Print

Please login or register.
1 Hour 1 Day 1 Week 1 Month Forever
Login with username, password and session length

[bebop]

Just finished my thrice weekly virus scan and yup, there it was - a virus that had somehow evaded my updated virus scannner, the e-mail virus scanner and everything.  This explains the strange behaviour of my 'puter this last week..the formatting of my drives without me wanting it to happen, my media tags getting scrambled, and things just vanishing from my drives and folders.    It seems it came in an e-mail that had the attechments removed, but still activated.  So, am sending all my family and friends a note so they can check (they're the ones' fwd'ing me all those jokes!!!).  Is there a better anti virus scanner than McAfee (that's what I have been using in combination with Ad Aware SE), 'cause i just can't have all my financial stuff going astray again (took all week just to get back the copr. stuff and now am working on the personal- sigh     Bet

[JaredH]

Try NOD32. It has the highest rating of viruses caught. Dont pay attention to the CNET or Download.com reviews of this program. I wont go into the specifics of the whole debacle. Ok, so maybe I will.

Long story short. CNET used a program that creates fake viruses to test different virus programs. That is error one. You dont create new strains of anything to test existing vaccines. Next, they then said that since NOD32 did not catch their "fake" viruses that it was an inferior program. Well, virus programs are designed to overlook the "fake" and catch the real thing, just like SPAM control software. If it were catching the fakes, then we would all be dealing with false alarms and quarantines files that are legit. They then tout Norton AV for catching the "fakes". Now, lets do a quick review. In all other reviews on the internet of NOD32, and most importantly, the organization that rates Antivirus programs, the program scored far and above any other AV program on the market. And then CNET and Download.com want to churn out a scathing review about a program that doesn't catch files it was never meant to catch in the first place.

That's my rant/informational piece for you, haha. In my honest opinion, I would get NOD32. I currently am working in China, and my network admin recommended it -edit- (to clear up the reasoning behind the mention of china) because we get viruses all the time here. You log onto a website and BOOM youve got a virus. -edit- When I put it on my laptop and scanned, it caught things that apparently my McAfee had been over looking for months. Even though I still have almost a year left on my McAfee subscription, I dont even use it. It's sad really. But thats just how much better I've found NOD32 to be. Trust me, you wont be disappointed.

If you have anymore questions about it and aren't afraid of another possible short rant,   , just post em and I'll see what I can dig up for ya

[bebop]

Thanks, am at wits end now, McAfee can't remove this virus (says the disk is write protected (?)) and even though I followed the instructions on the site, it just won't budge, and apparently it's a low priority one( Exploit-MIME.gen) All help is greatfully accepted!!!   Bet

[paulr]

Here's another vote for NOD32.  It's small (read - not bloated like some others are), fast and updates itself quietly at least once a day.  I've been using it for almost a year and love it.

[JaredH]

So, if youre interested, the site is www.nod32.com.

[Robert Taylor]

How about F-Prot antivirus.

There's a free (for home use) DOS version, and a 30 day eval of the Windows version, which includes a DOS On-Demand scanner if Windows has become unusable.

If you're disks are FAT32, and perform a scan after booting off floppy.

It's got me out of trouble a couple of times.

www.f-prot.com

[bebop]

Thanks everyone, will give 'em all a try...can't hurt!

[LonWar]

EZ Anti Virus is a great program, and fairly cheap to....

We use the corp version at work and never had a virus program at home or at work...

[bebop]

Thanks, everyone, got that little bug  vaccinated and vanquished from my 'puter.  McAfee couldn't get it, but tried both Nod32 (which got it and cleaned it right up) and am going to check out the others too, and see which works best for me.  Thanks again for the advise and the links - googling produced such a long list I was more than a little dazed and confused!    Bet

[modelmaker]

For spyware Spybot is very effective and free.

[bebop]

Yup, use it and Ad Aware SE.  Can hardly believe that I caught a bug   , but all's well now and hopefully will stay that way. My family will think that I've lost my sense of humor (a very grave offence in my family) since I haven't forwarded any good jokes, cartoons or interesting things that make you go Hummmm, but now that my 'puter is well, will send them a note and be prepared for the get well cards, flowers etc sent to my PC!  

