Made curious by the thread

http://www.wilderssecurity.com/showthread.php?t=199292&highlight=Dr.Web

I have installed Dr.Web.
The proggie has minimal impact on my rig, it updates flawlessly and there are no conflicts with other software. GUI is simple and easy to navigate; no eye-candy. A full system scan with highest settings takes about 70 minutes. This is about the same amount of time KAV takes. It found a couple of false postives. No big deal: every AV finds that.
The only thing that I miss is a “restore to original location” button in quarantine.

I have tested Dr. Web for more than a week in the famous Egghead Lab (visiting & downloading stuff from porn-, cracksites and other dark places of the web that is). The doctor provided outstanding protection, not one infection (double checked it with KAV).

Regardless what AV comparatives results say, in the “real world” Dr.Web gives outstanding protection. The best AV is the AV that protects YOUR "real world".

I like Igor Daniloff’s philosophy concerning his product. He does his best to protect the user from in the wild threats instead of wasting time adding test samples for competing in a test which means absolutely nothing (except for bragging rights) to most users. Whether this is a smart move from a viewpoint of a business is another question. I personaly like to see the Doctor to perform better in those “tests”, because a lot of people decide on these scores the product they are going to try. I think a lot of people don’t give the doctor a try because of these scores.

I have bought a license for dr.Web. I have made use of the migration offer that gave me a 50% discount, but even the full price is a steal.

Somewhere in your life your gonna need the Doctor.

For the number fetishists among you, take a look here for a different opinion (then AV-comparatives) about the protection of the doctor:

http://www.shadowserver.org/wiki/pmwiki.php?n=Stats.VirusYearlyStats (daily, monthly & yearly stats)

or here:
http://www.anti-malware-test.com/

Dr. Web should give CSJ a free license for life for 2 years;D (at least) for his tenacity in supporting this wonderful proggie.

hello egghead,

welcome to the doctor, a thread you might find useful here (http://www.wilderssecurity.com/showthread.php?t=197854)

nice to see another happy customer ;)

we all await v5 beta which will include the feature you mentioned above that you want.

with february almost over, time to post antivirus.ru's results.

a good month for avira over-there, but still drweb holds well.

198129


February results:

1. Avira / Webwasher
2. F-Secure
3. Drweb
4. Kaspersky / Sophos
5. AVG

Overall Standings:

1. Drweb
2. Webwasher
3. Kaspersky
4. Antivir
5. F-Secure

Good to see another dr.web user here. I was looking for an antivirus that is stable, light, updates frequently, doesn't have/cause any problems, is very configurable, is developed by an established company in "av world" and doesn't annoy me in any way.

-> Satisfied Dr.Web user. :)

lol, nicely put risl. :thumb:

It is nice to see other Dr Web users. I am a little concerned with version 5, or rather how slow their developement of it is. How long have they been in htr 4.x branch, 5 years?

i dont know why its taking soooo long n8chavez, but 'probably' at worst... we will have the beta within the next 2 months.

i just hope it comes sooner rather than later. :)

-{ Quote: "
Dr. Web should give CSJ a free license for life for 2 years;D (at least) for his tenacity in supporting this wonderful proggie." }-

Absolutly agree egghead.:) After reading all the posts from C.S.J I took the plunge a couple of weeks ago and I don't regret it. It's so light, I even forgot
It's there:)

I also use the 50% migration, so may almost say I got it for free.;)

-{ Quote: "It is nice to see other Dr Web users. I am a little concerned with version 5, or rather how slow their developement of it is. How long have they been in htr 4.x branch, 5 years?" }-
Closer to ten years actually :D

-{ Quote: "Absolutly agree egghead.:) After reading all the posts from C.S.J I took the plunge a couple of weeks ago and I don't regret it. It's so light, I even forgot
It's there:)

I also use the 50% migration, so may almost say I got it for free.;)" }-
well, im glad my posts are making you see 'the green light' ;)

still, quite a few versions in those years Firecat, but drweb has always kept its similar look and feel.

however, i feel V5 may be quite (alot) different in the updates of previous years, and i am very much looking forward to the beta.

glad to help ;)

Welcome to Club Green. CSJ made me a convert a while ago too. Totally happy with the Dr.

-{ Quote: "Welcome to Club Green. CSJ made me a convert a while ago too. Totally happy with the Dr." }-
thief! >:(

-{ Quote: "i dont know why its taking soooo long n8chavez, but 'probably' at worst... we will have the beta within the next 2 months.

i just hope it comes sooner rather than later. :)" }-

had an exchange with tech support: they expect to launch v 5 for public beta testing within 3 - 6 months. :'(

-{ Quote: "had an exchange with tech support: they expect to launch v 5 for public beta testing within 3 - 6 months. :'(" }-I can see it all now. Version 5 arrives. Pigs begin to fly. And a permanent peace is achieved in the Middle East. :dry:

Face it, its just an AV. Why do some of you have to be such fan boys?

Oh come on diver. Live a little.;)

Green is beautiful.;)

-{ Quote: "I can see it all now. Version 5 arrives. Pigs begin to fly. And a permanent peace is achieved in the Middle East. :dry:" }-


well it looks good in writing but that's a reality that I don't think we'll see unfortunately as for the good Doc , I like the scan but not sure I could run this as my everyday , my hat's are off to those that can...

well ive ran that dr web cure it never finds anything and i use avg so avg must be just as good ;D

-{ Quote: "Oh come on diver. Live a little.;)

Green is beautiful.;)" }-

Thank you, well taken.

-{ Quote: "thief! >:(" }-

Nah....just a plagiarist, ;D

I have never tried dr.web (maybe I will one of these days), but CureIt has helped more than once cleaning infected computers, making fond of green...great tool!

-{ Quote: "I have never tried dr.web (maybe I will one of these days), but CureIt has helped more than once cleaning infected computers, making fond of green...great tool!" }-

and still haven't tried/bought Dr.Web ??? ??? ???

-{ Quote: "and still haven't tried/bought Dr.Web ??? ??? ??? " }-


No since I'm also happy with my current AV, had no infection on my laptop for a long time. I also moved to the Sandbox approach, so AV is just a tiny part of my setup.

Wow! I really like the good Dr.Web. Why have I waited so long is the question. :what:

-{ Quote: "Wow! I really like the good Dr.Web. Why have I waited so long is the question. :what:" }-

It's a great program.

I also like Dr. Web. What are your experiences with FPs?
Thanks.

little > none.

my fp experience is very minimal, in my whole history using drweb, i think it was a few sonic stage drivers, AOL and some dell drivers.


cant really think of anymore off the top of my head, not what id call many for the time ive been using it.

glad you have seen the light, maybe? Graystoke :D

I'm giving it a spin on my laptop and desktop at work, these days. So far I'm happy :)


Cheers

-{ Quote: "little > none.

my fp experience is very minimal, in my whole history using drweb, i think it was a few sonic stage drivers, AOL and some dell drivers.


cant really think of anymore off the top of my head, not what id call many for the time ive been using it.

glad you have seen the light, maybe? Graystoke :D" }-


C.S.J......I'm seriously considering purchasing a license. I started up the computer this morning, and Dr.Web loaded quickly, and Firefox opened very quickly, something it hasn't been doing lately with a couple of other AVs. The only thing that I can see as a small draw back, is the length of time a full system scan takes. Are there any plans to speed that up in the next version?

