My review of eXtendia AVK Antivirus System.

Discussion in 'other anti-virus software' started by Kobra, May 25, 2004.

Thread Status:
Not open for further replies.
  1. Kobra

    Kobra Registered Member

    Joined:
    May 11, 2004
    Posts:
    129
  2. new avk user

    new avk user Guest

    It really is a great product.
    The only problem I have is that it opens up Port 110 and seems to leave it open (atleast on my machine and according to online firewall tests I have done such as Sheilds Up and a few others. I tried it with Sygate Firewall and Zone Alarm and Outpost) I am not at all a "tech person". I am just a "point and click" pesron so if anyone can tell me how to adjust a rule to the firewall to close this port 110 then I would aprreciate it. I know it is the AVK which is opening Port 110 because I did a firewall test before installing it and everything was stealth. Aparrently this is a common problem with some AV programs and Sheild's Up has this write up about AV programs opening port 110--

    "Although it is uncommon for end-user PCs to host a full eMail server, anti-virus and anti-spam "filtering" programs often open the user's local port 110 to provide convenient eMail filtering through a technique known as "proxying". The bad news is that some of these programs cause this port to be opened and exposed to the outside world — to the whole Internet — which can create serious vulnerabilities for the user's PC."
    http://grc.com/port_110.htm

    There must be some way to configure the firewall (Sygate or any of the others ) to close this port because I would absolutely love to use this AVK program which really is fantastic.
    I hope I don't seem dumb. I am definitely not a "tech" type person.
    So if somone could help I would appreciate.

    I have had an online stalker/hacker after me for sometime so don't like to leave any posts open so I have temporarily uninstalled the Extendia AVK (which I purchased this afternoon) and put back my old AV so that all my ports will be closed and stealthed again (they are).
    Does anyone else have this open port 110 problem with the AVK and can you tell me how to solve it?
    Even with a firewall like sygate Port 110 stays open with the AVK installed.
    There must be some way to close it so I can use this beautiful AVK.
    Thanks in advance
     
  3. gerardwil

    gerardwil Registered Member

    Joined:
    Jan 17, 2004
    Posts:
    4,750
    Location:
    EU
    Hi,

    Which mail client do you use. If not Outlook I suppose you have to configure your pop3 account manually.
     
  4. new avk user

    new avk user Guest

    I use outlook express.
     
  5. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    125,798
    Location:
    Texas
    new avk user

    If you have broadband connection, a router is cheap and easy protection against open ports. Used with a software firewall, a router will ease your mind.

    There is a lot of good info at grc.com
     
    Last edited: May 25, 2004
  6. Kobra

    Kobra Registered Member

    Joined:
    May 11, 2004
    Posts:
    129
    First, I don't have this problem, because I use a Netgear Hardware router. So I can't test this to see if its an issue firsthand in regards to software firewalls.

    Did you try calling or emailing their support? That would be a good place to start, they've probably heard this before.

    Second, try manually configuring it to use POP3 and disabling the build-in Outlook module. It could be the outlook module is keeping the port open. Secondly in the pop3 settings, you can choose 127.0.0.1 port, and just point to your mail server which might be another way to try it.

    Lastly, uninstalling shouldn't be required, just disable email scanning until you find the problem, you are still pretty well protected from baddies due to the double resident monitoring program if i'm not mistaken.

    Hope this helps.
     
  7. Sandish

    Sandish Registered Member

    Joined:
    Apr 29, 2004
    Posts:
    51
    thank you, not many people notice that.


    Are you talk about a single AV with 8 engines or about a tool that is able to use more than one AV - like a mailscanner? Two isn´t always better than one. It depends how well they are selected, they have to suit to each other. The fact that someone uses 8 scanners on a server doesn´t make it better, there are 8 programms that could fail and make the system unstable. Not to tell about the high load.


    The transfer time will raise a lot on a medium sized machine. I noticed it took 3 times longer on a XP 2000 with 256 MB RAM - just as an example.