[JONCAT]

The top three these days run the KAV engine.

I recommend KAspersky AV but there are others that perform better, the dual engine ones like Extendia Anti-Virus Pro and the other good one.

Jon

[bebop]

Thanks Joncat, will check them out.  Bet

[hit_ny]

Before i install either NOD32 or f-prot for trial.

Can anyone confirm these products uninstall themselves cleanly ?

I recall some time back, Norton AV sticking itself in so well, their help section detailed registry modifications to uninstall it. Needless to say it left a bad impression.

I have not run an anti-virus program in years. i tend not to open unidentified email attachments and have never got a virus from browsing a web site. I use Opera for most browsing and have outlook setup to block images. Zonealarm to block scans and patch regularly. Run Ad-aware as well.

Of course u could argue, how do i know i never got a virus since i have no way of identifying a virus. To which i reply i have not noticed my computer act strangely. I usually ghost a working session before installing a program, if its fine it gets into the next ghost backup. It takes time to do this of course..but it ensures i never have to re-install windows.

So (knock wood) before i test these 2 programs, do they uninstall cleanly ?

[KingSparta]

I have not run an anti-virus program in years.

big mistake

Norton AV 2004 works well

[IlPadrino]

I recall some time back, Norton AV sticking itself in so well, their help section detailed registry modifications to uninstall it. Needless to say it left a bad impression.

I have not run an anti-virus program in years. i tend not to open unidentified email attachments and have never got a virus from browsing a web site. I use Opera for most browsing and have outlook setup to block images. Zonealarm to block scans and patch regularly. Run Ad-aware as well.

You know the old adage...  an ounce of prevention is worth a pound of cure?  It sounds like you've got it backwards (a pound of prevention that's only worth an ounce of cure).  Some trojans/worms can lay dormant for a long time - meaning you'd have infected all your ghosts before symptoms manifested themeselves.

But I concede your point:  some AV software is terrible in terms of side-effects.  I get a free license for Norton and McAfee (the Dept. of Defense has a license that includes personal use at home), but I've got to say neither works as well as I'd like.  I'm still hoping to find the holy grail - maybe NOD32 is it.

Good luck...  and for god's sake, "Don't be silly, protect your willy!"   Ooops, that was a slogan for national condom week.

[bebop]

I totally agree, virus, trojan and worm protection is vital...even more so if you  work from home - I spent all this last week getting my corp. stuff back...thank all the gods that year end was in June and I could download the statements from the bank! Backing up often (I'm doing dailys now, and making a hard copy, a DVD and backing up to the external drive) is also vital .  A tad bit of overkill, yes, but sure didn't  like having to re-type all that stuff!!!!  I never dreamed that a bug could make my computer randomly reformat any drive on the system or make stuff disappear.  A bit nieve, yup, you bet.  But we live and learn.

[hit_ny]

Some trojans/worms can lay dormant for a long time - meaning you'd have infected all your ghosts before symptoms manifested themeselves.

Good luck...  and for god's sake, "Don't be silly, protect your willy!"   Ooops, that was a slogan for national condom week.

This is a risk i take.. a manageable one. I do read the usual tech sites, and virus appearances tend to get posted there fairly quickly and detail their severity as well. Disabling ActiveX is a good first step, this is the usual point of entry. Mostly IE vulnerbilities.


I agree its good to be safer and might review my current postion re AV software.

Some thoughts on viruses/trojans.

What makes the news re viruses ?

Ones that spread and ones that spread very fast.

To spread fast, a virus must not kill its host or it slows its attack vectors. Virus writers get more street cred if they can flash infect the net as soon as possible.

When was the last time we heard of a boot sector virus, got to be +5 yrs (if not longer). A virus that totally wiped out its host drive. Bebop mentioning this comes as a surprise to me.

Or another question

How many times  would you say your AV product has caught a "real" virus in the last 6 months ?

I assume here that you are the only user of your computer, other ppl (less tech savvy) sharing a computer brings on additional risks.

