Tham
-
Posts
6 -
Joined
-
Last visited
Posts posted by Tham
-
-
While I guess thats a feature some will want, there is
also a good reason for it not to exist. What if you
download something and run it and your av wrongly
detects it? Well if you told it to delete everything, then
you just lost your file and will have to download it again.
Sure you could tell it to quarantine, but thats just as
annoying.
Thanks for the feedback.
The recent infection I had above was unintentional since
I had accidentally clicked "Ignore", when I actually
wanted to click "Delete". This would not have happened
if I had a shield or guard which had been set to
automatically delete or quarantine.
As mentioned by the Antivir people in their reply to
my post in their forum, the "Automatic" mode is only
available in their Premium version, which emphasizes
the importance of it, since the fact that people are willing
to pay for it indicates it is an essential feature.
If the antivirus program wrongly detects and deletes the
file, I think it is just a minor inconvenience and one could
just redownload the file with the shield or guard turned
off. Even more paltry, if it merely quarantines the file, it is
just a simple matter of retrieving it. This contrasts with
the huge risks involve if one were to actually be infected
with a nasty virus, or worse, several viruses which mess
up the whole system, including the registry. Worst case,
if it were to be one of those which invade the BIOS (and
the antivirus feature of the BIOS had not been turned on),
such as the infamous CIH virus, then one would
effectively kiss goodbye to the motherboard.
Probably the antivirus program with the most versatile
shield or guard settings is that of Norton. I remember
when I wanted to download a file, I merely set the
"Autoprotect" for last-ditch defense. I set it to react
when the file is "Run", i.e. only when it was executed.
Thus it would not detect and delete any files I wanted
to download and save on to my desktop, effectively
eliminating any erroneous detection and reaction which
you mentioned above. After it had been downloaded, I
would give it a manual scan just in case.
-
AVG performs poorly. Avast doesn't do very well either
when it comes to detection, though its engine in
removing viruses from memory before Windows starts
up is quite good. My post in the Antivir forum some time
ago may be of interest.
http://forum.antivir-pe.de/thread.php?threadid=13506
After the above horrendous infection, I had switched
from AVG to Antivir's free Classic edition, which has quite
good detection capabilities due to a vast 700,000
database, but have since moved on to AOL's Kaspersky
plus Bitdefender 8. The main reason behind this is the
resident shield of this free Antivir version does not have
"Automatic" settings, leaving you with just a manual
"Interactive" option. See my post in this same forum.
http://forum.piriform.com/index.php?s=&...ost&p=66325
The principle of operation of an antivirus program is
very much similar to that of a combat aircraft's
radar jammer. Setting Antivir to "Interactive" is like
setting the radar jammer to "Manual" mode.
Imagine flying a Tornado or F-15E into Iraq or Kosovo
with their jammers set to "Manual", when you are
simultaneously illuminated by countless ground and
airborne search, tracking and missile guidance radars.
One simply does not have time to react, thus
"Automatic" jamming modes are a must.
-
I've given up on Antivir, their free Classic version, that is.
I was using it for some time, until this March 9, when on
downloading a file from the net, it detected trojans and
prompted me for action. In my haste, I accidentally
selected "Ignore" ! My system was badly infected and I
had to spend some two hours using multiple antivirus
(including Bitdefender 8 and AOL's Kapersky),
antispyware and registry backtracker programs to clean
up. Apparently one of them, "Adirka.exe", as described in
Prevx1's database link, is a particularly bad and very
recent infection, being first detected on March 5.
That is the main drawback of the free version - you can't
set the resident shield to "Automatic Delete", which
would have prevented the infection.
You can see my post in the Antivir forum here.
http://forum.antivir-pe.de/thread.php?threadid=19223
This must have been the infection which inserted in the
two trojan horses (Xorpix.m and Worm.Glowa.Ar) in my
post above, since a look at their "Properties" showed
a "Modified" date of March 9, and about the same time.
A manual scan with Antivir, despite its huge
database of 700,000 (probably the largest on the
market), failed to detect them. Kapersky detected
the first, Bitdefender 8 the second. Sending them to
Virus Buster confirmed the first infection.
I've since switched over to AOL's Kapersky Antivirus
Shield as my resident shield, despite its much smaller
280,000 database, with Bitdefender 8 (400,000
signatures) as a manual scanner.
-
I appear to have two trojans in my System32 folder.
The free version of Kaspersky, Active Virus Shield,
detected one of them at "Xorpix.m". Bitdefender 8,
their free version, missed it.
Bitdefender 8 detected the other one as
"Worm.Glowa.AR". Kaspersky missed this though.
Antivir, Comodo, Clam, Spyware Terminator,
Super Antispyware, Asquared and Ewido missed
both totally.
I'm not sure if they were false alarms though.
What AntiVirus do you use?
in Windows Security
Posted
I didn't say it was that good, but efficient enough amongst
the antivirus programs of its time and against most of the
threats then.
I was using Norton 5.02 when I had the older computer
(a first-generation Pentium 166 with 40 Mb ram !) running
Windows 95, although it was supposed to run on Win 98.
Setting the "Autoprotect" to detect only when the file is
"Run", it had hardly any impact on system performance.
This was the setting I used actually when downloading
the deadly CIH virus from hacker websites onto my
desktop, to test its efficacy - which it did detect with
a manual scan.
With the later 6.0 versions meant for Windows 98 and XP,
it started using lots of system resources and attracting a
lot of criticism for this drawback.