5

509322

Avira free is a good option to combo with other security softs that will supplement it with additional protection capabilities.

You can't argue that Avira free is not better than Windows Defender - because it is much more capable and it is also free. So for those that want to increase their system protection over Windows Defender, Avira free is one of the better available freeware options.
 

Arequire

Level 23
Content Creator
Verified
The Avira antiransomware and behavior blocker is not on the same level as other AV behavior blockers. Avira is, and has always been, basically a scanner with a comparatively few advanced capabilities.
Yeah that's what I've seen from pretty much all the reviews and testing I've observed. Don't understand how professional testing organisations have it reaching top of the pile the majority of the time. Sample choice maybe?
 
5

509322

Yeah that's what I've seen from pretty much all the reviews and testing I've observed. Don't understand how professional testing organisations have it reaching top of the pile the majority of the time. Sample choice maybe?
Avira detection is very high. The lab tests are detection tests. Plus the sample sets used influences the test results. Read the test reports in their entirety instead of just looking at the graphs...
 

Arequire

Level 23
Content Creator
Verified
Avira detection is very high. The lab tests are detection tests. Plus the sample sets used influences the test results. Read the test reports in their entirety instead of just looking at the graphs...
What about zero-day tests? Say Avira gets 100% from 172 samples in the two months tested. Just samples with behaviour that's easily identified or...? Unless by zero-day tests they mean just scanning a folder full of zero-days and Avira just detects them all as malicious instead of launching them. If that's the case then I've been duped.
 
5

509322

Unless by zero-day tests they mean just scanning a folder full of zero-days and Avira just detects them all as malicious. If that's the case then I've been duped.
Exactly. Read the reports in their entirety.

Scan and then whatever remains is executed.

Zero-day in the case of files means perhaps a day or so old. It could be 5 minutes old or more.

Zero-days could be anything. If I locate 172 ransomware samples from established, well-known ransomware families - like TorrentLocker, CTB Locker, CryptoLocker, etc - then Avira heuristics are capable enough to obtain high detection upon scanning and file execution, plus cloud query. The sample sets are representative of what is actually encountered in the wild. That mostly means the same malware manipulated to avoid scan engine detection.

I don't think duped by the labs. You duped yourself.

If you don't understand what the tests are and what they actually test - then you will make false assumptions and mis-informed decisions based upon what you think the test results mean versus what they actually mean.
 

Arequire

Level 23
Content Creator
Verified
Exactly. Read the reports in their entirety.

Zero-day in the case of files means perhaps a day or so old. It could be 5 minutes old or more.

Zero-days could be anything. If I locate 172 ransomware samples from established, well-known ransomware families - like TorrentLocker, CTB Locker, CryptoLocker, etc - then Avira heuristics are capable enough to obtain high detection upon scanning and file execution, plus cloud query.

I don't think duped by the labs. You duped yourself.

If you don't understand what the tests are and what they actually test - then you will make false assumptions and mis-informed decisions based upon what you think the test results mean versus what they actually mean.
Ahh, got it. Just me being an idiot then.
 

giants8058

Level 4
I'm sorry but those are some pretty disappointing results. What is the point of having such "great" signatures, that when it comes across unknown threats, it fails pretty badly. Real-time protection is much more important than static scanning rates. Their protection model is quite antiquated this day in age with all the constantly evolving malware out there. Get passed the signatures/heuristics and cloud, there is nothing left to fall back on which is clearly illustrated in the video.

And you can't really compare Avira to Emsisoft either. I don't think it's even all that close. And like someone said, you can't go off of 3rd party testing sites only. You should really test for yourself. Yeah their detection isn't as high as Avira at times, but their Behavior Blocker in my opinion is the best out there. I've been doing a lot of testing lately, primarily with Emsisoft IS and Kaspersky IS. Yeah Kaspersky usually has better initial detection rates but that's primarily due to it using KSN with scans while Emsisoft uses signatures/heuristics for scans and only queries it's cloud if something is flagged by the BB upon execution, but they usually have very similar results by the end. There have even been more than a handful of times lately that EIS clearly outperformed KIS because of it's BB. Got pretty badly infected earlier today with KIS, while EIS caught everything. And the samples I use are typically very fresh, 24 hours or less in the wild. So that is very impressive.

As for free solutions go, you gotta go with Avast. Very solid product. Better than most paid AVs. Much better than Avira. I like Bitdefender Free, but the lack of any configurable settings leaves much to be desired.
 
