SpIDerGuard v4.33 fixed?

Discussion in 'other anti-virus software' started by Blackcat, Oct 24, 2005.

Thread Status:
Not open for further replies.
  1. Benvan45

    Benvan45 Registered Member

    Joined:
    Jul 27, 2004
    Posts:
    556
    It all makes it very misty, as far as I am concerned. If this is what it takes, to see some version ........!! I can imagine, a lot of people get all confused!

    ;) Putin
     
  2. fredra

    fredra Registered Member

    Joined:
    Jul 25, 2004
    Posts:
    366
    Hi FF
    I had asked that same question before... https://www.wilderssecurity.com/showthread.php?t=100841&page=3 #52...refer to Putins response in #53 and shortys response in #54
    I hope that helps.
    Cheers :)
     
  3. Bob

    Bob Registered Member

    Joined:
    Apr 29, 2002
    Posts:
    49
    Here is a screendump.
    52 sec for a 58 Mb file.
    And I even have a WD Raptor harddisk.
    Bob
     

    Attached Files:

  4. Firefighter

    Firefighter Registered Member

    Joined:
    Oct 28, 2002
    Posts:
    1,670
    Location:
    Finland
    I thought that the protecting of the "drwb32.ini" file was in the miscellaneous section in here.

    Best regards,
    Firefighter!
     

    Attached Files:

    • SG_2.gif
      SG_2.gif
      File size:
      21.6 KB
      Views:
      293
  5. Benvan45

    Benvan45 Registered Member

    Joined:
    Jul 27, 2004
    Posts:
    556
    Thanks for the screenshot, but indeed it takes a hell of a long time, but it is faster now than before service upgrade.
    Keep wondering why Technodrome is not having this problem!

    ;) Putin
     
  6. Firefighter

    Firefighter Registered Member

    Joined:
    Oct 28, 2002
    Posts:
    1,670
    Location:
    Finland
    Is the SpIDer Guard "enhanced protection mode" something like this what I found from the "en-spider" help file?

    Best regards,
    Firefighter!
     

    Attached Files:

  7. Technodrome

    Technodrome Security Expert

    Joined:
    Feb 13, 2002
    Posts:
    2,140
    Location:
    New York
    Are you running anything else besides DrWeb (AT or any other security tool)?


    tD
     
  8. Firefighter

    Firefighter Registered Member

    Joined:
    Oct 28, 2002
    Posts:
    1,670
    Location:
    Finland
    I think that you need to try this again. Uncheck the "Protect Dr.Web configuration file" option first as you can see in my post 29. in here. Just choose the "change" and it will be restored. Look at my settings in my post 67.

    https://www.wilderssecurity.com/showthread.php?t=100841&page=3


    Best regards,
    Firefighter!
     
    Last edited: Oct 25, 2005
  9. fredra

    fredra Registered Member

    Joined:
    Jul 25, 2004
    Posts:
    366
    Hi FF
    The screen shot shown appears to be for 4.32b (I have that help file screen also).
    I had "Disable Enchanced Protection Mode" ticked and in "File Types", I had "All Files".
    As a test, I removed the tick mark for "Disabe Enchanced Protection Mode" ( I presume that it is now activated) and in "File Types" changed to "By Format" (which I think is the default).
    I have not changed anything in the "ini" files, as I need to know what changes affect the overall operation.
    The help file has been improved, however, it is still showing 4.32 screen shots.
    I will run it in this configuration and see the results.
    Cheers :)
     
  10. Benvan45

    Benvan45 Registered Member

    Joined:
    Jul 27, 2004
    Posts:
    556
    No, nothing at all!

    Putin
     
  11. Blackcat

    Blackcat Registered Member

    Joined:
    Nov 22, 2002
    Posts:
    4,024
    Location:
    Christchurch, UK
    I doubt it as kernal protection is only available in non-NT systems.

    It may be due to the new "background" scanning of files. There is a Documentation file in the Downloads section which might give some information about this new scanning mode but at the present time it appears to be a dead link. I do wish that they would produce a proper and detailed help-File within the program.

    The changes in the new "service upgrade" are now on the main site.

    Putin, do you see the same slowdown on deleting files with just the DEFAULT file settings of SpiDerGuard?

    Bob seems to have the same problem as you, whereas other users are seemingly running SG without any problems at all. So at the present time you may decide not to stay with DW. As I stated before, it may simply be a conflict between SG and your software/hardware configuration on YOUR computer.

