PDA

View Full Version : No-bull antivirus software?



Jay200MPH
2008-Oct-24, 09:59 PM
So I used to use AVG, but got completely fed-up with the way it inserts itself into all aspects of your system and would hide and run sneakily in the background even when you explicitly told it not to. Seriously, it was worse than the virii I used it to get rid of! What were they thinking?

Can someone reccomend me a comprehensive virus scanner (for Windows 2000/XP) which lets me start it myself, scan what I want to, and shuts down and completely removes itself from memory when I tell it to? Obviously I want a well-supported program with regular definition updates, but I don't want it to update automatically and I don't want it to do anything at all without me explicitly telling it to. One that runs from the command line would be awesome beyond words, but I'll put up with a no-frills GUI if I have to.

Does that even exist? Or am I dreaming of a bygone era when software engineers actually took some pride in their work instead of just blobbing more mustard onto their rotting sandwich-meat to hide the taste?

Help me out here guys!

- J

(Does this post sound maybe a bit bitter; angry? Tough. So am I.)

Neverfly
2008-Oct-24, 10:08 PM
I use Spybot Search and Destroy with the Tea Timer on for the most part. Then I have Winpatrol running in the background.
I monitor ports manually and use several of my own programs and tools to also monitor the Registry including all hidden keys, and monitor processes, and a self sufficient cmd prompt utility that monitors all process user modules and kernal modules.

I have no anti virus software.

You have Avast! which is free... it isn't too horrible from what I've heard. But I've never tried it.

But almost ANY Anti-Virus scanner is designed to operate independently of its operator.

sarongsong
2008-Oct-24, 10:20 PM
...Can someone reccomend me a comprehensive virus scanner (for Windows 2000/XP) which lets me start it myself, scan what I want to, and shuts down and completely removes itself from memory when I tell it to?...Trend Micro's FREE online virus scanner (http://housecall.trendmicro.com/)

captain swoop
2008-Oct-24, 10:26 PM
AVG is good, We (the company I work for) use AVG on all our installs and maintained systems, so far it's the only one that we know won't interfere with the system and the SOE dental and digital xray systems we install.

We uase Malwarebytes' Anti-Malware too.

Jay200MPH
2008-Oct-24, 10:34 PM
AVG added a full minute to bootup and was taking so much processing time running in the "background" (hah!) it would make my poor old laptop overheat and die. Not only that but nothing I did would make it stop loading itself at system start and the automatic updates just turned themselves back on every time it ran. I don't care how good the virus defs are, it's complete garbage. It will never, ever touch another computer I own.

Moose
2008-Oct-24, 10:37 PM
You may have a hard time finding one, Jay. Malware prevention is a bit like a battle. He who gets to the high ground first has the advantage. On a computer, taking the high ground means he who can get closest to the kernal first.

To some extent, you can't have an effective virus checker without having it come up early, and stays on at all times. After all, it's better to stop a virus before it gets written than to try and peel it off a file after the fact. After all, the file may have been lossy-damaged by the virus.

I share the same desire as you, to some extent, Jay, but the closest I've found so far is AVG (which added hassle recently) and Avast!, which I'm using now. They have very lightweight footprints, update often, play nicely with other security apps, and don't go out of their way to get noticed like just about every other virus program does.

(Geez, I'm writing poorly tonight. Ah well, it'll have to stand that way, I guess. Can't be bothered to fix it at the moment.)

chrissy
2008-Oct-24, 10:38 PM
I use AVAST, it cleared all my viruses out, my PC was full of Trojans and my other anti-virus had a virus too, allowing popups etc, it scanned my entire system took an hour and cleared the lot, it works a lot faster as my other anti-virus slowed everything right down to a grinding stop.
It hasn't interfered with anything and works well in the background. I recommed it, plus it is free.

Siguy
2008-Oct-24, 10:57 PM
Avast! is great. It's free, cleans well, has no crap, and isn't targeted by virus writers.

Moose
2008-Oct-24, 11:05 PM
Oh, I should mention, Avast! doesn't seem to affect boot times very much. Not that I've noticed, anyway.

chrissy
2008-Oct-24, 11:50 PM
It has speeded my PC up. :D

jt-3d
2008-Oct-25, 01:56 AM
AVG seemed to get too bloated for me so I too dumped it for Avast. I can't say how good or bad it is but that's what I'm using now.

mahesh
2008-Oct-25, 02:00 AM
I'm running AVG (v 8.0.175..the free version), but don't think have firewalls.
seems ok, but i'm apprehensive about its defence capabilities, after this summer's episodes.

i should bear AVAST in mind. thanks all ye good people.
and sarongsong thanks for link too.

