EXETOOLS FORUM  

Go Back   EXETOOLS FORUM > General > General Discussion

Notices

Closed Thread
 
Thread Tools Display Modes
  #46  
Old 05-02-2010, 04:40
bigboss-62's Avatar
bigboss-62 bigboss-62 is offline
Family
 
Join Date: May 2010
Posts: 63
Rept. Given: 7
Rept. Rcvd 34 Times in 16 Posts
Thanks Given: 28
Thanks Rcvd at 22 Times in 8 Posts
bigboss-62 Reputation: 34
Personaly, i use Kaspersky Internet Security (good engine, and not very slowing down computer, in difference of Norton).
At my job, we're using BitDefender Internet Security 2010 (many slow down and numerous false positives).
  #47  
Old 05-03-2010, 21:47
val2032 val2032 is offline
Friend
 
Join Date: Apr 2010
Posts: 29
Rept. Given: 26
Rept. Rcvd 1 Time in 1 Post
Thanks Given: 43
Thanks Rcvd at 8 Times in 4 Posts
val2032 Reputation: 1
Kaspersky Internet Security 2010. On linux mailserver and my personal computer. It Works fine but uses resources...
  #48  
Old 05-04-2010, 10:59
copyleft copyleft is offline
VIP
 
Join Date: Apr 2010
Posts: 154
Rept. Given: 167
Rept. Rcvd 43 Times in 39 Posts
Thanks Given: 70
Thanks Rcvd at 28 Times in 12 Posts
copyleft Reputation: 43
I used to use Kaspersky for several years and am using McAfee now, both great.

NOD32, SYMANTEC tested and bring about too many problems with my crack/reverse tools.

even you need to disable McAfee and maybe other Anti-viruses when unpacking an enveloped/packed file to avoid deleting of dumped file.
  #49  
Old 05-05-2010, 13:02
duseng duseng is offline
Friend
 
Join Date: Feb 2004
Posts: 119
Rept. Given: 9
Rept. Rcvd 0 Times in 0 Posts
Thanks Given: 0
Thanks Rcvd at 0 Times in 0 Posts
duseng Reputation: 0
for me modern threat come from different direction nowadays,there is roque(fake antivirus,antimalware,firewall),trojan,virus,worm,keylogger,etc.
For antivirus i prefer multi-engine antivirus(gdata,etc),for single engine i prefer avira/kaspersky,anti malware i prefer antimalware byte and pctools antispyware,for trojan i pick anti malwarebyte,i always check for every year if the performance of this following setup would be still top notch because AFAIK brand doesn't always tells quality over years,there is always be performance degradation over several months/years and i always check for performance on forum(http://www.wilderssecurity.com/) or any independent review site which right now there is so many review site that are clouded by vendor money offer.Forgot to mention i also doing internal self test of any product that i interested to use using VM(virtual machine),folder,registry side by side comparing(clean vs infected) just to double make sure that the independent forum/review site are really independent ,most of the reviewer on youtube are to be honest quiet amateur,mostly they just comparing live sample (-2 weeks/0day),reviewer forgot to add the aftermath of virus cleaning effect(system files,registry,files) by the product.

Now i run :
Windows 7 64 Bit
Avira Pro 32 bit (realtime)
AntiMalwarebyte (on demand)
PCTools antispyware(on demand)
Prevx(realtime)
Hitman(on demand)
Outpost Firewall pro(realtime)

Why?it's from my own internal research .
  #50  
Old 05-10-2010, 02:20
zakhammer
 
Posts: n/a
Back in the days I was using norton antivirus...a looong time ago, and then I moved to Kaspersky, then NOD32...now I don't use any anti-virus, I switched to sandboxie + virtual machines + opendns filter, an updated host file from mvps and a router firewall.
When I get myself familiar with virtual machines I never looked back to my main computer cuz I have the best security bundle :envy me:.
  #51  
Old 05-12-2010, 00:36
Cyko
 
Posts: n/a
I'd use Nod32, alongside MBAM for malware.

Aside from that if I detect suspicous activity which Nod nor MBAM can detect I manually remove the malware, using various tools such as ComboFix, gmer, HijackThis (now outdated) etc...
  #52  
Old 05-12-2010, 03:08
nuemga2000 nuemga2000 is offline
Friend
 
Join Date: Jan 2002
Posts: 50
Rept. Given: 1
Rept. Rcvd 2 Times in 2 Posts
Thanks Given: 0
Thanks Rcvd at 1 Time in 1 Post
nuemga2000 Reputation: 2
The latest beta of Kaspersky Internet Security 2011 looks quite promising
  #53  
Old 06-03-2010, 00:17
goku goku is offline
The K@oz
 
Join Date: Feb 2009
Posts: 120
Rept. Given: 29
Rept. Rcvd 34 Times in 15 Posts
Thanks Given: 9
Thanks Rcvd at 2 Times in 1 Post
goku Reputation: 34
the best antivirus it its Microsoft securyty essentials good
  #54  
Old 06-06-2010, 02:19
ollydbg
 
Posts: n/a
I never use any AV. They disturb me.
  #55  
Old 06-06-2010, 03:32
zeuscane's Avatar
zeuscane zeuscane is offline
VIP
 