[bebop]

Since I haven't a clue as to what the differences are between a virus, a worm and a trojan, I just lump everything into one catagory...as to having some thing weird, well, in my life experience, if there is a low percentage of something happening, it usually happens to me!  Recently checked some old floppies for some info for asset re-evaluations....should have scanned the da**ed things first, but it just never crossed my mind.

you mentioned keeping up to date on your reading re this problem, have any not to technical links you can share?   Thanks again for all the help everyone.    Bet

[paulr]

I was --->.<--- this close to stumping up for NOD32, but baulked when I discovered that it passes trojans as 'clean'.

This statement confuses me...  I have been notified a number of times by NOD32 that someone had sent me a Trojan in email and once that a website I happened upon was trying to send me one.

[JONCAT]

QUOTE  
Kobra's Antivirus SHOWDOWN results.
kobra's 6-14-04 AV Test.

Testbed consisted of 321 Viruses, Trojans and Worms, all for the Windows32 environment, and all reasonably new samples. I don't have any data on whether some of these are zoo, or ITW, but they are all real threats I feel someone is likely to encounter, since I got them off the internet (and i've verified they are real as each sample must be detected by at least 4 AV's for me to consider it). All scanners were installed on a clean system, without any traces of other anti-virus softwares - between each test the system and directories were cleaned, and the registry was sweeped. Each AV product was treated with a double-reboot, one before, and one after installation. Each scanner was set at its highest possible settings, and was triple checked for proper options and configuration. Most products were the full registered version when possible, others were fully functional unrestricted trials. All products were tested with the current version as of 6-14-04, and the latest definitions for that date. Each product was run through the test set a minimum of 3 times to establish proper settings and reliability, the only product to exhibit some variance on this was F-Secure, which had one scan come up less than the other two without any settings changes indicating a possible stability issue.

The final standings:

1) eXtendia AVK
2) McAfee VirusScan 8.0
3) F-Secure
4) Kaspersky 5.0
5) GData AVK
6) RAV + Norton (2 way tie)
7) Dr.Web
CommandAV + F-Prot + BitDefender (3 Way Tie)
9) ETrust
10) Trend
11) Panda
12) Avast! Pro
13) KingSoft
14) NOD32
15) AVG Pro
16) AntiVIR
17) ClamWIN
18) UNA
19) Norman
20) Solo
21) Proland
22) Sophos
23) Hauri
24) CAT Quickheal
25) Ikarus

Heuristics seemed to play some of a roll in this test, as no AV had every virus in my test in their definitions, and products with stronger heuristics were able to hold their position towards the top of the test. Double/Multi engined products put up strong showings as well, proving to me that the redundacy method works, and I think more AV companies should considering double-engines. The strongest heurisitical AV I noticed was F-Prot/Command, picking up only 247 samples with definitions but they were able to power through 67 additional hits on "Possible Virus" indicators - very strong! Norton with BloodHound activated had 30 Heuristical pickups, and DrWeb rounded up the pack with 20 heuristical pickups. eXtendia AVK grabs the number one slot with double engine scanning, anything the KAV engine missed, the RAV engine picked up with great redundancy on the double engine/definition system. McAfee actually missed only 2 samples with its definitions, but picked those 2 up as "Suspicious File", and therefore, scores nearly perfect as well.

The biggest dissapointments for me were Norman and Nod32. Even with Advanced-Heuristics enabled, NOD32 failed to pick up a large portion of the samples. Norman, while finding some of the toughest samples, managed to completely miss a large portion of them! Showing that their sandbox-emulation system has great potetential, but its far from complete.

