Good bye AVG & IPE.. Hello NOD32

Discussion in 'other anti-virus software' started by Zhen-Xjell, Feb 12, 2002.

Thread Status:
Not open for further replies.
  1. Technodrome

    Technodrome Security Expert

    Joined:
    Feb 13, 2002
    Posts:
    2,140
    Location:
    New York
    Yes I do remember that topic!!!!  :)

    No, I don't mind. This would be a great idea!!!!  ;)

    Go with "Integrity Checkers" or "Disk Integrity Checkers". By doing so we'd have a chance to meet and learn them all.

    Technodrome
     
  2. FanJ

    FanJ Guest

    The start of the thread "Integrity Checkers" is made  ;)
     
  3. UNICRON

    UNICRON Technical Expert

    Joined:
    Feb 14, 2002
    Posts:
    1,935
    Location:
    Nanaimo BC Canada
    I use NOD32, and have never had a problem. It has been the best AV I have ever used. When I do a scan of all my hard drives, it finishes scanning 100,000 files (30 GIGs) in 7min 45 seconds. Now show me another AV that can do that. (without missing anything. I have virures and trojans to test with)

    I dunno about this freezing problem, I never had it, I hope it gets resloved for you

    I found norton's stuff to be painfully slow, hours sometimes. Absolutely unusable. I had to scan at night only. I got it with that whole Norton Utilities pack. What a waste of money, all their sh!t sucks (in my opinion ofcourse) Disk doctor created more problems that it fixed. Crash guard created more chashes then it saved ect ect. Nuff said.

    I too wanna check out this "ADinf"
     
  4. tosbsas

    tosbsas Registered Member

    Joined:
    Feb 9, 2002
    Posts:
    789
    Location:
    Lima, Peru
    It really seems to by the only presence of NAV that makes Nod hang a little, although there are posts out there talking about the same problem - I even think it might by the Videocard, cause in one old machine (256 colores) it doesn't even show the admon icon

    Ruben
     
  5. diginsight

    diginsight Security Expert

    Joined:
    Feb 9, 2002
    Posts:
    236
    Location:
    Netherlands
    Cool, similar setup as what I have in mind after testing many different AV. I'm now evaluating eScan (which uses the AVK 10 engine).

    Why do you use AVK 11. Isn't it redundant because it's based on the KAV engine and you're already using KAV?

    I'm curious what you're using for Mail scanning?

    If eScan fails to acknowledge my bugreport it's back to good old DrWeb or F-Prot windows. I intend to used KAV together with Adinf for on-demand scanning for newly created files. Maybe I still can use NOD32 for backup scanning  :D

    Robert
     
  6. Technodrome

    Technodrome Security Expert

    Joined:
    Feb 13, 2002
    Posts:
    2,140
    Location:
    New York
    I am looking at some options regarding to email scan.

    AVK 11 besides KAV engine uses RAV engine as well. To tell you the truth, there are some problems that u could run into if you are using AVK11 and KAV4 together. I had a difficult time to make this work. I wouldn’t recommend running AVK with KAV together on the same system (I’ll probably will drop ball on KAV4 and remove it from system).
    I tried eScan and I liked it. I dropped it after I have experienced some bugs. Escan is good concept but it's too buggy rite now...
     
  7. diginsight

    diginsight Security Expert

    Joined:
    Feb 9, 2002
    Posts:
    236
    Location:
    Netherlands
    I've tried almost all available options. eScan's Mailscan Lite looks like the best available program, but right now I can't send attachments to work because they all are crippled. Still trying to determine what's causing this.

    The only products I have not evaluated is the latest PC-Cillin, which still isn't available in Europe and AVK 11.

    If all else fails I might even consider building a Linux mail gateway and forget all about windows desktop solutions :rolleyes:

    I never liked KAV4. AVK 11 looks interesting and I will try it as soon as a demo is available. Do you know if the mail scanning is any good?
     
  8. Technodrome

    Technodrome Security Expert

    Joined:
    Feb 13, 2002
    Posts:
    2,140
    Location:
    New York
    AVK 11 email scan is really good.  AVK 11 offers perfect protection for Outlook, Outlook express, Exchange, Pegasus, Eurora and other (POP3-are based) email Clients. I found it very good and easy to use... I might use AVK email scanner as my primary e-mail scanner.

    eScan email scanner is kind of similar to AVK. Try it and you might like it…
     
  9. spy1

    spy1 Registered Member

    Joined:
    Dec 29, 2002
    Posts:
    3,139
    Location:
    Clover, SC
    technodrome and diginsight -  Can I ask what you two do for a living? And what your OS's are?

