Does anybody know if XNews provides a portal for viruses to sneak past NAV, under XP-Pro? I'm continually getting tiny viruses that disable NAV's automatic LiveUpdate feature, and to clear them out I have to update my virus signatures by hand.
XNews is the only non-OEM software on my machine, so I believe that it's my system's weakest point. I'd like to confirm that with some experts.
Jay Stallworth wrote in news:Xns98261622D9BD1JusLilOlMe@207.115.17.102:
I'm running WinXP Pro, and using Xnews. I've seen no malware at all here. I run AVG Free resident, and also manually scan the entire system weekly with AVG, ClamWin as well as Ewido all of which are updated to the latest version and definitions. Scanning regularly the entire system with SpyBot Search & Destroy and Ad-Aware SE has found nothing. I do use SpywareBlaster, also. All this makes me sound paranoid, and maybe I am.
Is WinXp Pro fully patched? I used to have Norton Internet Security on this machine, as it came with a 3 month trial version. After about a month, I removed it entirely. Norton products aren't what they used to be a few years ago. I'd used NAV for many years before this last year, but never more. At the least, it's now bloatware and also acts very flaky.
John Gray wrote in news:Xns9826748D84E7T.JGray@65.24.7.28:
I don't think you're being paranoid at all. With the explosion of spam, shady people stand to make meaningful profits from zombifying your machine. Such a hearty financial incentive, for people to hijack your spare cycles, brings the slimeballs out of the woodwork.
My XP-Pro is fully patched, but I have no idea about all the little tweaks you need, to set up a Firewall correctly, or especially, how to monitor a connection for rootkit activity. The latter seems to be the magic secret.
The gimmick that I use to monitor my system for malware is whether my internet connection times out properly, disconnecting me automatically. I have it set for a fairly quick time out, because when I walk away from my PC, I want the door to slam shut and lock behind me, asap. In return for that gimmick, I'm willing to put up with an above average frequency of dropped connections, while I'm sitting here.
I also do full system scans twice a week, and a quick scan every day. I just added the quick scan this month, and it seems to have improved performance dramatically. Although I also decided to accept the system slowdown of having the viral activity monitor (whatever the hell that is) running continually, which is probably a more likely explanation for the improvement.
The price is that now I regularly get what appear to be sudden and annoying system hangs that clear themselves in maybe ten seconds or so.
I'm not familiar with AVG, ClamWin or Evido, but I was *very* disappointed by SpyBot and AdAware. Is Adaware SE the freeware version? I ran them both for a while, and eventually became so convinced that my system was infected that I bought NAV. Sure enough, NAV found about six or eight infections, although they were all pretty much strains of the same thing.
What we need is some kind of honest benchmark for comparing the programs, and not the sad product reviews that the PC magazines publish. Having looked at the home page of your AVG utility, it occurs to me that the best AV benchmark may be the regular updates to the lists of viruses that each manufacturer claims they just installed.
The master list itself, of course, would be an ideal starting point, but those things are gargantuan, and I'm not even sure if they're easily available. Checking the monthly updates is a sort of differential benchmark, and it will let you see how far AVG is behind NAV, if at all. But I have no such clever ideas for benchmarking a Firewall.
Considering the critical nature of the problem, I'm inclined to think that it makes more sense to suffer with Norton's bloatware for the privilege of having such a huge number of well-funded experts behind me. Aren't they part of Netscape/AOL/Time Warner? Shouldn't that give them the resources of a Fortune 500 company?
