A longtime believer that common sense and proper know-how did away with the necessity of antivirus software, I was recently forced to re-examine that belief when my sister brought multiple pieces of malware home with her from college. After spending my weekend dealing with infections across four of our computers at home, I installed a free but highly-regarded antivirus software, among other things, on my sister's laptop and sent her back to college.

She's back again for her after-exam holidays, and her laptop is malware-free. Out of curiosity I browsed through the quarantine function of the antivirus software I installed for her, which had caught no less than a hundred infections in less than one week. Again, out of curiosity, I zipped up a few of the infected files onto a USB drive, and scanned them with PCTAV.

Of the six different pieces of malware the other antivirus product picked up, PCTAV failed to detect even a single one.

Much as I am partial towards PCTAV, I must ask serious questions about its suitability for public use. In the short while I have tested it, it appears that there are multiple bugs in the program, none of them critical, yet annoying all the same. Yet while all these bugs pose are inconveniences, the shortcomings of the scanning engine are truly atrocious and unforgivable. Running my sister's infected files through three other antivirus software (I have a different one installed on each computer now) confirmed that they were not false positives. These are live samples that are actively spreading in the wild, not sterile specimens locked up in a virus zoo. If I had installed PCTAV on my sister's laptop, I have no doubts that I would have spent all of today cleaning up my sister's laptop, and would have to delay typing this post until tomorrow.

Does PC Tools truly have the resources and connections needed to engage themselves in the antivirus industry, one where there is no tolerance whatsoever for technical mediocrity? Are the developers aware of the various problems plaguing this software, and what, if anything, are they doing to fix it? And last, but not least, what can we as common users do to help?

Hi solcroft,

Please know that our PCTAV program is always improving and we have the resources to become one of the best antivirus programs out there. Our developers are working very hard to ensure that PCTAV will become a top knotch program.

Please realize, we are new to the Antivirus scene and our software is constantly developing and adapting to catering to the hundreds of new threats everyday. We have established our company as one of the main competitors in the spyware industry and would like to carry this trend with our antivirus software.

Although there may be a few bugs in the program, these issues are being worked on and will be resolved with the new version which will be released in February.

With the viruses that are not beinig detected by PCTAV, you can send us samples via http://www.pctools.com/mrc/submit/ or you can email me these samples and I can then pass this on to the analysts to investigate.

Feedback is very important to us as this will give us some knowledge on what customers really want within their software and we can consider these for current/future releases.

I have already submitted password-encrypted copies of the malware samples via the MRC website. It will be interesting to see how long the turnaround time is for the developers to release the necessary signature updates, I think.

As I mentioned, it is not the bugs in the software that truly concern me. The forum staff (yourself included, AChen) have paid attention to the issues raised and assured us that the next release would bring bugfixes. What DOES concern me are the issues with the scanning engine and PCTAV's detection rate, which I fear that, by the time users do post their feedback, consumer confidence is very likely to have already gone down the drain.

It is not merely a matter of the six samples I have at hand; god knows how many other viruses are running out there undetected by PCTAV. The much larger picture is not only whether PC Tools has the programming know-how to create an excellent program, but whether your company has the industry connections and resources to be informed of new malware as they arise, and then quickly create vaccines for them as well. I am no industry insider by any means, though I can imagine being new to the field poses its usual hiccups... but I suggest PC Tools, for its best interests' sake, get over this teething period ASAP.

I think that PC Tools has the know-how to make a great anti-virus program. I mean just look at downloads they get on www.download.com, its not like it isn't popular. Being that the popularity is so high I would imagine that the company has alot of "backing" to adhere to the abundance of customers they deal with day to day.

How long ago did you submit the threats to them? I think that you need to chill and let things ride, thats unless of course the threats are doing damage to your PC, which would adversely affect you. Is this the case? Seeing as you can post on here with no trouble there musnt be too much going wrong with it.

Just my 2 cents.

Peace.

The only reason I can post here with no trouble is because PCTAV was NOT the line of defense guarding my home network. As I mentioned there are 4 different antivirus products running on 4 computers my family has, so even if one of them gets infected, the other three are reasonably secure. If it had been PCTAV that was installed on my sister's laptop instead of another product, I'd have spent all of yesterday cleaning up the veritable petri dish of viruses her laptop would have become.

To be honest, I don't find it acceptable for a product to miss detecting threats on the basis that the aforementioned threats "don't do damage". We have different standards of judging, I guess.

The reason I am posting this is not to lambast PC Tools for the shortcomings in this product, but to hopefully alert them of the potential severity of the problem. This is the kind of issue that, by the time users raise it to the developers, they will most likely have lost faith in the product and damage, perhaps irreversible, has already been done to their computers. I am sticking it out and still looking forward to the next release of PCTAV - but heaven knows there are some people who are not so forgiving.

