View Full Version : A few words on two antivirus programs...
MathewA
29th April 2006, 10:41 PM
As of late there has been a couple of threads on anti virus programs and it seem unanimous that most don't like Norton's and most like AVG. I already run Norton's with out any problems so I thought I'd try AVG also on my machines. I've had Norton's on my machines for years and AVG for about a month now. So tonight it was crunch time. I know of a few sites where it's a sure bet that you'll pick up numerous viruses, so off I went. Sure enough no less than 30 seconds and Norton's flashing it's red alert window; AVG does nothing. To date AVG has picked up nothing wrong and it leaves me to wonder if it does anything at all. Norton's has picked up 3 virus attacks (I'm actually sitting at my laptop in safe mode due to the last attack that was replicating on my machine at an unbelievable rate, Norton's immediately picked it up but couldn't stop the replications). Both missed, what I think is a new variant, on an old Trojan (drwatson). All I can say is I'll be renewing my subscription to Norton's when it expires.
MathewA
29th April 2006, 10:49 PM
Oh ya... and I'll be rebuilding my laptop from scratch tomorrow - it's something I've been planning for a while anyways so tonights test was worth the risk.:D
MathewA
29th April 2006, 11:04 PM
While I'm on this for those that don't know. It seems that more viruses get onto peoples systems from surfing the net than through emails. A good thing to do is empty your "temporary internet files folder" when you close the browser. You can set your IE browser to automatically empty it by going to: Tools -> Internet Options -> Advanced -> Close to the bottom of the list is a check box for "Empty Temporary Internet Files folder when browser is closed". Make sure that is checked. Those on modems will find pages will load much slower because this folder is empty so you'll have to decide if the slower speed on the net is worth it or not. I'm on DSL and find any slow down to be un-noticeable
Ianab
29th April 2006, 11:41 PM
Couple of thoughts..
Norton told you you had a virus, but couldn't fix it.
Well thats better than not detecting I guess, but it's still not effective protection.
None of the virus scanners are 100% secure, zero day exploits will still get you most times.
Files found in the temp internet directory may or may not be harmfull. They may be downloaded as part of an exploit that has now been fixed by windows updates, the files are there, but thay cant be run unless you are running an old version of IE.
If you have a sufficienty powerfull PC you dont notice how much overhead Norton system works loads onto the machine. Yes it works OK, but on an older PC it just cripples the machine. AVG+Zonealarm+Windows updates+ common sense is just as effective... and free. I could run that setup on my old 333mhz/ XP machine and still surf the net OK. Load Norton or Mcafee = death.
If it works for you thats cool, I just dont like the way they bog a system down, and empty your wallet :o
Ian
ozwinner
29th April 2006, 11:43 PM
Same here Matt.
Ive had Norton for many years and to date have had no problem, those who hate Norton think having no problem, is a problem (do a search on norton) :confused: :confused: :confused:
Norton seems to pick up everything at my end.....:cool:
I subscribe to new updates, I feel that those who get infected while useing Norton have not got the updated virus files, and hence Norton is crap to them.
Al :)
MathewA
30th April 2006, 12:24 AM
Couple of thoughts..
Norton told you you had a virus, but couldn't fix it.
Well thats better than not detecting I guess, but it's still not effective protection.
None of the virus scanners are 100% secure, zero day exploits will still get you most times.
Files found in the temp internet directory may or may not be harmfull. They may be downloaded as part of an exploit that has now been fixed by windows updates, the files are there, but thay cant be run unless you are running an old version of IE.
If you have a sufficienty powerfull PC you dont notice how much overhead Norton system works loads onto the machine. Yes it works OK, but on an older PC it just cripples the machine. AVG+Zonealarm+Windows updates+ common sense is just as effective... and free. I could run that setup on my old 333mhz/ XP machine and still surf the net OK. Load Norton or Mcafee = death.
