Rising AV - free edition

It's good to see a homemade AV discussed here.However,I have to say I can't provide a little support for this AV.
Rising is the most used AV in China for home users.There are several reasons I think:
1.Most home users don't care too much about security.
2.Some may care but don't know how.
3.Since they don't care or know how to,let alone pay some money for it.
4.Few of them ever heard of Avira or other AVs but they do know the "green umbrella" and the "yellow lion".Besides,it's free.

The main Reason I don't like it is:
Most infected computers I helped to treat were installed Rising AV(I'm no expert but got some virus knowledge).Those so severely infected computers were scanned with Rising AV and it told you "NOTHING!"I turned to other AVs and they might report dozens of viruses.

Maybe it's because those homemade viruses are also targeting Rising AV as well for it's the most famous AV here. So many of them can bypass Rising's detection so the result is usually "nothing".

Despite all of that,I think Rising is light and scans fast which is less important than the detection rate for an AV.

I don't know much about its HIPS.

 

In that case the VB tests are irrelevant it seems where Rising didn't' do a shabby job put up against some industry giants.

Rising's forte is prevention via its HIPS module and therein lies its basic problem when it comes to a home user or noob. Typically most casual users would have no idea to deal with HIPS pop ups and would usually allow them instead of blocking them thereby making it easy to get infected.

Overall I find Rising to be a refreshing change, its approach to AV is the future, Avira and Avast are already considering HIPS for their future offerings so all in all, Rising is a well balanced and free offering.

 

I actually purchased a license for rising in 2004 (i wonder if that old serial still works?)and used it for a while ,the gui was so much nicer then (a little cartoonish but a lot more pleasant on the eye).Wish i had some pics to show you, but alas i cant find any.Perhaps its my age but i really cant find anything attractive about this gui at all.
ellison64

 

I write software all day long, and recently switched to the 'dark side' - my Visual Studio code editor is now white text on dark gray. Its much easier on the eyes since I spend 10+ hours in front of my pc, and I've started switching other Windows apps to a dark theme as well.

 

After a Google on this topic, YOU'RE RIGHT! Also, Rising implies that the AV/HIPS works on 9x/ME on up, which is not the case. On 9x/ME systems, there is no HIPS option; however, there are other free HIPS for 9x/ME systems.

Dave

 

The HIPS is also inactive in x64 XP and Vista due to patch guard.

 

So hangon a minute - for Vista users there's no HIPS and the AV seems to be so-so, not as good as say Avira. So the only plus point in Rising's favor is its very light and fast?

 

That's my opinion.

 

x64 XP and Vista.

 

Only x64 OS like Vista x64 and XP x64, otherwise all features there and the HIPS more than makes up for the lack of any other attributes.

 

I see, I thought it was 32 and 64 bit Vista. Though I shoud've realised Vista32 doesn't prevent this sort of thing.

So a question, do other HIPS also not work on Vista 64 due to the driver protection? I guess this would also imply that HIPS is not needed on it because malware also can't do bad things.

 

Technically as far as I know, there are only few HIPS if any for x64, MS's own x64 Defender with Sprynet enabled is one. You don't need any HIPS on a x64 with LUA+SRP+DEP enabled and a AV. Comodo works as a full fledged HIPS+Firewall under x64.

 

Hi All, Arup and Kees,
I have been watching this thread with interest. As about 6 weeks ago my AVG 7.5 updated itself and thereafter would not work and crashed, I have tried a few AV's in the meantime but uninstalled them due to one reason or another. (slowing the system/hanging etc) so I have been 'naked' whilst surfing for that time, I was only running a hardened Opera browser/Kerio 4.1.5 firewall with customised settings and TF.
Yesterday I scanned my XP system with Super Antispyware/A squared, and Clamwin AV (on demand only), which showed my system was absolutely clean after being naked for 6 weeks !
After I installed Rising AV free and customised it as per Kees's suggestions. I am very happy with it so far,-- Running light and fine. ( RAV also didn't find anything on my PC on a full scan.)
Anyhow I have 2 questions about RAV.
Firstly, I see the installation wizard 'fires up' each time there is a smartupdate, why is this and is it neccessary ? Other Av's don't do this to update Virus definitions.
Second, I keep seeing an alert from Application potection -- attempted action of injection of DLL, requester-- Opera browser, the action data being kerio FW GKH/DLL, it is set to 'ASK'. The problem is the alert is gone before I get chance to do anything about it, I have looked but cannot see if the alerts can be configured to last a little longer. Any ideas?

Thanks and Regards Gordon

 

I have checked Silent SmartUpdate and never notice the daily update other than the increment of release number.

 

No such pop ups here as well and no HIPS due to x64 OS.

 

Thanks Wilbertnl and Arup, I will give it a try (silentmode) and see how that goes.

Gordon

 

hello i don't know if this has been mentioned but does anyone know where you can see what each update does?

i'm not talking about the relatively minor definition updates, but the major program updates. just today a whole lot of .dlls and exes were updated.

 

The Rising AV updates still haven't cured the unicode issue, as I thought had been corrected. And there are double-dot issues. Try renaming the EICAR test file exactly like this: a....[spaces bar space bar] ..js.php.txt .....com.
Does anyone find Rising catching a file so named. And if one does, try renaming it with Arabic or Russian fonts before the ... space .. .com. or worse, hidden characters.

Also, the AV alone is hooking certain keys which are best left alone for Windows to handle. Another week of this without a patch from Rising, and Rising is going to the recycle bin.

 

Hi , @dw2108
Did I do this rename correctly?This is the result I got from rising.

 

I get that too, but do you get the File Monitor alerting you while saving it or by trying to open it? Also do get that if spaces are in the name of the file?
Like this, maybe?

a<------------JUST BLANK SPACES HERE---------------------->@@@@.com

Just blank space between the a and .com

 

Hi, when opening.

 

For those using the HIPS feature, you may want to tweak the settings a bit. With system enforcement set on high which should protect a number of critical processes from termination, pskill still can terminate the processes.

Adding the processes to Application protection and refusing termination resolves this (hopefully )

 

I barely dare to say it to a Kerio user, but have a look at the rising FW or either remove tampering protection from Opera, because this can not controlled on program level (or in this case the Kerio dll)

Regards Kees

 

Better to use a custom setup as explained in https://www.wilderssecurity.com/showpost.php?p=1274286&postcount=57

 

Kees1958

thanks Kees, I really like my Kerio 4.1.5 (paid) FW and would be loathe to remove it. It has given me excellent service to date. So I have removed tampering protection from Opera, so will see how we go.
Cheers Gordon