Is AVG better than Norton? - Page 2
Page 2 of 3 FirstFirst 123 LastLast
Results 11 to 20 of 23

Thread: Is AVG better than Norton?

  1. #11
    Some Assembly Required ShagDevil's Avatar
    Join Date
    Nov 2002
    Location
    New Jersey
    Posts
    718
    Well, I had a chance to browse over that Excel sheet and check out some test results. I'm assuming for Norton, if you didn't specifically mention it didn't clean it, I'm assuming Norton cleaned it? Another thing I wasn't so sure about was the "Type" heading. Anyways, here is what I found: The numbers in (#) are the numbers of occurences/copies found.

    AVG (These are infected files ONLY AVG found)
    ----------------------------------------------------------
    browserhelper2.dll


    BOTH (Both AV's found these files)
    -------------------------------------------
    actalert.exe (2)
    actalert[1].exe (1)
    Installer2.exe (1)
    optimize.exe (2)
    polall1l.exe (2) (Norton found 4 occurences/copies)
    TT.exe (1)
    T[1].exe (2)
    UnstSA2.exe (1)
    winmplayer.exe (1)



    Norton (These are infected files ONLY Norton found)
    -----------------------------------------------------------------
    bling.exe (1)
    system.exe (1)
    bargains.exe (1)
    conscorr.exe (3)
    exdl.exe (1)
    exul.exe (1)
    Key2.txt (1)
    lc.exe (2)
    ln_reco.exe (2)
    msbb.exe (1)
    msbbhook.dll (1)
    msbe.dll (1)
    nem220[1].dll (1)
    preInsln.exe (3)
    SyncroAdX.dll (1)
    tmb.exe (1)
    WebRebates0.exe (1)
    WebRebates1.exe (1)
    Wincomm.exe (2)
    WinComm[1].exe (2)

    Did I read the spreadsheet correctly? I'm hoping for AVG's sake, I didn't. Feel free to correct me if I'm wrong. Anyways, I wanted to mention that this is some great stuff you're doing HTRegz. I haven't had that kind of amibition since I was in my 20's. I'm getting older, lazier, and I'm convinced my brain is decaying at an extremely rapid rate
    The object of war is not to die for your country but to make the other bastard die for his - George Patton

  2. #12
    Super Moderator
    Know-it-All Master Beaver

    Join Date
    Jan 2003
    Posts
    3,914
    Hey Hey,

    You read them correctly, but look at how many Norton incorrectly identified as malware... instead of as Viruses...

    As far as the problem viruses for us go.. you only have two...
    winmplayer.exe
    system.exe

    While Norton detected both.... it incorrectly identified system.exe as beign Adware instead of being a virus... If you are looking for a combined AV/Malware scanner... then Norton seems to do a pretty decent job... However, a lot of people would see the list and only clean the viruses.... Thus they are getting a false sense of security...

    Since September, I've cleaned... I dunno conservatively... 100+ machines... possibly quite a few more... 40-45 working days... up to 6 computers/shift (it's only part of what I do)... occasionally more.. somtimes only 1 or 2.. I've seen computers with Norton, AVG, eTrust, Panda, Trend Micros PC-Cillin, McAfee, StopSign, Fprot, Sophos and a few others.... none of them have every been 100% effective as AV software... As Tiger Shark said... AV is reactive.. We've ended up relying heavily on Trend Micros System Cleaner... almost like a downloadable house call (however it scans for a rather narrow list of viruses... (maybe I'll include it in my next round of tests... depends on how much drinking I do for Halloween)).

    We've also relied on a simply batch file, pskill and reg.exe... As Soda said... AVs suck at killing active processes... I have a batch file that's sitting at 55kb (I've got about 10kb of information to add to it this weekend)... I've posted it on here before and it's process is rather simple.. It kills the process, removes Read Only, Hidden and System flags and then deletes it... It also deletes Reg Keys related to the various viruses we've found... It's the closest we've found to a decent solution... so much so that there's been talk of adding it to the Startup and Shutdown scripts on the domain..

    We have a rather complete CD that we use for cleaning... I'm going to be modifying it this weekend and setting it up slightly differently.. It's size is around 500MB... so I'll try and find a way to make it available, however my webspace only has 5GB/month and my DSL won't stay up to long with a lot of leeching.... Perhaps I'll make a torrent and post it on here (don't worry.. the CD is completely legal... no pirated software or anything.. hell we use it in a corporate environment).. Anyways... that's my task for tomorrow during the day, so I'll make it available for the weekend somehow... Even if you have to PM me for the details.... I'll also try to post the next section of the excel sheet (in the AV research thread.. with a link here if warranted) sometime early Monday morning.

