DRWEB is the Best AV....anyone else agree with this?

Discussion in 'other anti-virus software' started by Barney, Jul 4, 2004.

Thread Status:
Not open for further replies.
  1. bellgamin

    bellgamin Registered Member

    Joined:
    Aug 1, 2002
    Posts:
    8,102
    Location:
    Hawaii
    DRW is an ill-tempered rottweiler. VB prefers poodles. :D
     
  2. Trans

    Trans Registered Member

    Joined:
    Dec 30, 2003
    Posts:
    76
    I have exactly this feeling ;)
     
  3. Arin

    Arin Registered Member

    Joined:
    May 1, 2004
    Posts:
    997
    Location:
    India
    DrWeb is a good antivirus almost at par with KAV. BTW f123 when i meant HDD disaster i meant virus attack.
     
  4. f123

    f123 Guest

    Name one bug that's designed to attack image files? Some programs will allow the user the ability to encrypt the image file.
     
  5. Arin

    Arin Registered Member

    Joined:
    May 1, 2004
    Posts:
    997
    Location:
    India
    dear f123, you still don't get my point. there are such things that can seriously damage your HDD data by corrupting the MBR or writing random data in random sectors. thats why professionals backup their data in CD-ROMs.
     
  6. f123

    f123 Guest

    The image file will overwrite ALL data in the restored partition, including the Master Boot Record. Ever heard about disc cloning? Basically the same principle. I would advise that you beef up on drive imaging before spreading false information. Putting the image file on removeable media allows the user to restore the data on ANY PC. That's the safest way to backup data. Pros prefer tape drive over optical media.

    Again, please name one bug that specifically attacks image files. With a good image file, I can restore the non-corrupted data to ANY infected hard drive. Some imaging software will also reset the cluster size to the "default" configurartion. That's the power of drive imaging. Note that the imaging software may not function properly if there is physical damage to the hard drive.
     
  7. Blackcat

    Blackcat Registered Member

    Joined:
    Nov 22, 2002
    Posts:
    4,024
    Location:
    Christchurch, UK
    Chaps, can we keep on topic which was your thoughts on Dr Web as an AV program!
     
  8. rerun2

    rerun2 Registered Member

    Joined:
    Aug 27, 2003
    Posts:
    338
    I use DrWeb myself. And while I agree to a lot of what is said about its detection rates and heuristics, i cant help but wonder... where is the proof? In the test at http://www.av-comparatives.org/ ... DrWeb did well, but did not exactly blow everyone else away either. I hope we are all not relying on the number of false positives in determining how good/agressive an AV's heuristics is.
     
  9. Blackcat

    Blackcat Registered Member

    Joined:
    Nov 22, 2002
    Posts:
    4,024
    Location:
    Christchurch, UK
    Rerun2

    Since you are a little wary of Dr Web's detection rate and heuristics why did you choose to use this AV? Is it because of its small footprint?

    I know that KAV and its clones give better detection rates than Dr Web but I use it as a primary scanner on one of my computers here because of its lower resource/memory usage. Detection rates are not the main criteria when choosing 'the best' AV for an older computer.
     
  10. rerun2

    rerun2 Registered Member

    Joined:
    Aug 27, 2003
    Posts:
    338
    I have tried a few AVs before I finally settled on DrWeb. DrWeb did not cause any conflicts with my system (and other apps), uses low resources, small updates, clear interface, and includes nice set of features. Detection rates were also very much considered as well as the praise of certain members at this forum (DrWeb was doing quite a bit better in VB at this time heh). Another part of my decision was that... it wasnt so much what DrWeb had to offer, but what others didnt offer in their products. Or in some cases the direction some AVs were heading. DrWeb has been a great fit for me personally, and i am very happy with my decision of having DrWeb protecting my computers. However, what I would like to see are some tests or backup to understand why DrWeb's heuristics is so well "respected". Like i mentioned before it did not exactly blow away the competition in the test where heuristic components of each AV were detected (granted none of them really did). So what is it all about? Can we say with any certainty its heuristics are more powerful than say Norton's bloodhound heuristics? And if so how can we prove this? Hopefully not by false positives. That is the question I meant to pose.
     
