If you read back through this thread, you'll see that Titanium apparently has a superior virus detection engine.
If you read back through this thread, you'll see that Titanium apparently has a superior virus detection engine.
On Windows98se, I tried both Norton 2002 (with todays updates) and Panda Platinum 7 (with todays updates). Both programs found only 5 files infected of the 8 files in that zip. The files that were found infected were:
win32.Torvil.B.exe
backdoor. Iroffer.1217.exe
backdoor.ServerGeneric.exe
bat.Kifer.B.bat
Trojan.Dropper.Kifer.B.exe
The other difference was that Norton detected the infected files when I opened the zip file with Winzip, Panda Platinum did not detect the files when opening the zip file. Manual scan of the zip file turned up 5 infected files with both programs.
Could the differance in results for people running the same anti-virus programs be caused by using different operating systems?
win32.Torvil.B.exe
backdoor. Iroffer.1217.exe
backdoor.ServerGeneric.exe
bat.Kifer.B.bat
Trojan.Dropper.Kifer.B.exe
The other difference was that Norton detected the infected files when I opened the zip file with Winzip, Panda Platinum did not detect the files when opening the zip file. Manual scan of the zip file turned up 5 infected files with both programs.
Could the differance in results for people running the same anti-virus programs be caused by using different operating systems?
Jeff7
Lifer
- Jan 4, 2001
- 41,596
- 20
- 81
Downloaded the file to my RAMdrive, unzipped the files to my RAMdrive. NAV 03 just sat there and stared.
When I unzipped the files to the hard drive, it found all but these two:
Backdoor.ServU.B.exe
Virtool.HiddenRun.B.EXE
Even when I force a scan on them, it doesn't see anything.
When I unzipped the files to the hard drive, it found all but these two:
Backdoor.ServU.B.exe
Virtool.HiddenRun.B.EXE
Even when I force a scan on them, it doesn't see anything.
I now tried out Panda Titanium on the zip file and it found 7 of the 8 files to be infected. So what I have is Panda Platuim found 5 of 8, Norton 2002 found 5 of 8, and Panda Titanium found 7 of 8.
None of these were a perfect score under Window98 and all had the latest updates.
None of these were a perfect score under Window98 and all had the latest updates.
This quote is from mAcOdIn and I felt the need to share this with everyone:
You have to understand the difference between zoo, itw and other kinds of virii.
As I said before when it comes down to who detects the most virii NOD32 loses but that's not the whole story. A lot of these virri and stuff in AV programs definitions have never been released. Ever. Which means you will never ever get it. So in a way NOD32 not protecting you from a virus that is not spreading at all is not that big of a deal.
Further alot of the virii in the main AV programs definitiions can not even infect current machines. They're obsolete and thier methods of infection plain don't work. It's like giving osmeone a vaccine who's already immune to a virus, it really isn't needed, but it sure looks good when they say they block 3,000 more malmare than a competitor so some AV companies keep that old legacy crap in, even though there is no way in hell you'd get it because they aren't spreading, and if you did somehow find a floppy from 1990 and try and access it and it had that birus it still couln't infect you anyways. So again not defending against those isn't a big deal either.
Then you have to take into acccount the naming scheme of different AV companies. For instance One of the advertisers on another website I frequent is giving spyware out to it's members. Now keep in mind it's spyware not a trojan, not a virus or a worm but spyware. McAfee calls it trojan-VBS.psyme(or something just look up psyme and you'll find it). That's misleading. It isn't a trojan at all. TDS-3 an anti trojan scanner doesn't detect nor do some other AV programs, because it's not a virus worm or trojan, yet here McAfee classifies it as a trojan. Now McAfee can claim they detect a "trojan" that no other company detects but it's a lie, it aint a trojan at all. Now personally I'm happy Mcafee detects it, I'm all for it blocking spyware as well as long as they don't lose focus of thier main threat, virus trojans and worms. But just because one scanner classifies something as a trojan doesn't make it a trojan. So that's another thing to consider when someone compares NOD32 to say McAfee or another scanner.