Join Date: Jun 2010
Location: In the world and sometimes on the moon
Posts: 240
Rept. Given: 619
Rept. Rcvd 154 Times in 63 Posts
Thanks Given: 329
Thanks Rcvd at 103 Times in 41 Posts
zeuscane Reputation: 100-199 zeuscane Reputation: 100-199
I use NOD32 as antivirus without problems and I use free spybot for spyware and similar threats.

zeuscane
  #56  
Old 06-07-2010, 02:25
bukkake's Avatar
bukkake bukkake is offline
VIP
 
Join Date: Aug 2004
Location: /usr/home
Posts: 127
Rept. Given: 2
Rept. Rcvd 14 Times in 3 Posts
Thanks Given: 0
Thanks Rcvd at 2 Times in 1 Post
bukkake Reputation: 14
I used Avira until today, when I found a file named "~TEMP.exe" running.
Scanning it with Avira didn't find anything.
I scanned it online, only Kaspersky and F-Secure were able to detect it as a trojan.
Here is the report if anyone is interested: http://tinyurl.com/25zc85z
__________________
"The road of excess leads to the palace of wisdom" -- William Blake
  #57  
Old 06-18-2010, 09:33
zemo zemo is offline
Friend
 
Join Date: Jan 2009
Posts: 93
Rept. Given: 37
Rept. Rcvd 18 Times in 8 Posts
Thanks Given: 4
Thanks Rcvd at 1 Time in 1 Post
zemo Reputation: 18
for long time I have used Kaspersky and Nod32..
but these "commercial" antivirus fails to detect and defeat some virus that I tested...
(some malware trojan banks in my country, I receive a lot (spam) emails with this kind of s..hit , really very bad.)
and the only that allways alert me (or in the bad situations, have a "fast" vacine submit with vacine update in 24h) was AVIRA... and I'm talking about "free version".

today I use AVIRA (free) version + sandboxie control (a very usefull "utility") + Online Armor (free).

If I in doubt with a file (and avira doesn't alert me), I run the suspect file under a sandbox using sandboxie control and If nothing estrange happens the file is "probably" clean..

the Online Armor (free) firewall, comes as a natural enforcement because I don't trust in windows firewall that is to basic, and doesn't have control over process communication (and online armor has this..)

Last edited by zemo; 06-18-2010 at 09:47.
  #58  
Old 06-30-2010, 21:07
redbull redbull is offline
Friend
 
Join Date: Mar 2004
Posts: 160
Rept. Given: 17
Rept. Rcvd 5 Times in 4 Posts
Thanks Given: 3
Thanks Rcvd at 0 Times in 0 Posts
redbull Reputation: 5
They are all rubbish. I wrote a very simple heuristics goat file which is part of my test suite.

This goat file performs the following operations
1. GOAT Stub: Seek Kernel32.dll in memory
2. GOAT Stub: Locate GetProcAddress()
3. GOAT Stub: User GetProcAddress to get address for GlobalAlloc()
4. GOAT Stub: Allocates a buffer using GlobalAlloc() and copies decryptor and rest of goat file to new location
5. Jmp to new buffer
6. GOAT Encrypted Body: Execute decryptor (simple xor byte ptr[] routine to allow AV xraying)
7. GOAT Encrypted Body: Load all apis from a structure into a structure (copied from a real virus) using GetProcAddress()
8. GOAT Encrypted Body: Fetch all system paths (eg system32 and windows and mydocs etc)
9. GOAT Encrypted Body: Find all "*.exe" in the current folder
10. GOAT Encrypted Body: no payload... just beeps each time a file is found.
11. GOAT Encrypted Body: return control to parent process.
12. GOAT Encrypted Body: Embedded in the code are funny strings like "*.com" "*.scr" "*.dll" suspicious API names (MapViewOfFile etc)

Ok so my first generation goat file (which only XOR's with a zero key) [ie no decryption] is flagged as funny by a few av vendors. (about 45% of virustotal.com).

My second generation goat file which xors with a static byte of 0xCD shows f*ck all warnings in all AV's EXCEPT VBA.

I am very dissapointed with the trace scanning capabilities of current AV products as my code is suspicious and performing naughty things.

I have not tested runtime behavior analysis of Sophos and Symantec. However runtime analysis by AVIRA and AVG failed on its a$$

All AV products suck with heuristics and unknown virus emulation
  #59  
Old 07-01-2010, 02:42
SiNTAX SiNTAX is offline
Friend
 
Join Date: Sep 2002
Posts: 22
Rept. Given: 2
Rept. Rcvd 0 Times in 0 Posts
Thanks Given: 0
Thanks Rcvd at 0 Times in 0 Posts
SiNTAX Reputation: 0
None... easy enough to sniff out virus ridden files... ie. if it sounds too good to be true, it usually is... then again.. hard to resist a file named IDA Advanced V10232.12 ELiTe eDiTiON! :-)
  #60  
Old 07-01-2010, 06:56
Jimx
 
Posts: n/a
personal preferance kaspersky of course(the firewall has caught some attacks others couldn't) but but for slower computers NOD32...
Closed Thread

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Ask ExeTools: Best Antivirus & AntiMalware 2017 SOLAR General Discussion 39 01-09-2018 06:02
Antivirus API just4urim General Discussion 4 02-06-2005 02:49


All times are GMT +8. The time now is 01:44.


��ICP��05004977��
Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX