Trusty moonsecure?!

Discussion in 'other anti-virus software' started by computer geek, Apr 16, 2008.

Thread Status:
Not open for further replies.
  1. computer geek

    computer geek Registered Member

    Joined:
    Oct 6, 2007
    Posts:
    776
    AND

    What the hell?!!

    Hmm, for me, a long way to go......
     
  2. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    5,648
    Location:
    Hawaii
    Moon's real-time monitor is light & does the job. The Clam database of sigs, used by Moon, is ~85% detection for malware, & ~82% detection for ad & spyware.

    Zounds -- it's freeeee! In udder voids, it's bedah than nuttin. Arf*puppy*

    Go to The Moon HERE. It is certainly worthy of support, IMO.
     
  3. Macstorm

    Macstorm Registered Member

    Joined:
    Mar 7, 2005
    Posts:
    2,531
    Location:
    Sneffels volcano
    i wud ztey ewey from it :D
     
  4. thanatos_theos

    thanatos_theos Registered Member

    Joined:
    Apr 28, 2007
    Posts:
    540
    According here, MoonSecure's real-time is weak because it uses API hooks and is not a file system filter driver.

    OT: Those using ClamWin can use ClamMon (uses API hooks also) as their real-time in the mean time (at their own risk). ClamMon will only detect the nasty after you execute/run it.

    thanatos
     
  5. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    So it,s like OA AV?
     
  6. thanatos_theos

    thanatos_theos Registered Member

    Joined:
    Apr 28, 2007
    Posts:
    540
    Online Armor Antivirus? Sorry but I have not tried OA AV. Do you mean it only detects threat in real-time when the threat is executed/ran? I think MikeNash should be the one to answer.

    It seems that MoonSecure also lags in updating the ClamAV engine so I guess there's a difference in detection rate.

    thanatos
     
  7. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    As I know OA AV+ scans on execution in real time. By the way, I don,t think it to be less secure, as long as a malware is not executed it can,t damage. I guess scan on execution might have less impact on system performance than scan on disk read/ write.
     
  8. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    No a bad detection IMO. Atleast in this test it,s better than VB( used by PCTools AV).
     
  9. thanatos_theos

    thanatos_theos Registered Member

    Joined:
    Apr 28, 2007
    Posts:
    540
    You're right. However, according to alch (second post), the developer of ClamWin, API Hooks are easy to bypass.

    thanatos
     
  10. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    So this bypass may be by routine malware or some one must write a malware specifically targetted to bypass this AV? I am not sure.
     
  11. thanatos_theos

    thanatos_theos Registered Member

    Joined:
    Apr 28, 2007
    Posts:
    540
    I don't know about MoonSecure's but ClamMon installs as a service so I think, it can protect itself from being shutdown by malware :doubt:. ClamMon is still buggy but it seems ClamWin developers are interested in it.

    thanatos
     
  12. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    I am downloading it, just for a fun try.
     
  13. thanatos_theos

    thanatos_theos Registered Member

    Joined:
    Apr 28, 2007
    Posts:
    540
    Post the results of your "experiment" Dr. aigle :D. Thank you.

    MoonSecure is still in version 2. According here, version 3 will have 4 engines (1 signature-based, 3 heuristics :eek:). This reminds me of F-Prot.

    thanatos
     
  14. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    Hi, no testing, will just have a look on it for a very short time period before I sleep. Killing a bit of time.
     
  15. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    I tried it( beta version). It stopped malware on execution but there is significant dealy in launch of all applications. Back to my normal snapshot.

    2008-04-17_074903.jpg
    2008-04-17_075314.jpg
    2008-04-17_075558.jpg
    2008-04-17_080714.jpg
    2008-04-17_081000.jpg
     
  16. thanatos_theos

    thanatos_theos Registered Member

    Joined:
    Apr 28, 2007
    Posts:
    540
    Thank you aigle :).

    I believe it runs slow because it's written in Delphi and still a BETA. I hope the developers use C++ as their programming language in version 3. From the screenshoots, it seems they changed the GUI; much better than the former. Does the real-time scanner run as a service?

    Unlike ClamWin, MoonSecure doesn't rely solely on ClamAV definition updates. They also ask for and analyze samples. But I hope that like ClamWin, they integrate new engines by ClamAV faster.

    Let's wait for MoonSecure version 3 :).

    thanatos
     
    Last edited: Apr 17, 2008
  17. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    I did not checked closely but i I think I found only the two processes shown in the pic. I did not check the details.
     
  18. thanatos_theos

    thanatos_theos Registered Member

    Joined:
    Apr 28, 2007
    Posts:
    540
    I guess the real-time service is moontray.exe :doubt:.

    thanatos
     
  19. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    May be, I am not sure! Missed to check it. Actually I was disappointed by the unacceptable delay in applicatuions launch.
     
  20. computer geek

    computer geek Registered Member

    Joined:
    Oct 6, 2007
    Posts:
    776
    I also read, it had 25000 records of viruses.... Thats bad.
     
  21. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    I tried to install Moonsecure, but Sunbelt Personal Firewall, stopped the installation due to an intrusion attempt.
    My Rollback Intrusion Prevention System (R.I.P.S.) removed Moonsecure completely. :)
     
  22. computer geek

    computer geek Registered Member

    Joined:
    Oct 6, 2007
    Posts:
    776
    So, it also has compatibility issues too, which is bad for a small group of people.
    Couldn't you disable R.I.P.S. (what a grim name! :D) then install?
     
  23. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    Yes, I can but is it worth ?
    RIPS doesn't exist, it's my sense of humor concerning abbreviations, like HIPS, NIPS, ... so I created mine : RIPS. :D
     
  24. computer geek

    computer geek Registered Member

    Joined:
    Oct 6, 2007
    Posts:
    776
    Probobly not, after all, it is said it's resident shield is weaker then clam's...
     
  25. fax

    fax Registered Member

    Joined:
    May 30, 2005
    Posts:
    3,731
    Location:
    localhost
    It dependents on how the KAV SDK 5 package has been implemented. You can have read/write scanning just a matter of programming it.
    For example, in ZA implementation of KAV SDK engine very small files are checked on writing.

    Don't know about moonsecure but certainly KAV SDK hooks at kernel level and its not generally easy to kill.

    Cheers,
    Fax
     
Thread Status:
Not open for further replies.