Sign in with
Sign up | Sign in
Your question

Virus/spyware checkers

Tags:
  • Virus
  • Windows XP
Last response: in Windows XP
Share
Anonymous
June 12, 2005 8:43:58 PM

Archived from groups: microsoft.public.windowsxp.general (More info?)

I'm currently running AVG's free version. I also keep Winpatrol
running (great program!) As mentioned in a previous post, AVG just
flagged changes to some system files. I've always thought it's good
to get a 2nd opinion, so I'm going to find a secondary virus scanner.

Any recommendations? I know MS has a beta, so I'll probably try that.
NOD32 seems to get high marks. I'm not sure about the larger McAfee
and Norton/Symantec, as their products tend to get huge and intrusive.
I don't want the machine's CPU usage constantly pegged. I just had
to fix network registry settings after Ghost 9's notorious tampering.

Any others?

More about : virus spyware checkers

Anonymous
June 12, 2005 8:43:59 PM

Archived from groups: microsoft.public.windowsxp.general (More info?)

_RR wrote:
> I'm currently running AVG's free version. I also keep Winpatrol
> running (great program!) As mentioned in a previous post, AVG just
> flagged changes to some system files. I've always thought it's good
> to get a 2nd opinion, so I'm going to find a secondary virus scanner.
>
> Any recommendations? I know MS has a beta, so I'll probably try that.
> NOD32 seems to get high marks. I'm not sure about the larger McAfee
> and Norton/Symantec, as their products tend to get huge and intrusive.
> I don't want the machine's CPU usage constantly pegged. I just had
> to fix network registry settings after Ghost 9's notorious tampering.
>
> Any others?

Ghost does no tampering that I know of.. At least never has in the
mass-quantities I have done.
Symantec's Full System Products can be a bit overwhelming - but if you get
"just what you need" (usually just AV) - then it isn't so bad.
I would wait on the MS AntiSpyware BETA - let it stew a little longer.
And remember - AntiVirus and AntiSpyware - two different worlds.

Antivirus:
avast! (Free and up)
http://www.avast.com/

AVG Anti-Virus System (Free and up)
http://www.grisoft.com/

AntiVir (Free and up)
http://www.free-av.com/

RAV AntiVirus Online Virus Scan (Free!)
http://www.ravantivirus.com/scan/

Symantec (Norton) AntiVirus (~$11 and up)
http://www.symantec.com/nav/nav_9xnt/

Kaspersky Anti-Virus (~$49.95 and up)
http://www.kaspersky.com/products.html

Panda Antivirus Titanium (~$39.95 and up)
http://www.pandasoftware.com/
(Free Online Scanner: http://www.pandasoftware.com/activescan/)

McAfee VirusScan (~$11 and up)
http://www.mcafee.com/

Trend Micro (~$49.95 and up)
http://www.trendmicro.com/en/home/us/personal.htm
(Free Online Scanner:
http://housecall.trendmicro.com/housecall/start_corp.as...)

Untested (by me):
eTrust EZ Antivirus ($29.95 and up)
https://www2.my-etrust.com/commerce/buy.it.cfm

AntiMalware:
Lavasoft AdAware (Free and up)
http://www.lavasoft.de/support/download/
(How-to: http://snipurl.com/atdn )

Spybot Search and Destroy (Free!)
http://www.safer-networking.net/en/download/index.html
(How-to: http://snipurl.com/atdk )

Bazooka Adware and Spyware Scanner (Free!)
http://www.kephyr.com/spywarescanner/
(How-to: http://snipurl.com/ate3 )

SpywareBlaster (Free!)
http://www.javacoolsoftware.com/sbdownload.html
(How-to: http://snipurl.com/ate6 )

IE-SPYAD (Free!)
https://netfiles.uiuc.edu/ehowes/www/resource.htm
(How-to: http://snipurl.com/ate7 )

CWShredder (Free!)
http://www.softbasket.com/download/s_8114.shtml

Hijack This! (Free)
http://mjc1.com/mirror/hjt/
( Tutorial: http://hjt.wizardsofwebsites.com/ )

ToolbarCop (Free!)
http://windowsxp.mvps.org/toolbarcop.htm

Browser Security Tests
http://www.jasons-toolbox.com/BrowserSecurity/

Popup Tester
http://www.popuptest.com/

The Cleaner (49.95 and up)
http://www.moosoft.com/

--
Shenan Stanley
MS-MVP
--
Anonymous
June 12, 2005 8:43:59 PM

Archived from groups: microsoft.public.windowsxp.general (More info?)

