View Poll Results: Do you remove ZIP files from emails?
- 8. You may not vote on this poll
July 15th, 2004, 10:48 AM
Is Norton Anti-Virus Trust worthy?!?!
Hi, i just wanted to start the subject about Norton after experiencing some errors on my computer...
The problem: I am currently using Windows 2000 pro, and when ever i connect to the internet the same annoying thing happens, Win2000 pops up with its system error....saying that a file or something was terminated and save your files or it'll be lost...blah blah and windows will shut down and restart in 60secs. The file that was terminated was called isass.exe, and it was always happening once i got connected to the net, and it was seriously getting really annoying. so i look the file up and it turns out its a virus...(do not be mistaken, the file is called isass, not lsass) that confused me at first because the lowercase L looks like an uppercase i, so i look it up and lsass is a native windows file, but isass.exe is not.
info on isass.ex:
Process File: isass or isass.exe
Process Name: isass
Description: Virus added to the system as a result of variant of the OPTIX PRO TROJAN that opens TCP port 3410 and allows a hacker to control an infected computer.
System Process: No
Security Risk ( Virus/Trojan/Worm/Adware/Spyware ): Yes
Common Errors: N/A
BUT, after finding out that isass was a trojan, I check live update for Notron Anti-virus to check if my program was up to date on the latest viruses, and it was....the note came up saying that all my virus definitions were up to date ( 2004/7/15 ), which was just yesterday. so i unplug my internet connection and start a full system scan on my computer....The scan results came up as 31143 files scanned....and NONE INFECTED......this was the part that i got frustrated.....because i paid for the program...the subscription......and the results I get back.....well I dont like it....so yea I mean if anyone who has an idea on why Norton didnt pick it up....or if you dont think that people can rely on Norton than please post here...I personally dont know if it was Nortons fault on not picking it up...or some other reasons....
July 15th, 2004, 11:53 AM
That's because most antivirus products suck at detecting trojans and the like. What you need to do is also get a good anti-trojan program. TDS3 is good if you're willing to pay. Otherwise, SwatIt is a good free one.
July 15th, 2004, 11:57 AM
Thanks I'll look into those programs...
July 15th, 2004, 12:43 PM
They are cunning devils who write this malware............"looks like" or "sounds like" a valid system file is a common trick that they play. From what you say it sounds as if you had the "Sasser" virus.
cgkanchi is absolutely correct in his comments regarding most AV products and trojans/spyware/malware. They are not very good, and Norton is not even amongst the best. Neither is AVG for that matter. In a recent trial I read, Kaspersky scored 5/5, McAfee 4/5 and Norton 3/5, for example.
A lot of them will only spot a trojan because they recognise the dropper, rather than the trojan code itself, so it is very important to make sure that the heuristic scanning option is turned on, and that real time scanning takes place on opening a file.
cgkanchi mentions TDS3, go to their site and get RegistryProt..........it is a free tool that intercepts attempts to change the windows registry. OK it will let you stop the entry/reverse the change, which may well stop the malware running properly............but the stuff is still on your machine and will need to be dealt with. The link is :
Also go to:
Winpatrol is a good additional defence tool. Check out its features and tools. It also has a great cookie manager...............it accepts the cookie, makes soothing noises to the sender, then shreds it
And for your really paranoid moments:
"Winsonar" is an interesting tool for detecting background processes etc.
You should also get SpyBot Search & Destroy. Make sure you set it to run in "advanced mode" and use the immunisation tool.
AdAware 6 is another on demand scanning tool that will pick up things that SpyBot may not. I recommend using both, keep them up to date and run them regularly IN SAFE MODE.
You should also run your AV in safe mode, and with System Restore switched off (if you have ME or XP).
You must update all your scanning tools and AV on a regular basis, as they are reactive systems that tend to rely on pattern files, so they are highly unlikely to detect 0-Day malware, and will only detect stuff that has been identified up to the last pattern file update. This is why all AVs are inclined to miss things, particularly if they are not updated regularly.........like DAILY!
