Windows related question: Which AV would you trust?
GeneralThis forum is for non-technical general discussion which can include both Linux and non-Linux topics. Have fun!
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Windows related question: Which AV would you trust?
Hi folks,
I need to know if certain files are clean (it's a .zip file containing other windows related files). I scanned the zip with Clamav under Linux (through the ClamTK interface), and got a warning about some about some PUA.something (Potentially Unwanted Application; can't copy the exact warning atm since I'm not in my PC right now, but will do it when I get home). Then I booted a Windows XP VM, scanned the .zip with Malwarebytes (the free version), AVGfree and SpybotSD, and all of them told me the file was clean. I did a web search about the warning returned by ClamTK and found some threads in other forums -even in the Clamav forum, IIRC- where people claimed this is a fake positive due to Clamav detecting some type of packers (I think this is the word they used) that are present in some type of malware, but that can be present in clean files too.
So, after this explanation of the problem, which AV would you trust in this case? I've read that Malwarebytes is really good at detecting malware, so I'm thinking this might indeed be a fake positive, but still would like to hear other people's opinion on this.
If it is under 32 MB you can test it with VirusTotal, which will test the file with a whole bunch of different scanners.
Other than that, if only ClamAV claims to have found malware I would think that it really is a false positive.
Well I checked the file and got 2 positives and 30 negatives. ESET-NOD32 says it's a variant of Win32/Packed.VProtect.C, and Sophos says it's a Sus/UnkPacker. Even Clamav on VirusTotal says it's clean,and the Clamav Database was updated the July the 20th. BTW, the warning returned by ClamTK is PUA.Win32.Packer.PrivateExeProte-10.
I think I'm going to take the slight risk and use these files.
Going back to your subject line, I have used AVG Free for a number of years and it has served me well. They will make several attempts to sell their for-pay product before you actually reach the AVG Free download link.
I used to use F-Prot and also think highly of them, but they did away with their "free for home use" version. McAfee and Norton are far too clunky for my taste.
Malwarebytes is highly regarded by the denizens of alt.comp.virus. The free version is strictly an on demand scanner.
As frankbell stated, AVG Free is a good one but my personal favourite is Avast. Also Malwarebytes free version to attack the nasties from another angle too
Yeah, I always use a combination of SpybotSD and AVGFree (the real free edition) and they both have worked good for me. Though I haven't used Malwarebytes too much, looks like a powerful AV too. As for Avast, I haven't used it yet.
Although I try not to get malware on Windows (the installed one, not the VM) I don't care too much either since almost the only thing I use it for is to play games, when I happen to play.
Distribution: Slackware (mainly) and then a lot of others...
Posts: 855
Rep:
Wow '30 negatives and 2 positives'. I had no idea there were so many AV in there. BTW how much time did the entire analysis take? Whatever the time frame it, it definately is maddening.
Wow '30 negatives and 2 positives'. I had no idea there were so many AV in there. BTW how much time did the entire analysis take? Whatever the time frame it, it definately is maddening.
I'm not sure how long did it take, but I think it was not too lonlg since I left it uploading the file for a few minutes and when I came back it had already uploaded it and scanned it. Anyway, it's an useful site, for cases like this.
Quote:
Originally Posted by John VV
avg free version is good for XP
and so is ClamAV
clam has found things that Norton AV missed ( or allows - some "spyware / tracking softwere" Norton ALLOWS)
just run clam from a linux machine
What about AVGFree on Windows 7? Does it work fine there too? (I ask because I have a laptop with Win7 and AVGFree in it, so I'd like to know)
If they offer it, I'd have similar confidence to the XP version.
But that was also when I last used it. I don't do (local) mail on any version of Windoze these days.
If they offer it, I'd have similar confidence to the XP version.
But that was also when I last used it. I don't do (local) mail on any version of Windoze these days.
I think it's the same version (I was wondering if it behaved the same on both Windows versions; I guess it does). As for mail, I don't use any email client on Windows and only download attachments (from the browser) when I'm completely sure they're safe.
Quote:
Originally Posted by frankbell
In my experience, yes.
My Win 7 computer came with Avast on it. It seemed to work fine, but the level of nagging was unacceptably high. That's the main reason I ditched it.
I know what you mean, these programs that prompt you every 5 minutes for everything can be a real pain. That's the reason why I stopped using 3rd party firewalls on Windows. Now I only use Windows' own firewall and configure it to block everything. I don't browse the net too often from my windows installs, anyway (except when I'm at work).
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.