In article <nj6pa1lj15aqdjs5jpu5tham7ehbjffc6j@4ax.com>, _RR
<_RR@noemail.com> wrote:
>I'm currently running AVG's free version. I also keep Winpatrol
>running (great program!) As mentioned in a previous post, AVG just
>flagged changes to some system files. I've always thought it's good
>to get a 2nd opinion, so I'm going to find a secondary virus scanner.
>
>Any recommendations? I know MS has a beta, so I'll probably try that.
>NOD32 seems to get high marks. I'm not sure about the larger McAfee
>and Norton/Symantec, as their products tend to get huge and intrusive.
>I don't want the machine's CPU usage constantly pegged. I just had
>to fix network registry settings after Ghost 9's notorious tampering.
>
>Any others?

The MS beta is an antispyware program, not an antivirus program:

http://www.microsoft.com/spyware

Instead of installing a second antivirus program, which can cause
conflicts with an existing one, I'd use one or more of these free
on-line virus scanners, and I'd temporarily disable AVG while running
them:

http://housecall.trendmicro.com/
http://www3.ca.com/securityadvisor/virusinfo/scan.aspx
http://support.f-secure.com/enu/home/ols.shtml
http://www.pandasoftware.com/products/activescan/com/ac...
http://security.symantec.com/sscv6/home.asp?langid=ie&v...
http://security.symantec.com/sscv6/home.asp?langid=ie&v...
--
Best Wishes,
Steve Winograd, MS-MVP (Windows Networking)

Please post any reply as a follow-up message in the news group
for everyone to see. I'm sorry, but I don't answer questions
addressed directly to me in E-mail or news groups.

Microsoft Most Valuable Professional Program
http://mvp.support.microsoft.com
Related resources
June 13, 2005 12:35:00 AM

Archived from groups: microsoft.public.windowsxp.general (More info?)

_RR wrote:
> I'm currently running AVG's free version. I also keep Winpatrol
> running (great program!) As mentioned in a previous post, AVG just
> flagged changes to some system files. I've always thought it's good
> to get a 2nd opinion, so I'm going to find a secondary virus scanner.
>
> Any recommendations? I know MS has a beta, so I'll probably try that.
> NOD32 seems to get high marks. I'm not sure about the larger McAfee
> and Norton/Symantec, as their products tend to get huge and intrusive.
> I don't want the machine's CPU usage constantly pegged. I just had
> to fix network registry settings after Ghost 9's notorious tampering.
>
> Any others?

I have been using NOD32 for a year now,I just renewed my subscription
If that tells you anything.
According to "virus bullitin"(an independant virus study group)
AVG passes only about 40% of their testing despite what you may read here I
would NOT use it on my system.
I would give you a link to the virus bullitin reports but it has just become
a pay for listing :-(


--
Mike Pawlak
Anonymous
June 13, 2005 2:14:42 AM

Archived from groups: microsoft.public.windowsxp.general (More info?)

On Sun, 12 Jun 2005 16:08:08 -0500, "Shenan Stanley"
<newshelper@gmail.com> wrote:

>_RR wrote:
>> I'm currently running AVG's free version. I also keep Winpatrol
>> running (great program!) As mentioned in a previous post, AVG just
>> flagged changes to some system files. I've always thought it's good
>> to get a 2nd opinion, so I'm going to find a secondary virus scanner.
>>
>> Any recommendations? I know MS has a beta, so I'll probably try that.
>> NOD32 seems to get high marks. I'm not sure about the larger McAfee
>> and Norton/Symantec, as their products tend to get huge and intrusive.
>> I don't want the machine's CPU usage constantly pegged. I just had
>> to fix network registry settings after Ghost 9's notorious tampering.
>>
>> Any others?
>
>Ghost does no tampering that I know of.. At least never has in the
>mass-quantities I have done.

You may not have noticed it. I have lots of mapped network drives
with drive letters assigned to most of the alphabet. Installing Ghost
(and I believe, some other Norton products) disables some of the
networked drives.

