Battle Which is the best antivirus for heuristics and behavior block ?

Nico@FMA

Level 27
Verified
May 11, 2013
1,687
hi everyone.
i have a important question . Which is the best antivirus for heuristics and behavior block ?
help me plz .

Hello @jimrako

First of all welcome to MT,
Secondly you ask which AV is the best based upon their HEUR/BEH capabilities, now before i am going to reply to this i would like to point out that there is NO BEST product no matter what your own or my preferences are.
The security industry maintains a set of global standards that are a MUST have for every single AV company if they want to play with the "big' boys.
In the past the differences between AV programs was huge in terms of detection, removal, performance and technology used, today on the other hand the differences are minor and in most cases ZERO.
Usually if you pick a AV brand out of the lets say top 10:

Kaspersky, Norton/Symantec, ESET, Sophos, Mcafee, F-Secure, Bitdefender, Panda, Avast, AVG (There are more brands that are more or less equally good as the mentioned names)
My point is you cannot go wrong with any of these brands and each of these brands will provide you with a similar level of security.
Where one has a better firewall, the other has a better blocker and so on, but down the line if you take for example Symantec vs ESET vs Kaspersky then you will quickly realize that each of these programs are totally different in terms of everything but security wise they provide pretty much exactly the same level of security.
So my advise would be: Pick any product you feel comfortable with learn and educate yourself about the program and eventually you will "discover" your personal best AV.

You can also read my guide Av myths and facts
or if you have time read my other guide: Your mouseclick matters
Both guides will give you a totally new understanding of how computer security works and will explain most of your AV questions.

Kind Regards,
Nico
 

Nico@FMA

Level 27
Verified
May 11, 2013
1,687
thanks a lot .every thing you say in true
. but i want know best behavior blocker antivirus . what is your choice ?

Symantec has been a veteran in BEH blocking and their pretty good to.
Kaspersky has been solid but so has for example Avira, and since such technology goes in tandem with other features within a solution it would be virtually impossible to single out one brand on this criteria. That said if you want me to single out a brand then i would say:
Kaspersky, Symantec, Eset (3 names since the difference is ZERO)
 

Soulbound

Moderator
Verified
Staff Member
Well-known
Jan 14, 2015
1,761
hi everyone.
i have a important question . Which is the best antivirus for heuristics and behavior block ?
help me plz .
what one individual considers best, another will not.

if you list exactly the name of the solutions you are considering, you will get some better results in terms of responses. On the actual list, avast and Norton are quite good in their own way. Ashampoo, ill say there are other solutions better. Others as in you listed, needs to be specific.
 
  • Like
Reactions: SloppyMcFloppy

Nico@FMA

Level 27
Verified
May 11, 2013
1,687
what one individual considers best, another will not.

if you list exactly the name of the solutions you are considering, you will get some better results in terms of responses. On the actual list, avast and Norton are quite good in their own way. Ashampoo, ill say there are other solutions better. Others as in you listed, needs to be specific.

Or use the MT search function as this question is being asked at least 3 times a day. But yes you are right a specific list would help to narrow down the top dog based upon his list.

Regards
Nico
 
L

LabZero

A consideration:

the basic/average user identifies all safety technology with the antivirus and then he is probably not interested in figuring out how work these protection mechanisms.
Obviously the line between AV and heuristic tecnology and BB, is very tenuous indeed many antivirus in circulation use these technologies. The only difference is that they use the term "heuristic detection", but it's the same management.
In general, these technologies detect malware that normal signatures based antivirus fail to recognize, generating a high number of false positives, however. And we know that we do not want to be bothered by unnecessary alarms.
So the technology is inserted directly into the classic antivirus products adjusting by default to not generate too many false positives therefore It is necessary some knowledge to calibrate all.

So I believe this technologies can't be so much decisive for all (basic/average) users as sentenced by manufacturers. Consider what a program takes place as it happens doesn't solve any of the issues left open by the normal antivirus and the point is that part of the attacks fails, but few others can have success.

Some manufacturers may try to convince you that all users need this technologies, but it's not entirely true.
 

Nico@FMA

Level 27
Verified
May 11, 2013
1,687
A consideration:

the basic/average user identifies all safety technology with the antivirus and then he is probably not interested in figuring out how work these protection mechanisms.
Obviously the line between AV and heuristic tecnology and BB, is very tenuous indeed many antivirus in circulation use these technologies. The only difference is that they use the term "heuristic detection", but it's the same management.
In general, these technologies detect malware that normal signatures based antivirus fail to recognize, generating a high number of false positives, however. And we know that we do not want to be bothered by unnecessary alarms.
So the technology is inserted directly into the classic antivirus products adjusting by default to not generate too many false positives therefore It is necessary some knowledge to calibrate all.

