Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

question about dr web cure it


  • Please log in to reply
10 replies to this topic

#1 binten

binten

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:07:07 AM

Posted 14 September 2009 - 05:09 AM

why is it suggested to disable heuristics? (for complete scan I suppose)
wouldn't it be more effective to enable it?

how does it compare to KAV and NOD?

Edited by binten, 14 September 2009 - 05:10 AM.


BC AdBot (Login to Remove)

 


#2 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,205 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:09:07 AM

Posted 14 September 2009 - 05:16 AM

heuristics scanning looks at behaviour of a certain file, whereas classical scanning compares a file with a bad-file database (to put it in a simple way).

Heuristics are "rules of thumb", educated guesses, intuitive judgments or simply common sense.


To make sure not too many false positives are deleted it is safer to disable heuristics.

From the 3 AVs you mention, in my opinion NOD is best, followed by KAV and Dr. Web. However, if you seek a free program, you can try Avira, which is an excellent AV application.

Edited by elise025, 14 September 2009 - 05:16 AM.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#3 binten

binten
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:07:07 AM

Posted 15 September 2009 - 05:43 AM

sometimes there's no harm in a few false positives.

and also, isn't it worth enabling heuristics so that more correctly identified positives are found or don't get missed?

#4 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,205 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:09:07 AM

Posted 15 September 2009 - 05:48 AM

To put it this way, enabling heuristics may cause stuff you install and need to be classified as 'suspicious' and to be quarantined.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#5 binten

binten
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:07:07 AM

Posted 15 September 2009 - 06:50 AM

ok, but you for example.. if a file on your computer was detected as infected by dr web's heuristic's scan- so it was suspicious and was quarantined- wouldn't you prefer to reinstall the program than to just continue using the program?

#6 Ir0nfIsT

Ir0nfIsT

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:01:07 AM

Posted 15 September 2009 - 06:54 AM

Can be a critical system file and in that case you could end up with a damaged even not functioning OS.In my virut infected pc (virut belongs to the past now) there was a series of such damaged files and Windows were always asking me to insert Windows Cd for repair.I wasn't able to run any win32 application at all.

#7 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,205 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:09:07 AM

Posted 15 September 2009 - 06:57 AM

hinten, as soon as you re-installed the program, it would be detected again (unless you white-list it of course).

Its a choice everyone made for his own. But for example, when I help people here cleaning up their computer, I always turn it off in order to avoid deletion of stuff that should not be deleted.

As said before, if you want to pay for an AV, much better take ESET Nod32 or Kaspersky AV.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#8 binten

binten
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:07:07 AM

Posted 15 September 2009 - 10:28 AM

Elise: So the advise is what you'd do when helping somebody else, but not necessarily what you would do for yourself. I see advise here is good advice, but it's also, whatever works so long as it doesn't confuse people too much. You may to do that for many people. But you know though that sometimes people here are those that don't get so confused, and those people that remove malware themselves go looking for advise too.. and in some instances, the advice they may get from their peers, is not what their peers would do for themselves. Is there a place here for such people. Where advice isn't watered down? e.g. where people that know stuff, can say what they'd do.

Edited by binten, 15 September 2009 - 10:38 AM.


#9 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,205 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:09:07 AM

Posted 15 September 2009 - 10:42 AM

Well, we can be talking about two things here. About PREVENTING infection or about CURE infection.

As malware-helper in training I may advise all kind of tools that I never run on my own PC. The reason is not that I wouldnt risk using them but that I try to keep my PC malware-free by using an Antivirus and a Firewall. In this case, I choose not to enable heuristic scanning because it might delete things I dont want to be deleted. The risk to my computer doesnt change much whether I disable or enable heuristics scanning.

But say I am helping someone and I recommend a scan with Dr. Web (to stick with that example), I will ALWAYS tell them to disable heuristic scanning, because otherwise I am risking to delete things that shouldnt be deleted. Many of the tools we use to clean computers are recognized as bad due to their ability to alter important settings.

those people that remove malware themselves go looking for advise too.. and in some instances, the advise they may get from their peers, is not what their peers would ever do.

True, we go looking for advice, thats how knowledge is shared. And as is normal we check what we learn from eachother. It makes no sense just to blindly copy something without understanding the process.

As for watered down advice, you asked why it is recommended to turn off the heuristics and I tried to explain it....

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#10 binten

binten
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:07:07 AM

Posted 15 September 2009 - 11:42 AM

Elise-"As for watered down advice, you asked why it is recommended to turn off the heuristics and I tried to explain it...."

Don't worry, nobody said your explanation was insufficiently explained. And I never said you gave me any watered down advise either.

You told me why you turn it off. I'm sure that's the reasons why others here do too.

I'm just having a conversation with you on the same level. Neither of us are trying desperately hard to explain things and not getting through. I think we understand each other fine.

Edited by binten, 15 September 2009 - 11:43 AM.


#11 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,205 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:09:07 AM

Posted 15 September 2009 - 11:51 AM

:thumbsup: Sorry, I just misunderstood your last remark.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users