AOL AVS (Kaspersky): Scan new and changed files only

Correction. That's where I said chkdsk ground to a halt after a few days. There's a rather major difference between "chkdsk" and "the pc".

 

in built windows tools IMO

 

If "chkdsk crashing" for you equals "the pc grinding to a halt", I can't think of much to say to you that wouldn't get me moderated.

 

no that isnt what i ment i was just saying that chkdisc is a bulti in windows tool lol. I know that doesn't mean the pc grinding to a halt.

whats you aim of this post?
to get noticed?
or to try and work out what is causing the chkdisc errors and to get it fixed?
or to ruin a company's reputation?

im not trying to annoy you i just want to know what the point of this post was simple as.
lodore

 

I'm perfectly aware of what chkdsk is. What you did was quote me on the chkdsk issue when I challenged Don to show where I had claimed the pc ground to a halt after 2-3 days. I never made such a claim, and your reply on it was pointless since it didn't show I did either.

I did not create the thread. I did add information to it. The reason for that ought to be obvious. Giving prospective KAV users sufficient information about both sides of the story (ie, that the issue is not scaremongering, and worth taking serious if their machine shows symptoms), so that they can make up their own minds. That was long since accomplished. But I don't much fancy having my integrity questioned by people claiming I spread FUD. I reproduced this issue multiple times on two platforms. The numbers affected appear to be limited, but that doesn't make the issue itself worth ignoring for those it does affect.

If KL ignored the issue in their own support forums, I rather doubt they will come crawling out of the woodwork here.

I can't do that without KL's assistance. They have not acknowleged the issue. Not much more I can do but point out its existence so people can take their own precautions, or choose not to.

As I said, my goal by adding to this thread was long since accomplished. I don't see any point in going in circles any further.

 

Let me play both sides here. I have used Kis on one computer for quite awhile, I did this yesterday, no problem on that machine, so from that perspective Don is right.

Now as far as Lodores comments about only 8 reporting issues, the reality is, most users have never used chkdsk, land even more dont even know what it is.

As far as any delays, that wouldnt be an issue for me, period.

 

I know I'm repeating myself, as this is what I've been saying all along. If there's no noticeable delay after installing KAV and running a full scan, there should be no reason to worry. What I advocate is grabbing the trial version and actually performing such a test before buying, and ensuring you have a backup to go back to if the symptoms should appear.

It's not the delay itself that bothers me. It's the fact whatever is done to the filesystem/partition table is permanent. Uninstalling KAV has no effect. That coupled with the potential problem of the filesystem becoming indechiperable to chkdsk and other low level applications.

 

Old thread, but related question...

I understand that iSwift or iChecker (can't recall which ATM) checks MD5 sums of each file to determine if it was new or had changed, which determined whether or not the file needed to be scanned.

Can anybody confirm whether or not the "Scan new and changed files only" setting also checks MD5 sums?

I could not find much info on that particular setting on the Kaspersky site, although there was detailed info for iChecker and iSwift. The site did not confirm whether this setting checks MD5 sums or not though.

 

Iswift and ichecker are the technlogy that make scan new and changed files only option avalible
lodore

 

You got the lodore syndrome again *. Are you alright?

There are some points why one may wish to do so. Reasons:
- a file is clean because it is infected with a new malware but undetected. Then the database is updated later and it can be detected now. If the file is not scanned again in future, the new malware will sit happily with your computer unless the on-access can catch it. But there may be some risks about that. sometimes a malware can manage to damage your computer before the antivirus can detect it. So it is always the best to scan it on-demand first. This lowers the risk.
- its technology has bugs, or is not reliable. It doesn't scan some files even if they haven't been scanned before.
- it can be easily bypassed by the malware. A malware manage to corrupt its database, so it wrongly think it is scanned.
- the scan time is low anyway since it has not amny to scan, or the scan time is unimportant since it is scanned while the computer is idle. Why take that risk? Better safe than sorry.


=================================================
*: Just kidding!

 

ye sorry i had it again.
your right about those points.
is there any prove that ichecker and iswift are unreliable?
lodore

 

This post is made hastily. Some msitakes may be made!

All info fomr the KAV forum and http://forum.kaspersky.com/index.php?showtopic=14995

The problem looks real for 2 reasons: (1) quite many users report that (and they did spend time to examine and spot for the cause of the problem); (2) the betas of KAV have such kind of problems in the past (however it was supposed to be fixed now, so this may mean it can't fix the problem completely

As some users report that they have problems when running version 6, some say it is related to ichecker and/or iswift, some not since they have the problems without them on.

