Eddie vs the Antivirus

serenacat

I did not find an existing topic which explicitly documents and queries the interaction between Eddie 2.11.10 or later and various antivirus products, searching "antivirus".

Just setting up a new W10 system with Eddie and experience so far:

Trial of McAffee:

Blocked OpenVPN over SSL due use of localhost socket for interprocess - did not fix as not important and only for 30d trial.

Config of AVG Ultimate 17.1.3006:

Reworked user interface, significant difference to previous, and User Manual still at previous, makes it hard to understand and configure options.

Default enable of Internet Security / Settings / Components / Secure DNS showed on ipleak.com and doileak.com as DNS directed to Softlayer / Avast DNS located locally in Australia while using AirVPN Antares server in Singapore. Seen as a type of DNS leak indicating geolocation avoidance etc. Disable and retest showed DNS from same server address in SG, so okay.

AVG say this feature is to avoid their blacklist of dangerous websites.

Default enable of Internet Security / Settings / General / Enable reputation services info says

"Reputation services allow AVG to make more intelligent decisions by querying the AVG file reputation database"

I disabled this as a possible security leak and take other precautions about software installation.

I do not regard these as bugs to be fixed in Eddie, and they appear to be useful features for many Internet users, but the overlap between AV capabilities/defaults and other criteria/mechanisms of security aware users needs some documentation.

zhang888

Most of the "Internet Security" AV features are pieces of useless junk based on archaic URL filtering methods that were proven to be useless even in the 90s.

There is no single proof that any of those features stopped a real malware on any real device lately, because all malware authors generate thousands of fresh

domain names nowadays in order to bypass all those filters. Just check the recent security blogs regarding ransomware, for example.

Those URL reputation mechanisms can be only useful to filter some adult sites, or maybe some more categories from that kind, but never as a security feature.

Not to mention that all of them rely on cloud intelligence today, so if you use those features, all your URLs are reported to the AV vendor cloud for fine tuning.

You will be much more comfortable with a single file/behavior based AV package without all those questionable spyware-like features.

In fact, real security-aware users never install those products in the first place, or at least not the ones that can limit their internet experience by judging

what is good and bad based on the software product decisions, which are usually based on the constant submissions of other users.

There is nothing to fix in Eddie regarding this.