Author Topic: Umm... Avast rocks in a serious way  (Read 11011 times)

0 Members and 1 Guest are viewing this topic.

Offline MDesigner

  • Newbie
  • *
  • Posts: 5
Umm... Avast rocks in a serious way
« on: February 13, 2004, 04:25:30 AM »
Let me just say that Avast rocks.. and it's FREE.

Here's the deal.. I have three trojan horses in a folder.  I didn't test Norton or McAfee, but Panda, NOD32, and Solo ALL missed the viruses entirely, even with a manual scan.  Bitdefender's resident auto scan did not pick up a thing, and even let me execute the viruses..but Bitdefender's manual scan did detect all three as viruses.

So I uninstalled Bitdefender, and installed Avast (free edition).  I open up the folder with the trojans, and BOOM..right away Avast warns me I have a virus.  Unfortunately, it only detected the Win32:Kifer trojan.  The other two (I forget what they were exactly) Avast did not consider viruses.. so I put them in the Chest and emailed them in.

Great job.. awesome piece of software, you guys need a gold medal.

Offline Straight Shooter

  • Jr. Member
  • **
  • Posts: 25
  • Who Loves Ya Baby?
Re:Umm... Avast rocks in a serious way
« Reply #1 on: February 13, 2004, 05:39:09 AM »
I agree that Avast! Rocks! and Rocks Good!  Let me ask you a question... Did Avast IDENTIFY THE TRojan, or did it give you some "Generic" Translation?  

Thanks
Jim
Every little breeze, seems to whisper Louise...

Offline MDesigner

  • Newbie
  • *
  • Posts: 5
Re:Umm... Avast rocks in a serious way
« Reply #2 on: February 13, 2004, 05:56:27 AM »
The trojan it found was Win32:Kifer apparently.. not sure if that's the real name of it.  Let me check.. I'll run it through that RAV online virus checker.

Hmm, RAV says it's Win32/HLLW.Redwa.A.  Who knows??

Offline sandra_84

  • Newbie
  • *
  • Posts: 6
Re:Umm... Avast rocks in a serious way
« Reply #3 on: February 13, 2004, 06:16:18 PM »
Nod32   is   not   an    anti  trojan   it    is    a    anti  virus  .  

Offline MDesigner

  • Newbie
  • *
  • Posts: 5
Re:Umm... Avast rocks in a serious way
« Reply #4 on: February 13, 2004, 06:43:54 PM »
Nod32   is   not   an    anti  trojan   it    is    a    anti  virus  .  

Huh..that's kinda silly.  I think antivirus apps should handle trojans/viruses/worms/etc..anything that spreads & infects computers.

Offline Pavel

  • Massive Poster
  • ****
  • Posts: 4305
  • Nostalgia isn't what it used to be...
    • ALWIL Software
Re:Umm... Avast rocks in a serious way
« Reply #5 on: February 13, 2004, 06:55:38 PM »
Huh..that's kinda silly.  I think antivirus apps should handle trojans/viruses/worms/etc..anything that spreads & infects computers.

Well, trojans do not spread (this is the main difference between them and viruses)  ;D

But you are right that such malware could damage users. avast! is therefore able to handle trojan horses as well - although viruses and worms have much higher priority.

Pavel
All of us could take a lesson from the weather. It pays no attention to criticism.

Offline Waldo

  • Sr. Member
  • ****
  • Posts: 397
  • Avast does the ownage
Re:Umm... Avast rocks in a serious way
« Reply #6 on: February 13, 2004, 07:08:25 PM »
Nod32   is   not   an    anti  trojan   it    is    a    anti  virus  .  

ALL the anti-virusses programs these days have more work dealing with worms, backdoors, trojans than with actual "real virusses".

Most of  the major dangers come from Worms, trojans, rootkits.

NOD is NO good in dealing with these 3 here above mentioned. Although there updating there signatures amazing fast with trojans, just to cope up with the rest of the AV's.

I NEVER would trust NOD alone on my computer without running an extra dedicated Anti-trojan resident. (like TDS or Trojan hunter, Bo clean, The Cleaner, Pest-Patrol)

NOD offers NO unpacking at all for its on-acess scanner, and support only a few packers on its on-demand engine.

It also has no strong heuristics > only if you run it with "advanced heuristics" wich must be started using a 3rd party file. They won't include it "standard" because it has to deal with to many false alerts (just like Dr. Web).

To Mdesigner : RAV AV is hardly ever wrong.  It's one of the best tools around. Just sad it is owned by Microsoft now.
**Guns are for show, knifes for a pro**

Offline sandra_84

  • Newbie
  • *
  • Posts: 6
Re:Umm... Avast rocks in a serious way
« Reply #7 on: February 13, 2004, 08:02:05 PM »
what    about   polymorphic   trojans   avast  can  detect  it  ?