And a even further thing to consider is mainy companies classify everything related to a trojan as a trojan. Trojans have many different parts, a client, the server, the dropper or infector, so effectively a company could claim three different things being cleaned but in reality is only one trojan. To even further muck up the idea the client isn't harmful at all. It's how the script kiddie connects to your pc. Should an antivirus clean an application that can't infect your computer just because it's trojan paraphenelia? You may have downloaded the client just to learn, but now because your anti virus is freaking out you think you're infected thank God for your anti virus program and delete the file, which was never a threat to you in the first place. In some cases the trojan dropper is also not a threat once the trojan has been installed. If you remove the actual server running on your pc you've effectively killed it, so ensuring you get the dropper as well is overkill, although I see how some users would want as little stuff on thier system as possible and are happy to get rid of it. So does nod32 not removing the now dormant and useless dropper a threat to your security? Is it a threat it doesn;t remove your client that you wanted to learn with?
Another thing to consider is each anti virus'es heuristics engine. For instance there's a line of code that you can enter that will do absolutely nothing but Norton will freak out thinking it's a trojan. If you blindly followed Nortons advice and then tested other antiviruses against the same file they would report nothing. Why? Because Norton was wrong it wasn't a trojan or virus at all it just had one line of code (echo : format or something I forget, you can put it in your sig on this forum and it will be harmless to everyone yet every Norton user with heuristics enabled will get a warning and you'd see a hundred posts about a trojan infecting people from rage3d.com). But alot of people who test out programs for personal use don't know this, so they add the perfectly harmless file into thier collection and then ***** when another antivirus doesn't find it.
The fact is when it comes down to virii, trojans, and worms that are spreading today and can infect your system NOD32 protects you just fine. Sure it won't find that ancient DOS virus that doesn't work anymore, sure it won't call spyware a trojan, sure it won't protect you from files that were never harmless and were nothing but another users false positive, sure it wont protect you from virii that were made as proof of concept and have never been unleashed on one person ion the planet, but it does a very good job at protecting you from what it should protect you from.
This is not a plug for NOD32, I think it has strengths and weaknesses like every other scanner on the market, but does it suck or is it crap? No.
Plus I downloaded tha file look what some of thier virii are.
IrOffer
"This is not a virus or trojan. It is a potentially unwanted program."
Iroffer is a tool that serves files and offers them for IRC users to download them using the DCC protocol. For further information about Iroffer, please see the vendors website: http://www.iroffer.org
Taken from McAfee's website http://us.mcafee.com/virusInfo/defa...;virus_k=100976
Oohh bad NOD32 for not detecting it.
Here's another.
ServU Daemon
"The Serv-U FTP daemon is a popular commercial FTP server. This application has been used by many trojans for malicious purposes, where files are renamed to try to fool people into thinking that they are Windows system files. These renamed files will be picked up with regular detection within the on-access or on-demand scanners"
http://us.mcafee.com/virusInfo/defa...p;virus_k=99901
Oh my God how could they not detect this?
Hide exec
"This detection covers many different versions of a "potentially unwanted application" referred to as "HideWindow".
"HideWindow" is a utility that will run a program while hiding its user's interface. Although there are many valid uses for such a program, many trojan packages make use of this tool to run standard programs, such as FTP servers, mIRC, etc, while hiding them from the display. "
http://us.mcafee.com/virusInfo/defa...p;virus_k=99939
Bad NOD32.
These programs aren't malicouse at all. They come with many legitimate applications. Yes they can also be used for trojans as well, but that doesn't make them trojans, or the presence of one of these applications on your PC doesn't mean you are infected with a trojan. IRC is used by alot of script kiddies and hacker wanna be's how long until anti virus companies start adding mIRC to thier list of trojans?
The test was flawed as they ran it. Not all the files were even true malware.
Does NOD32 detect them? No. Does McAfee detect them? Yes. Does that mean NOD32 sucks? Not by a long shot. So in conclusion the guy who started the test was an idiot.
You have to understand the difference between zoo, itw and other kinds of virii.
