1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Best Antivirus? Routine?

Discussion in 'BlackHat Lounge' started by Nosence, Jul 6, 2012.

  1. Nosence

    Nosence Senior Member

    Joined:
    Dec 28, 2010
    Messages:
    925
    Likes Received:
    42
    Im pretty sure there is something on my computer but I cant seem to pick it up with mcafee, computer is acting strange closing out windows and really slow.

    but i cant actually pin point what is wrong its just off

    What anti virus do you use? more then one? do you have a routine?
     
  2. Pipelin

    Pipelin Regular Member

    Joined:
    May 31, 2011
    Messages:
    253
    Likes Received:
    124
    Norton #1
     
  3. jazzc

    jazzc Moderator Staff Member Moderator Jr. VIP

    Joined:
    Jan 27, 2009
    Messages:
    2,468
    Likes Received:
    10,143
    All AV are more or less useless. But Avira and Kaspersky are a bit less useless than the rest.
     
  4. Zapdos

    Zapdos Power Member

    Joined:
    Oct 22, 2011
    Messages:
    597
    Likes Received:
    708
    Location:
    Eastern North Carolina
    Mcaffee has sucked since it was made. Norton lost relevance back in ~2005.

    I use Kaspersky with full heuristics and AVG at max as well. Neither of them pick up everything but when together they don't miss much.
     
  5. jazzc

    jazzc Moderator Staff Member Moderator Jr. VIP

    Joined:
    Jan 27, 2009
    Messages:
    2,468
    Likes Received:
    10,143
    Together? You use 2 AVs at the same time? :eek: This is like using two condoms. :D Not only it isn't providing extra security, it can cause extra problems.

    Btw, how do you know you aren't missing much, given the fact that you can 't tell if you are infected or not? ;)
     
  6. Dark Knight

    Dark Knight Jr. VIP Jr. VIP Premium Member

    Joined:
    Nov 15, 2009
    Messages:
    731
    Likes Received:
    1,194
    AVG paid version and malwarebyte never had a virus problem :)
     
  7. Zapdos

    Zapdos Power Member

    Joined:
    Oct 22, 2011
    Messages:
    597
    Likes Received:
    708
    Location:
    Eastern North Carolina
    Has never given me any problems. AVG I only use for scanning and isn't running constantly unlike Kaspersky.
    As for knowing if it missing stuff, there is always the possibility but in tests they both detect significantly more than the others. IIRC it was a test of 30k viruses and Norton/McAffee only picked up 50% or less. Kaspersky and AVG picked up >80% along with 2 others. Going to go look for it now.

    Oh, and 2 condoms is great protection if your gf hates you and starts poking holes in the known stash. :p
     
  8. jazzc

    jazzc Moderator Staff Member Moderator Jr. VIP

    Joined:
    Jan 27, 2009
    Messages:
    2,468
    Likes Received:
    10,143
    Ok, let me give you a heads up on how AVs actually do NOT work.

    They do not scan the memory of the executable process. No, never. Read that again. Once the program is mapped to memory by the loader, it 's game over.

    This means that an attacker simply need to create a wrapper that will hide the malware in its own memory and then execute it without hitting the disk. That 's is. Really. Easy as pie.

    To avoid heuristics, usually the wrapper waits ~30 seconds before launching the malware. Some more details and tricks are also present, but nothing spectacular.

    That 's why AVs are worthless. Actually they are dangerous because they make you think you are protected. Well here 's some news. Any skid out there can get his favorite 5 years old trojan undetectable with a cost of < $1.

    The only solution is to not use Windows for sensitive stuff. Have a dual boot machine and do your important transactions from there.
     
  9. jazzc

    jazzc Moderator Staff Member Moderator Jr. VIP

    Joined:
    Jan 27, 2009
    Messages:
    2,468
    Likes Received:
    10,143
    These metrics do not matter because their samples are old. People who spread viruses modify their wrappers daily/weekly.

    :D:D:D:D Use from the hidden stash only :D And dispose of the contents yourself ;)
     
  10. Zapdos

    Zapdos Power Member

    Joined:
    Oct 22, 2011
    Messages:
    597
    Likes Received:
    708
    Location:
    Eastern North Carolina
    Great, but doesn't really concern me. I do virus scans and crap to keep out the annoying stuff. If I'm concerned about security then I'll use another machine, a VM or something else that I don't download random crap to.

    and implying that linux/mac doesn't have viruses could be seen equally as stupid as using 2 avs (like I do) or assuming AVs give 100% protection.