It does so by changing reg key:


HKLM\SYSTEM\CurrentControlSet\Services\lanmanserver\parameters\IRPStackSize

to some number (15?) that chokes the network stack. You may not
notice if you don't have the alphabet soup of drive letters. I'm not
sure why they would do that, but you can get quite a few google hits
on the subject. A small sample: http://tinyurl.com/cy8a5

I've also seen Ghost9 *not* change that key (on a laptop install w
minimal mapped net drives) so I'm not sure what their logic is.

>Symantec's Full System Products can be a bit overwhelming - but if you get
>"just what you need" (usually just AV) - then it isn't so bad.

I'm concerned about runtime also. I've grown tired of machine stalls
and crashes, just to find that it was my antivirus software running in
the background. I had Norton AV on a laptop and it did seem to slow
down unpredictably. McAfee's site used to look like Times Square, and
merited its own popup blocker, but I see they've cleaned it up now (or
my popup blockers have). I'm still left with the impression that
they're one of the more obtrusive programs.

>I would wait on the MS AntiSpyware BETA - let it stew a little longer.

It does seem early to load this, but I've heard that it has caught
stuff that got by McAfee and Norton. Of course they may have been
false triggers.

>And remember - AntiVirus and AntiSpyware - two different worlds.

Understood, but I've heard that some of the AV programs are
incorporating AntiSpy as well. It would make sense, as the lines are
somewhat blurred these days. Spyware can knock a machine out as
effectively as a virus, and the infection techniques are often more
insidious. After so many years of growing problems, you'd think that
the legal system would be going after virus/spy writers aggressively.

The links are appreciated. (I've trimmed the following, so anyone
reading via google, refer to Shenan's original post for complete
links).

Have you tested these, or are they provided as reference? Your
comment "Untested by me" after one of them would seem to imply that
you've tested a bunch . I haven't tried too many AVs, so I don't know
how they compare. I'd love to hear capsule comments on these:

>Antivirus:
> avast! (Free and up) http://www.avast.com/
> AntiVir (Free and up) http://www.free-av.com/
> RAV AntiVirus Online Virus Scan (Free!) http://www.ravantivirus.com/scan/
> Kaspersky Anti-Virus (~$49.95 and up) http://www.kaspersky.com/products.html
> Panda Antivirus Titanium (~$39.95 and up) http://www.pandasoftware.com/
> Trend Micro (~$49.95 and up) http://www.trendmicro.com/en/home/us/personal.htm
> Untested (by me): eTrust EZ Antivirus ($29.95 and up) https://www2.my-etrust.com/commerce/buy.it.cfm

Re AntiMalware:

> Lavasoft AdAware (Free and up) http://www.lavasoft.de/support/download/
> Spybot Search and Destroy (Free!) http://www.safer-networking.net/en/download/index.html
> Bazooka Adware and Spyware Scanner (Free!) http://www.kephyr.com/spywarescanner/
> SpywareBlaster (Free!) http://www.javacoolsoftware.com/sbdownload.html
> IE-SPYAD (Free!) https://netfiles.uiuc.edu/ehowes/www/resource.htm
> CWShredder (Free!) http://www.softbasket.com/download/s_8114.shtml
> Hijack This! (Free) http://mjc1.com/mirror/hjt/

I have run many of the 'antiMalware' mentioned above at one time or
another. CWShredder failed to shred CW encountered on one machine.
I don't trust anything that's not highly recommended cause, as you
know, there are many spyware programs masquerading as antispyware.

Hijack This! is a great program, but it's indirectly responsible for
hundreds of false google hits due to people posting long lists of
their BHOs. I recently found a site that auto-analyzes Hijack This
output. That would have been a nice feature in the original program.
(If anyone is interested, I'll try to find that link)

> ToolbarCop (Free!) http://windowsxp.mvps.org/toolbarcop.htm
> Browser Security Tests http://www.jasons-toolbox.com/BrowserSecurity/
> Popup Tester http://www.popuptest.com/
> The Cleaner (49.95 and up) http://www.moosoft.com/

Thanks for the comprehensive list, Shenan! I presume that all are
known safe, so I'll look into them.

A couple possibly useful additions: I normally keep close track of
anything installing into registry 'run' keys. Lately I've been using
Winpatrol to do this, and for monitoring running services, etc.
See http://www.winpatrol.com.