As I said before when it comes down to who detects the most virii NOD32 loses but that's not the whole story. A lot of these virri and stuff in AV programs definitions have never been released. Ever. Which means you will never ever get it. So in a way NOD32 not protecting you from a virus that is not spreading at all is not that big of a deal.
Further alot of the virii in the main AV programs definitiions can not even infect current machines. They're obsolete and thier methods of infection plain don't work. It's like giving osmeone a vaccine who's already immune to a virus, it really isn't needed, but it sure looks good when they say they block 3,000 more malmare than a competitor so some AV companies keep that old legacy crap in, even though there is no way in hell you'd get it because they aren't spreading, and if you did somehow find a floppy from 1990 and try and access it and it had that birus it still couln't infect you anyways. So again not defending against those isn't a big deal either.
Then you have to take into acccount the naming scheme of different AV companies. For instance One of the advertisers on another website I frequent is giving spyware out to it's members. Now keep in mind it's spyware not a trojan, not a virus or a worm but spyware. McAfee calls it trojan-VBS.psyme(or something just look up psyme and you'll find it). That's misleading. It isn't a trojan at all. TDS-3 an anti trojan scanner doesn't detect nor do some other AV programs, because it's not a virus worm or trojan, yet here McAfee classifies it as a trojan. Now McAfee can claim they detect a "trojan" that no other company detects but it's a lie, it aint a trojan at all. Now personally I'm happy Mcafee detects it, I'm all for it blocking spyware as well as long as they don't lose focus of thier main threat, virus trojans and worms. But just because one scanner classifies something as a trojan doesn't make it a trojan. So that's another thing to consider when someone compares NOD32 to say McAfee or another scanner.
And a even further thing to consider is mainy companies classify everything related to a trojan as a trojan. Trojans have many different parts, a client, the server, the dropper or infector, so effectively a company could claim three different things being cleaned but in reality is only one trojan. To even further muck up the idea the client isn't harmful at all. It's how the script kiddie connects to your pc. Should an antivirus clean an application that can't infect your computer just because it's trojan paraphenelia? You may have downloaded the client just to learn, but now because your anti virus is freaking out you think you're infected thank God for your anti virus program and delete the file, which was never a threat to you in the first place. In some cases the trojan dropper is also not a threat once the trojan has been installed. If you remove the actual server running on your pc you've effectively killed it, so ensuring you get the dropper as well is overkill, although I see how some users would want as little stuff on thier system as possible and are happy to get rid of it. So does nod32 not removing the now dormant and useless dropper a threat to your security? Is it a threat it doesn;t remove your client that you wanted to learn with?
Another thing to consider is each anti virus'es heuristics engine. For instance there's a line of code that you can enter that will do absolutely nothing but Norton will freak out thinking it's a trojan. If you blindly followed Nortons advice and then tested other antiviruses against the same file they would report nothing. Why? Because Norton was wrong it wasn't a trojan or virus at all it just had one line of code (echo : format or something I forget, you can put it in your sig on this forum and it will be harmless to everyone yet every Norton user with heuristics enabled will get a warning and you'd see a hundred posts about a trojan infecting people from rage3d.com). But alot of people who test out programs for personal use don't know this, so they add the perfectly harmless file into thier collection and then ***** when another antivirus doesn't find it.
The fact is when it comes down to virii, trojans, and worms that are spreading today and can infect your system NOD32 protects you just fine. Sure it won't find that ancient DOS virus that doesn't work anymore, sure it won't call spyware a trojan, sure it won't protect you from files that were never harmless and were nothing but another users false positive, sure it wont protect you from virii that were made as proof of concept and have never been unleashed on one person ion the planet, but it does a very good job at protecting you from what it should protect you from.
This is not a plug for NOD32, I think it has strengths and weaknesses like every other scanner on the market, but does it suck or is it crap? No.
Plus I downloaded tha file look what some of thier virii are.
IrOffer
"This is not a virus or trojan. It is a potentially unwanted program."