I have another question about scanning configuration, but will ask that at another time. I need to run some errands, and will be back later.

-{ Quote: "C.S.J......I'm seriously considering purchasing a license. I started up the computer this morning, and Dr.Web loaded quickly, and Firefox opened very quickly, something it hasn't been doing lately with a couple of other AVs. The only thing that I can see as a small draw back, is the length of time a full system scan takes. Are there any plans to speed that up in the next version?

I have another question about scanning configuration, but will ask that at another time. I need to run some errands, and will be back later." }-
after one full scan is made, you can untick both archives and mails to improve the speed, you will lose no security if one full scan has already been made.

yes, there is a new engine for v5 which will/should be faster, but until the beta arrives, this is guesswork.

V5 is currently in alpha testing, which sadly we cant use.

i do weekly scans and it aint too bad, and if i need to do one for any reason through the week, its only an express one, which is much faster (especially with mails and archives unticked)

good luck to ya.


---
see here: Drweb Settings + Information (http://www.wilderssecurity.com/showthread.php?t=197854)

This is the problem I'm having. When I run either a manual or scheduled scan, the scan GUI opens and there is a dot next to Express Scan. Everything is grayed out so I can't make any changes unless I terminate the scan. I put a dot next to Custom Scan, and clicked save settings. The next time I ran the scan, it was back to Express Scan and everything grayed out again. The strange thing is, even with Express Scan checked, it still ran a Complete Scan.

I just started a manual scan with the dot in Express Scan. The scan completed in 44 seconds. I now have put a dot in Custom Scan, and I'm running that. I'm curious to see what happens.

When you run the scanner it will do an initial scan first, during this you cannot select express/complete etc

After this initial scan that should take less than 2 minutes, you will be able to make your choice.

If you wish to select a schedule scan, add either /full or /fast to the argument part of the scheduler for either complete or express scan (see my thread above)

Any further help needed, just send me a pm.

I donot use dr.web antivirus but i often use Cure it . I distributed it among my friends and it was really effective . However it seems that the Dr does not like artworks . last time (well about 1 week ago ) it detected INKSCAPE and PAINT.net as some kind of trojan . Well i don't bother with false positives . Simple commonsense is enough to differntiate between positives and false positives .

having just checked paint.net, zero files were detected, cant be bothered checking the other, i shall leave that up to someone else. :D

maybe it was one of the corrected add-ons (http://info.drweb.com/show/3287/en) that have just been released.

or maybe it was infected...

-{ Quote: "When you run the scanner it will do an initial scan first, during this you cannot select express/complete etc

After this initial scan that should take less than 2 minutes, you will be able to make your choice.

If you wish to select a schedule scan, add either /full or /fast to the argument part of the scheduler for either complete or express scan (see my thread above)

Any further help needed, just send me a pm." }-


Thanks C.S.J. I will give your instructions a try tomorrow. If I run into any problems, I'll pm you.

-{ Quote: "having just checked paint.net, zero files were detected, cant be bothered checking the other, i shall leave that up to someone else. :D

maybe it was one of the corrected add-ons (http://info.drweb.com/show/3287/en) that have just been released.

or maybe it was infected..." }-

Thanks Chris for your effort . My cureit is about 19 days old . As i am a dial up user , can't download it everyday :'(

Well 031, the Inkscape folder came clean for me using Cureit.

It's green alright, as in EXPENSIVE..

A two user one year license is $65 US Dollars?

I'll stick with what I got..

Jim

-{ Quote: "It's green alright, as in EXPENSIVE..

A two user one year license is $65 US Dollars?

I'll stick with what I got..

Jim" }-

Really, where did you get that from? Over here (http://www.freedrweb.com/migrate/) tiy can get a two year 1 user license for $28, which would be $56 for 2 users 2 years with the migration discount. I assume you can take advantage of this because you have another current AV. The only deal better than this is F-pro (5 users @ $29).

I found Dr.Web to find far too many false positives on a known clean PC.

Dr.Web has also missed 9/10 Adware/Spyware samples. Web scanning was also quite hit and miss with Adware/Spyware not being detected.

I don't see any light green lights. Only an average Antivirus Scanner. :thumbd:

-{ Quote: "Well 031, the Inkscape folder came clean for me using Cureit." }-

Glad to know that the problem is fixed :)

-{ Quote: "Really, where did you get that from? Over here (http://www.freedrweb.com/migrate/) tiy can get a two year 1 user license for $28, which would be $56 for 2 users 2 years with the migration discount. I assume you can take advantage of this because you have another current AV. The only deal better than this is F-pro (5 users @ $29)." }-

Thanks, How much is a 3 user 1 year license? I went to their site and did a Euro conversion...
Thanks...
Jim

-{ Quote: "I found Dr.Web to find far too many false positives on a known clean PC.

Dr.Web has also missed 9/10 Adware/Spyware samples. Web scanning was also quite hit and miss with Adware/Spyware not being detected.

I don't see any light green lights. Only an average Antivirus Scanner. :thumbd:" }-
probably your illegal keygens? :)

any evidence for what drweb has supposed to have missed?

how did you check that it had missed them?

-{ Quote: "It's green alright, as in EXPENSIVE..

A two user one year license is $65 US Dollars?

I'll stick with what I got..

Jim" }-

Drweb

1 year / 1 user: £16.73 (£8.36 with discount)
2 year / 1 user: £26.76 (£13.37 with discount)

1 year / 2 user: £32.81
2 year / 2 user: £50.18

* FREE Drweb for Mobile included with all licences

Nod32

1 year / 1 user: £26.99
2 year / 1 user: £38.99

1 year / 2 user: £36.99
2 year / 2 user: £54.99

Cheapest Deal:

1 Year / 1 User: £8.36 / £26.99 = Saving £18.63 - Drweb gives you a 69% saving in comparison to Nod32.
2 Year / 1 User: £13.37 / £38.99 = Saving £25.62 - Drweb gives you a 66% saving in comparision to Nod32.

............ not really what i would call 'expensive'

-{ Quote: "I found Dr.Web to find far too many false positives on a known clean PC.

Dr.Web has also missed 9/10 Adware/Spyware samples. Web scanning was also quite hit and miss with Adware/Spyware not being detected.

I don't see any light green lights. Only an average Antivirus Scanner. :thumbd:" }-

What do you find superior and/or what do you use?

Drweb

1 year / 1 user: £16.73 (£8.36 with discount)
2 year / 1 user: £26.76 (£13.37 with discount)

1 year / 2 user: £32.81
2 year / 2 user: £50.18

* FREE Drweb for Mobile included with all licences

Nod32

1 year / 1 user: £26.99
2 year / 1 user: £38.99

1 year / 2 user: £36.99
2 year / 2 user: £54.99

Avira PE

1 year / 1 or 2 user £19.95
2 year / 1 or 2 user £32.95

wow, beats them both, in oh so many ways.;)

not with the discount it doesnt trjam.

and aint you also forgetting the the money you need to add one for a donation?

