comp/net virus protection
 

I haven't had this computer online for about 3 years.

I wasn't sure what I would need for virus protection because I just figured I'd probably just load AVG.

I actually have avast antivirus, and it immediately updated. I THINK that was put on by my IT buddy at my old job who did some work on my computer.

So is that good? What about spyware and adware protection? Do I need something separate? I know spybot is out there for free.

The Cable Guy put in a wireless thingy...and I'm getting about 54 Mbps. Is that good?

Any techie opinons or advice appreciated.

AVG is actually one of the best programs out there.

Symantec has turned their product into a "kitchen sink" that turns anything made before 2004 into a boat anchor. McAfee is better, but only for their corporate deployments, and Avast! just isn't as good as AVG.

I'd actually recommend buying AVG. It's a great product, and it's better than McAfee or Symantec Kitchen Sink 2009.

Mitch

Hey Mitch - how does Kaspersky stack up against AVG. Kaspersky is kind of not cheap and I am trying to decide whether or not to renew.

Kaspersky is quite good too
 

I would renew your Kaspersky. It's actually as good as AVG, and their researchers contribute a lot back to the industry.

Thanks for the info. You contribute a lot to this forum.

Thank you :)

If predictions are correct, about 30% have Microsoft's automatic update disabled by a worm. I found one machine with this problem (don't know if it is from that worm) that tested OK even by Microsoft's Malicious Software Removal tool. Apparently this recent worm remains undetected for months by most anti-virus software (at least until recently).

Yes, I'm using Avast on his recommendation.

Wait...so is avast! good or not?

Thanks for your help! :)

How would one really know? If it never saw any mal-ware, then did it do its job or was it the worst anti-virus software out there?

Consumer Reports did a study (maybe one year ago) by subjecting anti-virus softwares to a large directory of mal-ware. Symantec that was once touted as a best was then something like 1/3rd from the bottom in that Consumer Reports study. Finding an answer backed by valid reasoning is difficult.

Now, if 30% of machines are contaminated by Conflcker, well, where are the many Dwellers who reported their anti-virus software found and removed it?

Yes, I've had good luck with it nailing incoming crap before it could build a nest.

we have avast at home (can't beat the price,) and every once in a while it stops a download of something I click on because it's detected something bad about it. Our computer runs just fine. I do windows updates every month too.

Yeah, I'm confused. mb said that AVG blows avast! out of the water, but you say he told you to use avast!

Maybe I misread?

Help me out?

:p

Go ahead and use both.

I do, with no problems.

ZoneAlarm, AVG, and Avast! along with a pop-up blocker.

I do use a pop-up blocker.

What about spy/adware blockers? Pardon me if I'm being dense; I just want to make sure I've done what I need to do.

I use AVG and Clamwin, Spyware Terminator and Ad-Aware, and Comodo Firewall. I also use Firefox with NoScript. Between them, they seem to deal with almost every problem. I should look into anti-rootkit programs too, but I just haven't had the time yet.

AVG 8 does both
 

AVG8 does both, which is why I am recommending it now instead of Avast! or AVG.

It works incredibly well. Running both AVAST! and AVG will kill machine performance.

Oh, I see.

Thanks for your help!

And BTW,

Using more than 1 good AV or AS program is overkill and gives you little return. Using Firefox with NoScript gives you better protection than IE with a ton of AV/AS programs because the major root cause of infections is bad DLLs that run code as LocalSystem. Putting a ton of protection up via multiple AV/AS programs and using IE is like using a condom while putting holes in it.

You're not fixing the root cause of the issue, and you're making your system run like crap with mostly useless protection.

One good AV/AS program like AVG, Firefox, NoScript, FlashBlock, and keeping your products updated will make your system run well and well-protected.

As I noted, if what I saw was a latest virus, then both Microsoft's Automatic Updates and the manual updates using www.windowsupdate.com do not work. If what I saw was a virus, then Microsoft's patches to avoid this latest malware do not get detected as missing and therefore do not get downloaded from Microsoft.

