Re: Which Anti Virus to use?

Tech Tip: Click here to run a free scan for Windows Errors and optimize PC performance

On Tue, 27 Dec 2005 15:55:45 -0000, "Shane" wrote:
>"cquirke (MVP Windows shell/user)" wrote
>> On Mon, 26 Dec 2005 00:27:16 -0000, "Shane"

(on MSAS false-positives)

>>>> False positives as in detecting something as being a part of a named
>>>> malware when it was not?

>>>Yes. Detecting various items as being CoolWebSearch. Most notably
>>>detecting MS IE5 Web Accessories as CoolWebSearch components.

>> That's interesting! These IE5 web accessories; are they part of IE5
>> and later, or an add-on? I do hardly any pre-XP NT here, so I never
>> see MSAS running with IE5 as MSAS doesn't run on Win9x and XP starts
>> with IE6 and versions up from there.

>An IE5 add-on that works just as well in IE6 (and iirc - not running it
>right now - IE7). These
>http://www.microsoft.com/windows/ie/previous/webaccess/default.mspx, or
>components thereof.

OK. I usually prefer to disable all browser enhancements, using
Firefox or IE7 beta if I want an integrated search bar.

>> OTOH, my favorite interventional av (AntiVir 6) is definitely prone to

>Really!

>> false positives, such as signature material within other av scanners

Really, that it false-positives, or Really, that I dig AntiVir 6?

I used to think of it (by reputation, untested) as behind Antivir,
which in turn was behind AVG. I was pleasantly surprised to find it's
clean to install, survives scraping over, works from Bart, doesn't run
underfoot (resident) unless you force it to, and detects a lot more
than most things, esp. trojans and fringe commercial malware.

So it's really good as a second or intervention scanner. As AVG 7
cannot be used any other way, I still use that as primary/resident av.

>Quite a while since I tested Bart, too. Looks like the possibilities have
>increased reassuringly - or at least are being exploited more. Must look at
>the plugin situation. Or do you write your own these days?

Yep. The plugin thing is quite easy and powerful, most apps that will
run when scraped over (as opposed to being installed) to a new PC,
will work as plugins, but you need to use RunScanner plugin if you
want the inactive HD registry to be accessed, instead of Bart's.

OTOH, if there's a lot of dropped system .DLLs and CLSID stuff, it can
get very daunting indeed. Dependency Walker helps.

>As for 6.22 I can't be bothered to run it anymore (finally!).

I still have a site on 6.21, I don't think they'll upgrade to 6.22

>Where'd you go in London? btw I just saw the John Nichol docu in which he
>goes up in one of the Lightnings at Thunder City! Far out!

I stayed in a B&B on Vincent Square, which is between Victoria Station
and the river. After Vancouver and Seattle, wich are lovely but
somewhat generic cities, London felt like an OTT "London" theme park,
and when I saw the lovely old B&B (a huge arched and gargoyle'd
ediface that reminded me of Hogwarts) I just grinned from ear to ear!

Thunder City, just outside Cape Town? Yep, they got Lightning, Hunter
and Buccaneer there, and other lovely old birds in CT include Dakotas
(still in use, mostly with turboprop engine refits tho), a Shackleton,
a Ju-52 (!!) and a Bell Iroquoi in 'nam-style paint.

I went to an air show in CT lately, and it was interesting to see how
many military jet aircraft were in fact privately owned and operated.
In addition to the Thunder City crew, there was the Sasol Tigers
flying four Czech Delfins, and outside the show I saw three yellow
Hunters that are run/sponsored by M-Net.



>---------- ----- ---- --- -- - - - -
Don't pay malware vendors - boycott Sony
>---------- ----- ---- --- -- - - - -
.