I respect your opinion and I can't say that you are not right. However, everything you see around you has been built on a base. Everything has a start, and the things that are big (and/or) efficient today were small in the past. You cannot judge a software company just by 1 product. I can tell you this because I work for a security company and this work is not so easy. PCTools need our feedback in order to improve their products. I recently have scanned big malware collections and the detection rate is pretty high. I can say that this is the ONLY antivirus package that stayed on my PC more than one month (and I consider using it and recommending it as long as there will be a free version). Also, there is allways freedom of choice. If you think this antivirus does not suit your needs, consider installing another :). Simple as that.

I hope you understand that i'm not trying to defend anyone here or acuse or anything, this is just my humble opinion.

Best regards.

You're right indeed that the freedom of choice is always there. There is fierce competition and brand loyalty contests now even among the free antivirus software market, something unheard of as early as two years ago, I believe. If a package fails them, people are likely to simply pack up and move to another. PCTAV still has my vote for now, and since I'm on summer vacation, I can afford spare time to test and tinker around a bit, but most are unlikely to be as forgiving as you or I.

Incidentally, I've just submitted another batch of malware via the MRC website. I am not sure if submitting missed/false/suspicious detections en masse is going to be helpful to the developers at all, so somebody please stop me if this is indeed a counterproductive exercise, otherwise I plan to send samples to PC Tools as I find them.

No, you're doing a great job ;). A little constructive criticism is allways good. I am trying these days to send some undetected malware too but for now I am limited by the quarantine items number (I cannot see wich of the samples were detected) :D.

The inevitable finally happened after days of handling virus samples, and I was forced to reformat my hard drive after I accidentally executed a trojan sample from China - which PCTAV, as usual, did not detect.

I've switched to another antivirus product for now, and will not be touching PCTAV until its next release when there will hopefully be much-needed fixes and improvements to the program. As bad as the detection rate already is, a substantial percentage of PCTAV's detections seem to come from its heuristics, as far as my suspicions go, seem to indiscriminately flag any files compressed by packing routines such as PECompact or NSPack, infected or otherwise (I may be wrong about this). Comparing detection results between PCTAV and VirusBuster (using www.virustotal.com) reveals that detection rates and malware names are virtually identical, suggesting that PCTAV engineers have done little, if at all, to modify and improve the VirusBuster-based scanning engine and signature updates. Submissions to the MRC seem to have yielded little in the way of actual results thus far, with neither any response from PC Tools, nor PCTAV succeeding in detecting the samples days after submission.

I cannot in good conscience recommend PCTAV to anyone right now. Annoying bugs aside, PCTAV fails horribly at its core task as well, as viruses slip through it like water through a sieve. The program is virtually useless compared to the competition it faces right now.

Hopefully the next version will change things.

The inevitable finally happened after days of handling virus samples, and I was forced to reformat my hard drive after I accidentally executed a trojan sample from China - which PCTAV, as usual, did not detect.

I've switched to another antivirus product for now, and will not be touching PCTAV until its next release when there will hopefully be much-needed fixes and improvements to the program. As bad as the detection rate already is, a substantial percentage of PCTAV's detections seem to come from its heuristics, as far as my suspicions go, seem to indiscriminately flag any files compressed by packing routines such as PECompact or NSPack, infected or otherwise (I may be wrong about this). Comparing detection results between PCTAV and VirusBuster (using www.virustotal.com) reveals that detection rates and malware names are virtually identical, suggesting that PCTAV engineers have done little, if at all, to modify and improve the VirusBuster-based scanning engine and signature updates. Submissions to the MRC seem to have yielded little in the way of actual results thus far, with neither any response from PC Tools, nor PCTAV succeeding in detecting the samples days after submission.

I cannot in good conscience recommend PCTAV to anyone right now. Annoying bugs aside, PCTAV fails horribly at its core task as well, as viruses slip through it like water through a sieve. The program is virtually useless compared to the competition it faces right now.

Hopefully the next version will change things.


solcroft,

It is unfortunate to hear you are disappointed in PC Tools Antivirus' performance. You are right in stating that PC Tools is very new in the market and that there is a growth phase where we will need to catch up quickly in the program's function and performance.

We thank you (and everyone elses' in here) for your feedback as it is important for us to hear what the customers are saying.

We look forward to releasing a newer and ever-improving version of PC Tools Antivirus soon.

Customer Support Services
PC Tools
www.pctools.com

This is slightly off-topic, but since support is reading this... may I ask what became of the samples I submitted via the MRC website? Other companies such as AVG and Avira promptly notify you about the results of their analysis and when the new signatures are released, but there seems to be no response or action on PC Tools' part, as far as I can tell.

In my opinion AV is an OK virus remover. Still needs abit of work and looking forward to the new version this month, to see if the bugs have been fixed. There are alot of other AV programs, so if your not happy with this one, you can always go to another company.

So far I think my comp is virus/malware clean using PCTAV and SDv5 Beta.

Yeh, I use to dislike the use of SD cause of the splash screen taking ages to load. But im using the Beta version and no more splash screen so thats a start.

