Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Anti-virus confusion


  • Please log in to reply
8 replies to this topic

#1 sthacker

sthacker

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Local time:08:00 PM

Posted 01 March 2005 - 12:56 AM

I've read many logs in the 'Log submission' forum. Some have happy endings with a long list of what to do to stay clean. I came to this board and found the whole list pinned. I read it, and since it is very close to what I already read, still don't know the answer. The area of my concern is here:


Use an AntiVirus Software - It is very important that your computer has an anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future.

See this link for a listing of some online & their stand-alone antivirus programs:

Virus, Spyware, and Malware Protection and Removal Resources

I agree wholeheartedly that it is important to have an anti-virus running. I went to the link in the last line expecting to find a heading called "Anti-virus software". I was disappointed! I guess what I need, and expected, was a list of software that is designed to start at boot time and monitor all traffic in and out of the computer. Nowhere did I see Zone Alarm, which I have already been told is a resource hog, and which I have been using for some time thinking it is doing good things. I've never seen symptoms of infection, and Spybot and Ad-Aware find few hits, which I always clean immediately.

I think my problem is that the terminology is beaten around by everyone, and used by each individual as he or she perceives its meaning. I do it myself, not knowing for sure if I'm really talking about a virus, trojan, worm, malware, etc., etc. Same goes for software. What is really meant by Anti-virus software? Is it a scan only program, or long running? Does it detect only viruses (virii?) or other forms of bad stuff.

I've learned a mint of information in the last 36 hours from this site and if there is someone who can point me to a dictionary of hacker terms, I'd be overjoyed.

Regards,
Stan

BC AdBot (Login to Remove)

 


#2 phawgg

phawgg

    Learning Daily


  • Members
  • 4,543 posts
  • OFFLINE
  •  
  • Location:Washington State, USA
  • Local time:05:00 PM

Posted 01 March 2005 - 03:17 AM

While I may be a person who perceives one way (and that may be in conflict with another), I'll risk some pointers.

I agree wholeheartedly that it is important to have an anti-virus running. I went to the link in the last line expecting to find a heading called "Anti-virus software". I was disappointed! I guess what I need, and expected, was a list of software that is designed to start at boot time and monitor all traffic in and out of the computer. Nowhere did I see Zone Alarm, which I have already been told is a resource hog, and which I have been using for some time thinking it is doing good things.


Anti-virus programs are designed to detect virii. (although I would call them viruses).
Here are some programs, and I intentionally include both freeware & shareware:


http://www.kaspersky.com/store?AID=1110836&PID=778434
http://www.symantecstore.com/dr/sat2/ec_Ma...RP=0&CACHE_ID=0
http://store.ca.com/dr/sat3/ec_Main.Entry1...CACHE_ID=179788
http://free.grisoft.com/doc/1
http://www.pandasoftware.com/home/default.asp
http://www.trendmicro.com/en/home/us/enterprise.htm
http://www.bitdefender.com/index.php
http://www.f-secure.com/products/anti-virus/totalsuite/
http://www.sophos.com/
http://www.mcafee.com/us/default.asp

I don't think I've listed them all.
Let's consider those the TopTen.
I think if you can read each front page (all of it, now)
and perhaps use one link each per company's homepage,
you'd know more than I do about anti-virus products.
I could never do that, frankly.

(learn all about the anti-virus SUITES or whatever "they" call them.)

They all fight viruses.
None of them get them all.
The proof is not available, so I guess that's an opinion.

However, it's an opinion I've heard often enough.
It's probably why there exists other products NOT called anti-virus products.
They are called Anti-Spyware products.

They include, again among others (hundreds more listed that I wouldn't
provide a link to because of them being rip-offs, or worse. This link will be helpful in understanding that "opinion".
http://www.spywarewarrior.com/rogue_anti-spyware.htm)

None of these are on the "bad anti-spyware list", at least.
again, if not THE TOP, at least Ten.

http://www.safer-networking.org/en/download/
http://www.lavasoftusa.com/software/adaware/
http://www.webroot.com/products/spysweeper/
http://store.ca.com/dr/sat3/ec_MAIN.Entry1...CACHE_ID=182827
http://www.emsisoft.com/en/software/free/
http://www.microsoft.com/downloads/details...&displaylang=en
http://www.javacoolsoftware.com/
http://www.pctools.com/spyware-doctor/
http://www.veloci.dk/index.asp?visnu=ppdownl.htm
http://www.hitmanpro.nl/

They target MALware (malicious software) that is not necessarily VIRUS.
The stuff they get might be operating in conjunction with a virus,
and quite possibly an anti-virus program will (eventually) add
the definitions of the problems these programs seek to
solve for you to their products, too.

