Is an AT Really Needed?

I think so too. I used this for a little while, when deciding which pay AV I was going to use next.

 

Sorry. Toby, I agree with your general ideas, and how you are generally willing to stand up to the paranoids on this forum who go around so 'layered' that they have heat stroke in hot tropical Africa.

But clearly you need to do more reading up on the 'technical stuff'. Sorry...

 

I don't think AT are really effective. One of the russian experts have made ITW tests and the efficience of the popular AT solutions was ~30%. As about TeaTimer- use HIPS, they are much more effective.

 

Did he test this on a system that had actual running trojans on them? Or just by scanning some non-active files on a hard drive?

 

By file scanning.

 

Some virus scanners may be good at file scanning but are not very much help if you're running on an already infected system. That's because they were designed to detect viruses and trojan detection was only added as an afterthought, meaning they are unable to deal with things like running trojans, locked files, registry entries etc.

 

The tests have been made with the big ITW malware collection in malware-inactive state with the disk scanning tools of the AT/AS. I could provide you the link to the report, but it is all in russian. AV tools provides much more detection percents according those tests.

 

Hello,
Ilya could you post the link to the test?
I have people who can translate it for me...
My bodyguard (ex-Spetznaz), for instance.
Mrk

 

Wherever you say! http://www.compress.ru/Archive/CP/2005/10/43/
The researcher is Oleg Zaytsev, he is an authour of the AVZ free anti-spyware tool.

 

Hello,
I wish he tested Ewido too.
After all, only one dedicated anti-trojan was tested (a2).
Mrk

 

I'd like to hear about real world experiences of ATs saving your backside when the AV (a top AV) has missed a Trojan as a lot of discussion about this subject seems theoretical.

I use BOClean as an additional safety net but so far (had it since July 05) it hasn't had to do anything except update its signatures - my AV has always caught anything nasty first.

Having said that, I'm glad to still have it there, just in case.

 

Some AVs add trojan detctions as technology mandates they evolve. Some ATs have evolved as well. Security and protection isn't static. What you get in what too many still consider an "AT" is actually a full spectrum anti-malware, handling spyware, worms, rootkits, hijackers, dialers, keyloggers, bots, spamproxies as well as RATs.

AV Comparatives tests file scanning. (They are testing ATs, excluding BOClean as it is not a filescanner) While this technique is still effective in some cases, we all know that technological changes mandate security software that is far more robust than that, warranting second-level security. What you put behind your AV is just as important as what AV you use.

 

What you put infront of your AV is much more important. Usually it should be the brain and human common sense/scepsis.

 

Agreed. However, this is the real world, where even the most intelligent will go for the shiny thing over there regardless of the consequences.

That's why we aren't all out selling paint.

 

I generally prefer to run an anti-trojan in place of an anti-spyware, and think it makes a lot more sense than running another anti-virus. With the multitudes of malware that's being released every day, it's hard for any single scanner to keep up. Some do a decent job, but there will always be plenty of things that every AV misses. If an antivirus is going to be weak in any area, it's going to be trojans and spyware. Partly because of the technology that trojans use that are designed to bypass traditional antivirus scanners, and also because antivirus companies have to prioritize what they add detection for, leaving the less severe malware to be added at a later time. Companies also have to first find the malware before they can add detection for it, which means that some compaies are going to add detection before others. Since it's trojans and spyware that AVs are going to be the most weak on, the next logical choice is going to be an anti-trojan or anti-spyware, each having slightly more focus on their respective group of malware. To me, trojans are the greater threat, and anti-trojans are meant to add additional scanning technology that AVs lack, such as true memory scanning and the ability to get inside of packed and encrypted malware. Anti-trojans provide more than just an additional database of signatures as, IMO, anti-spyware scanners generally do. To me, adding a second antivirus just doesn't make sense because it's just going to have the same weaknesses as the first. An anti-trojan is going to have specialized focus on the things that the AV would miss. I've also found the impact on system resources to be greater by AS apps than ATs,

That's my thought process on choosing an AT, at any rate. Whether you really need one or not is really up to you. Some people only need the very bare minimum to keep their systems secure, others keep getting infected no matter what. I would just consider how much malware you actually come across, what kind of malware you get infected with, and weigh that with how much it would take for you to disinfect if you do still get infected. No matter what way you decide to go, there are always other things you can and should do as well (disabling things you don't need, using alternative browser and email, stay away from risky websites, etc.)

 

Putting something infront/behind your AV !

Depends whether it actually is one or the other. In the case of BOClean their AT is in front, because it reacts faster than AV etc to any threat it sees, so the AV is lagging behind in reaction times. The AV may have reacted later if BOClean wasn't installed, but it's much better for any nasty to be taken care of ASAP, as far as i'm concerned anyway.


StevieO

 

I.e., proactive protection!

 

wow, thx for the info Topper, did not realize this myself...gonna look into trying out BOClean or something similar.

 

I'm not saying don't have real time protection! I use Bitdefender Internet Security 9...provides me with excellent real time protection....I use kaspersky's online scanner as a backup and A-squared free for yet another demand scanner.

 

oh...im scared

If Windows Defender (just installed recently) detects unknown scripts just like MSAS then everything should be ok.

 

Why is it that my computer is completely clean then? I've never had a problem before because I don't try and find trouble on the internet. I have the common sense to do regular scans with my AV and other app's...and online scans as well. You don't have to be technical to have common sense.

DA, you need to read this, I'm beginning to think your one of the paranoids
http://www.physorg.com/news9690.html

 

Sorry, I have sarcasm-blocking software enabled. I couldn't read your post.

 

Heh, this is one of the oldest arguments here, in the middle of some argument, the guy goes "I'm not infected, So I am right you are wrong!", of course the other guy is also not infected so ......

As I explained to Rasheed (who is the opposite end of the spectrum from you ) Surely that is an invalid argument.

You do have to be some what technical to make correct technical statements though. Kind of distracts from your arguments when you make wrong ones. Just IMHO

Oh sure I'm a paranoid, just trying to be an informed one.

 

[Originally Posted by Toby75
Why is it that my computer is completely clean then?]

I always carry a finger nail clipper, and although I have spent MUCH time outdoors, I have never been bitten by a rattlesnake.
Conclusion: Carrying a finger nail clipper prevents me from being bitten by a rattlesnake.

Jerry

 

Guess I left myself open on that one didn't I....I'll just be quiet and live with my "infected machine"....cause I have soooo many problems with it..and leave it to all you people to give such sound advice.