Interested in VirusChaser

Discussion in 'other anti-virus software' started by n8chavez, Nov 7, 2006.

Thread Status:
Not open for further replies.
  1. n8chavez

    n8chavez Registered Member

    Joined:
    Jul 19, 2003
    Posts:
    2,302
    Location:
    Location Unknown
    I am very interested in VirusChaser, and Dr Web's technology. I have used Dr Web in the past and very much like it and it's corprate philosophy. I purchased VirusChaser, the so called Dr Web clone, via ebay (as discussed here). I must admit that I am rather ignorant when it come to this particular AV and I am hoping those with more knowledge and/or experience can chime in here; that's you Firecat. Does VirusChaser use a modified version of the heuristics engine? Does it use Dr Web bases? If so then what then is the difference between the two, other that GUI and quarantine. Do they offer similair protection? From what I can see, on my system, VirusChaser uses an insanely low amout of resources, much lower that Dr Web (if that is possible). Also, the VirusChaser website says that it's patterns are updated 10+ times per day. Is that accurate? I guess I'm looking for a downside here. Although, I do not care much for the interface.
     
  2. disinter1

    disinter1 Guest

    Right now I am trailing Virus Chaser, I have to say it is very darn good, but my main concern how good the heuristics are. If this and dr web are the same this is much more easier to control, and I personally like the way it looks. All I would ask for is a little more options, I will write back with more impressions.
     
  3. dan_maran

    dan_maran Registered Member

    Joined:
    Aug 30, 2004
    Posts:
    1,053
    Location:
    Stamford, CT
    What is the version of the engine used now in VC?

    And just to test it out you can try to edit the .ini set heuristics on I don't remember exact names but I know it is possible.
     
  4. n8chavez

    n8chavez Registered Member

    Joined:
    Jul 19, 2003
    Posts:
    2,302
    Location:
    Location Unknown
    Wait a minute. Why are heuristics turned off as a default? According to the drweb.ini they are off. I though it was a major selling point to VirusChaser that it used Dr Web's heuristics. I have to say, I'm a bit concerned because of this.

    Nate
     
  5. disinter1

    disinter1 Guest

    Maybe they are turned off to customize how powerful you want them. Plus, I highly recommend to buy yourself a copy for CHEAP on ebay right now, I am almost confident this is more expensive on their website.
     
  6. n8chavez

    n8chavez Registered Member

    Joined:
    Jul 19, 2003
    Posts:
    2,302
    Location:
    Location Unknown
    Yep. I can almost guarantee that there is no price cheaper than you'll find it on ebay. (see the other mentioned thread) I've already purchased it. Can someone post a copy of the drweb.ini file? It seems like a lot of the configuration for VirusChaser has to be done manually by editing that file, as is the case with some settings in Dr Web. Posting this file, from someone that knows what they are doing would really help with optimal configuration.

    Nate
     
  7. Firecat

    Firecat Registered Member

    Joined:
    Jan 2, 2005
    Posts:
    7,927
    Location:
    The land of no identity :D
    Yep, I mentioned many times that Virus Chaser has a toned-down heuristic engine. They have not completely removed the functionality (having left the generics as well as polymorphic heuristics still functional) but still its a bit crippled.

    As for program, the Virus Chaser team optimized the scan speed and made some changes to the Real-Time Monitor.

    The bases are not completely the same, Virus Chaser has a few additional signature databases as compared to Dr.Web. They have a special database in which they add signatures for ITW malware in case Dr.Web does not release an update soon enough. There's also a database meant for fixing any false positives and another for detection of certain malicious ActiveX scripts. The Virus Chaser developers have their own virus analyst team and in my experience, they do a better job than Dr.Web at adding signatures especially when you send them lots of samples (Dr.Web users need not worry because all signatures except for the ActiveX ones are integrated with the standard Dr.Web database). As for database updates, the auto update happens only once every 4 hours but if you perform manual updates, you will find that it updates at the same time as Dr.Web.

