Avira woes

Yes, of course and I think all those technologies have their purpose are supplement each other nicely. What I meant is that I have the impression that some users here believe they don't need AV if they use Sandboxie, Shadow Defender or a similar product.

It's online now (aeheur 8.1.0.119). No fingerprinting, I added about 5 new generic detections and 1 heuristic rule (there was an interesting VB cryptor/dropper that I missed) and some minor flags that cause ATRAPS.Gen detections indirectly. Trojan.Filecoder is not really suitable for good generic detection rules, it does nothing much that is really suspicious. The packers were already all handled, either unpacked (and no detection because Filecoder is so "harmless") or caught by my generic cryptor detection with I used for the new heuristic rule. The ATRAPS.Gen modifications didn't result in much new detections, about 80 new generic hits on our database. The VB cryptor/dropper was much more "rewarding", 1800+ malware samples newly detected. So similar droppers were used pretty often by malware recently.

 

hi Stefan

i want to ask you a question ??

avira is highly depending on generic rules thats why its one of the best AVs at detection !!

my question is

why most AVs.Co don’t add alot of generic detecion like avira ?? is it because they fear the numbers of FPs or something else

 

They do add generic detections all the time or use detections that also catches variants. I really like the generics in the Microsoft scan engine. Currently the best available generic detections I think but they are still not on top with the entire detection. FPs are always a big problem, for every AV program. I think many AV programs still try to add generic detection for single malware families, to have "exact" detection. I don't apply that restriction.

And maybe they haven't yet reached the same level of madness. It's called TR/ATRAPS.Gen for a reason...

 

Before Stefan's aeheur module update

 

After

 

i will retest avira with another packed malware and new crypter soon

Thanks Stefan, Thanks Generic Signature Tech

 

I removed Avira Antivir Free because while downloading with Utorrent it gave me computer BSOD's even though I don't have the firewall ...

-__-

 

I have utorrent and have no issues using Avira free,so it's gotta be somethin else thats giving you the BSOD.

 

never had a problem with Avira and utorrent, im almost positive u have some other issue as the root cause.

 

A flawless argument, but if I had to choose on which to rely as a first line of defense I'm afraid virtualization would come first (I think/hope Avira and Shadow Defender will give me the 99,9 % that is impossible to get from a single application).

Furthermore I'd like to add that most of the sandboxing /virtualization applications do seem to update their products against malware that seems to have been designed specifically for them.

 

I use uTorrent 1.8x beta with Avira free and premium, I have downloaded quite a few DVDs and never did I ever get a BSOD. If you are getting a BSOD with uTorrent, it could be something to do with your TCP stack.

 

mine seems to get stuck here weird...
http://i43.tinypic.com/2eba64j.jpg

 

Not exactly. His flaw was lumping Sandboxie in with disk shadowing programs. Unlike programs like Shadow Defender, Sandboxie can block access to passwords and personal files. It can also block sandboxed programs from network access so it can provide considerable protection from info stealers, some of them which can't be detected by AV such as Avira. I still scan new executables with Avira and KAV but I always run them in Sandboxie before I trust them.

 

anyone know why my scanner gets stuck at 37%

 

Assuming you mean the Avira scanner, which file is scanned when the scanner gets stuck?

 

I honestly don't know all the ins and outs of Sandboxie, and what your are saying shows this application being quite remarkable. I trialled it twice once with my XP machine and once with my Vista machine and it didn't seem to work properly. The reason I did not insist/investigate was that I'm more attracted to something that will shadow my C: completely, which I think is not possible to do with Sandboxie. I also think that a good firewall will block access to most applications trying to phone home.

The original point was that any sandbox/virtual application can be defeated (including Sanboxie, from memory it had several updates against vulnerabilities which were quickly dealt with by its dynamic developer), and therefore the trick is to have a combination of applications that by complementing each other, can address any contingency without overloading your machine. Avira, Sandboxie, Shadow Defender on their own won't be as effective as when run together.

