September 9th, 2003, 10:42 PM
I need some clarification (nav vs. kav)
My dad is mr. legal and hates to pirate software, and he doesn't want to spend "a lot extra" on kaspersky, because he buys licenses for all of our pcs (4). He thinks that norton ( ) is sufficient in protecting our computers/network from virii. I'm behind an NAT router and do regular av/windows updates. He told me to get some proof that kav is THAT much better than nav. I want to show him that nav is next to worthless, and takes little to no effort to get anything past it. I'd appreciate if you people could enlighten him a bit
(I'm going to print this and show it to him, he told me to find info from "real people" because reviews aren't "accurate".)
FYI: I'm using nav2k2 now and we're going to upgrade soon (hopefully kav)
September 9th, 2003, 11:03 PM
Question for you.
How do you perform you updates? Manually?
As for Norton's ability to protect your machine from Virii - It does the job, as long as you do yours.
You mentioned that Nav is worthless... Can you site examples.
Am a newbie. Much too much to learn and too little time :-)
September 9th, 2003, 11:08 PM
N00b> STFU i r teh 1337 (english: You must be mistaken, good sir or madam. I believe myself to be quite a good player. On an unrelated matter, I also apparently enjoy math.)
September 9th, 2003, 11:36 PM
Viper: Your are not exactly justified..... Thus - your dad is not wrong..... He may not be spot on.... but he isn't wrong....
Each AV company has to get a copy of an actual virus, study it, determine it's characteristics, find a signature and publish it. Now, if Norton gets it 1 hour before Mcafee then they _should_ come up with the new definition sooner.... and they probably would.
When it comes down to it it's a matter of what you prefer and in this case it seems like you prefer Kaspersky while your dad prefers Norton..... We could argue "Symantecs" all day, , but in the long run we will all be right about major AV systems....
The "name" systems work.... On any given day any one will work better than any other.... it's a fact of life.....
Rider: I like Norton/Symantec..... But I use 2 AV systems before mail is allowed into my network..... Belt and braces....yeah.... am I right using either AV system over another.... I don't really know..... They are all so close to being "right"
Don\'t SYN us.... We\'ll SYN you.....
\"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides
September 10th, 2003, 02:23 AM
I'm talking in terms of PE encryption, scrambling, packing etc...just about any form of exe modification will render it undetected to norton, with the same activity not changing the kav signature at all. When a signature is added, it is added for the unmodified virus, it is the core of the av that determines its effectiveness. And kav is updated daily, while symantec updates usually (bi)weekly. For example, I take any "widely used" trojan, in this case, Optix pro. I use tElock to encrypt the PE headers, and scan it with norton, it will not pick it up. This is true for many main-line av's such as pc-cillin and some versions of mcafee, because all they do is check for the unmodified signatures. Now if you take this encrypted file, and scan it with kaspersky, it will get it, every time, unless you really know what you're doing, ex editing offsets or change the source sufficiently. I can upload the file if you people want to verify this for yourselves.
And the one I'd get, kav personal pro, is $90 or something.
Handy: I do all of my updates, av and windows manually, because auto always doesn't download 100% of whats available.
September 10th, 2003, 07:02 AM
You can find comparisons between different products on the VirusBulletin site. They do a fair good job of independent testing and reviews. There are other sites as well such as the one run by Andreas Marx <http://www.av-test.org/index.php3?lang=en> is also very good and he works his tail off to keep the info up to date. He's always working on new ways to test A/V software. I also trust his reviews.
Where\'s the ka-booom?
There was supposed to be an earth-shattering ka-booom!
September 10th, 2003, 02:20 PM
All major AV products "work" to an extent, some are better than others in some areas, many are not so good with trojans, and particularly spyware and adware. This is because the last three do not contain malicious code per se.................it is what people do with the code afterwards that is the problem.
My warning is that the more "sensitive" the AV is, the more likely it is to give you false positives.......then you start to ingnore it............then BANG!
I am also sceptical of these "all in one box" solutions, as I have not seen enough independent evidence as to how effective they are.
I would recommend that you search for the AnalogX site and check out their "free" products, particularly "script defender". Also mobiusware's site as they do something similar. These programs intercept attempts to run scripts from where they should not be run, so are more behavioural in their approach. Also try the DiamondCS.au site and look at some of their free tools, particularly the one that protects the Registry.
You should also gey AdAware 6.0 from lavasoft and SpyBot search & Destroy. Finally, have a look at WinPatrol from BillP Studios.
All these are complementary to a good AV. And remember that a lot of malware kills AV and Firewalls before it does its dirty deed. That is why you should consider complimentary secondary defences.
EDIT: I forgot to mention that some AV apps use a "Berkley sandbox" system, so they will let the app run in a constrained environment and see if it tries anything "naughty" before killing it.
Also, you may disguise the malware, but can you get it to run afterwards...........back to sensitivity. If the malware won't run, it isn't malware, so won't get reported? I guess that is down to the AV co's policy.
Hope that this helps
September 10th, 2003, 10:49 PM
Well I can get pretty much any virus past norton, not just trojans. And I already use ad-aware, great program for everyone.
September 10th, 2003, 11:00 PM
Please have a look at the other extra defences I suggested, no matter what AV you end up with. My question was rather stupid as to "but do they still work?" as you would put your system at risk............and the AV has already done its work by detecting the virus in the first place. I am sorry about that, I am used to having lab machines available to let one loose on to see what it does
Once again, sorry for asking a question that you would have had no sensible way of poviding the answer to.
Please have a look at e-safe from Aladdin industries............it is a rather interesting AV approach you might find?
September 10th, 2003, 11:43 PM
If you download the Intelligent Updater files manually, you'd see that Norton updates their definitions almost daily...
And kav is updated daily, while symantec updates usually (bi)weekly.
I do all of my updates, av and windows manually, because auto always doesn't download 100% of whats available
I agree with you there, but there's one thing which you forgot to do in your test. And that was to decrypt the file you encrypted. The second it is decrypted, NAV, or other main-stream antivirus program, will catch it, and either clean it or quarantine it. The reason NAV and other antiviral programs don't catch encrypted files is because they are harmless until they are decrypted.
For example, I take any "widely used" trojan, in this case, Optix pro. I use tElock to encrypt the PE headers, and scan it with norton, it will not pick it up. This is true for many main-line av's such as pc-cillin and some versions of mcafee, because all they do is check for the unmodified signatures. Now if you take this encrypted file, and scan it with kaspersky, it will get it, every time, unless you really know what you're doing, ex editing offsets or change the source sufficiently.