Offline Waldo

  • Sr. Member
  • ****
  • Posts: 397
  • Avast does the ownage
Re:Umm... Avast rocks in a serious way
« Reply #8 on: February 13, 2004, 08:45:28 PM »
what    about   polymorphic   trojans   avast  can  detect  it  ?

Yes & no...first there are no real polymorphic trojans around, only droppers.

It detects most of the trojans placed on your pc by the dropper (the server).

The problem is that it's possibel to create hundreds or thousands mutations from the orginal server...hard to deal with (detect)...

example : Donald Dick trojan/dropper (from Russia).

See this thread on a reply from IGOR about Avast dealing with it :

http://forum.avast.com/index.php?board=1;action=display;threadid=2103;start=msg14609#msg14609

« Last Edit: February 13, 2004, 08:55:23 PM by Waldo »
**Guns are for show, knifes for a pro**

Offline JimIT

  • Jr. Member
  • **
  • Posts: 37
    • Gremiss Computing Services
Re:Umm... Avast rocks in a serious way
« Reply #9 on: February 13, 2004, 09:09:58 PM »
NOD is NO good in dealing with these 3 here above mentioned.

It also has no strong heuristics > only if you run it with "advanced heuristics" wich must be started using a 3rd party file.

Malarkey!   ;)
« Last Edit: February 13, 2004, 09:11:04 PM by JimIT »
avast! Reseller
United States

Offline JimIT

  • Jr. Member
  • **
  • Posts: 37
    • Gremiss Computing Services
Re:Umm... Avast rocks in a serious way
« Reply #10 on: February 13, 2004, 09:19:24 PM »


Most of  the major dangers come from Worms, trojans, rootkits.

NOD is NO good in dealing with these 3 here above mentioned.

It also has no strong heuristics > only if you run it with "advanced heuristics" wich must be started using a 3rd party file. They won't include it "standard" because it has to deal with to many false alerts (just like Dr. Web).

Really?  What about these?

Listed below are a few of the viruses that became wildspread (some entries includes aliases). All of these are detected by NOD32 heuristics, without requiring any update.
Some of these were detected several months before they were released, and even before they were written!
While other antivirus companies had to rush to get an update out before the worm spread too much, NOD32's heuristic analysis engines were detecting and blocking these, without requiring any updates!

News: Win32/Swen.A (alias Win32/Gibe.F or Worm.automat.ahb) has attacked hundreds of thousands of computers worldwide, many of them using up-to-date antivirus software which failed to prevent the infection... Even a month old NOD32 detected the worm with the advanced heuristics engine, without requiring signature updates.

W32/Gibe.E
Win32/Aliz.A
Win32/Aplore.A
Win32/Apost.A
Win32/Auric.A
Win32/Badtrans.13321
Win32/Badtrans.29020.A
Win32/Bagle.A
Win32/Bibrog.E
Win32/Braid.A
Win32/Bugbear.A
Win32/Bugbear.B
Win32/Cervivec.A
Win32/Choke.A
Win32/ExploreZip.J
Win32/FBound.C
Win32/Frantes.A
Win32/Frethem.F
Win32/Frethem.K
Win32/Frethem.K
Win32/Frethem.L
Win32/Ganda.A
Win32/Gant.B
Win32/Gibe.A
Win32/Gokar.A
Win32/Goner.A
Win32/HLLW.GOP.196_3
Win32/Hai.A
 Win32/Hawawi.A
Win32/Holar.H
Win32/Kazaa.Benjamin
Win32/Kitro.C
Win32/Kitro.D
Win32/Klez.A
Win32/Klez.B
Win32/Klez.C
Win32/Klez.D
Win32/Klez.E
Win32/Klez.H
Win32/Klez.J
Win32/Lioten.A
Win32/Lirva.A
Win32/Lirva.C
Win32/Lovgate.A
Win32/Lovgate.C
Win32/Lovgate.G
Win32/Lovgate.H
Win32/Lovgate.I
Win32/Lovgate.J
Win32/Lovgate.K
Win32/MSInit.B
Win32/Maldal.C
Win32/Maldal.G
Win32/Melare.A
Win32/Mylife.A
Win32/Mylife.B
 Win32/Mylife.F
Win32/Mylife.G
Win32/Mylife.J
Win32/Myparty.A
Win32/Navidad
Win32/Nebiwo.B
Win32/Nebiwo.C
Win32/Newbiero.54
Win32/Nicehello.A
Win32/Nimda.A
Win32/Opaserv.A
Win32/Opaserv.B
Win32/Opaserv.C
Win32/Opaserv.D
Win32/Opaserv.E
Win32/Opaserv.F
Win32/Opaserv.G
Win32/Opaserv.J
Win32/Opaserv.M
Win32/Opaserv.N
Win32/Opaserv.O
Win32/Opaserv.R
Win32/Opaserv.U
Win32/Opaserv.Y
Win32/PrettyPark
Win32/Prolin.A
Win32/Roron.41
Win32/Roron.50
 Win32/Sircam.A
Win32/Sobig.B
Win32/Sobig.C
Win32/Sobig.D
Win32/Sobig.E
Win32/Stator.62464
Win32/Surnova.A
Win32/Surnova.D
Win32/Swen.A
Win32/Yaha.A
Win32/Yaha.B
Win32/Yaha.D
Win32/Yaha.E
Win32/Yaha.F
Win32/Yaha.M
Win32/Yaha.N
Win32/Yaha.O
Win32/Yaha.V
Win32/Yaha.W
Win32/Yaha.X
Win32/Zoek.D
Win32/Zoher.A
Worm.automat.ahb
 


