AV-Comparatives - Summary Report 2018

[sepik]

When installing a new AV. First to do is to scan whole system and data drives. I think an AV calculates hash of all the files. Then when you open an file explorer and browsing the file structure, it does not have to scan all the files, because hash are already "scanned". Do not enable "scanning archives while downloadin". It slow dows the system a lot. For example, i've tried Zonealarm Antivirus(old Kaspersky engine, still gets the latest signatures tho). After installing and scanning, its really fast and effective. Zonealarm Firewall is really good, what comes to how a malware can disable your layered protection. I've tried several softwares to disable Zonealarm firewall, but failed miserably. It loads so early, that rare even none malwares cant connect to servers DURING boot-up.

So, never ever use a WFP based firewall

 

[dash]

When installing a new AV. First to do is to scan whole system and data drives. I think an AV calculates hash of all the files. Then when you open an file explorer and browsing the file structure, it does not have to scan all the files, because hash are already "scanned". Do not enable "scanning archives while downloadin". It slow dows the system a lot. For example, i've tried Zonealarm Antivirus(old Kaspersky engine, still gets the latest signatures tho). After installing and scanning, its really fast and effective. Zonealarm Firewall is really good, what comes to how a malware can disable your layered protection. I've tried several softwares to disable Zonealarm firewall, but failed miserably. It loads so early, that rare even none malwares cant connect to servers DURING boot-up.

So, never ever use a WFP based firewall

I'm seeing that, the Windows Firewall is slow to load. What kind of oversight was that..

Agree about the initial scanning, I try to give an AV at least a day.

 

[sepik]

So, never ever use a WFP based firewall

 

[dash]

So, never ever use a WFP based firewall

Yeah, I guess it does seem a bit reckless, though I wonder how big of a deal it is. I've got Norton on my Windows PC right now though and I set its startup priority to Aggressive.

As far as the AV-C report here, I want to look at these results. I wonder why Symantec didn't score better. I'm not going to change my AV though.

 

[shmu26]

If you have malware running right away at system startup and calling home before Windows Firewall even starts, then the malware must be installed as a service. If that's the case, the malware has admin rights, and your system is already pwned.

 

[sepik]

Shmu26, you're absolytely righ about this. Comodo and Zonelarm uses their own firewall driver, especially zonealarm one that cannot be "killed". Thats why im using it, only because of its kernel based, own driver.
So malware that do encryption during boot-up, that is "OK", but cannot connect to cc servers, well because of zonealarms firewall driver during boot-up prevents that.

 

[Mr.X]

ZoneAlarm was one of the first vendors to switch to WFP when Microsoft pushed it out on Windows Vista. WFP is "official" way of making a proper Firewall component in Windows nowadays (like through an NDIS 6.xx driver).

Another member posted a thread on the forum awhile back about WFP and Windows Firewall myths... so before you get your knickers in a twist because I told you that ZoneAlarm uses WFP, just remember that it isn't the same thing as "ZoneAlarm uses Windows Firewall", because that's simply not the case. It's important that I address that now because I am a fortune teller as my main career, and boy, I could see some real temper tantrums upcoming.

If you're making a Firewall for Windows in 2019 and aren't using WFP then you're doing it wrong and should start seeking a priest to perform your exorcism - WFP is robust and extensively used.

 

[Nightwalker]

All 3rd party firewalls uses the Windows Filtering Platform since Windows Vista, even ZoneAlarm.

Check Point is the first major security vendor to utilize the next generation Windows Filtering Platform application programming interface (API) for Microsoft Vista. This also marks the first time that ZoneAlarm’s exclusive Operating System Firewall protection has been made available for Microsoft Vista. By leveraging these and other leading technologies, ZoneAlarm Internet Security Suite delivers superior levels of protection and reliability.

Press Release - ZoneAlarm by Check Point - Award winning PC Protection, Antivirus, Firewall, Anti-Spyware, Identity Protection, and much more.

Not critizing you personally @sepik, but your advise is misleading.

Like @Mr.X perfectly mentioned, WPF is solid and all vendors should utilize it.

 

[shmu26]

ZoneAlarm was one of the first vendors to switch to WFP when Microsoft pushed it out on Windows Vista. WFP is "official" way of making a proper Firewall component in Windows nowadays (like through an NDIS 6.xx driver).