If it works for you thats cool, I just dont like the way they bog a system down, and empty your wallet :o
Ian
I can see what you're saying but when program that is my main defence against serious attacks and I never here a peep out of it, it gets me wondering what it's doing.
I know my machine has all the MS updates but that didn't stop the exploits being loaded into my temp folder and running.
I've checked the logs in Nortons and it appears that it actually did stop the full attack. It had quarantined the exe file and that was where it was replicating itself. So the most it could do was clog up my HDD and over tax the system until I deleted it from the quarantine folder and then restart my machine; other than that it was rendered useless by Nortons. The logs also show that Nortons actually stopped 8 viruses where as AVG didn't register a hit on any of them. The more obvious virus that was on my system was the very old downloader.trojan. It came out in 2002 and AVG didn't pick it up. Doesn't do much for my confidence that's for sure.
I'm using Nortons 2003 Pro edition. I don't use any of their other "home security" programs either - maybe that's the difference cause I've never found it to be a resource hog.
echnidna
30th April 2006, 12:32 AM
I junked nortons years ago as it was such a total pain to update on a slow dialup service. If the service dropped out the update had to restart from scratch. Won't go back to nortons
I used Trend for years, very happy with it. (I pc still using it)
The other pc is using panda with firewall, very happy with it too.
I run webroot spysweeper on both and double check with spybot
I tried AVG but unimpressed.
China
30th April 2006, 12:36 AM
T had exactly the oposite problem, so now I use AVG + NOD32, in my experence you need to have more than one anti virus prgram
Ashore
30th April 2006, 12:50 AM
Matt my problem wasn't with norton stopping, or finding viruses it was with compatability with other programs nortons had a dislike for some programs and the final straw came when it decided not to allow some things to open as they may do damage to my computer, when I knew they were perfectly safe. In a couple of instances I could not overide the damm thing one being It would not allow an auto run from the compact flash card from my camera, blocking the pictures which meant I had to view through a second program.
I put the question to the forum knowing that there were a lot of IT people here and the results that came back led me to buy the VET product
The next challange was to completely remove Nortons from my computer and this needed the running of three seperate programs, one from norton itself ( told them I couldn't update to this years nortons) and they gave me a program to remove some features of the old nortons, cause the program realy imbeds itself into your unit
Since I have changed I have had no virus intrusions that I can tell and proberly wouldn't have had any with nortons but I don't have the conflict problems either that I had with Nortons
Rgds
savage
30th April 2006, 01:02 AM
I have been using AV for at least 2yrs, the latest version is heaps better than the original.
It is from a German company, that lets you use it's ex-commercial product as it develops new products for industry instead of just junking it. All you have to do is agree to use it for private use and do not distribute for monetary gain, worth a look in my books. Also you get updates each day and is automatic, so they are small and you do not have to do anything.:)
http://www.free-av.com/
attie
1st May 2006, 04:30 PM
You people are so much more computer savvy than I, so there's more than just an on - off switch.
I used Norton for several years [home pc] and didn't have a problem - untill I upgraded to the U-beaut top of the range, it took over. I have absolutely no idea about these things so had the tech. clean things out and they installed AVG. Since then things have been fine, but, after reading this thread - I don't know. It does it's check but allways comes back "no virus found". So, is it missing things?
I'm with Westnet with all their anti ------ things but is this enough. I realy don't want to go back to Norton because I think it's not a program for the uneducated [like me]
What to do ???????
Ashore
1st May 2006, 04:57 PM
As I said I put the question to the forum knowing that there were a lot of IT people here and the results that came back led me to buy the VET Anti Virus product :cool:
Toolin Around
1st May 2006, 05:34 PM
I worked 2 years for a firm in Canada that looked after about 7000 computers and servers for the Attorney Generals Office. Since I've been here they have been given the contract to look after the rest of the goverments also, bringing the total to over 30,000. Their choice of antivirus is Nortons. In the time I was there I never heard anyone bag on Nortons.
