My review of eXtendia AVK Antivirus System.

Panda is a pretty solid AV, I actually like it, and it scores high overall on every catagory, so its a rounded product as well. Especially considering its mostly free..

http://www.av-comparatives.org/seiten/ergebnisse_2004_02yl.php

Scores right up there with the best of them, and considerably higher than products like NOD32. Panda doesn't appear to Submit to VirusBulletin anymore, and many people put that as a negative strike on it, but since it scores great everywhere else, who cares I guess.

For high-threat environments I wouldn't trust it. But for overall general PC's and average joes, it seems like an idea and FREE product to me! I've been able to put a few things past it, which is why I don't use it personally though - that and it has zero configurability. (and I like to tweak)

Since its free, it might be the perfect option for the average guy.

 

FYI it has issues with Outlook 2k3, page load issues and US support is rather lacking. 7 day response time is unacceptable in my book. Their excuse? Viruses. That's inexcusable IMO. If they don't have the ops in place to support their business, they shouldn't be in business.

Send_Derek, probably best to search the forums. The topic has already been answered. The mods here do a good job keeping posts on track.

Back OT, waiting on a trial key, will post my results.

 

Ranjor,
Thank you for your kindness. I shall heed your advice about the router! I thank you.

As for my earlier post about the Open Port 110 when running the Extendia AVK--- I have re installed AVK and here is the "text Report" from Sheilds Up.
The firewall I am running is Outpost Pro (trial version) along with the AVK--


This textual summary may be printed, or marked and copied
for subsequent pasting into any other application:

----------------------------------------------------------------------

GRC Port Authority Report created on UTC: 2004-05-26 at 17:49:15

Results from scan of ports: 0, 21-23, 25, 79, 80, 110, 113,
119, 135, 139, 143, 389, 443, 445,
1002, 1024-1030, 1720, 5000

1 Ports Open
0 Ports Closed
25 Ports Stealth
---------------------
26 Ports Tested

NO PORTS were found to be CLOSED.

The port found to be OPEN was: 110

Other than what is listed above, all ports are STEALTH.

TruStealth: FAILED - NOT all tested ports were STEALTH,
- NO unsolicited packets were received,
- NO Ping reply (ICMP Echo) was received.

 

If you have Panda installed and it works without problems on your system - keep it. Is it the best AV? Yes, if it works smooth on your system and you are able to handle it. Of course there is Product X with the best heuristic out there and vendor y comes with 8 Updates a day and various engines - but you have a working AV and i can´t see a good reason to change. It´s not my favourite AV but it´s a good one. I would recommend to read a bit here in the forum and collect enough information to decide by yourself.

 

I don't think theres anything to patch!

I can't duplicate this at all, and now, I got a friend with his setup to backup my tests, and he can't find any issue like this as well - he uses Sygate + Outlook Express... So i'm going to have to say its more than likely something else causing it. AVK just doesn't hold the port open in my tests as my screenshots show.

So good luck with whatever you find causing the problem, its got me baffled, and based on the response I got from Gdata on AVK.. Its *NOT* AVK itself that would cause port 110 to open - let alone stick open, so it has to be a conflict. I'm betting something cheesy with the software firewall or something else dodgy there.

 

And here is the text summary from Sheild's Up using Sygate Firewall and Extendia AVK. I am just showing this to show Kobra that I am telling the truth. I am NOT knocking AVK. I intend to get the program working! And I intend to follow Rajors kind advice about a router (which will solve this problem anyway).
Here is the Sheilds Up text summary using AVK and Sygate --


GRC Port Authority Report created on UTC: 2004-05-26 at 18:18:29

Results from scan of ports: 0, 21-23, 25, 79, 80, 110, 113,
119, 135, 139, 143, 389, 443, 445,
1002, 1024-1030, 1720, 5000

1 Ports Open
0 Ports Closed
25 Ports Stealth
---------------------
26 Ports Tested

NO PORTS were found to be CLOSED.

The port found to be OPEN was: 110

Other than what is listed above, all ports are STEALTH.

TruStealth: FAILED - NOT all tested ports were STEALTH,
- NO unsolicited packets were received,
- NO Ping reply (ICMP Echo) was received.

----------------------------------------------------------------------

Press your browser's BACK button to return
to the Port Authority results page.

 

Odd, did you check rules in the firewall, or soemthing else? Its highly odd to me that the firewall would ALLOW that port to be open permanently anyway.. Or at least suspect to me...

If I wasn't heading out of town for several days in a few hours, i'd install Sygate to try it out myself, but I just don't have the time this week now.

 

>"Odd, did you check rules in the firewall, or soemthing else?"<

Thank you.This is what I am looking into--the firewall rules. Right now they are default just as they are when the firewall is installed.
But I am going to follow Rajors advice about the router so that will solve the problem anyway.
When I install my old AV program then the open port goes away so that is why I felt it was the avk and then also the write up at Sheilds Up talked about this being common in the past with some AV programs. That is why I suspected it was the AVK.
But I am deteremined to get it working! I will contact the companies tech support on the matter as well. There may be a very simple solution.

