pc tools antivirus

Discussion in 'other anti-virus software' started by demoneye, Feb 11, 2008.

Thread Status:
Not open for further replies.
  1. demoneye

    demoneye Registered Member

    Joined:
    Dec 30, 2007
    Posts:
    1,356
    Location:
    ISRHell
    hi ppl

    anyonw knows if pc tools AV protect against low level disk access like killdisk or robodog or this juila editor?


    10x:)
     
  2. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    Sorry! wat,s juila editor?

    Thanks
     
  3. demoneye

    demoneye Registered Member

    Joined:
    Dec 30, 2007
    Posts:
    1,356
    Location:
    ISRHell
    its a tool for edit thr MBR :)
     
  4. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    Download/ URL please?
     
  5. demoneye

    demoneye Registered Member

    Joined:
    Dec 30, 2007
    Posts:
    1,356
    Location:
    ISRHell
    dont have...just read it can edit / change thr mbr bypass some level of protection in some cases

    cheerso_O
     
  6. solcroft

    solcroft Registered Member

    Joined:
    Jun 1, 2006
    Posts:
    1,639
    Completely meaningless question.

    Antivirus software don't protect you against malware based on what that malware does, and PC Tools' offering is no exception.
     
  7. demoneye

    demoneye Registered Member

    Joined:
    Dec 30, 2007
    Posts:
    1,356
    Location:
    ISRHell
    w00t?! lol ... yes they do if any program is trying access unusual area or unusual behavior they alert you . my simple question was if this pctools AV also got the ability to premofrm such and action.

    10x:)
     
  8. jrmhng

    jrmhng Registered Member

    Joined:
    Nov 4, 2007
    Posts:
    1,268
    Location:
    Australia
    AVs are blacklists. They have signatures and heuristics. Signatures scan for specific snips of code. This is behavior independent. I'm not too sure on how each AV works in terms of heuristics but unless you are talking about behavior based heuristics, the question is unintelligible.
     
  9. lucas1985

    lucas1985 Retired Moderator

    Joined:
    Nov 9, 2006
    Posts:
    4,047
    Location:
    France, May 1968
    Use LUA, problem solved. LUA forbids low-level disk access and other tampering tricks (kernel drivers, access to physical memory, etc), so every security software (specially virtualization ones) becomes stronger.
    Julie Lau's Sector Editor?

    As others have said, an AV has no business detecting specific behaviours (unless talking about behaviour-based heuristics and even they're not fool-proof)
     
  10. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    5,648
    Location:
    Hawaii
    Link please?

    P.S. Doing a search for "lua" reveals that it is the Hawaiian-language word for a latrine or toilet. Strange name for a software. :p
     
  11. mrhero

    mrhero Registered Member

    Joined:
    Jul 15, 2005
    Posts:
    297
    Location:
    Ankara , Turkey
    lua = limited user access:D
     
  12. lucas1985

    lucas1985 Retired Moderator

    Joined:
    Nov 9, 2006
    Posts:
    4,047
    Location:
    France, May 1968
  13. mrhero

    mrhero Registered Member

    Joined:
    Jul 15, 2005
    Posts:
    297
    Location:
    Ankara , Turkey
    so , they have limited access :p . you're right.
     
  14. lucas1985

    lucas1985 Retired Moderator

    Joined:
    Nov 9, 2006
    Posts:
    4,047
    Location:
    France, May 1968
    LUA is a powerful system-wide "sandbox". Not only it makes your security software stronger (your security software will be running as ADMIN or SYSTEM and malware will run as LIMITED) it also guarantees a total recovery from a malware infection. Manipulation of the OS at its lowest levels is almost impossible, system folders are write-protected and restarting at bootup is reduced.
     
  15. demoneye

    demoneye Registered Member

    Joined:
    Dec 30, 2007
    Posts:
    1,356
    Location:
    ISRHell
    how do u gona aim to such adjustment o_O?
     
  16. ggf31416

    ggf31416 Registered Member

    Joined:
    Aug 20, 2006
    Posts:
    314
    Location:
    Uruguay
    You are describing a HIPS or a behavior blocker, not an antivirus.
     
  17. lucas1985

    lucas1985 Retired Moderator

    Joined:
    Nov 9, 2006
    Posts:
    4,047
    Location:
    France, May 1968
    Creating a LUA
     
  18. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    5,648
    Location:
    Hawaii
  19. lucas1985

    lucas1985 Retired Moderator

    Joined:
    Nov 9, 2006
    Posts:
    4,047
    Location:
    France, May 1968
    Three situations:
    - You double-click a custom-made desktop link pointing to the path of DMR. Your browser is executed with limited rights and the same is true for all its child processes (including malware if you are unlucky). All is OK.
    - You receive a PDF file with embedded Javascript and links. You double-click one of those links and your browser is started with ADMIN privileges. Not good.
    - You use DMR for all Internet-enabled applications (P2P, browser, IM, mail client, media player) but not for your PDF reader or Office suite or archive application. You receive an Office document/PDF file/ZIP file and you open it. Unfortunately, it carries exploit code for a vulnerability and shellcode is executed, which in turn downloads more malware which has free access to the kernel. Not good.
     
  20. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    5,648
    Location:
    Hawaii
    @lucas1985- Based on your comments I have added several more apps to DMR. Thanks! (Not as good as LUA, but I'm lazy. Besides... I got people.)

    @all- Meanwhile, back at the thread.....

    The bottom line (for me) is that PCT's antivirus is still based heavily on VirusBuster (VB) which is, I'm sad to say, a 3rd tier antivirus. Check HERE, for instance. Those tests by AV-Test.org show VB at <80% sigs, >3 FPs, Proactive= "slecht" (bad), rootkits= 2 missed. Truly a dismal showing.

    I expect PCT-AV to get better, but it's not yet ready for prime time IMO.
     
  21. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    5,648
    Location:
    Hawaii
    On 3/19/2008 PCTools announced the release of PCT AV's version 4.0.0.26. Read about it at....
    http://www.pctools.com/forum/showthread.php?t=51066

    Evidently PCTools keeps plugging away at their AV application. It's one to watch. However, I'll take them more more seriously once they sign up to be tested by AV-test.org or AV-comparatives.
     
Loading...
Thread Status:
Not open for further replies.