AVS: CIS 3.9 versus free Avira

I am trying to decide between using
A) CIS 3.9 with the free Avira (CIS’ AVS not installed)
or
B) the complete CIS 3.9
In both cases, assume installation on a PC free of malware, with Defense+ in Clean PC Mode.

I understand CIS 3.9 is unique because it includes BOClean technology (and heuristics), but Avira scores best in detection of zero-day malware because of its advanced heuristics. Avira does not get the top scores at av-comparatives.org and anti-malware-test.com because of its higher false positives (FP) rate, which is important to me since I share my PC with an inexperienced user.

My inexperienced user is on a PC fully expanded to 288MB RAM, so resource usage is important. I currently configure my AVS to update only at boot (once a day) to avoid this PC being unusable for a few minutes during signature updates. I previously used BOClean on a 3GHz PC with 1GB RAM, and I saw the PC get very slow for a minute every so often.

How do these choices compare for detection rate on zero-day malware?
How about FP rate?
How about resource usage?
How about malware removal?
Any other things to consider?

Thanks in advance

Avira is great in heurestic but bad when it’s often display a false positive.

Another comments?

Both
CAV Realtime AV
Avira On-demand and schedule automatic system scan weekly

Given your (very) low ram, I would advise you to use only 1 program. So only 3.9… if you had more, I would sujest you to use CIS + avira and keep CAV as on-demand (just for 1 month)

                                    [b]                 Avira                      CIS[/b]

Zero Day threats great good
False Positives acceptable acceptable
Resource usage low extremely low
malware removal good good

Xan

Hello silent music7.My take on this one is:Avira does generally have the best detection rate when doing on demand scans, around 99.7%.In zero day threats it only detected 71% in tests ( av-comparitives) of zero day cases, and that means it potentially lets in 29%!! to cause damage. So on this one i would go for Cis. Why?. Because it has 3 levels of protection, Firewall, Av, and the Big one here, Defense+.

Now Defense plus has in tests ( you tube for example) never let anything in to damage your computer,as long as you can understand the alert messages you receive, and then make the right decision in clicking “allow” or “block”.Therefore potentialy stopping that 29% getting in. However in the unlikely event of something getting past defense+ then either the Av or The firewall will do their job. 3 against 1 here.

Cis also has Buffer overflow protection, version 3.8477 onwards, and Cima version 4 will, and do protect like no other app in that something like 60% of attacks were buffer overflow related according to Melih ( i believe him) and i dont know of any other app that has the protection.

Avira does not have buffer overflow protection.Cima wiil improve detection dramatically and reduce false positives too. There is likely improvement in detection due in another version between 3.9 final and version 4 with engine and signature improvements which will narrow the gap detection rate wise between the two.

If its just on demand Av scanning then Avira is the choice( at the moment). I beleive this will change before the end of the year, as good detection is one thing but Avira is known for Fps and high detection rates 99% plus go hand in hand in general. A squared for example 99% plus and high fps is well known. Fps can be as damaging as spyware, if the wrong decision is made as to what to do about them.

Cima is known for extremely low fps and i reckon the combination of Cima and the planned engine/ signature changes will address the balance in Cis favour. This is just my opinion and dont expect some to agree with me but you asked for an opinion and i have given mine. 3 layers of protection against one.

I admit you could use another firewall and some other Hips type Product or behavior blocker like Threatfire/ Geswall/ or Prevx edge to cover for the inadequate realtime guard that Avira uses, but that would be using different comanies products.This would add more of a drain on your system resources and ram and most likely start up times would increase and computer slow, due to using multiple products. Comodo never uses much more than 7 mb and that is very small in comparison to using Avira on its own, never mind adding a couple of extra layers of protection seperately. I Hope my opinion can help you reach the right decision for youre own needs, but suggest you do some research.

Regards
Dave1234.

I use both. I have CIS AV set to Stateful and Avira disabled. I manually update Avira and alternate scans with it and CIS.

Dave. Could you edit your post? It is a challenge to read without paragraphs.

Hi. I myself have used Comodo’s Firewall for a year and a two/thirds. Comodo’s AV since it’s release.

I haven’t had any problems other than a few small pgm glitches, some caused by myself.

I haven’t gotten even one FP.
No important account’s have been hit.
I actually haven’t had one problem with the internet since using Comodo.

But to qualify those facts, I’ve only had a few troubles with the internet over the years. Maybe that’s cause I’m not too risky, but probably risky enough to get more prob’s than I’ve had. I’ll never know.

