Kingsoft Antivirus 2012 [Cloud]

And i think Kingsoft does pretty well in adding malware hashes into cloud database.

a malware folder with a number of 150 malwares, the first time i scanned this archive with kingsoft it could detect 109 malwares ( which is perfect IMO )

after 12hour it came to a detection range of 143 malwares, which means they are doing pretty good in adding hashes, mostly i like the speed of their reacting.

 

yeah. but one of the most important tasks of AVs product is to heal the infected system and They should be capable of Taking deeper protection levels under their control. i don't know how much we can rely on kingsoft. speaking of healing the infected system.

 

to me there is no such thing as healing an infected system.
i would never trust a system once it has been infected, better
to re-image or to just re-install, this is the only way you can be
sure you are now malware free

 

Man, I couldn't agree more. The best AV that anyone could ever have is a recent image waiting to be mounted. I make a new image every month, and I also have a "system emergency" image as well. This image is after a clean install, windows updates and all drivers.......No software whatsoever. I mount this image every 6-9 months and install all updates and any new drivers and then I save the image again. That way, I can always get back to a clean install state if something bad happens.

My AV is only there to let me know there is an issue, and it's time to reimage.

 

While I agree with the basic reasoning behind your idea;

-You may be infected yet you may not know it. Even if a sig or heuristic update gets it later, your security program may not be able to detect if it's on ring 3.

-Not all people have images like us, or knows to reformat/install things.

-Sometimes there's no acceptable image to return to.

 

Believe it or not , but i like infection and i just like to heal the infection after that.

nowadays i infect my pc with various samples to see how kingsoft would deal with 'em.

one of the result was remarkable, i disabled kingsoft's defense guards & infected my pc , then restarted to verify the changes. once pc booted up kingsoft alerted me and said Registry startup item was detected and removed

it did hell of a job.


but u wanna know how i make sure im not still infected ?! it's kinda simple

before i run the malware in RM , i run it on sandboxIE and monitor its behaviors with buster sandbox analyzer so that i know what exactly my malware would act

then run it in RM.. regardless of my expectations of the entire behaviors of the malware , i do some other diggings just in case.

for example
I check my entire startup entries and the other information using DDS logs and also check the log of Exewatch to see the last files created on my system.

the last step is to check my system for rootkits using vba32 antirootkit.

that's it... and i ain't gonna miss this exciting experience for anything like system images.

 

The system defence it have is chatty?
Or it asks only for unsigned services?

 

in default settings it's defined that kingsoft alert you for every single detection, but still not chatty , but if you want to shut the messages completely you can turn the "silent mode" on. this way you never gonna be alerted or as some say "annoyed".

btw kingsoft hasn't got a HIPS to ask you questions, though u can set the pre-defined action(on detection) to manual.

 

the description you give earlier in your post would indicate that real-time scanning must be running in order to detect these.
I see nothing in kingsoft which is different from other vendors.
It must be solely a cloud based AV.
Because an AV is either cloud based or running in real.time on the computer.
Regards.

 

It should be kinda misunderstanding sir

kingsoft is not different from other vendors but as i said here
there is a difference between kingsoft's real-time and other's. but u wouldn't loose anything again. in fact it is protecting your pc on low usage of system resources.
why?
because if it was meant that it scan all files on real-time, (can u imagine ?) it always had to use the net because it is cloud-based and u would loose a lot of your net teraffic!! thus they decided to do it in smarter way and it check the files via cloud only when u directly try to access the certain file

still kingsoft can be used in solo.. no porblem you can do it as im doing

and keep that in mind kingsoft is a free of charge product and we should really appreciate this favor.

 

Thanks for sharing the experience. The Kingsoft really showed nice results.

 

Each to their own I guess, but I have only ever done a re-install twice after cleaning an infected system, and that was only because the system was unbootable are doing the cleanup. If the systems were mine, I would have spent the time (maybe hours) getting them booting again.

Maybe I'm too trusting, or maybe others are too paranoid about infections?

 

same exactly thing i would do. it's more professional also.

 

Are you certain of that.?
What about firmware malware etc.
Infected USB drives etc.
There is evidence of malware that can survive a re-image and re-install so i dont think a re-image would guarantee anything really.
Regards.

 

ot posts removed

 

Anyway to trust a file from the boundary defence popup?.I keep getting no squint firefox extension scanned and shown clean every time i open firefox.There doesnt seem to be a way to exclude/trust the file from the popup which would be easier than opening menu>settings >trusted files and have to trawl for the file

EDIT...
Hmmm.. the last couple of restarts of firefox ,and no popup.I see i can suppress the popup from the settings under boundary defence downloads ,though im not sure why no squint extension is considered as a download? as its installed.

 

@ellison64

The no squint firefox extension scanned everytime while firefox launched?
Could you please send me the extension file for analyse?
My email address: xukun(at)kingsoft(dot)com

 

Hi...yes ive zipped the extension and sent it to you.Yesterday everytime i opened firefox ,i had the popup shown in earlier post.However today nothing.I did think that perhaps no squint was update checking ,however my firefox extensions are set to manual update ,so not sure what was happening.

 

Hi ellison64,

Thanks for the files, after installed in FF, we did not see any windows popsup while launch FF also.

Well, please contact us while it occurs

 

I would have to say sth abt this software

This software is no longer participating av-c test but you guys should checked the previous score..

The only pro for this software is its speed. but I don't think a fast av soft that can't fully protect our computer is worth to install

 

KAV 2012 Cloud is a different product to that one tested in 2010 and therefore it should not be judged from the results found in an old test.

Recent evidence for this lack of protection? And I would suggest that in a layered defence it would be a very good choice.

 

According to tests of various users KAV is on a par with the best avs by detection. In my opinion it's a very decent additional layer of protection.

 

KAV is solid and as I have mentioned in the previous post, I like the fact that it's China based. My big quetion to the developers is, when is KAV going 64 bit?!

 

See this...

http://i.imgur.com/S2Hc9.jpg

 

64bit OS is already supported, and we will continue to strengthen it.
Thanks.