Avira:

1 year / 1 user: £19.06

Drweb:

1 year / 1 user: £16.73 (£8.36 with discount)

meaning, Drweb is 56% cheaper than Avira on the same package, or do they offer a 50% discount too?... is so, Drweb is still 6% cheaper :D

-{ Quote: "Drweb

1 year / 1 user: £16.73 (£8.36 with discount)
2 year / 1 user: £26.76 (£13.37 with discount)

1 year / 2 user: £32.81
2 year / 2 user: £50.18

* FREE Drweb for Mobile included with all licences

Nod32

1 year / 1 user: £26.99
2 year / 1 user: £38.99

1 year / 2 user: £36.99
2 year / 2 user: £54.99

Avira PE

1 year / 1 or 2 user £19.95
2 year / 1 or 2 user £32.95

wow, beats them both, in oh so many ways.;)" }-

Haha
I guess Nod is the biggest loss here?

:dry: Avira doesn’t think in terms of 1 user, a license is good for 2. So in theory you are correct, but from a value stand point, incorrect.

-{ Quote: ":dry: Avira doesn’t think in terms of 1 user, a license is good for 2. So in theory you are correct, but from a value stand point, incorrect." }-
I know but I always look at values

-{ Quote: ":dry: Avira doesn’t think in terms of 1 user, a license is good for 2. So in theory you are correct, but from a value stand point, incorrect." }-
whether they are allowing you to use it on 2 is their fault, i could probably use my drweb key on more than 1 too.

the prices shown are the prices valid,

56% cheaper than Avira
69% cheaper than Nod32.

sorry for posting this, just had to when i hear 'expensive' for Drweb. *lol*

:D

peace.

-{ Quote: "
1 year / 1 user: £16.73 (£8.36 with discount)

meaning, Drweb is 56% cheaper than Avira on the same package, or do they offer a 50% discount too?... is so, Drweb is still 6% cheaper :D" }-
That one word holds true. LOL

Cheers

-{ Quote: "That one word holds true. LOL" }-
maybe to you, but your argument is wearing thin now because you just lost on your little pricing game :D

Just having some fun Chris.;) Red or Green, it doesnt matter. They are both the colors of Christmas.;)

-{ Quote: "Just having some fun Chris.;) Red or Green, it doesnt matter. They are both the colors of Christmas.;)" }-
i know you are, and im having a little back ;)

remember though, this is a Drweb thread, not an Avira one. :D

-{ Quote: "i know you are, and im having a little back ;)

remember though, this is a Drweb thread, not an Avira one. :D" }-
then you should delete your references to Eset.:dry:

Come on guys-both are superior AVs (Avira & Dr. Web). No need to be contentious or my bullwhip (see avatar) will come in handy! :D :D

-{ Quote: "then you should delete your references to Eset.:dry:" }-
nah, if i really wanted it changed, it just would be easier for me to put you on ignore :D

swings and roundabouts, i could easily do the same and invade the avira ones too :D

come on guys back on topic FWIW pricing shouldn't have anything to do with protection as anyone's info & personal files are beyond pirice

-{ Quote: "Come on guys-both are superior AVs (Avira & Dr. Web). No need to be contentious or my bullwhip (see avatar) will come in handy! :D :D" }-
Haha
I guess all three are great..
Buck just changed from the Dr. to Avira I see?

-{ Quote: "Haha
I guess all three are great..
Buck just changed from the Dr. to Avira I see?" }-

I alternate between the two and never had malware since I stated using PCs in 1980 (Apple). So they, and their predeccessors (Norton, Trend Micro, McAfee, etc) kept malware off my computers. My view is that the fear of infection is about 3% factual and 97% paranoiac. But, I cover my ass with good AVs for that 3% possibility. But even if system gets trashed with something that gets by, I just use a clean Acronis image and restore to non-malware state. Easy policy- works for me and anyone else if they want to try it!

-{ Quote: "come on guys back on topic FWIW pricing shouldn't have anything to do with protection as anyone's info & personal files are beyond pirice" }-
Yes, but pockets do have varying densities, for example there are a couple of products I'd really like to use but cannot due to prohibitive price :)

-{ Quote: "Yes, but pockets do have varying densities, for example there are a couple of products I'd really like to use but cannot due to prohibitive price :)" }-

With the downtrend in tech stock prices in the US, we will probably see AV programs from US makers drop a lot in price. That will pressure non-domestic to lower their prices as well. I would not be surprised to see AV prices drop 60% or more over the next year. So many will be more affordable for all.

-{ Quote: " we will probably see AV programs from US makers drop a lot in price. That will pressure non-domestic to lower their prices as well. I would not be surprised to see AV prices drop 60% or more over the next year. So many will be more affordable for all." }-

As far I am concerned every AV is cheap. Look what you pay for 1 day protection.

The full monty for the doctor is € 21,84. This is 6 eurocents for a day protection. Can't buy a beer for that :o

-{ Quote: "Yes, but pockets do have varying densities, for example there are a couple of products I'd really like to use but cannot due to prohibitive price :)" }-
would you mind telling us which ones? ;D

I tired it but cant stand the GUI. its really odd.

-{ Quote: "would you mind telling us which ones? ;D" }-
BullGuard, F-Secure, Panda, Trend, all good products but unfortunately way too costly for my pockets :(

After reading this thread I couldn't resist and installed Dr. Web this morning. After using KIS 7 I thought Avira was light but the Dr. is definitely quicker, at least on my PC. Now if I can just get comfortable with some of the test reports on Dr. Web like AV-Comparatives...

Maybe you have seen the light and it is green for you =)
But for my its pretty black the light :(
I read something i dont remember where and it really maked me thoughtful.
I think it wrote like: Do you think Microsoft has some file inivisible or not on XP or Vista thats file will spy on your PC, and that file will never be Detected by any antivirus because its a Copyright Microsoft file.
This made my think twice, what if there is a file on: C:\windows\system32 or somewhere else that Microsoft can see what you have been thru on your PC, thats very serious :(.
What do you guys think?

-{ Quote: "After reading this thread I couldn't resist and installed Dr. Web this morning. After using KIS 7 I thought Avira was light but the Dr. is definitely quicker, at least on my PC. Now if I can just get comfortable with some of the test reports on Dr. Web like AV-Comparatives..." }-

It depends on how much credence you give to AV-Comparatives. There are other tests that show Dr. Web is very effective both short and long term. At shadowserver for example, Dr. Web is just behind Avira in 4th place on a year basis. I also use Premium Avira about half the time, and I think Dr. Web and Avira are nearly equal in detection, with Dr. Web superior in terms of cleaning ability. I have never had malware infect my systems with either AV (or any other for that matter), so I use what is the lightest on my machines (Dr. Web).

http://www.shadowserver.org/wiki/pmwiki.php?n=Stats.VirusYearlyStats

-{ Quote: "Maybe you have seen the light and it is green for you =)
But for my its pretty black the light :(
I read something i dont remember where and it really maked me thoughtful.
I think it wrote like: Do you think Microsoft has some file inivisible or not on XP or Vista thats file will spy on your PC, and that file will never be Detected by any antivirus because its a Copyright Microsoft file.
This made my think twice, what if there is a file on: C:\windows\system32 or somewhere else that Microsoft can see what you have been thru on your PC, thats very serious :(.
What do you guys think?" }-

I think you are too paranoid. Microsoft is not smart enough to pull it off relative to those of us that would find out. Microsoft produces mediocre software for the masses, but they are master marketers. You can always use another operating system.