Neverfly
2008-Oct-25, 02:20 AM
Ok...
Here I was saying Avast! in my first reply... But thinkin', "Should I recommend that?"





Sheesh...

DANG! I'm GOOD!

sarongsong
2008-Oct-25, 02:28 AM
You're welcome!
Also recommended (by my local baker): Multi Virus Cleaner 2008 (http://www.download.com/Multi-Virus-Cleaner-2008/3000-2239_4-10398550.html)

Veeger
2008-Oct-25, 03:00 AM
I agree with Jay's opening comments about bloated, in your face, antivirus software. I ususally scan on demand with SuperAntiSpyware and if I suspect something well hidden and malicious, I will scan with an online scanner such as Bitdefender. (though it is best to launch it before retiring for the night because it is slow). Use caution. Some online scanners will find viruses but then ask you to purchase the product to kill them.

Strangely enough, my work computer which is controlled by an army of paranoid, high-tech IT people has had more viruses and problems than my home computer which has nothing more than Firefox, Superantispyware and a rudimentary, low-key AV program supplied by my ISP.

Alan G. Archer
2008-Oct-25, 10:24 AM
I switched from AVG Free Edition to Avast! Home Edition for my Windows XP SP3 PC. Before AVG, I've used Bitdefender, Trend Micro and Symantec paid products. My Fujitsu Lifebook A6120 notebook runs both 32-bit Vista Premium SP1 and 64-bit Ubuntu Linux 8.04 LTS in a dual-boot setup. I have had no problems running Avast! with Vista, and for now I'm using Vista's firewall. I could install Avast! Linux Home Edition, which is an on-demand scanner, but that is really quite unnecessary for a non-server system. Any networked Windows box, however, definitely needs an antivirus and firewall solution. It is also important to keep your OS and Internet related software, including media players, updated.

I use Kaspersky's online antivirus scanner from time-to-time for a second opinion.

For Windows antispyware, I use Malwarebytes' Anti-Malware and RogueRemover Free, a-squared Free, Spybot - Search & Destroy, Javacool Software's SpywareBlaster, HijackThis, SUPERAntiSpyware, Windows Defender (Vista), and Sysinternals RootkitRevealer.

I'm posting here this morning using Linux and Opera 9.61.

mahesh
2008-Oct-25, 10:42 AM
Mr Archer...sorry i digress....
reminds me of this:
at a coroner's inquest, trying to establish a time line of events, the wife was asked what really happened to her husband. she says that her husband was on medication, see.
he had all these pills, different sizes, different colours. he had to take them twice a day! so after dinner the eventful evening, he sits in his favourite lounge chair, takes these here twenty pills. sits back and he lights a cigarette. this is when this almighty explosion.....

Alan G. Archer
2008-Oct-25, 02:44 PM
That's only because he forgot to take his Bean-zyme...poor man. :sick:

mugaliens
2008-Oct-26, 04:28 PM
You may have a hard time finding one, Jay. Malware prevention is a bit like a battle. He who gets to the high ground first has the advantage. On a computer, taking the high ground means he who can get closest to the kernal first.

This is certainly Symantec's (dodges thrown cabbage) approach, as Norton Antivirus (whew! that tomato was close!), in collaboration with Microsoft (ow! I took a carrot in the eye...) installs just one level closer to the Windows (Thweeeewww.... another close one) kernal that is allowed for any other program.

For the last several years, I had various complaints against Norton Internet Security. But for 14 months now, I've been running Norton 360, and it doesn't appear to share NIS' issues. I wouldn't say it's perfect, and it's presence is a bit (only slightly) more that I like. But it's a pretty decent and slick anti-virus/malware with a couple of neat built-in utilities, as well.

Moose
2008-Oct-26, 05:57 PM
Heh. Yeah, but the all-in-one approach is necessarily flawed in that if your malware can bring down (or even identify) the one component, you've pwned that machine. If that approach also happens to have market share, you'll have pwned the world.