    I have tried tweaking the INI. The INI file seems to be a leftover of the old Virus Chaser 5.0 version. The modules are specifically configured to ignore heuristic detections even if you enable it through Drweb32.ini

    Regardless, I have still found it to offer good protection and to my surprise it cleaned a few viruses better than Dr.Web. :doubt:

    Regarding the whole debacle with heuristics, the older version of Virus Chaser did in fact have the complete Dr.Web heuristics engine. But due to increased reports of false positives in the 2003-2004 timeframe, they toned it down in the new version 5.0a released on November 2005. We all know Dr.Web has worked hard to reduce the number of false positives since 2004, but the Virus Chaser team does not wish to take the risk yet, due to various reasons. However, they are open to user opinions about heuristics in Virus Chaser. So, if you want to express your views on heuristics and their importance in Virus Chaser, do drop the Virus Chaser Hong Kong support team an email at inquiry@viruschaser.com.hk and express yourself. If many users want the full heuristics, it may in fact be enabled. :)
     
    Last edited: Nov 8, 2006
  8. n8chavez

    n8chavez Registered Member

    Joined:
    Jul 19, 2003
    Posts:
    2,302
    Location:
    Location Unknown
    Thanks for that Firecat. So if I understand you correctly, and I'm over simplifying here, VirusChaser is soft of like Dr Web and Kaspersky; in that it uses a "crippled" heuristics engine but to make up for that it frequently updates it's bases. Would that be somewhat correct? Are you saying that it won't matter how the drweb.ini file is configured because heuristics won't be used regardless? It has been updated, accorsing to my log, four times since yesterday at around 8 pm. So that's a plus.
    I have sent them an email explaining ehat I think of it's use of the heuristic engine. I do hope they respond.
     
  9. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    I like USB version of Virus Chaser, never used it but it,s a nice idea. Working in real time from normal USB flash drive!!
     
  10. lodore

    lodore Registered Member

    Joined:
    Jun 22, 2006
    Posts:
    9,006

    Same, I would like to see have a nod32 usb version hint hint eset!
    I would also like to see a kaspersky usb version hint hint kaspersky!
    lodore
     
  11. Firecat

    Firecat Registered Member

    Joined:
    Jan 2, 2005
    Posts:
    7,927
    Location:
    The land of no identity :D
    Yep, I think you are correct, except that Virus Chaser has some extra databases as well, sort of like F-Secure. Doesn't really improve the detection rates much though. :)

    BTW, by default, Virus Chaser's real-time monitor is set to "Create and Write" mode. If you want the Dr.Web "Smart" mode real-time, simply enable the option named "network drive scan" in the settings of Virus Chaser.
     
  12. dan_maran

    dan_maran Registered Member

    Joined:
    Aug 30, 2004
    Posts:
    1,053
    Location:
    Stamford, CT
    You can have one for KAV 6. :)
    You just need to read and modify the Windows PE files they are run from a temp directory, much like your usb drive. If I remember correctly you have to have a valid KIS key though.
     
  13. lodore

    lodore Registered Member

    Joined:
    Jun 22, 2006
    Posts:
    9,006
    is there a link to instructions on doing this?
    lodore
     
  14. dan_maran

    dan_maran Registered Member

    Joined:
    Aug 30, 2004
    Posts:
    1,053
    Location:
    Stamford, CT
    It is in the Kaspersky folder in the rescuecd.zip
    I have attached it here as a reference you still need to have a valid install for this to work. Now keep in mind this for the WinPE/BartPE discs but can easily be applied to a usb drive.
    //EDIT//
    Uploaded to Mediafire.com
    http://www.mediafire.com/?6qzd696z7gp

    //EDIT #2//
    Sorry didn't fully read the post, this is NOT resident only OD, but will sit in the system tray as normal.

    Sorry for the Off topic posts.
    If I can find a thread about KAV for PE will post it here and ask to have them merged.
     
