11
Parzi
5y

"Suggest an AV/AM product, Avast refuses to install."

I do malware research as a hobby and have for a while, so I can generally spot when something's up before I even run a program. If i'm unsure about it (or know something's up and wanna see its effects for S&Gs) I throw it into one of a variety of VMs, each with a prepped, clean, standardized "testing" state.

I see no point to AV/AM products, especially as they annoy me more than anything since they can't be told not to reach into and protect VMs (thereby dirtying up my VM state, my research, crashing the VM hypervisor and generally being *really* annoying) and they like to erase samples from a *read-only, MOUNTED* VHDX.

However, normal people need them, so I usually suggest this list:
• MBAM is good and has a (relatively) low memory footprint, but doesn't have free realtime protection.
• Avast is very good as it picks up a lot, but it eats a FUCKTON of resources. It also *really* likes to crash VM hypervisors if it sees anything odd in them.
• AVG is garbage. Kill it with fire.
• Using Windows Defender is like trying to block the rain with an umbrella made of 1-ply toilet paper.
• herdProtect is amazing as it's basically a VirusTotal client but it's web-based and not currently available to be downloaded. (Existing copies still work!)
• Kaspersky. Yes, it spied on US gov't workers. No, they don't care about anyone BUT US gov't workers. Yes, it's pretty good.
• BitDefender: *sees steam game* "Is this ransomware?"

hope this helps

Comments
  • 2
    for those curious, I have a VM for every major step of Microsoft OSes, plus a few extra: MS-DOS 4, 5, 6.22, Win2.X (forget the specific version off the top of my head), 3.1, 95FE, 98SE, 2000, XP, 7 x86, 7 x64, 10, 2 non-descript older versions of Debian that I don't remember the kernel versions of off the top of my head, and ReactOS (for S&Gs)
  • 1
    @norman70688 They don't pick up much, and what they do is usually a false-positive. Even on Win10.
  • 2
    @Alice i mean

    I do deal with malware as a hobby, so I do know what i'm talking about, but ok. xD

    most end-users won't know the difference, no.
  • 0
    @theKarlisK even if they did do this and the higher-ups knew, they probably didn't have a choice, so I can't fault them for it. Most likely though, they had gov't-placed plants in the company they didn't know about.

    ClamAV seems fairly useless, but on, say, a Linux email server that services Windows machines, it'd be useful, yes.
  • 1
    Thanks for this info. Been thinking for some time, what AV I should use.
    Weird, but I trust your words more than relying on random tech blogs.
  • 1
    @theKarlisK well it's Russian made and has no distinctive advantage over others so why risk it?

    I in general refuse to touch anything Russian made for numerous reasons
  • 1
    @Froot but like
    they are one of the biggest malware authorities
    and if you're not a spy your stuff won't be flagged, will it? xD
  • 2
    @Parzi I recognize you know more than me about malware since it's your hobby but not mine.
    And those who deal with it for a living know even more. So, I'm taking your assessment with a grain of salt. Like @Alice especially that of Windows Defender.
  • 1
    @VaderNT this is fair, as skepticism is healthy and you should never take a single source's word for it. As with anything in the tech field, your mileage WILL vary.
  • 1
    @theKarlisK Russia rarely produces anything that cannot be substituted with a vastly superior product from the west so it's a pretty simple rule to stick to. Notable exceptions being Nginx and Kotlin
Add Comment