    I have the same problem with F-Prot for Windows; I cannot run the present version because of high CPU usage yet other users report no such problem. Just the role of the dice in some cases.
     
    Last edited: Oct 25, 2005
  12. shorty1

    shorty1 Registered Member

    Joined:
    Oct 20, 2004
    Posts:
    97
    Location:
    Vermont
    Yes, my speculation that enhanced protection mode protected the ini file is incorrect. Sorry, must have had a brain cramp. I only noticed that enhanced protection mode tick box in the control panel a couple days ago. Guess I don't peruse that panel very often. I do recall reading somewhere, and I think Blackcat is on the right track, that enhanced protection involves scanning of certain files at a later time when the computer was "idle" so as to save cpu's. I also recall now of reading there was some problems with Spider Guard's determination of when the computer was idle not always coinciding with the users opinion of the computer being at rest. :)

    As for the problem some people are seeing with large files if some of these users would copy/paste the contents of the drweb32.ini file others could take a look and see if anything looked amiss.
    Having said that I don't think it is a settings problem but rather it is a conflict and/or a bug with Dr Web.
     
  13. Benvan45

    Benvan45 Registered Member

    Joined:
    Jul 27, 2004
    Posts:
    556
    Yes, the same slowdown with default settings with "all files" checked (file types tab). That's the only thing different.

    But I uninstalled Dr. Web again and won't re-install, as I'm happy with Nod32 now and I don't want to put anymore energy in this matter, as I'm totally confused. If it is a conflict between Spider Guard and my soft- hardware, it won't be an easy matter to figure this out. My computer runs like oil with 4.32b, never any problems......nothing changed regarding soft- hardware, but after upgrading to 4.33, hell comes loose. I am convinced for 100%, that it is a bug in 4.33.
    The only way to run 4.33 as smooth as 4.32, is to uncheck archive scanning and adding the recycle bins to the excluded section. But again, I don't believe this should be needed.

    So, in closing......I'll follow this thread, but won't be able to try things out anymore with Dr. Web as I uninstalled it for the last time.

    Hope everything will ever be sorted out!

    ;) Putin
     
    Last edited: Oct 25, 2005
  14. Serge Popov

    Serge Popov Guest

    As was already mentioned, it adds the background scanning feature. There are several factors to take into consideration:

    1. Anti-virus must be as secure as possible - scan more, scan deeper, use heuristics, use proactive methods, control access to vital parts of operating system and configuration.
    2. Anti-virus is, after all, just a utility program, so it must be light and quiet. It must not steal resources from other programs.
    3. It must be simple enough, so you dont have to learn too much about protection and security.

    So working modes were invented. As to SpIDer Guard, these are: Smart, RunAndOpen, CreateAndWrite. Smart is the default mode, providing good security for little price. Being a compromise, it has its drawbacks, too. In Smart mode SpIDer Guard would scan only objects what were opened for writing access on local volumes, and all objects on removable and network volumes. It works fine until you miss a virus definitions database update, or turn SpIDer Guard off for some time, so the system gets infected. After that SpIDer Guard would not catch a virus, because its already here, and launching a program (virus) from existing file does not encur write access to it - so SpIDer Guard would not catch and scan it.

    Background scanning is a tradeoff between speed and security. Any object what wont be scanned otherwise goes to background scanning engine. So, Smart mode continues to scan files what are being modified or created, and background scan (enhanced protection mode) takes over the rest. It tries to minimize its impact on user's experience, doing its job only when computer is idle. What idle really mean? The most important part for SpIDer Guard, as an anti-virus on-access monitor, is disk input/output activity. As you open a program, or search for files, background scan stops and waits until you are done. It pays much less attention to cpu, keyboard or mouse activity.
     
  15. Benvan45

    Benvan45 Registered Member

    Joined:
    Jul 27, 2004
    Posts:
    556
    Great explanation of this feature and should be clear now, what it does.

    ;) Putin
     
  16. Serge Popov

    Serge Popov Guest

    With release of version 4.33 Dr.Web anti-virus had been greatly improved in many areas. Most of them are under the hood and are not so bright as new icons or skins. This new version knows more archive and packer formats, better heuristics, new options, new types of malware and so on. Its really sad what some things were not properly tested with this release, but things are getting better. So I hope you'll later change you mind and try Dr.Web once more.