So I believe this technologies can't be so much decisive for all (basic/average) users as sentenced by manufacturers. Consider what a program takes place as it happens doesn't solve any of the issues left open by the normal antivirus and the point is that part of the attacks fails, but few others can have success.

Some manufacturers may try to convince you that all users need this technologies, but it's not entirely true.

nothing to add and totally spot on.
 

CMLew

Level 23
Verified
Well-known
Oct 30, 2015
1,251
best antivirus + no tweaking = good antivirus
good antivirus + no tweaking = poor antivirus

poor antivirus + tweaking = good antivirus
good antivirus + tweaking = great antivirus

See what I mean? :)

Learn the Jedi way..... not which light saber color to use. :p
 
  • Like
Reactions: SloppyMcFloppy

Hangtooth

Level 5
Verified
Dec 5, 2015
202
I on the other hand, get all alarmed when something pops up, so I *hate* false positives. Avira is good to me =) I have only seen it go nuts on one thing that i shouldn't have been messing with, and it probably *did* have something bad in it! I am looking at you, giveawayoftheday unwrapper...

Webroot almost gave me a heart attack with nonstop FPs ~ Was like having chicken little running around screaming, 'the sky is falling, the sky is falling!'.
 

SloppyMcFloppy

Level 13
Verified
Sep 12, 2015
617
I think Zemana Anti Malware Premium and Voodoshield is good because Voodoshield have a very good zero day protection, and Zemana Anti Malware Premium uses 6 antivirus engines so the protection and false positive will be quite of high, but all antiviruses generate false positives, so that is the common.
 
  • Like
Reactions: Hangtooth

jamescv7

Level 85
Verified
Honorary Member
Mar 15, 2011
13,070
When it comes to heuristics then the word 'best' is different cause it change from time to time unlike within signatures that can maintain; everything are basis on behavior which why the process needs thorough process and majority of AV's cannot reach the industry average.

Don't rely on that specific cases although Norton Sonar, Bitdefender AVC and few others can manage to prevent threats in reliable way; better yet don't rely too much. *

*Intended as secondary plan and usually HIPS when incorporate are depend on user interaction.
 

Nico@FMA

Level 27
Verified
May 11, 2013
1,687
When it comes to heuristics then the word 'best' is different cause it change from time to time unlike within signatures that can maintain; everything are basis on behavior which why the process needs thorough process and majority of AV's cannot reach the industry average.

Don't rely on that specific cases although Norton Sonar, Bitdefender AVC and few others can manage to prevent threats in reliable way; better yet don't rely too much. *

*Intended as secondary plan and usually HIPS when incorporate are depend on user interaction.

True but not all the way m8.
When people talk about HEUR, BEH, HIPS and all these other variants then most of the time people assume that for example the HEUR module is a standalone process that can protect the computer and the higher the detection (equals FP) the more kick-ass the protection is.
Take Norton sonar, on normal settings it never reports but if it does 9 out of 10 times the file actually is infected as Norton/Symantec Sonar has the highest % of detection of truly infected files.
Which means that it does miss some spyware and other crap but it targets the more serious infections, so rather then being a alarmspam function it actually only warns if there is really something going on. And to the credit of Symantec they really did something good with their Bloodhound & Sonar technology.
My point here is techniques that are HEUR/ZD/BEH based are always directly tied in either a firewall, process monitor, register monitor, file integrity monitor aka AV engine. So the HEUR function is totally useless without having a well rounded solution backing it up.
And this is exactly why programs like Kasperky, Norton/Symantec, ESET do such a good job.
Some members talk about multiple AV engines, and zemana and such programs, great stuff do not get me wrong but when it comes to HEUR based algorithms Kaspersky, Symantec and a very few other brands really mastered the art of HEUR based technology.
Now i am not advocating big brands and such, but what i am saying these brands set the bar for everyone else to maintain.
And the market shows that there are some really good AV brands out there, but only a few really do make their marks, since industry requirements are far more demanding then any VB100 (or similar tests) and this applies to most AV programs when it comes to individual technology like HEUR, they all have some sort of HEUR based algorithm yet if they are truly effective and accurate remains questionable at best, and with brands like Kaspersky, Symantec and ESET you just do not have to worry about that issue.

Remember Ewido anti spyware? It was legendary as their HEUR/BEH was stellar then Grisoft bought them and incorporated them into AVG.
After this point the very same engine made and developed by Ewido never got close to the bar they ones did set due to the fact that the AVG main solution is just not to the level overall as ewido was.
Same goes for RAV antivirus it was by many considered the first NG AV brand, they got bought and their technology is still used by some brands yet it never reached the bar ones set by them.
In other words the Turbo on a car is just as effective as the engine allows it to be.
So even while a AV package might be inferior to some other packages (technology wise) they can be stellar in being effective just because the software under the hood has the right balance between individual parts.
People should focus more on the package rather then the cream around it.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top