im finish with avira..... after heavy infection

True, it's ignorance if he didn't do anything with the alerts. However, it should still be capable of blocking the access despite any circumstances.

 

Well the problem you get with automatically quarantining suspicious files has been well documented by users of Threatfire.TBH the repeated warnings should at least give pause for reflection.Having said that Avira can be configured to automatically quarantine threats but that option is wisely not the default one.

 

I'm not talking about automatically performing any actions(like quarantine), just to prevent access to the file. It should completely freeze any operations from the file, and to the file. The situation should be stalled untill some action has been decided from the user. The problem with ThreatFire is that when it detects something as a virus(not by behaviour)it doesn't give an option to do nothing or deny, you can only kill the process or quarantine it.

It is unacceptable that you are capable of starting a trojan.exe if you haven't specifically selected that it's OK by ignoring/skipping/permitting/etc.

 

Yes i see what you're saying but the trojan.exe can only be run if the user chooses to disregard the warnings and tick the box to make an exception of it,unless you do that it won't execute.

 

That was the point. I believe the thread starter didn't say if he selected anything, but getting infected despite avira's detection. Stefan asked "why did you start it if it was detected", and I'm asking how is it possible he could do that unless selected to ignore it.

 

Well if a warning popped up then the user would have to force Avira to remember the decision to ignore it otherwise there'd just be repeated warnings.

 

OK, that's what I wanted to know.

 

I'm not sure exactly what occurred with the OP either,I don't know if this malware got through the on-access scanner entirely or warnings were generated.

 

Avira does a good job in terms of detection but i think it still needs a good effort in cleaning. I had experiences with it in the past as other people here have said and testified about Avira missing or not being able to clean.
so when it comes to security not one product can save you from all malware of course

 

It is true but we have one more point here!

Although the Avira is not almighty it will protect you from larger number of malware than the Sandboxie if you forget to use it every time you start your browser, email client etc.

So, the title of this topic also could be "I am finish with Sandboxie ... " or "I am finish with using PC (becouse I am very forgetful guy)".

Think that Avira is not the main quilty for what happened here.

 

Only in registered version (22 €). Avira will (not) protect you against virut for free. So, if you are forgetful you will pay in one way or another.

 

The real point is I was trying to make is that You cannot provide protection with just Anti Virus (Detection Technology). This is the type of thing we used to protect our selves 25 years ago, You need Prevention, Detection, Cure in your security in order to provide a decent enough protection.

Cheers,
Josh

 

All this talk about AVs are dead, I don't really agree with.

Point is, sandboxie is an excellent program, but how is that going to help the user who wants to install a game that can only be run outside the sandbox? There were a number of programs I could only install while running say 'Shadow Defender', but even then, if I think everything is ok, and go ahead an install the program outside of my drives Shadowed, then I still encounter the same problem.

The original poster has left out key details. Didn't say which file, or type of file was run, didn't say what security programs were running at the time, only mentioned that the problem file was run, and Avira later couldn't remove it, nor could others remove it fully. Didn't mention where this file was obtained, through google, through a mate, through a crack site etc.

Further, was Avira running the whole time, and if it was, did the user 'select ignore' thinking it was a false positive, and later found out the whole system was corrupted, then sought to do an on-demand scan with Avira, which then couldn't rectify the problem.

The point is, if you think a file is safe, only thing which will really help is a previous image. And even then, you're hoping the image is also clean (most likely it will be). More advanced users can run just a process explorer type of program and analyse and determine if the system is clean. But the only way the average everyday user will really know a file/image is clean is by scanning with a reputable AV.

So saying AVs have no use, is untrue. Corporations and business environments, which are filled with everyday users who have no time to make 'system' decisions let alone analyse files in sandboxes, will continue to use AVs. Just my take anyway.

 

My memory is not great,and using the free version of Sandboxie,that cant force programs,i have come up with a pretty good system using Sandboxie Shortcut Creator v2.1.2.7.
I just replace my browser shortcut on my desktop,and media player etc
in the Pin to start list with these.
The can be configured to open in any sandbox's you may have created.
and they keep the look of the original program icons.

I cant forget if the only Firefox shortcut i see opens sandboxed.
http://www.sandboxie.com/phpbb/viewtopic.php?t=1983

 

Sandboxie/Geswall/DefenseWall type of software are to complex or complicated for the most of the users so they choose not to use it ("Just a quickie copying of some nonexecutable files from the usb memory. What can go wrong with that?" ). So, "install and forget" type of antimalware software (signatures based antimalware software) are and will be first choice for the most of the PCs.

 

Wow, just goes to show that different people see things, well, differently.

I saw 3xist's post and was struck by this:

The first thought that came to mind was:
"There goes the Comodo people again, never missing an opportunity."

Of course, this is unfounded speculation and conjecture, and completely OT, but I did find this difference in conclusion interesting.

 

Actually, I never mentioned Comodo in this thread. I was only simply pointing out that:

1. Antivirus shouldn't be used as your first line of defense and should be second line plus...
2. Antivirus should be used in a layered security architecture (Prevention First, Detection Second, Cure Third).

