pc tools antivirus

hi ppl

anyonw knows if pc tools AV protect against low level disk access like killdisk or robodog or this juila editor?


10x

 

Sorry! wat,s juila editor?

Thanks

 

its a tool for edit thr MBR

 

Download/ URL please?

 

dont have...just read it can edit / change thr mbr bypass some level of protection in some cases

cheers

 

Completely meaningless question.

Antivirus software don't protect you against malware based on what that malware does, and PC Tools' offering is no exception.

 

w00t?! lol ... yes they do if any program is trying access unusual area or unusual behavior they alert you . my simple question was if this pctools AV also got the ability to premofrm such and action.

10x

 

AVs are blacklists. They have signatures and heuristics. Signatures scan for specific snips of code. This is behavior independent. I'm not too sure on how each AV works in terms of heuristics but unless you are talking about behavior based heuristics, the question is unintelligible.

 

Use LUA, problem solved. LUA forbids low-level disk access and other tampering tricks (kernel drivers, access to physical memory, etc), so every security software (specially virtualization ones) becomes stronger.

Julie Lau's Sector Editor?

As others have said, an AV has no business detecting specific behaviours (unless talking about behaviour-based heuristics and even they're not fool-proof)

 

Link please?

P.S. Doing a search for "lua" reveals that it is the Hawaiian-language word for a latrine or toilet. Strange name for a software.

 

lua = limited user access

 

LUA means Limited User Account.

 

so , they have limited access . you're right.

 

LUA is a powerful system-wide "sandbox". Not only it makes your security software stronger (your security software will be running as ADMIN or SYSTEM and malware will run as LIMITED) it also guarantees a total recovery from a malware infection. Manipulation of the OS at its lowest levels is almost impossible, system folders are write-protected and restarting at bootup is reduced.

 

how do u gona aim to such adjustment ?

 

You are describing a HIPS or a behavior blocker, not an antivirus.

 

Creating a LUA

 

I use "Drop My Pants" -- ummm... I meant Drop My Rights. Mucho easy, & does the job.

 

Three situations:
- You double-click a custom-made desktop link pointing to the path of DMR. Your browser is executed with limited rights and the same is true for all its child processes (including malware if you are unlucky). All is OK.
- You receive a PDF file with embedded Javascript and links. You double-click one of those links and your browser is started with ADMIN privileges. Not good.
- You use DMR for all Internet-enabled applications (P2P, browser, IM, mail client, media player) but not for your PDF reader or Office suite or archive application. You receive an Office document/PDF file/ZIP file and you open it. Unfortunately, it carries exploit code for a vulnerability and shellcode is executed, which in turn downloads more malware which has free access to the kernel. Not good.

 

@lucas1985- Based on your comments I have added several more apps to DMR. Thanks! (Not as good as LUA, but I'm lazy. Besides... I got people.)

@all- Meanwhile, back at the thread.....

The bottom line (for me) is that PCT's antivirus is still based heavily on VirusBuster (VB) which is, I'm sad to say, a 3rd tier antivirus. Check HERE, for instance. Those tests by AV-Test.org show VB at <80% sigs, >3 FPs, Proactive= "slecht" (bad), rootkits= 2 missed. Truly a dismal showing.

I expect PCT-AV to get better, but it's not yet ready for prime time IMO.

 

On 3/19/2008 PCTools announced the release of PCT AV's version 4.0.0.26. Read about it at....
http://www.pctools.com/forum/showthread.php?t=51066

Evidently PCTools keeps plugging away at their AV application. It's one to watch. However, I'll take them more more seriously once they sign up to be tested by AV-test.org or AV-comparatives.