If Conflcker is as prevalent as predicted, then some here should have seen their anti-virus software detect it. As I understand from what is not being said, some anti-virus softwares do not detect or do not remove this widespread new worm.

TW, the latest MS patches guard against Conficker
 

TW,

The latest MS patches from January guard against Conficker.

Some AV programs do not detect it. I believe AVG does.

Conficker exists because some did not download the MS patches. The problem gets worse, as I understand it. The latest patches would not download if Conficker has already disabled Microsoft Automatic Updates, downloads using www.windowsupdate.com, and a few other Windows programs. A conundrum.

Apparently Microsoft's Malicious Software Removal tool and Symantec do detect Conficker. But that means the January version of the Malicious Software Removal tool must be downloaded manually from www.microsoft.com/downloads .

Above is what I have read; not confirmed. However this could be a benchmark for which anti-virus products are better.

If you're going with a free product, I like Avast much better than AVG. If you're willing to cough up a few bucks, NOD32 and Kaspersky are the best.

Also make sure you've got Microsoft Defender installed and updated. Recently my mother got something pretty screwed up and I ended up installing a product a friend recommended called SuperAntiSpyware and it worked really well and detected and cleaned stuff that other products couldn't.

Microsoft Defender
 

Microsoft Defender, honestly, is not that good.

AVG, in my experience, has had the best track record at removing the really nasty viruses. I have used it to clean up things Symantec and Trend Micro (usually the gold standard) would not and could not clean up (AntiVirus 2008 Spyware/Malware). Avast! is a step behind.

I use it integrated with the Ultimate Boot CD on a USB stick to boot into with the latest definitions to clean up malware-laden machines, and it works really well. It will pick up things that other programs will not.

AVG 8.0 also has anti-spyware built in (it's nothing but additional definitions for a virus scanner when you get down to it), and that works incredibly well. Doing things such as having really long HOSTS files and a lot of manual ActiveX blocks actually causes your machine to run slowly (think several minutes for a DHCP lease).

Windows Defender, in my experience, has been pretty weak. If you want a free anti-spyware program that works, I recommend AVG, SuperANTISpyware, or Spybot. The latter two don't run in real-time (like AVG, McAfee, or other products), but they work well.

I outright recommend you run away from Webroot SpySweeper. It was good at one time, but is now a POS.

As an IT Professional with over 20 years experience in the field, I can say without a doubt that Avast is better at getting rid of viruses and spyware than AVG. This isn't debatable, it's a fact.

Microsoft Defender is not a bad free product. Who knows better how your Microsoft system should run than Microsoft? That being said, it's also a free product, so they obviously aren't to spend a huge amount of time or money developing something that really cleans you up like SuperAntiSpyware.

I recommend you don't use AdAware.

Spybot is weak, but I do like the tool they include to edit your startup processes.

the...

??

Shawnee123. I'm not trying to come off like an arrogant douche or anything. I've just tested both products and I'm speaking from experience. If you don't believe what I'm saying google "avast vs avg" and read what people say.

Avast has boot time scans, scans in the background when the screensaver is running, is better at detecting and removing trojans, has several small updates per day rather than one huge one every week, etc.

Obligatory ISCA Labs Link
 

Radar,

http://www.icsalabs.com/icsa/topic.php?tid=b220$1ba2cc09-52eb29d6$8979-a7f252c0

http://www.icsalabs.com/icsa/product.php?tid=dfgdf$gdhkkjk-kkkk

http://www.av-comparatives.org/seite...se_2008_11.php

http://www.av-comparatives.org/seite...se_2008_08.php

http://www.av-comparatives.org/seite...se_2008_02.php

Both products are listed here. Both will work, and it's a trade-off depending on what reviews that you read. The reason I recommend AVG is because it does both and because I have seen it find and remove things that Symantec, Trend, and other products won't. Think very specific, targeted malware.

I also, when I find an infected machine, power it off and use Ultimate Boot CD with no networking on a USB stick to scan it so that I can get the machine in a state where I can scan it using a known good OS (I use a signed ISO downloaded from Microsoft's Volume Licensing Site), drivers, and anti-virus, and where I can scan and check for malware without using a compromised OS.