  15. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    I think most AVs should release USB versions. It,s cool.
     
  16. n8chavez

    n8chavez Registered Member

    Joined:
    Jul 19, 2003
    Posts:
    2,302
    Location:
    Location Unknown
    Well I'm wondering if I should use VC over Dr Web as my primary AV then, given that VC has heuristic issues. I've written VC support but have not received a response yet.
     
  17. Firecat

    Firecat Registered Member

    Joined:
    Jan 2, 2005
    Posts:
    7,927
    Location:
    The land of no identity :D
    Did you mention your serial number in your email? I recommend you to do so.

    Also, you should ask for some help. Since you have purchased from a seller based in Hong Kong, it may be possible that you may be able to register at the Virus Chaser Hong Kong site. Do ask the HK support team about this.

    Usually they are very responsive to international customers. But response time is ~2 days.
     
  18. dan_maran

    dan_maran Registered Member

    Joined:
    Aug 30, 2004
    Posts:
    1,053
    Location:
    Stamford, CT
    Or maybe 10 and they don't understand what you are saying.....

    Issue:
    I downloaded the trial in the begining of Oct. and it wouldn't update it said my key was bad. Ok, so I emailed support and they said, 10 days or so later, that I needed to renew my software and gave me a link to buy it!!!
    Needless to say I had already uninstalled it, 10 days w/o an update, oh wait I am still not using an AV!!!! LOL

    Anyhow I emailed them again the same day I got the email, and I haven't heard from them since.

    Just looked in my email the dates were Oct 2nd for my orig inquiry Oct 12 for the response and Oct 14 for my last email.

    Just FYI
     
  19. Firecat

    Firecat Registered Member

    Joined:
    Jan 2, 2005
    Posts:
    7,927
    Location:
    The land of no identity :D
    Well, for certain things they have to contact NWI for additional support, but in this case this does not seem to be related.

    I won't knock their support team: They've been very good and supportive to me. Did you use http://www.viruschaser.com to try out Virus Chaser or did you use http://www.viruschaser.com.hk/eng/ ? In personal experience, the Hong Kong team has good support. :)

    Regarding Virus Chaser Trial, where did you download the trial version from?
     
    Last edited: Nov 10, 2006
  20. Peak

    Peak Registered Member

    Joined:
    Nov 11, 2006
    Posts:
    38
    Location:
    China
    VC uses Drweb's engine without heuristic detection ability
     
  21. Firecat

    Firecat Registered Member

    Joined:
    Jan 2, 2005
    Posts:
    7,927
    Location:
    The land of no identity :D
    Yep, but they have still enabled the polymorphic heuristics and generic signatures. I got this info from their R&D team. :)
     
  22. Peak

    Peak Registered Member

    Joined:
    Nov 11, 2006
    Posts:
    38
    Location:
    China
    Instead,i got my information from Chinese VC team.

    And,what's more,Everybody can prove it easily that heuristic detection is null even if the "potential dangerous" switch is open.

    Besides,for a same unknown virus,Drweb can detect it (if it can) nonetheless VC cannt
     
  23. Peak

    Peak Registered Member

    Joined:
    Nov 11, 2006
    Posts:
    38
    Location:
    China
    "I have tried tweaking the INI. The INI file seems to be a leftover of the old Virus Chaser 5.0 version. The modules are specifically configured to ignore heuristic detections even if you enable it through Drweb32.ini"
    SO IT IS
     
  24. Firecat

    Firecat Registered Member

    Joined:
    Jan 2, 2005
    Posts:
    7,927
    Location:
    The land of no identity :D
    You are correct about that.

    Anyway, the only reason I got about why this was done is mainly due to false positives. Do you know any other reason why they disabled the heuristic analysis?
     
  25. Peak

    Peak Registered Member

    Joined:
    Nov 11, 2006
    Posts:
    38
    Location:
    China
    Yes,That's the point.

    Heuristic was turned off in case of false positives.
     
Thread Status:
Not open for further replies.