And for the hard-core who want to view running processes: Process
Explorer (ProcExp.exe) from http://www.sysinternals.com. I've often
spotted CPU-hogging runaway processes with ProcExp. Usually innocuous
stuff (or antispyware making its rounds <g>), but it's nice to know
what's currently running.
Anonymous
June 13, 2005 3:02:00 AM

Archived from groups: microsoft.public.windowsxp.general (More info?)

On Sun, 12 Jun 2005 16:09:05 -0600, "Steve Winograd [MVP]"
<winograd@pobox.com> wrote:

>In article <nj6pa1lj15aqdjs5jpu5tham7ehbjffc6j@4ax.com>, _RR
><_RR@noemail.com> wrote:
>>I'm currently running AVG's free version. I also keep Winpatrol
>>running (great program!) As mentioned in a previous post, AVG just
>>flagged changes to some system files. I've always thought it's good
>>to get a 2nd opinion, so I'm going to find a secondary virus scanner.
>>
>>Any recommendations? I know MS has a beta, so I'll probably try that.

>The MS beta is an antispyware program, not an antivirus program:
>http://www.microsoft.com/spyware

I've heard that MS is one of the programs that is starting/intending
to check for both. In this particular case, AVG is flagging files as
'changed' so the nature of the cause is debatable. Again, it could be
a false trigger caused by MS's own hotfixes.

>Instead of installing a second antivirus program, which can cause
>conflicts with an existing one, I'd use one or more of these free
>on-line virus scanners, and I'd temporarily disable AVG while running
>them:

I've often disabled AVG's startup with WinPatrol, just because its
scan scheduling tends to get in the way sometimes. Unfortunately, it
sometimes gets PO'd when I try to re-enable it, and I have to
reinstall.

I know that some scanners (or even anti-spy) programs can conflict
with each other, so I'm looking to find two very reliable programs.
Here's what prompted this:

AVG just flagged four system files as 'changed':
kernel32.dll 930,816 bytes, 6/17/2004 12:58:36pm
ntoskernel.exe 2,040,832 bytes, 3/1/2005 9:33:36pm
user32.dll 8,348,672 bytes, 3/11/2005 9:51:16pm
shell32.dll 561,152 bytes, 3/2/2005 2:20:04pm

(all in System32). Of course I quickly scanned the networked drives.
AVG reported nothing, though three of the files on the 'mirrored'
system were identical to the first system. The only file that is
different is kernel32.dll:

system1: kernel32.dll is 930,304 bytes, date 2/3/2003 12:05:22am
system2: kernel32.dll is 930,816 bytes, date 6/17/2004 12:58:36pm
system3: kernel32.dll is 930,304 bytes, date 2/3/2003 12:05:22am
(anyone have files matching either of those?)

And the kernel32.dll file is identical with system3, which also got a
clean bill. So...all 4 files flagged were deemed OK on other systems.
Oddly enough, all 4 files above are different on systems2 and 3, but
both pass AVG.

Clearly something is wrong with AVG, but now I need to doublecheck
everything. That's why I had inquired in another post re Hotfixes
replacing those files. You'd think those particular system files
would be subject to hotfix replacement, and I do often opt out of some
hotfixes depending on the machine's use. That would account for
differences.

I'm hoping to simplify my life by getting results from one very solid
virus scanner, and then (as you recommended) disabling it and checking
with a second. Despite its youth, I'm thinking that the MS scanner
would at least recognize MS's valid system files (or...maybe not!). I
don't want to load too much stuff, even on non-critical machines, so
I'm trying to narrow down the choices.

Meanwhile, if anyone knows about the system files above....

(Thanks for the links)
Anonymous
June 13, 2005 3:09:38 AM

Archived from groups: microsoft.public.windowsxp.general (More info?)

On Sun, 12 Jun 2005 20:35:00 -0400, "MAP"
<mikepawlak2REM@OVEhotmail.com> wrote:

>I have been using NOD32 for a year now,I just renewed my subscription
>If that tells you anything.
>According to "virus bullitin"(an independant virus study group)
>AVG passes only about 40% of their testing despite what you may read here I
>would NOT use it on my system.
>I would give you a link to the virus bullitin reports but it has just become
>a pay for listing :-(

That's unfortunate. I guess it's the new software industry. I miss
the old days when everyone was making a living writing screensavers.
<g>

I've also heard good things about NOD32, and I understand that it's
very light on CPU cycles. If it's as thorough as it's reputed to be
and doesn't mistrigger, that may be my top choice.

