What's your reaction on this?

Discussion in 'other anti-trojan software' started by sweater, Mar 18, 2006.

Thread Status:
Not open for further replies.
  1. sweater

    sweater Registered Member

    Joined:
    Jun 24, 2005
    Posts:
    1,674
    Location:
    Philippines, the Political Dynasty Capital of the
    Gkweb's has this recommendations on his site. What is your personal reaction to this? :rolleyes: :cautious: o_O

    "If you use Kaspersky Antivirus as your resident AV, you do not necessarely need an additional Anti-Trojan software since KAV has a good trojan detection rate also."
     
  2. Syncman9

    Syncman9 Registered Member

    Joined:
    Jul 28, 2004
    Posts:
    113
    Location:
    UK
    It's never the best advice to put all your eggs in one basket, but to spread the risk.

    Personally I would still keep seperate anti-trojan software, much as in the same way that I use 2 anti-virus products. There is always a chance that one will miss something, and the other one will pick it up.
     
  3. Don Pelotas

    Don Pelotas Registered Member

    Joined:
    Jun 29, 2004
    Posts:
    2,257
    That he is right, for the majority this will be enough.:)
     
  4. gkweb

    gkweb Expert Firewall Tester

    Joined:
    Aug 29, 2003
    Posts:
    1,932
    Location:
    FRANCE, Rouen (76)
    Hello,

    note that I am not an AV expert, it is just my opinion for everyday use, but someone like IBK will have a better answer or opinion on the subject :)
    KAV has a good trojan detection rate, but you can still use a separate AT if you want to add layers.

    Regards,
    gkweb.
     
  5. BlueZannetti

    BlueZannetti Administrator

    Joined:
    Oct 19, 2003
    Posts:
    6,590
    It is really not a question of spreading the risk, but covering it. The risk is either covered or not. Rather than duplicating coverage to redress potential issues resulting from all AV's having less than 100% effectiveness, targeted mitigation of perceived gaps would seem more likely to yield a positive result.
    While that statement is, in principle, true, you only run one AV realtime, which would suggest that a missed object would be revealed only on a demand scan. Given that coverage of spreading malware is a time dependent issue, you should try to gauge whether the expected time to cover is substantially longer than your mean time between your demand scans. For top tier programs and significant malware, the time to cover is generally short.

    As for use of an AT, I do use one, although for one specific reason - it is a process memory scanner which I perceive as a very minor gap in my AV, sufficiently minor that I believe many/most folks are not operationally vulnerable.

    As to the general question posed in the thread, I'd also say gkweb is correct and extend it somewhat beyond KAV/KAV engined AV's to include NOD32/NAV/McAfee/Avira for most low to moderate risk users.

    Blue
     
  6. Nancy_McAleavey

    Nancy_McAleavey Expert Member

    Joined:
    Feb 10, 2002
    Posts:
    244
    Location:
    Voorheesville, NY, USA
    not so fast?.......

    https://www.wilderssecurity.com/showthread.php?t=118181

    https://www.wilderssecurity.com/showthread.php?t=108266

    Nothing is perfect, so everyone should have a backup behind their AV. Regardless of what AV they use, there is always something getting through. Those two threads are fairly recent,you can see it's still happening.

    There is also a lot of commercial malware that the AVs won't handle for legal reasons, malware that's now being written by the kids who wrote those RATs back in the 90s to screw with people's machines. The "kids" have gone professional.

    http://www.dslreports.com/forum/remark,15593654~days=9999~start=40

    The same deal still applies.

    Some of the software packages that were once considered ATs have evolved significantly and handle much more than the classic RATs. (BOClean, still wrongly considered an AT by many, went beyond RATs over 5 years ago, for example.) Security isn't static, don't choose software that is.
     
  7. FastGame

    FastGame Registered Member

    Joined:
    Jan 15, 2005
    Posts:
    677
    Location:
    Blasters worm farm
    I believe gkweb is correct ;)
     
  8. Bubba

    Bubba Updates Team

    Joined:
    Apr 15, 2002
    Posts:
    11,271
    Yep....even the folks that designed this web page :D ;)
     

    Attached Files:

  9. Nancy_McAleavey

    Nancy_McAleavey Expert Member

    Joined:
    Feb 10, 2002
    Posts:
    244
    Location:
    Voorheesville, NY, USA
    Yeah, I know. It's old. The new site isn't ready yet.
     