______________________
Same face new name
macca2
1st May 2006, 05:45 PM
I used pc-cillin for years and it was very good, however when I bought pc-cillin 2006 it stuffed everything up.
They don't tell you that you need better than my old 433mhz clunker to run it.
I am now running AVG with Zonealarms and am completely satisfied.
I can't get my money back like I would with GMC.
Toolin Around
1st May 2006, 06:13 PM
If you really want to see if your anti virus software is up to it, go to any crack site and search their data base and visit a few of their links. If your anti virus software doesn't start going off it's no good, cause I can guarantee you will get many many virus's and trojans from these sorts of sites. Now I don't really suggest you do that unless you're like me and were going to totally rebuild your system right after. Nothing like a good trial by fire though ;)
HJ0
1st May 2006, 06:47 PM
I installed norton a few years back, thing worked great until for some reason it started to play silly. After 3 hours on the phone with symantec tech, we managed to remove most of norton lol.
Then came the serious part... for some unknown reason norton does not like getting reinstalled on the same pc twice(well my pc anyway). So over several weeks norton advised me to return it for a full refund(only took 12 weeks)
Now the av programs i run are mostly free and simple , some even talk back lol. but i find running in anonymous mode has removed the need for most of them. Not to mention the time it saves scanning.
HJ0
Master Splinter
3rd May 2006, 01:58 AM
Nortons. Can't stand it. Resource hog, and it seems to think that it knows better than me...and worse than that, it costs money.
Its fine in a corporate situation where you have IT savvy people looking after it, but on a home PC its a pain.
I've been using avast!. It's free for home use, it updates daily, and the updates take around 30 seconds on dial up.
I visit a reasonable selection of warez sites and it hasn't let anything slip through. Or if something has slipped through, its hiding lower than a Sony Rootkit and even Process Explorer can't ferret it out.
jow104
4th May 2006, 01:12 AM
Where did you go knowing you would find some viruses?
Microsoft download web page?:)
ubeaut
4th May 2006, 08:58 AM
After about 8 years with out it I have just gone back to full Norton Security system on all 3 of my computers. I had used a variety different virus programs on 4 computers with seemingly no problems.
Installed Norton on one computer and picked up 14 viruses of varying degrees of risk along with 2 on a cd which I had been using for over 4 years and hadn't been detected by any of the others.
Have since paid for and installed Norton on two other machines and in both instances picked up a number of viruses that were missed by other programs.
The one with the least problems was using Quick Heal for almost 7 years but changed last year to Mcafee and AGV to try them out both of which picked up or appeared to pick up nothing.
Also worth noting the cost of purchasing Norton for 2 years with full support and extended download directly from Norton is almost half the price in US$ than it is for a 1 year download on the Aussie $ site even after conversion of currency.
Cheers - Neil :)
PS other programs I have used Quick Heal, pc-cillin, Mcafee, Vet, AVG.
Paid for 2 years worth of Norton for each computer so will see when the time is up if I will stay with Norton for the long haul or not. At the moment I reckon I am way in front in the protection stakes. However as has already been mentioned in earlier posts, I wouldn't want to be running it on anything but late mode machines with lots of memory and at least ADSL or cable internet.
kiwigeo
6th May 2006, 04:22 PM
Where did you go knowing you would find some viruses?
Microsoft download web page?:)
Windows.........the worlds biggest virus.
Eddie Jones
6th May 2006, 04:59 PM
Both missed, what I think is a new variant, on an old Trojan (drwatson).
Err, no. Dr Watson is not a Trojan or a virus. It is in fact part of the standard error-reporting system built into Windows.
DavidG
7th May 2006, 12:39 AM
Something to remember.
When a virus checker says it has found a virus all it has found is a set of binary numbers that the manufacturer has defined as being the signature of a particular virus but it may not actually be the virus file.
Some virus checkers signatures are a little too sensitive (read as - Not well defined) and are triggered by other benign files.
