# Anti Virus +



## Tomken15 (Dec 7, 2011)

I don't know why http://www.techsupportforum.com/forums/f139/antivirus-701984.html was closed, but there was a program on UK's Channel 5 last night which discussed security issues and suggested checking to see if your chosen AV program would block this mock virus EICAR Test Virus and if it doesn't, then it would be time for a review of your choice.


----------



## satrow (Feb 4, 2012)

My choice of free products blocks the downloads; how does yours do, Tomken?

Do you really think an ancient mock test file has much bearing on current security/malware issues?


----------



## Tomken15 (Dec 7, 2011)

I wasn't aware that it was an ancient test as the program just referred to it to test your AV.

Norton 360 blocked the .com file straight away and the .zip after its check.

The .zip2 wasn't blocked until the second skin was opened, but as there wasn't anything under the first wrapper, then I think I should be quite safe with my choice of discounted Norton 360.

I have its three add-ons disabled without any detrimental effects and it hasn't let any nasties in yet, although I practice safe browsing and don't click on any links in e-mails from unknown senders.


----------



## satrow (Feb 4, 2012)

It always pays to check dates, especially for your own installed software  and anything that purports to be security-related.

When it comes to the Eicar test files, which are plainly not infected, an 'honest' security program should make that distinction clear in some way; 'looks like' is not the same as 'is', heuristics = guesses; these files are so old that the AV vendors all know that they are not a problem if their fingerprints are unchanged.

So the more 'honest' security vendors _may_ be less forceful in their warnings.

Yes, all AVs should detect them, but should they then use 'scareware' tactics to try to impress you to stay with their products by adding such a detection to your 'saved from infection x times' history/logs?

See how a variety of AV vendors classify the Eicar page: https://www.virustotal.com/en/url/1...1106664dd1109fba886767cbfc0914f3256/analysis/


----------



## Tomken15 (Dec 7, 2011)

Norton wasn't even listed, but I believe they don't release their test results anyway - just checked the eicar.com again and even the Windows Smart Screen filter blocked it.

I guess it's really what is out in the wild that we need to be concerned about and that our AVs will recognize them.


----------



## sobeit (Nov 11, 2007)

tests are worthless. top antivirus lists are worthless. actual real world usage is what counts. the actual system, the hardware and the software installed on the system is what counts. that is why you never see the same results when different vendors and different security experts run different but similar tests.


----------



## Tomken15 (Dec 7, 2011)

Yes, I've noticed that the results of tests can differ widely, but what I look for in those is to see which ones are constantly in the top 3 or 4 regardless of their position and while I've seen MSE go from say the top five to the bottom five, Avast always seems to be up there - but as long as I can get my Norton 360 at a discounted half price, then I'll stick with that and I know it has done its job very well so far.


----------



## TheCyberMan (Jun 25, 2011)

The Eicar test is old as the hills and is severly outdated.

With regards to anti-virus and firewall leakage tests should only be used as mere guidance as the tests are usually known tests from infections or security holes that have been found and not the latest and never will be.

In the wild the attack vectors are very different and do not conform to test apps.

If tests fail then re-configuration may be needed or replacement of AV. If they pass does not mean you are secure just that that particular attack vector is covered by your AV.

I have layered security from gateway downwards but I consider it a last line of defence.

The best defence is education on safe browsing on the internet.

Ensuring your computer systems OS is up to date and fully patched.

Installed programs and apps are fully up to date and patched.

Configure the system for least priviledge.

UAC is set to maximum gives awareness to the user.

User accounts configured for least priviledge.

Run only the services that are needed.

Remove unneeded programs or apps.

Testing using sites like shields up will give you some guidance on what is listening or is allowed coming into your network.

Security is never 100% do not be fooled by any claims even from top vendors in the various fields.

Ensure security software or hardware is properly configured incorrect configuration can lead to leakage.


----------



## T_Rex (Oct 21, 2012)

One of the best general security guides I have seen is this one

mechBgon's guide for first-time PC builders... Best practices for ongoing security


----------



## Tyree (May 10, 2009)

sobeit said:


> tests are worthless. top antivirus lists are worthless. actual real world usage is what counts. the actual system, the hardware and the software installed on the system is what counts. that is why you never see the same results when different vendors and different security experts run different but similar tests.


Ditto ^
I haven't used an AV on any of my personal PC's in years and have had maybe a half dozen infections and those were easily remedied with an Acronis image.


----------



## Basementgeek (Feb 7, 2005)

Generally not good advice, not to run an active anti virus program. If it was why do all the security people you talk to recommend one ?, they use them.

I have not had one infection in probably 8 years.

BG


----------



## Masterchiefxx17 (Feb 27, 2010)

I agree with BG. Not running an AV is not the best idea. At least install MSSE which is free, does all the work quickly and doesn't bother you at all.

Microsoft Security Essentials - Microsoft Windows

Plus at least you have some protection.


----------



## greenbrucelee (Apr 24, 2007)

Basementgeek said:


> Generally not good advice, not to run an active anti virus program. If it was why do all the security people you talk to recommend one ?, they use them.
> 
> I have not had one infection in probably 8 years.
> 
> BG


+1 had one false positive one time when I was running ESET.


----------



## T_Rex (Oct 21, 2012)

Absolutely, one should use a well rated AV as resident. One cannot know if they have viruses or not if they can't be detected. That guide I posted was an experts basic guide on how to configure the OS permissions. 

Personally on my windows machine I use Trend Micro Security Suite 13' with Malware Bytes and a few host files (though Trend has it's own). Usually I use free A/V, but I do support well coded software and don't mind buying it.


----------



## sobeit (Nov 11, 2007)

by not running an active antivirus, you could be doing your family and friends a disservice. you could be forwarding email or links to webpages that have nasties and not know it. it is like getting the flu vaccine. If you dont get one, you may get the and spread it before you realize you have it or you could be just a carrier (without knowing it) and spread it.


----------

