DrWeb antivius

Hello. Your opinion on antivirus DrWeb? At DrWeb and at NOD32 the best heuristic analyzers in the world.
PS excuse for mistakes, I from Russia and badly know English... =)
PPS Whether there is a Russian version of a forum?

 

erm,

well what to say, ... i like it

dr.webs heuristics are quite good, yet alot of FP's ... although they are working on this dramatically, nod still lead the way in heuristics, also i think bitdefenders heuristics are fantastic too.

search the forum for dr.web, im sure there are enough posts about it on here were you can find some usefull information.

here are just a couple:

https://www.wilderssecurity.com/showthread.php?t=168742&highlight=dr.web

https://www.wilderssecurity.com/showthread.php?t=169389&highlight=dr.web

https://www.wilderssecurity.com/showthread.php?t=169120&highlight=dr.web

https://www.wilderssecurity.com/showthread.php?t=160784&highlight=dr.web

https://www.wilderssecurity.com/showthread.php?t=164319&highlight=dr.web

https://www.wilderssecurity.com/showthread.php?t=166653&highlight=dr.web

 

Thanks for the answer. But I wished to hear it here =). I assume you user DrWEB, you used beta version?

 

You'll find quite a few DrWEB users around here...

 

yep, im currently using the beta on vista, its working a treat although i have to manually click 'update' to update it at the moment, this will be fixed in the release im sure.

ive always thought detection to be good, its always kept me safe.... ive always had a 100% removal rate, with no manual removals needed, its low on resources, low on system performance, little HD space needed and updates are very small too at max 15kb, and a good price to boot aswell, especially if you use the 50% off migration offer.

i know the betas have the new engine in which should increase detection and improved heuristics than the released version, but only time will tell how much more.

i dont know what else to say, ive already said sooooo much about it on here already, you really do need to search the forum for drweb threads, im sure ive got a few comments in there aswell, or maybe some other drweb users will come on here and give a few comments to you aswell.

welcome to forum,

 

I just know dr web runs the best on my comp while playing games.I put kav 6.0 on my wifes comp and i use dr web on mine.When i cruise the net i use avg 7.5 anti-spyware and ghost regdefend also.

 

Just don't get infected. Dr Web is good at detection but couldn't clean a toilet - at least that's been my experience with it.

 

Both Dr.Web and its Asian clone Virus Chaser are IMO very good programs. Their heuristics produces some false positives occasionally, but overall its just fine.

As for Russian forum, you can find the official Dr.Web forums in Russian language:

http://forum.drweb.com/

 

absolute nonsense,

care to elaborate which sample dr.web detected and could not remove?

100% removal, and it will clean if its possible, then move/delete/lock or whatever you have it set at.

i definatly have not had any manual removals unlike some, including the big guns like nod32 and even norton too, with dr.web always 100% removal.

 

Not nonsense at all. How can you say that since you weren't present with me to observe the event? As for samples, the list is a little long. I have a log of 336 different viruses that it detected as were still on the system after Dr. Web said it had "cleaned" them. At the same time, I could say the same thing for NOD32, except it didn't detect nearly as many (and many could have been FP's with Dr. Web). In the long run, only Kaspersky, Superantispyware and various other specialized tools were able to get rid of the little nasties. I clean people's computers for a living, so I'm not speaking theory here - I'm speaking of what I see on a daily basis. I know that others have had some success using Dr. Web, and I will take them at their word. As for my own experience, I find that most AV's are good at detection, but very few are good at cleaning after detection. In fact, as far as dealing with trojans and related malware, I have found that AS apps such as SAS, Counterspy and AVG AS are better at removal than the AV software. Of course, a lot of the work is manual removal, where tools such as HijackThis and Rootkit Unhooker come in handy. Also tools such as SSM which help tame the little nasties and kill their processes so you can get control of the computer to work on it in the first place are of immense help.

 

isnt cleaning just removing the 'threat' and leaving the remaining file on the system?

if you want to check its removal, change the settings to DELETE and watch how the dissappear from your system (the ones have havnt already been cleaned)

 

Cleaning involves removal of the threat, that is correct. The file may be spared if its a virus infection, otherwise the file must be deleted. Cleaning also involves removing all traces of the infection, such as registry entries, startup processes, DLLs etc. I think KDNeese is saying that Dr.Web is not good at removing the traces of malware infection. I have no proof to say whether he is right or wrong on this matter, and hence I will remain neutral.

