Author Topic: Just how good is the BART's virus detection capability?  (Read 22267 times)

0 Members and 1 Guest are viewing this topic.

ctskerry

  • Guest
Just how good is the BART's virus detection capability?
« on: September 22, 2003, 03:10:54 PM »
Used the BART CD to scan a system that NAV was reporting a W32.Spybot.Worm (Worm.P2P.SpyBot.gen [KAV], W32/Spybot-Fam [Sophos], W32/Spybot.worm.gen [McAfee], WORM_SPYBOT.GEN [Trend], Win32.Spybot.gen [CA]) infection on and it didn't detect it.

I'm a little disturbed by this as I've been evaluating the BART CD inhouse of copies of client machine data to see if it's suitable for use in the field by my techs.  While it mostly looks good (although missing several useful utilities in my opinion) if the detection isn't better then NAV, I can't see my organization using it.

Kerry
Computer Troubleshooters

Offline raman

  • Avast Evangelist
  • Advanced Poster
  • ***
  • Posts: 1062
Re:Just how good is the BART's virus detection capability?
« Reply #1 on: September 22, 2003, 03:30:15 PM »
There will allways be Malware AV-Programms did not find. Some missed by NAV will be detected by Avast and vice versa.  If you want a good additional AV-product try KAV!
MfG Ralf

ctskerry

  • Guest
Re:Just how good is the BART's virus detection capability?
« Reply #2 on: September 22, 2003, 04:27:01 PM »
KAV?  I'm not familiar with that product.

Offline raman

  • Avast Evangelist
  • Advanced Poster
  • ***
  • Posts: 1062
Re:Just how good is the BART's virus detection capability?
« Reply #3 on: September 22, 2003, 04:31:22 PM »
It is Kaspersky-Antivirus (www.kaspersky.com) and you mentioned it above by yourself!:)
MfG Ralf

Offline Vlk

  • Avast CEO
  • Serious Graphoman
  • *
  • Posts: 11658
  • Please don't send me IM's. Email only. Thx.
    • ALWIL Software
Re:Just how good is the BART's virus detection capability?
« Reply #4 on: September 22, 2003, 04:32:35 PM »
Anyway, could you send us the sample? It may also be a false positive...
Please send the file to virus@avast.com .

Thanks
Vlk
If at first you don't succeed, then skydiving's not for you.

ctskerry

  • Guest
Re:Just how good is the BART's virus detection capability?
« Reply #5 on: September 22, 2003, 04:40:11 PM »
It is Kaspersky-Antivirus (www.kaspersky.com) and you mentioned it above by yourself!:)

Oh, so I did.  That was text pulled from Symantec's website with the alternate names of the worm.

Offline raman

  • Avast Evangelist
  • Advanced Poster
  • ***
  • Posts: 1062
Re:Just how good is the BART's virus detection capability?
« Reply #6 on: September 22, 2003, 04:45:16 PM »
:) But you should  send the mentioned file to the adress VLK said, You can test the file here also:  http://www.kaspersky.com/remoteviruschk.html

That does not mean,  Avast is not good enough, but  i like that KAV service, because you do not have to install any ActiveX/Java/ or Script to test only one file. :)
« Last Edit: September 22, 2003, 04:48:06 PM by raman »
MfG Ralf

Waldo

  • Guest
Re:Just how good is the BART's virus detection capability?
« Reply #7 on: September 22, 2003, 09:55:01 PM »
Raman is correct > Kaspersky online checker is one of the best !

I'm also sure that ALL avast vendors (authors) agree that the Kaspersky (from Eugine) engine is one of the strongest in the world . There is no need to deny that.

I also believe that the authors of avast (Baudis P) have a very good relation with Kaspersky and Eugine

my 0.2 > Avast (new build) can be compared to Kaspersky.

Waldo  


Offline raman

  • Avast Evangelist
  • Advanced Poster
  • ***
  • Posts: 1062
Re:Just how good is the BART's virus detection capability?
« Reply #8 on: September 22, 2003, 10:03:38 PM »
have a very good relation with Kaspersky and Eugine

There are rumors that Eugene likes czech beer!
And i hope to see some from the Avast guy at Cebit next year! Eugene prommised czech beer! :)
« Last Edit: September 22, 2003, 10:06:49 PM by raman »
MfG Ralf

Waldo

  • Guest
Re:Just how good is the BART's virus detection capability?
« Reply #9 on: September 23, 2003, 11:21:51 PM »
Quote
There are rumors that Eugene likes czech beer!
Quote

Well, I've been in Czech (visited Prague and Pilzen) in August'03 (this year) for 10 days (Holiday) and man, the amounts of beer i drunk over there are hard to imagine !

