satyr5
join:2005-11-19
Slovenia
2 edits | My thoughts: AntiVir vs. other anti-virus programs
My story with anti-virus programs goes like this. First I used EZ eTrust 6.1.7.0 a SHAREWARE anti-virus program from Computer Associates for quite some time, but later I discovered that this particular 6.1.7.0 version of EZ eTrust anti-virus program, and probably its driver-level protection was causing an annoying FILE_SYSTEM BSOD on every shutdown/reboot/logon/logoff. Of course, I first blamed other software and it has driven me to countless installations/un-installations, modifications, tests, reboots, etc., before I realised it was EZ eTrust's fault.
So I first switched to FREEWARE version of AVG 6, but it was just at the time of upgrading the program to version 7, and then I somehow didn't like this new AVG 7 version's interface. Therefore I switched once more and started using a Personal Edition of also FREEWARE program called AntiVir. It is more and more popular and trusted anti-virus program from H+BEDV company, located somewhere in Germany, Europe.
Now I just couldn't live without its three crucial features listed below (again, at least crucial for me personally):
1. The "Filters" feature, which enables you to exclude up-to 12 processes from real-time scanning/protection. I think that this one doesn't require further explanation on why it is useful.
2. The "Write / Read only", i.e. an option for its real-time scanning that enables you to monitor only file-write or only file-read file-system operations (of course; or both)
3. The "Activate/Deactivate" feature through the system-tray icon; compare to for instance first invogking the GUI and then un-checking all the real-time scanning options in AVG. Generally I disable the real-time protection when I am off-line (quite often as a dial-up user), before defragmenting hard-disk, before software installations, driver-updates and all the similar "low-level" procedures.
Regarding the "Filters" feature mentioned above. I exclude programs for which I know that under normal circumstances are not "affected" by viruses; for instance DNSKong program (a caching, filtering and blocking "local-only" DNS server), Folding@Home program related processes, AntiVir's updating-feature related process are few programs/processes of this "type". And further, programs for which the above is true (i.e. they're not "affected" by viruses), and additionaly for which I know that they write to files a lot (so to put some stress of the AntiVir's kernel-mode filtering driver); for instance again the DNSKong program, which constantly writes to its "dnskong.log.txt" log-file and to its "presets.txt" config file (IPs resolved to host-names), then similarly Folding@Home "core" processes etc.
Here is a complete list from my "Avwin.ini" file:
OnAccessExcludeProcessNames=blackbox.exe,Contig.exe,DNSKong.exe,FahCore_65.exe,
FahCore_78.exe,FahCore_82.exe,Inetupd.exe,slsk.exe,Sync.exe,thunderbird.exe,totalcmd.exe,WGET.EXE,
While for my p2p application Soulseek ("slsk.exe" process) with which I only download very huge multimedia files, i.e. .mp3s, .avis and .mpgs, then for WackGet program ("WGET.EXE" process) with which I download only setup files from known programs (my favorite ones) and occasionally .pdfs, and for other programs too; I could simply scan those files with an on-demand scanner (I wrote "could" because I don't), and also I am not as paraniod as I was, and that is of a great significance here.
P.S., Any of the three well-known and trusted anti-virus programs, beginning with the letter "A": AntiVir, Avast! or AVG, however, for my needs and computing princples AntiVir is far best from these three. If anyone is interested; I wrote a review about AntiVir for the CastleCops site (a shorter one): AntiVir PE Review, and the second one for The Geek Culture forums (a longer one): Review: H+BEDV AntiVir program; basically they are the same thing as this post.
satyr |