-{ Quote: "
I read something i dont remember where and it really maked me thoughtful.
I think it wrote like: Do you think Microsoft has some file inivisible or not on XP or Vista thats file will spy on your PC, and that file will never be Detected by any antivirus because its a Copyright Microsoft file.
" }-

What was the answer then ?

What is the connection in particular with Dr.Web ?

-{ Quote: "It depends on how much credence you give to AV-Comparatives. There are other tests that show Dr. Web is very effective both short and long term. At shadowserver for example, Dr. Web is just behind Avira in 4th place on a year basis. I also use Premium Avira about half the time, and I think Dr. Web and Avira are nearly equal in detection, with Dr. Web superior in terms of cleaning ability. I have never had malware infect my systems with either AV (or any other for that matter), so I use what is the lightest on my machines (Dr. Web).

http://www.shadowserver.org/wiki/pmwiki.php?n=Stats.VirusYearlyStats" }-
you should remember that shadowserver still use 4.33 without .orgin detections, and without the shield technology for rootkits and complicated malware, yet still fares good results.

also remember, that drweb does not have different levels of heuristics, what you see is what you get, no testing on one level and users use a different one, the results you see are the results everyone should get.

-{ Quote: "without the shield technology for rootkits and complicated malware" }-
It wouldn't make a difference, because it's a honeypot (flat file scanning)

-{ Quote: "It wouldn't make a difference, because it's a honeypot (flat file scanning)" }-
but believe me, the .origin detections add ALOT to the overrall detection.

and would especially help for the kind of testing that shadowserver does.

i did try emailing but i guess they dont reply to the joe-public.

The .origin may add to the detection (since it's a heuristic engine) but the rootkit shield will do nothing.
Runtime behaviour analysis (example: F-Secure DeepGuard) and file scanning technologies (raw disk access, etc) add nothing to the detection rates in flat file scanning of inactive samples.

-{ Quote: "The .origin may add to the detection (since it's a heuristic engine) but the rootkit shield will do nothing.
Runtime behaviour analysis (example: F-Secure DeepGuard) and file scanning technologies (raw disk access, etc) add nothing to the detection rates in flat file scanning of inactive samples." }-
i know, was simply saying what 4.44 offers and why i dont understand why they aint using it.

the results for drweb, although good....... should and would be better with 4.44, ive tried to email them with no luck, so maybe someone else should try.

-{ Quote: " Now if I can just get comfortable with some of the test reports on Dr. Web like AV-Comparatives..." }-

You should be comfortable with only 1 test: how does Dr.Web (or any other AV) protects "your real world". This is the only thing that matters.

To a lot of people AV comparatives seem to be the prima inter pares (if these are the words I'm looking for ::) ) in AV testing. Read some posts in this thread: http://www.wilderssecurity.com/showthread.php?t=199292&highlight=Dr.Web from people "in the field" who have a different opinion :o about AV comparatives (if the thread is too long for you start somewhere with post nr. 124).

In the opening of this thread I gave two links to test sites that show different results for Dr.Web then AVC. ;)

-{ Quote: "i know, was simply saying what 4.44 offers and why i dont understand why they aint using it. " }-
They should be using 4.44 indeed.

-{ Quote: "You should be comfortable with only 1 test: how does Dr.Web (or any other AV) protects "your real world". This is the only thing that matters.

To a lot of people AV comparatives seem to be the prima inter pares (if these are the words I'm looking for ::) ) in AV testing. Read some posts in this thread: http://www.wilderssecurity.com/showthread.php?t=199292&highlight=Dr.Web from people "in the field" who have a different opinion :o about AV comparatives (if the thread is too long for you start somewhere with post nr. 124).

In the opening of this thread I gave two links to test sites that show different results for Dr.Web then AVC. ;)" }-

Thanks for the interesting and long read. The large disparity in some of the different tests certainly makes one question the methodologies. That is why it is good to get opinions from folks here at Wilders who have actually used the software on a daily basis.

I also agree that what works in each users real world is what counts. The problem is that most people are ill prepared to find out they made the wrong choice. Unlike those who frequent Wilders and other security forums, they don't have images and/or snapshots to fall back on if their PC gets completely screwed up. So, the masses will continue to rely on published test reports or simply buy from the big names they have heard for years. Testing standards are obviously sorely needed.

KIS, plus other things has kept me malware free for years. Unfortunately that has come with a performance price that I find increasingly bothersome. That is why I originally switched to Avira PE Premium. Still a highly rated AV from every source that I can find but with much better performance on my PC's. Now that I have installed Dr. Web, it is obvious that I cannot tolerate the performance hit from KIS. So, I guess I just have to make a choice and make sure I have numerous images and snapshots to get me out of trouble, if needed. I did try NOD32 V3 but I got infected fairly quickly and ShadowProtect fixed the problem in about 20 minutes.

I attempted to try out the demo twice.

1st- Install did not install all the components, only the spider mail tray icon appeared after a reboot. Any attempt to uninstall triggered an install. ??? what the hell that is about, Im not sure. Had to use System Restore to get it off the pc.

2nd- After the System Restore got me back to no AV again. I installed a 2nd time and the whole AV installed, but during install a scan started. When the scan finished, no close, next or any button of the kind, Had to hit the X in the top corner to close it out and then rebooted. After a reboot, it disabled my fingerprint logon scanner, crashing both modules of it. After I manually logged in with my password, Vista loaded up as usual. Dr. Web tray icon is there, but a hover does not trigger any title. Left click, right click, nothing happens.

Uninstall worked this time. Needs more work. :thumbd:

-{ Quote: "I attempted to try out the demo twice.

1st- Install did not install all the components, only the spider mail tray icon appeared after a reboot. Any attempt to uninstall triggered an install. ??? what the hell that is about, Im not sure. Had to use System Restore to get it off the pc." }-

If you had another Antivirus on your computer, did you made sure it was uninstalled completely?

-{ Quote: "

2nd- After the System Restore got me back to no AV again. I installed a 2nd time and the whole AV installed, but during install a scan started. When the scan finished, no close, next or any button of the kind, Had to hit the X in the top corner to close it out and then rebooted. " }-
well, yes.

it does a scan during installation, when its finished, close the scan and you will be able to click the next part. (you dont have to wait for this scan to finish, just click close after its done its pre-scan)

-{ Quote: "you should remember that shadowserver still use 4.33 without .orgin detections, and without the shield technology for rootkits and complicated malware, yet still fares good results.

also remember, that drweb does not have different levels of heuristics, what you see is what you get, no testing on one level and users use a different one, the results you see are the results everyone should get." }-

Yes Chris, you are correct and I failed to point this out.

-{ Quote: "i know, was simply saying what 4.44 offers and why i dont understand why they aint using it.

the results for drweb, although good....... should and would be better with 4.44, ive tried to email them with no luck, so maybe someone else should try." }-

I'll email them. I will tell them who I really am :o and maybe they will change to 4.44.

I sold out.:dry:

Actually I bought out. The Web is nice.:thumb:

-{ Quote: "I sold out.:dry:

Actually I bought out. The Web is nice.:thumb:" }-

Congrats- you chose wisely. I think as I have mentioned elsewhere, that detection is about as good as Avira, but clean-up (if you ever need it) is much better. Also, it runs just a bit lighter on my machines than Avira.