Can you sorta 'paraphrase' what Virus Bulletin said about a few other
top contenders? Is there anything close to NOD32?
Anonymous
June 13, 2005 3:17:49 AM

Archived from groups: microsoft.public.windowsxp.general (More info?)

_RR <_RR@noemail.com> wrote:

>I'm currently running AVG's free version. I also keep Winpatrol
>running (great program!) As mentioned in a previous post, AVG just
>flagged changes to some system files. I've always thought it's good
>to get a 2nd opinion, so I'm going to find a secondary virus scanner.
>
>Any recommendations? I know MS has a beta, so I'll probably try that.
>NOD32 seems to get high marks. I'm not sure about the larger McAfee
>and Norton/Symantec, as their products tend to get huge and intrusive.
>I don't want the machine's CPU usage constantly pegged. I just had
>to fix network registry settings after Ghost 9's notorious tampering.
>
>Any others?

For a periodic "second opinion" on possible virus infestations I
suggest using one of the free online virus scanners. There are a
number to choose from including:
http://housecall.trendmicro.com
http://www.pandasoftware.com/activescan/
http://www.ravantivirus.com/scan/


Spyware is becoming even more of a problem than viruses, and there is
no one program that is going to complete protect your computer and
remove any infestations.

The Microsoft Antispyware Beta (previously marketed as Giant
Antispyware) is usually rated as the single best program available,
but even it seldom gets a rating beyond 85% or 90% in comparative
tests; but then all other products get even lower ratings.

My own preferences for Spyware prevention and removal are to use
Microsoft Antispyware (http://download.microsoft.com as the primary
"frontline" defence and tester. I also use AdAware
(http://www.lavasoft.de) as the #2 detection tool, and I update and
run this once a week. As a secondary defence against infestations I
use SpywareBlaster
(http://www.javacoolsoftware.com/spywareblaster.html) which I manually
update at least once a week.

About once a month I run SpyBot Search & Destroy
(http://www.safer-networking.org/) just to ensure that nothing nasty
has gotten past the other tools. In reserve I have HiJackThis
(http://www.aumha.org/downloads/hijackthis.exe) which I use if and
when something appears to be amiss with the computer but none of the
other tools can find anything wrong.

Hope this is of some assistance.

Good luck





Ron Martell Duncan B.C. Canada
--
Microsoft MVP
On-Line Help Computer Service
http://onlinehelp.bc.ca

In memory of a dear friend Alex Nichol MVP
http://aumha.org/alex.htm
Anonymous
June 13, 2005 4:14:12 AM

Archived from groups: microsoft.public.windowsxp.general (More info?)

_RR wrote:
> You may not have noticed it. I have lots of mapped network drives
> with drive letters assigned to most of the alphabet. Installing Ghost
> (and I believe, some other Norton products) disables some of the
> networked drives.
>
> It does so by changing reg key:
>
> HKLM\SYSTEM\CurrentControlSet\Services\lanmanserver\parameters\IRPStackSize
>
> to some number (15?) that chokes the network stack. You may not
> notice if you don't have the alphabet soup of drive letters. I'm not
> sure why they would do that, but you can get quite a few google hits
> on the subject. A small sample: http://tinyurl.com/cy8a5
>
> I've also seen Ghost9 *not* change that key (on a laptop install w
> minimal mapped net drives) so I'm not sure what their logic is.
>
> I'm concerned about runtime also. I've grown tired of machine stalls
> and crashes, just to find that it was my antivirus software running in
> the background. I had Norton AV on a laptop and it did seem to slow
> down unpredictably. McAfee's site used to look like Times Square, and
> merited its own popup blocker, but I see they've cleaned it up now (or
> my popup blockers have). I'm still left with the impression that
> they're one of the more obtrusive programs.
>
> It does seem early to load this, but I've heard that it has caught
> stuff that got by McAfee and Norton. Of course they may have been
> false triggers.
>
> Understood, but I've heard that some of the AV programs are
> incorporating AntiSpy as well. It would make sense, as the lines are
> somewhat blurred these days. Spyware can knock a machine out as
> effectively as a virus, and the infection techniques are often more
> insidious. After so many years of growing problems, you'd think that
> the legal system would be going after virus/spy writers aggressively.
>
> The links are appreciated. (I've trimmed the following, so anyone
> reading via google, refer to Shenan's original post for complete
> links).
>
> Have you tested these, or are they provided as reference? Your
> comment "Untested by me" after one of them would seem to imply that
> you've tested a bunch . I haven't tried too many AVs, so I don't know
> how they compare. I'd love to hear capsule comments on these:
>
> I have run many of the 'antiMalware' mentioned above at one time or
> another. CWShredder failed to shred CW encountered on one machine.
> I don't trust anything that's not highly recommended cause, as you
> know, there are many spyware programs masquerading as antispyware.
>
> Hijack This! is a great program, but it's indirectly responsible for
> hundreds of false google hits due to people posting long lists of
> their BHOs. I recently found a site that auto-analyzes Hijack This
> output. That would have been a nice feature in the original program.
> (If anyone is interested, I'll try to find that link)
>
> Thanks for the comprehensive list, Shenan! I presume that all are
> known safe, so I'll look into them.
>
> A couple possibly useful additions: I normally keep close track of
> anything installing into registry 'run' keys. Lately I've been using
> Winpatrol to do this, and for monitoring running services, etc.
> See http://www.winpatrol.com.
>
> And for the hard-core who want to view running processes: Process
> Explorer (ProcExp.exe) from http://www.sysinternals.com. I've often
> spotted CPU-hogging runaway processes with ProcExp. Usually innocuous
> stuff (or antispyware making its rounds <g>), but it's nice to know
> what's currently running.