    Why did they add it? Did you ever have to sort out 6000+ mails with such notifications that were sent to spoofed addresses? It´s not useful in any way.

    Realy? Could it be that it´s just a number and doesn´t tell you anything about the quality of the signatures?

    The job of an on-access scanner is to prevent an infection. Nothing else. It doesn´t matter if you download 50 viruses in a zip file, as long as you get an alert when they try to come out. Thats my opinion. Of course it´s a "nice to have".

    The file was moved and deleted from the original location.

    If you have a Worm/Trojan/Virus like the infamous SDBot with dozens of variants for example, you will notice that many of them have common code sequences. If you base the detection on such common (generic) characteristics, you have a chance to catch many variants with just one signature. One could even call this a heuristic detection, but i think it takes a bit more.


    Not realy, it just says that they have a signature for it - to be impressive they should stop the file without a signature. There are many bad things out there and believe it or not, enough of them wont be recognized by any AV/AT. But many of them can be blocked by a workin brain and common sense. And no, i don´t want to say that you have a lack of that.
     
  8. new avk user

    new avk user Guest

    Yes. Thank you. I do have broadband.
    I should have a router. I have been reading about them.

    But now I am back to my old AV software and all the ports are closed and stealthed again.
    So this AVK is very frustrating in that it opens that port 110 and leaves it open and this is not good and creates a problem for me which was not there before I loaded the program. Yes--a router would fix this but the AVK program itself should not cause this either. So it is a downside to an otherwise nice program.. My old AV does not open and expose port 110 (nor does F-Secure which I also loaded and tried. All ports still stealthed perfectly with F Secure). Just this AVK does it and I didnt know until I bought it! And it is with no matter what software firewall I have tried.
    Yes. A router is very good and I should consider to get one but still this AVK should not be having the effect of leaving that port open. This is not a good thing in that program. The anti Virus program I currently have re-loaded back onto my computer has full incoming and out going scan of email but does not leave open Port 110.
    So this is a negative in the AVK program. Too bad.
    I wish I could fix it somehow with some firewall rule. For now I am using my old AV program.

    Thank you for your kindness
     
  9. Sandish

    Sandish Registered Member

    Joined:
    Apr 29, 2004
    Posts:
    51
    Another one that noticed it - thank you. And it wasn´t meant to be destructive.

    Oh, i guess i have to dissapoint you. A review like I would like it takes too much time and a lot more knowledge than i have.
    ;)
     
  10. tazdevl

    tazdevl Registered Member

    Joined:
    May 17, 2004
    Posts:
    837
    Location:
    AZ, USA
    No worries. :D FYI it just came across that way. Happens to the best of us.
     
  11. Kobra

    Kobra Registered Member

    Joined:
    May 11, 2004
    Posts:
    129
    AVK was grinding down one of my boxes here a good bit. I checked Defrag, and the drive was 50% fragmented. Defragged it, and the problem is gone..

    Something to consider if you have any major performance issues, and haven't defragged lately. :p
     
  12. Paul Wilders

    Paul Wilders Administrator

    Joined:
    Jul 1, 2001
    Posts:
    12,475
    Location:
    The Netherlands
    A known issue, and critized often. Going for the winsock option would be a far better option. Who knows, in time :)

    regards.

    paul
     
  13. Kobra

    Kobra Registered Member

    Joined:
    May 11, 2004
    Posts:
    129
    Ok, so disable email scanning.. The double resident engines will pick up any malicious attachments anyway that you could possibly execute, wouldn't you think?

    Besides, I have triple layered email protection anyway.. Brightmail on the mail server, Outlook 2003, which caps most vulnerabilities, and then finally Email scanning - but I could just as easily turn off email scanning as anything malicious that could execute would be immediately grabbed by the residents.

    Did you hear back from AVK support yet?
     
  14. BlueMoon

    BlueMoon Guest

    ermm...that's by no means a solution for the average user, going for enabling email scanning, is it? new avk user is the perfect example here....

