Long-term experience with a-squared Anti-Malware (a2-AM)

Thanks for the info:

My one year special on the full A2 version has run out and I plan to download the free version to use as a scanner my XP computer. All I seemed to have picked up over the year were a small handful of  FP's with the Ikarus engine. I guess this engine will not be part of the free version. There was a pesky problem with updates...if you went too long between them, you had to download  the whole database again, hopefully that won't be my experience with the free version.

Is there anything that will clean up infections as well as MBAM? I also have SAS and WD, do they work just as well? I haven't been able to download MBAM updates on this XP machine for several weeks now, even after changing to Avira AV and the Outpost Firewall. So what I do is just wait until a new version comes out every few weeks and then install it and then do a deep scan. This updating problem is weird...it happens once in awhile on the Vista 'puter that has Avast and Online Armor. Yesterday the MBAM update went fine to 204 KB and then stopped, followed almost immediately by the error message. I cleared the screen and within seconds started the update again and it finished just like normal. As always, thanking you and ky331 and BB for ongoing information and ideas.

Let me preface these thoughts by noting that I do not personally use A2 (neither free nor anti-malware), but it would appear to me that the current version 4.5.0.8 (7/13/09), even of the free program, includes the Ikarus Anti-Virus engine (for scanning/cleaning only --- but NOT resident protection) in addition to the "classic" a2 anti-malware engine:

http://www.emsisoft.com/en/software/free/

Dale:   As I mentioned a while back, when you first mentioned your difficulty in obtaining MBAM updates... and some people here and/or at the MBAM forum suggested you check-out whether your firewall, anti-virus, and/or proxy server was blocking MBAM... my "gut" then and now believes you're experiencing a "time-out" with your dial-up connection:   If a particular version/build of MBAM can update at least once, but not always, then it's NOT going to be your firewall (or A/V) that's blocking it.

"Is there anything that will clean up infections as well as MBAM?"   INFECTIONS is a "vague" term, at least computer-wise.   MBAM focuses on malware.   It's very effective against what it targets --- especially Vundo trojans, Zlob trojans, and Rogue Programs.   But in general, it does not target "virus infections", which is why you (also) need an anti-virus program.   [I believe the two you mentioned, avira antivir and alwil avast, are arguably the two best free choices :emotion-2:.]

I like Windows Defender since it offers resident anti-malware protection for free, and since it comes from microsoft, it should not result in compatibility problems.   But I don't believe WD is as effective in removal of malware as is MBAM & SAS.   I like both as scanners/removers.  Different sites and testers try to debate which is better.   Since they're free, don't conflict, and run reasonably efficiently... and since no one scanner will catch everything... I would keep them both.

[SAS scans for "tracking cookies".   MBAM does not.   I mention this because any comparison of the products that lists total number of objects located can give a false impression that SAS finds LOTS more than MBAM.   But when you subtract-out tracking cookies, the comparison shows them running much closer.]

Several sites have rated A2 highly as well.   I am not in a first-hand position to dispute their findings.   Why then don't I use it?   1)  Because since I tend to go "overkill" on running scans, I just don't want to have more scanners on my system than I believe "reasonable".   Especially because:  2)  In my opinion, A2's scanning time is excessive.   3)  My limited testing of a2 generated what I believed to be a larger than acceptable number of false positives.  I have to wonder if this contributes to a2 doing so well in some tests, if they credit only total items detected without penalizing a product for false positives.  [e.g., a worthless programs that simply detects "everything" can boast a 100% detection rate!]   4) I don't recall now if it scans for cookies.   I take the view that cookies are a negligible security "threat"... I believe that's why MBAM doesn't bother scanning for them... but i've read other views that argue that cookies can be a privacy threat.   Regardless, I am not interested in cookie scanners.

I just now downloaded the latest version of a2 Free from CNET, despite already having a2-AM installed.

The a2 Free I just installed does not  include the Ikarus AV module.

A "Quick Scan" on-demand scan took about 2 minutes. It did include a "Cookies" scan, but that only took a few seconds.

I can't think of any reason not to install and keep a2 Free as a backup scanner.

At the same time, if you use Windows Defender for resident protection, and have MBAM and SAS as backup scanners, I see no need for or advantage to using a-squared.

Hi Guys:

Yeah, I meant malware in general...just still searching to see what works best. I still haven't moved up to high speed, but still plan to do so before long since I will be going back to work...wanting to keep my "stash" at a comfortable size since it has contracted quite a bit because of the current economic woes. So it is most likely that the problems with MBAM has something to do with my connection somehow, and possibly some program changes the MBAM team did starting with version 1.37, since several others had the same error message. It scans fine, but some users have problems with freezing as noted on the MBAM forum. Like most software it is in a continual process of tweaking and testing.