  11. Blackcat

    Blackcat Registered Member

    Joined:
    Nov 22, 2002
    Posts:
    4,024
    Location:
    Christchurch, UK
    Rerun2

    Thanks for clarification on your post. I agree with your thoughts on heuristic analysis as there seems to be either a lack of data or conflicting results on heuristic capabilities. Recent tests to try and look at heuristics ( directly/indirectly) have included;

    1. http://www.av-comparatives.org/seiten/ergebnisse_2004_05xx.php

    2. http://www.pcworld.com/reviews/article/0,aid,115939,pg,4,00.asp

    3.http://boardadmin.funpic.de/viewforum.php?f=4&sid=8afa7e7d145efbcdbc2b1075de78446a


    (Indirectly, this last site, if you analyse the results in detail, can tell you something about heuristics against trojans; Nautilus for example told me that Command AV has 'very sharp' heuristics, which seems to tally with its Holocheck technology).

    The so called big hitters in heuristics are thought to be Dr Web, NOD, Command and F-Prot for Windows ( and the relatively unknown MKS_Vir - any more?). It would be nice to see some definite data on this statement to confirm this.
     
  12. Arin

    Arin Registered Member

    Joined:
    May 1, 2004
    Posts:
    997
    Location:
    India
    dear f123, i like your enthusiasm on this topic. yes we are straying from the topic. i'd like to post some points to remove your confusion and retire.

    1. i never said image files are infectable....lol. i said image files can be corrupted by virus attack which is totally different.

    2. i said image files stored in HDD doesn't make sense due to data corruption. storing in removable media requires burners which not all of us has.

    3. all these i'm saying doesn't mean i'm against imaging, i use it myself. but its like being a ghost jumping from a sick body to a clean body. recovery is the last options but ask the security enthusiasts who wants to FIX the problem rather than to flee the ground.

    no hard feeling towards you. sorry if i was hurting you.

    now going back to the main topic DrWeb. if you're using 9x/ME then with the Code Analyzer and Heuristics you're quite safe. just look at the database you'll notice it has around 50k samples. still it competes well with others which has nearly the double number of samples. modify a known malware and chances are well that it'll still get caught. the small memory footprint is an added advantage with the level of security it provides.
     
  13. f123

    f123 Guest

    1.It is possible to encrypt image files. Anything can happen in the future. But as of now, can you name one bug that can damage an encrypted image file?

    2.If there is data corruption in the HD, then an AV program like Dr. WEB isn't going to fix the malady. Bug infection...maybe, data corruption...no. By storing the good image file in a separate partition, or better yet, another slave HD, one can restore the OS to that good working state. Remember that the "data corruption" must affect the image file to render the data irrecoverable.

    The odds of data corruption that would require the reload of Windows is MUCH higher than corruption of an encrypted image file stored in the HD.

    3.Why would anyone want to try to fix the OS when there exist a perfectly good image file from yesterday to restore from? There are no perfect defense against bugs and hackers. Restoring corrupted data from a good image file is a very fast and efficient method of undoing the infection. Most PC users are not interested in spending hours to track down bugs and dowload software to repair the infection(s).
     
  14. Arin

    Arin Registered Member

    Joined:
    May 1, 2004
    Posts:
    997
    Location:
    India
    dear f123, you can try AdInf from DIALS. BTW random data write operation can corrupt any files including encrypted data. you read my above post carefully as it contains answers to your questions. i won't answer your questions anymore. its useless and probably will attract scissor-hands.
     
  15. f123

    f123 Guest

    I work with facts...not theoretical image file infection. To make the PC virtually "bullet proof", one can add a quick release internal hard drive slave bracket and switch out the back-up hard drive every other day. Can't destroy/corrupt data that is not physically connected to the PC. Some companies use tape drive to achieve similar result.

    Over the last two years, how many bugs were created with random write capability? Bug writers want self-propagation...spread the bug as quickly as possible before the release of a viable AV definition file. That's why Internet Explorer, Windows Explorer, and Outlook Express are the favorite targets of these individuals.