  10. rdsu

    rdsu Registered Member

    Joined:
    Jun 28, 2003
    Posts:
    4,456
    gkweb didn't say nothing wrong, so...
     
  11. WSFuser

    WSFuser Registered Member

    Joined:
    Oct 7, 2004
    Posts:
    10,632
    if i had KAV, i would keep an antitrojan. but only for on-demand scans not realtime. KAV gives a lot of protection and isnt light (as i would like) on my computers.
     
  12. nameless

    nameless Registered Member

    Joined:
    Feb 23, 2003
    Posts:
    1,184
    I've found a couple trojans that KAV missed. If I could find an "AT" (or "AT" that only "used to be" an "AT") that ran on my system without pissing me off every 20 seconds, I'd use it.
     
  13. the Tester

    the Tester Registered Member

    Joined:
    Jul 28, 2002
    Posts:
    2,854
    Location:
    The Gateway to the Blue Hills,WI.
    I agree that KAV does a good job detecting trojans.
    But regardless of what A/V program I use, I still use an A/T program.
     
  14. Longboard

    Longboard Registered Member

    Joined:
    Oct 2, 2004
    Posts:
    3,187
    Location:
    Sydney, Australia
    Nameless
    BO Clean (after a short learning curve) has caused me less problems than anyother app.
    If you have read any of my other posts you will appreciate that is really something

    Does what it says with no fuss and great support.
    it will have cost less than a postage stamp per week for me to date.
    Cant find a post here where anyone who has got BOC has dumped it

    $0.02 from me.
     
  15. nameless

    nameless Registered Member

    Joined:
    Feb 23, 2003
    Posts:
    1,184
    Well, then I'm the first, because I used BOClean, and dumped it. I bought it years ago and have hardly used it at all.

    Yes, I've emailed support. I've devoted hours to nailing down the specific problems I had. For naught. I don't want to get into it.

    Edit: Actually, I gave the wrong impression a couple posts above. TrojanHunter runs very well for me.
     
    Last edited: Mar 20, 2006
  16. Longboard

    Longboard Registered Member

    Joined:
    Oct 2, 2004
    Posts:
    3,187
    Location:
    Sydney, Australia
    @Nameless

    I dont want to push this, I'm just interested in your decision making and any "easy" reasons;

    March 12 2006 you wrote
    I am trying to decide how to rationalise my set-up and was thinking NOD and BO Clean.

    What happened to make you decide otherwise?

    Regards
     
  17. nameless

    nameless Registered Member

    Joined:
    Feb 23, 2003
    Posts:
    1,184
    I know people get passionate about their software, so let me preface this by saying that I was asked...

    As for why I am not happy with NOD32...

    NOD32 works well for me in general, but IMON annoys me. As far as I'm concerned, in fact, it's just plain awful. In order for it to be really effective, you need to use Higher efficiency mode. But I've found IMON likes to forget some of my settings, at irregular intervals, and for no apparent reason. And when the settings aren't forgotten, using Higher efficiency mode causes me other aggravating problems, such as images not loading on web pages. (That's just what happened to me a moment ago--I tried opening a particular web site, and JPG images weren't loading.) And even when that problem isn't in my face, there's the issue of how Higher efficiency mode works in the first place: IMON scans the whole file, and then passes it to the target application all at once. This can be annoying when you're doing things and not seeing applications respond as you initially expect.

    I also have an issue with how Eset deals with sample submissions. I submitted a sample to them a few weeks ago, and detection still hasn't been added, nor did I receive a reply. Eset's policy is not to reply to submissions, so that isn't a surprise. Nor is the fact that detection wasn't added. Eset's policy on detection seems to hinge on how many customers are impacted. This may be understandable to some, but I personally prefer Kaspersky's approach: You send a legitimate sample, you get a reply within an hour or two, and detection is added around the same time. The issue has to do with manpower, as I've been told straight from the horse's mouth. But there is something fundamentally bothersome to me to think that malware that affects "only a few customers" isn't going to get any attention.

    There is no need for anyone to explain or defend Eset's policies. I think the policies and the reasons behind them are pretty well known. If you're OK with it, great. If like me, you're not, I don't think you should have to worry about being made a pariah.

    As for why I am not happy with BOClean...