One, I think it is a tester, commented that:

KAV reported that the case is VERY rare (however it might be just an excuse for their inability to fix the problem). The researcher said in the forum:

KAv siad there is no confirmed case where it will corrupt our files. However some people complain that KAV turns a blind eye to their reported cases of corrupted files.

Here's the comment made by one user:

Note if the problem occurs to you, you can't solve the problems even if you uninstall the software.

This problem is very serious and shouldn't be taken lightly. It may as well corrupt your important files, so better safe than sorry. The measures include:
- you just don't know if the problem occurs to you. Even if it occurs to you, you need to make an effort to find it out. you may avoid using versoin 6 at all. Simply use other first, including the free Avira AntiVir, until the problem is resolved.
- if you decide to install the program, please make a full imaging backup for safety reasons
- if you have installed the program, please go to the forum and read the posts. Make sure the problem does not happen to you. If you are fine, then make a full imaging backup now. The problem may happen to you on later times

 

That didn't quite answer the question. Those are all 3 different options with 3 different check boxes. What I am trying to find out is if scan new and changed files only also verifies MD5 sums the same as the other options. But thank you for your response though.

 

Is there actually any malware out there that can infect/modify an existing file, yet maintain the same MD5 sum of that file?

 

Short answer. If my memory serves:
- CRC32 can be cracked or brute-forced easily
- MD5 is harder to crack. Still it is possible. And I heard that different files may return the same checksum too in extreme cases
- For much better and safer security, use SHA-1 (widely used). However it is reported in 2005 that a proof-of-concept method which can find collisions in SHA-1. This shorten the time to brute-force it (it is 2^63 instead of 2^80 steps). However this is still a huge work to crack it, so it is still safe. But to be conservaitve, you may choose others like Whirlpool

I get this info when I am learning checksum and encryption.

 

Most of that I did not know, so thank you for the info. I do, however, use Whirlpool with TrueCrypt on my encrypted partitions.

I think that whether it gets cracked or brute-forced would also depend on how Kaspersky implements the feature into their engine. But then again, who knows... anything is possible.

 

It is quite obvious from what I have been reading that a lot of people have been having this issue. I installed KIS 6.0 (303) about 5 weeks ago and recently updated to MP1 (411). I don't recall if I have done a CHKDSK during this time so after reading this I decided to do one to see what would happen. To my luck, the CHKDSK completed fine without problems. I don't know anything other than that at this point.

 

the last i heard was that it was only a few people will ever be affected by it.
most people it will never happen to them. everyone has such different setups hardware and software it is hard to retrace the problem
lodore

 

There has been a new thread on this in the Kaspersky Forums with some new information. It was in thread titled Long CHKDSK delay, with AOL Active Virus Shield underneath it. A must read for KAV, KIS, and AVS users, but not as scary as it once seemed to be.

 

This is the thread duke1959 is referring to:
http://forum.kaspersky.com/index.php?showtopic=26682&st=0

I have read this, plus a few other threads similar to it at Kaspersky forum. I am still using AOL AVS at the moment but I am little concerned, although I have no issues now after having done a full disk format a few weeks ago.

From everything that I have read on this, it sounds as though Kaspersky engine causes lots of fragmentation of MFT and somehow relates to CHKDSK delays as well. From what I have read, it seems to be Microsoft's issue... but somehow Kaspersky aggravates this issue more. Kind of like Microsoft having a bruised rib, and Kaspersky engine grinding it's elbow into it.

Anyways... whether this is Microsoft's issue or not, my question is:

Why is it that Kaspersky engine aggravates this and other AVs do not?

More specifically, is there a certain feature that Kaspersky engine has that causes this aggravation, that other AVs do not have?

Thanks,
Dave

 

i have noticed sine install kis6.0 when i press analyse button in diskeeper 10 pro it shows more pink (low performing system files)
which i guess would acount for the mft fragmentation.
lodore

 

Some people are saying Perfect Disk helps shorten the CHKDSK delay somewhat with a boot time defrag. Does anyone have any experiece with this product? It seems safe, and easy to use with a 30 day free trial. I would like to try it and see if it helps with the 5 minute 2nd stage delay in CHKDSK that I now have.

 

now does this mean, F-Secure would have this issue, or not. It is really a nice AV product.

 

perfect disk is made by a company called Raxco who is a gold certified microsoft partner.
diskeeper's boot time defrag will also help if you have diskeeper.
lodore

 

Well... regardless of whether it is actually a problem or not, I don't care anymore.

I removed Active Virus Shield and installed AntiVir PE. To be perfectly honest, all applications on my computer start faster, way faster. Most noticeably with Firefox, Thunderbird and OpenOffice.org. Even with all of the best options enabled in Active Virus Shield, this difference in performance is just amazing.

Enough said...