    Peace
    HT
    IT Blog: .:Computer Defense:.
    PnCHd (Pronounced Pinched): Acronym - Point 'n Click Hacked. As in: "That website was pinched" or "The skiddie pinched my computer because I forgot to patch".

  3. #13
    FYI HTregs...

    StopSign is bogus. If you come across it, remove it. It is agressive, removing competition like adaware and spybot. At least it was a few months ago... eacceleration products are bogus.

    Have you ever ran into wintools? It's like 4 processes, wintools, wintoolss, wintoolsa and something else. I wrote a C# prog to kill the processes at once, and didn't work.

    http://www.giantcompany.com/antispyw...-WinTools.aspx
    Files called wtoolsa.exe, wtoolsb.exe, wtoolss.exe, wsup.exe, and wtoolsb.dll install with an adware program called "WinTools". Wintools installs itself as a service or "legacy service" that runs on system startup. It acts as a search page and home page hijacker. This program may have been intentionally downloaded or it could have stealth installed along with Gain, Gator, or Claria.

    WinTools uses driver level methods to create it process making removal quite difficult. Simply terminating the WinTools processes will in no manner kill the process. Even terminating the entire WinTools processes tree will not allow this making manual removal quite difficult. Once the WinTools process tree is terminated it recreates itself by attaching to any running Windows process. Since it is a low level process the execution of WinTools in most cases bypasses the Windows Shell.

    In addition to the driver level processes WinTools installs a Windows service. However the reason for this service has yet to be identified, as it does not make a connection to the Internet to send data.
    How the hell do you clean this type of malware? Only possible way I've succeeded is safe mode. I don't use AV in normal mode anymore, it's worthless.

  4. #14
    Super Moderator
    Know-it-All Master Beaver

    Join Date
    Jan 2003
    Posts
    3,914
    Originally posted here by Soda_Popinsky
    FYI HTregs...

    StopSign is bogus. If you come across it, remove it. It is agressive, removing competition like adaware and spybot. At least it was a few months ago... eacceleration products are bogus.

    Have you ever ran into wintools? It's like 4 processes, wintools, wintoolss, wintoolsa and something else. I wrote a C# prog to kill the processes at once, and didn't work.

    http://www.giantcompany.com/antispyw...-WinTools.aspx


    How the hell do you clean this type of malware? Only possible way I've succeeded is safe mode. I don't use AV in normal mode anymore, it's worthless.
    Hey Hey

    HTRegz <-- Note the z hah.. anyways...

    StopSign is bogus eh??? That's humerous... I constantly see ads for it.. and know a lot of people that have ordered it... Never really looked into it myself.. I usually remove it, solely because I like to push my preferences on the users ... Can't say that I've seen WinTools yet... However that setup is similar to some software I saw the other day.. I ended up using safe mode.. First time I've booted a computer into safe mode since I started this job... I'd rather clean it by hand than boot safe mode to run a virus scan. I'm very anti safe-mode... I figure it it can't clean it... It'll reboot and clean it.... This may seem like a lot of work, but when your working on multiple machines it's faster to do it this way (it's unattended) then it is to take the 20 second to boot safe mode.. especially when you're running to answer phones in between.. To clean that one machine, I had to boot 15 times before I was actually @ it long enough to get into safe mode...

    The main problem we're running into is that we've got all the Network Aware Adware... that scares me... plugging a machine into the network without ever having browsed anywhere and boom... Popups..

    Anyways,

    Peace
    HT
    IT Blog: .:Computer Defense:.
    PnCHd (Pronounced Pinched): Acronym - Point 'n Click Hacked. As in: "That website was pinched" or "The skiddie pinched my computer because I forgot to patch".

  5. #15
    Banned
    Join Date
    Apr 2004
    Posts
    94

    Re: Is AVG better than Norton?

