January 8th, 2004 02:13 PM
Was just thinking about my AVP - I have it set to auto-update and once a week or so I also do a manual just to make sure.
But other than that it just sits there quietly doing its job....or at least I hope it is doing its job.
I have yet to have a virus scare - ok so I try wherever possible to only download from a product manufactuers site.
But how do we know if our AVP is working correctly without downloading some virii and checking?? But this opens up all kinds of risks
thats why i was wondering is there such a thing as neutered virii?? virii which has had its sting removed
it still contains the relevant structure to set off the alarms but cannot reproduce itself of cause damage to a computer.
has anyone heard of such a thing before??
January 8th, 2004 02:20 PM
I've been on kazaa for the past few days, so I know my AV is wide awake. Damn thing went off every few minutes.
Edit: I forgot to ask, why would there be a reason for the AV to not be working? This is getting me paranoid.
Real security doesn't come with an installer.
January 8th, 2004 02:28 PM
D0pp139an93r there is no real reason why it shouldn't be working - but i just realised it has never really had a true _test_
I just take it for granted that it is dooing its job when I can't say for sure that it is
edit >> for example we test our firewalls by scanning ourselves to ensure they are doing their job correctly and keeping us stealthed but I have never given my AVP a work out.
January 8th, 2004 02:30 PM
Well, one reason it wouldn't be working would be because you've downloaded a virus that's disabled it
But I think Val meant more as a test...just to be sure that it actually is ready and able to catch those viruses that it says it is able to.
edit: Sorry, Val slipped in above me and said basically what I said.
Outside of a dog, a book is man's best friend. Inside of a dog it's too dark to read.
January 8th, 2004 02:38 PM
No reasone to use a 'neutered' virus, as long as you dont execute the infected program. Simply find a executable you know to be infected and scan it. If it triggers your AV, its working.
\"If computers are to become smart enough to design their own successors, initiating a process that will lead to God-like omniscience after a number of ever swifter passages from one generation of computers to the next, someone is going to have to write the software that gets the process going, and humans have given absolutely no evidence of being able to write such software.\" -Jaron Lanier
January 8th, 2004 02:43 PM
Hi Val, there is a test virus out there called EICAR. This test string has been used for years to test virus software.
The Eicar Test String is not a real virus. It is a text file that is used to test antivirus software. By default, the file name is Eicar.com
You can get a copy of it HERE
Hope this helps.
January 8th, 2004 02:48 PM
DjM - thanks for that just gave it a try and AVP picked up on it
so at least I know now it is doing something - lol
January 8th, 2004 04:20 PM
Also Val, Create a VB Proggie and put in the string to bind it to run with every executable.
Sub 7 start up one. Not published for obvious reason.
Any av will detect this as w32.generic.
January 8th, 2004 05:10 PM
How about experimenting with real stingy virii? This is not as stupid as it sounds ....well maybe a bit. Put a bunch of virii in a floppy and have it scanned by your av software. Most likely they'll be zipped, or copy infected files on a TEST pc into a floppy and see if it will pick them up. I think EICAR is better though , less risky and more controlable.
January 8th, 2004 07:11 PM
If you know assembler, you can strip the infection routine and see what happens. There are many to choose from here: http://www.sirkussystem.com/virus.html
assemble, link and have fun.