What's your reaction on this?

Gkweb's has this recommendations on his site. What is your personal reaction to this?

"If you use Kaspersky Antivirus as your resident AV, you do not necessarely need an additional Anti-Trojan software since KAV has a good trojan detection rate also."

 

It's never the best advice to put all your eggs in one basket, but to spread the risk.

Personally I would still keep seperate anti-trojan software, much as in the same way that I use 2 anti-virus products. There is always a chance that one will miss something, and the other one will pick it up.

 

That he is right, for the majority this will be enough.

 

Hello,

note that I am not an AV expert, it is just my opinion for everyday use, but someone like IBK will have a better answer or opinion on the subject
KAV has a good trojan detection rate, but you can still use a separate AT if you want to add layers.

Regards,
gkweb.

 

It is really not a question of spreading the risk, but covering it. The risk is either covered or not. Rather than duplicating coverage to redress potential issues resulting from all AV's having less than 100% effectiveness, targeted mitigation of perceived gaps would seem more likely to yield a positive result.

While that statement is, in principle, true, you only run one AV realtime, which would suggest that a missed object would be revealed only on a demand scan. Given that coverage of spreading malware is a time dependent issue, you should try to gauge whether the expected time to cover is substantially longer than your mean time between your demand scans. For top tier programs and significant malware, the time to cover is generally short.

As for use of an AT, I do use one, although for one specific reason - it is a process memory scanner which I perceive as a very minor gap in my AV, sufficiently minor that I believe many/most folks are not operationally vulnerable.

As to the general question posed in the thread, I'd also say gkweb is correct and extend it somewhat beyond KAV/KAV engined AV's to include NOD32/NAV/McAfee/Avira for most low to moderate risk users.

Blue

 

not so fast?.......

https://www.wilderssecurity.com/showthread.php?t=118181

https://www.wilderssecurity.com/showthread.php?t=108266

Nothing is perfect, so everyone should have a backup behind their AV. Regardless of what AV they use, there is always something getting through. Those two threads are fairly recent,you can see it's still happening.

There is also a lot of commercial malware that the AVs won't handle for legal reasons, malware that's now being written by the kids who wrote those RATs back in the 90s to screw with people's machines. The "kids" have gone professional.

http://www.dslreports.com/forum/remark,15593654~days=9999~start=40

The same deal still applies.

Some of the software packages that were once considered ATs have evolved significantly and handle much more than the classic RATs. (BOClean, still wrongly considered an AT by many, went beyond RATs over 5 years ago, for example.) Security isn't static, don't choose software that is.

 

I believe gkweb is correct

 

Yep....even the folks that designed this web page

 

Yeah, I know. It's old. The new site isn't ready yet.

 

gkweb didn't say nothing wrong, so...

 

if i had KAV, i would keep an antitrojan. but only for on-demand scans not realtime. KAV gives a lot of protection and isnt light (as i would like) on my computers.

 

I've found a couple trojans that KAV missed. If I could find an "AT" (or "AT" that only "used to be" an "AT") that ran on my system without pissing me off every 20 seconds, I'd use it.

 

I agree that KAV does a good job detecting trojans.
But regardless of what A/V program I use, I still use an A/T program.

 

Nameless

BO Clean (after a short learning curve) has caused me less problems than anyother app.
If you have read any of my other posts you will appreciate that is really something

Does what it says with no fuss and great support.
it will have cost less than a postage stamp per week for me to date.
Cant find a post here where anyone who has got BOC has dumped it

$0.02 from me.

 

Well, then I'm the first, because I used BOClean, and dumped it. I bought it years ago and have hardly used it at all.

Yes, I've emailed support. I've devoted hours to nailing down the specific problems I had. For naught. I don't want to get into it.

Edit: Actually, I gave the wrong impression a couple posts above. TrojanHunter runs very well for me.

 

@Nameless

I dont want to push this, I'm just interested in your decision making and any "easy" reasons;

March 12 2006 you wrote

I am trying to decide how to rationalise my set-up and was thinking NOD and BO Clean.

What happened to make you decide otherwise?

Regards

 

I know people get passionate about their software, so let me preface this by saying that I was asked...

As for why I am not happy with NOD32...

NOD32 works well for me in general, but IMON annoys me. As far as I'm concerned, in fact, it's just plain awful. In order for it to be really effective, you need to use Higher efficiency mode. But I've found IMON likes to forget some of my settings, at irregular intervals, and for no apparent reason. And when the settings aren't forgotten, using Higher efficiency mode causes me other aggravating problems, such as images not loading on web pages. (That's just what happened to me a moment ago--I tried opening a particular web site, and JPG images weren't loading.) And even when that problem isn't in my face, there's the issue of how Higher efficiency mode works in the first place: IMON scans the whole file, and then passes it to the target application all at once. This can be annoying when you're doing things and not seeing applications respond as you initially expect.