Using a defense in depth approach, with a semi-randomized cluster of 3rd party software that each concentrate on their one task, the compromise of one piece of software will rarely affect the other components, which means you have a fair chance at detecting the compromise when it happens. And within a large array of machines distributed among the various permutations, you end up with a sort of herd immunity. Like the Mac and Linux users enjoy.

See, if you have a race between armor and firepower, always bet on the firepower in the long run. It's never about "tamper-proof". That's simply impossible. Someone determined enough will always get through.

For a home user, however, where you'll never encounter someone _that_ determined to get into _your_ machine to the exclusion of all others, it's enough to be tamper-resistant and tamper-evident. Harden your machine just enough so that your neighbor's granny is the softer target. S'kiddies don't especially care whose machine they pwn as long as they get someone.

captain swoop
2008-Oct-26, 06:10 PM
AVG added a full minute to bootup and was taking so much processing time running in the "background" (hah!) it would make my poor old laptop overheat and die. Not only that but nothing I did would make it stop loading itself at system start and the automatic updates just turned themselves back on every time it ran. I don't care how good the virus defs are, it's complete garbage. It will never, ever touch another computer I own.

Maybe there was some underlying problem, never seen any problems on any of our customer sites or my own works laptop.

BigDon
2008-Oct-26, 06:12 PM
I use Spybot S&D, Ad-Aware and the paid for version of Zone Alarm. Plus a couple of other things. Then there is the LAN and modem security my brother put in place.

Here's a weird thing. If I don't get a hit on Spybot S&D in a month I blow it away, re-install it and I get a ton of hits on the next run. Are there Spybot killers out there?

Veeger
2008-Oct-26, 06:21 PM
BigDon,
I can only assume you are keeping your Spybot up to date. Strange that you need to reload it from time to time.

I do know some malware will target the more popular products and try to disable them, but these kinds of attacks are not all that common, in my opinion. The most successful malware keeps itself very low profile. Stealth is where its at in the virus business.

eta: and very cleverly hooking the operating system with logon notification and system services buried in the svchost processes. They are very tough to defeat.

boppa
2008-Oct-27, 02:57 AM
I used to use AVG but I (like many others) had the dreaded 100% cpu usage problem when AVG 8 was released. I have tried Avast, but personally I prefer Avira (the free version has a nag screen that pops up once a day and can be closed straight away- I find that acceptable, some people don't)
That in combination with Winpatrol and Superantispyware has kept my system under control with XP

my older 98se system relied on Adaware and Spybot s/d with AVG (I found that adaware seems to not be as useful on the XP system- stability issues)

btw Teatimer in spybot is notorious for causing problems, I left it turned off and rely instead on Winpatrol- which does much the same thing as well as quite a few other things much better than spybots teatimer ever did

I still use an older Zone Alarm for my firewall- the new version in the suite is a resource hog and the xp inbuilt one only monitors incoming traffic NOT outbound- a serious flaw imho as if something does get in then the xp firewall will happily let it talk out :-(

HenrikOlsen
2008-Oct-27, 11:22 AM
btw Teatimer in spybot is notorious for causing problems, I left it turned off and rely instead on Winpatrol- which does much the same thing as well as quite a few other things much better than spybots teatimer ever did
The problem with teatimer is that you have to know the internals of Windows to know what is safe to forbid and what must absolutely be allowed to avoid breaking stuff.
It's a great tool, but very much not for the average user.

Jeff Root
2008-Oct-27, 12:16 PM
Where can I get an explanation of computer security threats that is a
couple of levels deeper than a superficial overview but a couple of levels
lighter than detailed instruction manuals? I want to know:

- What are the vulnerabilities/threats?
- Where do they come from and how do they get in?
- How can they be prevented/detected/fixed?

I've used Windows 95, 98, 98 SE, and Me, but never had any kind of
virus detection or firewall or the like, and know nothing about them except
that they eat resources and CPU cycles ravenously.

-- Jeff, in Minneapolis

Alan G. Archer
2008-Oct-27, 01:30 PM
I received an email with a .zip file attachment in my Thunderbird email client today. Since I was using Vista on my notebook, I forwarded the email to myself and then rebooted my notebook into Linux. I then opened Thunderbird and took a look at this attachment. The .zip contained an executable (.exe) file that was 20 Kb in size. I uploaded the file to www.virustotal.com and had them check it (http://www.virustotal.com/analisis/d9a113e478f170c391eadec99bd6514d) against thirty-six antivirus scanners. Thirteen of the scanners reported that it was a Trojan. Avast!, my resident AV scanner, reported no infection. AVG, Kaspersky, McAfee, and Symantec likewise missed it. However, AntiVir, Bitdefender, Microsoft, Panda, and TrendMicro caught it.