Actual test numbers were:

Total Samples/Found Samples (321 total possible) + Number Missed + Detection Percentage

1) eXtendia AVK - 321/321 0 Missed - 100%
2) McAfee VirusScan 8.0 - 319/321 + 2 (2 found as joke programs - heuristically) - 100%
3) F-Secure - 319/321 2 Missed - 99.37%
4) Kaspersky 5.0 - 318/321 3 Missed - 99.06%
5) GData AVK - 317/321 4 Missed - 98.75%
6) RAV + Norton (2 way tie) - 315/321 6 Missed - 98.13%
7) Dr.Web - 310/321 11 Missed - 96.57%
CommandAV + F-Prot + BitDefender (3 Way Tie) - 309/321 12 Missed - 96.26%
9) ETrust - 301/321 20 Missed - 93.76%
10) Trend - 300/321 21 Missed - 93.45%
11) Panda - 298/321 23 Missed - 92.83%
12) Avast! Pro - 292/321 29 Missed - 90.96%
13) KingSoft - 288/321 33 Missed - 89.71%
14) NOD32 - 285/321 36 Missed (results identical with or without advanced heuristics) - 88.78%
15) AVG Pro - 275/321 46 Missed - 85.66%
16) AntiVIR - 268/321 53 Missed - 83.48%
17) ClamWIN - 247/321 74 Missed - 76.94%
18) UNA - 222/321 99 Missed - 69.15%
19) Norman - 215/321 106 Missed - 66.97%
20) Solo - 182/321 139 Missed - 56.69%
21) Proland - 73/321 248 Missed - 22.74%
22) Sophos - 50/321 271 Missed - 15.57%
23) Hauri - 49/321 272 Missed - 15.26%
24) CAT Quickheal - 21/321 300 Missed - 6%
25) Ikarus - Crashed on first virus. - 0%

Interesting also to note, is the detection level of the US AVK version with KAV+RAV engines was higher than the German version with KAV+BitDefender engines. Several vendors have free versions of their for purchase AV's, we didn't test the free versions, as it would serve no purpose for this test, but based on the results, none of the free versions would have been very impressive anyway. The term "Heuristics" seems like it should be taken very liberally, as some products that claim to be loaded with Heuristics scored miserably on items they clearly didn't have definitions for. Scanning speed was not measured, as it was totally irrelevant to my testing, and on-access scanners were not tested, as it would have been too time consuming, but considering most products have similar on-access engines as on-demand, and use the same database, results most likely, would be very similar.

Cut through the hype, cut through the marketing schemes, this was a real test, with real samples, and none of these samples were provided to the antivirus software vendors in advance. This is real world, and these are likely badguys you'll encounter, since I got them in my real encounters, and all were aquired on the internet in daily activities which anyone out there might be involved in. (Installing shareware, filesharing, surfing, etc). Keep in mind that with ITW tests the AV vendors have full disclosure of what they will be tested on in advance, not so here, so heuristics and real detection algorithms will play a big part, as well as the depth and scope of their definition database.

Honestly, I was *HOPING* to be surprised by a ton of things in this test, and really all I did was re-enforce many of the other testing sites on their results, mine are very close to theres, which actually shocked me, because i'm sure my samples aren't the same. This tells me overall, I think this might be a great guage of these products.

Also, I wanted to test the multi-engined products against the others, since most testers seem to not like testing them. Strong showings by F-Secure, and the AVK' brothers proved this idea works, and works incredibly well. The strenght of the KAV engine cannot be denied as well, since all but one of the top 5 products use the KAV engine. I forgot to add, one product I tested was called V-Catch, and turned out to be a trojan downloader and spyware application masking as a AV product.. LOL! Thankfully it was the last product I tested, and I just reformatted, I think it downloaded 30 trojans to my system. 8-)

I did NOT test any Dos viruses, as this is completely retarded to test these in a windows based environment, it tells us nothing. I cannot understand why Clementi bothers to test them, all they do is skew his test results badly. For example on his test, NOD32 scored 95.51%, but without DOS or other OS samples, NOD32 scored only 87.71%. Which amazingly enough, is within 1% variance of *MY* results. So i'm oblivious as to why he skews his own results for no real purpose? Who the hell cares what a product scores on DOS?!?

[paulr]

Uhm...  I think posting a link to an *executable* which contains over 700 "virii" is really not a good idea.  I seriously have to question anyone who would do that.

[JimH]

Uhm...  I think posting a link to an *executable* which contains over 700 "virii" is really not a good idea.  I seriously have to question anyone who would do that.

Thanks, Paul.  Good thought.  I removed the message.

I'm going to lock the thread now.