     
  15. Kobra

    Kobra Registered Member

    Joined:
    May 11, 2004
    Posts:
    129
    Oh yea on a side note, I cannot duplicate "new avk user"'s port 110 problem... I dropped off my firewall, and ran a port monitor on 110, and it was "Closed". I checked Shieldsup, and the 110 port was never left open.

    But I don't use Outlook Express, becuase that program in itself is one piece of garbage security risk.

    But I can tell you, in 4 different email clients, 110 is not being held open by AVK on *My* machines - without my hardware firewall connected.

    Guess that further props up my stealthy-troll theory in my mind.
     
  16. diesel

    diesel Registered Member

    Joined:
    May 25, 2004
    Posts:
    21




    hmmmmm someone's throwing down the BS flag :)

    me thinks kobra may have been watching one too many episodes of the x-files
     
  17. Kobra

    Kobra Registered Member

    Joined:
    May 11, 2004
    Posts:
    129
    Well AVK sure ain't keeping 110 port open from what I can tell.. I've tested this on three different boxes now, including with Outlook Express, and it doesnt appear to be AVK doing anything like this.

    Redd Harvest reminded me about netstat -a -n showing open ports, which anyone can do to see for themselves AVK ain't holding open port 110. See the below screenshot, Netstat doesn't list 110 as being open, and by the screenshot you can clearly see AVK is running, outlook is opened, and outlook scanning is active with AVK.

    Are you sure you were running the same AVK i'm running or a different version? I await your reply..

    http://home.comcast.net/~prolawn00/no110port.JPG


    Now can we *PLEASE* get back on topic here? :rolleyes:
     
    Last edited: May 26, 2004
  18. new avk user

    new avk user Guest

    Sir,
    If by "troll" you mean some one who is not telling the truth then I must disagree with you. I am sorry to give that impression of troll. What I have experienced and written in my post is my situation and I am trying to find a solution because I think this AVK is really set up very nicely---very clear program. Furthermore it is sold by Boomerang Software which is a "local" company not far from me and I prefer to give local companies my business. So I am eager to get this program up and going.
    I tried to contact the tech support via telephone but I think was too late in the evening but the taped message gave the tech support email address.
    I had enquired to Boomerang software about this product once before, some time ago, after reading about it in PC World and at that time when I wrote them a letter I received a phone call from a man name Richard who said he was the CEO of the company! Now that's service! The CEO himself calling potetntial home customers! That is impressive!
    But it was the posts of Kobra here which reminded me of this product and so after reading these posts I went to the Boomerang site and purchased and downloaded the program.

    >"yet he seems to know an AWEFUL lot about ports and things, and enough to find how and where 110 is being opened,"<

    I have been reading from this Wilders Forum for a copule months now and really enjoying it and I have learned a great deal here. What a great place. Yes-- I still describe myself as "point and click" but I am learning. For example---I have learned enough to go and make online scans at Sheilds Up or DSL Report but I dont really know what port is! I only know they are supposed to be "closed" or "stealthed" in order to be "safe". That is as much as I know. But I am trying to learn.

    >"But I don't use Outlook Express, becuase that program in itself is one piece of garbage security risk."<

    Well---I am using Outlook express for my mail. It is the only email prgram I am familiar with or have used. And with Outlook express and the EXtredia AVK I am having this Port 110 problem. So it must be a combination of the two. Or as Mr Wilders said in his post--this is a known issue. That is also what it says at Sheilds Up--
    http://grc.com/port_110.htm
    It showed me the above page when I failed the test.


