Detection means crap, if it cant clean

Discussion in 'other anti-virus software' started by trjam, Jul 23, 2007.

Thread Status:
Not open for further replies.
  1. Jarmo P

    Jarmo P Registered Member

    Joined:
    Aug 27, 2005
    Posts:
    1,207
    If you detect malware before executing it, no harm is done. So the detection is what counts. Cleaning is of minor importance.

    I do think that most forum úsers here don't rely on an AV to be able to disinfect malware. We rely on proactive measures like hips and virtualization to not get infected in the first place.
    And if we by get infected somehow, then we reformat or go back to a clean disk image if existing.
     
  2. RejZoR

    RejZoR Lurker

    Joined:
    May 31, 2004
    Posts:
    6,426
    Well detection certanly has to be top priority because if you can detect it in the first place you don't have to clean anything (this especially goes to file infectors). But of course they also have to add cleaning routines (especially file infectors which are the most problematic and difficult to properly clean without completelly destroying use files).
     
  3. pykko

    pykko Registered Member

    Joined:
    Apr 27, 2005
    Posts:
    2,236
    Location:
    Romania...and walking to heaven
    totally agreeing with you. :)
    Cleaning is important also but most of the time it is difficult to be make and you won't get satisfying results. Back up images are a better solution. And anyway, for widely spreade worms like W32\Jeefo or W32\Parite.B, etc most of the AVs have cleaning routines. :thumb:
     
  4. trjam

    trjam Registered Member

    Joined:
    Aug 18, 2006
    Posts:
    9,102
    Location:
    North Carolina USA
    I see the reasoning behid having the ability for both. Thanks for pointing this out to me. I have decided just to frigging go with Nod, as I always felt I would. But thanks for helping me understand all of this.

    Hmmm? Mow I have a 3 year license for the Kaspersky 7 suite I dont need. Shame someone doesnt hae a 2 user license for Nod. Oh well.
     
  5. Antarctica

    Antarctica Registered Member

    Joined:
    Feb 25, 2003
    Posts:
    2,011
    Location:
    Canada
    I'm not so sure you will stay TWO years with the same AV.:D :p
     
  6. Don johnson

    Don johnson Registered Member

    Joined:
    Jun 14, 2007
    Posts:
    77
    I think the ability of clean is very important,if you have infected with viking,I don't think delete is a good idea,clean is a good idea,nod32 has a good ability of clean,but it is not the best.I notice that norton and panda have the better ability of clean.
     
  7. cello

    cello Registered Member

    Joined:
    Nov 29, 2006
    Posts:
    17
    Location:
    Milano, Italy
    Am I wrong, or certification for Avast! is missing on that ICSA page?
     
  8. IBK

    IBK AV Expert

    Joined:
    Dec 22, 2003
    Posts:
    1,875
    Location:
    Innsbruck (Austria)
  9. cello

    cello Registered Member

    Joined:
    Nov 29, 2006
    Posts:
    17
    Location:
    Milano, Italy
  10. Firefighter

    Firefighter Registered Member

    Joined:
    Oct 28, 2002
    Posts:
    1,670
    Location:
    Finland
    Have you noticed that in the Av-Test.org test 04-2007 the top 3 heuristics scanners got the top 3 bottom disinfection results? :rolleyes:

    Best regards,
    Firefighter!
     
  11. Don johnson

    Don johnson Registered Member

    Joined:
    Jun 14, 2007
    Posts:
    77
    :D :D :D All test results for reference.
     
  12. Carver

    Carver Registered Member

    Joined:
    Feb 5, 2006
    Posts:
    1,909
    Location:
    USA
    You have to detect the bugger first, the Deleted file can be replaced. Unless it is a integral part of the program (removal would mean that the program no longer functions), do you really want a program that sole purpose is to infect your computer
     
  13. RejZoR

    RejZoR Lurker

    Joined:
    May 31, 2004
    Posts:
    6,426
    I don't think people understand terminology properly.

    Cleaning in fact means desinfection. This applies to file infectors only (and to prependers and appenders). It's a removal of virulent bits from original files and documents created by user (or by others and aren't malicious by default).

    Cleaning that all of you refer to is simple removal of files that are either locked because they are running or because they have self protection mechanisms.

    Second one is often problematic but can be solved by anyone at least a bit techy about Windows system. Desinfecting files infected by file infector virus can only be performed by antivirus that posseses such capability or by expert in programming and malware field. See the difference?
     