As for the subject line, it was "Re [3]: Request Ok."

The message:


Hello, photoget.

Friday, October 24, 2008, 09:27:47 AM, you wrote:

> > Hello, Office.

> >Hello.
> >Please send confidential "price list" of your
> >competitors with details of the activities.
> >Ready to pay many...


Your request is made #F64
See archiv.

Please remove the paper after consultation!


-- Best regards, xxxxxxxxxxxxxx mailto:xxxxxxxxxxxxxx@xxxxxxxxxxxx.xxx

The email appears to have come from a person who does work for an engineering consulting firm not far from where I live, but the email's source indicates that it originated from Linda-a-velha, Portugal.

Prevx reported that the Trojan first appeared today in their community database originating from Spain.

Howdy, Jeff!

Grashtel
2008-Oct-27, 07:17 PM
Can someone reccomend me a comprehensive virus scanner (for Windows 2000/XP) which lets me start it myself, scan what I want to, and shuts down and completely removes itself from memory when I tell it to? Obviously I want a well-supported program with regular definition updates, but I don't want it to update automatically and I don't want it to do anything at all without me explicitly telling it to. One that runs from the command line would be awesome beyond words, but I'll put up with a no-frills GUI if I have to.

Does that even exist? Or am I dreaming of a bygone era when software engineers actually took some pride in their work instead of just blobbing more mustard onto their rotting sandwich-meat to hide the taste?
I think that ClamWin (http://www.clamwin.com/) is probably along the lines of what you are looking for, it is a free open source anti-virus/anti-spyware with no resident scanner and you can turn off its automatic updates.

Fazor
2008-Oct-27, 08:49 PM
I use AVAST, it cleared all my viruses out, my PC was full of Trojans and my other anti-virus had a virus too, allowing popups etc, it scanned my entire system took an hour and cleared the lot, it works a lot faster as my other anti-virus slowed everything right down to a grinding stop.
It hasn't interfered with anything and works well in the background. I recommed it, plus it is free.

That's what I use. It can be annoying at times, but I found instead of fighting it I just set auto updates to a time in the wee-early hours, and then have it run a full scan 30 minutes later every day. I don't completely trust that it catches everything, but it's not bad.

LotusExcelle
2008-Oct-27, 08:55 PM
I use Avira AntiVir. I've used it for years - its free and easy to use and... okay so on my system it doesn't put a dent in the CPU but even on my old system... the footprint is really small. Anyone else use it?

Fazor
2008-Oct-27, 09:14 PM
I use Avira AntiVir. I've used it for years - its free and easy to use and... okay so on my system it doesn't put a dent in the CPU but even on my old system... the footprint is really small. Anyone else use it?

Errr... when I read Chrissy's post for some reason I read "Avira" instead of "Avast". So yes, I use that, and not the one that Chrissy uses. :shifty:

Alan G. Archer
2008-Nov-04, 12:17 AM
I received an email with a .zip file attachment in my Thunderbird email client today. Since I was using Vista on my notebook, I forwarded the email to myself and then rebooted my notebook into Linux. I then opened Thunderbird and took a look at this attachment. The .zip contained an executable (.exe) file that was 20 Kb in size. I uploaded the file to www.virustotal.com and had them check it (http://www.virustotal.com/analisis/d9a113e478f170c391eadec99bd6514d) against thirty-six antivirus scanners. Thirteen of the scanners reported that it was a Trojan. Avast!, my resident AV scanner, reported no infection. AVG, Kaspersky, McAfee, and Symantec likewise missed it. However, AntiVir, Bitdefender, Microsoft, Panda, and TrendMicro caught it.

A week later, the above mentioned Trojan, conf_docs.doc______________________________.exe, is now classified (http://www.virustotal.com/analisis/7b5b4c5189bd99ecdecaf4d5bc04d00c) as malware by 24 of 36 AV scanners. Avast!, Kaspersky, and McAfee will now detect the Trojan. Symantec still reports no infection.

jt-3d
2008-Nov-22, 03:07 PM
Bumpity for a suspicious thing I experienced today - I came home from work and couldn't get on line, even after restarting the modem and router. So I restarted the computer and lo and behold, Avast popped up with an update for the software. Now I never gave this thing permission to kick me offline and I can't say for sure that avast did but if I knew for sure that it did, it'd be gone.