Another member posted a thread on the forum awhile back about WFP and Windows Firewall myths... so before you get your knickers in a twist because I told you that ZoneAlarm uses WFP, just remember that it isn't the same thing as "ZoneAlarm uses Windows Firewall", because that's simply not the case. It's important that I address that now because I am a fortune teller as my main career, and boy, I could see some real temper tantrums upcoming.

If you're making a Firewall for Windows in 2019 and aren't using WFP then you're doing it wrong and should start seeking a priest to perform your exorcism - WFP is robust and extensively used.

@Mr.X if you are a professional fortune teller, than maybe you can tell me which priest I will be using to exorcise my firewall? Please?

 

[Mr.X]

You can use WFP in user-mode though depending on what you want to do, for example, you can use it to prevent port scanning in user-mode. Some things can be done in user-mode whereas others can only be done in kernel-mode.

 

[17410742]

I think at some point, we have to accept that fans of forums like this one are excessive for protection.

I still prefer a very limited setup of VoodooShield + either Sandboxie or ShadowDefender. (Sandboxie is less hassle as app/windows updates will be received & retained on boot)

i have never felt like my security took any hit compared to using multiple tools, suites or as many anti.xxx as possible.

Even products that have took a dive in detection like MalwareBytes Premium - behind Sandboxie, especially if you don't take files out of the sandbox, just not worried.

For me, these days, i think more focus should be on Privacy > so VPN > Anonymous Email > Encryption etc take much higher priority.

 

[RodM1956]

I love the idea of very limited security setup. BUT.....

Defender is slow on my PC compared to 3rd party.

Also I would us Voodoo but it slowed my applications , just slightly, and I don't recall what sandboxie and shadow defender did, but since I never used them again after trying them, I guess I wasn't impressed, even though the protection might have been steller.

 

[ForgottenSeer 72227]

I think at some point, we have to accept that fans of forums like this one are excessive for protection.

I still prefer a very limited setup of VoodooShield + either Sandboxie or ShadowDefender. (Sandboxie is less hassle as app/windows updates will be received & retained on boot)

Good points!

I agree that security forums in general sometimes create fear and paranoia to the point that people have excessive setups. It's very understandable, especially when you hear/read whats going on around the world when it comes to security. While it seems simple enough, it does take people time to come around. I think we've all been there at some point, including myself, but I have to say that my setup now is far more simple than it use to be. I kinda of see it as a journey we all go on.

I also feel that it's not helped by the fact that security companies in general feed into this fear and paranoia. They tend to make everything sound all doom and gloom, when in fact it's not. Your not going to get infected by simply turning on your computer.

Less is more and more is not always better.

I love the idea of very limited security setup. BUT.....

Defender is slow on my PC compared to 3rd party.

Also I would us Voodoo but it slowed my applications , just slightly, and I don't recall what sandboxie and shadow defender did, but since I never used them again after trying them, I guess I wasn't impressed, even though the protection might have been steller.

Keep in mind that simple doesn't mean you have to use WD. It's come along ways on the protection front, yes, but it's not perfect. A lot of people don't like it because of the performance impact it can bring. It seems to be system dependent and also depends on your overall usage. In saying this there are tons of great programs out there, you have to just find the one that you like and meets your needs the most.

A simple setup could be just running something like KIS and nothing else. A simple setup really is about only using only the programs that you need and nothing else. It's about realizing that piling on and overlapping protections won't make you more secure, but rather make it even less secure.

Whether you use the built in protections within Windows, or you use a 3rd party program, always remember that less is more.

 

[roger_m]

A simple setup could be just running something like KIS and nothing else. A simple setup really is about only using only the programs that you need and nothing else. It's about realizing that piling on and overlapping protections won't make you more secure, but rather make it even less secure.

I agree. I don't feel the need to use multiple security apps in an effort to do all I can to secure my system. I know that if I keep my system updated and am always careful about what I let run on my system, it's highly unlikely I will get infected. I don't need my system locked down as much as possible, if I don't open infecteed files.

At the moment, the only realtime security I have is 360 Total Security (and its firewall). I acknowledge it's not the best antivirus. But, it doesn't slow down my computer and I always asks me what I want to do when it encounters a suspicious file. If I want to keep the file, I can whitelist it with just two clicks. It's worth noting that I don't ever come across actual malware. If something gets detected, it's detected as a PUP, or is a false positive.

I prefer to be in control of my systen, rather than having security software makes decisions for me.