-{ Quote: "I sold out.:dry:

Actually I bought out. The Web is nice.:thumb:" }-

Let's see how many hours it'll last on your comp, Jeff.
Shall we say 12...maybe 16 ;D


Cheers

well, I am not going to hype, or act as I did with Avira. Just decided to make a change, and the reality is, it is only a security product. It isnt like I bought a new house. They are both good, as just about all. So yeah the avatar may have changed, but I did to some, on all of this stuff.

-{ Quote: "Let's see how many hours it'll last on your comp, Jeff.
Shall we say 12...maybe 16 ;D


Cheers" }-
I totally deserve that and my actions are stupid. Lets see if old habits can be broken.:thumb:

-{ Quote: "If you had another Antivirus on your computer, did you made sure it was uninstalled completely?" }-

Yep. I'll now ask this: Is Dr Web 4.44 ready for Vista Business 32 bit? If I can get a confirmation that another has it installed and works, I'll try it again. The inactive tray icon puzzles me beyond belief.???

I gave a 3rd try and its installed and working good so far. First thoughts are its a tad heavier on my system than Avira. I'll give it a whirl for a week or two and see how it goes.

-{ Quote: "I gave a 3rd try and its installed and working good so far. First thoughts are its a tad heavier on my system than Avira. I'll give it a whirl for a week or two and see how it goes." }-
have you even tried Support (http://support.drweb.com/new/)?

The Vista version works on all Vista Versions,

and working very well here, from day 1, with no problems :D

198355

FYI - Absolutely no way heavier than Avira, Drweb is the lightest available.

sorry, but Dr Web is just some cheap ass software. They can keep my money for all I care. Way to many false positives. There is no way someone can say this is better then Eset or Avira. Sorry Chris, I have all the respect in the world for you, but now I really know why they dropped out of AV Comparitives.:thumbd:

Sorry to hear that you dislike the doctor that much. I have absolutely nothing to put on it, that's just my opinion.
Well...it was almost six hours it lasted on your comp, Jeff :)


Cheers

-{ Quote: "but now I really know why they dropped out of AV Comparitives.:thumbd:" }-
no, you dont.

have you asked your friends at avira if they analyze the samples they get from av-comparatives, or do they simply just add them?

you already know the answer.

but then again, it was expected that you would change your AV already, im guessing a new one tomorrow, then another on tuesday etc.

zero loyalty, and probably why your opinions will get dismissed, as your view will change everyday.

but for general curiosity, what are these false positives?

Folks,

Time to tone down the personally directed rhetoric and perhaps perform something of a reality check.

First of all, it is difficult to develop an informed opinion on any product in a short amount of time. You'll be able to quickly discern some operational characteristics and whether it tends to follow a usage scheme that either makes sense or is one to which you are already accustomed, but beyond saying "not for me", I really don't feel that the analysis is generally applicable to other users or potential users. Heck, I tend not to comment on anything that I haven't used extensively for a few days, and it's much more typically a few weeks. I simply don't feel equipped to discuss the matter prior to that point in time.

Second, the various test protocols around capture some partial dimension of performance. Unfortunately, the details of those dimensions, objectively speaking, remain somewhat obscure with respect to actual field use performance. Further, we can see where intercomparison of controlled tests (say http://www.av-comparatives.org) with rather uncontrolled ones (for example http://www.shadowserver.org/wiki/) can lead to rather different views of field use effectiveness. I have no idea whether these evaluations are simply equivalent snapshots of very partial aggregates of overall performance attributes or if one is more reflective of the specific traits that I'd like to possess in a product.

Finally, while false positives are a genuine issue, context is important. Many of the false positives that I've seen on my own machines look perfectly appropriate to me. They generally involve applications that employ functionality which could be readily employed for malicious purposes in a piece of malware (e.g. low level direct disc access, network monitoring, etc.). Yes, they are false positives, but I understand the origin of the alert and that can be part and parcel with proactive notification strategy pursued by the vendor.

As for "which is better"...., we're not playing that game folks unless it's backed up with some detailed analysis.

Blue

Had a few false positives since the day I started using Dr.Web(last september), submitted the files and all have been fixed in 24h. I like aggressive heuristics because I'm capable of "analyzing" the files myself if they are malware or not. That aggressiveness can save my day sometime. I have the magnifying glass and dr.web is just doing some occasional suggestions. :D

-{ Quote: "sorry, but Dr Web is just some cheap ass software. They can keep my money for all I care." }-

This is not very serious trjam.:-\ How long you had it install by the way?

-{ Quote: "This is not very serious trjam.:-\ How long you had it install by the way?" }-
i think he has just done a full system scan, thats all.

it was only a matter of hours before he posted back, he could have found it all the same way by using Cure It. (without purchase)

maybe he is just having a bad day :D

-{ Quote: " my actions are stupid" }-

you said it yourself trjam. Who am I to disagree ? ;D ;D ;D

TrustPort replaced Bitdefender with Dr. Web this year,
as one of it's 4 engines (others are Norman,AVG,Ewido)
so i am very curious to see the results with the new av-comparatives which
will have TrustPort tested with Dr. Web included now, hope it will finish just as good as the last On-Demand test. (it found most malware then)

So far I love it, minus one small detail. I have been running a complete system scan for over 3 hours and 30 min (and counting @ 87% lol). For the love of god man, does it scan by the bit? ;D

No problems with the scan time really, just means its doing a thorough job. I normally run the weekly while I am in bed and the computer is not in use.

I'll repost after the scan is over, no telling when, since its been on my data drive for the last 2 hours, with any news worth noting(FP, etc) :P

I was out of line today, sorry.:'(

-{ Quote: "I was out of line today, sorry.:'(" }-

Hey, we all have them days buddy. Your still a good friend in my book. You don't give any AV a free pass. That means something to me. :thumb:

-{ Quote: "I was out of line today, sorry.:'(" }-

IMO,you were not that out of line, you hit the nail right on the head.

The scan finished after 5 or 6 hours, lol. Only files reported were a hand full of *.reg files that were backups created by SpyBot's latest version. No FP and that is impressive since both Avira and NOD32 found at least two or more in my drives. Avira had never found a FP on here until today this morning during a scan before I awoke. How ironic since I was ready to install the new Dr Web. :o The FP had been on here for over 3 months, btw, in a program files folder of an app installed since last year. Just a recent update in the last week caused the report.

Im happy with Dr Web and Comodo V3 on here now. :thumb:

-{ Quote: "The scan finished after 5 or 6 hours, lol. " }-

Now you have run a full scan you can untick both "archives" & "mails"
this will improve scanning speed.

I'm not sure, but I'd guess it just doesn't have any limit in how deep to scan if an archive is inside of an archive and that archive contains archives and so on ->

(I remember atleast trend micro having somekind of option to choose how deep to scan similar packages)

I have a folder on the backup disk labeled ISO'z and it has an iso of nearly all the data cd's I have for this pc saved in there. Im sure that contributed to most of the scanning. I forgot about that until I looked in there to see what could have taken so long.