Appreciate the response..

As I only deal with the Corporate versions (Symantec Ghost) perhaps I have
not seen what you see.. Although I do have quit a few drives mapped at any
given time and the console is installed on my PC and others I use.

I normally only list the AV and Malware products i have personally used OVER
and OVER - thus the "untested" one listed was labeled as such.. But it
comes highly recommended by others in this newsgroup.

Yes - Symantec AV 10 definitely is a resource hog.. That is without a
doubt. All their full-blown home products seem to lean that way as well.
Some of the other AVs out there (other than the big two) take up less
resources, that's a fact. As for the antispyware ability of the AV
softwares - sad and almost laughable in my tests so far.Symantec failed big
time - where just SpywareBlaster anbd IESpyAd kept away what it could not.

There is a HijackThis log analyzer web page - I have it on a CD or two I
give out for cleaning systems - but I too cannot recall the link.. hah

Again - thanks for the response and other heads up!

--
Shenan Stanley
MS-MVP
--
Anonymous
June 13, 2005 4:17:41 AM

Archived from groups: microsoft.public.windowsxp.general (More info?)

Interesting page I was given earlier today by "Fitz"..

" On this site you will find independent comparatives of Anti-Virus
software. All products listed in our comparatives are already a selection of
some very good anti-virus engines. In order to get tested by us, companies
must fulfill various conditions. "
http://www.av-comparatives.org/

Well worth the look.

--
Shenan Stanley
MS-MVP
--
Anonymous
June 13, 2005 4:31:43 AM

Archived from groups: microsoft.public.windowsxp.general (More info?)

On Sun, 12 Jun 2005 23:02:00 -0400, _RR <_RR@noemail.com> wrote:
>
>AVG just flagged four system files as 'changed':
> kernel32.dll 930,816 bytes, 6/17/2004 12:58:36pm
> ntoskernel.exe 2,040,832 bytes, 3/1/2005 9:33:36pm
> user32.dll 8,348,672 bytes, 3/11/2005 9:51:16pm
> shell32.dll 561,152 bytes, 3/2/2005 2:20:04pm

Oops...I reversed the last two files. Make that:

kernel32.dll 930,816 bytes, 6/17/2004 12:58:36pm
ntoskernel.exe 2,040,832 bytes, 3/1/2005 9:33:36pm
shell32.dll 8,348,672 bytes, 3/11/2005 9:51:16pm
user32.dll 561,152 bytes, 3/2/2005 2:20:04pm

Also note that file sizes are as reported by 'properties,' not by
normal directory listing, which I'm presuming is in 1024's rather than
even 1000's (nothing like consistency, Microsoft!). Also the 'hours'
could be off by some even number, depending on your time zone,
daylight savings, and file system (FAT32 vs NTFS).
June 13, 2005 9:33:08 AM

Archived from groups: microsoft.public.windowsxp.general (More info?)

