Interesting link for you folks. (Virus checker related)

[acrobat]

Hi everyone, my last PC got in a right old mess, so since then, I have learnt a lot about system security. I run a seriously tight ship now, and nothing gets in or out without my knowing (I'm behind a firewall and I use NOD32 as my virus checker, and I have a few spyware checking programs too.)

You can also use an online virus scan from time to time, for a second opinion, although nothing has ever got past NOD.

Anyway... I recently found a webpage that I think is a great idea. It lets you upload a file (only 1 at at time though), and it scans the file with about 20! of the most popular virus checkers. So you can't scan your whole computer or anything (do that with this instead), but if you ever get a single file that you really want, but you are suspicious about it, then you can upload it to this webpage, and it will scan the file with 20 of the best virus checkers available today.

I've used it a couple of times, and when the site isn't too busy, it has scanned the file for me very quickly. I think its a really useful resource and a good idea. Probably not of use to most of you, but if any of you deal with suspicious files sometimes, this place could be a dream come true.

Heres the link:
http://virusscan.jotti.org/

[silentvoice]

Yeah, it's a pretty good site. I've used it a couple of times in the past. But it can be a bit confusing at times when you get mixed results, i.e. when one or two AV's report a virus but others say the file's clean. Is this because those AV's have better detection or more up-to-date definitions or are they reporting false positives?

[acrobat]

Its hard to know, it could quite easily be either.

I have read that a lot of virus checkers are seriously crap... to be brutally honest. Norton (Symantek?) anti virus for example, have a terrible reputation amongst.. well... geeks , and its quite a shame because it also seems to be the most commonly used anti virus. Its like a corporate one so maybe its pre-installed on a lot of PC's or something.

But yes, a lot of them are just not updated regularly enough. I think that might be why this NOD32 does so well in tests (because it gets updated definitions very regularly).

But also, I have heard a lot of the very respected ones (Like "BitDefender" etc), can often produce "False Positives". Although I think sometimes that isn't always a case of them reporting something incorrectly, but more a case of them finding something unusual, and just reporting it. And the report may make it seem like a virus but its not. I think you can sometimes google the report and read what it says. I can't remember, but I think I might have done that before with a BetDefender warning, and it actually said it was unusual but not definitely a virus. But I'm not sure about all that anyway.

Its definitely useful though when that doesnt happen. I think if I ever got something with a positive (even if it was a false positive) I would probably just delete it, unless I was absolutely desperate for it. But its been useful to me a few times anyway. I once got sent a .exe from someone as an email attachment. I trusted them, but a .exe is just so suspicious... so I checked that and it came back negative with everyone single test, so I knew it was safe. The peace of mind is nice




P.S. I remember I was once installing something like Nero or something, and my NOD32 came up with a warning. The software I was installing, was asking if I wanted to install the "Ask Toolbar / Searchbar", and NOD32 popped up a warning that it was spyware or something. Which I suppose could be interpreted as a false positive, becuase its an anti-virus program popping up a warning for something that isn't actually a virus... but in reality, those toolbars often include all kinds of dodgy crap, including stuff that "spies" on what you do/type. So I am glad it gave a warning

*pats NOD on the head*

Not that I would allow a toolbar to get installed anyway.. I dont even allow the google toolbar. If I want to search something, I just go to google.com. All those themes and toolbars and stuff like that, are all good for nuthin' bits of rubbish that slow people's computers down.

[Phil_P]

Yeah, it's a pretty good site. I've used it a couple of times in the past. But it can be a bit confusing at times when you get mixed results, i.e. when one or two AV's report a virus but others say the file's clean. Is this because those AV's have better detection or more up-to-date definitions or are they reporting false positives?

For the most part, if 2 or 3 products are reporting a file as suspicious, I'd treat it accordingly. I work in malware research and I see literally dozens of samples each day that are not initially detected by the vast majority of AV vendors. The AVs are not reporting the file as "clean", but rather just that it didn't detect anything - there's a BIG difference! If you're still in doubt over the integrity of a file, I'd submit it to your AV vendor and see what they have to say once they've analyzed it.

And here's another excellent similar site - Virus Total:

http://www.virustotal.com/

Enjoy

[aidanjt]

NOD32 and Sophois are the two best scanners when it comes to reliability (balance between positive and negative hits). All the rest are usually a steaming pile of doggy do do.

[silentvoice]

.

I'm glad you're happy with NOD32. It's a product I've wanted to use but it's priced a bit high for just an AV and I'd have to find a firewall to complement it – which means more money. I remember reading a while back that Eset were introducing a Security Suite but I don't know whether that's been released yet and more importantly how it fairs as a firewall. One strong aspect of NOD32 in the past has been it's heuristics but it doesn't come out on top when using actual definitions. I've had F-secure in the past (uses several detection engines including Kaspersky's as well as Lavasoft's ad-aware component for spy-ware) but it was quite resource hungry. On start-up / shut-down it was particularly noticeable but overall it was a great product which was easy to use, flexible and did what it had too. For the past few months I've been using Kaspersky. It's less resource hungry but one thing I didn't like was by default it uses iswift / ichecker to 'attach tags' to your files to help decrease scanning time. So if the file remains unchanged, it won't rescan it (in theory). The firewall side of things needs a bit more training / setup than F-Secure's did as well - but only initially. It's been years since I've used Norton's security product - the last one was back in 2003. They were actually quite good then and ran well but Norton seems to have lost it way – not to say that’s it particularly bad at detection rate.

Also, in the past Norton's products would only automatically update once a week - compared to products from Kaspersky, F-Secure etc. which updated several times a day! If you wanted to update more frequently you'd have to do so manually. I don't know if this has changed though.

A useful (and reliable) site I look at from time to time for Anti-Virus performance is here: http://www.av-comparatives.org/. They carry out On-demand and Retrospective tests and is certainly interesting reading. You’ll need to click on Comparatives (left hand side) and then review the results for a specific date (February and May being the latest). August results will be due soon.

For the most part, if 2 or 3 products are reporting a file as suspicious, I'd treat it accordingly. I work in malware research and I see literally dozens of samples each day that are not initially detected by the vast majority of AV vendors. The AVs are not reporting the file as "clean", but rather just that it didn't detect anything - there's a BIG difference! If you're still in doubt over the integrity of a file, I'd submit it to your AV vendor and see what they have to say once they've analyzed it.

Yeah, true. Better to be safe than sorry but some AV's do have a habit of reporting false postives.

And thanks for the link. I haven't come across this site before.

[Million]

Heh, useful when you've got a zip file from a torrent share site fo sho