I also have an issue with how Eset deals with sample submissions. I submitted a sample to them a few weeks ago, and detection still hasn't been added, nor did I receive a reply. Eset's policy is not to reply to submissions, so that isn't a surprise. Nor is the fact that detection wasn't added. Eset's policy on detection seems to hinge on how many customers are impacted. This may be understandable to some, but I personally prefer Kaspersky's approach: You send a legitimate sample, you get a reply within an hour or two, and detection is added around the same time. The issue has to do with manpower, as I've been told straight from the horse's mouth. But there is something fundamentally bothersome to me to think that malware that affects "only a few customers" isn't going to get any attention.

There is no need for anyone to explain or defend Eset's policies. I think the policies and the reasons behind them are pretty well known. If you're OK with it, great. If like me, you're not, I don't think you should have to worry about being made a pariah.

As for why I am not happy with BOClean...

As far as BOClean goes, I ran into a really annoying problem with it. I emailed support, and got several of the standard replies that blamed Microsoft, the weather, and everything else. Then I decided to get serious and really figure out what the problem was. So, I set up a clean install of WinXP in VMware, and found that the problem is with BOClean, period. Then, I reproduced it on my live system. Then, I reproduced it on a Win2K system in VMware. Then, feeling victorious, I emailed support with my detailed findings. No reply. After several days, I sent another note, just in case. Still no reply. Given the rapid-fire responses I got when the issue was still up in the air, the only conclusion I can draw from this is that when the problem is in BOClean, and not enough customers complain, you're completely out of luck.

Again, there is no need to come after me with torches and pitchforks. I can understand why things happen the way they do. If I were a software developer, and had only one customer affected by a problem, and I just didn't have the time to address it, I'd have to let it go, for the time being at least. (But I certainly wouldn't ignore the customer--that part I can neither understand nor agree with.)

So, I'm going to try KAV 6.0 or KIS 6.0 soon (it's in RC status now). If it works well for me, that's it--I wipe my hands of everything else. If KAV or KIS makes my system crash or replicates the feel of a P-33, as KAV 5.0 did before I dispensed with it, I'll stick with NOD32 (and maybe TrojanHunter, which runs very well for me).

But hey--if you don't mind the way NOD32 and IMON work, and if BOClean runs well for you, great. Use them.

-----------

I look forward to seeing if my Wilders logon still works in a day or two.

 

Thankyou for taking the time for such a detailed reply.

Regards.

 

Hi,

You said that you "found that the problem is with BOClean" but failed to let us know exactly what the "problem" was ?

I for one would be very interested to find out what you discovered, as i'm sure others will too.

It could be something unique to your setup and Apps etc, if not the more we precisely know about it the better all round.

BOC responses and solutions are usually the best in the business, so i'm a bit surprised by your experiences.

Thanks


StevieO

 

I'll look into what happened with Nameless' case. In the meantime, I do know for certain that BOClean does not work well with VMware. In order for BOClean to protetc the whole system it needs to see the whole system, not a simulation. That could be the full extent of the problem.

 

So what do you think is VMWare then? A "half-system"? There's nothing known what doesn't work under VMWare, except it was designed not to run under VMWare (Some worms and Bots having these checks to make automated analysing harder) The only difference what you have are the Device Vendor ID Strings. Example the CD-Rom has a special Device Vendor ID. The memory access (what BOClean is using) is not limited or restricted or in some way "other" than on a real machine. Only a bit slower, but you would have the same problem running BOClean on a normal machine with a lower CPU and less Memory.

 

Try new Defensewall (with Rollback-function) - it hasnt pissed me off yet.

Best Regards

 

Quote:
Originally Posted by Longboard
Cant find a post here where anyone who has got BOC has dumped it

I thought that i was the first, but perhaps my post was deleted ...

 

How long ago was that? We've been through a number of versions.

 

To be honest, i downloaded the latest version again, after 6 months,
have tested it for some weeks and dropped it again.
It came with the 2 steps mail upgrade i recived it on March 2 2006

I am still a licensed user, and if it is improved, i want test it again.
So i did and dropped it again.
Sorry, but in a forum you always see positive and negative posts.
I don't like the post negative reactions.
But i think it is fair, that readers can see that not all users are positive.