Lean Snake-meat
I’m trial-testing a new (to me) anti-virus/anti-malware product on our Vista system. It’s Sunbelt Software’s VIPRE Antivirus + Antispyware program.
It’s a bit of a different product for me as I usually stick with “free for personal use” versions such as AVG Free. This one is good for just 15 days. On the plus-side, Sunbelt offers a $49.95 deal to register its use on all the computers in your home for a year. That does seem like a good value.
I uninstalled AVG Free 8 then after a reboot loaded this one up. A full scan with VIPRE took 128 minutes and as the image above shows scanned a bunch-load of items. In all it found five cookies as well as two possible trojans and one potentially unwanted program. I was a bit shocked at first, but found that one was Abel (of Cain and Abel), one was a utility in NetTools, and the last (PUP) was a tool that allows you to run an application under a different date. So all were in fact, known and approved by me to be on my system.
I must say my first impressions are very positive. The interface is very logical and easy to navigate. Each time I wanted to do something or find something, I was quickly able to find it, even without having read the Help files.
My only “gripe” at this point is that I was not able to select any of the items found in the middle of a scan to view the details on them. This led to some mixed concern on my point until the scan completed and I was able to see the details. I’d like to ask the Sunbelt team to allow viewing of detected threat details in the process of the scan, or allow additional columns to be added to the default view that would at least show the location (path) and filename of the threats so some information can be reviewed mid-scan.
I’m not intending this to be a “review” but more of a first impressions. However, if after the fifteen days are up I’m still happy, I’m pretty sure I’ll be signing up for a subscription and composing a longer review. In the past I used their Sunbelt Firewall product for a very long time, abandoning it only when it took so long for them to deliver a Vista compatible version…(now available). I was very pleased with the product and company from that experience.
On top of that, CEO Alex Eckelberry’s SunbeltBLOG is a long-time RSS feed of mine and I really enjoy the posts found there. Alex is very responsive and frequently drops into forums and blogs and leaves his comments. I’m always impressed with his attitude and willingness to engage in constructive discussions on both his company’s product as well as the anti-malware industry in general.
AVG Foul and Alternative Poultry Choices for the Pot
Goodness knows, I’ve been a long-time apologist for AVG Free here on this blog. It was one of the very first “free” anti-virus products I switched to after leaving a paid-subscription service. It’s had its ups and downs but overall I still remain pretty pleased with AVG and continue to recommend it for most home-users looking for a free security product.
My complaints remain, however; a very busy interface, difficulty finding and using the “advanced” settings and configurations tools, periodic false-positives, the fact I’ve never been able to get the “upload to AVG” feature for sending sample files to AVG to work, and the fact that it continues to hammer away on a number of my utilities as “Potentially Unwanted Programs” despite the fact I tell it not to.
AVG again has made the tech-circles with reports of nailing false-positives for some critical (or important) system files. Although I personally haven’t experienced any of these recent behavioral problems, they could be a bit disconcerting for AVG noobies not yet accustomed to the frequent AVG false-positives the signatures are know for.
TechBlog: Ooops: AVG thinks key Windows file is a Trojan
TechBlog: Yet another AVG false alarm: Time for an alternative?
AVG virus scanner removes critical Windows file - Security and the Net
This led to me re-evaluating my selection with AVG Free 8 again and giving VIPRE a try.
In my previous AVG Free v8 versus the Competition (Speed to Scan only) post, I came to the conclusion that AVG Free v8 had the fastest performance overall of any free anti-virus product that I had tested.
The runner up was Avira AntiVir Personal. I said that I would likely choose this as my second choice were I to leave AVG Free 8. The only drawbacks I find with AntiVir is the fact that the free product did have a few more limitations in this product compared to other free solutions. On the plus-side, Avira consistently leads the pack of SRI’s Most Effective Antivirus Tools Against New Malware Binaries detection list. See also AV-Comparatives.
Curiously, I did not see Sunbelt Software’s VIPRE listed in either location. So I really have no way to see how they would stack up in these tests by comparison.
If I did go with AntiVir I would probably also use it in tandem with either (or both) Malwarebytes' Anti-Malware (free but $ for full-feature version) and ThreatFire (freeware). I had always relied on ThreatFire’s HIPS type protection before, but it seemed to conflict with COMODO’s firewall and kept locking up my XP system’s hard-drive so I just uninstalled it from everything for now.
Then there is COMODO’s Internet Security suite which remains a free security product that bundles both it’s awesomely hardened firewall along with some interesting anti-virus/anti-malware products. Certainly worth looking at as well as an integrated anti-malware/anti-virus solution if you are tempted to walk away from AVG Free 8.
Finally, I found this security software review site that uses YouTube videos to highlight its findings: Remove Malware.
Pure Angus Meatiness
Microsoft® Malware Protection Center : Malware and Signed Code – Yep, it’s a brief discussion on code signing and how it is beneficial to preventing malware.
Microsoft® Malware Protection Center : Win32/FakeSecSen - A Nasty Piece of Work – MMPC staff take some of the fake security programs to task. I frequently see evidence of these at work where users were surfing, got a pop-up and the program/presentation looked quite legitimate and tricked the user into installing the app on the system. Then our Symantec program alerts on them, (but can’t remove them) and off we go to pull them off the system. It’s probably even worse for many home users. It’s a great roundup and discussion.
Wi-Fi Networking News: WPA Not Cracked, But Still Vulnerable and Security experts reveal details of WPA hack - News - heise Security UK – The weakness of the WPA chain is finally fully out. It is a flaw, but probably nothing for the average home user to be deeply concerned about…at least not quite yet. If you are really concerned and your Wi-Fi router supports it, consider switching to WPA2.
Windows Incident Response: More Deleted Keys Goodness! – Harlan shows just how valuable the ability to find (and recover) deleted registry keys can be. Neat stuff.
Windows Incident Response: New Code Posted – Harlan also kindly offers up a plug-in to his RegRipper tool that will help recover deleted registry key information for investigators and SysAdmins.
SynJunkie: The Story of a Hack - Part 2. Breaking In – SynJunkie is continuing his class on how a penetration attack occurs. So far it has been quite educational and nicely documented.
Shoulder Surfing a Malicious PDF Author « Didier Stevens – This was really cool. Didier was able to obtain a malicious PDF file that actually retained the incremental changes the malware writer used to try to get the PDF bomb ticking. He provides a great analysis and I wonder what applications this technique could play for forensic examiners as well who could find some good clues and data as well. If nothing else it is good information to be familiar with.
--Claus
0 comments:
Post a Comment