Antivirus Security Question

CptSternn · 26-08-2007 12:30pm #1

I have been using McAfee for sometime, and recently switched to AVG since McAfee doesn't work so well on Vista.

I have a mate that runs Symantec, which we had to uninstall due to numerous conflicts with games.

I also have a laptop which I have NOD32 running on.

That being said, after installing AVG today, I found a half dozen trojans and viruses on both my laptop, PC, and on my mates PC.

We had protection on both. In fact, three packages missed every one of these viruses. After closer inspection of the files, I did find them to be infected, yet Symantec, McAfee, and NOD32 all listed them as clean.

Now, in all fairness the systems are all Vista, so even with the files infected they were not able to release their payload, as the OS kept them from running in the background. I however was running XP for sometime and many of these files were installed and on my PC then and they were not detected then either.

Could that be the reason the other AV programs did not detect them? I scanned the files manually, and they were not detected with the other products. I actually had McAfee running alongside of AVG and disabled AVG and McAfee still did not detect these viruses and trojans.

I'm trying to figure out why one package was able to spot these files, 12 in all, when no other package was able to see them. They are all files I did download from the net, and some did some from less-than-reputable sources, so I have no doubt that the results from AVG are correct and not some false positive.

Has anyone else had similar issues? Anyone else found that they have had a dozen trojans & viruses sitting on their PC for some time that all the other packages didn't detect? If anyone wants to test these out, I can throw a copy on the web so you can download and check these files for yourself to see if your AV package detects them.

ethernet · 26-08-2007 1:17pm

Each anti-virus program will have different detection rates. They're often compared in computer magazines. Viruses are always mutating, just like human viruses, and it takes more work to detect them.

Could that be the reason the other AV programs did not detect them?

Well, if you scanned the same areas using the different programs, I wouldn't say so.

ActorSeeksJob · 26-08-2007 1:18pm

what was the file path for the infections? This sort of thing happens all the time, I'm surprised Nod32 didn't pick them up, not surprised at McAfee and Symantec though.

JohnnieM · 26-08-2007 7:58pm

was that AVG free?
If you use the purchased version of AVG you'll probably find another couple of Virus's Plus a heap of tracker cookies etc etc

Shane O' Malley · 26-08-2007 9:04pm

Is it possible that these are files that had previously been disarmed by your av and the other software is identifying files that have already been cleaned.

Depending on your settings, some av will not delete the virus just make it inactive. This could be to prevent damage due to a false positive.

Black Swan · 27-08-2007 7:52am

I am not a real fan of Norton or McAfee. For one thing, their AV definition updates seem to run further behind other security suits. Actually had a machine trashed while it was covered by Norton Internet Security 2007. Recenty converted to Kaspersky and have no complaints.

Shane O' Malley · 27-08-2007 8:05am

Got to recommend Kaspersky myself.

Been using it myself for years. Got a bit fancy recently but still does the job and updates every hour.

CptSternn · 27-08-2007 7:24pm

An update. I too switched to Kaspersky and did a new scan. It didn't detect issues with 10 of the ones AVG did, but did on two.

After further inspection, two files were definitely trojans, but the other 10 appear to be just false positives. After reviewing the link I found on the AV thread it appears AVG gives off MANY false positives. In my own experience, I have 10 false positives.

That being said, McAfee and Symantec didn't detect two, and they both were updated daily.

Also, the files were installed on the XP box, but I just copied them to my Vista box for testing purposes, so they would not have been able to avoid detection because they disabled the AV software (that might have been the case in XP, but the Vista machine with McAfee and Symantec on it should have caught them.

Anyway, I'm sticking with Kaspersky now. Cheers for the responses.

Shane O' Malley · 28-08-2007 8:25am

You have to be careful with false positives with Kaspersky too.

I run it on a corporate network and have had three false positives in the last year.

Two of those were for files installed by HP as part of its preinstalled software and one was an operating system graphics driver.

I set my systems to report and prevent access rather than delete.

Shane

ActorSeeksJob · 28-08-2007 12:28pm

Generally Kaspersky doesn't get too many false positives, their database is huge. A lot of HP stuff has really suspicious names and path directions, hence a lot of scanners report them as spyware.

Good choice on Kaspersky to the OP

Antivirus Security Question

Comments