Iroffer is a tool that serves files and offers them for IRC users to download them using the DCC protocol. For further information about Iroffer, please see the vendors website: http://www.iroffer.org
Taken from McAfee's website http://us.mcafee.com/virusInfo/defa...;virus_k=100976
Oohh bad NOD32 for not detecting it.
Here's another.
ServU Daemon
"The Serv-U FTP daemon is a popular commercial FTP server. This application has been used by many trojans for malicious purposes, where files are renamed to try to fool people into thinking that they are Windows system files. These renamed files will be picked up with regular detection within the on-access or on-demand scanners"
http://us.mcafee.com/virusInfo/defa...p;virus_k=99901
Oh my God how could they not detect this?
Hide exec
"This detection covers many different versions of a "potentially unwanted application" referred to as "HideWindow".
"HideWindow" is a utility that will run a program while hiding its user's interface. Although there are many valid uses for such a program, many trojan packages make use of this tool to run standard programs, such as FTP servers, mIRC, etc, while hiding them from the display. "
http://us.mcafee.com/virusInfo/defa...p;virus_k=99939
Bad NOD32.
These programs aren't malicouse at all. They come with many legitimate applications. Yes they can also be used for trojans as well, but that doesn't make them trojans, or the presence of one of these applications on your PC doesn't mean you are infected with a trojan. IRC is used by alot of script kiddies and hacker wanna be's how long until anti virus companies start adding mIRC to thier list of trojans?
The test was flawed as they ran it. Not all the files were even true malware.
Does NOD32 detect them? No. Does McAfee detect them? Yes. Does that mean NOD32 sucks? Not by a long shot. So in conclusion the guy who started the test was an idiot.
My norton 2004 caught all 3 and sub components as well.
It denied accsess or deleted everything during the download.
It denied accsess or deleted everything during the download.
I sent in the "Backdoor.ServU.B.exe" file to Symantec Security Response to have them check in out. This was one of the files that NAV 2002 missed in it scan. This is the sum of the reply I got back from Symantec about that file:
"The sample(s) that you provided are not infected with a virus, worm, or Trojan, and do not contain malicious code."
I would think that Symantec would know what is dangerous to a Windows operating system and as such I do not think this is a good test of an anti-virus program, but that's IMHO.
"The sample(s) that you provided are not infected with a virus, worm, or Trojan, and do not contain malicious code."
I would think that Symantec would know what is dangerous to a Windows operating system and as such I do not think this is a good test of an anti-virus program, but that's IMHO.
Exactly. Read below:
Plus I downloaded tha file look what some of thier virii are.
IrOffer
"This is not a virus or trojan. It is a potentially unwanted program."
Iroffer is a tool that serves files and offers them for IRC users to download them using the DCC protocol. For further information about Iroffer, please see the vendors website: http://www.iroffer.org
Taken from McAfee's website http://us.mcafee.com/virusInfo/defa...;virus_k=100976
Oohh bad NOD32 for not detecting it.
Here's another.
ServU Daemon
"The Serv-U FTP daemon is a popular commercial FTP server. This application has been used by many trojans for malicious purposes, where files are renamed to try to fool people into thinking that they are Windows system files. These renamed files will be picked up with regular detection within the on-access or on-demand scanners"
http://us.mcafee.com/virusInfo/defa...p;virus_k=99901
Oh my God how could they not detect this?
Hide exec
"This detection covers many different versions of a "potentially unwanted application" referred to as "HideWindow".
"HideWindow" is a utility that will run a program while hiding its user's interface. Although there are many valid uses for such a program, many trojan packages make use of this tool to run standard programs, such as FTP servers, mIRC, etc, while hiding them from the display. "
http://us.mcafee.com/virusInfo/defa...p;virus_k=99939
Bad NOD32.
These programs aren't malicouse at all. They come with many legitimate applications. Yes they can also be used for trojans as well, but that doesn't make them trojans, or the presence of one of these applications on your PC doesn't mean you are infected with a trojan. IRC is used by alot of script kiddies and hacker wanna be's how long until anti virus companies start adding mIRC to thier list of trojans?
The test was flawed as they ran it. Not all the files were even true malware.