AVG actually publishes Plug-ins for their full version for the Ultimate Boot CD. Avast! only publishes a little "virus cleaner" like McAfee does for the Ultimate Boot CD/BartPE. Spybot Search & Destroy has a full version, as does SuperAntiSpyware. Their little "startup" tool works with BartPE/UBCD installations too.

Maybe if Avast! did what AVG does for those of us who scan infected machines that way, I'd be as bombastic in supporting them as you :).

It's been quite obvious from the torrents of malware out there that Microsoft has had major issues with security over the past few years. I wouldn't trust an AV or AS product from them because it's not fixing the underlying issues causing the infections in the first place. Vista/Windows 7 and IE 7/8 are good first steps, but nowhere near where Linux or FreeBSD are at this point (Mac OS X has the same issues, too).

Oh I didn't think you were. When I first read your post it stopped at "the" and was unfinished. I wondered what came next. It said "but I do like the" and stopped. You never got to "tool..." :blush:

I appreciate all the advice and opinions.

I have AVG, SuperAnti Spyware, Spybot, Malwarebytes, Crap Cleaner and they work very well with each other and together they catch everything and they are free!

Where is a single example of mal-ware being caught? Just because a virus was not detected does not mean anti-virus software is working. After all, that computer (in a previous post) had anti-virus software, and then had Microsoft's Automatic Update and wwww.windowsupdate.com both disabled. Are those same functions disabled on your machine? How would you know? Or did anti-virus software detect, remove, stop, and announce that malware?

So how many have seen their anti-virus software detect Conficker - the current widespread worm? If anti-virus software has not reported mal-ware, then is it really doing anything?

That MAY all be true, but what would tell me if I have never been infected? There is no way to prove that is there? or is there?
I have Spyware Doctor and VirusScan - they update like every week or so.(don't really pay attention, but it is frequent. I know that much. I get and read the report when they run a scan. IT tells me what was found/stopped killed.... I run it again after the bad stuff was removed till I get a clean report. What else can I do here?

If it reports what was found and removed, then you know an infection existed. If it reports it stopped contamination or found something suspicious, again, then you know the anti-virus software did something. I don't know of any anti-virus software that would fail to report such actions.

I often hear how good the anti-virus software is. But I never really hear why they know.

Some reports insist that 30% of computers are infected by Conficker. If true and if anti-virus software is so effective, then some here should have reported anti-virus software either stopping or removing that worm.

I have observed anti-virus software updating typically about once a day. Microsoft updates are available every Tuesday if there is anything to update.

You mean the company that designed a virus/malware/spyware welcome mat disguised as a web browser?

our main downstairs computer has a pop up problem.....or maybe something worse.

it's been throwing windows open with websites and ads in them....both IE and Firefox. i have the pop up blocker set on in both.... i tried to dl avg, but when i went to install it, i got the blue screen of death. so then i got spybot.....but that wont update( says it cant connect to the server) and therefore wont run. i tried to run the free kasperski scan to see what it was, but that wont d/l either.

it's like it knows i'm trying to fix it, and it's actively thwarting me.

oh, and when you do a google search, you click a link, and instead of taking you there, it takes you to a semi related ad instead. i think it's got a demon.

That's pretty common, viruses that hijack your links so that you look at stuff they promote. Try downloading AVG or spybot from another computer and load it from a USB thumb drive.

Well hell...I just noticed my computer time is off. Huh? How does that happen...isn't it just automatic?

At least the year 8021 isn't showing again.

Now it's normal again...I did a synchronize thingy. But how did it do that?

I guess what I was asking is this. How do I know an infection exists if my software doesn't detect it?

I'm willing to help you with this, if you're interested.

lumberjim, the best thing you can do....
 

Lumberjim,

The best thing you can do is find someone who has the Ultimate Boot CD for Windows with the AVG 7.5 or other AV plugins updated and available either on CD or USB key.

You are at a point where you cannot boot into Windows to clean the PC. You need to boot into an alternate environment and run AV tools from there on your machine to clean it. That is the only way you will be able to clean your machine of viruses that do a good job of cloaking themselves from the currently running copy of Windows.