On Mon, 13 Jun 2005 00:17:41 -0500, "Shenan Stanley"
<newshelper@gmail.com> wrote:

>Interesting page I was given earlier today by "Fitz"..
>
>" On this site you will find independent comparatives of Anti-Virus
>software. All products listed in our comparatives are already a selection of
>some very good anti-virus engines. In order to get tested by us, companies
>must fulfill various conditions. "
>http://www.av-comparatives.org/
>
>Well worth the look.

Yes it is! Thanks for the link. I'm not sure about the nature of the
tests, but it seems that the same few AVs place high consistently.
I don't know how the two types of tests differ, but the latest
'retrospective' tests (May) look pretty dismal all-around. It does
seem that a combination of ESet Nod32, Kaspersky and Bit-defender
would cover a lot of ground. (First time that I took much note of
Bit-Defender).

Nod32 places highest in that test, but unless I'm doing something
wrong, it's a bit inconsistent. Between writing messages in this
thread, I loaded the Nod32 demo and scanned some known virus samples.
When I used the main program to scan the entire drive, the viruses
were not flagged. I did get a warning that a few of them were 'not
accessible.' Not sure why.

When I r-clicked individual files and designated NOD32 scan, the
viruses *were* picked up. Odd. By the way, these were originally
found by AVG. MS Antivirus did not flag them.

NOD32 *did* pick up on some files that I had previously moved - with
changed file extensions - cause I suspected them of being CoolWeb.
Nod says "Win32/Delf.NAJ trojan". Neither AVG nor MS caught those.
It also picked up a .dll file inside
\system volume information\_restore{....} ! I have no idea how that
one got there or was going to get run...possibly if I tried a restore
at some point. Maybe just a place where you wouldn't think to look.

Nod's CPU load does seem pretty low (good). Process Explorer didn't
jump much above 50%, with very few peaks, so it should give some elbow
room to other running apps.

If you try process explorer, you can get a larger display of CPU usage
by clicking on the smaller usage icon in the main screen. Those guys
at Sysinternals.com are great programmers. Lots of bare-metal stuff
at that site.

I haven't run Kaspersky, but it seems to place high in all tests. I
was a bit surprised as Mr K's comments about how the spyware thread is
overblown. That may be true to some extent, but that seems to be a
major focus of perverse and malevolent programmers at the moment. It
would be nice to think he's paying attention to it.

*None* of the subsequent scans w MS or NOD32 flagged the particular
windows system32 files I had inquired about. I'm thinking that they
are different due to various MS hotfixes.

It sounds like you've spent a lot of time researching AV programs.
Have you found any that work together without causing problems?
It would be interesting to load Nod32 + Kaspersky. I'd load up
Kaspersky's trial now if I hadn't already started up Nod. I'm curious
to see how K would treat those same files.

I must ask: What are you using on your own machines?
June 13, 2005 12:27:43 PM

Archived from groups: microsoft.public.windowsxp.general (More info?)

_RR wrote:
> On Sun, 12 Jun 2005 20:35:00 -0400, "MAP"
> <mikepawlak2REM@OVEhotmail.com> wrote:
>
>> I have been using NOD32 for a year now,I just renewed my
>> subscription
>> If that tells you anything.
>> According to "virus bullitin"(an independant virus study group)
>> AVG passes only about 40% of their testing despite what you may read
>> here I would NOT use it on my system.
>> I would give you a link to the virus bullitin reports but it has
>> just become a pay for listing :-(
>
> That's unfortunate. I guess it's the new software industry. I miss
> the old days when everyone was making a living writing screensavers.
> <g>
>
> I've also heard good things about NOD32, and I understand that it's
> very light on CPU cycles. If it's as thorough as it's reputed to be
> and doesn't mistrigger, that may be my top choice.
>
> Can you sorta 'paraphrase' what Virus Bulletin said about a few other
> top contenders? Is there anything close to NOD32?

Kaspersky seems to be running neck and neck with Nod32 althrough I have not
tried it so I can't say.
http://www.kaspersky.com/

Norton I remember scored faily high but not as good as the two above,Norton
I have used in the past,I never had a virus while using it but it is a
resource hog! Also a scan with Norton (On my old system) took an average of
90 minutes on a 80 gig drive 1.6gig P4 and 1gig of ram the scan with Nod32
took
5 minutes for a quick scan and 25 minutes for a full system through scan.