So, I think you need to take into account your own behavior when making your decision.

It seems to be an agreed upon strategy to have a second manual scanner set up, I currently use Malwarebytes (don’t know if that’s a good choice really). And when I use that scanner, nothing comes up, so my main protector, Comodo, isn’t suspect.

And I know nothing about Avira, so no thought there.

I strongly recommend using Comodo, the AV as well. I don’t think you’ll have any problems, and you’ll love the resource usage, it’s gotta be the most efficient.

You can select NOT to install the realtime scanner module during Avira installation.
As I remember, if you install it, the process for realtime scanner will still take up memory even you disable it.

You should be fine with CIS alone (as long as you pay attention to the alerts raised by D+ and don’t let stuff you don’t know run… Or connect to internet for that matter)

Avira has heuristic as well… Probably better heuristic than the one currently in Comodo’s antivirus… Even if comodo has some great stuff in plan like the CIMA heuristic (scheduled for 4.0).

If you look purely at the antivirus then Avira is better as for now… If you look at CIS as a whole then CIS is better at fighting malwares/viruses/trojans due to D+. (MUCH BETTER, probably all you need…)

But if you like Avira then you can combine them… But if resources is your biggest concern then go with CIS purely… =)

On a low on ram computer as you described (288MB RAM) I would suggest you read some about disabling services (boosts security as well…) and that you do some system cleaning/registry cleaning with CSC: https://forums.comodo.com/comodo_system_cleaner_fileregistryprivacy_cleaner/comodo_system_cleaner_116494638_released-t38861.0.html

=]

Keep Avira on access, since it is a proven anti-malware by independent test labs (Frankly, in the last year, the single best engine you can get in detection - not false positives). Then, keep CIS anti-malware on demand, until you see independent test results from places like AV-test, Westcoast labs etc.

Not if you tell the service not to load. You can turn off real time scanning and the service will still normally load. You need to specifically tell Avira not to load the service.

I use a-squared HiJackFree to turn off the Avira services and just run an on demand scan whenever I want.

Avira is great. I used it before I was completely bought over by CIS l now using ver 3.9.

Back then I was ignorant of internet security and only armed myself with anti virus program. A lot of my friends are also being ignorant such that they do not have any additional firewall protecting their PC. They though seem happier and much more care free in using their PC than the people who’ve realized that the internet is such a dangerous place. Good for them ;D

To me CIS is like the best thing that ever graced the personal computer since Microsoft came out with windows. LOL.

I can not yet depend upon CIS for system scans as it has far too many false positives. I posted the following in another topic:

“I use Avira as the on demand scanner because CIS gives WAY too many fp’s. For example I just scanned my computer with Avira and it was totally clean. Right after that I ran a scan with CIS and got about 500 or so false positives… not good. Basically, CIS systems scans can not be trusted yet. Until then I will keep Avira as the on demand scanner.”

At first I liked Avira but it seemed to me not wok with D+ well and seemed to be resource hungry. Best fo luck with Avira but remember having to antivirus programs is not a good idea.

I also have SUPERantispyware and Malwarebytes, both great to have.

Only if more than one application is set for real time scanning. Multiple AV’s are just fine if only one is set for real time scanning and the others used on demand.

Avira FP detection for Comodo leak test every time when I use it as on demand.
(When install Avira, please select custome installation, and uncheck AviradGurad, then you can have Avira as on demand scan function)

Some of the malware are not detected by Avira, but detected by CIS. Of course some of malware not detected by COMODO, but detected by Avira.

Therefore, if you find some baddies that COMODO not found, please send those samples to COMODO.
You can use Avira’s “Restore As” function in Quarantine, then zip them and send to Virus total for comfirmation it is a baddy, then submit it to COMODO. It can increase COMODO CIS’s detection capability.

Recently, I use Avira as on demand scanner, but I found one thing strange.

Everytime I use it for scanning my PC, 2 suspicious files are generated in
C:\Documents and Setting\All Uwers\Application Data\Avira\AntiVir Desktop\Temp\AVScan - yyyymmdd
folder with extension of av$

COMODO scanner recognize them as Unclassfiedmalware@8354058.

I save them and send them to Virustotal for analysis. Most of the AV programs said they are malware.

Don’t know if anyone has the same experience with me.

Yes, I’m sure they are false positives by Comodo. Besides, they are temporary files anyway that are deleted later without user intervention.

I also recommend using Avira, MBAM, SAS as on-demand scanners if you are using the full CIS suite. Amazing stuff!