That's one thing a lot of people don't understand (and TW, this is how I found a Conficker variant on someone's laptop). You can't accurately scan a known infected machine for viruses using a virus scanner and be 100% sure you got something. It's like fixing a house with a bad foundation. You have to take more direct measures, especially when the Windows API provides many holes to hide DLLs and other injection methods (and you can get the book Security Warrior from O'Reilly, which will show you how to do it).

And yes, Norton AntiVirus used to do this effectively many years ago (boot CD).

Yes, we can talk about how great certain AV programs are, but if you don't have the right methodology for getting at the really nasty ones, it's all moot.

That said, Lumberjim, make friends with someone who has that CD or bootable USB stick. You will find many interesting things.

All these programs have log files. I had 50 yes count em 50 trojans on my machine that have been eliminated/quarantined. I had the Rogue virus quarantined as well as several adware programs.

But you also said you have AVG, SuperAnti Spyware, Spybot, Malwarebytes, and Crap Cleaner. So we still don't know which software did anything and which was doing nothing.

Remember what the question is. Which anti-virus software is any good? Did only AVG detect them? Then why list Crap Cleaner if it did nothing? Only helpful is to list which programs detected what mal-ware.

This is why I try to keep a latest copy of Microsoft’s Malicious Software Removal tool on every machine. It may remove enough that you can then download or execute other larger cleaners.

MSR tool is a less than 10 Mb executable program that may even be loaded from Microsoft, a memory stick, or CD-Rom; then executed. It is a simple tool downloaded free from www.microsoft.com/downloads and updated every month.

Nobody suggests an anti-virus software is perfect. However if Conficker is as widespread as reported, then every decent anti-virus software must have some solution or at least report the worm exists. Currently, you are the only one who even mentions detecting it. Others have said their anti-virus software works great, but never reported anything detected, stopped, or removed.

Currently posted is not a single useful benchmark from which to recommend any anti-virus software. Irrelevant is the methodology for one virus. More important are which anti-viruses see and do not see how many infections. Only then would a potential benchmark exist.

Tom,

My methodology/process catches a lot more than just Conficker :). It catches the viruses that hide themselves in System Restore space, and the ones that hide themselves using the Windows API and even File Streams. I've found many viruses this way. I just used Conficker as an example.

Unfortunately, you can't have a good process to "stop" a virus when the system itself is heavily flawed and allows compromise the way Windows does. The benchmarks I posted earlier were for known viruses. That just turns your AV program into a glorified pattern recognizer. That is irrelevant when many of the new viruses know how to subtly change themselves to avoid detection and you have to use behavior-based techniques to get at the viruses.

I don't see this situation changing any time soon. There's no good way to look at a live system considering how complex Windows is, and how it presents hundreds of hiding spots for any piece of malware. You have to find where they load from, not where they live afterwards.

The solution is to re-architect Windows, and that has only just started with Vista and Windows 7. The solution is not the multi-billion dollar malware defense industry. While it keeps many very smart people employed, it's all for naught if the underlying system has the issues Windows does.

Take a look at Green Hills Integrity, Kadak AMX, QNX, or even OpenBSD to see how an OS can be resistant to such attacks.

I am not discussing 'fixing the problem'. Windows is what it is. Now, which anti-virus software does its job best given that Windows is what it is?

I have spent time trying to remove malware without any anti-virus software. Some were simple - an entry in the registry. (AOL belongs in that category as far as I am concerned.) Others were almost amusing - new tasks with random names appear as other pieces of the malware were removed. I could not remove all the pieces fast enough. I once manually removed a virus on a Windows that would not even boot. That was particularly fun.

Interesting is how 'System Internals' detected the virus installed by Sony from numerous music CD-Roms. I have also done that. But that is not relevant to the question.

Given that Windows is what it is, what benchmarks does the OP have to identify the better anti-virus software? Not even a good benchmark. We still don't provide a bad benchmark to answer the OP's question.

