Has your real-time anti-trojan ever caught anything?

Everyone be nice - especially to me.

Thanks for all of the responses so far.

Rich

 

If you think that I'll throw away my free time just to bash Norton ... you're simply wrong...fact is that it was an updated version which they had paid for.

 

Neither Norton nor any other AV will protect against spyware infestation if a PC-user is not careful in his/her surfing practices. I apologize for a "knee-jerk" reaction but that was my only point, the AV isn't to blame IMHO. One can have an up-to-date KAV with the supersecure {extended+x} bases but that still isn't designed to protect against spyware in realtime. One needs a fully patched IE and O.S., a resident antispyware {such as MSAS, CounterSpy, etc.} and sound surfing habits to stay away from spyware. An AV won't protect from that stuff. An AV is primarily a file scanner, not a memory scanner. This is an instance where one can argue for an AT such as BOClean which is a memory scanner, and more effective against spyware than any file scanner or AV alone. A memory scanner can intercept spyware in realtime whereas, generally, an AV that only scans and monitors the filesystem cannot. I supplement NAV with TH which also has a resident Guard that is a memory scanner. I believe the instance you cited is a good case for running an AT such as BOClean or Ewido in realtime, for added protection, because no AV is designed to protect in realtime against spyware attack -- even though an excellent file scanner such as KAV may detect the spyware, it will be too late to intercept it or clean it in realtime, IMHO. And spyware is notoriously more difficult to clean than 'classic' malware {trojan, virus, worm}; sometimes requiring HJT log analysis by experts to clean; etc. Again, I'm sorry for hurtful reaction but in some instances, I do think a person's habits can be responsible for problems, just as much or more so than any failure of AV or security programs. I do not have all the facts & details but from your description, I suspect NAV had nothing to do with the spyware problems you cited; nor would it have made any difference if a different AV was used. Nor is it appropriate to single out a good product like NSW Premier 2005 {which I run on this box} as defective when it fails to protect against things it really isn't designed to protect against. NAV, like most AVs, is primarily an AntiVirus app and not an AntiTrojan or AntiSpyware app. Granted we seem to want one product to protect against the Kitchen Sink these days but IMHO that is unrealistic. Anyway, my apology for the misunderstanding and the offense ..

 

Hi Randy, I see your point.

yes, those guys I helped out .. they are not the smartest ones regarding Internet Security, hell I bet they click on everything but still .. if I sell a product that doesn't live up the expectations...

..this comes from Symantec website and I didn't felt Norton was protecting them against that.
when a someone wants to create an all in one app .. 99% of the time they loose direction.
grtz.

 

I agree that is deceptive advertising for any AntiVirus because an AV is primarily a file-scanner which monitors the filesystem -- the AV Realtime Monitor {RTM} scans all files copied, moved, touched in any way. But spyware often creeps in through trusted apps such as the browser {IE Browser Helper Objects}, through DLL injection, and other ways that may go undetected in realtime by a file-scanner. I certainly do not trust my AV to protect me against spyware; I run MSAS as my resident AntiSpyware shield. In closing, I don't wish to get O.T. here so I will attach this "ad" from ewido's website to illustrate my point, namely that ewido advertises itself as just such an app to "supplement" traditional AV Scanners; in their case I do think they have a huge database and can be a useful supplement to an AV like NAV. {I have already mentioned TH and BOClean in previous post, as other alternatives}. It does seem that several folks have posted here and mentioned finding things with BOClean and ewido that their AVs missed. And I agree, that is why I run TH resident and have ewido as manual backup {and used to also scan with TDS-3 before it went out-of-business}. Take Care, and Thanks, Sincerely .. Randy

 

No prbs Randy, you're right .. using an av without at is not recommended and the same works the other way around.

well, Ewido has a new customer now in conjunction with Norton Systemworks and together I am positive it makes a hell of a team!

best wishes,
Andy

 

2002

PC-cillin 2002 running resident. BoClean intercepted an attachment in e-mail after it passed through PCC's e-mail scanner as clean. Yes, I did double-click it, and yes, BC killed it.

 

Go to the link and search for Ewido.
you will see sometihng like:
- 40. Ewido version 3.0 - 38.67%

But it is not enough. You need to click on its documentation to read its details in order to get the info.

As a note, it is all to do with detection only. So it has its limitation. But anyway, every test has limitations and limitations alone should not be a reason to ignore a test completely.

It doesn't mean much, but it has some meanings, in which you can possibly make use of.

Orginally I would like to give you this link:
http://www.staff.uiuc.edu/~ehowes/trojans/tr-tests.htm

This is about how well anti-virus and anti-trojan applications perform against well-known Remote Administration Trojans (server-based trojans). Unfortunately the link is broken now.

 

Don't rely on Norton to detect adware & spyware. I have to admit it does poorly. Why not use some freebies like (ad-aware Free, spybot S&D, Microsoft Antispyware) where they do much better jobs on AT/AS than the paid Norton couterparts?

Norton is good at AV/AT only, but not AS.

 

Thank you, that was my whole point to Infinity but I guess my initial approach was bad and blocked communication. Seriously, I like Norton products but agree with you {and was recommending such in my posts}, get a dedicated resident A.S. {MSAS or CounterSpy} for spyware prevention. Also BOClean is very good for intercepting spyware in realtime if people want to add BOC on top of that mix {AV+AS+AT}. And BOC will "catch" other nasties in realtime too. I use a resident NAV + MSAS + TH for my defense. Finally, needless to say but I am active in updates here and admonish everyone to keep your Security Products religiously up-to-date! Now we will get back on-topic before Rich gives us a spanking ..

 

Yes if a scanner has the defs for the spyware it will detect it.
I am wondering if the ad was for the AV only or the suite?
The suite does not only have to be a file scanner it can scan mem as well.

Mcafee's beta suite works well for spam, Nortons does also but KAV's has a ways to go.

There are claims that Boclean won't detect trojans that actualy use encrption during mem use and do not need to be decrypted to work.
I have not seen Kevins thoughts on this as of yet. Anybody for a link to
his rebuttle? After all every program uses RAm to run. can not run without it.
Guess looking for encrypted mem action would not be that hard noiw would it?


controler

 

Where did you hear that? I am not aware of any software that can be executed while still encrypted, nor anything that BOClean has been unable to detect for that reason. Sounds like an urban legend to me.

 

controler,

Forgive the naivete on my part, but precisely do you mean by this?

Blue

 

rich, the only time I have catched a trojan was when I was scanning downloaded files, and that was with KAV. My general sec.sofware is: pg, regdefend, shadowuser, firefox + plugs, portexplorer, snoopfree, spywareblaster, Nod32 (active), KAV (passiv), ewido (passiv), ad-aware (passiv), a2 (passiv), spysweeper (passiv), ZA, Router + hardening some unsecure ports and win services...
If I wasnt so "paranoid", I would say that a router (inbound) + ZA (outbound) + Shadowuser is enough, considering the type of attacks that I have been exposed for and my "lack of common sense" web habits...