    Install a good firewall and use good PC judgement when receiving data from the internet. Always scan downloaded file for infection. With good image files, one can elevate the security level beyond 98%. Life is not perfect. Never sweat the small stuff.
     
  16. Arin

    Arin Registered Member

    Joined:
    May 1, 2004
    Posts:
    997
    Location:
    India
    i knew a cyber cafe owner who knew nothing but to create images and complain that viruses are coming again and again. ok fine don't apply any patches and AVs. just image your drive. i won't reply to your posts now. register and we can continue this argument through PM. right now keep in mind this thread is for DrWeb.
     
  17. f123

    f123 Guest

    No image file can prevent future infection. BUT it can "recover" the PC to the time that the image file was made. If the image file is clean, then the PC will also be clean. This is a perfect application for a cyber cafe. You cannot control what people click/download, but you can always restore the PC to "factory" configuration in less than two minutes. There is no need to create more than one image file because the cyber cafe PC isn't responsible for storing the user's personal data!

    As I said before, my setup consists of WXP Pro SP1 (with no additional patches), ZA Pro (high security), and an e-mail AV scanner. There is NO full time AV protection. Two years and counting without a single bug.

    As for the best AV and FW...my vote is for the USER. You have control of what goes into your PC. A good FW and almost any AV program with an up-to-date virus definition database should be sufficient protection if you are a casual websurfer. X-rated customers need to elevate the security level by avoiding Windows Explorer, Internet Explorer, and Outlook Express. Spend $35 on Bootit ng if you want the ability to image restore all the data in your HD.
     
  18. f123

    f123 Guest

  19. rerun2

    rerun2 Registered Member

    Joined:
    Aug 27, 2003
    Posts:
    338
    Thank you for the reply and the links Blackcat. Quite a lot of interesting results in Nautilus' scan logs. DrWeb seemed to do quite well against modified malware (bytes added, hex edited, header faked, repacked, and resource edited), which goes to its signature quality (I would think heh). Did not do so hot in rebased and OEP though. Unpacking ability seemed ok too, but obvious work needs to be done in some areas as well... ACProtect, Armadillo, ASProtect, etc. I hope improvement in these areas will be made soon. I mean, how great would that be? :D

    Offtopic...
    I agree imaging and creating quality backups can be a good solution in most cases. But the problem is when to create backups. If you create backups (especially automatically) in too close of a time period, you risk getting infected and backing up your infection. When you restore your image you will just be restoring the infection. If you create backups that are too large of a time period, you risk losing a lot of legitimate data that you have gained in between those time periods. Why not just do a clean install then, you know? So how can you tell when you are backing up a completely clean system that is connected to a network? Some people will argue that you can never tell if your system is truly clean. I think you still have to depend on one's security knowledge, safe computing habits, a well patched system, and good security tools to prevent infection when you do decide to create an image.

    P.S. Maybe this will make for another good discussion in a separate thread :)
     
  20. f123

    f123 Guest

    From my personal limited experience, most problems occur with windows. Since my WXP partition is only 710MB, I can keep about 11 partitions per 4GB. That's about 1.5 week worth of data if you allow the PC to run daily backup at night while you sleep.

    Most of my customers will report a problem with their PCs within 48 hours of an infection. Spywares can go undetected for weeks. Fortunately, it's not that difficult to extract them from the computer.
     
  21. Blackcat

    Blackcat Registered Member

    Joined:
    Nov 22, 2002
    Posts:
    4,024
    Location:
    Christchurch, UK


    f123, PLEASE :rolleyes:
     
  22. Arin

    Arin Registered Member

    Joined:
    May 1, 2004
    Posts:
    997
    Location:
    India
    dear rerun2, thats what i was saying about DrWeb. it picks up almost every bug you modify. i really like this thing about DrWeb but sadly it is not developed much for this NT platform. hope to see a full fledged version soon.
     
  23. fredg115-80

    fredg115-80 Registered Member

    Joined:
    Jul 19, 2004
    Posts:
    13
    f123, can you give me some more information about your setup? What you said seems like the most logical way of dealing with the constant pc security issues, but as I am new to these things, I am hoping you can answer a few questions:

    1) Why is your OS partition only 710mb? Is it so the image will fit on one cd?