In fact, the division line is somewhat indistinct.
Those more intimately employed in the business of combating the phenomenon
would likely be better equipped to explain it.
I might know better myself, if I could
just read all the information contained
in those twenty web sites.

I've tried & failed.
The information changes daily.

Now, several of the first ten offer online scans.
It helps their business to have big databases,
and nobody can get those databases unless they offer something free.
They need millions of infected victims to provide them data.
Data about "crapware" that changes techniques daily.

http://uk.trendmicro-europe.com/enterprise...call_launch.php
http://www.pandasoftware.com/activescan/
http://www.bitdefender.com/scan/licence.php
http://www.ravantivirus.com/scan/
http://us.mcafee.com/root/mfs/default.asp?cid=9435
http://www3.ca.com/securityadvisor/virusinfo/scan.aspx

Another kind of online virus scan does not scan your PC, it scans file(s) you upload.
Specific files you are suspicious of:
http://virusscan.jotti.org/
http://www.kaspersky.com/scanforvirus
http://www.virustotal.com/flash/index_en.html

also a website strugglin to make sense of it, it appears:
http://www.thefreecountry.com/security/antivirus.shtml

Online scans do not meet the criteria of "resident" or "real-time" protection.
You need a program installed to do that.
There might have been mention of that somewhere
in these web pages that are devoted to this sorta thing.

The only thing I can imagine worse than absolutely no protection,
a PC HELL if I may be so bold to picture,
would be a PC running everything above.

Why?
Well, this is already a long post.
Run all the anti-spyware you want, but take my word for it, please:
Don't run more than one anti-virus program as resident protection.

FIREWALL programs are not either of the above.
They offer to block traffic in & out of your computer,
based on several factors YOU control & those that are fundamental
to the nature of online connectivity and essentially are PRE-CONTROLLED.

Here again, are TEN:
http://www.zonelabs.com/store/content/home.jsp
http://www.digitalriver.com/dr/v2/ec_dynam...PN=10&sid=26412
http://smb.sygate.com/products/spf_pro.htm
http://www.checkpoint.com/products/firewall-1/
http://www.freedom.net/products/firewall/
http://www.msicomputer.com/msiforms/ca.asp
http://www.mcafeesecurity.com/us/about/pre...0126_095236.htm
http://www.pandasoftware.com/products/platinum7/
http://www.kerio.com/kerio.html
http://www.winproxy.com/products/firewall.asp

and what the heck, a couple websites devoted to comparing them:
http://www.firewallguide.com/
http://www.sociedaddigital.org/result.php?...iginal=security

You probably noticed (if you are still with me in this slightly overwhelming, yet small percentage of what's available to us) the line between ANTI-VIRUS & FIREWALL PRODUCTS has blurred.
Maybe because the businesses that sell
firewalls & also anti-virus products haven't made it clear to you (or me) what
is going on...
except that it typically involves an expenditure to determine.

Unless you try free trial period software.

Which brings me back to the point... ONE FIREWALL is enough. Two can lead to problems, unless you know more about configurations than the companies are likey to tell you.

So, perhaps recommending products to people with widely varying software
installations on several different operating system versions is not easy.

Stan, there is no easy answer.
except perhaps by the next post, maybe...

:thumbsup:

Edited by phawgg, 01 March 2005 - 03:44 AM.

patiently patrolling, plenty of persisant pests n' problems ...

#3 Papakid

Papakid

    Guru at being a Newbie


  • Malware Response Team
  • 6,615 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:00 PM

Posted 01 March 2005 - 01:04 PM

Maybe...

Yes, Stan, the terminology associated with PC security is confusing--it's all become blurred together where now we just call any threat that may get on your PC as malware. At least that's what I call it and you're right--the terminology is used differently depending on the indivdual.

One thing I would like to point out right now about your question is that Zone Alarm is not an anti-virus software, altho ZA Pro's Mail Safe does offer a mechanism for preventing viruses (let's not quibble on whether the plural of virus is virii or viruses, OK?) thru email.