The beer (food also) costs only a third (1/3) of the prices here in Belgium, and Oh Boy ! it's verry good beer ! Especialy the Urquell Pils !

I drunk atleast every day 4 of 5 liters of great cool beers !

Viva Czech Republic ! lol.  ;D

Next August > I'm gone to the Bohemean Forests (near Pilzen) again !

Waldo
« Last Edit: September 23, 2003, 11:22:47 PM by Waldo »

w0mbat

  • Guest
Re:Just how good is the BART's virus detection capability?
« Reply #10 on: September 25, 2003, 03:36:55 AM »
Hi ctskerry,

I use this product almost daily and would be spending twice as long hacking about without it.

The virus detection has never failed me yet.
Unfortunately getting rid of viruses is not always just a matter of deleting the offending file, but sometimes requires a reg hack which can also be done with BART.

 :D

cheers

w0mbat

pancakegeorge

  • Guest
Re:Just how good is the BART's virus detection capability?
« Reply #11 on: August 06, 2004, 01:42:23 PM »
Hi w0mbat,
I'm looking at the bartcd demo and this (old) thread is interesting. Can you (or anyone else) explain more about:

"The virus detection has never failed me yet.
Unfortunately getting rid of viruses is not always just a matter of deleting the offending file, but sometimes requires a reg hack which can also be done with BART."

Do you mean that you have to use registry hacks or plug-ins to remove detected viruses that the avast scanner cannot (or does not) remove?

If so, is it possible to give a 'guestimate' as to the percentages? That is, in 100 cases of infection, how many cases need extra work beyond running and cleaning with the avast scanner/cleaner?
I understand that every case could be different, but before investing in what is (for me) an expensive license for BARTCD I'm trying to work out how efficient it is.

Or... does the new registry cleaner for BART2 deal with what you were referring to?

Apologies if the questions are stupid, but I'm new to this stuff and am ascending the learning curve from hell.

Thanks.

w0mbat

  • Guest
Re:Just how good is the BART's virus detection capability?
« Reply #12 on: August 07, 2004, 06:08:57 AM »
Hi pancakegeorge,

I to wondered about laying out the $ for BART at first, but it has paid for it's self in the speedof job turnaround.

RE the Reg hack, I was refering to the case that some worms modify the registry. These changes need to be reversed in some cases, and my understanding is that the AV removal is just of the detected files.

There little apps out there (Blaster removal tool) for the complete removal of certain worms, Blaster for instance. As well as remving the files, it also removes the registry keys placed or changed by the worm.
So as far as plugins, I use the added feature in BART2 of "add your own directory" to BART. In this area I place a number of worm removal tools, for specific worms.  I make a note of the worms, delete them with BART and run the specific removal tool for that worm.

The Reg cleaner looks for invalid or orphan registary keys and enables them to be removed. It does not have anything to do with virus removal (my understanding). A clean registry is like a clean desk.  Makes things easier to work with. It will keep wiindows stable too.

As far as 100% detection, I would say it has once so far failed to detect a w32 worm. Not bad for concidering I use BART almost daily. Factors in this can be the level of detection you have it set to. The in-depth can take a long time on large drive, so I may have had the level to low in that case.

Hopefully we can get a spyware detection package into BART as well as a startup manager. This will make life easier to clean infected machines.
I like to clean as much off as I can before having to boot back into windows.


BART is good and getting better.  It's very hard to make 1 package that is all things to all people. Ask for want you want, and it may happen. :)

I would say that if you need to work on WIN2K onward machines on a daily basis, this is for you.

Feel free to ask away :)


w0mbat

Offline Vlk

  • Avast CEO
  • Serious Graphoman
  • *
  • Posts: 11658
  • Please don't send me IM's. Email only. Thx.
    • ALWIL Software
Re:Just how good is the BART's virus detection capability?
« Reply #13 on: August 10, 2004, 06:10:07 PM »
Quote
RE the Reg hack, I was refering to the case that some worms modify the registry. These changes need to be reversed in some cases, and my understanding is that the AV removal is just of the detected files.

Talking about registry changes. Please note that 99% of those 3rp party tools WON'T actually work correctly under BART because they will operate on the BART's (Windows PE) registry instead of the registry of the OS installed on the hard drive. That's the major limitation.

In fact, that's why there are tools like regedit and the Virus Cleaner on the BART CD that do pretty hard work to make use of the on-disk registry files instead. The Virus Cleaner (BART CD version), especially, is quite unique IMHO.

Cheers,
Vlk
If at first you don't succeed, then skydiving's not for you.