    I myself have tested AVG 6.0 vs Norton and have ran into a situation (more than once) where AVG has missed viruses that Norton has found

    I dont know whether u r wrong or not and i also saw the links u provided but i myself used Norton Antivirus 2004 and also AVG 6.0 but what i found was that both of them(one at time) were not able to make my box virus-free although my virus definitions were up-to-date so no chance of obselete data. than i went on searching on google.com and i found PANDA ANTIVIRUS PLATINUM SECURITY 8.00( i m sorry i dont remember the link as it was sometime back) and wow, it proved to be a boom to me, it not only removed all the viruses from my PC but also made it faster! and now i can browse any part of the internet without worrying for the viruses!!! it also provides a firewall which is compatible to the Windows XP Service Pack 2 firewall and together they make a fabulous combo!! thats my piece of experience and if u ask me i'll seriously recommend Panda AV!!! dont take me wrong but do tell me if something opposite happened or Norton AV 2004 have now became more efficient and is now able to perform better than others as i'll then get that thing into action.... u dont want to keep a expensive thing u bought just like a piece of junk! do u?

  6. #16
    AO French Antique News Whore
    Join Date
    Aug 2001
    Posts
    2,126
    In my highly personal view, all AV are basically the same for home users. All of them are not accurate at 100% anyway.
    -Simon \"SDK\"

  7. #17
    Some Assembly Required ShagDevil's Avatar
    Join Date
    Nov 2002
    Location
    New Jersey
    Posts
    718
    Ok, I checked over some more stuff and I hate to be anal retentive but, it's about the only thing I'm good at anymore(well, that and drinking)
    While Norton detected both.... it incorrectly identified system.exe as beign Adware instead of being a virus
    Looking again at the Excel spreadsheet (for Norton AV 2004), I noticed this:
    Virus--Bloodhound.W32.EP--C:\Windows\System32\system.exe
    Didn't it correctly identify Bloodhound.W32.EP as being a virus? One thing I did notice however, is that it had a difficult time when it came to cleaning the virus. I couldn't really determine which other AV products were able to clean it besides Trend Micro. I then putzed about to see what the other AV's called system.exe and I wound up realizing just how ridiculously complicated this mess has become. Take a look at this list of System.exe descriptions:

    Sophos -- Virus--(W32/Rbot-Fam)
    eTrust -- Trojan--(MS03-026.Exploit.Trojan)
    ClamWin -- Exploit--(DCOM.Gen)
    AVG -- N/A
    Norton -- Virus--(Bloodhound.W32.EP)
    Trend Micro -- Worm--(WORM_RBOT.ZO)
    Pest Patrol -- Trojan--(TrojanProxy.Win32.Mitglieder.x)

    After this, I went around trying to find definitions of what exactly the difference is between worms, viruses, trojans, adware, spyware, dialers etc etc. I'll tell you honestly, it was nothing short of total frustration. There was some mutual agreement on various websites between the differences of all these terms and characteristics but, at one point or another, they did indeed differ. I mean, just take a look at the names of this virus/trojan/whatever the hell it is. Out of 6 AV's that found it, there's 6 different names to accompany each one. Does anyone else find this utterly ridiculous?

    Anyways, it's Friday. I'm getting the hell out of my house and go kill off some of the weaker brain cells with beer
    The object of war is not to die for your country but to make the other bastard die for his - George Patton

  8. #18
    Super Moderator
    Know-it-All Master Beaver

    Join Date
    Jan 2003
    Posts
    3,914
    Hey Hey,

    Killing the weaker brain cells ... The Cheers theory eh..

    Anyways...my bad.. it was late and I misread.. .... however I have issues with the way norton labels things bloodhound... It gives that name to hundreds of objects...

    I'll hopefully continue my tests at some point this weekend.. and we'll see what kind of results we get..

    I agree about the naming conventions... a standardized virus naming would be very convenient..

    Peace,
    HT
    IT Blog: .:Computer Defense:.
    PnCHd (Pronounced Pinched): Acronym - Point 'n Click Hacked. As in: "That website was pinched" or "The skiddie pinched my computer because I forgot to patch".

  9. #19
    HT- Bloodhound is the heuristic engine that NAV uses. If it has the Bloodhound prefix, it got picked up through it's heuristic signature. IIRC, Norton's bloodhound sigs were successful in detecting netsky or bagle variants... Although I may be thinking of another AV.

  10. #20
    Junior Member
    Join Date
    Oct 2004
    Posts
    27
    I haved used norton internetsecurty all my live adn have never got an infection. Sow i would recumend it to eney one who would want a AV program.
    There is all way\'s one way to fix a computer. Our i think sow at least

    www.americasarmy.com

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •