Which Program?

  • Thread starter Thread starter David Baxter
  • Start date Start date
D

David Baxter

Hi, Group!

I had a nasty run in with a couple of viruses yesterday, and am now
questionning whether I could be using a better virus scanner.

I've been using AVG, which until now, has been just fine. However, when it
came across the two viruses yesterday, its only "heal" option was to delete.
Later on, once I'd reinstalled a lot of software, one of the viruses popped
up again. I happened to be using Trend Micro's online scan facility to
double-check my system. It also picked up the new instances of the virus,
and CLEANED the infected files instead of deleting them!

This is my other reason for being shaky with AVG. I opened a directory which
contained an infected file. AVG's background scanner popped up and told me
the file was infected, and I should run AVG to clean it. So I ran AVG,
scanned the directory, but it claimed there were no infected files!! Opened
the directory again, and the background scanner told me there was... I wound
up deleting the file anyway, just to be sure.

Today, I uninstalled AVG and installed avast! instead. This appears to be a
pretty decent program, tho it won't give me incoming mail protection as it
conflicts with my spam blocker (PopFile). They both want to access port 110,
and can't. So, I don't get any mail. I've tried tweaking it to make the two
co-operate, but as they both want to talk to my client on 127.0.0.1, port
110, neither of them work correctly.

I'm considering going back to AVG, using avast!, or BitDefender, which I
liked the interface of. I don't want to use something like McAfee or Norton,
and Panda doesn't really appeal, either.

It seems to me that everyone can tell a good story and a bad story about
every anti-virus package out there. Commercial review websites always seem
to lean towards Norton or McAfee. So, opinions please, people. What should I
consider? Have I totally missed a program I should be considering?

Thanks in advance,
Dave
 
Hi, Group!

I had a nasty run in with a couple of viruses yesterday, and am now
questionning whether I could be using a better virus scanner.

I've been using AVG, which until now, has been just fine. However, when it
came across the two viruses yesterday, its only "heal" option was to delete.
Click to expand...

It would help to know which viruses... Some viruses can not disinfected
only deleted.
Later on, once I'd reinstalled a lot of software, one of the viruses popped
up again. I happened to be using Trend Micro's online scan facility to
double-check my system. It also picked up the new instances of the virus,
and CLEANED the infected files instead of deleting them!
Click to expand...

Again it would help to know which virus(es).
This is my other reason for being shaky with AVG. I opened a directory which
contained an infected file. AVG's background scanner popped up and told me
the file was infected, and I should run AVG to clean it. So I ran AVG,
scanned the directory, but it claimed there were no infected files!! Opened
the directory again, and the background scanner told me there was... I wound
up deleting the file anyway, just to be sure.

Today, I uninstalled AVG and installed avast! instead. This appears to be a
pretty decent program, tho it won't give me incoming mail protection as it
conflicts with my spam blocker (PopFile). They both want to access port 110,
and can't. So, I don't get any mail. I've tried tweaking it to make the two
co-operate, but as they both want to talk to my client on 127.0.0.1, port
110, neither of them work correctly.

I'm considering going back to AVG, using avast!, or BitDefender, which I
liked the interface of. I don't want to use something like McAfee or Norton,
and Panda doesn't really appeal, either.

It seems to me that everyone can tell a good story and a bad story about
every anti-virus package out there. Commercial review websites always seem
to lean towards Norton or McAfee. So, opinions please, people. What should I
consider? Have I totally missed a program I should be considering?
Click to expand...

Yes several... Personally, I'd suggest one of the following:

F-Prot Anti-Virus <http://www.f-prot.com>
Flexure Anti-Virus <http://www.f-secure.com>
Kaspersky AntiVirus <http://www.kaspersky.com>
Nod32 Anti-Virus System <http://www.nod32.com>
Norman Virus Control said:
Thanks in advance,
Click to expand...

Your welcome. HTH.