    I mean, I run one (1) on-access and one (1) on-demand AV scanner (as a back-up/cross-check), but a lot of times, since all I do is internet cruise, I feel like even that's over-kill!

    Doesn't running all that stuff that you guys have put a serious resource-drain on your computer?

    (I'm running WinME here on this one ( please don't laugh that loud, you'll wake people up! :)  ), and what little bit I run here keeps this thing in the 'yellow zone' all the time).

    So, is your choice(s) of AV protection dictated by your jobs? or is it just personal preference? Pete
     
  10. AAPlus

    AAPlus Guest

    Hello, All

    I just had a talk with God & She wan'ts

    all to use NOD32

    God not me
     
  11. diginsight

    diginsight Security Expert

    Joined:
    Feb 9, 2002
    Posts:
    236
    Location:
    Netherlands
    Hi Pete,

    I'm a systems/network administrator for a NetWare/Unix network with Windows clients and one of my hobbies is to evaluate software.

    I like layered security whereby layers overlap each other. For example an AV that's foremost an excellent AV, but also detects many AT. I like to use two layers as much as possible, but I'm still evaluating which software I plan to use. Currently I have this setup in mind:

    On-access AV: eScan[1] or AVK 11[2] or DrWeb[3]
    On-demand AV: one of the above or NOD32[4]

    On-access AT: Boclean
    On-demand AT: TDS-3

    File Integrity: Adinfo[5]

    Script Checking: Wormguard[6]

    System Integrity: RegRun 3[7] and RegProt[8]

    Firewall: Look and Stop[9], Kerio firewall[10]

    Mail scanning: currently eScan's Mailscan Lite[11]

    Once I have completed testing the seperate products I will tie them together and start further compatibility testing. I'm currently running Windows 2000 on a Pentium III 800 o/c 920 capable of running at 1000, 512 MB memory and two IBM 7200 rpm harddisks behind an ATA-100 RAID controller, SCSI CD-ROM and burner and 256 M/bit cable. All power saving has been disabled to prevent IRQ cascading and run at optimal speed. This system has an incredible harddisk and CD-ROM transfer rate.

    I still need to determine which on-access AV I'm going to use. I'm currently evaluating eScan but AVK looks even more interesting. I intend to use an AV that's based on the Kasperksy engine because it detects many file compressors. The other AV is intended to be used together with Adinfo file integrity checking for automatic on-demand scanning for newly created files.

    For the firewall LNS offers the best inbound protection, but doesn't support application port filtering which will be implemented in future. Kerio offers kernel mode protection and it would be nice if could use both together. If all planned features are implemented I'll most likely will be using LnS.

    Finding an excellent mail scanning product hasn't been easy. Currently escan offers the best options but still has some issues. I will also try AVK 11 and decide which one I want to use.

    Why do I use all this stuff? I'm evaluating many underground programs like exploits and vulnerability scanners and need this kind of protection because the risk of getting infected is much greater. For friends and family I usually advise Norton 200x because they can buy in the store, it's available in my native language, supports automatic signature updates and I never had any problem with it whatsoever. When there's a high security alert I sent them a mail to immediately update their scanner and that's it. They all use Outlook Express which I've configured with more secure settings and until now no one has been infected, but that's because none of them has kids using MS Messenger and other security hazards. So I guess you're right when say you basicly only need one AV.

    [1] eScan uses the AVK 10 engine, which is based on the Kaspersky engine.
    [2] AVK 11 uses both Kaspersky and RAV engine
    [3] DrWeb is one the best, smallest and fastest AV I've ever used, but doesn't provide email scanning.
    [4] NOD32 halts the system while scanning, this interferes with my soundcard while Boclean scans for trojans.
    [5] File integrity checker which can be integrated with AV for scanning newly created files durin boot. Currently it only supports KAV, DrWeb (same company) and McAfee.
    [6] Scanning for malicious code in scripts
    [7] System Integrity checking
    [8] Real-time registry protection
    [9] Excellent firewall and planned features are SPI and Application port filtering
    [10] Support for application port filtering and I still need to evaluate kernel mode checking.
    [11] Mailscan Lite blocks executable file types, CLSID exploits and HTML script tags and can also scan on content using Winsock layer where it scans POP3 and SMTP without the need to configure the mail client. This is the same method as used by NAV 2002 and Maildefense.
     
  12. spy1

    spy1 Registered Member

    Joined:
    Dec 29, 2002
    Posts:
    3,139
    Location:
    Clover, SC
    Oh. :eek:  You have to work on the Internet.

