TR Forums

Hi

I'd like to know which one is better MSE or AVG AV. I've been getting different opinions from people, please advise. Thanks

Go to sites like http://www.av-test.org or http://www.av-comparatives.org and do your own research. Long story short - AVG has better detection rates but has a lot more "false positives" than MSE.

AVG has turned into bloated crap in the past couple versions. Get MSE, it won't bog your system down near as badly.

Yeah, tell me about it. I used to recommend AVG, but I don't any more. My father installed the latest AVG not too long ago, and complained that his system slowed to a crawl. Getting rid of it was as bad as cleaning out malware. Removing it via the Control Panel wouldn't work; it would say it was uninstalled successfully, but it would come right back after the next boot. I had to download a stand-alone removal tool from their web site and run it in Safe Mode to get rid of it.

I'm sticking with MSE and safe browsing practices.

Airmantharp wrote:

I'm sticking with MSE and safe browsing practices.

If one is sufficiently paranoid, one can even create a virtual machine dedicated to web browsing. Anything ever owns it, you blow it away (or revert to an old snapshot) and continue.

I've been satisfied with Firefox+that extension that we don't mention+NoScript+another ghosty extension+Sandboxie for viewing questionable sites [1]. Everything else gets a fairly standard Chrome.

[1] /real/ paranoiacs might include that in with their VM!

bthylafh wrote:

Airmantharp wrote:

I'm sticking with MSE and safe browsing practices.

If one is sufficiently paranoid, one can even create a virtual machine dedicated to web browsing. Anything ever owns it, you blow it away (or revert to an old snapshot) and continue.

I've been satisfied with Firefox+that extension that we don't mention+NoScript+another ghosty extension+Sandboxie for viewing questionable sites [1]. Everything else gets a fairly standard Chrome.

[1] /real/ paranoiacs might include that in with their VM!

Real paranoiacs will also probably run something in the VM other than Windows...

just brew it! wrote:

Real paranoiacs will also probably run something in the VM other than Windows...

Those are the fellas running OpenBSD as guest and host.

Eh I use Clamwin and/or Symantec Endpoint. For other less technical folks or for laptop usage I use Panda Cloud.

I've used Avira Antivir in the past and it's worked well for me. McAfee Stinger is good too.

Those things bthylafh mentioned there are also versions for Chrome (of which I suggest Iron).

just brew it! wrote:

Yeah, tell me about it. I used to recommend AVG, but I don't any more.

AVG 7 was really good, but version 8 was when they "sold out". No idea what version they are on now. But to answer the original post, use MSE. It's hassle and pain free and uses very little resources.

I've been a strong supporter of MSE, lately I've been trying out Avast. The guy who created MBAM said it was his favorite free AV, so I figured it was worth a shot. Haven't had to remove anything with it yet, but I've installed it on four of my systems now. I hope to gather some data soon on its detection rate.

Avast is okay. I wouldn't suggest it for an amateur, but I do like the boot time scanner. It does still have that, right?
I generally use MSE and safe browsing for myself these days.

Recently I had a LOT of infected Macs come my way, and I had to use ClamAV to clean them up. It's not that bad actually. Light and simple to use. Seems effective enough. Might not win any awards for visual design though.

AVG is irritating these days; It constantly bugs you to upgrade to the paid version.

Even if you do buy the paid version, it's full of adware for other AVG products like system accelerators and registry cleaners. I feel that paying for a product should remove adware and bloat for features that your paid license doesn't cover.

Chrispy_ wrote:

AVG is irritating these days; It constantly bugs you to upgrade to the paid version.

Even if you do buy the paid version, it's full of adware for other AVG products like system accelerators and registry cleaners. I feel that paying for a product should remove adware and bloat for features that your paid license doesn't cover.

I used to pay for AVG and put it everywhere- MSE is just so much easier and less bloated.

I'd consider something other than (or in addition to) MSE if I were doing critical work on a non-secure (i.e. the Internet) connection, but I don't do any of that yet.

I'm using Avira (free version) right now and it seems pretty good for a free AV. I've come from MSE and haven't noticed that Avira is more bloated - though you do get the odd pop-up adds for Avira software.

lazy_boy wrote:

Hi

I'd like to know which one is better MSE or AVG AV. I've been getting different opinions from people, please advise. Thanks

Here's my opinion on security of the Windows platform...