It used to be, a couple of years ago, that different types of threats were strictly defined and security software was designed for each type. Now every type of software, with some exceptions, is trying to handle as many types of threats as possible because the market for it has exploded. One reason the market has exploded is becase malware writers themselves have changed what they do. In the old days a virus was just vandalism--basically a prank that coders did just to see what they could do and how to exploit weaknesses in code--mostly operating systems and Windows in particular. Now they have found that they can use this knowledge to make money. Most malicious code that is foisted on the PC now is either for the purpose of forcing you to see advertising or to steal sensitive information that often times leads to identity theft. So virus writers, hackers/crackers and spammers, et al, are comfortable bedfellows and working together more than you would think.

Still, it would be useful to know what the different types of threats are and what software you need to protect yourself from each. Here are the basics, I'll have to leave some out to keep it somewhat simple:

virus/worm--this is what antivirus software was originally designed for.

hacker/cracker--use a firewall to protect against this.

trojan--should probably be in the same category as hacker/cracker, but there is software specifically for removing a trojan once it's on your system.

spyware/hijackers--use an anti-spyware for this or HijackThis under guidance if all other means of removal are unsuccessful.

Most of these threats can be dealt with by using HijackThis wisely. Some of the software is for prevention, some for removal. And now most of the antivirus software attempts to deal with all of these threats. So yes it's very confusing. Most AV's now are attempting, with varying degrees of success, to remove spyware/hijackers and trojans--they will call it blended or extended threats and all manner of other terms.

It's getting to where you can call any of these threats that get on your system a virus. Many of them do the same thing. But let's take two examples of strict definitions and how they have changed.

A virus in the strictest terms is hardly ever seen anymore. That would be code that reproduces itself on one system or network. What is generally dealt with nowadays are worms. Their purpose is to spread to other computers and are now used heavily by spammers and other purposes.

A trojan in the strictest terms is a program that sneaks in with other software or installed by a cracker on systems without a firewall and are controlled by the cracker to take control of your PC. Until very recently, TrojanHunter was designed for detecting and disabling only this type of threat. Now there are bots--programs that have control of a PC but are designed to garner information without human intervention--that are called trojans and TrojanHunter now deals with these.

Hope that and phawgg's comments clears it up some. I agree that there should be a list of AV's in the tutorial you mentioned--I haven't looked at it lately but I was thinking there was a small list of free AV's at the bottom. I'm in a rush right now so don't have time to go thru all of phawgg's links, but here is a short list of free AV's--you can use Google for links and info.

AVG
Avast
Antivir

Edited by Papakid, 01 March 2005 - 01:11 PM.

The thing about people

is they change

when they walk away.--Mipso


#4 sthacker

sthacker
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Local time:08:00 PM

Posted 01 March 2005 - 01:37 PM

Thanks so much to phawgg and Papakid for your replies. I have much to study
now, but you have both made things clearer while making me realize the water is very muddy for more than just me. I'll be studying the posts and links to try to get up with you.

Stan

#5 sthacker

sthacker
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Local time:08:00 PM

Posted 02 March 2005 - 04:58 PM

Somewhere along the way I recall that XP added a firewall, perhaps at SP2 time?
I don't recall why I disabled it and started using Zone Alarm. Prolly someone down at the pool hall said it was better. Anyone have any help on whether I should scrap the resource hog and enable the built-in one?

Regards, Stan

#6 ddeerrff

ddeerrff

    Retired


  • Malware Response Team
  • 2,733 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Upper Midwest, US
  • Local time:08:00 PM

Posted 02 March 2005 - 05:14 PM

Windows XP has always had a built-in firewall, but it was disabled by default. With the installlation of SP2, the firewall was improved and set to be enabled by default.