-{ Quote: "I have a folder on the backup disk labeled ISO'z and it has an iso of nearly all the data cd's I have for this pc saved in there. Im sure that contributed to most of the scanning. I forgot about that until I looked in there to see what could have taken so long." }-

That might be a bit problematic to exclude .. unless you are sure that you don't backup malware. :o

Sure he can, now its scanned, just exclude that folder in the scanner settings ;)

Nothing problomatic about it ;)

-{ Quote: "Sure he can, now its scanned, just exclude that folder in the scanner settings ;)

Nothing problomatic about it ;)" }-


.. It depends if it's automated backuping(or manual)that overwrites the old backup and if it's full system backup or some movies and mp3's. The new backup can contain malware that drw doesn't detect yet and will get restored if backups are are used.

Having read this thread I thought I would give cure it a go. Not sure how I tell if it is any good ? like all other av programs I have tried it found nothing. Not sure how to evaluate a program that finds nothing if there is nothing there to find.
Certainly running cure it once or twice a year can do no harm but I don't feel that I have been on the road to Damascus.

-{ Quote: " Not sure how to evaluate a program that finds nothing if there is nothing there to find.
" }-

where is the logic in evaluating a program on a system if you know that this system is "clean" ? ???

-{ Quote: "where is the logic in evaluating a program on a system if you know that this system is "clean" ? ???" }-


LOL - If logic came into the equation a lot less security software would be used.
My systems have always been clean - but to be fair to those who see AV, AS... etc as necessary I do run any checks as and when and never find anything. It could be that my machines are contaminated and that the programs I have tried
have missed the problem, or it could be that I am in a minority and that most machines are full of spyware etc or it could be that too much is made of the real risks ?

You could always use Winantivirus if you want results!

Your looking at it the wrong way long view, drweb don't need to prove the cleaning/curing ability, its 2nd to none.

You should be impressed that no fps were found ;)

I forgot to mention I should just exclude two whole partitions all together according to the advice you guys are giving. Nothing goes on either the data or the backup drives until after its on the drive that Dr Web resides and scans it first.

-{ Quote: "I forgot to mention I should just exclude two whole partitions all together according to the advice you guys are giving. Nothing goes on either the data or the backup drives until after its on the drive that Dr Web resides and scans it first." }-
you can exclude whatever you like from the scans, the choice is purely yours :)

-{ Quote: "I attempted to try out the demo twice.

1st- ...only the spider mail tray icon appeared after a reboot. Any attempt to uninstall triggered an install. ??? ....

Uninstall worked this time. Needs more work. :thumbd:" }-

I've wound up at Wilder's wanting to get information about the various AV programs. I tried Dr. Web based on some comments here.

Anyway, I had the exact same problem. I managed to get it uninstalled and then went looking elswhere. If I need to wrestle with a program to get it working, it's not going to win any confidence points from me ;)

At any rate, just wanted to say that Eliot wasn't the only one with the problem.

-{ Quote: "you can exclude whatever you like from the scans, the choice is purely yours :)" }-

Obviously ;D I was taking the advice given from existing Dr. users that knew more about it than I. :D If excluding the two root drives described above seems to be ok to you, do you think it would be safe? I will say again, nothing gets written to either of those drives unless it gets written and read from another drive first, meaning real time has already scanned it.

-{ Quote: "Your looking at it the wrong way long view, drweb don't need to prove the cleaning/curing ability, its 2nd to none.

You should be impressed that no fps were found ;)" }-

In 12 years of looking FPs are all that I have ever managed to find - so yes cure it didn't find any fps. I ran it on 2 other machines with the same results. Apart from real time "protection" which I would never use is there anything better about the paid for drweb ?

I ran Dr. Web Cure-It and it found 1 infection, but it was a false positive. Hope it isn't the norm. :-\

-{ Quote: "LOL - If logic came into the equation a lot less security software would be used.
My systems have always been clean - but to be fair to those who see AV, AS... etc as necessary I do run any checks as and when and never find anything. It could be that my machines are contaminated and that the programs I have tried
have missed the problem, or it could be that I am in a minority and that most machines are full of spyware etc or it could be that too much is made of the real risks ?" }-

I think and have said many times in this forum that much too much is made of the alleged risks. I have never had a a worm/virus/malware invade my machines in 28 years of using PCs. I am also a high risk surfer. This place is for the paranoid. Not to say there are not real threats, but the user is about 99% of the equation. If the user is not foolish, infection is unlikely.

-{ Quote: "I've wound up at Wilder's wanting to get information about the various AV programs. I tried Dr. Web based on some comments here.

Anyway, I had the exact same problem. I managed to get it uninstalled and then went looking elswhere. If I need to wrestle with a program to get it working, it's not going to win any confidence points from me ;)

At any rate, just wanted to say that Eliot wasn't the only one with the problem." }-

I have tested virtually all AVs, and Dr. Web is tied with Avira for ease of installation and uninstallation. If you are having problems, there is likely either another program or programs causing issues, or you are making some kind of removal error. Use CCleaner and safely cleanse your registry if you uninstall Dr. Web, and delete the Dr. Web folder that is left behind. There should be no wrestling with Dr. Web to install or to take off of your machine.

-{ Quote: "I ran Dr. Web Cure-It and it found 1 infection, but it was a false positive. Hope it isn't the norm. :-\" }-


It is the norm here.Not worth the bother. Look elsewhere.

Just found my first false positive (in years) with DrWeb.
Was fixed within 13 hours.

-{ Quote: "It is the norm here.Not worth the bother. Look elsewhere." }-
sure it is ... LOL

And im sure you will use the utility whenever your system needs cleaning, that's the norm.

FPs wouldn't be that big of any issue with Dr Web if there was any sort of quarantine with it. That has been a major problem for years. I know, I know it'll be in version 5. But with no timetable on when to expect it I'm beginning to wonder if it even exists.

-{ Quote: "sure it is ... LOL

And im sure you will use the utility whenever your system needs cleaning, that's the norm." }-



Wrong.I have replaced cureit with the kaspersky tool a long time ago. Do you really enjoy making an ass of yourself every time you post ?

-{ Quote: "Wrong.I have replaced cureit with the kaspersky tool a long time ago. Do you really enjoy making an ass of yourself every time you post ?" }-
personal remarks are forbidden ;D

-{ Quote: "Do you really enjoy making an ass of yourself every time you post ?" }-Personal insults are unnecessary & can cause threads to be closed by Wilders mods. Please desist. :thumbd:

I have now bought a license key for Dr.Web to my laptop. I have used the trial for some weeks, and I'm really impressed by it's performance. I usually not buy antivirus software, but this time I was very impressed that I had to have a license.

I usually just use the software I get from my ISP, which is Norman and are used on my main computer, or free ones. But this time I wanted to try something new, and support antivirus vendors. So my laptop has got a new antivirus - Dr.Web.

I hope I do not regret it! So far, I do not.

-{ Quote: "I have now bought a license key for Dr.Web to my laptop. I have used the trial for some weeks, and I'm really impressed by it's performance. I usually not buy antivirus software, but this time I was very impressed that I had to have a license.

I usually just use the software I get from my ISP, which is Norman and are used on my main computer, or free ones. But this time I wanted to try something new, and support antivirus vendors. So my laptop has got a new antivirus - Dr.Web.

I hope I do not regret it! So far, I do not." }-
:thumb:

laptops, its what i use mine on. ;)

welcome to the green club :D

Thank you Chris! :)

How long have you been with Dr.Web? I just get a feeling that you have supported them some time.