    As far as BOClean goes, I ran into a really annoying problem with it. I emailed support, and got several of the standard replies that blamed Microsoft, the weather, and everything else. Then I decided to get serious and really figure out what the problem was. So, I set up a clean install of WinXP in VMware, and found that the problem is with BOClean, period. Then, I reproduced it on my live system. Then, I reproduced it on a Win2K system in VMware. Then, feeling victorious, I emailed support with my detailed findings. No reply. After several days, I sent another note, just in case. Still no reply. Given the rapid-fire responses I got when the issue was still up in the air, the only conclusion I can draw from this is that when the problem is in BOClean, and not enough customers complain, you're completely out of luck.

    Again, there is no need to come after me with torches and pitchforks. I can understand why things happen the way they do. If I were a software developer, and had only one customer affected by a problem, and I just didn't have the time to address it, I'd have to let it go, for the time being at least. (But I certainly wouldn't ignore the customer--that part I can neither understand nor agree with.)

    So, I'm going to try KAV 6.0 or KIS 6.0 soon (it's in RC status now). If it works well for me, that's it--I wipe my hands of everything else. If KAV or KIS makes my system crash or replicates the feel of a P-33, as KAV 5.0 did before I dispensed with it, I'll stick with NOD32 (and maybe TrojanHunter, which runs very well for me).

    But hey--if you don't mind the way NOD32 and IMON work, and if BOClean runs well for you, great. Use them.

    -----------

    I look forward to seeing if my Wilders logon still works in a day or two.
     
  18. Longboard

    Longboard Registered Member

    Joined:
    Oct 2, 2004
    Posts:
    3,187
    Location:
    Sydney, Australia
    Thankyou for taking the time for such a detailed reply.

    Regards.
     
  19. StevieO

    StevieO Registered Member

    Joined:
    Feb 2, 2006
    Posts:
    1,067
    Hi,

    You said that you "found that the problem is with BOClean" but failed to let us know exactly what the "problem" was ?

    I for one would be very interested to find out what you discovered, as i'm sure others will too.

    It could be something unique to your setup and Apps etc, if not the more we precisely know about it the better all round.

    BOC responses and solutions are usually the best in the business, so i'm a bit surprised by your experiences.

    Thanks


    StevieO
     
  20. Nancy_McAleavey

    Nancy_McAleavey Expert Member

    Joined:
    Feb 10, 2002
    Posts:
    244
    Location:
    Voorheesville, NY, USA
    I'll look into what happened with Nameless' case. In the meantime, I do know for certain that BOClean does not work well with VMware. In order for BOClean to protetc the whole system it needs to see the whole system, not a simulation. That could be the full extent of the problem.
     
  21. Happy Bytes

    Happy Bytes Guest

    :D So what do you think is VMWare then? A "half-system"? There's nothing known what doesn't work under VMWare, except it was designed not to run under VMWare (Some worms and Bots having these checks to make automated analysing harder) The only difference what you have are the Device Vendor ID Strings. Example the CD-Rom has a special Device Vendor ID. The memory access (what BOClean is using) is not limited or restricted or in some way "other" than on a real machine. Only a bit slower, but you would have the same problem running BOClean on a normal machine with a lower CPU and less Memory.
     
  22. Rivalen

    Rivalen Registered Member

    Joined:
    Oct 18, 2005
    Posts:
    413
    Try new Defensewall (with Rollback-function) - it hasnt pissed me off yet.

    Best Regards
     
  23. tuatara

    tuatara Registered Member

    Joined:
    Apr 7, 2004
    Posts:
    772
    Quote:
    Originally Posted by Longboard
    Cant find a post here where anyone who has got BOC has dumped it

    I thought that i was the first, but perhaps my post was deleted ...
     
  24. Nancy_McAleavey

    Nancy_McAleavey Expert Member

    Joined:
    Feb 10, 2002
    Posts:
    244
    Location:
    Voorheesville, NY, USA
    How long ago was that? We've been through a number of versions.
     
  25. tuatara

    tuatara Registered Member

    Joined:
    Apr 7, 2004
    Posts:
    772
    To be honest, i downloaded the latest version again, after 6 months,
    have tested it for some weeks and dropped it again.
    It came with the 2 steps mail upgrade i recived it on March 2 2006

    I am still a licensed user, and if it is improved, i want test it again.
    So i did and dropped it again.
    Sorry, but in a forum you always see positive and negative posts.
    I don't like the post negative reactions.
    But i think it is fair, that readers can see that not all users are positive.
     
Thread Status:
Not open for further replies.