--
Cheers-

Jeff Setaro
(e-mail address removed)
http://people.mags.net/jasetaro/
PGP Key IDs DH/DSS: 0x5D41429D RSA: 0x599D2A99 New RSA: 0xA19EBD34
 
Hi!

David said:
I had a nasty run in with a couple of viruses yesterday, and am now
questionning whether I could be using a better virus scanner.
Click to expand...

Which viruses were these in detail?
I've been using AVG, which until now, has been just fine.
Click to expand...

Well, the first point is: there are a lot of differences in malware
detection and qualitiy of the scanner's engines. So AVG may be freeware,
but it's *not* of first-class quality. The second point: *No* AV
software will detect every malware. So *you* have to decide what you
open or not, independant of what the scanner says.
However, when it
came across the two viruses yesterday, its only "heal" option was to delete.
Click to expand...

Files which *are* the malware can't be cleaned but just *deleted*!
It also picked up the new instances of the virus,
Click to expand...

Which virus?
and CLEANED the infected files instead of deleting them!
Click to expand...

As far as I already said: most of malware files can *not* be cleaned.
Today, I uninstalled AVG and installed avast! instead.
Click to expand...

....which is qualitative not much better than AVG.
This appears to be a
pretty decent program, tho it won't give me incoming mail protection
Click to expand...

This kind of "protection" isn't necessary anyway. Reasons:
1.) Threre's already a background scanner running.
2.) Just don't open attached executables!
3.) Don't use Outlook (Express) -> because it's insecure.
What should I
consider?
Click to expand...

See points 2.) and 3.).
Have I totally missed a program I should be considering?
Click to expand...

Kaspersky AntiVirus. It will become difficult to find a better one. ;)
 
Which viruses were these in detail?

My bad, apologies.

The one which came up the most was Win32/Parite.a. I managed to remove it
from memory by following instructions here:
http://securityresponse.symantec.com/avcenter/venc/data/w32.pinfi.html

AVG could only delete, but Trend Micro's online scan seemed to be able to
heal instead.

There were actually two other viruses. One was a Java virus, and one was
something like MMail.x, both of which TrendMicro took care of. I didn't
actually take the names of these two as they only came up once each, and
were quickly killed off.

Regards,
Dave
 
If Trend Micro did such a good job of healing your computer, why would you
not look at PC-Cillin from Trend Micro. I have been using it for years and I
am quite pleased with it! Check out www.antivirus.com and you can download
the free 30 day version.
 
OK, exe-files infected by this PE-virus can be repaired indeed. But: the
tmp-files created by this virus *have* to be deleted.
Click to expand...

Yup. The Symantec info page said I'd have to delete the temp files and
registry entry. It's odd that AVG couldn't heal the exes, when Trend
could...
Perhaps something like that?
Exploit.Java.Bytverify?
Click to expand...

Doesn't ring any bells, m'fraid...
This one?
Click to expand...
http://securityresponse.symantec.com/avcenter/venc/data/[email protected]

Possibly. Looks familiar. I really didn't bother even looking at the names,
just let the software deal nuke 'em.

Regards,
Dave
 
Roy Zurowski said:
If Trend Micro did such a good job of healing your computer, why would you
not look at PC-Cillin from Trend Micro.
Click to expand...

I've certainly considered it. I like to have recommendations for programs I
use, and I don't know anyone who runs it!
I have been using it for years and I am quite pleased with it!
Click to expand...

Here's one recomendation. ;-)

Regards,
Dave
 
Take a look at Symantec's site. I like Trend's site also but I think
Symantec's has more information to get effective cleanups.
up again. I happened to be using Trend Micro's online scan facility to
double-check my system. It also picked up the new instances of the virus,
and CLEANED the infected files instead of deleting them!
Click to expand...