 

I dont know it just says C...392993023 like that but it's at 37%

 

When you put the mouse over the file name, you should get a balloon tooltip displaying the full filename and path.

 

Sandbox software good for checking out pest from embedded software like compress archives and such like that. So nothing will drop out when you install them on your system and cause issues like a trojan horse would. If you system is a new image and hasn't be on the net or domain then using such programs only without the AV, SPY, FW will be okay for now.. One slip-up and bang your starting from scratch.

Avira I have that on one desktop and wireless laptop. It's okay nothing to write home about though. Some false positive hits. It does have some sort of HIPS but scanning takes forever. It told me I had 5 unknowns it could repair big mistake. I had to re-install those apps. PC Tools Spyware Doctor with Antivirus Intelli-Guard and Threat Fire HIPs better.

 

LOL! PC Tools AS and Antivirus Intelli-Guard are not even in contention in top tier AVs and they can't even be remotely compared to Avira, Eset, KAV, Avast, Norton et al.

 

I saw that. Pretty funny quote.

Ice

 

How you figure that one... I've tested Avira, Avast, ESET and can't get the KAV stuff to work no matter what, Norton and I go back to the days where DOS/Win3.1 and NAV1/2 was the norm. I had stopped using Norton Suite back in 2003 I believe. I not going to knock software AVs but I can tell you one thing PC Tools even though they're not as huge as everyone else sure does do the job..

Everyone software design and features are going to work differently, so you like yours because its protecting, I find the PC Tools does the job for me. It can even be run on Enterprise Server, I choose that server OS because the features are better than standard Server plus it is what I use on domain and the client sites where NAV Corp Edition is used as some still use McAfee VS or Trend Office Scan that would blow away most of what you have mention. I just want good solid protection that doesn't hang, hose, drag, let unwelcome guest come on in an etc..

 

Do you really think that the other sites that test various suites are just talking nonsense and your test is the scientific objective way of assessing an anti virus. So I guess a noob should consult you instead of av-comparatives and others.

 

ok i shall try again

ok here is link, with file path gets stuck on , i am going to turn of system restore try that. (resolved) Restore fixed it i turned it off then on.....

http://i41.tinypic.com/ztww8l.jpg

 

Other sites use controlled Office Model QA Testings.. Sure what they do might not work at home or other business. Sure you could use Admin Server AV and then run Client Agents on all the network systems you have and do it that way.

PC Tools like most here have there up and downs. Not all going to 100% protection though. Avira has some issues I ran the free and yesterday ran the full suite with the firewall an etc.. It was no better then running the Free both did the same thing. False positive, it never crashed like PrevX 3.0 did on me badly yesterday that couldn't run kept on saying it couldn't call home to check on dbase. So that was removed. Avira kept on telling me I had some thing in the root of C yes but that wasn't a trojan, or pest that was one of my own programs. Just kept on bugging me about it. Ignore this bla, bla didn't work. The scanner on Free and Top End Security Suite was dead slow even under Safe Mode both found the same stuff and none were any threat. It's firewall is weak and blocked the internet compared to the PC Tools Firewall Plus 3.0.1.14 with code injection feature not the a problem it connects to the internet after the reboot. PC Tools NIS 2009 well might be good for those who really only use the internet for research and surfing.. Power users should stay away from it..

CMD Scanners did a better job found threats in the registry and removed them. VIPRE Free did a better job as did A-Squared Free they found the pest and the alerted me about them VIPRE removed it auto the A-Squared gave me the option to do it on my own.

ThreatFire on level 5 is 100% better than PrevX . TF found stuff that PrevX failed to do. I am sure if the pest ID was in PrevX it would have found the same. What they need to do all these companies is get a real Business Analyst do a lot of research and network between here and amoung themselves to learn what's out there as a threat. Otherwise a lot of them are just not going to catch everything. Share from a command daily dbase.