you have a broken LP TB or something that couldn't be detected by the branded installer?

said by jmorlan:

The false positives were definitely false positives as far as I am concerned. Webroot claimed they were Trojans which they were not. They may have been somewhat dodgy in other ways, but they were definitely not trojans as claimed. Claiming a trojan when a file is actually better classified as "potentially unwanted software" is a false positive as far as I am concerned.

What precisely do they do to the system (in detail), and do they do exactly what they claim and no more? Do they hide anything behind a false premise or hide details in an obscure place?

said by jmorlan:

You say the files could be restored from quarantine. I never found any quarantine in the program, nor was it immediately obvious how to restore any of the files that appeared to be deleted. Perhaps I should have read the manual, but we were talking about a set-and-forget unobtrusive AV. I really didn't want to spend a lot of time going into settings.

To double-check, I had my dad look for the quarantine. He's in his late 70's and has trouble with tech of all types. He looked at the overview tab, clicked on PC Security (the second tab), noted the word "Quarantine" on the left and clicked on it, then clicked on the really-obvious "View Quarantine" button. It took him 15 seconds and he never looks at the program normally.

said by jmorlan:

Yes, it deleted without warning, both autorun.inf files from my external hard disks. You can believe me or chose not to believe me, but those files were there before I installed the program and gone after I removed it. I seriously doubt there was some other program that removed those files.

Now I wonder what you did to achieve that or what was in those files. I tested my installation with autorun files on thumb drives, main hard drives, external HDDs, and even on a hot-swap bay drive and it never got touched.

said by jmorlan:

Heck even the code for the trial didn't work at first. Trying to make it work, it turned out that a lot of users have reported the same problem. They have to contact support when their key doesn't work.

Under normal circumstances, keys generated by the trial system are sent to the licensing system once per minute on the turn of the minute. Since the download takes a few seconds and a fast person can enter the key quickly, there is a chance for that to occur normally. However I am curious where you found "a lot of users have reported the same problem". Cite your source?

said by jmorlan:

I'm not saying it's a bad program or a good program. I didn't run it long enough to say either way. I am saying that for me it was not "unobtrusive," nor was it "set-and-forget."

Anyway, that's my story and I'm sticking to it.

Understandable. There is no program in existence that is impossible for a user to cause problems with somehow. Which is why I offered basic advice (Get AV. Don't poke it.) and the offer for more advanced advice should you want it. *Shrugs* This is why I prefer to work with people face to face. I install it or give them explicit instructions and they're happy.