(1) Get the Windows version with Software Restriction Policy (SRP) or AppLocker. Typically, this is Professional version or better.
(2) Install the applications you need, from trusted/legit sources.
(3) Password the default Administrator level account. Only use this account for updates, upgrades, and system level changes.
(4) Set up a Limited or Standard User Account. Use this account for daily computing.
(5) Apply this: Use a Software Restriction Policy (or Parental Controls) to stop exploit payloads and Trojan Horse programs from running
=> http://www.mechbgon.com/srp/
(6) Download and install Microsoft's Enhanced Mitigation Experience Toolkit or EMET.
=> http://www.microsoft.com/en-us/download ... x?id=29851
(7) Use EMET on specific applications like Adobe Reader, Firefox, Internet Explorer, etc. Test it first to ensure no issues with your computing uses.
(8) Install/use your favourite AV.
(9) Stay updated and use your head by being aware of what you're doing. (Security aware computing habits).
(10) Disable things you don't use. For example: I don't view PDF files through the browser. Nor do I allow Adobe Reader to run JavaScripts or third-party attachments.
(11) If you want to scan a suspicious file (under 32MB in size) with multiple AV engines, consider https://www.virustotal.com/

A few side notes:
* I recommend using AppLocker or SRP over Parental Controls because the latter does not cover DLLs.
* EMET introduces memory based protections for the system and applications. The point is to greatly reduce the possibility of memory based exploits targeting your web browser, etc.
* In (5), make sure you read Step 6: find and close loopholes and apply it. (Applicable to Win7 and SP1 as well as Win Server 2k8 R2 and SP1).

The overall point is to not solely rely on AV. There are other mechanisms available that help you set your system up in a "default deny" configuration. This greatly reduces compromise and infection. ALL are FREE to use.

Default Deny => Don't allow anything until you say so. This kills self-executing malware. The only thing you have to worry about is social engineering tricks to get you to execute bad code. (That is learned through experience and spotting fakes).

All of this is way too complicated for an average user Many good antivirus (or rather "internet security") suites already contain similar protection mechanisms ("vulnerability protection", parental controls, individual application controls, rollback of all the changes/modifications by unknown application, etc.), all of which can be set up and adjusted in a single, much more user-friendlier GUI. Of course all of this can fail (for example, if malware is specifically designed to go around or terminate the specific version of "internet security" suite), but same can happen when using built-in OS features (and other third-party programs).

Last time I used MSE, it kept nagging me about files that weren't viruses, and seemed to collect unusual information on my system. I haven't looked back at it since, but there may be a way to turn all that off. Right now, I use Avast, and from hearing all this about AVG, I'll likely switch one of my systems running it to Avast.

C-A_99 wrote:

Last time I used MSE, it kept nagging me about files that weren't viruses.

Maybe they were actually a malware and you simply didn't want to believe in that If you think the file is "false positive", it's better to submit it as such to the AV vendor using appropriate tools, so they will properly analyze it so you will know for sure (and the program will stop bothering you about them after next updates). It's also strange to hear that considering MSE has the lowest "false positive" detection of all antimalware programs, free or otherwise...

C-A_99 wrote:

collect unusual information on my system.

It's not "unusual", it's supposed to collect a data about "suspicious" applications (such as the checksum of suspicious files, how long it took the antivirus to scan that file, etc.), suspicious URL's you might've visited and also stuff like your PC's hardware/software configuration. It doesn't collect any user-identifiable data and it doesn't "care" what you have downloaded from torrent sites and it won't report to your wife that you like to spend a lot of time at shemale video sites Many AV's have such function now (for example Kaspersky has "Kaspersky Security Network", Symantec has "Norton Community Watch") and you can always disable it if you don't want that to occur.

JohnC wrote:

C-A_99 wrote:

Last time I used MSE, it kept nagging me about files that weren't viruses.

Maybe they were actually a malware and you simply didn't want to believe in that If you think the file is "false positive", it's better to submit it as such to the AV vendor using appropriate tools, so they will properly analyze it so you will know for sure (and the program will stop bothering you about them after next updates). It's also strange to hear that considering MSE has the lowest "false positive" detection of all antimalware programs, free or otherwise...

There are a few legit things out there that MSE simply refuses to think "good" unless beaten across the brow. In my particular circumstance it's the patch to increase the number of concurrent TCP connections (EvID4226 patch). Once I told MSE to ignore it, it happily ignored it. On the flip side, this patch made changes to deeply-embedded system values and I would be unhappy if an AV program didn't at least ask me "You sure about this?"

Well, it's a file that modifies one of the system files, TCPIP.sys, and such modifications can also be used for "bad" purposes (such as by DDoS "bots"), so it's not surprising MS (and not only MS - for example ESET also considers it as perpetually "evil") refuses to consider such behavior as "legitimate" (even if it is in this particular program) But as you've said, simply "ignoring" it once will stop any warnings.

A number of AV programs also used to flag VNC as malware.

JohnC wrote:

It's also strange to hear that considering MSE has the lowest "false positive" detection of all antimalware programs, free or otherwise...

IIRC AV-Comparatives.org gave MSE a Bronze medal in 2011 for its small amount of false positives.