G Data Antivirus

Discussion in 'other anti-virus software' started by markcc, Apr 8, 2008.

Thread Status:
Not open for further replies.
  1. markcc

    markcc Registered Member

    Joined:
    Apr 8, 2008
    Posts:
    185
    Location:
    Michigan, usa
    Macstorm,

    Do you have the web scanner activated on your G Date? What settings do you have in the monitor?

    Mark
     
  2. Macstorm

    Macstorm Registered Member

    Joined:
    Mar 7, 2005
    Posts:
    2,642
    Location:
    Sneffels volcano
    Hi Mark, yes i have 'internet content http' enabled, i made just a few exceptions in the web filter (i specially like this feature) for certain webpages that i use frequently ;)

    As for the monitor (real-time) settings, i keep the defaults except for the 'check network access','check mail archive' and 'scan on startup' options, all of them disabled.

    btw, what package are you running? i have the av only, it's all what i need :cool:
     
  3. markcc

    markcc Registered Member

    Joined:
    Apr 8, 2008
    Posts:
    185
    Location:
    Michigan, usa
    I'm running the a/v package also. I use Online Armor paid version for a firewall. The 2 work well together
     
  4. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    I ran the trial of G DATA AntiVirus 2008 (DUTCH !!!) as second professional opinion.

    Installation : good
    Updating :
    - first time : slow, interrupted itself,
    - second time : successfull, it takes quite some time for an update.
    Hard to see if an installation or updating is FINISHED. Sloppy programming.

    Scan results :
    Gecontroleerd (= Scanned Files) : 21746
    Geinfecteerd (= Infected) : 3
    Verdacht (= Suspicious) : 0
    Elapsed time = 28 minuts.

    So I had 3 infections, these are the files :
    ---------------------------------------------------------------------
    Object: ULTRAVNC-101-SETUP.EXE file130
    In archief: D:\Software0 - ISO FILES\SHADOWPROTECT DESKTOP.iso
    Status: Virus gevonden
    Virus: not-a-virus:RemoteAdmin.Win32.WinVNC.e (Engine A)
    Object: ULTRAVNC-101-SETUP.EXE file131
    In archief: D:\Software0 - ISO FILES\SHADOWPROTECT DESKTOP.iso
    Status: Virus gevonden
    Virus: not-a-virus:RemoteAdmin.Win32.WinVNC.e (Engine A)
    Object: SHADOWPROTECT DESKTOP.iso
    Pad: D:\Software0 - ISO FILES
    Status: Virus gevonden
    Virus: not-a-virus:RemoteAdmin.Win32.WinVNC.e (2x) (Engine A)
    Object: ULTRAVNC-101-SETUP.EXE file130
    In archief: D:\Software3 - Offline Snapshot\ShadowProtect\ShadowProtectDesktop20_Evaluation\Desktop_SP2.iso
    Status: Virus gevonden
    Virus: not-a-virus:RemoteAdmin.Win32.WinVNC.e (Engine A)
    Object: ULTRAVNC-101-SETUP.EXE file131
    In archief: D:\Software3 - Offline Snapshot\ShadowProtect\ShadowProtectDesktop20_Evaluation\Desktop_SP2.iso
    Status: Virus gevonden
    Virus: not-a-virus:RemoteAdmin.Win32.WinVNC.e (Engine A)
    Object: Desktop_SP2.iso
    Pad: D:\Software3 - Offline Snapshot\ShadowProtect\ShadowProtectDesktop20_Evaluation
    Status: Virus gevonden
    Virus: not-a-virus:RemoteAdmin.Win32.WinVNC.e (2x) (Engine A)
    Object: Desktop_SP2.iso/ULTRAVNC-101-SETUP.EXE file130
    In archief: D:\Software3 - Offline Snapshot\ShadowProtect\ShadowProtectDesktop20_Evaluation.zip
    Status: Virus gevonden
    Virus: not-a-virus:RemoteAdmin.Win32.WinVNC.e (Engine A)
    Object: Desktop_SP2.iso/ULTRAVNC-101-SETUP.EXE file131
    In archief: D:\Software3 - Offline Snapshot\ShadowProtect\ShadowProtectDesktop20_Evaluation.zip
    Status: Virus gevonden
    Virus: not-a-virus:RemoteAdmin.Win32.WinVNC.e (Engine A)
    Object: ShadowProtectDesktop20_Evaluation.zip
    Pad: D:\Software3 - Offline Snapshot\ShadowProtect
    Status: Virus gevonden
    Virus: not-a-virus:RemoteAdmin.Win32.WinVNC.e (2x) (Engine A)
    ---------------------------------------------------------------------
    All these infected objects are objects of ShadowProtect, in other words FALSE POSITIVES.