A bad benchmark might have been Nirvana's post IF it listed which 50 malware was removed or quarantined by what program. Currently, we don't even have a list of viruses categorized by the program that detected and removed it. Currently we have others claiming their anti-virus software works good without any indication that the anti-virus software even detected or removed anything.

Without a list of current malware X removed by anti-virus software Y, then the OP only has blind recommendations. Recommendations provided without the always necessary reasons 'why'. Currently the OP has few useful answers. Even the best answers are only subjective.

Symantec once was recommended for having detected and removed most known malware. Today, Symantec does not appear to have the same reputation. Why? Why is AVG better?

Consumer Reports once tested maybe 15 different anti-virus softwares using malware. Don't remember when. I recall that Trend Micro was highly recommended. That could be a benchmark to answer the OP's question because it also says why each was rated.

Microsoft only recently changed attitude. The resulting meeting with anti-virus manufacturers was reported to have gone on all day, all night, and up to lunch the next day. So yes, we should expect some improvements from Windows in the future. But that is not relevant to the OP's question. Given what we have is what we have, what benchmarks exist to rate anti-virus software?

*Pictures tw hunched over a motherboard with a pair of tweezers, cursing softly, as he pulls a worm out of its hole in the processor.*

Tom,

On the data sets provided (see the links I sent), someone did a subjective test against a known data set, which proved that AVG and multiple other programs (including Avast!) were much more effective than Symantec's product. This test is repeated periodically with different data sets.

This is one site: http://www.checkvir.com/
This is another (Virus Bulletin): http://www.virusbtn.com/vb100/archiv...isplay=summary

The registration for Virus Bulletin is free. Their methodology is posted there. What I found interesting is that Avast! failed on Vista Business but passed on XP Pro. Same with McAfee.

Why is AVG better? I'll give you a simple reason: because Symantec's product managers, in an attempt to shoehorn as many features as possible into the product to get people to buy the product from year to year, have concentrated more on extraneous features than actual Anti-Virus. This leads to the epic fail we call Symantec Endpoint Security 11, which has IPS protection that would block all connections to Active Directory servers after about 20 minutes, thereby effectively shutting down networks.

And yes, I used to work with a former Symantec product manager who has confirmed their marketing strategy to me. I also ripped them a new one over what happened with SEP at a customer before I moved into my current job.

Surprisingly, their Linux Mail Server solution for Antivirus isn't half bad. It needed some work (aka a fix to the XML file that generates the Postfix configuration files on service restart that Symantec forgot to do) to work in a multi-homed environment, but it screams on the 2 8-core HP Proliant servers I have it running on (hey, that's the lowest-spec I can get for SMP servers these days!).

I bet that's (the symantec v11)what fucked my HP laptop 2 months ago.

wow - thanks guys - now I'm afraid my computer may have problems that don't exist. I turn it on, it works. Guess that'll have to do for now.

Something I'm curious about - Why don't macs have these issues?

While I'm sure that Apple works hard to make sure that OS X is secure, the real reason that Macs don't have this problem is that people aren't writing viruses for OS X. Virii are platform specific. As Microsoft continues to step on its own whatever, and OS X gains a larger market share, you'll start to see virii for Macs.

On the other hand, OS X is built on top of BSD (a well worn Unix variant). So it could be that virus writers will have a tough time making headway there.

uh ok :) - thanks for that. I think i got some of what you said. I am rather illiterate when it comes to computers though.

TW you just like to lord your "imagined" superiority over people, good for you, you have a purpose in your life. :rolleyes: I listed the programs that would work for S123. She does not care how they work or what viri they trap or what exact mal ware they prevent.
None of your posts are helpful at all. You are the very definition of bloviate.

Bloviate;"to speak pompously and excessively," or "to expound ridiculously."
noun; bloviator, someone who holds forth on subjects in an arrogant, tiresome way.

There are viruses for OS X
 

Dar,

There are viruses and trojans for OS X, and a lot of working exploits for OS X Server and applications that run on top of it (Wordpress, anyone? :)) due to the nature of PHP and Perl-based exploits that affect all UNIX-based web servers.