Petertron5000

Hi all

For the record, I've been using PCTAV on 2 PCs in a networked & firewalled office environment since 02/01/07. Apart from the annoyances posted at http://www.pctools.com/forum/showthread.php?t=44963 I have nothing bad to report and am happy to continue using it. (I've also noticed that it periodically scans the floppy drive for no apparent reason but this has not caused any practical problems.)
During this period PCTAV has detected and quarantined malware in incoming emails but nothing else. Because PCTAV is new and I'm still evaluating it, I have not relied on it completely. At the end of every day, the two machines are scanned with ClamWin which has so far failed to detect anything (i.e. that PCTAV missed).
Thus I can confidently say only that PCTAV has not failed to detect anything that ClamWin has, which for all I know may have as much to do with the threat potential of our office environment as it does about the effectiveness of PCTAV.

I must say then that I'm intrigued by Solcroft's posts. It's not that I have any reason to doubt the credibility of his/her claims and observationsm, it's just that I find my eyes widening as I read of his/her experiences and wonder why he/she is relying on PCTAV to protect a system that's apparently swimming in a malware soup!

Pete :)

ClamWin isn't exactly a very reliable scanner either, as far as I'm concerned. It'll do a decent job of protection, is good for a second opinion, but I'd rank it an 85 out of 100 on the effectiveness scale. Granted, nothing provides 100% protection, but if you want peace of mind I'd suggest AntiVir Classic or AOL Active Virus Shield as far as free software go. They're top-notch scanners IMHO, though their other aspects may not necessarily be ideal for your purposes.

I will say, however, that PCTAV does a perfectly fine job of catching the major viruses, the ones that make the headlines. If you're operating in a low-risk environment, PCTAV will do just fine (but then again, so will common sense). East/Southeast Asia, however, is a region where law enforcement are slow to act against online miscreants (if indeed at all), there is much to gain from electronic vandalism (stealing gold from MMORPG accounts come to mind), and piracy is rampant. I will declare that the ItW list holds no relevence here, as I've encountered malware not listed in the WildList more times than I can count. PCTAV's trojan detection is also rather lacking, and I suspect this is partly because PC Tools intend to "outsource" the task of trojan detection to Spyware Doctor, at least partially. And last of all, PC Tools' apparent lack of response to malware submission samples does little to inspire confidence.

Hi Solcroft, thanks for the extra info.

ClamWin was not my first choice as a non-active scanning AV for Windows. BitDefender 8 would have been the one but it, like your suggestions, is not licensed for use in a commercial environment.

As for spyware trojan detection, I'm not relying on any AV to find them. Some do and that's a bonus, but I prefer to use separate apps.

You mention "common sense" as adequate protection in a "low-risk environment". For a number of years I ran a 486 laptop with Win98 using K-Meleon browser, Tiny Personal Firewall and caution as my only protection. Periodic scans with F-Prot[DOS] and Kaspersky[DOS] revealed nothing untoward.

Safe Hex!
Pete

On topic- It's ready for prime time when it's on Av-Comparatives lol. I wish some PC tools representative would just say yes it's going to be on the upcoming test... Or the test after that... Or just any test.... Instead of... "We are being tested on many sites..." Gah! If you read this say yes or no! lol. You can't do horrible on Av-Comparatives because they'll test the best version (Which would be the final version of SD 5 with AV incorporated into it)

Off topic: I trust Kaspersky for all scans. Has IMO the best malware detection, AV-Comparatives proves it... And with the various tests I've done it's detected the most.

I don't think we'll see PC Tools in the VB100% and AV-Comparatives tests just yet. VB100% certification is carried out on a schedule, not when developers submit products to them, and AFAIK AV-C only publishes results for products that achieve a minimum detection rate (anything less than a Standard certification level is not posted on their website, I believe). In the meantime, we'll see how they fare on the ICSA tests.

Kaspersky is indeed a very good scanner, and they've improved rapidly since they first entered the Chinese market. Their turnaround time for new malware submissions is something like 2-3 hours, IIRC, and they've learned to greatly improve their generic detection signature strings and ability to recognize viral code in packed executables – necessary traits for any self-respecting scanner to perform well against Asian malware, IMHO. Adware and spyware seem to be most rampant in the Western electronic world, but as far as trojans and self-replicating malware are concerned, the rest of the world seems quite tame compared to home. :)

I don't think we'll see PC Tools in the VB100% and AV-Comparatives tests just yet. VB100% certification is carried out on a schedule, not when developers submit products to them, and AFAIK AV-C only publishes results for products that achieve a minimum detection rate (anything less than a Standard certification level is not posted on their website, I believe). In the meantime, we'll see how they fare on the ICSA tests.
)

That is true, but with SD and PCTAV this should be easily achieved, and if not... They make a 2nd report showing other scanners and what they detected (as long as the companies agree with it)... Comodo's AV/AS would be on there... But common comparing Comodo with SD with PCTAV is really no competition on which is better. Comodo is VERY young in the malware detection/removal department... While PC Tools, is more experienced. Which is why I'm confident if it was put on these tests it would do very well at removing the malware put up against it.

I'll never buy PCTAV, and maybe not even SD (Considering the AV can go in it for free... Which seems like a waste of money if I don't have the AV built in to the scans) until I see them on AV Comparatives... And VB... I could care less... Who doesn't have a VB100% certificate now a days?