    As far as we talk about on-access monitors, beware that NOD32' AMON does not scan archives on the fly, while SpIDer Guard does. Its the real cause of your problems with moving a huge file to recycle bin (this file is actually a compound object what SpIDer Guard unpacks and scans on-the-fly). This kind of compound objects was unknown to version 4.32, thus it looks faster.

    Anyway, its your choice. Be safe.
     
  17. Benvan45

    Benvan45 Registered Member

    Joined:
    Jul 27, 2004
    Posts:
    556
    Dear Serge,

    Thanks for your reply, but will this unpacking and scanning on-the-fly remain the way it is? I understand that it is important for the proper security and I would have to accept this. I think it is still causing a terrible slowdown.
    Like stated here before, to avoid this slowdown, one would have to disable archive scanning, but I don't agree with this at all.
    So, I hope things can be sped up a bit in a next service update.

    As for Nod32 Amon, it scans: Self-extracting archives - enables internal scan of self-extracting archives.

    Good luck ! ;)

    Putin
     
  18. Technodrome

    Technodrome Security Expert

    Joined:
    Feb 13, 2002
    Posts:
    2,140
    Location:
    New York
    There is a bit difference between self-extracting archive scanning and actual archive scanning. As pointed here AMON does not scan archives for the sake of real time scan speed.


    tD
     
  19. Blackcat

    Blackcat Registered Member

    Joined:
    Nov 22, 2002
    Posts:
    4,024
    Location:
    Christchurch, UK
    Maybe for the next major Dr Web for Windows release you will consider more open and longer beta-testing?

    Great to see someone from Dr Web popping in.

    Serge, a warm welcome and I hope you can regularly drop by from time to time ;)
     
  20. Firefighter

    Firefighter Registered Member

    Joined:
    Oct 28, 2002
    Posts:
    1,670
    Location:
    Finland
    Is it actually so that SpIDer Guard is now capable to scan MUCH DEEPER some compound objects, which the former 4.32b version couldn't and left so some possible infections undetected? If this is the case, so many other scanners couldn't either detect those possible infections there with their fast scan results.

    I have excluded two "exe" files from scanning in my DrWeb now, one of them is the K-Lite Mega Codec Pack 1.39 Beta 4 installer (about 28 Megs), "klmcodec139beta4.exe", which I think is a compound object too. But when I removed that file from excluded files and made an On-Demand scan of it, it took 4 min 17 sec and after that I knew that it was clean (1 min 42 sec after I increased the scan priority from 60 % to 90 % and the number of totally scanned objects was 416 in that sample). How could I know that it was clean by an other scanner which was not so good in unpacking? I'm ready to exclude some files from scanning after that I have done a full On-Demand scan of them, I have still over 240k+ files to protect by SpIDer Guard after all this. :)

    Best regards,
    Firefighter!
     

    Attached Files:

    Last edited: Oct 26, 2005
  21. Benvan45

    Benvan45 Registered Member

    Joined:
    Jul 27, 2004
    Posts:
    556
    Thanks for the info, I was not aware of this! In Amon, I have checked "all files" on the 'extensions' tab. Which other good scanners will do archive scanning at a reasonable speed? Kav?

    ;) Putin
     
  22. shorty1

    shorty1 Registered Member

    Joined:
    Oct 20, 2004
    Posts:
    97
    Location:
    Vermont
    Serge,
    Thank you for the clear and informative answers to some lingering questions about Dr Web. I certainly appreciate you taking the time to do that. I, too, hope to see you stop by now and then to keep us informed. Again, thank you.
     
  23. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    6,839
    Location:
    Hawaii
    @Serge- A superb explanation!! Thank you. I hope you post here often in the future.
     
  24. jubilee

    jubilee Registered Member

    Joined:
    Jan 9, 2005
    Posts:
    22
    i have an trial version of the drweb but i have some problems


    i have some programs written in foxpro for dos, which is essential for my business.

    i have an win2000 computer, and with spiderguard loaded, when i want to load this programs, i experience some stops and delays in response of them.


    i know that this programs consume a lot of cpu because the lack of dos support in win2000, but in f-secure or in avast, this delays doesn't appear.

    thank's
     
  25. fredra

    fredra Registered Member

    Joined:
    Jul 25, 2004
    Posts:
    366
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.