I have used CureIt! for some time, but finally I got chance to test out the real thing. And are there some settings I should use, or are the default ones ok?

-{ Quote: " And are there some settings I should use, or are the default ones ok?" }-

Jadda, please see this (http://www.wilderssecurity.com/showthread.php?t=197854&highlight=configuration) post for your Dr Web settings. Chris was very thorough with it.

It is worth mentioning that there are very few, if any changes that need to be made from the defaults in order to get 'good' protection. Some users enable archive scanning within SpiderGuard, as I do. Also, if you want to enable the deleting of malware within archives you will need to edit the drweb32.ini; change EnableDeleteArchiveAction = No to EnableDeleteArchiveAction = Yes

Thanks for the tip and the link for the thread! I'll go through it now. I appreciate it.

-{ Quote: "Also, if you want to enable the deleting of malware within archives you will need to edit the drweb32.ini; change EnableDeleteArchiveAction = No to EnableDeleteArchiveAction = Yes" }-
It's enable the deleting of whole archive if some malware within it.

-{ Quote: "It's enable the deleting of whole archive if some malware within it." }-

That's true. That's better than having malware on your system though.

Hi everybody!
OK, after reading these posts about Dr.Web I've decided to give it a try, so today I downloaded the trial version and so far so good ;)
works very well, although I wonder why it came with spidermail module when I specifically chose just av part (without antispam).
Anyways, just unclicked on "load on startup" in the spidermail icon so that's hopefully out of the way.
Cheers

-{ Quote: "Hi everybody!
OK, after reading these posts about Dr.Web I've decided to give it a try, so today I downloaded the trial version and so far so good ;)
works very well, although I wonder why it came with spidermail module when I specifically chose just av part (without antispam).
Anyways, just unclicked on "load on startup" in the spidermail icon so that's hopefully out of the way.
Cheers" }-

spidermail checks your email.

in the trial period you can use "check for spam"
(spidermail settings > scan), if I remember well.

when you buy the program (antivirus for windows only) the "check for spam"
option is disabled

Ok, good to know, but I disabled it 'cause it took a lot of memory (something close to 54 MB) and 'cause I don't need mail scanner.

-{ Quote: "Ok, good to know, but I disabled it 'cause it took a lot of memory (something close to 54 MB) and 'cause I don't need mail scanner." }-
spidermail should take between 20-25 only,

instead of disabling, you should disable the option during installation, and it wont be installed.

just reclick the installation, click Modify and untick Spidermail, this will save you un-installing all of drweb just to remove one feature.

Disabling it doesn't decrease protection.

Thanks for the info guys :thumb:

VB100 Results Overview: Doctor Web

25 Success / 23 Failure / 8 No Entry

February 2008 - Doctor Web Dr. Web Antivirus for Windows Server
Status: FAIL
Failure reason: 4 wildlist misses

Actually it's the 5th Failure in the row since October 2006.

Not Great. I don't understand people who switch from an ESET product or Kaspersky product to this.

-{ Quote: "VB100 Results Overview: Doctor Web

25 Success / 23 Failure / 8 No Entry

February 2008 - Doctor Web Dr. Web Antivirus for Windows Server
Status: FAIL
Failure reason: 4 wildlist misses

Actually it's the 5th Failure in the row since October 2006.

Not Great. I don't understand people who switch from an ESET product or Kaspersky product to this." }-
Bad news for the Dr.
Although it's actually their Windows Server version what was tested.

-{ Quote: "Bad news for the Dr.
Although it's actually their Windows Server version what was tested." }-
Engine remains the same between the Windows desktop and Windows Server editions. However, I know from looking at tests that sometimes it is possible server version may miss a sample while desktop version may detect it, Virus Chaser might miss a sample while Dr.Web might catch it, etc. (in spite of having the same definition and engine updates) - So its no guarantee that the desktop version will not detect these samples.

-{ Quote: "

Failure reason: 4 wildlist misses

" }-

4 wildlist misses !? Unbelievable. What a thrash program. I'm gonna bin this Russian garbage immediately. ::)


-{ Quote: "
I don't understand people who switch from an ESET product or Kaspersky product to this " }-

I do understand this, and I understand this very well.
Hint: it has to do with protection in real life ;)

its not too bad, and there are
reasons curious, ones in sure you are aware of. ;)

April will see Av tested on vista Sp1, we should see if it still misses some on a desktop.

And I do not agree about the "it's not too bad" because while many people don't know or trust AV-C or Av-test or others, VB100 is actually something corporations and governement agencies look after(at least here).

-{ Quote: "Hint: it has to do with protection in real life" }-
Aren't the virus included in the wildlist actually "in the wild"? Meaning you can get infected in real life as they are out there, and not just in a lab.

Another recent convert to the good Dr.

:o :o :o :o :o

-{ Quote: ":o :o :o :o :o" }-


Don't act so suprised my friend.:D

Dr web cure it now detects pc tools firewall as malware . Hope this would be fixed soon .

Does anyone know the approximate turnaround time for unknown malware?

I know that about a year or so ago DrWeb had relatively fast response times for new malware. Now that I'm curious enough to try it again, all I seem to get is an automated response telling me my sample was received, and nothing beyond that. The old Virus Monitoring Service website also seems to have been pulled offline; I'm having trouble finding a link to it on the main page.

-{ Quote: "Dr web cure it now detects pc tools firewall as malware . Hope this would be fixed soon ." }-
strange,

i just checked it via drweb 4.44 and recieved no detections for pc tools firewall.

-{ Quote: "strange,

i just checked it via drweb 4.44 and recieved no detections for pc tools firewall." }-

May be you just checked the installation package . Pc tools firewall has two resident processes . Firewallgui.exe and FWservice.exe . During the express scan cure it detected both these processes as malware and suspended them.

-{ Quote: "During the express scan cure it detected both these processes as malware and suspended them." }-
I suppose it is Win32.SQL.Slammer :)
It isn't false positive. It's real exploit packet of Win32.SQL.Slammer in the process memory.

-{ Quote: "I suppose it is Win32.SQL.Slammer :)
It isn't false positive. It's real exploit packet of Win32.SQL.Slammer in the process memory." }-
Yes it was . Thanks for the explanation . Can you explain more ? Why there is a exploit packet in pctools firewall process ? :-\ :-\

-{ Quote: "Yes it was . Thanks for the explanation . Can you explain more ? Why there is a exploit packet in pctools firewall process ? :-\ :-\" }-
its the difference between a good flat-file scanner for testing, and proper protection :)

in wont have anything to do with pctools, but the malware has reached your machine undetected using avast? ... and the malware has targeted your running processes, in this case.. your firewall.

nasty stuff, did you let cureit cure it for ya?

-{ Quote: "Yes it was . Thanks for the explanation . Can you explain more ? Why there is a exploit packet in pctools firewall process ? :-\ :-\" }-
SQL.Slammer is an internet worm that exists solely in computer memory. In fact, it's a small internet data packet that never touches the hard disk. What ostensibly happened was that your firewall blocked the attack, but DrWeb reported that SQL.Slammer data existed in your firewall's memory process.

This is obviously a bad thing, because DrWeb triggered on an attack that had already been stopped, identified your firewall as the infection, and suspended your firewall. This is not a false positive per se, just poor handling of data.