    My hat's off to you, my friend!

    Come to my house if you simply want to play! (We have throw-away computers here, in case of accidents with the kids).

    And, thanks for the info! Sounds like a cool job and a great set-up, when it finally all comes together! Pete
     
  13. JAS

    JAS Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    18
    diginsight, I am running Outpost Pro and it will take a T1 flood and come right back for more, can L-N-S do this? I do like all the plug-ins that it has and they have a "todo" list which has all the stuff of AtGuard and so you can set the rules for "each" IP seperatly and change refer's to what ever you like, same for cookies. I run this on XP Pro and it does fine. NOD32 catches all my "toys" that I use to mess with to where NAVCE couldn't even see some of them. They have a few good changes on NOD32 in the next version. Thanks, JAS
     
  14. Jazzie

    Jazzie Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    28
    Location:
    Frankfurt/Germany
    Sure can, the new beta is out:
    http://looknstop.soft4ever.com/Beta/En/LooknStop_Setup_203b2.exe

    Has fixed the TCP flags (TCP: NULL, TCP: XMAS, TCP: FIN) and also passes all leaktest, including Pauls (Spyblocker) exploit test, witch is the simplist and hardest to pass.. Only a few pass this...(LNS&ZA).. Believe it or not......

    Back to NOD32, I have been using it for a while and quite happy with it, but I have a small 'wish' option, that I would like to see incorporated into it... An EXCLUSION option, this would be nice.... Like I stated just a request!


    CU
    Jazzie ;)
     
  15. Paul Wilders

    Paul Wilders Administrator

    Joined:
    Jul 1, 2001
    Posts:
    12,475
    Location:
    The Netherlands
    Hi Jazzie,

    ..and Eset/NOD32 knows about this "wish list"   ;)

    regards.

    paul
     
  16. Jazzie

    Jazzie Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    28
    Location:
    Frankfurt/Germany
    Hi Paul!

    Great, look forward to see if it will be implemented ;)

    CU
    Jazzie
     
  17. JAS

    JAS Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    18
    Paul, where is this test yo have at? I would like to try it. Thanks, JAS
     
  18. Paul Wilders

    Paul Wilders Administrator

    Joined:
    Jul 1, 2001
    Posts:
    12,475
    Location:
    The Netherlands
    JAS,

    I'm a bit lost here; what test are you referring to here?

    regards,

    paul
     
  19. Ledendo

    Ledendo Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    23
    Does anybody know about a demo of AVK 11? Any links appreciated... :)
     
  20. JAS

    JAS Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    18
    Paul, here is what I saw. Thanks, JAS
     
  21. wizard

    wizard Registered Member

    Joined:
    Feb 9, 2002
    Posts:
    818
    Location:
    Europe - Germany - Duesseldorf
    AVK 11 will be released end of this month. No demo version announced yet. Official website for AVK is http://www.gdata.de but only in german language.

    wizard
     
  22. diginsight

    diginsight Security Expert

    Joined:
    Feb 9, 2002
    Posts:
    236
    Location:
    Netherlands
    Hi Pete, I very much like testing my set-up but I can't wait to get everything together because I also like to play with my computer again :D
     
  23. Jazzie

    Jazzie Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    28
    Location:
    Frankfurt/Germany
    Jas--

    Hi

    sorry I didn't respond sooner, been really busy! Here is the link: http://www.morelerbe.com/spyblocker/fwexploit.exe

    I believe, if I remember correctly, that is has to be installed in the same directory as Spyblocker!

    CU
    Jazzie
     
  24. JAS

    JAS Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    18
    Jazzie, Oh, well I use to have SpyBLocker but it logged stuff that wasn't even there. It showed in a short time that it had blocked 700+ worms on a W2k box, this is not true so I think it needs to be worked on. Thanks for the link anyways. Thanks, JAS
     
  25. spy1

    spy1 Registered Member

    Joined:
    Dec 29, 2002
    Posts:
    3,139
    Location:
    Clover, SC
    JAS - Interesting. Couple of quick questions, if you can remember back to when you had SB on your computer:

    1. When you installed the program on your W2K box, were you logged in as Admin? (That's totally essential to the correct operation of the program with that OS - XP, too).

    2. What version of SB were you running at that time?

    3. Was this during the CodeRed stuff?

    4. Did you keep a logfile of the blocks? What did they say?

    5. Did you have 'Don't Allow Remote Connections' checked - or UN-checked when you were using it?

    SpyBlocker doesn't log things that 'aren't there' , unless it was either a bad d/l-install or it wasn't configured properly. Pete
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.