Question relating to AVs and NTFS partitions

Discussion in 'other anti-virus software' started by Firecat, Feb 22, 2005.

Thread Status:
Not open for further replies.
  1. Firecat

    Firecat Registered Member

    Joined:
    Jan 2, 2005
    Posts:
    7,927
    Location:
    The land of no identity :D
    I was going through the RisingAV wbsite and they were advertising that Rising AV can remove, delete and kill virii in NTFS partitions...I thought other scanners can also do that right?

    They mentioned of some read and write problems with NTFS hard disks. Why is it difficult to remove a virus in an NTFS partition? KAV, McAfee, NOD, Dr.Web, BitDefender, Norton etc. can do this right?

    Someone please explain to me...

    Thanks in advance

    Regards,
    Firecat
     
  2. Capp

    Capp Registered Member

    Joined:
    Oct 16, 2004
    Posts:
    2,125
    Location:
    United States
    I haven't heard of an AV that has issues with NTFS. I think they are referring to the fact that NTFS locks down certain files to prevent access to and if they got infected, the AV might not be able to repair it. It isn't that difficult to program an application that will inherit admin rights from the registry and make the necessary changes (this is how some viruses and trojans work also).
     
  3. Firecat

    Firecat Registered Member

    Joined:
    Jan 2, 2005
    Posts:
    7,927
    Location:
    The land of no identity :D
    So such applications can obtain the admin rights and take the necessary action aginst the malware?
     
  4. Capp

    Capp Registered Member

    Joined:
    Oct 16, 2004
    Posts:
    2,125
    Location:
    United States
    Yes.

    For instance, where I work, users do not have privelages to install anything. But, software companies for spyware/malware/etc..develop their software to override that privelage and give the application proper rights to install.

    AV's can work the same way. They can get the access they need to delete files that the current user do not have access to.
     
  5. Firecat

    Firecat Registered Member

    Joined:
    Jan 2, 2005
    Posts:
    7,927
    Location:
    The land of no identity :D
    Well. Thanks a lot!

    But one thing I noticed was that my eScan would not scan the 'System Volume Information' folder on my NTFS Hard drives because access would be denied (it said so in the log, never got an alert)...why couldn't it, after all it can obtain admin rights and override the permissions right?

    Have a great day:)

    Regards,
    Firecat
     
  6. RejZoR

    RejZoR Registered Member

    Joined:
    May 31, 2004
    Posts:
    6,426
    Programs cannot take admin privileges. Otherwise there would be no point in having such restrictions right? All system wide programs require Admin rights,at least for installation. After that it can run logged on under Admin and running in restricted account.
     
  7. Ianb

    Ianb Registered Member

    Joined:
    Nov 26, 2004
    Posts:
    232
    Location:
    UK
    For a home user I see absolutely no advantage in running NTFS.
     
  8. Capp

    Capp Registered Member

    Joined:
    Oct 16, 2004
    Posts:
    2,125
    Location:
    United States

    Actually, they can. I can do it in Visual Basic with not much difficulty. I have a script I wrote that overrides the admin password on an NTFS machine. Now, most programs that do gain access don't keep it, just long enough to install their trash and leave, then they just run with whatever user is logged in.
     
  9. Capp

    Capp Registered Member

    Joined:
    Oct 16, 2004
    Posts:
    2,125
    Location:
    United States

    Good Practice!
     
  10. RejZoR

    RejZoR Registered Member

    Joined:
    May 31, 2004
    Posts:
    6,426
    Now thats something that i cannot agree.
    NTFS supports files larger than 4GB,data is almost impossible to corrupt (even on cold reset, you don't have to wait chkdsk). You can also use it on very large partitions where FAT32 simply fails. NTFS is the way to go,trust me.
     
  11. mikel108

    mikel108 Registered Member

    Joined:
    Dec 10, 2004
    Posts:
    1,057
    Location:
    SW Ontario, Canada
    I am confused o_O

    When I format my PC I have a FAT32 partition that is I think 32MB(?)

    The other partition is C. When I delete it, and go to format I get 2 choices.
    Quick or recommended formating in NTFS. There are no other choices for me. This is on a home PC.
     
  12. Firecat

    Firecat Registered Member

    Joined:
    Jan 2, 2005
    Posts:
    7,927
    Location:
    The land of no identity :D
    All my hard disk partitions are NTFS as I believe NTFS is ver stable and reliable.

    FAT32 partition means 32-bit not 32MB, you must have a counter displaying the amount of MB in thousands when you format...

    Windows XP mostly only provides you with NTFS if you're doing it from within Windows or from the command prompt.

    NTFS is the best, no need to consider FAT32.
     
  13. bigc73542

    bigc73542 Retired Moderator

    Joined:
    Sep 21, 2003
    Posts:
    23,873
    Location:
    SW. Oklahoma

    Panda and Nod antivirus will scan the system volune information folder (system restore) and clean malware found there. I have had both of them do it.

    bigc
     
Loading...
Thread Status:
Not open for further replies.