PDA

View Full Version : What anti-virus software do You use?


Neodudeman
May 29th, 2006, 23:57
What anti-virus software do you like the best?

And Why?

I personally hate the only two anti-virus software I use because of weird, freakin annoying errors and anomalies.

I mainly use Norton, but I don't trust that thing with a soiled under garment. It's always eating up my RAM, and never tells me anything I wanted to know.

I've just recently tried Bit Defender, which everyone claimed was the End-All antivirus/fire wall program. It was a good antivirus, but the firewall was just goofy. It wouldn't let me use Iexplorer at All. I even set it to filter through. It was so annoying.

Well ya, I was just wondering what you guys use.

LLXX
May 30th, 2006, 00:25
None installed on my machine, virusscan.jotti.org multiscanner for suspicious downloaded files.

SiGiNT
May 30th, 2006, 01:14
I use Trend Micro on my main machine, AVG free on my laptop, Norton on my wife's machine, (soon to be replaced with Trend), and lots of spyware protection, I chose Trend because it doesn't delete my RE tools like Norton, and to a lesser extent AVG.

SiGiNT

kugi
May 30th, 2006, 04:30
I have used AVG anti virus and Adaware anti spy ware for years. They are free and work well.

Vrane
May 30th, 2006, 07:18
hmm... no nod32 in the pool??

Admiral
May 30th, 2006, 07:24
Another vote for NOD32.

naides
May 30th, 2006, 09:50
Quote:
[Originally Posted by sigint33]I use Trend Micro on my main machine, AVG free on my laptop, Norton on my wife's machine, (soon to be replaced with Trend),
SiGiNT

OK Who's getting replaced, The wife, the machine or the Software?

cse_india
May 30th, 2006, 10:12
i hav been using norton since i started working on computers.
spybot works fine for spyware

Woodmann
May 30th, 2006, 15:08
Trend Micro

autarky
May 30th, 2006, 16:48
None. Though if you held a gun to my head and forced me, I'd probably go for Kaspersky.

N8di8
May 30th, 2006, 18:56
Strange. I am surprised that you use any virus scanners at all.

You are so cool. And I have generally no clue.

But what I do know is that all virus scanners are crap ;-)

Example:

The Kaspersky scan engine is completely flawed because the signature match is performed at a location RELATIVE to the entry point.

The NOD32 scan engine is also flawed. For instance, it will not emulate a sample if you add a section with a "fake" ACProtect unpacking stub.

Norton, Trend Micro ... no real unpacking engine at all.

I think LLXX's strategy is the best because the chance is higher to catch a virus with many different scan engines.

SiGiNT
May 30th, 2006, 19:35
Quote:
[Originally Posted by naides]OK Who's getting replaced, The wife, the machine or the Software?

Well, lets see, if I replace the wife with one that's clueless about computers, you know the "dumb blonde type" then the anti-virus problem is solved - hmm, worth some pondering.................

SiGiNT

Woodmann
May 30th, 2006, 21:11
Howdy,

Quote:
Strange. I am surprised that you use any virus scanners at all.

You are so cool. And I have generally no clue.

But what I do know is that all virus scanners are crap ;-)

Example:

The Kaspersky scan engine is completely flawed because the signature match is performed at a location RELATIVE to the entry point.

The NOD32 scan engine is also flawed. For instance, it will not emulate a sample if you add a section with a "fake" ACProtect unpacking stub.

Norton, Trend Micro ... no real unpacking engine at all.

I think LLXX's strategy is the best because the chance is higher to catch a virus with many different scan engines.


I think you missed the point of this thread.
The question was what AV do you use. Not which AV is the best.

As you might imagine I get shit sent to me on a daily basis. I have had to overcome numerous MBR stunts along with self-replicators and other crap that people feel the need to send me because they think they are l337.

Having no AV is just plain stupid. I know because I had no AV for years and got tired of trying to save hard drives.

So, as the original question asked, what AV do you use ?

Woodmann

N8di8
May 31st, 2006, 00:49
No AV (on-access scanner) is permanently running on my computer(s). As an on-demand scanner I sometimes use VirusTotal (mainly out of curiosity). This is a web-based multiscanner similar to Jotti.

But I do not get THAT many emails (i.e., I do not need to use the AV as a spam filter). If I receive an email with an attached executable I either delete it or open the attachment within VMWare. In principle, I would never run an executable received from a non-trustworthy source on my computer just because an AV scanner says it's clean.

naides
May 31st, 2006, 07:23
Well, AV protects from known threats and some unknown also.
Those boys at AVR earn their money by keeping up to date with the most popular threats and exploits floating in the web, and finding ways to plug them . . .

For instance, you think you are safe because you put all downloaded executables in a shitbox? think again

There are viruses hidden in AVI movies, in MP3s, in MS docs with macros, in Web applets, in potentially any file format that we do not consider executable if and when the Virus authors can find a exloit for the app that plays it. . .

by turning off a lot of options in the browser, media player, programs, etc you think you protect yourself from infection, but also you give up a lot of the richness in the web. . .

If you are paranoid enough you disconnect your computer from the web, better yet, don't even turn it on, a computer without electricity is safe from viruses, we hope?