Jay Stallworth wrote in news:Xns982682D0ADF81JusLilOlMe@207.115.17.102:
automatically.
frequency
Tracking cookies aren't infections, but both will report them. They can be a privacy issue, but not likely a security one. I keep clean mostly by practicing safe hex. I've seen SpyBot Search & Destroy and Ad-Aware Se find infections on a friend's machine, but he wants Java and JavaScript enabled all the time and insists on using Internet Explorer. He's running WinME, and clicks on anything and everything. It's not at all uncommon to find several malware infections on it. He installed NIS a few months ago and I'll admit it does a fair job. He's on broadband also, and NIS not only slowed the infections but also the rest of the system. It even takes forever to receive and send Mail, but his machine tests clean on complete scans. It's awful. My second machine here is an old Win95a P166 machine, and it's far quicker on the internet as well as boots far faster. It's also never been infected in the past 10 years of internet connectivity.
Antivirus vendors play a name game with virus definitions. Some recognize all the varients of a virus and call it one, while another vendor will call each varient by a different name, thus bloating their count compared to the other vendors. It's a marketing gimmick. Various groups have tried to get them to buy into unified naming convention.
If frequency of updates were the only criteria, ClamAV would be near the very top, updating several times a day.
When Norton was leaner and meaner(ie, poorer), their software was far better than it is now. Sadly, with growth companies often become less adaptable with everyone playing politics instead of working toward a common goal. Some excellent utilities are referenced on Eric Howes site at
I like these:
AV-Test (Andreas Marx - Germany)
2) VirusP is a virus collector, but his methodology is not well-regarded, particularly among the NOD32 set. Take his work with a grain of salt. I only mention it because it almost always comes up in such a discussion.
3) You are absolutely correct about the reviews in PC magazines ... worth about as much as medical advice from Philip Morris.Ron :)
Yeah, half of the test samples are old DOS stuff. Very representative for real-world performance.
Shows your competence...
For retrospective tests avcomaparatives uses only new malware.The reasons for the dos virus inclusions is explained on the .pdf file that can be downloaded from the site,and also the source of thier test beds.Avcomparatives do not test or publish any results on an avs performance without the vendors prior permission.Such is thier status ,that av companies such as eset,kaspersky,avira,drweb,bitdefender and many more ,have all participated in avcomparatives testing and continue to do so,with the latest published tests available for viewing at the site from may this year. me
I know. But even those samples hardly represent reality.
F.e. what are those malicious scripts supposed to be? I've got some of my fully valid and purposeful batch scripts recognized as Generic/Batch.Delete.
What about code morphing? What about common EXE packers/crypters? What about single point scanning vs. fuzzy signatures? What about strong vs. weak signature properties?
Im not an av expert so couldnt begin to discuss those things with you.However the continuing particpation of those AV vendors listed gives AV comparatives legitamacy as a respected organization in its field.AV comparatives major source of malware is from AV vendors themselves,so i would imagine that they do indeed have such malware. The Av vendors press releases give limited information on what the test base contains. me
As you already stated, it's primarily supported by the usual "winners" of the contest.
What about the VX scene itself? That's a really representative source, and well, we already know that Eugene Kaspersky has some good connections (as well as SoftWin and Eset), both by incidents and by correlation of scene typical methods vs. AV detection methods.
Sadly from what we know it can't be very accurate.
IM not sure I understand you on this point.I havent stated any AV primarily supports AV comparatives,only that many participate in thier tests.Those that dont do as well in the tests like AVG continue to participate regularly also. me
Anyone who thinks highly of Volker Birk is all right by me. ;)
Ron :)
AVG may be on the bottom of the list of the tested products, but remember that in order to participate in the "Regular" test-series need to be able to detect at least 80% of the full test-set. Nearly all of the minor av products or products used e.g. in Asia (due the marketing their) by far do not reach this level (some detect 'only' between 5% and 79% in total). See my try to test also other not so well products:
btw: yes, we get all the samples that the vendors get from all their sources (customers, malware authors, honeypots, suspicious files, etc.), but we also have own/other additional sources from where we gather malware, like honeypots, malware crawler, files that are submitted e.g. on multi-engine scanner sites, etc. - so we get nearly most of the malware that is released somewhere in the world.
bassbag schrieb:
Thank you for clarification...... me
Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.