KAV5 Pro (already an installer without ADS?)

Discussion in 'other anti-virus software' started by halcyon, May 31, 2005.

Thread Status:
Not open for further replies.
  1. halcyon

    halcyon Registered Member

    Joined:
    May 14, 2003
    Posts:
    373
    Is there already a installer in the KAV5 Pro version that disables the tagging of ADS during the installation?

    I'd very much like to try out KAV5 Pro, but not until I can choose not to use ADS during install time.

    I know I can disable the feature and remove the tags afterwards.
     
  2. q1aqza

    q1aqza Registered Member

    Joined:
    Jul 27, 2004
    Posts:
    312
    Why not try out the personal version and you can choose not to install ADS. There is a tick box that you untick (can't remember what it says but something along the meaning for "install with standard options".....)

    Then you get a page that allows you to untick the istreams (ADS).
     
  3. halcyon

    halcyon Registered Member

    Joined:
    May 14, 2003
    Posts:
    373
    I'd prefer the Pro version.

    That option (disable ADS before install) is not available in current Pro builds yet?
     
  4. Blackcat

    Blackcat Registered Member

    Joined:
    Nov 22, 2002
    Posts:
    4,010
    Location:
    Christchurch, UK
    No, but this option is in MP2 of KAV Pro, which is provisionally due for release in early summer.
     
  5. halcyon

    halcyon Registered Member

    Joined:
    May 14, 2003
    Posts:
    373
    Thanks!
     
  6. RejZoR

    RejZoR Registered Member

    Joined:
    May 31, 2004
    Posts:
    6,426
    Why are ppl complicating so much about ADS? :rolleyes:
     
  7. halcyon

    halcyon Registered Member

    Joined:
    May 14, 2003
    Posts:
    373
    I think there are many reasons, based on what I've read.

    However, my friends who own (but have since gotten rid of) KAV 5 Pro didn't like it, because on their dev systems it would just kill source tree compilations.

    I don't know why and whether this was merely a configuration issue, but they switched to NOD-32 and have been happy campers since.

    I've read so many bad stories of ADS myself, that I'd rather NOT force install it at first :)
     
  8. bigc73542

    bigc73542 Retired Moderator

    Joined:
    Sep 21, 2003
    Posts:
    23,873
    Location:
    SW. Oklahoma
    I have always used ADS in Kav And have never ha a problem.
     
  9. The Hammer

    The Hammer Registered Member

    Joined:
    May 12, 2005
    Posts:
    5,619
    Location:
    Toronto Canada
    Im with RejZoR on this one. Why does KAV use them? What are they (in laymans terms) anyway? And do other AV programs use them?
     
  10. richrf

    richrf Registered Member

    Joined:
    Dec 11, 2003
    Posts:
    1,907
    Hi Hammer,

    I am sure if you do a search on ADS, on ICE Systems' and Kaspersky's forums you will find quite a bit of debate about them. Here is a short synopsis of my perspective. Others certainly have different views.

    1) ADS is part of the NTFS file system which essentially allows software programs to "tag" a file with additional add-on information. These tags are for the most part invisible to the user unless the user uses special tools.

    2) KAV uses ADS to "tag and timestamp" a file, essentially telling the KAV scanner to scan the file for malware or to skip the scan for that particular file. On my system, KAV Pro created about 32000 ADS files. As you can see, they are created strictly to increase performance. My guess is that KAV sales was under heavy pressure to produce a system with better performance and the technical group came up with this "quick and dirty solution". (The reason I suspect it is a "quick and dirty", is because not unexpectedly ADS has been dropped from the upcoming 6.0 release).

    3) However, it is possible that a file is infected, yet not detected by KAV. So a file cannot be skipped on the first scan. There has to be some sort of latency period where a file is thought to be "clean", but not proven so. I understand the latency (quarantine) period is currently one year. That means it will be at least a year from the date of the first scan before that file is actually skipped. Users can create shorted latency periods depending upon their confidence in KAV.

    My critique:

    1) ADS adds 32000 files to the system that now has to monitored for possible infection and malware. Products such as TDS-3, AD-Aware, ADSSPY, and other newer anti-trojan products are coming out with ADS scanners. These scanners will flag all of the KAV "Kavich" ADS, unless they are filtered out. However, if they are filtered out, then they are no longer scanned for infections. This is "hole" in a full system scan strategy.

    2) Certain products, such as Prevx, monitor changes to system files. Everytime KAV scans a system file, Prevx alerts go off, making system files impossible to monitor by products such as Prevx.

    3) Cleaning the system of suspected ADS malware becomes problematic. Recently, my friends system was getting alerts that there were malware in some ADS files on his system. There were a total of 30 ADS on the system. Rather than inspecting each of them, I just cleared them all off the system. If there were 32000 ADS, the cleaning problem would have been much more difficult.

    Basically, I feel, that ADS detracts from security, and since I am primarily interested in security, as opposed to performance, I believe ADS should have always been an option as opposed to the default. KAV Personal Pro (the reason for its existence still is unknown to me), does not allow the user to suppress ADS during installation. You are therefore left with the very daunting homework assignment of cleaning them off yourself, if you don't want them. I personally was never able to find a way to completely get them off, so I did an image restore.

    If you don't want to use ADS, I would recommend using version 4.5 (as I currently do), or KAV 5.0 Personal MP3. There are issues with MP3, that you should probably acquaint yourself with by visiting the Kaspersky forum. Currently, my two biggest issues is that there is no way to suppress the start-up scan and there is no ability to use the super-secure database as I can with 4.5. I have no idea why Kaspersky made this thing so complicated and wierd.

    Rich
     
  11. The Hammer

    The Hammer Registered Member

    Joined:
    May 12, 2005
    Posts:
    5,619
    Location:
    Toronto Canada
    Thank you very much. I have heard other explanations of ADS and Kav. But this is the first one I have heard that was this well explained and in plain English. Every other time my eyes would glaze over from the techno speak. Again, Thank you.
     
  12. richrf

    richrf Registered Member

    Joined:
    Dec 11, 2003
    Posts:
    1,907
    Hi Hammer,

    Glad my explanation was of some help. Others may propose a different perspective.

    Rich
     
  13. halcyon

    halcyon Registered Member

    Joined:
    May 14, 2003
    Posts:
    373
    Do you compile software from a big source tree CVS server on your own machine when you use KAV?

    If you do and have no issues with KAV with source compilations, I'd very much like to hear about your KAV settings.

    Or my friends would, to be more precise :)
     
  14. Franklin

    Franklin Registered Member

    Joined:
    May 12, 2005
    Posts:
    2,517
    Location:
    West Aussie
    When I trialled KAV I had no idea 45,000 Kav ads were created.On finding out I uninstalled Kav but the ads remained and had to use the Kav ads removal tool.There were still around 20 Kav ads left that couldn't be removed because of files in use,even in safe mode.

    These leftover Kav ads were hampering the install of my new AV(Vet) and the only option I could see to kill these leftover ads was to change my file system to fat 32 then back to ntfs which worked with the installing of my new av no probs.

    I'm not saying this is the case for every user but this was my experience with Kav and ads.Recently switched to Nod 32 which is kicking butt with vet as a backup.
     
Loading...
Thread Status:
Not open for further replies.