    So my theoretical concept proves itself in practice over and over again.
    My computer is a testbed for false positives of scanners. Not bad for a newbie. :)
     
  5. Inspector Clouseau

    Inspector Clouseau AV Expert

    Joined:
    Apr 2, 2006
    Posts:
    1,329
    Location:
    Maidenhead, UK
    If you could read it says "not-a-virus". That means it just informs you that you have a MAYBE unwanted program VNC (and honestly, not every user needs that!) on your machine. You can easily configure that that it doesn't report the "not-a-virus" types.
     
  6. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    Thanks, but I don't keep scanners on my computer.
    Since 2007.06.01, I live without scanners, but the last two months I was curious if I was infected or not after 6 months and that's why I started to run all these scanners one by one, but only one time. I always uninstall them after the first scan.
    GDAV was one of the few ones, I didn't run yet.
    I knew already in advance that GDAV wouldn't find anything, except f/p's just like all the other scanners.
    I have to use scanners, because I can't find malware myself.
     
  7. Inspector Clouseau

    Inspector Clouseau AV Expert

    Joined:
    Apr 2, 2006
    Posts:
    1,329
    Location:
    Maidenhead, UK
    Ok folks, once again: THAT IS NOT A FALSE POSITIVE. Even if *YOU* are able to use VNC (or for example a network/password sniffer) that doesn't mean that other users, especially in a company environment are happy to have that on client machines. I mean how would you react as Administrator of a huge network with several domain controllers and some users using password or network sniffers. You wouldn't like that right? So you would expect your corporate antivirus solution to give you a warning about that. (And in a network a client can be configured to pass that data directly to the administrator if something was found; regardingless on which client it was found)

    You have always the option to 1. Disable such special detections (by not allowing "unwanted programs aka "NOT-A-VIRUS" to be reported) and 2. Exclude such specific files with the scanner itself if you really *INSIST* on using them.

    A false positive is when a vendor flags a clean, non-malicious files BY MISTAKE (Note: If a signature/crc/checkmethod is present in a malware sample AND in the cleanfile) or if they add something clean BY MISTAKE to their database (Note: They *THOUGHT* it was malicious).

    But if you name something "NOT-A-VIRUS" you know that it's NON-MALICIOUS as such (eg. doesn't do harm to a computer/network when used properly AND WITH PERMISSION OF THE USER!) But ... and now comes the But ... THEY DO KNOW IT CAN CONTAIN A SECURITY RISK. Why? I'll answer that: There are enough known malware that installs VNC as "legitimate" Backdoor Component to allow attackers access without being flagged by AV Software. Understood?
     
    Last edited: Apr 14, 2008
  8. Macstorm

    Macstorm Registered Member

    Joined:
    Mar 7, 2005
    Posts:
    2,642
    Location:
    Sneffels volcano
    Thanks for the clarification, Inspector :thumb:
     
  9. JasSolo

    JasSolo Registered Member

    Joined:
    May 9, 2007
    Posts:
    414
    Location:
    Denmark
    Well I've been testing it for a few days now. I find it MUCH lighter than last time I tried it (about 6 months ago) BUT it's still not near as light as my favorite (ESS). Also it's VERY slow in scanning, which I prefer to do on almost weekly basis. I've come to the conclusion that I'm going to switch back, but it has been a nice trustworthy companion in my rig, so maybe someday ?!...Who knows ? :)


    Cheers
     
  10. Macstorm

    Macstorm Registered Member

    Joined:
    Mar 7, 2005
    Posts:
    2,642
    Location:
    Sneffels volcano
    Hi JasSolo,

    Well, i agree about the slow on-demand scanning but it would be expectable having into account the double av engine..
    I also run the full on-demand scans on a weekly basis when i'm away from my pc so i don't consider it a hassle ;)

    Regards
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.