aMule Forum

Please login or register.

Login with username, password and session length
Advanced search  

News:

We're back! (IN POG FORM)

Author Topic: Antivirus Discussion (Was: New Windows Installer)  (Read 6445 times)

User294

  • Newbie
  • *
  • Karma: 1
  • Offline Offline
  • Posts: 41
Antivirus Discussion (Was: New Windows Installer)
« on: November 02, 2008, 06:02:16 AM »

Btw, any antivirus can falsely detect virus even if there is no any viruses.
Crappy antiviruses doing this quite frequently and matured and proven antiviruses are doing this rarely (but still can issue false alarm sometimes).
And AVG and NOD32 are relatively new and quite crappy antiviruses. If you so need to use Windows why not to use at least some decent antivirus instead of these half-baked and poorly supported ones? BTW, good antiviruses also usually have a good support team which resolves issues with false alarms quickly (this usually requires just minor update to antivirus database).
Logged

Vollstrecker

  • Global Moderator
  • Hero Member
  • *****
  • Karma: 65
  • Offline Offline
  • Posts: 1471
  • Unofficial Debian Packager
    • http://vollstreckernet.de
Antivirus Discussion (Was: New Windows Installer)
« Reply #1 on: November 02, 2008, 01:23:49 PM »

Man come down. NOD32 was one of the best apps in the past. Their identification rate was really good, in current version it went down a bit. And AVG is in this years version one of the best in signature and heuristics. Go and get current Release of c't to read it.
Logged
Homefucking is killing prostitution

Nil Einne

  • Newbie
  • *
  • Karma: 1
  • Offline Offline
  • Posts: 17
Antivirus Discussion (Was: New Windows Installer)
« Reply #2 on: November 06, 2008, 12:18:12 PM »

Btw, any antivirus can falsely detect virus even if there is no any viruses.
Crappy antiviruses doing this quite frequently and matured and proven antiviruses are doing this rarely (but still can issue false alarm sometimes).
And AVG and NOD32 are relatively new and quite crappy antiviruses. If you so need to use Windows why not to use at least some decent antivirus instead of these half-baked and poorly supported ones? BTW, good antiviruses also usually have a good support team which resolves issues with false alarms quickly (this usually requires just minor update to antivirus database).

I have to agree with Voll here, you clearly have no idea what you're talking about. While I don't use it myself,  I've heard of a lot of good things about NOD32 (which I've recommended to people) and AVG to a lesser extent. According to the wikipedia article, NOD32 has been around since the early 1990s (and I don't see any reason to distrust that, I recall it from the late 90s at least) and AVG as a company since 1991 (it's not clear if they started anti-virus then but since it's one of their primary business, I would guess so). Calling these 'relatively new' is ridiculous. Norton AV came out in 1990, Kaspersky was in 1997! Not sure about PC-cilin, but since Trend Micro was 1988, it can't be earlier then then I guess.

I can't of course speak of either's support. But when I looked into detection rates, a long time ago, NOD32 was the best (in independent tests). They did have a slightly higher false positive rate (I believe it was like 3 or 4 more) but for most users, a false negative is far worse then a false positive. Obviously if a AV has too high a false positive, it will get annoying and inexperienced users will probably take to ignoring the warnings which is not a good thing (experience users will helpfully dump the POS and choose something more suitable for their needs). But if it's just slightly higher, and that comes with a lower false negative then it's probably worth it for the vast majority of users. After all, when you get a false positive, for the inexperienced user, they may panic and delete the thing and perhaps write a scatching e-mail which is unfortunate but has to happen and is better then them getting malware (which there's a resonable chance they will get) and spreading it to countless other users, and probably being used as a botnet. For the experienced user, it means they will evaluate the data, and decide whether it was a false positive or not and then make a decision from there. Yes an annoying thing, but something most will accept as a necessary evil since they obviously choose an AV as a safety net in case they screw up. (I count myself as in the second camp and did screw up recently, thankfully saved by my AV which was neither AVG or NOD32 and ironically also Vista UAC; but also I've been subjected to false positives before and put up with them as a part of life). For either one, a false negative can be catastrophic.