 

no firecat,

he is saying drweb has said the file is "cleaned" yet the file remains on his system.

this still can be true, with the file cleaned... if he wants things deleted, he really should set the settings to delete, and watch it vanish.

i really do think he got a little confused with the clean setting, i think he thought clean would just remove the file... end of.

ive never had any problems with dr.webs removal, its up there has one of the best, such as kaspersky, in trying both... always 100% removal from these 2.

 

I am using the word "clean" in a generic sense, meaning complete disabling and removal of the malware. What I am saying is that even though Dr. Web said it had gotten rid of the malware, the malware still remained on the system and actively fought my attempts to remove it. I know the difference between "clean" and "delete." In this instance, Dr. Web did not disable nor remove the malware. I will have to say, however, that this was a particularly nasty infection, the worst I've seen to date. Think of any piece of malware or any trojan you've read about in the forums or have heard of, and it was on this computer There were several DLL's running in memory that neither Dr. Web nor NOD32 could delete. In fact, none of the AV's could touch a lot of this stuff until I used some other unlocking tools to unhook the malware so the other apps could work properly. Even after using the tools, Kaspersky was the only AV that was able to remove the stuff, and even it couldn't remove everything. I had to use a combination of AV & AS apps as well as other specialized tools (such as Vundofix, Combofix, etc) to get the computer completely clean. The one main thing that bothered me was that even though Dr. Web & NOD32 said they had gotten rid of the junk, it was still there, and the DLL's were still running in memory. In an instance such as this, average users, not well-versed in computer security, would assume that their computer was clean, when in fact it would still be highly infected. I guess that's the main issue with me. A lot of people here at the forums know how to check their systems and are familiar with the various tools available to ensure their systems are clean. The average user, however, would simply trust whatever their AV told them. I mean, heck, the computer in this particular instance had Norton 2002 installed on it, and their subscription had run out in 2003... But's that how savvy the average user is - totally clueless how to protect their computer. I see people in a panic every day because their computers are infected and they don't know what to do. They simply don't understand Internet dangers and the process of becoming infected. In this particular case, the people had downloaded multiple rogue AS & AV apps, and they trusted the apps simply because it contained the name "antivirus" or "antispyware." If people trust those kinds of apps, how much more will they trust an app that has been recommended to them by someone they know (who is also knowledgeable about computers)? So I guess the bottom line for me is I would hate to see a person go on with an infected system because their AV told them all the nasties had been eliminated, when in fact they weren't. I guess dealing with people every day and seeing their shock when their systems become infested and useless has made me a little more critical than I should be. Anyway, there's really nothing more I can say. I've simply stated the facts as I have observed them.

 

I am a believer in kaspersky.But i do like the way dr web runs on my computer while in games.I would not cruise the net without avg (ewido) 7.5 and regdefend by it's side though.

I would like to know if there is a way to install kaspersky on my comp without having to delete dr web.Would like to use kaspersky for on demand scans.

When you install kaspersky while dr web is on the computer,it will not continue untill it deletes dr web.

 

if you want kaspersky for on demands, why not just use their online scanner?

as for drweb and nod32, if it said its cleaned it... it has

ive never had any problems with dr.webs cleaning/removal of anything, and ive tested it against the biggest viruses out there, sure if you look at the tests... sure, people can say dr.web could be better on detection, but for removal, is up there with the best in my opinion

 

Completely agree

This is also my experience over several years of use.

 

Mine too!


tD

 

Likewise here and you betcha...

 

cool, i actually said something about dr.web that some people 'agree with'

let me enjoy this moment *lol*

 

i was just reading the drweb manual and it seems that the NT version of drweb can show alerts when it updates etc etc which is what i would want.
so once i install windows 2k pro i will install dr web and enable those notifications and see how it goes.
lodore

 

dr.web should show you a bubble when it updates automatically anyway, even without the notifications enabled.

it did on XP, although it doesnt on the vista beta.... although im sure it will when they fix the automatic update thing for vista.

 

ok thats good then.
all windows versions from window NT upwoulds aka NT,win 2k pro and XP use the same spider guard.
windows 95/98/ME use a different one.
so it will be imteresting to try the proper version drweb
lodore

 

I'm quite sure the "update bubble" default setting is to show after updates because I have to disable it after a new install. This is done by editing the drweb32.ini file -- under SpIDerGuardNT -- Acknowledge = No
Me no like the darn thing.