What are heuristics?

An antivirus program with heuristic capabilities will be able to detect variants of known viruses, and even brand new unknown viruses without requiring updates. There is no program that can detect all future worms and viruses without updates, but detecting unknown viruses can make a BIG difference.

What is the Advanced Heuristics in NOD32?

NOD32 version 2 features a new advanced heuristic engine that is enabled in IMON as default. That means that all incoming mail from POP3 servers will get scanned with an extra layer of protection. The Advanced Heuristics has a high level of detection for new unknown viruses.
avast! Reseller
United States

Offline Waldo

  • Sr. Member
  • ****
  • Posts: 397
  • Avast does the ownage
Re:Umm... Avast rocks in a serious way
« Reply #11 on: February 13, 2004, 09:21:55 PM »

Malarkey!   ;)

I have no idea what this means ?  ???  ;D

Please explain, I'm Dutch.

**Guns are for show, knifes for a pro**

Offline JimIT

  • Jr. Member
  • **
  • Posts: 37
    • Gremiss Computing Services
Re:Umm... Avast rocks in a serious way
« Reply #12 on: February 13, 2004, 09:25:38 PM »

Malarkey!   ;)

I have no idea what this means ?  ???  ;D

Please explain, I'm Dutch.

;)

Loose translation:  "Nonsense!"
avast! Reseller
United States

Offline Waldo

  • Sr. Member
  • ****
  • Posts: 397
  • Avast does the ownage
Re:Umm... Avast rocks in a serious way
« Reply #13 on: February 13, 2004, 09:26:55 PM »
Btw Jim :

I Know that "advanced heuristics" are good. Maybe the best around.

No need to convince me. I never stated otherwise.

But I'am correct when i say that NOD has sad unpacking capabilities. But this is not a problem for most users, because that makes it so fast.

Why wouldn't they include Advanced H. standard, or with just a simply press of a button to activate ? Afraid of the extra support that comes with it ? Afraid of losing some VB awards when having false positives ? Dunno...but seems weird to me.

They did include ADH in there pop3 scanner why ? Because most dangers come from mail worms. Good move.

But they didn't include it in the on-demand or on-acess file scanner...Why ? they know that VB doesn't test mail providers, so theyb will never include it in the on-demand because there afraid of the false positives.

ps: I feel no need to discuss NOD further, this is getting off-topic here. It doesn't add anything to the orginal post. I'm sure you agree Jim.

These are just my personal opinions.

Waldo

« Last Edit: February 13, 2004, 09:33:13 PM by Waldo »
**Guns are for show, knifes for a pro**

Offline JimIT

  • Jr. Member
  • **
  • Posts: 37
    • Gremiss Computing Services
Re:Umm... Avast rocks in a serious way
« Reply #14 on: February 13, 2004, 09:33:36 PM »
I Know that "advanced heuristics" are good. Maybe the best around.

No need to convince me. I never stated otherwise.

Hmm.  Ok, whatever you say!  ;)
Quote

Why wouldn't they include Advanced H. standard, or with just a simply press of a button to activate ? Afraid of the extra support that comes with it ? Afraid of losing some VB awards when having false positives ? Dunno...but seems weird to me.

Big speed issue, I'm sure.  And yes, fp's would be a major concern also.  Especially in a networked environment--most admins (me included) don't want to deal with fp's, because they can cause headaches when you manage 100's of computers.  ;)

No offense, Waldo--Avast! is a great AV--but facts are facts.

 ;D


Quote
avast! Reseller
United States