To be quite honest, avast hasn't seemed to be any better than AVG, infact it seems worse since I let it scan .exes that I start. Sounds like a good idea but in practice it's quite annoying. It seems like it would learn that explorer.exe is ok but no, it scans it every time and makes it load noticeably slower.

Anyway I'm not really impressed with avast and thinking about going back to AVG since I've heard they no longer do that internet scan thing with every search.

So I just figured I'd put this here since I voted for avast before and I don't hang out at forums that routinely discuss antivirus stuff. For what it's worth. :)

Moose
2008-Nov-22, 04:00 PM
Major quibble, JT. It's (generally) okay to leave a file alone when it's not in use. Even infected by a virus, it's harmless until touched.

You scan a program immediately before running it specifically because you cannot (safely) assume an infection hasn't hit it moments before. And because by running an infected executable, the virus has the opportunity to set off it's "payload". Often spreading the damage further. Scanning it before running it is very much desired behavior. Especially explorer.exe, which has near-global access to the system.

Neither Avast nor AVG's scanner adds enough of a starting delay to matter. (With the noticeable exception of boot times while using a PPPoE client to connect to the internet while using AVG, and that's mostly the fault of the ISP's authentication policies, and not the fault of the scanner itself. Because Avast downloads updates on the fly, it's less affected by the boot time delay.)

An on-demand scanner provides little security if you're running a good just-in-time scanner. The reverse isn't true.

mugaliens
2008-Nov-22, 04:48 PM
See, if you have a race between armor and firepower, always bet on the firepower in the long run. It's never about "tamper-proof". That's simply impossible. Someone determined enough will always get through.

Well, there was that Dilbert cartoon with the notice, "In the interests of enhancing network security, all boxes have been removed from the network."


Harden your machine just enough so that your neighbor's granny is the softer target.

Between a Linksys (Cisco) router/NAT-SPI firewall, Windows Firewall, and 360, things have been quieter than a mouse.

Jeff Root
2008-Nov-23, 07:08 AM
Moose,

Where can I find a good introductory explanation of PC security? I don't
understand, for example, how a virus might infect an .exe just before I
want to run it, as you said. I want an overview of the whole range of
PC threats with enough detail that I can decide what, if any, security
measures I should take for my particular setup.

-- Jeff, in Minneapolis

Moose
2008-Nov-23, 01:28 PM
Where can I find a good introductory explanation of PC security?

No idea, sorry. I've never been in the market for that kind of resource, and any such resource would be out of date pretty quickly.


I don't understand, for example, how a virus might infect an .exe just before I want to run it, as you said.

In this case, "moments before" is a spectrum, Jeff.

Generally speaking, you can expect, say, explorer.exe to get scanned once a day with an on-demand scanner, or every few days with a progressive scanner. In IT terms, that's an eternity. Certainly plenty of time for an exploit to be used, spread, then deliver its payload (which may and often does involve disabling the virus checker itself.)

Time of On-demand-scan < Time of Virus infection < Time of execution. So long as that gap is non-zero, there remains a risk of a successful attack.

A just in time scanner will scan a file after it is modified and before it is read or executed. Which means an arriving virus gets detected on any vector before it changes anything, and a virus that was already there (changing CDs or plugging in a thumbdrive, for example, fall under this category) gets detected before it becomes active.

Moose
2008-Nov-23, 01:32 PM
Well, there was that Dilbert cartoon with the notice, "In the interests of enhancing network security, all boxes have been removed from the network."

I've worked on software for secure networks where the entire network was physically isolated and the server under guard.

mugaliens
2008-Nov-23, 04:16 PM
No offense to Moose, Jeff, but there are other gurus out here...

Here's CERT's Home Computer Security Tutorial (http://www.cert.org/homeusers/HomeComputerSecurity/), complete with worksheets/checklists you can use to lock down your own system.

CERT, by the way, is a federally funded research and development center, first established by DARPA. Their primary objectives are to increase internet security throughout all possible points of entry, avenues of attack, to provide coordinated responses to imminent or actual intrusions, and to educate all users/administrators - home, corporate, and federal. They are active in FIRST, the Internet Engineering Task Force, and the NSTAC NSIE (think "bank transactions")