On a regular basis I run Trend Micro's "Housecall" which is an online scanner that is kept up to date on an hourly basis I think. It is free, as are the tools that I have mentioned.
I think that is enough to keep you going..............
July 15th, 2004, 01:17 PM
wow, nihil, thanks for the help man, I aready have spybot search and destroy, but i will look into the other programs that you pointed out for me. And yea...i dunno if i have the sasser or not yet? haha currently i dont want to stop playing my game, but i told my friend to bring me over a version of mcafee's stinger, and you mentioned winpatrol...that basically is a firewall isnt it? so yea i current use sygate on this laptop and keiro on my main pc. Thanks for you help
July 15th, 2004, 01:44 PM
Well Are you patched? uptodate?
dunno if i have the sasser or not yet?
If that is what was terminated then it was lsass.exe that is LSASS not iSASS the MS prog is spelt with only lower case letters..
The file that was terminated was called isass.exe
You couls have been probed with any number of Worms that use the LSASS Vulnerability to infect.. including SASSER, KORGO, I think even GAOBOT just to name a couple of the family members
So again How well patched is your box.. because some of those fellows PREVENT you from haveing effective Antivirus, and even prevents you from updateing the windows..
"Consumer technology now exceeds the average persons ability to comprehend how to use it..give up hope of them being able to understand how it works." - Me http://www.cybercrypt.co.nr
July 15th, 2004, 02:10 PM
Thanks Undies............I know I can rely on you to get the bits I miss out
Senate What Undies says is absolutely 200% correct, you must have your Windows and Browser up to date (fully patched) This is just as important as your firewall, AV and other malware detectors. It is a proactive (offensive) rather than reactive (defensive) action in the war against the bad guys
Winpatrol is NOT a firewall, it is an activity monitor. I have run it with Sygate, Kerio, Tiny and ZoneAlarm firewalls, and there is absolutely no conflict. It also works with PC-cillin, McAfee, AVG, e-Trust, anti-Vir and various other AV products. It also has a toolbox of stuff to let you manage startup proggys (very handy for resolving boot conflicts), BHOs and so on. Try it.......it's free for private use.
July 15th, 2004, 03:11 PM
There are several AV's that do well with trojans. Kaspersky and the various antivirus software using the Kaspersky engines all rate highly in trojan detection. Kaskpersky, at least the v4.5 slows my one year old machine down almost as much as Norton did, but I've never had anything get by either. Kaspersky is one of the top three, along with AVK and F-secure (or F-Prot), both of which use Kaspersky's engine. Norton came with this thing when I bought this box. It left as soon as the 3 month trial expired.
July 15th, 2004, 03:38 PM
Well, this is first hand AV testing. I have been using NAV for approximately 2 years with all Windows 2000 pro updates and patches and all NAV updates. After reading this post I thought "all hell I wanna try Kaspersky out." So I DL the trial version, loaded it up and it is awesome. I found 26 trogans that NAV didn't find on my machine. I was so ashamed when I saw that many trogans on the machine but I agree that Kaspersky is far superior to NAV.
Yeah thats right........I said It!
Ultimately everyone will have their own opinion--this is mine.
July 15th, 2004, 04:04 PM
OK, I have found the review/test I mentioned earlier.
Norton 2004 3/5
AVG (both) 2/5
Trend Micro II 1/5
That was for viruses and trojans, but it was the macros and trojans that let some of them down.
So, Chuck, it would seem that F-Prot is not one to go for, unless you are running DOS or 3.1x, as they are one of the few to have a product that still covers those OSes
OH, with the pro version of Kaspersky (expen$ive I know) there is a checksumming facility that greatly reduces performance lags.
Another little tip, after you have updated your AV , reboot into safe mode and run defrag............that will defragment the pattern file and make the interactive scanning work quicker