On the other hand I am scanning with Extendia AVK right now and it has just located a virus on my sustem that my old AV program never detected-- a"loony.g" found by the KAV engine which it found in "Documents and Settings/ Local settings"! (Had just done a system scan with a completely updated version of my old program before I removed it and re-installed the Extendia AVK). Pretty impressive program!
The automatic update works flawlessly. I love the set up of the program. It is so clear yet allows for good adjustmets at will.
Really a nice program. Really nice. And as I said in the past--the people at Extendia/Boomerang software were extremely nice when I enquired about the program prior to your review and I even got a call form the CEO.
I used anothert program before this and you were lucky to get an automated response.

I like the fact that it tells you which engine found the infection. Very interesting!

Holy smokes!---as I am tryping this (and scanning with AVK) it just found another infected file on my computer--- this time the RAV engine has found
"HTML/CodeBaseEXEC" in temporary Internet files (the scan is about half finfished).
As far as I am concerned this program is a "keeper"!

I will get a router and contact tech support as well about the open port.
Thank you for all your help.

By the way--as far as the Panda duscussion goes I had used Panda Platinum 7 and always found it very good. The "S.O.S." service you send suspect files to is really quick.

As I am typing this AVK just found another infected file--
RAV engine has found "VBS/Generic2" !

 

new avk user, seems like you're finding quite a few things? are you sure these aren't false positives?

kobra, is there a way to check to make sure if it is indeed a virus new avk is finding or a false positive? Is the only way to send the supposedly infected file off to extendia for them to look into? If so, any feedback in terms of their turnaround time?

 

Thanks for all the help guys... I will do some more research around here and I'll probably be back with more questions!!

Thanks again!
-Derek-

 

Just "quarantine the suspects, then select "Emergency" and it will fire off the suspect for evaluation. Check it on on the main interface, then quarantine button.

As for what your finding, i'd bet those are legitimate threats..

http://www.antiviruslab.com/description.php?virus=176918&lang=gb
(Looney is a fairly common backdoor that most regular AV's miss. And with you telling me where you found it, sure sounds legit based on that)

HTML/CodeBaseExec is real, and it means you were scanned while surfing to see if you had the Microsoft Internet Explorer Arbitrary Program Execution Vulnerability. Basically, this can allow you to lose control of your box to someone on the internet.

VBS/Generic2 would mean a heuristics hit on something that stands a high likelyhood of being a rebased or repacked VBS trojan horse...

Sheesh, i'd be counting my blessings about now after installing AVK... LOL! Oh, and don't feel too bad about having baddies on your box.. AVK lit up like a christmas tree on my box after I uninstalled NOD32 and ran it... (of course, some of those were known trojans to me that I had for testing - that other av's missed, but it still was funny how it caught everything)

 

Kobra---you are a very computer smart person!

Here is the report. Please note that I did one thing to it---some of the infected files were on my daughters desktop and the report listed her name such as--"Local setting\ my daughters name\application" ----and I removed her name rather than post it here.
But that is the only thing I adjusted in this.The rest is as I have copied and "paste" from the AVK log. Three of the files are "eicars" which I had used to "test" the AVK program. (and that was after I uninstalled my former AV program so that former program is not responisble for missing those eicars. But the rest was all there when scanning with my former program)
The first object I think is the "anti virus test" that people had been talking aboutin various places on the Wilders forum. I had forgeotten I had downloaded it and it was on my computer!

Here is the AVK report--


Virus check with eXtendia AntiVirus AVK Pro
Version 11.0.4
Virus signatures of 05/26/2004 12:00
Start time: 05/26/2004 02:32 PM
Engine(s): KAV engine (AVK 14.0.1043), RAV engine (RAV 12.0.337)
Heuristic: On
Packed files: On
System areas: On

Check system areas...
Check all local hard drives...
Object: "av3.exe" in path "C:\Documents and Settings\Desktop\desktop1\anti virus test". Status: "Virus detected". Virus: "VBS/Generic2* (RAV engine)"
Object: "avtst30.zip" in path "C:\Documents and Settings\Desktop\ desktop1\anti virus test". Status: "Virus, file deleted". Virus: "EICAR_Test_File, VBS/Generic2* (RAV engine)"
Object: "alt.religion.islam.arabic.dbx" in path "C:\Documents and Settings\Local Settings\Application Data\Identities\{981EB71F-0F51-43F3-8555-5FE089E49A51}\Microsoft\Outlook Express". Status: "Virus, file deleted". Virus: "Backdoor.Loony.g (KAV engine)"
Object: "avtst30.zip" in path "C:\Documents and Settings\My Documents\ned's data\To be placed on CD\anti virus test". Status: "Virus, file deleted". Virus: "EICAR_Test_File, VBS/Generic2* (RAV engine)"
Object: "stc[1].htm" in path "C:\Documents and Settings\Local Settings\Temporary Internet Files\Content.IE5\OPQ7SXMN". Status: "Virus, file deleted". Virus: "HTML/CodeBaseExec* (RAV engine)"
Analysis complete: 05/26/2004 03:29 PM
36683 files checked
5 infected files detected
0 suspected files detected



By the way--I think i may have solved the open port 110 but not sure yet. (I tried writjing an advanced rule in sygate). I am amaxed I could do it. Ussualy I end up screwing up the computer when I do this stuff but I think I did it!

