Avast WEBforum
Consumer Products => Avast Free Antivirus / Premium Security (legacy Pro Antivirus, Internet Security, Premier) => Topic started by: MDesigner on February 13, 2004, 04:25:30 AM
-
Let me just say that Avast rocks.. and it's FREE.
Here's the deal.. I have three trojan horses in a folder. I didn't test Norton or McAfee, but Panda, NOD32, and Solo ALL missed the viruses entirely, even with a manual scan. Bitdefender's resident auto scan did not pick up a thing, and even let me execute the viruses..but Bitdefender's manual scan did detect all three as viruses.
So I uninstalled Bitdefender, and installed Avast (free edition). I open up the folder with the trojans, and BOOM..right away Avast warns me I have a virus. Unfortunately, it only detected the Win32:Kifer trojan. The other two (I forget what they were exactly) Avast did not consider viruses.. so I put them in the Chest and emailed them in.
Great job.. awesome piece of software, you guys need a gold medal.
-
I agree that Avast! Rocks! and Rocks Good! Let me ask you a question... Did Avast IDENTIFY THE TRojan, or did it give you some "Generic" Translation?
Thanks
Jim
-
The trojan it found was Win32:Kifer apparently.. not sure if that's the real name of it. Let me check.. I'll run it through that RAV online virus checker.
Hmm, RAV says it's Win32/HLLW.Redwa.A. Who knows??
-
Nod32 is not an anti trojan it is a anti virus .
-
Nod32 is not an anti trojan it is a anti virus .
Huh..that's kinda silly. I think antivirus apps should handle trojans/viruses/worms/etc..anything that spreads & infects computers.
-
Huh..that's kinda silly. I think antivirus apps should handle trojans/viruses/worms/etc..anything that spreads & infects computers.
Well, trojans do not spread (this is the main difference between them and viruses) ;D
But you are right that such malware could damage users. avast! is therefore able to handle trojan horses as well - although viruses and worms have much higher priority.
Pavel
-
Nod32 is not an anti trojan it is a anti virus .
ALL the anti-virusses programs these days have more work dealing with worms, backdoors, trojans than with actual "real virusses".
Most of the major dangers come from Worms, trojans, rootkits.
NOD is NO good in dealing with these 3 here above mentioned. Although there updating there signatures amazing fast with trojans, just to cope up with the rest of the AV's.
I NEVER would trust NOD alone on my computer without running an extra dedicated Anti-trojan resident. (like TDS or Trojan hunter, Bo clean, The Cleaner, Pest-Patrol)
NOD offers NO unpacking at all for its on-acess scanner, and support only a few packers on its on-demand engine.
It also has no strong heuristics > only if you run it with "advanced heuristics" wich must be started using a 3rd party file. They won't include it "standard" because it has to deal with to many false alerts (just like Dr. Web).
To Mdesigner : RAV AV is hardly ever wrong. It's one of the best tools around. Just sad it is owned by Microsoft now.
-
what about polymorphic trojans avast can detect it ?
-
what about polymorphic trojans avast can detect it ?
Yes & no...first there are no real polymorphic trojans around, only droppers.
It detects most of the trojans placed on your pc by the dropper (the server).
The problem is that it's possibel to create hundreds or thousands mutations from the orginal server...hard to deal with (detect)...
example : Donald Dick trojan/dropper (from Russia).
See this thread on a reply from IGOR about Avast dealing with it :
http://forum.avast.com/index.php?board=1;action=display;threadid=2103;start=msg14609#msg14609 (http://forum.avast.com/index.php?board=1;action=display;threadid=2103;start=msg14609#msg14609)
-
NOD is NO good in dealing with these 3 here above mentioned.
It also has no strong heuristics > only if you run it with "advanced heuristics" wich must be started using a 3rd party file.
Malarkey! ;)
-
Most of the major dangers come from Worms, trojans, rootkits.
NOD is NO good in dealing with these 3 here above mentioned.
It also has no strong heuristics > only if you run it with "advanced heuristics" wich must be started using a 3rd party file. They won't include it "standard" because it has to deal with to many false alerts (just like Dr. Web).
Really? What about these?