Of course, as I've said I haven't looked into AV detection rates for a long while, so perhaps NOD32 and AVG are utterly crap now, but a single false positive is definitely absolutely no proof either way. Indeed a single result never is, sadly people seem to think it is far too often (and I'm not just talking about AV here)
« Last Edit: November 06, 2008, 12:43:31 PM by Nil Einne »
Logged

petros_reth

  • Newbie
  • *
  • Karma: 0
  • Offline Offline
  • Posts: 1
Antivirus Discussion (Was: New Windows Installer)
« Reply #3 on: November 25, 2008, 08:04:41 PM »

tnx e lot
Logged

Kry

  • Ex-developer
  • Retired admin
  • Hero Member
  • *****
  • Karma: -665
  • Offline Offline
  • Posts: 5898
Antivirus Discussion (Was: New Windows Installer)
« Reply #4 on: November 25, 2008, 09:44:24 PM »

I want to point out that AVG happily suggested that I remove user32.dll a week or so ago, in a tremendous fuckup in their part. It has no relevance to the topic, but goes with the recent crappiness of AVG.
Logged

User294

  • Newbie
  • *
  • Karma: 1
  • Offline Offline
  • Posts: 41
Antivirus Discussion (Was: New Windows Installer)
« Reply #5 on: December 01, 2008, 10:00:39 AM »

Man come down. NOD32 was one of the best apps in the past. Their identification rate was really good, in current version it went down a bit.
Uhm, to be honest, after f..ng over 10 years with DOS and Windows I'm tired of all this crap with antiviruses (and firewalls), after all. I'm did not find neither antivirus software which will satisfy me nor Windows firewall which will work for me in way I want it to. That's why I'm using Linux these days :D. I do not have to cope with viruses at all and iptables surely beats any Windows crapwalls to the hell. Even if it's a bit hard in setup.

From my own experience (some number of viruses cleanups for fun and for profit):
AVG and other "newcomers" (those who did not existed in old DOS times or were so unpopular that I'm not aware of this fact) are usually real crap. Neither they can defend self from viruses (so most annoying viruses like to simply kill or disarm 'em) nor they are adequate with scanning. They're either overprotective and produce ton of false alarms or miss half of viruses. So they're pretty useless and even harmful. You feel like if you're protected however actually you're not. It is just like young newly recruited soldier and while it can survive against 1-2 dummies (lamest viruses) it can't do anything against band of well-armed hardened veterans (like professionally crafted viruses and trojans are... and there is lots of such malware floating around). If you will fix installers for all their false alarms you're risking to do this regularly when another half-baked stuff will claim that you're "virus". As for me it is better to kick their asses until they will adjust their algos to work in adequate manner rather than try to workaround their broken stuff each time it issues false alarm.

NOD32 ... hmm... it's average. It is not a complete crap like "newcomers" (or other rare\unpopular crapware which is usually useless) and even shows some promise but still my friends were using it and got bunch of false alarms as well as several missed viruses. It's scanning abilities are uhm, strange. It's detection rate not so bad in average. But for example it has missed some dumb and ancient virus which has been in others DBs for years and any serious antivirus kills such crap instantly. NOD32 has failed here, that's weird! And again, some viruses were able to harm NOD32 itself. That's bad.  So as for me, I will not really rely on such tool too much. If it has some use for someone, that's up to you of course but I'm taking NOD32 reports with grain of salt and if some friend claims that "NOD32 reported something" I have to double-check situation myself first.