-{ Quote: "This is obviously a bad thing, because DrWeb triggered on an attack that had already been stopped, identified your firewall as the infection, and suspended your firewall. This is not a false positive per se, just poor handling of data." }-
Yes, Dr.Web has this problem with PC Tools and LnS (http://www.wilderssecurity.com/showthread.php?t=200103) firewalls (http://www.wilderssecurity.com/showthread.php?t=54964).
SQL Slammer (http://en.wikipedia.org/wiki/SQL_slammer_worm) is stopped by every firewall and it can't do any harm because it targets a server-only app (it doesn't exist on home setups) which has been patched in 2002.

its not a problem,

the firewall may block the threat, but its still in running memory processes.

alot of AVs dont even scan memory, or efficiantly i should say.

cureit was picking up on the threat, as it still resides in your memory.

its not a problem, or an FP.

-{ Quote: "its not a problem,

the firewall may block the threat, but its still in running memory processes." }-
When it's blocked by a firewall, it's effectively neutered and completely harmless. Not so harmless, however, is your firewall being suspended by an antivirus because the antivirus believes that your firewall is a worm.

-{ Quote: "its not a problem, or an FP." }-
Tell that to the people who got their firewalls killed thanks to DrWeb.

-{ Quote: "

Tell that to the people who got their firewalls killed thanks to DrWeb." }-
nah, you just tell it to someone else instead ;)

the fault goes to avast for not detecting the threat in the first place, drwebs cureit saw the threat and got rid of it. End of story.

-{ Quote: "the firewall may block the threat, but its still in running memory processes." }-
When a firewall blocks a packet, it's discarded inmediately, so it doesn't reside in memory anymore. Without knowing the inner workings of Dr.Web, I'd say that Dr.Wen is detecting a "ghost" (i.e. something that doesn't exists but was present for a brief moment before the firewall dropped the connection), it's detecting something in the ruleset (i.e. any specific ruleset to block SQL Slammer) or it's detecting when the firewall logs the "attack" stopped.
It's a problem of the memory scanner of Dr.Web or how they parse data (firewall ruleset or log)

-{ Quote: "nah, you just tell it to someone else instead ;)

the fault goes to avast for not detecting the threat in the first place, drwebs cureit saw the threat and got rid of it. End of story." }-
Thanks, but I'll pass. Telling other people it's not a problem, when it clearly IS a problem, doesn't sound quite right to me.

well, whatever it is Lucas, its still detecting what is there, or ghosting there.

sounds more of a problem with the Firewall, and not the AV for not discarding a threat completely that its 'supposed' to have dealt with.

and lets not forget the avast failed detection too.

-{ Quote: "Thanks, but I'll pass. Telling other people it's not a problem, when it clearly IS a problem, doesn't sound quite right to me." }-
maybe not to you it doesnt..... but nobody cares what you think though. ;)

Chris, your personal attacks aren't worth much when it comes to taunting their intended target, or entertaining other readers; they're just stale.

From what little I know of avast!'s Network Shield, it seems to act as an "invisible" proxy rather than traffic filtering at the network stack, meaning it picks up only what the firewall misses (in my experience: no reports when firewall is on, pages of Sasser/Slammer attack reports when firewall is off and my PC is put on DMZ). In other words, no mistakenly identifying and shutting down firewall processes as non-existent, already-blocked worms. :thumb:

-{ Quote: "and lets not forget the avast failed detection too." }-
The firewall is the first in the chain of events, so none AV can detect a threat when it doesn't even reach them.
A packet with the body of SQL Slammer comes in (highly unlikely event, BTW), it reaches the network stack at its lowest level (NIDS) when every firewall has its hooks, the packet is processed by the firewall engine and it's dropped because:
- There's a specific rule (made by the user or shipped out of the box) to block SQL Slammer-like packets.
- Stateful packet inspection drops it because its an inbound connection without any correlation to any open connection.
- There's no application to receive the packet, because SQL Server isn't installed in 99.99 % of home machines.
The AV can't stop what isn't even there.

-{ Quote: "pages of Sasser/Slammer attack reports when firewall is off and my PC is put on DMZ" }-
A lot of noise in your Internet neighborhood it seems. No Code Red, Nimda?

-{ Quote: "A lot of noise in your Internet neighborhood it seems. No Code Red, Nimda?" }-
To be honest, I wouldn't know what avast! names those things as. Slammer and LSASS/DCOM exploits seem to form the majority of my Network Shield log entries. I turn off my firewalls and go to bed when I test it, so I usually have a page or two's worth of logs to parse in the morning.

Vulnerability exploited by Code Red (http://www.microsoft.com/technet/security/bulletin/MS01-033.mspx)
Vulnerabilities (http://www.microsoft.com/technet/security/bulletin/ms00-078.mspx) exploited (http://www.microsoft.com/technet/security/bulletin/MS01-020.mspx) by Nimda (http://www.f-secure.com/v-descs/nimda.shtml).

it seems to only happen with LnS and i think even pctools firewall has something to do with LnS's, or is that wrong?

this thread has gotten way off the track & no need for personal attacks guys, let's play nice. BWT everyone is intitled to an opinion & if you don't agree just agree to disagree ,

-{ Quote: "well, whatever it is Lucas, its still detecting what is there, or ghosting there.

sounds more of a problem with the Firewall, and not the AV for not discarding a threat completely that its 'supposed' to have dealt with.

and lets not forget the avast failed detection too." }-
Slammer is not a threat unless you both:
- Run a 6 year old unpatched copy of MS SQL Server on your system. This particular vulnurability is dated July 24, 2002.
- Don't have a firewall blocking the incoming packages.

In other words - you are completely safe from this "threat" without any antivirus-product.

-{ Quote: "this thread has gotten way off the track & no need for personal attacks guys, let's play nice. BWT everyone is intitled to an opinion & if you don't agree just agree to disagree ," }-
so true Larry,

people who refuse to see the light, will never see it. :D

-{ Quote: "it seems to only happen with LnS and i think even pctools firewall has something to do with LnS's, or is that wrong?" }-
Yep, it happens with LnS and PC Tools firewall, but there are reports of the same FP with Sygate.

Thanks solcroft and lucas1985 for the explanation . There is no reason for me to worry then :) .Currently i am not running avast , i am trying the new avira 8. Neither avira nor bitdefender free 10 detected anything in my machine .Though cureit usually does a good job , shutting down firewall processes for an already blocked exploit looks a little bit silly and i personally think dr. web should change their view regarding this matter .

-{ Quote: "shutting down firewall processes for an already blocked exploit looks a little bit silly and i personally think dr. web should change their view regarding this matter ." }-
Every AV has its quirks, although some quirks are worse than others ;)

-{ Quote: "Every AV has its quirks, although some quirks are worse than others ;)" }-
Not only did it fail to correctly identify the source and entry point of the exploit, it tried to kill the protection that stopped the exploit, ostensibly opening up the computer to further exploits. I wouldn't call this just a quirk or a "little bit" silly.

-{ Quote: "Slammer is not a threat unless you both:
- Run a 6 year old unpatched copy of MS SQL Server on your system. This particular vulnurability is dated July 24, 2002.
- Don't have a firewall blocking the incoming packages.

In other words - you are completely safe from this "threat" without any antivirus-product." }-

Actually, rational users are probably safe from most threats without any anti-virus product.