Listed below are a few of the viruses that became wildspread (some entries includes aliases). All of these are detected by NOD32 heuristics, without requiring any update.
Some of these were detected several months before they were released, and even before they were written!
While other antivirus companies had to rush to get an update out before the worm spread too much, NOD32's heuristic analysis engines were detecting and blocking these, without requiring any updates!
News: Win32/Swen.A (alias Win32/Gibe.F or Worm.automat.ahb) has attacked hundreds of thousands of computers worldwide, many of them using up-to-date antivirus software which failed to prevent the infection... Even a month old NOD32 detected the worm with the advanced heuristics engine, without requiring signature updates.
W32/Gibe.E
Win32/Aliz.A
Win32/Aplore.A
Win32/Apost.A
Win32/Auric.A
Win32/Badtrans.13321
Win32/Badtrans.29020.A
Win32/Bagle.A
Win32/Bibrog.E
Win32/Braid.A
Win32/Bugbear.A
Win32/Bugbear.B
Win32/Cervivec.A
Win32/Choke.A
Win32/ExploreZip.J
Win32/FBound.C
Win32/Frantes.A
Win32/Frethem.F
Win32/Frethem.K
Win32/Frethem.K
Win32/Frethem.L
Win32/Ganda.A
Win32/Gant.B
Win32/Gibe.A
Win32/Gokar.A
Win32/Goner.A
Win32/HLLW.GOP.196_3
Win32/Hai.A
Win32/Hawawi.A
Win32/Holar.H
Win32/Kazaa.Benjamin
Win32/Kitro.C
Win32/Kitro.D
Win32/Klez.A
Win32/Klez.B
Win32/Klez.C
Win32/Klez.D
Win32/Klez.E
Win32/Klez.H
Win32/Klez.J
Win32/Lioten.A
Win32/Lirva.A
Win32/Lirva.C
Win32/Lovgate.A
Win32/Lovgate.C
Win32/Lovgate.G
Win32/Lovgate.H
Win32/Lovgate.I
Win32/Lovgate.J
Win32/Lovgate.K
Win32/MSInit.B
Win32/Maldal.C
Win32/Maldal.G
Win32/Melare.A
Win32/Mylife.A
Win32/Mylife.B
Win32/Mylife.F
Win32/Mylife.G
Win32/Mylife.J
Win32/Myparty.A
Win32/Navidad
Win32/Nebiwo.B
Win32/Nebiwo.C
Win32/Newbiero.54
Win32/Nicehello.A
Win32/Nimda.A
Win32/Opaserv.A
Win32/Opaserv.B
Win32/Opaserv.C
Win32/Opaserv.D
Win32/Opaserv.E
Win32/Opaserv.F
Win32/Opaserv.G
Win32/Opaserv.J
Win32/Opaserv.M
Win32/Opaserv.N
Win32/Opaserv.O
Win32/Opaserv.R
Win32/Opaserv.U
Win32/Opaserv.Y
Win32/PrettyPark
Win32/Prolin.A
Win32/Roron.41
Win32/Roron.50
Win32/Sircam.A
Win32/Sobig.B
Win32/Sobig.C
Win32/Sobig.D
Win32/Sobig.E
Win32/Stator.62464
Win32/Surnova.A
Win32/Surnova.D
Win32/Swen.A
Win32/Yaha.A
Win32/Yaha.B
Win32/Yaha.D
Win32/Yaha.E
Win32/Yaha.F
Win32/Yaha.M
Win32/Yaha.N
Win32/Yaha.O
Win32/Yaha.V
Win32/Yaha.W
Win32/Yaha.X
Win32/Zoek.D
Win32/Zoher.A
Worm.automat.ahb
What are heuristics?
An antivirus program with heuristic capabilities will be able to detect variants of known viruses, and even brand new unknown viruses without requiring updates. There is no program that can detect all future worms and viruses without updates, but detecting unknown viruses can make a BIG difference.
What is the Advanced Heuristics in NOD32?
NOD32 version 2 features a new advanced heuristic engine that is enabled in IMON as default. That means that all incoming mail from POP3 servers will get scanned with an extra layer of protection. The Advanced Heuristics has a high level of detection for new unknown viruses.