Like the American Virgins, To reduce your risk of getting HIV and other STDs, you only have to give up sex. . .
You sure will die a healthy corpse, death by boredom, but healthy. . .

Admiral
May 31st, 2006, 08:07
I used to agree with N8di8. It's only very recently, when I became able to afford it (and when many less savvy friends insisted that AV is essential because they read that somewhere ) that I got hold of one. I tried lots of trials and ended up with NOD32 purely because it was the least obtrusive that regularly featured in the 'top 10' lists. I'm very pleased with it: It sits quietly in the tray bar, running only two processes (I assume one is the engine's service and the other the UI) and has never gotten in my way. I'm sure many people here will empathise with experiences such as ImpRec being picked up as a 'Hack Tool'.

Since installing (two or three moths ago) I haven't picked up a single piece of malware, so I'm not sure what that says about its usefulness. Though I'm sure I would speak differently if I decided against AV and ended up with a nasty infection.
Of course, one cannot underestimate the value of living without AV for some period, as it enforces a security mentality that 95% of AV users will never know of. Perhaps this is what I can attribute my clean slate to.

Anyway, as I see it, AV is like insurance. If you retrospectively didn't need it, it was probably a waste of time. But the alternative is potentially much worse.
Using AV is one's own prerogative, but if you can spare the convenience, disk space, memory use and processor time, I don't see why not.

Regards
Admiral

disavowed
May 31st, 2006, 09:42
Quote:
[Originally Posted by N8di8]But what I do know is that all virus scanners are crap ;-)

Do you think it's possible to design a scanner that isn't "crap"? If so, how would you do it?

esther
May 31st, 2006, 09:59
I use Bitdefender and Zonealarm.It works for me

Without installing av its fucking stupid

drizz
May 31st, 2006, 12:22
my vote

None

suspicious files:
right click peid scan + drag'n'drop on hexeditor + Zen

statistics:
[1 virus ( from a trusted source ) ] / [6 years]
(knock on wood)

deroko
May 31st, 2006, 15:13
I vote for Nod32, very good heuristic

N8di8
May 31st, 2006, 16:14
1.
I do not say that AVs are completely useless. For instance, inexperienced users may easily benefit from an AV.

2.
On the other hand you may want to read the following interview with the developer of Dr. Web ...

Excerpt:

"How can an end user find a “really good” anti-virus?

That's very difficult, especially today. The users are scared. They are constantly threatened with viruses, other dangers, and innumerable Trojan worms trying hard to steal their data. This atmosphere is created by some anti-virus vendors in the first place. It's like the situation with the birds' flu: some say a pandemia is inevitable, and we all will die. Horrific, isn't it? Some people give way to panic but others stay cool, hoping it isn't as bad as that, after all. Keeping the users scared and persuading them that only your product can protect him against any trouble is a very clever idea. A person will buy your anti-virus software, although he may never catch a virus at all and never know how efficiently your product works."

3.
"There are viruses hidden in AVI movies, in MP3s, in MS docs with macros, in Web applets,"

I try to protect myself by (i) not using Internet Explorer, (ii) frequently updating Windows and other applications, (iii) running high-risk applications in a virtualized environment like Sandboxie, and (iv) using a personal firewall, a system firewall/HIPS and a good behaviour blocker.

Moreover, if I receive an executable from an untrustworthy source I can still upload it to VirusTotal.

4.
@disavowed

I believe that signature-based scanning is generally not enough. The future belongs to behaviour blockers.

A classic scan engine should be supported by "strong signatures" (i.e., the scanner should use various different types of signatures like code-based & string-based sigs as well as sigs taken from the resource section), a hybrid unpacking engine (static unpacking routines plus emulation), good heuristics and, possibly, a memory scanner (like it is used by a few anti-trojans). There is probably not much more you can do.

dELTA
May 31st, 2006, 17:36
Quote:
[Originally Posted by Woodmann]As you might imagine I get shit sent to me on a daily basis.
Which might be considered a good reason in itself not to reveal your brand of AV publicly like this...

N8di8
May 31st, 2006, 17:45
Even if he did not reveal his scanner I would continue sending him Themida-protected shit (then I can be sure that no scanner whatsoever can detect it ;-)

laola
May 31st, 2006, 21:01
My current AV "solution" isn't listed, too (hint: Umbrella *g*) It even works decently on my old Duron 800. And with the amount of hard disks I get ("My Comp died, can you rescue my files?", it's really useful to have an AV installed. I just can't believe how soiled the web is today (and so are most "average" users' hard disks).

BTW, and completely OT: How does one pronounce "N8di8"? Sounds like "Nate Diet" to me...

Woodmann
May 31st, 2006, 21:52
Ohhhhhh....

Did I really reveal what I use for AV ????

I do run multi layers. 'nuf said.

Woodmann

Silkut
June 2nd, 2006, 11:25
I use BitDefender+Safe'n'Sec. But to me security or anti-virii solutions are not products, this is a way of virtual life 8[
(Btw. This thread = social engineering inside ?)
EDIT: T.you Woodmann