Rising AV - free edition

Discussion in 'other anti-virus software' started by pykko, Jun 24, 2008.

Thread Status:
Not open for further replies.
  1. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    Just add Opera to application protection, has teh same effect
     
  2. dw2108

    dw2108 Registered Member

    Joined:
    Jan 24, 2006
    Posts:
    480
    OK, I admit it. I'm addicted to Rising AV.
     
  3. clocks

    clocks Registered Member

    Joined:
    Aug 25, 2007
    Posts:
    2,772
    I like Rising AV (and FW) a lot so far.
     
  4. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
  5. clocks

    clocks Registered Member

    Joined:
    Aug 25, 2007
    Posts:
    2,772
  6. ghodgson

    ghodgson Registered Member

    Joined:
    Dec 20, 2003
    Posts:
    835
    Location:
    UK
    Hi Kees,.............I have..... but occasionally tweaking to a small degree to stop pop-ups whilst maintaining security--I hope.

    Gordon
     
  7. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    False Positive, plus by adding custom rules to HIPS your sort of concentrate on the core OS-functionality. When you use SBIE/SafeSpace/GW/DW it the behavioral protection only slows down your PC (while effectively adding very little to security, due to the Custom setup of Rising's HIPS)
     
    Last edited: Jul 22, 2008
  8. simmikie

    simmikie Registered Member

    Joined:
    Nov 11, 2006
    Posts:
    321
  9. dw2108

    dw2108 Registered Member

    Joined:
    Jan 24, 2006
    Posts:
    480
    I followed the photos you posted.

    Dave
     
  10. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    TIPS/suggestions for improvement, I will promise to collect them and ran some testing against it (to discover impact). I always like useability improvements (less pop-ups), so I welcome suggestions.

    Reason for doing so: my wife sort of allows every pop-up on the XP box, so user interaction should be as less as possible (is the weakest link in the chain anyway) and my son does not want game interfering on his Vista64 box.
     
  11. silver0066

    silver0066 Registered Member

    Joined:
    Dec 31, 2004
    Posts:
    989
    I was using NOD32 and Commodo D+ and WinPatrol. After a month, I got tired of the bloat in Commodo.

    So, for the last several days, thanks to your excellent posts, I have also tried DW with Threatfire and Alvira Antivir. I also tried GW, but had some problems.

    Now I have DW 2.45 beta and Rising AV and FW with your settings. I also switched WinPatrol for Anvir Task Manager after reading one of your posts. I kept Alvira for the right click Scan On Demand only for downloads, just as a double check. I use FD-ISR Pro and ShadowProtect for ISR and imaging.

    So far, your setup has been tight as a tick, fun to use, and very light on resources. Thanks to you I am really beginning to understand this stuff. Your help is much appreciated.

    Silver
     
  12. cruelsister

    cruelsister Registered Member

    Joined:
    Nov 6, 2007
    Posts:
    1,518
    Location:
    Paris
    Today I received an Email supposedly from UPS saying that a package was undeliverable. There was an attachment with the email (obviously malware). I did some checking and UPS is aware of it and sent out warnings. Panda was the first company out with a warning that the file contained a trojan.

    I had Rising on my system for a trial. I saved the attachment to a directory and had Rising scan it. Nothing found.

    Bye Bye Rising.
     
  13. silver0066

    silver0066 Registered Member

    Joined:
    Dec 31, 2004
    Posts:
    989
    If you had DW, that would not have been a problem as long as you have your mail reader set to Untrusted.
     
  14. zopzop

    zopzop Registered Member

    Joined:
    Apr 6, 2006
    Posts:
    642

    you know, not to sound like a rising apologist, but there are LOTS of times when certain AV software finds a virus that others miss. it's not just rising, heck check jotti any given day to see what i'm talking about.

    even if rising missed this one, it's HIPS would have been there to pick up the slack if it was run. this according to panda (the people who discovered this virus first) :
    http://pandalabs.pandasecurity.com/

    userinit.exe is one of the files SPECIFICALLY protected by rising HIPS.
     
    Last edited: Jul 22, 2008
  15. Arup

    Arup Guest

    Rising of all AVs has a different approach relying heavily on HIPS than just signatures alone which makes sense on a system that doesn't have net access or updates are not that frequent. I prefer it to just updates as there can be a gap between updates and getting infected. HIPS is the wave of future for all AVs, even Avira is conteplating it for their next version.
     
  16. cruelsister

    cruelsister Registered Member

    Joined:
    Nov 6, 2007
    Posts:
    1,518
    Location:
    Paris
    It seems that the assumption being made is that the HIPS portion of Rising is high quality. Personally I would question this as the AV already proved itself as lacking.

    Although I like to fish in troubled waters by trying new security products, I think that it's time to throw this one back.
     
  17. simmikie

    simmikie Registered Member

    Joined:
    Nov 11, 2006
    Posts:
    321
    my findings after updating Rising AV with Kees tweeks, is that the pop-up response increased with POC's, but on several after denying, Rising lacked the horsepower to actually halt the process manipulation. i had a very small malware collection (11) which i ran against Rising AV & FW. Rising stopped cold the first 8, got to 9 )trojan-psw.qqcy.12.b (not absolutely sure about the 'cy' and have since deleted) Rising poped-up, i clicked delete, trojan ran anyway, jumped Returnils system drive protection and infected my D & E drives. fortunately i had AVZ onboard which found and cleaned d:\d.exe and the same for E drive, as well as autorun.inf's.

    pretty disappointed, as i wanted Rising to replace my current primary snapshot security apps. i am sure my findings will meet with resistance, but it is what it is, and now Rising on my system is no longer.


    Mike
     
    Last edited: Jul 23, 2008
  18. zopzop

    zopzop Registered Member

    Joined:
    Apr 6, 2006
    Posts:
    642
    could it have been : trojan-psw.qqspy.12.b ? hmm i wish you still had the sample i'd love to test it against other popular HIPS.

    i agree, since rising mentions that it monitors global hooks as part of it's system reinforcement. what's more disappointing is that it seems that there's no way to contact these people to let them know what's going on.
     
  19. simmikie

    simmikie Registered Member

    Joined:
    Nov 11, 2006
    Posts:
    321
    to Risings credit, it did identify the trojan, but was unable to stop it from running. i am not well versed enough to know if it was bypassed by utilyzing hooks or not.

    i should be able to find the sample again. i will pm you when i do.


    Mike
     
  20. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    Mike good testing, I can not recal (on a different image now) whether I had set global hook testing on in System Reïnforcement.
     
  21. silver0066

    silver0066 Registered Member

    Joined:
    Dec 31, 2004
    Posts:
    989
    No, you didn't set it on. It is now set on in my setup.

    Thanks for the info.

    Silver
     
  22. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    Silver,

    Would you post a screenshot of it in the original thread, I am on a different image now

    Thanks
     
  23. silver0066

    silver0066 Registered Member

    Joined:
    Dec 31, 2004
    Posts:
    989
    Kees1958,

    Here you go. I also posted it in original thread.

    Silver
     

    Attached Files:

    Last edited: Jul 24, 2008
  24. bman412

    bman412 Registered Member

    Joined:
    Mar 4, 2008
    Posts:
    261
    Did anyone test RAV hips against aklt.exe keylogger test? I get varying results when I tested it but my general conclusion was that RAV hips fails against aklt.exe.
     
  25. simmikie

    simmikie Registered Member

    Joined:
    Nov 11, 2006
    Posts:
    321
    i did, and yes it does.


    Mike
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.