Do not believe that just because the virus checker says that it found a virus that there actually is one. (Could be)
Used to have a txt file that showed up as a virus.:eek: :D :D
edit:
Found it. eicar test file. See eicar.com
Save the following as a .com file and you virus checker should go ape.
X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*
Skew ChiDAMN!!
7th May 2006, 01:44 AM
Both missed, what I think is a new variant, on an old Trojan (drwatson).
Err, no. Dr Watson is not a Trojan or a virus. It is in fact part of the standard error-reporting system built into Windows.
Errmm... actually there is a virus called DrWatson, which infects DOS .COM files. (ref: here (http://www.symantec.com/avcenter/venc/data/drwatson.html) for more info)
'Tis a rare, very low-threat virus and easily removed. But I sincerely doubt that what Eddie is finding is this virus... I'd say his VC's heuristic settings are too high and, as I think you're saying, it's picking up the Win Debugger.
Toolin Around
7th May 2006, 05:28 PM
Both missed, what I think is a new variant, on an old Trojan (drwatson).
Err, no. Dr Watson is not a Trojan or a virus. It is in fact part of the standard error-reporting system built into Windows.
Err, no. Believe what ever you like - I don't care. But I've done my research.
Toolin Around
7th May 2006, 05:35 PM
Errmm... actually there is a virus called DrWatson, which infects DOS .COM files. (ref: here (http://www.symantec.com/avcenter/venc/data/drwatson.html) for more info)
'Tis a rare, very low-threat virus and easily removed. But I sincerely doubt that what Eddie is finding is this virus... I'd say his VC's heuristic settings are too high and, as I think you're saying, it's picking up the Win Debugger.
There's a variation that overwrites and or creats a drwatson.exe file not the drwatson.com file
Eddie Jones
7th May 2006, 06:21 PM
Err, no. Believe what ever you like - I don't care. But I've done my research.
Well I strongly suggest that you do a little more research. Note that this site is Microsoft. They probably have some knowledge of their own OS's.
http://support.microsoft.com/default.aspx?scid=kb;EN-US;308538
ozwinner
7th May 2006, 06:33 PM
You are both right.
http://securityresponse.symantec.com/avcenter/venc/data/drwatson.html
So tomorrow at dawn, its mouses at 10 paces.
Al :p
jow104
7th May 2006, 06:46 PM
3 weeks ago I put some cash into a new bank account (building society) and on the application form they requested my email address. They replied to me with a welcome to my email address, and ever since I have had an unknown correspondent appearing everyday on my mails. I have deleted the correspondent without opening this mail.
I closed down the account the day after the welcome from the bank because I think there is still a risk on any online type of banking.
My server will not stop these mails coming in or discuss what the content is on these mails.
WHAT CAN I DO PLEASE?
ozwinner
7th May 2006, 06:49 PM
Do you have internet security in place?
Blockers, deleters?
Al :)
jow104
7th May 2006, 06:56 PM
Do you have internet security in place?
Blockers, deleters?
Al :)
I have got the Norton internet security 2006. Thats is why I hijacked this thread!
But it is not stopping this mail.
Incidentally yesterday the Shell garages in the UK had to stop using chip and pin cards at their outlets, Customers credit card accounts are being raided by some fraud. (millions of pounds invovled) So much for chip and pin benefitting the customer.
ozwinner
7th May 2006, 06:58 PM
Right click the email and tell norton to scan.
Al :)
jow104
7th May 2006, 07:11 PM
Right click the email and tell norton to scan.
Al :)
Thanks Al. That's something new I've learnt today.
Now all I have got to do is wait until tomorrow and try that on the next one.
The day after we are going on our hols. for 21 days. So I will have plenty to practice on when we return.