ZoneAlarm is more configurable and more effective than the firewall built into Windows XP. As far as being a resource hog, I had not heard that (and I don't personally use ZA). Unless it really is slowing things down for you, then I would recommend staying with ZoneAlarm.
Derfram
~~~~~~

#7 phawgg

phawgg

    Learning Daily


  • Members
  • 4,543 posts
  • OFFLINE
  •  
  • Location:Washington State, USA
  • Local time:05:00 PM

Posted 02 March 2005 - 06:40 PM

I agree with ddeerrff.
ZoneAlarm is a good firewall.
It does use system resources, but all of them do.
I personally had some issues with ZA at/around the time SP2 was added.
As time goes online, it was a long time ago, and ZA has no doubt improved.
(I have, too. The ZA manual is excellent, reading it helps a lot to understand)
I have since tried Sygate and I like it. I stress, though, both are free & good to use.

It is better than the built-in XP firewall in the fact it blocks unwanted "traffic" going
from your PC TO the internet as well as FROM the intenet onto your machine.
The XP firewall only blocks "traffic" one way... FROM the internet.

Success in using a firewall basically means ...


Knowing what is going on when you're online.
Blocking some action.
Being alerted to other action(s)
Letting still other activity occur unhindered. :thumbsup:

Edited by phawgg, 02 March 2005 - 06:43 PM.

patiently patrolling, plenty of persisant pests n' problems ...

#8 Papakid

Papakid

    Guru at being a Newbie


  • Malware Response Team
  • 6,615 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:00 PM

Posted 02 March 2005 - 09:02 PM

Hi Stan.

I agree with ddeerrff.
ZoneAlarm is a good firewall.
It does use system resources, but all of them do.

I also agree that ZA is a good firewall. Don't know if it's so much of a resource hog, that depends some on how much resources you have available but most firewalls will slow your PC down some.

I personally had some issues with ZA at around the time SP2 was added.

So did I. I didn't have any problems with it until the software was upgraded, I suppose in order to be compatable with SP2. It wasn't a big problem, but one day when I was going thru my Event Viewer I noticed warnings that the ZA logs were being rewritten from backups everytime I logged on. Then I realized that's why my log ons had slowed down.

Perhaps another update has come along to fix that. But I decided to switch firewalls. My two main candidates were Sygate and Kerio, both free. I like to look at user support forums before I install such software to see if there are any problems. All software has some bugs and sometime upgrades are released too early--and when SP2 came out there was a rush to make sure the software was compatable or at least would be recognized by the Security Center. Sygate and Kerio both seemed to be having some problems, but since Sygate's seemed to be more widespread, I went with Kerio.

Well, I think it was a mistake to switch away from ZA. I've had problems ever since. Should have known. ZA has always had a reputation for being difficult to remove. Many times it is because it is done incorrectly, people aren't shutting it down before uninstalling, but I think it is more than that. I found a few webpages that were only about how to remove ZA completely and correctly over and above a simple uninstall.

Now perhaps it's like this with any firewall. There is a cat and mouse game going on--crackers and trojans are trying to find ways to work around or attack a firewall and and a firewall is trying to hide and protect itself from being disabled by the "enemy". So it digs itself deep into your system. But from what I hear, ZA is the worst about this. Perhaps that is why they aren't very forthcoming about how to remove everything.

So my advice would be keep ZA as long as it isn't causing you any problems. And if it is causing problems, wait for the next upgrade unless the problems are severe.

So, Stan, what anitvirus are you running?

The thing about people

is they change

when they walk away.--Mipso


#9 sthacker

sthacker
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Local time:08:00 PM

Posted 02 March 2005 - 09:52 PM

I'm still speechless at all the fine help I get here. I've still got about a yard of reading to do on papakid's earlier post.

I'm running Norton because it came bundled on my computer, and also I have kind of a soft spot in my heart for the name. About a hunert years ago, Bill Norton wrote some real neat utilities for the PS1 and passed them around free. I can't open the program for some reason, and I tried to get some help. They told me it was too old, and I'd have to upgrade to get service. I had just extended my subscription for $29.95, and digging into their website Ifound that I could have bought Norton 2004 w/1 year of updates for $24.95. They laughed at me and said no refund on subscriptions. Well, 5 bucks won't break me, but the principle still sticks in my craw. I'm just using up some of my subscription money, then I'll probably go back to Grisoft. I used that on my old computer and didn't mind it at all.

I have Zone Alarm firewall, and run SpyBot and Ad-Aware at least weekly. When the beta of the Microsoft Anti-virus came out, my son in Maryland called and said he put it on and it found hundreds of problems and when he deleted all them the speed was much faster. So I downloaded it and it found nothing! I was pretty impressed. Then i had a CD problem and Dell thought is sounded like I had just added some software that caused it. Since it was only a couple of days old, I uninstalled it, and never have tried it again. I looked at lots of entries on the board at Microsoft and saw time after time the experts chiding folks for using a beta release on critical systems. Well, mine is not super critical, but I don't want to get along without it for very long, so I decided to wait for the real release.

I'm really trying to figure out what to put on my daughter's dog if we get it back to happy soon.

Whoops, how long ago was it that this guy said he was speechless.

Later,
Stan (and thanks again to all)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users