-
Malarkey! ;)
I have no idea what this means ? ??? ;D
Please explain, I'm Dutch.
-
Malarkey! ;)
I have no idea what this means ? ??? ;D
Please explain, I'm Dutch.
;)
Loose translation: "Nonsense!"
-
Btw Jim :
I Know that "advanced heuristics" are good. Maybe the best around.
No need to convince me. I never stated otherwise.
But I'am correct when i say that NOD has sad unpacking capabilities. But this is not a problem for most users, because that makes it so fast.
Why wouldn't they include Advanced H. standard, or with just a simply press of a button to activate ? Afraid of the extra support that comes with it ? Afraid of losing some VB awards when having false positives ? Dunno...but seems weird to me.
They did include ADH in there pop3 scanner why ? Because most dangers come from mail worms. Good move.
But they didn't include it in the on-demand or on-acess file scanner...Why ? they know that VB doesn't test mail providers, so theyb will never include it in the on-demand because there afraid of the false positives.
ps: I feel no need to discuss NOD further, this is getting off-topic here. It doesn't add anything to the orginal post. I'm sure you agree Jim.
These are just my personal opinions.
Waldo
-
I Know that "advanced heuristics" are good. Maybe the best around.
No need to convince me. I never stated otherwise.
Hmm. Ok, whatever you say! ;)
Why wouldn't they include Advanced H. standard, or with just a simply press of a button to activate ? Afraid of the extra support that comes with it ? Afraid of losing some VB awards when having false positives ? Dunno...but seems weird to me.
Big speed issue, I'm sure. And yes, fp's would be a major concern also. Especially in a networked environment--most admins (me included) don't want to deal with fp's, because they can cause headaches when you manage 100's of computers. ;)
No offense, Waldo--Avast! is a great AV--but facts are facts.
;D
-
Nice to see that within minutes this thread is all over Wilders, lol ;D
Haha. Well, it's getting late here,
Thanks for the nice discussion JimNT.
Kind regards,
Waldo
Btw: AVAST is indeed great, but NOD is not bad either ;) that are the facts.
-
Hi JimIT,
welcome back ;)
Really? What about these?
Listed below are a few of the viruses that became wildspread (some entries includes aliases). All of these are detected by NOD32 heuristics, without requiring any update.
Some of these were detected several months before they were released, and even before they were written!
...
Win32/Klez.H
...
But you are defeinitely wrong here ;D ;D
Seriously - I did not test the NOD heuristics and I believe it works pretty well. But the fact is: Klez.H was created and was ItW much before this new NOD heuristics exists, so it can't be detected in advance ;D ;D
Did not check the other viruses (actually I don't care) but this one makes me smile ;D ;D !
Well, there are different methods, heuristics is one of them, generic family detection is successful another one.
BTW: Yesterday I've got an offer to buy a patented method which will work against viruses for more than 1000 years with the 99,5% success :D. Really! So the virus problem is definitely solved :D (not by us but maybe some other AV company will get the patent!)
Pavel ;)
-
Hi JimIT,
welcome back ;)
Really? What about these?
Listed below are a few of the viruses that became wildspread (some entries includes aliases). All of these are detected by NOD32 heuristics, without requiring any update.
Some of these were detected several months before they were released, and even before they were written!
...
Win32/Klez.H
...
But you are defeinitely wrong here ;D ;D
Seriously - I did not test the NOD heuristics and I believe it works pretty well. But the fact is: Klez.H was created and was ItW much before this new NOD heuristics exists, so it can't be detected in advance ;D ;D
You're right, Pavel ;) Not all were detected in advance (as mentioned)--just that AH could--in fact--detect Klez without having a signature. ;)
Just wanted to impart a little more information than what Waldo had mentioned.
Well, there are different methods, heuristics is one of them, generic family detection is successful another one.
Very true! And I'm not trying to run down Avast! Avast! is a fine AV! ;) Kudos to Alwil for a great product!
BTW: Yesterday I've got an offer to buy a patented method which will work against viruses for more than 1000 years with the 99,5% success :D. Really! So the virus problem is definitely solved :D (not by us but maybe some other AV company will get the patent!)
Pavel ;)
ROFL! Buy the patent!! You'll be a zillionaire!! ;D ;D