  14. zopzop

    zopzop Registered Member

    Joined:
    Apr 6, 2006
    Posts:
    642
    well on clean machines or fresh installs antivir would be the free antivirus program of choice since it's detection rates are top notch. however, if you're trying to clean a friends machine that's already hosed, then antivir (according to stories that it does a suboptimal job at cleaning) isn't going to cut it. i have read that avast and aol's antivirus program are pretty reliable when it comes to removing malware they detect. my question is : which does a better job at removing malware, avast or aol's antivirus?
     
  15. RejZoR

    RejZoR Lurker

    Joined:
    May 31, 2004
    Posts:
    6,426
    I can't agree on comment that AntiVir sucks at malware removal. From what i've seen in my personal test it did just as well as AOL AVS and avast!.
     
  16. Miyagi

    Miyagi Registered Member

    Joined:
    Mar 12, 2005
    Posts:
    425
    Location:
    Honolulu, Hawaii
    What's the purpose of having an antivirus if you don't see the beauty of alerts? Not the crazy false positives type but something actually buried in your system? :gack:

    When I first encountered a virus, it was a boot sector virus which was transferred via floppy from a computer lab. Had no idea what the hell boot sector virus was, but it was something transparent and not a file executing (.exe, .doc, etc...) virus. :cool:

    With the massive amounts of malware produced everyday (av companies are already trying very hard to keep up), how can an av company spend more resource with disinfection? If it's a simple one, that's doable but complex viruses do become an overload in the ever tiring virus lab.

    I, personally, prefer detection more than disinfection. If the heuristics are always improving with time, I don't care about the false positives. You have seen the AV comparatives reports. To achieve a perfect heuristic is almost like predicting our mother nature - weather, earthquakes, tsunamis, etc...

    Even though Antivir might not be that good in their disinfection, they are top in detection. Thanks to Stefan and his heuristic team. They have demonstrated a great improvement! All the heuristic team in av companies drive the value and ability of an antivirus. ;)
     
  17. mecute

    mecute Registered Member

    Joined:
    Oct 9, 2006
    Posts:
    51
    You say "an ounce of prevention, is worth a pound of cure."

    Isnt it better if prevention is coupled with the best cure? :)
     
  18. Firefighter

    Firefighter Registered Member

    Joined:
    Oct 28, 2002
    Posts:
    1,670
    Location:
    Finland
    In theory yes. But so far it seems to be so like with car engines, either they have maximum torque or maximum horsepower in certain rpm:s, not both. If you can show quantitative test results where those best heuristics scanners were those best scanners to cure too, show me! :doubt:

    So far I'm staying with those best cure scanners combined with those best detection overall and they must be free and trouble free = Avast. ;)

    Best regards,
    Firefighter!
     
    Last edited: Jul 25, 2007
  19. the Tester

    the Tester Registered Member

    Joined:
    Jul 28, 2002
    Posts:
    2,854
    Location:
    The Gateway to the Blue Hills,WI.
    Regarding Avast and cleaning...
    I think that the VRDB in Avast is an excellent idea.;)
    "The aim of VRDB is to help when, despite all the security measures, a virus gets inside the computer and the files are infected. With the help of VRDB, it is possible to repair many infected files (return them exactly to their original state)."-from Avast help pages.
     
  20. Firefighter

    Firefighter Registered Member

    Joined:
    Oct 28, 2002
    Posts:
    1,670
    Location:
    Finland
    Yes, and the detection overall, there is nothing wrong with Avast, when only few payable av:s are better in OVERALL detection than the FREE Avast and all of these had some major bugs or malfunctions concerning my WinXP Home system.

    Best regards,
    Firefighter!
     
  21. Diver

    Diver Registered Member

    Joined:
    Feb 6, 2005
    Posts:
    1,444
    Location:
    Deep Underwater
    While it is nice to be able to do a fresh install on an infected machine, it is not always possible. The original disks may be damaged or missing. There is also a cost factor if the owner of the machine can not do it him/herself. This is often the case with machines owned by teenagers.

    Generally, I will clean a machine like that with successive installations of AV's that will run in a trial mode. That would include NOD32 (which has its limits) and ZASS for its KAV 6 engine. After that, AVG and Spybot S&D is what I will usually install and leave on the machine. Kids machines get infected for a variety of reasons, but they all seem to have expired AV's.
     
  22. Long View

    Long View Registered Member

    Joined:
    Apr 30, 2004
    Posts:
    2,295
    Location:
    Cromwell Country
    I don't run any anti-virus or anti-spyware but if I did the problem would be gone following a reboot. Different machines currently running with Returnil, DeepFreeze6 and FD-ISR Frozen. If I ever did get infected I certainly wouldn't be happy trusting any program that I have seen to clean so would probably go for the re-install option, image restore in practice.
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.