Detection means crap, if it cant clean

I have been preaching this for awhile. Your AV and mine, may be great at flagging malware, but if it cant clean it and all remnants, then you aint got squat. here

 

Hi Jeff,
i have noticed that nod32 and antivir have this problem.
that is why i choose kaspersky because i know it can detect and clean.
according to that chart seems that norton is better at cleaning than it used to be.
the 2003 version couldnt get rid of trojans.
im still surprised that microsoft was certifed for cleaning LOL
lodore

 

yeah, between Nortons detection and cleaning ability, it is starting to look real good. I am curious to see Esets new suite evaluated. I would say they are close to getting this. But I am leaning to looking at balancing the 2 criterias instead of the 1, when it comes to the future.

 

nod32 version 3 promises better removal of malware.
lets hope it delivers.
lodore

 

The fact that some vendors are not present in the "Cleaning criteria" list does not mean they are bad at cleaning . It is up to the vendor to decide if they want to be tested against cleaning (AFAIK the cleaning test means extra tax) . I think it is not important at all because they will test it against limited selection of threats and also "prevention is always better than cure"

 

Not sure how telling this "certification" really is??

"Therefore the Anti-Virus Certification Criteria does not include requirements for handling malicious and non-malicious spyware, adware, foistware, backdoors, trojan horses, and other such non-replicating software. "

 

hello HiTech_boy,
that is true but wouldnt you agree that there is quite alot of posts in the nod32 offical forum about needing to manual clean malware that is found by nod32 on demand scanner?
and i see that eset know of the problem hence the improved cleaning in the new features on the eset suite beta.
antivir seems be even worse at cleaning.
lodore

 

Antivir is terrible at cleaning. That has been proven to me in private just as their "Guard" protection is really very weak. I realize some or a lot, will bash this post as another "one" of those sites. But I think it is what the future will hold, for any AV product to stay a float. If you can detect it and clean it, then you stand a chance of staying afloat. I still think Eset will get this, but Avira has publically admitted that their big time customers only care about detection and after today, I cant wear their Avatar with any pride. Not that it matters to all the fanboy haters, but it damn sure matters to me.

 

Hi again Jeff,
that is why im replacing antivir premium on my sister's laptop with kis7.0 when the license runs out in september.
i will get a 3 user license for £30 and that is enough for all my familys computers.
i hope eset do well with there suite and version 3 of nod32.
i also hoppe drweb gets better.
lodore

 

I wonder why F-Secure IS was not on the list? Why would it differ much from KIS?
If I were not so slow at start I would like it as well as KIS.

PS
Anyone know where to get another offer like the KIS from Systweak? Didn't we have fun with that?
Best,
Jerry

 

taken care of Jerry, thanks to ankupan.

 

Hi Jeff, that is great.
Any idea why F-Secure is not on the "cleaning list?"

Best,
Jerry

 

only certain products were tested, not that the rest had failed.

 

Hi C.J.S..
That is a good reason. Thanks.
Regards,
Jerry

 

My licence with Eset runs out July 2008, now Nod32 v3 was supposed to be out last december 18 2006. It is now july 23 2007! Right now I am using the AntiVir premium 6 month demo, so if AntiVira dosen't improve by the end of the 6 months it gets replaced.

 

I am pretty much convinced that if one has a good AV, such as AntiVir, and a good AS and firewall, there is nothing that is going to penetrate it. I realize that it is possible, but not likely in my opinion. I would not feel vulnerable with AntiVir or ESET at all.

On the other had if one can have a high detection AV that also cleans well, that is the best of both worlds.

Best,
Jerry

 

Well said JerryM, on both cases. As the saying goes: "an ounce of prevention, is worth a pound of cure."

 

On the other hand :-

Cleaning means crap, if it can't be detected

At least you know where to look with a better detection!

Steve

 

NOD cleans up fine for me, but isn't NOD listed as a certified product in the OP's link? Yes or no? By the way I'm glad Kaspersky works fine for you.

 

IMO, detection should be more important than cleanup. There are several ways that cleanup can be achieved nowadays. Clear the sandbox, reboot if you have a partition virtualization program, revert to a snapshot/backup, reformat/reinstall or manually remove the bugger. I'm probably forgetting something.

Good removal would be ok for those who don't frequent forums like Wilders. I personally would consider stability more important above removal capabilities. Actually in this order: stability,detection,features,removal and then gui. I'm a simple man though . No jokes please

Cheers

 

If a malware infects a file, it can sometime mess up that file so much that the only possible *repair" is to have a back-up copy of that file.

Now that disk imaging software is so cheap, effective, & user-friendly, what I want from an AV is really good detection. Ability to repair is nice to have, but is only a secondary consideration. I make periodic images onto my external drive, & hang on to them long enough that I can be 99.99999% certain of having clean stuff on hand, even if I have to dig back a bit.

 

Agreed! GUI and it's ease of use may even come before removal. I, too, have other means of removal.

 

I seem to keep repeating myself on this topic. A machine that has been trojanized, infected or generally got its security breached and has been taken over cannot be trusted anymore. If you rely on cleaning and continue working with that heap of rubble, you will most likely run into issues pretty quickly again, or you may not notice changes that have been made to your system which cannot be detected because they are not malicious on their own, like reduced system security, patched windows binaries, or general modifications of your system settings that affect security or stability.

When we´re talking about real virus infections, we have the same problem + corruption of files that cannot be reversed anymore. This also leads to a clean install as a mandatory requirement as soon as system files are affected.

So once more:

DO NOT RELY ON CLEANING OF INFECTED SYSTEMS

If you do, don´t say i didn´t warn you.

 

Hello,

For the average user, yes. The ability to clean is very important.

But in general, if you can detect something, even if you cannot delete it, it might be enough. For example, an uber-nasty blah blah, which your AV detects but cannot delete.

1. Take a piece of paper + soft-ball pen.
2. Write down the paths to these infections (assuming they are true).
3. Reboot with live CD (Windows or Linux).
4. Delete offending files.

So even if your AV-in-Windows-session wasn't capable of dealing with the threat, it pointed to the culprit, which can then be later dealt with by alternative means.

Mrk

 

Totally agreed! Here you have some disinfection rates tested by Av-test.org 04-2007. Even the best rated were far away
100 % and one even below 50 % level.

Best regards,
Firefighter!

Btw, not a new issue I guess, the better heuristics, the worse cleaning, so... ...you buy a vacuum cleaner that doesn't clean but seals the windows and doors but every time you are going out/in, the dust and dirt brings in.

I think that I have found even one more reason to stay on my solid rock isle far away from dust and dirt.