There is also couple of others...
Symantec... while being old and "battle hardened" it's still quite average. Usually used by corporate guys due to some convenient features they need. That's all it's advantages. Everything else is a disadvantage. It is not so hard for viruses to harm it so it will stop proper operations. It is not too great with viruses detection and misses half of new viruses. So, it can relax headaches by killing old and not too hard stuff. But nothing more than that. On other hand I never seen this stuff producing false alarms. Except that is really hates "radmin" program and when I used it it ignored all my attempts to protect radmin's ass from imminent deletion and after some 5 or 6 attempts Symantec has finally managed to f...k up my legitimate radmin installation. And who should be named "virus" after doing so? :D

Dr.Web.... old Russian thing, still has some nasty bugs and issues. As for me it crashes on few (completely harmless) files during scan. Support will ignore "free" users who is running it during trial period so this bug lives uncorrected for few years (yeah, years!). And WTF they expect I will buy programs which are crashing during scanning my HDDs? Really strange guys with sucking support (never seen worse support actually, most companies are answering to new viruses reports and bug reports regardless of who is reporter). Virus scanning is quite good and I seen quite few false alarms and good virus detection rate and scanning speed is surely not worst one I ever seen. Self-defense is average and some viruses can harm it actually so hardcore trojans from Russia really like to unload it rendering it useless against worst trojans. Furthermore it still needs reboots where others do not need this. It had some troubles when it comes to kicking out viruses from system protected files (yeah, Windows is a really cool system: it is going to protect virus-infected files from antiviruses, ha-ha-ha, and DrWeb having really hard times trying to disinfect such machines - you may need 3-5 passes before such viruses are really gone :D). As free crap it may have some use but unfortunately it costs some moneys (only trial period is free and free trial key will be given not more than one month per every 3 month). As for me it is not worth to pay moneys for such program.

Kaspersky Antivirus (KAV). A really interesting thing from Russia. Lives from ancient DOS times and Kaspersky is a real maniac of computer security who is well-aware of bad guys tactics and OSes architectures. First versions were known for their paranoia and false alarms when every program packed by harmless UPX exe packer has been declared as suspisious (due to unusual EXE structure) so it has been blamed so much for paranoia. Good example how even good antivirus can cause troubles with false alerts. Right now it is pretty balanced solution, it does not produces false alerts and has decent detection rate. And they're quick in database updates (they were fastest to release updated databases when I reported new virus to several vendors actually). And their support rocks, even if you're outsider or trial user and just about to report new virus or have virus-related or KAV-related issues. And self-defence... it's really superb. KAV uses own drivers and rootkit-like tactics to protect itself. So, you do not want to forgot uninstall and configuration passwords or you will have hard times taking your system back (only skilled system people who is capable of fighting with rootkits can take over system back). On other side, viruses will suck too (OS kernel with rootkit-like addons is really unwilling to harm KAV at all, ha-ha). So, this is king of hill (since it installed rootkit just BEFORE viruses had such chance) and it plays in your team (as long as you can remember configuration passwords). Sounds cool? Maybe. But it has drawbacks, too! First of all, it is not free. Surely such program is a state of art and maybe worth of moneys. But there is another disadvantage exists. KAV is S-L-O-W. It's REALLY SLOW as jerk! Are we going to run powerful PC just to scan files for viruses? Cool. But what about doing some useful job at same time?! So as for me, I like it for it's overall design. And hate it for it's jerky speed.

So, after all I failed to find antivirus program which will make me happy. So, Linux looks like good choice for me. Now I'm simply do not need antivirus software at all and I am (or any malicious program on my behalf) can cause only limited harm to system with usual user rights while in Windows it is a real PITA to use system without administrative rights  ;).

P.S. surely this is just my own views and nothing more. They can be incorrect or half-true as anything else (including Wikipedia, friends or whatever). However I have cleaned up enough viruses and even learned Windows system stuff a bit to allow myself to have my own views about antivirus software. Nothing more, nothing less.
« Last Edit: December 01, 2008, 10:02:31 AM by User294 »
Logged

GonoszTopi

  • The current man in charge of most things.
  • Administrator
  • Hero Member
  • *****
  • Karma: 164
  • Offline Offline
  • Posts: 2714
Antivirus Discussion (Was: New Windows Installer)
« Reply #6 on: December 01, 2008, 07:46:58 PM »

Thanks for your detailed description of antivirus software!