    >"But I don't use Outlook Express, becuase that program in itself is one piece of garbage security risk."<

    I have heard this from others---that Outlook EXpress is not good security wise. I am just trying to learn. That is why I have been visiting this Wilders forum to read here for the last couple of months.I have not posted here to anti virus section of Wilders before (but I did post once to the Nod32 section of Wilders Forum using a differnt nickname)

    Would a simple change of email program solve my problem?
    I would be happy to do that. If so which would you recommend in your experience? I have heard of Pegasis Mail and also Eudora. I would be perfectly willing to do that.
    Also your suggestion to disable the email scan is simple enough as well. When installing the AVK a notice came up saying it "detected " my email accounts and asked if I would like to enable scanning of them. It would be simple to just say "no" to that. I agree that the real time scanning should catch any virus sent in the mail. So that is a simple solution! Thank you.

    >" And follow it up with a "I've uninstalled it, I cannot use it!"<

    I am trying to use it! I absolutely intend to use it. I only uninstalled it temporarily until I could get this port problem fixed. I was hoping some knowledgebale person here could help! That is why I posted here thinking I could get help from somone who knows or who had experienced this before with the AVK program. I had assumed that I needed to write an "advanced firewall rule" to stealth Port 110 and I though somene here would know how.
    I absolutely intend to use this program. I have not discarded it! It is here waiting to be re-installed. I came to this forum looking for suggestions on it.

    >"yet miraculous, hes installed 3-4 different firewalls in that limited
    timeframe to test this 110 issue?"<

    I tried the firewalls I have read about here on Wilders Forum---Outpost (which I liked vety much!) and sygate and zone alarm.
    It was very easy to downlaod them and install them and only took a
    brief moment each time. None of these solved the problem. ( I currently use Sygate)


    >"Are you sure you were running the same AVK i'm running mr. "new avk user"? I await your reply.."<

    The sceen looks like the one you have displayed here and I purchased it from here--

    http://www.boomerangsoftware.com/


    If you can explain to me how to show these screens like you have done here I can re-install the AVK program and go to Sheilds Up and display the screen shot from Sheilds Up. I just don't know how to do it. Obviously there is a way because you have done it here. I would be happy to display the Sheilds Up screen with Open Port 110 if you can tell me how.

    >"and I got my bets on who posted the stealthy troll-gen messages as "new avk user"....


    I have never posted here before (only to the Nod32 section once before under a differnt nickname)and I dont know anyone here.
    I don't know you unless you and I have perhaps met somehere.

    Look-I am trying to solve this problem and was considering buying a router as someone had suggested yesterday. That is probably a very good idea seeing as I have a broadband connection and that seems to be the best thing security wise. I have been reading of routers.

    I was not expecting such hostility to my posting.
    I am sorry I made such an upraor here. It was not my intention at all.
    I made a true comment ---a true comment-- and I was looking for help to a problem which is probably very simply solved by somone with more knowldge than I.


    >"Of course, you can add in the "Drama" he tries to create by throwing in that he was stalked by an online hacker"<

    Yes Sir. It has been a nightmare. I have been working with a person at WHOA ( http://www.haltabuse.org/ ) in regards to ending the stalking and bringing the stalker to legal prosecution but it is very difficult.
    That is actually how how I came to become interested in security and began reading here at this security forum. I am trying to learn how to be safe. That is how I came to know about open Ports. The stalker had broken onto my computer and also had destroed the website which had been made for me by my friends (an online Library) and which I run with a few friends of mine.

    Look--- I am not interested in arguing with you.
    This was not my intention to create any argument.
     
  19. new avk user

    new avk user Guest

    Furthermore I like your review and agree with it completely!
    Great program!
     
  20. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    125,798
    Location:
    Texas
    new avk user

    Get that router to go with your antivirus. The single best investment you can make on broadband.

    Why don't you register here at Wilders and hang around. Your questions will be answered. :)

    Most of the people here are very nice.
     