Where is Comodo in that? There are LOADS of Security applications out there that people can utilize from to achieve this. Not of topic, it's quite relevant - Because a virus walked right passed Avira (Antivirus).

Cheers,
Josh

 

No, I will not ignore that he is a Comodo moderator, I will not ignore that Comodo is listed in your tagline, and I will not ignore that you removed the bold that 3xist originally placed on Prevention and Cure.

I will also not ignore the fact that ten minutes after your post 3xist posted a reply.

Melih has been promoting Comodo as the only vendor that can supply a solution which can handle all three areas for quite sometime now.

With regards to your comment about relevance, I also don't see what any of this has to do with Avira and its handling of a Virut infection, given the title of this thread.

 

Wildest,

Please show more respect. I did not mention Comodo anywhere.

Like I said before, there are plenty of security applications people can utilize to achieve protection. As a Comodo Global Moderator, I HOPE other Vendors put "Prevention" first and "Detection" Second and I do wish them all the best in that, Even Avira! Avira is respected for a good detection rate, However as seen in this case, even detection isn't enough, and that sucks (Good to see them putting in behaviour blocker)... But this is why Prevention comes first. Every AV misses new malware, etc.

This is NOT about "Comodo is the best! use it! use it!", I gave my views on what people should do to provide protection, That's it. Has NOTHING to do with COMODO at all. People have a right to choose WHAT they wish to achieve a decent protection, From Vendor A all the way to Vendor Z.

Cheers,
Josh

 

Saraceno, I couldn't agree more with your comments, and I would like to add that even though I would never rely on Avira completely (virtualization and finally backup are my insurance policies), because of my job my computers have always been exposed to a lot of malware introduced by USB Flash Drives. I have used Nod32 for years successfully and now Avira.

The point I want to make is that every time Avira detected something (always had the guard on 'interactive mode', so that it would let me decide what to do with the threat) I would most of the time choose to 'delete' and that was that. There have been times where I knew that what was detected was needed (most likely an FP) to allow me to read the contents of the USB and would then decide to 'ignore'.

Well believe it or not every time I chose to 'ignore' it would still block the detection to the extent that I usually had to disable the 'Guard' altogether to let the detection execute. I intended to even complain to Avira about their 'ignore' command being really ineffective, but I always thought better this way than the other way around.

As you mentioned the OP hasn't told the whole story (by all means I'm not implying that he was misleading us) and sometimes we do things without paying attention to details. I also think that some AVs are better at cleaning infected computers than others. From my point of view if my system is infected (or even suspect something is wrong) a quick restoration and my computer is in pristine condition again.

 

I think the order is not correct. It should be Detection, Prevention, Cure (or rather restore). Prevention means that a malware cannot do (permanent) harm to your system even if you execute it, a safety fallback if detection fails. But in my opinion, running malware should be prevented at all cost. There is no way to be sure that your prevention system does notice every change to your system. You think your system is clean again but in reality, there is still undetected malware running. Cure by using rollback tools - works usually, but there is already malware bypassing the most popular rollback tools. Same goes for the various HIPS and sandboxing tools, the popular ones are targeted by the malware already.

 

When Prevention, Detection, Cure is used a proper security architecture, Prevention off course comes first - Because AV's can only detect %age of malware out there and A prevention solution will prevent the rest. So you detect say 40%, and prevent the other 60% (AV is also good for usability too, making prevention easier so yes AV is second line of defense for usability and security side of things)..

Let's look at a real life example: You have a house, right? And you have a Door... This stops people from coming in (prevention) So in this prevention approach, a whitelisting approach - only programs certified safe can run but all others are blocked. Sure, but the door can be broken, off course it can... That's why you have a burglar Alarm(detection) - So if the door is broken, the burglar alarm will alarm. And off course, people can come in and steal things, and that's why you have insurance (cure). (Btw... Burglar alarm only recognizes the baddies it has its in database... )

It's all about default deny protection (HIPS and a Software Firewall) not default allow (Antivirus), again Antivirus is useful in a good security setup like this with 3 unique layers and AV fits right in the middle between cure and prevention as a detection solution.
You can't provide protection with just prevention...
You can't provide protection with just detection...
You can't provide protection with just cure...

You need all 3, and prevention comes first.

Cheers,
Josh

 

For malware never.
When you run a top notch AV (there are at least 3, I consider in that category) 90 % of the time virtualized, practically no malware will affect your computer. Since April 2005, when I first installed ShadowUser I stopped having anything reported with any scanner, in fact this year I scanned my computers only once with the new version of Avira, A square, SAS, Malwarebytes Anti-Malware, PREVX, nothing whatsoever was found, not even a FP.

On the other hand I restored my system at least 30 times for all sorts of reasons: Conflicts, bad configurations (sometimes the system has a strange behaviour) testing OSs (I have an image with Win7, two with Vista 32 bit, two with Vista 64 bit, all with no files in them so restorations take 10- 11 minutes at the most).

 

I don't know what kind of backup program you use, but if you haven't restored a single image once, I suggest you try to see if it works, depending on the system and the backup program sometimes the restoration doesn't work. Backingup successfully doesn't mean it will restore successfully.

 

If you dont revert back to your snapshot,you'll never know if it will work for you when you actually do need it.