I could do without MBAM but I like to get to the bottom of a problem so will see how it goes with the better connection a few weeks from now. As it is, I have very few detections other than the cookies so I must be living right and not going to those bad places on the Net.

Joe,

I mentioned that I was taking note of A2's current advertising, rather than any first-hand personal experience --- it would seem strange for the company's own page to be "off" on such a major component.

I then went to CNET downloads, searched for "A2-Free", and it came up with version 1.0 (added to CNET 18 April 2004) --- if there were any other [more recent] versions at CNET, it was not obvious how to access them.    (the web page I found there was  http://download.cnet.com/a2-Free/3000-2239_4-49037.html?tag=mncol )   So would you be kind enough to double-check the version you download from them?   The version allegedly containing Ikarus is 4.5.0.8  (13 July 2009).

Dale wrote "I must be living right and not going to those bad places on the Net".

BB, Joe, I and others have often asserted [paraphrasing] that the person typing-away at the keyboard is the single-most important factor in keeping one's machine protected.   If you "surf safely", avoiding "bad" sites (pornography, P2P, non-officially-sanctioned music/video downloads), that's more than half the battle.  

Using a site-rater, like WOT, and not "pushing through" in spite of its advice/warnings, is highly prudent.   And OpenDNS also helps you avoid bad sites, phishing attempts... as well as automatically correcting common "typo"-errors that often lead one to the wrong site.

Having a good HOSTS file keeps you from even accessing many known bad sites in the first place.   Restricting known bad sites (SpywareBlaster and/or SpyBot's Immunization) can help as well... although there is a growing debate as to whether or not "stuffing" IE8 with a large list of "static" sites is still as effective on newer systems (Vista/Win7) as it had been on XP [and earlier, with IE6 and IE7].   (Personally, I take the view that, unless you experience a noticeable slowdown in your system, a huge HOSTS file, and using "tons" of restricted sites, still offers an additional level of protection.)

What do "safe surfing", WOT, OpenDNS, HOSTS file, and use of Restricted Sites all have in common?   These all offer up-front prevention, that try to keep you from getting infected in the first place.

In contrast, the free scanners in MBAM, SAS, and A2 do not offer up-front protection --- rather, these scanners/removers only serve, after the fact, to clean up a "mess" that's already invaded one's system.    I'm not trying to minimize their value here... once infected by malware, these scanners are indispensable.    But I do believe it prudent to try to focus the general public's attention on preventative measures... if you keep from getting infected in the first place, you'll never need to remove anything.

@ky331:

The current version of a2 Free I just installed from CNET is indeed 4.5.0.8. It definitely does not include the Ikarus AV (which is good, IMHO). I am at a loss to explain the advertising which claims otherwise.

(Curiously, I had to download it using Firefox, as the CNET site freezes with IE8. I suspect this is due to my cookie blocking restrictions.)

Joe,

A screen-shot of a2 free from my system.

http://i32.tinypic.com/25ssg3d.jpg

(The mystery continues...:emotion-2:)

Just to add, from my own personal experience, I've only had one FP from a2 free since I started using it approximately 15 months ago, which is one less than I've had with MBAM in the same time frame. I really like a2 free and I think it would be only just to repost Donna Buenaventura's antimalware tests from August last year.

http://www.calendarofupdates.com/updates/index.php?showtopic=16353

http://www.calendarofupdates.com/updates/topic16354

(For people that may not be aware, please note, that at the time of testing, the version of a2 free used did not include the Ikarus AV engine.)

(post removed by ky331)

Thanks RD.

My a2 Free user interface shows the same as yours. It appears that a2 Free now uses all the definitions of Ikarus AV as well.

I just ran an a2 Free scan, which detected this:
C:\Program Files\The Cleaner Free\ms1000.dll  
detected: Win32.SuspectCrc!IK

The IK at the end of the detection indicates it was detected by Ikarus. This is a false positive detection that I reported to emisoft on June 16, and remains uncorrected to this day.

VirusTotal analysis of this ms1000.dll file is here:
http://www.virustotal.com/analisis/0e8e9f271bc49901b946cc74104159cd274ffc3b14f8a36486398e9b3f3ee31b-1248643177

Dale, I'm pretty sure the problems you're having when updating MBAM might be due to your internet connection: I recently acquired a HP Mini PC (won it through a competition, which comes with a USB modem (3G, 3G+, EDGEand GPRS) and, whenever I update MBAM, it simply takes ages before the update completes - I didn't get an error though.  When I connect the mini PC to the internet using my router (I'm on cable) it updates as fast as on my Dell.  Apparently now the whole database is reloaded when you do an update.  Hope this has been of help.