    2) Where do you install your programs? If you install them in another partition and have to restore the OS, will the programs still function?

    3) I am thinking I should install the os (xp home) with all my essential apps (firewall, antivirus, spyware apps, etc.), configure xp to its safest settings (I came across blackviper.com which should help there), and then create an image file. This way I can always restore in 2 minutes should I have any stubborn gremlins. Do you have any advice regarding this possible setup?

    Thanks

    FG
     
  24. f123

    f123 Guest

    60GB Maxtor Diamondmax Plus 9 7200 rpm drive.

    Primary C partition (only one partition can be active, others hidden from view):
    2GB, FAT32, 1K cluster for W98SE
    2GB, FAT32, 2K cluster for W2K Pro
    2GB, FAT32, 2K cluster for WXP Pro

    Extended logical partition-
    D partition:
    2GB, FAT32, 2K cluster (for data and program)

    E partition:
    2.5GB, FAT32, 4K cluster (for downloaded programs and stuffs that I don't really need but not willing to delete, yet)

    F partition:
    47GB, FAT32, 32K cluster (for games, image files, driver cache folder, W98 and W2K/WXP swap files)

    I only image the C and D partitions.

    1.The goal is to keep the OS partition as small as possible for faster creation/restoration of the image file. The compressed image file (using Drive Image 5) is around 347MB (710MB used out of 2000MB). And yes, it is possible to burn this image file on CD-R/RW disc. I have a 4x burner, so I've never encountered burn-related issues like buffer over run.

    2.Programs are located in the extended logical partition D. Some programs like Office will automatically put some folders in the C partition, even if you specify another location. That's okay, as long as you image the C AND D partitions at the same time...after you've loaded the program. Most issues are related to the OS. Therefore restoring the last "good" C partition should fix the problem. I rarely have to reload the D partition (data and programs). You can also image the C and D partitions prior to the installation of a software. If you encounter issues, simply restore the previous C and D partitions.

    3.My base test configuration does not include AV and other proggies. However, if you are happy with certain combination of AV, FW, and other proggies, then you should create an image file of the OS AND the data partition for future restoration. This way, you will be able to preserve the custom settings of your browser, CD burner program, windows etc. Pay special attention to those items in WXP's services. This is highly recommended if you start out from scratch and have not connected to the internet. Never connect to the internet without a FW set to maximum security.

    I try not to add any program to windows unless I have to...Adobe, Nero, irfanview, jv16, MS Office, Avast, Zone Alarm, WinRAR, TclockEX, Download Express, Firefox, and HD Tune. Some of these programs will function after extracting the zip file...no need to install the software in windows.

    F.
     
  25. fredg115-80

    fredg115-80 Registered Member

    Joined:
    Jul 19, 2004
    Posts:
    13
    Thanks for the reply F. I dont plan to create future images because of the possibility of backing up an unsecure system. I am thinking that the best thing would be to install the OS on a 2GB partition, set it up with all the programs and settings to ensure optimum security, and then create the image before ever connecting to the net. This will ensure that the image is clean.

    Any important files I have in the future can be backed up separately onto cdr, but I am unsure of what happens to new programs.

    I have a few more questions:

    1) If I install a prog on D and then restore C, what will happen if I try to use the prog? Its registry entry wont be there anymore, so does this cause a problem or will it just not work?

    2) Considering that I probably wont be creating future images, what is the benefit from installing OS on C, apps on D, and imaging both as opposed to OS & apps on C, creating a single image and leaving D empty for future files & apps (to be backed up separately on cdr instead of periodically imaging D)?

    3) If I install my progs (not that many, most are small) on C with the OS and then create the image, will I still be able to restore in 2 minutes?

    4) What should I be doing with Winxp's services? Is it a simple procedure or is there a site with instructions?

    5) I have ZA Pro but have read on forums that it is easily buyassed by hackers. I use it because it notifies me of what files are trying to access the internet, which alerts me to catch spyware/trojans. I also get frequent red alerts that it has blocked access from another location (netbios) - are those hackers or what? Is there an optimum setup for ZA?

    Thanks

    FG
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.