Yesterday I posted about how this Buzus trojan was ruining my evening. Fortunately, I had a fallback Windows XP installation from which I was not only able to manually remove the files I had spotted, but also to try and run various other antivirus scanners: Kaspersky online (the b*tch is disabled), F-Secure online (their online version has an outdated database), then an updated AntiVir which became able to detect part of the files I posted (3 out of 5, as far as I remember), and finally… I decided to give AVG a go.
AVG is one from this quite old trio of big free anti-virus software. The others being AntiVir/Avira (my current antivirus) and Avast!. I tried them all a long while ago, by the time of version 5-6 of AntiVir and AVG, and from this period I remembered how heavy AVG and Avast! were (plus they used to require a registration on their website) while AntiVir felt so light, with a rather miserable GUI that I liked but which used to repulse “basic” users. And I stuck with it until now, even though they “upgraded” the interface to something shiny but heavy like hell, notably because Avast! was still heavier and because AVG got pretty poor ratings from anti-virus tests during a large period.
But it wasn’t all brilliant. AntiVir saved my @$$, well, I don’t remember of a single time actually. Probably it caught a few highly suspicious files that I was going to check myself anyway, but that remained highly rare. During the same time, it gave me tons and tons of false positives, notably on a lot of things I programmed myself and packed using UPX, and on a lot of trainers (I used quite many of them for Wiki4Games…). It also failed to register that I don’t want it to detect that Abel & Cain installation file which has been sleeping on my PC for ages (and suddenly got detected forever after some update). And finally, it totally missed Buzus, which I only caught thanks to RegRun. When I caught the files and sent them to online scanners (Virustotal and VirSCAN), I noticed that:
- as usual, Kaspersky pwned
- only a few scanners detected the virus (3/41=7% or 5/36=14%)
- and AVG was amongst those!
After all I’d heard and seen in tests about AVG, I was rather amazed. But considering how I was disappointed with my AntiVir experience, I eventually decided to give it another chance.
First impression: bloody hard to find on avg.com: I ended up searching for AVG free on Google…
Second impression: omfg it’s huge: the installer is more than twice as big as AntiVir: 84 MiB vs 40 MiB (Avast: is 46 MiB)
The installer is ok, it seems to do weird things at the beginning but it turns out to be a good, normal installer with the usual options. No restart needed at the end, the first run update is fast, too. The installed program is, despite the bigger installer, smaller than AntiVir (around 55 MiB, maybe there’s stuff elsewhere though?).
I start by scanning the folder where I had isolated the infected files. They’re all detected and… deleted. Ow, not cool, the default configuration is to slay the infected files. Gladly, I found them in quarantine (they call this the Virus Vault :D), and there are options to disable this “I act without asking you first” behavior. Then I scan the whole infected Windows partition… gosh it takes ages… but it does find what AntiVir hadn’t found.
I finish cleaning and finally can get back to my primary Windows XP installation. There I promptly replace AntiVir with AVG. It detects a keygen on the desktop (bloody false +, hey…) but the whitelist does work and is not limited in size to a ridiculous value like AntiVir. The Cain & Abel installer isn’t detected, too.
So, to summarize:
- kind of heavy, but not more than AntiVir after all, notably faster interface than AntiVir
- seems to have a good detection rate. OK, that’s just one sample, but on this random one he’s in the top 10% already…
- false positives on trainers and such, but working white-list system and no detection of unarmed malware like the Cain & Abel installer.
Looks like AVG is definitely back in the race. At least it’s back on my computer now 🙂