But the point (what you may have missed) is that this thread is not about that. Previously, the Windows binaries were built on Windows box, and one could never say 100% surely that it's clean. Now, every piece of code used is built on a Linux box from source, and we can say 100% surely that there's no virus in it. Even if some heuristics presume so.
Logged
concordia cum veritate

lfroen

  • Guest
Antivirus Discussion (Was: New Windows Installer)
« Reply #7 on: December 02, 2008, 12:35:58 PM »

Quote
Previously, the Windows binaries were built on Windows box, and one could never say 100% surely that it's clean. Now, every piece of code used is built on a Linux box from source, and we can say 100% surely that there's no virus in it.
What a load of FUD.
I guess you build everything (including your compiler) from source AND audited source code before got started? What do you mean "no"?! So, how bloody hell you "can say 100% surely" anything?
Stop spreading nonsense. It's no problem to have clean Windows machine. Ever heard of VMWare and original installation CD's?
Logged

Kry

  • Ex-developer
  • Retired admin
  • Hero Member
  • *****
  • Karma: -665
  • Offline Offline
  • Posts: 5898
Antivirus Discussion (Was: New Windows Installer)
« Reply #8 on: December 02, 2008, 07:19:01 PM »

Logged

User294

  • Newbie
  • *
  • Karma: 1
  • Offline Offline
  • Posts: 41
Antivirus Discussion (Was: New Windows Installer)
« Reply #9 on: December 04, 2008, 09:48:15 AM »

Stop spreading nonsense. It's no problem to have clean Windows machine. Ever heard of VMWare and original installation CD's?
Uhm, I'm terribly sorry for small offtopic  :-[ but did you ever seen how msblast automatically f...ks up clean just installed Windows XP in 5 minutes after network enabled? Automatically and right BEFORE you had any chances to download and install updates. And no, by default XP has no firewall until SP2 and original CDs lack SP2 in most cases. So, there is a real fun: users are getting attacked by msblast (or by other similar stuff) before they have any chances to download firewalls or install patches. And msblast causes reboots due to crashed service. So Windows not just could get auto-infected in some 5 minutes of networking, it DOES so and this represent a major headache to users, administrators and other technicians. And YES, I seen this issue even in one huge VMWare-based corporate environment which is incredibly hard to disinfect due to nature of msblast and its derivatives. And FYI, recently there was just another RPC flaw found. Once more. So all this FUD actually has some real reasons.

Edit (Stu): fixed wrong & misleading quote tag
« Last Edit: December 04, 2008, 08:41:49 PM by Stu Redman »
Logged

lfroen

  • Guest
Re: Antivirus Discussion (Was: New Windows Installer)
« Reply #10 on: December 06, 2008, 11:54:26 AM »

Do you know that SP2 has been out? Windows by default has no SP2? Really really?

Your rant is misguided attempt to claim "you can't secure Windows". I have a news for you: yes you can. But, there's a trick: you have to actually understand what are you doing.

Quote
And YES, I seen this issue even in one huge VMWare-based corporate environment
And YES, I have seen incompetence everywhere, so what's your point again?

Quote
which is incredibly hard to disinfect due to <irrelevant>
Yea, I know, this computer stuff is so hard to get.

Quote
And FYI, recently there was just another RPC flaw found
No shit! That's impossible! And FYI there's was recently another flaw in Debian ssh. You do know what ssh is, right?
Logged

wuischke

  • Developer
  • Hero Member
  • *****
  • Karma: 183
  • Offline Offline
  • Posts: 4379
Re: Antivirus Discussion (Was: New Windows Installer)
« Reply #11 on: December 06, 2008, 12:04:39 PM »

Logged