--
Mike Pawlak
June 13, 2005 12:38:20 PM

Archived from groups: microsoft.public.windowsxp.general (More info?)

I hope you noted that Nod32 has two different scans,an "In-depth analysis"
takes about 27 min on my system and a quick scan which takes about 5.
The In-depth is much better at finding parasites than the quick scan.


_|_|_ wrote:
> On Mon, 13 Jun 2005 00:17:41 -0500, "Shenan Stanley"
> <newshelper@gmail.com> wrote:
>
>> Interesting page I was given earlier today by "Fitz"..
>>
>> " On this site you will find independent comparatives of Anti-Virus
>> software. All products listed in our comparatives are already a
>> selection of some very good anti-virus engines. In order to get
>> tested by us, companies must fulfill various conditions. "
>> http://www.av-comparatives.org/
>>
>> Well worth the look.
>
> Yes it is! Thanks for the link. I'm not sure about the nature of the
> tests, but it seems that the same few AVs place high consistently.
> I don't know how the two types of tests differ, but the latest
> 'retrospective' tests (May) look pretty dismal all-around. It does
> seem that a combination of ESet Nod32, Kaspersky and Bit-defender
> would cover a lot of ground. (First time that I took much note of
> Bit-Defender).
>
> Nod32 places highest in that test, but unless I'm doing something
> wrong, it's a bit inconsistent. Between writing messages in this
> thread, I loaded the Nod32 demo and scanned some known virus samples.
> When I used the main program to scan the entire drive, the viruses
> were not flagged. I did get a warning that a few of them were 'not
> accessible.' Not sure why.
>
> When I r-clicked individual files and designated NOD32 scan, the
> viruses *were* picked up. Odd. By the way, these were originally
> found by AVG. MS Antivirus did not flag them.
>
> NOD32 *did* pick up on some files that I had previously moved - with
> changed file extensions - cause I suspected them of being CoolWeb.
> Nod says "Win32/Delf.NAJ trojan". Neither AVG nor MS caught those.
> It also picked up a .dll file inside
> \system volume information\_restore{....} ! I have no idea how that
> one got there or was going to get run...possibly if I tried a restore
> at some point. Maybe just a place where you wouldn't think to look.
>
> Nod's CPU load does seem pretty low (good). Process Explorer didn't
> jump much above 50%, with very few peaks, so it should give some elbow
> room to other running apps.
>
> If you try process explorer, you can get a larger display of CPU usage
> by clicking on the smaller usage icon in the main screen. Those guys
> at Sysinternals.com are great programmers. Lots of bare-metal stuff
> at that site.
>
> I haven't run Kaspersky, but it seems to place high in all tests. I
> was a bit surprised as Mr K's comments about how the spyware thread is
> overblown. That may be true to some extent, but that seems to be a
> major focus of perverse and malevolent programmers at the moment. It
> would be nice to think he's paying attention to it.
>
> *None* of the subsequent scans w MS or NOD32 flagged the particular
> windows system32 files I had inquired about. I'm thinking that they
> are different due to various MS hotfixes.
>
> It sounds like you've spent a lot of time researching AV programs.
> Have you found any that work together without causing problems?
> It would be interesting to load Nod32 + Kaspersky. I'd load up
> Kaspersky's trial now if I hadn't already started up Nod. I'm curious
> to see how K would treat those same files.
>
> I must ask: What are you using on your own machines?

--
Mike Pawlak
Anonymous
June 13, 2005 9:41:16 PM

Archived from groups: microsoft.public.windowsxp.general (More info?)

On Mon, 13 Jun 2005 08:38:20 -0400, "MAP"
<mikepawlak2REM@OVEhotmail.com> wrote:

>I hope you noted that Nod32 has two different scans,an "In-depth analysis"
>takes about 27 min on my system and a quick scan which takes about 5.
>The In-depth is much better at finding parasites than the quick scan.

I just noticed that (just loaded NOD late last night--I'm getting up
to speed). I have a couple terabytes in each development station, so
NOD should be busy for a while!

I had tried running NOD directly from the main program, not the
control center. I used default settings, which for some reason, don't
look inside .rar/.zip files. This explains 1: Why it was so fast, and
2: Why it missed files that were caught by AVG. It seems like they
should set rar/zip on as their default.
!