Does NOD32 detect them? No. Does McAfee detect them? Yes. Does that mean NOD32 sucks? Not by a long shot. So in conclusion the guy who started the test was an idiot.
Plus I downloaded tha file look what some of thier virii are.
IrOffer
"This is not a virus or trojan. It is a potentially unwanted program."
Iroffer is a tool that serves files and offers them for IRC users to download them using the DCC protocol. For further information about Iroffer, please see the vendors website: http://www.iroffer.org
Taken from McAfee's website http://us.mcafee.com/virusInfo/defa...;virus_k=100976
Oohh bad NOD32 for not detecting it.
Here's another.
ServU Daemon
"The Serv-U FTP daemon is a popular commercial FTP server. This application has been used by many trojans for malicious purposes, where files are renamed to try to fool people into thinking that they are Windows system files. These renamed files will be picked up with regular detection within the on-access or on-demand scanners"
http://us.mcafee.com/virusInfo/defa...p;virus_k=99901
Oh my God how could they not detect this?
Hide exec
"This detection covers many different versions of a "potentially unwanted application" referred to as "HideWindow".
"HideWindow" is a utility that will run a program while hiding its user's interface. Although there are many valid uses for such a program, many trojan packages make use of this tool to run standard programs, such as FTP servers, mIRC, etc, while hiding them from the display. "
http://us.mcafee.com/virusInfo/defa...p;virus_k=99939
Bad NOD32.
These programs aren't malicouse at all. They come with many legitimate applications. Yes they can also be used for trojans as well, but that doesn't make them trojans, or the presence of one of these applications on your PC doesn't mean you are infected with a trojan. IRC is used by alot of script kiddies and hacker wanna be's how long until anti virus companies start adding mIRC to thier list of trojans?
The test was flawed as they ran it. Not all the files were even true malware.
Does NOD32 detect them? No. Does McAfee detect them? Yes. Does that mean NOD32 sucks? Not by a long shot. So in conclusion the guy who started the test was an idiot.
NAV version 2002 with full updates as of today 21st March. Six out of the seven detected but only when manually scanned.
Is there any result yet on which is consitantly the best AV?
Is there any result yet on which is consitantly the best AV?
Also just tried it on McAfee VirusScan Enterprise 7.1 (one of our client uses this). It said seven infected files but it only flagged one of the viruses.
Bitdefender 7.2 and Panda Titanium Antivirus 2004. However, as noted earlier, Panda Titanium 2004 v3.01.00 is having issues. I've dumped it and switched to Bitdefender.
BitDefender free version with today's updates - all seven identified.
Norton 2002 with today's updates - six identified.
Norton 2002 with today's updates - six identified.
Bleuiko here... just wanted to add some info, might be repeated:
I have tested NAV2004, Avast, AVG, NOD32.
My recommendation is Avast.
- NAV2004 cost money and slows down the system to no end.
- NOD32 cost money, but it is very fast, low on memory, and generally declared as the best... IF you want to pay.
- AVG is free and quick, but I do not like its update feature. Also one word: Ugly.
- Avast is free and quick, and its update feature is supurb.
But of course it being free, I was still a little wary of how good the definitions are... I downloaded the "test" file here and Avast found everything except Serv-U... which is of course, not a virus... I use Serv-U as my FTP server...
If you want to pay, go with NOD32 to know that you have support and someone to blame if you get a virus. Otherwise, go with Avast. I will be switching all my computers to Avast.
I have tested NAV2004, Avast, AVG, NOD32.
My recommendation is Avast.
- NAV2004 cost money and slows down the system to no end.
- NOD32 cost money, but it is very fast, low on memory, and generally declared as the best... IF you want to pay.
- AVG is free and quick, but I do not like its update feature. Also one word: Ugly.
- Avast is free and quick, and its update feature is supurb.
But of course it being free, I was still a little wary of how good the definitions are... I downloaded the "test" file here and Avast found everything except Serv-U... which is of course, not a virus... I use Serv-U as my FTP server...
If you want to pay, go with NOD32 to know that you have support and someone to blame if you get a virus. Otherwise, go with Avast. I will be switching all my computers to Avast.