You need to "chain" both proxies together. Set up Popfile to listen on a
different port and then set up your email client to retrieve from that port
on the loopback adapter. Then your AV software scanner will set things up
accordingly unless it requires manually entered settings. Basically you end
up with popfile actually retrieving the mail, but sending it through your AV
scanner which then sends it to the mail client. It would be better to get
the mail to pass through the AV scanner before popfile (because popfile
saves a copy of the unscanned files) but I don't know if any of the AV
scanners can be configured this way. Anyhow this was unacceptable to me so a
found another mail filter. Popfile is a great program but keeping the same
AV product that has never failed me seemed to be the better choice.
Today, I uninstalled AVG and installed avast! instead. This appears to be a
pretty decent program, tho it won't give me incoming mail protection as it
conflicts with my spam blocker (PopFile). They both want to access port 110,
and can't. So, I don't get any mail. I've tried tweaking it to make the two
co-operate, but as they both want to talk to my client on 127.0.0.1, port
110, neither of them work correctly.
Click to expand...

They all have good and bad points. So find one which provides the features
you want, costs what you can afford, has good detection rates, good cleanup
stats and tools, and is quick to distribute new defs when outbreaks hit the
streets.
Then use one of them until you get burned or see something which makes you
personally doubt its effectiveness. I tend to look closely at cleanup stats
and website resources. All the top detection engines have similar detection
stats. The biggest difference in these products seems to be in preventing
initial infection and also in cleanups. Some only detect infected files
after something is already active and only clean out the infected files and
not the program or memory resident code that is spawning the infection to
start with. You seemed to have seen this first hand. Some vendors have
chosen to use their own or someone else's detection engine but have not
incorporated them into fully effective solutions.

The way I look at this is that if you decide not to use a product from one
of the top vendors then use one of the others that has a good detection
engine. But when your engine detects an active infection you better look
elsewhere to get a good cleanup. Either the instructions at one of the
major's websites or a free download at one of these sites.
 
David Baxter said:
I've certainly considered it. I like to have recommendations for programs I
use, and I don't know anyone who runs it!


Here's one recomendation. ;-)
Click to expand...

Hi David.....

I can recommend EZ Trust which used to be the free InoculateIT PE. I
have just renewed my subscription and this will be my 3rd year of the
pay version......and used the free version a year or two before that.
It is small and unobtrusive.......I also use F-Prot for DOS (free) as a
backup manual scanner......but my first line of defence is 'safe hex'.

Just my 2 Cdn. cents worth. I have never had a problem with either of
them. I had Norton before and it was not nearly as good.

Cheers.......Heather
 
Since you are finding several infections you might want to read up on some
of them. Anything can be spread via email so that is always something to
look at. The initial one you detected generally spreads via network shares
so you might want to look at how well you have filesharing protected in case
you have it enabled(and if so whether you even need it to be). MMail.x
suggest coming in via email though I didn't look it up and java viruses
generally spread via web browsing or html email. Sounds like you might need
to a bit of research on how to tighten up the configuration of your web
browser, email client, and network services.
 
d/l Vexira via Tucows from the link at my website. Vexira is the best
antivirus I personally have encountered yet.
--
There's More :-
Virus Alerts LIVE from Sophos !
M$ Latest News.
VirusNews from Central Command.
Latest Sophos Enews.
Computer Links. Links to the latest M$ Patches.
Laughs,Fun, Humour................
Also : Bush is Out of His Tree !!!
at http://tinyurl.com/fks4
 
David Baxter said:
Hi, Group!

I had a nasty run in with a couple of viruses yesterday, and am now
questionning whether I could be using a better virus scanner.
Click to expand...

Well, here's my two cents...

In the "old days" when a 486 dx2-66 w/8MB RAM was king and the local
BBS scene was hotter than the internet, I used F-Prot and McAfee's.
McAfee was okay until about mid-2001 or so, when it started constantly
crashing on just about everybody's systems. F-Prot decided to start
charging too. Then I tried InnoculateIT and I liked it but got burned
on the "it's been free but now you're gonna pay for it" deal.