Toolin Around
7th May 2006, 09:26 PM
Well I strongly suggest that you do a little more research. Note that this site is Microsoft. They probably have some knowledge of their own OS's.
http://support.microsoft.com/default.aspx?scid=kb;EN-US;308538
Well you sure know how to use MS Knowledge base, good onya! Now I suggest you expand you horizons and include google, yahoo and or a few other search engines to give you a better picture of what is actually going on.
Toolin Around
7th May 2006, 09:36 PM
You are both right.
http://securityresponse.symantec.com/avcenter/venc/data/drwatson.html
So tomorrow at dawn, its mouses at 10 paces.
Al :p
This one gives more details and I believe it's a different trojan than the one described in your link. http://www.symantec.com/avcenter/venc/data/bat.install.trojan.html
Toolin Around
7th May 2006, 10:09 PM
Thanks Al. That's something new I've learnt today.
Now all I have got to do is wait until tomorrow and try that on the next one.
The day after we are going on our hols. for 21 days. So I will have plenty to practice on when we return.
The easiest way to describe how to block senders is to tell you to go to the help index of your email software. If it's Outlook just press F1 and type in "block sender" and it should give you the answer.
If you are using outlook (not outlook express) you can get information on the sender without opening it. Right click the email and select options. At the bottom of the options window is a box that's titled Internet Headers. At the top of that box it should say: "Return-Path: (senders email address)" Take that email address and do a google search on it and see what comes up. Most legit companies have email addresses that identify them in it (I.e.
[email protected]) If it doens't, phone the bank you believe sent you the original suspect email and ask them to verifiy if it's theirs. Let us know what comes up
Toolin Around
8th May 2006, 08:30 AM
Well I strongly suggest that you do a little more research. Note that this site is Microsoft. They probably have some knowledge of their own OS's.
http://support.microsoft.com/default.aspx?scid=kb;EN-US;308538
I forgot to include in this thread a very important part. It was drwatson32.exe that was trying to call home on my machine. I am more than aware what drwatsonis. This is a thread expaining what dreatson32 is http://www.symantec.com/avcenter/venc/data/pf/trojan.dremn.html
I got confused, I had explained the difference between drwatson32.exe drwtsn32.exe in a different thread not this one. So when it tried to phone home I got curious and did a whois on it, only to find it wasn't trying to contact a MS ip.
My appologies I had the impression you were having a go at me (hence the the reation).
woodyjow
8th May 2006, 08:12 PM
to tooling around.
Loooking at your reply under a new registerred name (on my holdiays) the emails have kept coming in daily but always have a different sender name.
woodyuk
Toolin Around
8th May 2006, 11:06 PM
to tooling around.
Loooking at your reply under a new registerred name (on my holdiays) the emails have kept coming in daily but always have a different sender name.
woodyuk
You've got to treat you email address like you your personal information and not give it out to anyone you don't absolutely trust. And I don't think banks are on my trust list.
Sounds like your email address has made it on a spammers list. About the only thing you can do is learn to recognise which are good and which are bad and just delete the crap. It will die off eventually and then a couple months later start up again...
ozwinner
9th May 2006, 04:46 PM
Ive had the same email address for about 4 years, I never got any spam until I had a disputed transaction on Ebay, now Im flooded with offers for viagra, penis enlargements etc.
So being the kind fella that I am, I signed him up to all kinds of sites.
Al :p
woodyjow
9th May 2006, 10:23 PM
here are some more good tips from the uk forum re spam .
http://www.ukworkshop.co.uk/forums/viewtopic.php?t=9869
Toolin Around
9th May 2006, 11:31 PM
Ive had the same email address for about 4 years, I never got any spam until I had a disputed transaction on Ebay, now Im flooded with offers for viagra, penis enlargements etc.
So being the kind fella that I am, I signed him up to all kinds of sites.
Al :p
Did ya buy any viagra at least?
Toolin Around
9th May 2006, 11:38 PM
here are some more good tips from the uk forum re spam .
http://www.ukworkshop.co.uk/forums/viewtopic.php?t=9869
I like the one where you register the email address.