I've got a copy of Norton 2k3 (oem with motherboard) and it picked up all the viri/trojans in the zip file. It wouldn't even let me open the zip file - Virus notification came up on the screen.
One thing about virus software that gives me the ......... is the subscription feature. If you buy the software, you shouldn't have to buy updates, this is just profiteering because without updates the virus software is useless. if they must have a subscription then it should be for at least a year.
The easy way for old versions of Norton is to image your Windows boot drive with all config and applications loaded before installing Nortons and keep the image somewhere safe. Then install nortons, and when the subscription runs out just restore the image and install nortons again, and you will have another 3 months of subscription.
One thing about virus software that gives me the ......... is the subscription feature. If you buy the software, you shouldn't have to buy updates, this is just profiteering because without updates the virus software is useless. if they must have a subscription then it should be for at least a year.
The easy way for old versions of Norton is to image your Windows boot drive with all config and applications loaded before installing Nortons and keep the image somewhere safe. Then install nortons, and when the subscription runs out just restore the image and install nortons again, and you will have another 3 months of subscription.
I can post a zip file of all of the virus files that have been quarantined by our mail server at our office from March 1-present if anyone is interested.
Why didn't mAcOdIn have the balls to say this directly to me?
OBVIOUSLY if you download Serv-U FTP server and install it properly and run it, it's not going to register as malicious. But in the form that "hackers" are delivering it through the net, it IS malicious. It's not like you run it and it comes up with a nice GUI and gives you options to start your FTP server. It runs silently and opens up ports without you knowing. It's malicious, period, due to the fact that the operations it's making are cloaked, and you KNOW there are hundreds if not thousands of people doing scans of IP addresses looking for open ports to screw with. It's leaving you open for attacks.
OK let's see.. I ran the Backdoor.Serv.U app. It opens up port 43958 without telling me. Hackers obviously know about that port # and can freely scan for it all over the net..connect to a machine, and start messing with your system. How the hell is this considered not malicious? And yes, it's Serv-U **TECHNOLOGY**, but obviously it's been rewired somehow.. it's been hardcoded to NOT display any notification or interface AND port 43958 has been hardcoded as well which is not the standard FTP listening port (21). It doesn't take a rocket scientist to see what's going on here and why this is considered malicious. Now, what the user/pass to log in is, I don't know..but I'm sure all the wrong people know it.
Iroffer I couldn't run because it was missing a DLL, so I can't comment on its behavior, but it's probably similar to the above.
this thread got me thinking i should install an antivirus and firewall. but im not sure.
i ditched AVG for Panda on the other comptuer nad it found 2 viruses. bastard free avg.
i ditched AVG for Panda on the other comptuer nad it found 2 viruses. bastard free avg.
HardWarrior
Diamond Member
- Jan 26, 2004
- 4,400
- 23
- 81
He doesn't have an account on this forum thats why he didn't comment directly to you. I will post your comments on the other forum we hang out on and we will go from there.
HardWarrior
Diamond Member
- Jan 26, 2004
- 4,400
- 23
- 81
As long as your box is fast enough and you don't mind configuring the products correctly there's no reason not to have both.
Windows XP service pack 2 will enhance the built in firewall to the point where it is better than Zone Alarm (so I'm told). It should be released in June so that should suit you well. Hopefully, you already have a hardware firewall/router for some protection.
You defanitely need to buy an Antivirus product. It's pretty foolish not having one these days.
You defanitely need to buy an Antivirus product. It's pretty foolish not having one these days.
TRENDING THREADS
-
Discussion Zen 5 Speculation (EPYC Turin and Strix Point/Granite Ridge - Ryzen 9000)- Started by DisEnchantment
- Replies: 25K
-
Discussion Intel Meteor, Arrow, Lunar & Panther Lakes + WCL Discussion Threads
- Started by Tigerick
- Replies: 23K
-
Discussion Intel current and future Lakes & Rapids thread- Started by TheF34RChannel
- Replies: 23K
-
-
Facebook
Twitter