Since then, I have used AVG6 Free but from what I hear, they are going
to abandon updates for it after the end of this year... so, what good
is an AV that I can't upgrade???

I have a full copy of Nortons AV 2002 here that came with this
motherboard that I'm *kinda* tempted to try out, but remembering some
previous nightmares caused by some of their other software and just
the amount of online chatter about conflicts with other software makes
me just look at the CD in a state of DUH! I'm not even sure if I'd be
able to update the def files on the 2002 version...

I've heard pretty good things about Avast! and I just downloaded it
today. Most people who have tried it are very happy with it. The fact
that it's free is nice too, as I really don't feel like paying for
something that Windows *should* include out of the box, seeing it's
gonna be as secure as a sieve. Of course, in a way that's probably for
the better, because a formatted hard drive caused by a failed Windows
update immediately comes to mind...

"We regret that there was an issue in our last virus update which
causes your hard drive to irreversibly lose all data. We will address
that issue in our next patch in a couple weeks. In the meantime,
reinstall Windows and your software to repair the problem..."
Although, come to think about it, I've heard of either McAfee's or
Norton's doing the same thing! YMMV!
 
boogie350 said:
"David Baxter" <[email protected]> wrote in message

Well, here's my two cents...

In the "old days" when a 486 dx2-66 w/8MB RAM was king and the local
BBS scene was hotter than the internet, I used F-Prot and McAfee's.
McAfee was okay until about mid-2001 or so, when it started constantly
crashing on just about everybody's systems. F-Prot decided to start
charging too. Then I tried InnoculateIT and I liked it but got burned
on the "it's been free but now you're gonna pay for it" deal.

Since then, I have used AVG6 Free but from what I hear, they are going
to abandon updates for it after the end of this year... so, what good
is an AV that I can't upgrade???

I have a full copy of Nortons AV 2002 here that came with this
motherboard that I'm *kinda* tempted to try out, but remembering some
previous nightmares caused by some of their other software and just
the amount of online chatter about conflicts with other software makes
me just look at the CD in a state of DUH! I'm not even sure if I'd be
able to update the def files on the 2002 version...

I've heard pretty good things about Avast! and I just downloaded it
today. Most people who have tried it are very happy with it. The fact
that it's free is nice too, as I really don't feel like paying for
something that Windows *should* include out of the box, seeing it's
gonna be as secure as a sieve. Of course, in a way that's probably for
the better, because a formatted hard drive caused by a failed Windows
update immediately comes to mind...

"We regret that there was an issue in our last virus update which
causes your hard drive to irreversibly lose all data. We will address
that issue in our next patch in a couple weeks. In the meantime,
reinstall Windows and your software to repair the problem..."
Although, come to think about it, I've heard of either McAfee's or
Norton's doing the same thing! YMMV!
Click to expand...

I've never had a problem with Nortons AV. I'm currently using Norton AV 2003
and it has never let a virus through. In common with thousands of other
victims of the piece of excrement behind this current spam outrage I am
receiving about 100 messages containing the SWEN thing per day. I recommend
Nortons.
 
I've never had a problem with Nortons AV. I'm currently using Norton AV
2003
and it has never let a virus through. In common with thousands of other
victims of the piece of excrement behind this current spam outrage I am
receiving about 100 messages containing the SWEN thing per day. I recommend
Nortons.
Click to expand...

Me neither. I'm running one version or another of Norton AV on 5 machines
with no problems and no infections. Swen's been showing up at least a
couple times an hour since last night and Norton just keeps tossing him into
quarantine.

This summer, the one PC on our home network that picked up a worm (sobig)
was the laptop my son brought home from college with McAfee (which
apparently wasn't getting updated because he wasn't on the university's
system). Day after he went back to school I got a message from Roadrunner
saying a lot of worm-laden stuff was coming off our cable modem. As I
suspected, all the machines here were clean and the worm turned up on that
laptop.
 
Back
Top