  21. new avk user

    new avk user Guest

    Dear Ranjor,
    Thank you for your kindness!
    This is off topic for this thread, but, can you recommend a router---one which is easily installed by someone who is not a "tech". I looked at quite a few at Circuit City last night. Is there one you can recommend to go with the broadband and the AVK?
    I will stop because I know we are off topic here. But if you can recommend a router I would appreciate your suggestion. I saw several from Netgear and Linsky. I didnt know which!
    Any suggestion would be appreciated with the main thing being that it can be installed by a dummy!
    Thank you for your kindness. I will register a new name and hang around----but not to argue with anyone! I am a person of peace.
    I have been reading here anonymously for awhile and learned a great deal. What a wonderful place.
    I wont take the thread off topic anymore! Please excuse me.
     
  22. Kobra

    Kobra Registered Member

    Joined:
    May 11, 2004
    Posts:
    129
    First, let me apologize for my suspicion. I'm highly dubious of some posts from anonymous posters at times - especially on this forum. So please accept my apologies. Now, as for your issue - which i've tried in vain to duplicate...

    I cannot duplicate this no matter how I try (on 3 different PC's), GRC with or without my hardware firewall active is reporting the port as closed, and I cannot seem to do anything to force AVK to hold it open. It appears by design to not allow this loophole.

    Honestly, from looking things over, AVK shouldn't have anything to do with holding port 110 open anyway, all it does is basically listen to the port, not open it.

    Theres two possible configurations for AVK in terms of mail scanning.

    1) Outlook Module Integration
    2) External POP3 Listening

    In outlook mode i'm not seeing any port 110 action other than the normal "Time-Wait" mode, which of course still reports as closed or stealthed at GRC.

    In POP3 Mode, my diags, show AVK is "Listening" to the POP3 110 port, but its not holding it open in any way, and merely listening to it for inbound and outbound mail to scan. GRC confirms, the port as closed or stealthed.

    I simply cannot create any situation where 110 is being held open - so i'm quite at a loss to explain your phenomenon.. Perhaps its a software firewall issue - I would think any good software firewall wouldn't let 110 be held open anyway?

    I've done all the testing I can do from my end, and honestly I just can't duplicate it. Perhaps the Gdata/eXpendia guys will have something they can add to this. Or maybe others using AVK can help you more.
     
  23. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    125,798
    Location:
    Texas
  24. diesel

    diesel Registered Member

    Joined:
    May 25, 2004
    Posts:
    21

    Linksys and netgear routers are both more than adequate and user friendly, and easy to get up and running. I use the linksys wireless G (with 4 hard wire ports) router myself. With my router, i have not seen any intruder make it past the router and to my computer (my software firewall logs show no intrusions, and this is on both zone alarm and outpost- trying to decide between the two)

    the reason why i like the software firewall so much isn't to keep the bad guys out (the router is more than adequate for this imo) but to prevent any trojans or such from "dialing" home. the software firewall will alert you anytime a new program tries do access the internet going out and allows you to approve and disapprove that traffic.
     
  25. Send_Derek

    Send_Derek Guest

    This might be opening up a new can of worms and going a little off the subject, but I'm going to ask it anyway...

    Obviously I'm a newbie... and I've been reading up on this site for about a week now, and I'm intrigued to learn about antivirus software and such... I've seen a lot on here that I've never even known about or ever heard before, and I'm interested in just about all of it. Especially this eXtendia AV.

    Here's the setup for the question: A while ago I used Norton... until I found out what a pile of crap it was taking up all of my system resources and not being able to actually fix the virus' that it detects. I switched over to Panda Antivirus Titanium 2004 becuase it just kinda fell into my hands. I tried it, and I loved it. I haven't ever looked back to Norton, and I've used Panda on all of my computers at home, and any other computer that I've fixed for people. And I've suggested it to many, many people and they have also made the switch.

    Here's the question: Everybody here has an extensive knowledge of AV software out there and I would like to know exactly how Panda AV compares to other AV software out there including eXtendia and any others you guys know about.

    I know that there isn't one right answer or one best AV program for everybody, but for the average home user (in most cases with a broadband connection) what comes the closest to "the best?".

    What do you think Kobra? Sandish? Everybody?

    Thanks so much for the help guys...
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.