 

Yes---it is now passing Sheilds Up due to the advacnced firewall rule I made-

GRC Port Authority Report created on UTC: 2004-05-26 at 19:48:41

Results from scan of ports: 0, 21-23, 25, 79, 80, 110, 113,
119, 135, 139, 143, 389, 443, 445,
1002, 1024-1030, 1720, 5000

0 Ports Open
0 Ports Closed
26 Ports Stealth
---------------------
26 Ports Tested

ALL PORTS tested were found to be: STEALTH.

TruStealth: PASSED - ALL tested ports were STEALTH,
- NO unsolicited packets were received,
- NO Ping reply (ICMP Echo) was received.

 

Congrats on the fix, and finding a few baddies to boot!

Enjoy =)

PS: I'm leaving on vacation, seeya in 1 week.

 

new avk user, how do you like sygate? is it an application based firewall or rules based firewall or hybrid like zone alarm. if hybrid, how robust are the rules creation portion of it?

also, more importantly, how much memory does it take up? i'm testing outpost right now, and it's memory usage is extremely small, when minimized to sys tray, it only takes less than 2,000 of memory compared that to zone alarm that took over 15,000 of memory. how does sygate compare?

thanks

 

I know you addressed that to him. But..

Outpost I liked, but it was way buggy in my tests, so I had to unload it(crashes, conflicts, etc). I DO NOT like Software firewalls very much, but if I was to run one, it would be Sygate without question.

Several ITS experts i've polled, all recommended Sygate. I don't think any of them like ZoneAlarm.

 

I've got to disagree about ZA. Many companies I consult with, some of which have market caps over $10B, use ZA on their computers. I'd imagine that if sysadmins and IT folks didn't like it and it didn't do a good job, it wouldn't be installed.

If anything, I'd bet their dislike arises from the fact that the configurability of ZA isn't as good as other firewalls and UI is noob-ish.

Might want to check out ZA 5.0. Just released. Can do a bit more with it than in previous versions. Also memory footprint is smaller.

Still waiting on bt license key for AVK.

 

I hear ZA 5.0 is having issues, but wouldn't be shocked anyway, its got teething pains from being so new.

 

Kobra,
I have a request. From now, when you review any product (such as AVK), before doing a print screen of the task manager, enable the column title 'cpu time'. This gives a far better idea of how much resources the application uses.

For example, on my dad's computer, AVK uses about 1 minute of cpu time after 1 hour of usage (which includes the booting).

On my system, NOD32 uses about 7 seconds during the same amount of time.


This post is not written at all to say something about merits of antiviruses but just to point out that the cpu time is what you should be looking at. I am just curious to know how much these antiviruses use your cpu.

Thanks

 

Running eXtendia AVK Pro right now and I must say that unless it fails, I want this to be my AV forever. This is one solid program inside and out. I will never go back to any other AV unless forced to do so. Hands down the best AV in the business IMHO

 

Though eXtendia was making my sluggish on some things then I realized it was a dayum DVD in the drive tryin to spin up causing this. Whoosh. Only notice small lag when Outlook opens and that is acceptible from any AV in my book because that is where most of the protection is needed, lol

 

For what it is worth:

Just restarted the machine and AVK consumes 24 seconds.
And it changed me in a Senior member,

Gerard

 

Glad you love it Eliot! I'm incredibly impressed with it myself and i'm making a move to migrate all my machines here over to it, and will be investigating converting to AVK-Client/Server at my office. BTW, Eliot, you can end that small lag when Outlook starts by turning "Off" the option to "Scan unread mail on load".. Its in outlook options under AVK.. Greatly speeds up loading of Outlook. Regards..

Good news too, i've got direct word on the RAV question - which was when/if RAV ever stops releasing definition databases (Best estimates is they have commitments to do defs for another 3-5 years), what will happen to the secondary engine with AVK? With RAV having 100k defs, you'd basically lose new releases on that end, but still have KAV's 3-8 times per day defs coming in.. Anyway, their response was, that if RAV ever stops releasing definition updates, that they will switch to BitDefender, or another engine as a secondary, with a free upgrade to customers....

No complaints about that from me!

PS: Leaving on vacation now, back in a week.

 

To be complete: I am using the RAV/KAV version in Dutch language. However this version is an outlet item now sold for € 13 (I paid €29). Anyway still supported ofcourse and my version checks every hour for updates (paid additional € 39 for that). Something to do with MS buying that comp.
The new version here (2004) is using the KAV/Bitdefender engines.

Greetings,

Gerard

P.S. Have a nice vacation Kobra