Last edited:

Xsjx

Level 13
I'm sorry but those are some pretty disappointing results. What is the point of having such "great" signatures, that when it comes across unknown threats, it fails pretty badly. Real-time protection is much more important than static scanning rates. Their protection model is quite antiquated this day in age with all the constantly evolving malware out there. Get passed the signatures/heuristics and cloud, there is nothing left to fall back on which is clearly illustrated in the video.

And you can't really compare Avira to Emsisoft either. I don't think it's even all that close. And like someone said, you can't go off of 3rd party testing sites only. You should really test for yourself. Yeah their detection isn't as high as Avira at times, but their Behavior Blocker in my opinion is the best out there. I've been doing a lot of testing lately, primarily with Emsisoft IS and Kaspersky IS. Yeah Kaspersky usually has better initial detection rates but that's primarily due to it using KSN with scans while Emsisoft uses signatures/heuristics for scans and only queries it's cloud if something is flagged by the BB upon execution, but they usually have very similar results by the end. There have even been more than a handful of times lately that EIS clearly outperformed KIS because of it's BB. Got pretty badly infected earlier today with KIS, while EIS caught everything. And the samples I use are typically very fresh, 24 hours or less in the wild. So that is very impressive.

As for free solutions go, you gotta go with Avast. Very solid product. Better than most paid AVs. Much better than Avira. I like Bitdefender Free, but the lack of any configurable settings leaves much to be desired.
I still think Avira is not on Sigs but on Cloud..
I havent seen any warning with cloud here
So its interesting..

And yes in this test it wasnt very good, But Aviras cloud is just Awesome..
 

giants8058

Level 4
It uses sigs, heuristics, and the cloud. The cloud is really good due to their large customer base, but it may be for privacy reasons that hashes (not real time binary analysis) of files are only sent, and if there is no match (like the 2 ransomware files that got through in the video) there is no last layer of protection. No behavior blocker or any type of application privilege control.

And heuristics is different from a behavior blocker. Most AVs have heuristics by default, which are built into their engine, but also offer some type of post execution behavioral analysis like Kaspersky, Emsisoft, Avast and Norton. Look at Eset.. best signatures out there, but I see on many occasions in the Malware Hub with the final status of infected. Without it's HIPS module (which I'm not really a fan of due to the incessant notifications for good and bad programs. Training it helps, but still. This can result in pop-up fatigue for some, especially for basic users, and just end up allowing things they shouldn't) its real time protection is lagging behind the other AVs mentioned above.
 
Last edited:

giants8058

Level 4
Here are some final results after the two most recent packs from the Malware Hub. We have some process hollowing, 1 file with 2 entries for startup, 2 processes in memory sitting there for about 15+ minutes, and as you can see Cerber had no problem with Avira. Comparing free AVs, Avast (Hardened mode set to Moderate) either cleaned or blocked all threats (as did Emsisoft IS and Kaspersky IS). This is the reason why I don't recommend Avira to friends or family when they ask me which free AV should they use.

2017-03-20 at 17-27-20.png 2017-03-20 at 17-27-28.png
 

Xsjx

Level 13
Here are some final results after the two most recent packs from the Malware Hub. We have some process hollowing, 1 file with 2 entries for startup, 2 processes in memory sitting there for about 15+ minutes, and as you can see Cerber had no problem with Avira. Comparing free AVs, Avast either cleaned or blocked all threats (as did Emsisoft IS and Kaspersky IS). This is the reason why I don't recommend Avira to friends or family when they ask me which free AV should they use.

View attachment 143628 View attachment 143629

I think Avira free does not have the cloud as seen here...
With pro Cerber is nothing ;P


Still Why on the website it says Free users also have Cloud?
 
  • Like
Reactions: Der.Reisende

Evjl's Rain

Level 40
Content Creator
Trusted
Malware Hunter
Verified
Here are some final results after the two most recent packs from the Malware Hub. We have some process hollowing, 1 file with 2 entries for startup, 2 processes in memory sitting there for about 15+ minutes, and as you can see Cerber had no problem with Avira. Comparing free AVs, Avast (Hardened mode set to Moderate) either cleaned or blocked all threats (as did Emsisoft IS and Kaspersky IS). This is the reason why I don't recommend Avira to friends or family when they ask me which free AV should they use.

View attachment 143628 View attachment 143629
good to know. I also tested many malware packs from the hub in my video. I saw the pro version blocked almost everything except 1 PUP

perhaps the free version sucks although it also has cloud but not working