Apple ships OS X with a set of default system services, which are ports of their Unix brethren (PHP, OpenSSH, OpenSSL, BIND, mySQL, ClamAV, Sendmail, Apache, Perl, etc.). Some of these are enabled by default on OS X Server.

Apple's had a history of not patching their ports of Open Source software as quickly as vendors such as Red Hat, Novell/SuSE, or Sun do. Apple was way behind patching the "Kaminsky" DNS bug. They also have been behind in patching the other ports of Open Source/GPL software they ship as part of OS X.

There's been working exploit code for OS X circulated. The last major exploit for OS X was a trojan within a pirated copy of iWork '09 that was circulated on BitTorrent.

Their kernel and part of the userland is Open Source. Their display technology is closed-source, and from what I understand, has some issues. Apple also allows regular users to write to locations on the hard drive that they shouldn't on a standard UNIX platform.

Some viruses are not platform-specific (such as the Wordpress bugs that can turn your machine into a bot given perl, wget, and a few other tools), and have already affected OS X Server.

OS X on the desktop isn't far behind. It's been done, but the real reason why you don't see the viruses for that platform is that it takes more time to craft for OS X or Linux than Windows.

Microsoft just makes it too damn easy, and the other software packages out there that have exploits (Adobe Reader, Adobe Flash, Java Runtime Environment, Firefox, AIM (yes, I have seen working AIM exploit code), Yahoo! Messenger, Skype, and even some AV programs) make it even easier to target tons of Windows PCs and turn them into unwitting zombies.

No OS is perfect. OS X is slightly better than Windows, but not as secure as Ubuntu Linux or FreeBSD. When Apple starts patching their ports of Open Source software as quickly as Red Hat, Ubuntu, SuSE, or Solaris, and fixes their directory permission issues (which while they are better than Windows, are not as good as many Linux variants), then I'll believe it's because they've made it really hard to write viruses for.

The trojans are already there because some OS X users don't want to pay for iWork '09. There are probably trojans within the pirated versions of Adobe CS4 and Final Cut Studio making their way around the various BitTorrent trackers.

Did I mention that you couldn't remove their device drivers?
 

Lumberjim,

They installed network drivers at such a low level that did not work and were ridiculously (i.e. Blue Screen of Death) unstable. Did I mention the uninstaller did not work?

A little bit of fishing with the Ultimate Boot CD took care of it for me on XP and Server 2003 by removing the driver references from the registry, but one of my admins had to reinstall a server due to their ineptitude. Thankfully it was not at my current place of work.

The problem was that even their uninstaller wouldn't remove the drivers, and that it would leave the system in an unstable state. For a server, that is unacceptable. I do not need to be removing low-level device references to uninstall an AV program, and 99.9% of users who get that type of error will rebuild the whole system due to that.

What a waste.

Personally I looked at Avast and AVG, free versions. Ended up goin with Avast because it has more protection. Altho I don't doubt mbpark's conclusion the AVG is better at getting the especially nasty stuff, thats the version that costs, and I don't feel like paying for things. So if you want freeware, I would go with Avast over AVG just b/c Avast gives you more types of protection. AVG free just gives you anti-virus and anti-spyware.

http://www.avast.com/eng/download-avast-home.html

http://free.avg.com/download-avg-ant...s-free-edition

morethanpretty,

I used the free version to find what I found :)

For the most part, brand name anti-virus software all tend to work consistently.

However I have also seen some bad behavior from Symantec. One recent Symantec release literally destroyed a Windows 2000 OS. For example, it destroyed any log on abilities except at the administrator level. And Symantec would not uninstall.

Symantec's reply: that newer Symantec version should not be installed on Windows 2000. So why did it let that user do it?

Other than that Symantec experience, apparently minor differences exists between the major anti-virus names as both www.checkvir.com/ and www.virusbtn.com demonstrate. Best anyone can do use what those recommendations suggest - and hope later versions do not do, for example, what Symantec did to that user.

Ok well what I was trying to say is that you get more features with the Avast. With it you get anti-rootkit, daily updates, network/web shield, ect. AVG ONLY gave you anti-virus and anti-spyware. Their anti-virus might be better, but you don't get any of the other protections that you do with the free Avast.