    For me, to keep viruses out of my main machine I don't visit crack sites. I use javascript/java/flash blockers. Suspicious files get their own VMs and tested in there. Only visit known sites.
    Porn sites... no need. <-- Rules out alot of problems lol
     
    Last edited: Jul 6, 2012
  11. jazzc

    jazzc Moderator Staff Member Moderator Jr. VIP

    Joined:
    Jan 27, 2009
    Messages:
    2,468
    Likes Received:
    10,143
    Sure they do. Usually via flash and java exploits. But if you think that having a 0.00001% less chance of being a slave to some 10year old kid who will sell your accounts (or pictures if a female slave) for a few $ is not worthwhile, be my guest ;)

    Btw, it 's not a matter of 100% protection by AVs. They offer 1%, not 90%.
     
  12. oxonbeef

    oxonbeef BANNED BANNED

    Joined:
    Jan 4, 2009
    Messages:
    2,242
    Likes Received:
    7,872
    All seeing eye from
    Code:
     [URL]http://www.fortego.com/en/ase.html[/URL]
    and TCP/ip viewer from
    Code:
    [URL]http://tcp-viewer-sysinternals.fyxm.net/[/URL]
    .
    Learn how to use them and you will never get infected.
    Did you know?
    350,000 Internet Users Could Lose Web Access on July 9 - Are You One of Them?

    http://facecrooks.com/Internet-Safety-Privacy/350000-internet-users-could-lose-web-access-on-july-9-are-you-one-of-them.html
    What scares me is not script kiddy wanabie hackers but working along side people who have no knowledge of internet security.
     
    Last edited: Jul 6, 2012
  13. Pipelin

    Pipelin Regular Member

    Joined:
    May 31, 2011
    Messages:
    253
    Likes Received:
    124
    Norton has changed from the root, it is not norton from 2005.
    and btw he is #1 on all tests, light av than Kaspersky.
     
  14. BlueZero

    BlueZero Power Member

    Joined:
    Jul 6, 2011
    Messages:
    500
    Likes Received:
    257
    Occupation:
    Webdeveloper, Project Manager
    Location:
    Byte in the Net
    Home Page:
    I am using NOD and it never failed me.
     
  15. Aty

    Aty Jr. VIP Jr. VIP

    Joined:
    Jan 27, 2011
    Messages:
    5,406
    Likes Received:
    3,692
    Home Page:
  16. oxonbeef

    oxonbeef BANNED BANNED

    Joined:
    Jan 4, 2009
    Messages:
    2,242
    Likes Received:
    7,872
    That's a false sense of security, I can piss pass nod myself.
     
    • Thanks Thanks x 1
  17. sirgold

    sirgold Supreme Member

    Joined:
    Jun 25, 2010
    Messages:
    1,260
    Likes Received:
    645
    Occupation:
    Busy proving the Pareto principle right
    Location:
    A hot one
    Lots of rootkits these days will install as drivers at a ring so low ANY TOOL will be useless since, if you go near to the metal enough, you can hook any API and override it to do whatever you want. Using a system process viewer, a tcp viewer won't help just like using an antivirus, no matter how sophisticated. With that being said, use sandboxie, it *might* help a bit when you test a program whose origin is dubious. Use Virtual Machines that give you an extra layer of separation and even the existence of ring -1, ring -2 virii are well-known it's generally just a matter of VM cpu emulation bugs or something similar, so not something to worry about *routinely*... Talking about the routine you were asking for, just use exe you know where they come from, use anti-rootkit tools that you can download off the main av vendors possibly from a second partition / usb key off a secondary operating system. If the infection is bad enough there's no way you can clean a machine from your primary operating system. As a friendly reminder, alternatives to Windows DO exist and the speed of virtual machines these days is more than reasonable, so give it a though: using something with less critical mass usage is totally the best routine you can adopt. HTH!
     
  18. Techxan

    Techxan Elite Member

    Joined:
    Dec 7, 2011
    Messages:
    3,093
    Likes Received:
    3,585
    Occupation:
    Local SEOist
    Location:
    TEXAS (you have to yell, its the law.)
    Agree, if you download from this and similar forums, you should check for rootkits weekly, write down the paths and registry keys, and kill them manually.

    All those of you that feel they have a clean machine, run rootkit revealer on it, and see whats running in there that you don't even know about.
     
  19. wEb pOsTS

    wEb pOsTS Registered Member

    Joined:
    Jun 16, 2012
    Messages:
    82
    Likes Received:
    79
    Location:
    Turkey
    Avira is the best ever
    Avira is the most stubborn antivirus and all hackers complain of it .. they daily work
    to develop encrypter programs only to bypass Avira protection
    If u download alot from forums and untrusted websites i recommend to try any
    downloaded file in specific small area of hard disk to prevent any probable virus from
    spreading especially there r viruses timed to work their tasks in appointed time so they
    almost escape from av detection when u run the file at first time
     
  20. ugjunk

    ugjunk Jr. VIP Jr. VIP Premium Member

    Joined:
    Jan 1, 2011
    Messages:
    2,340
    Likes Received:
    721
    Location:
    Los Angeles
    Home Page:
    I have been using AVAST and I love it