Virus Detection software?

[Mike Jackson]

I am not sure how much is fact and how much is hype, but there is supposed to be a big virus attack set to go off on April 1 called Conficker. There is a lot of information on the topic on the Internet. All of them I read said to make sure your virus definitions are up to date and do a scan. One report said it might infect between 6% and 30% of all computers.

Win32.Worm.Downadup uses new tricks to spread itself without being easily detected

Win32.Worm.Downadup, a worm which spreads by exploiting a vulnerability in the Windows RPC Server Service, has been detected by BitDefender. The Downloadup worm (also called Conficker or Kido)itself is nothing new. It made its first appearance late November 2008, exploiting the MS08-067 vulnerability to spread unhindered in local area networks. Its purpose was to install rogue security software on infected computers.

In late December, BitDefender Labs uncovered a new version of the worm called Win32.Worm.Downadup.B. The malware comes with a list of new features, aside from the present spreading routine, which has also shown signs of improvement.

The worm now uses USB sticks to spread. By copying itself in a random folder created inside the RECYCLER directory, used by the Recycle Bin to store deleted files, and creating an autorun.inf file in the root folder of the infected drive, the worm automatically executes if the Autorun feature is enabled.

I've had McAfee on my systems for a long time. My software logs onto their site and downloads new virus definitions nightly. A year or two ago, they switch me over to a "Total Protection Service" or TOPS. I can look on a console on the Internet and see if all my computers are protected and up to date. Okay, all that sounds good.

However, in the old days, the scan was very fast, and it had options to scan only the EXE, BAT, and other files prone to carrying a virus. Now, a scan is actually scanning every file and it takes a long, long, long, long time and it seems to hog quite a few system resources while it is doing the scan. It is hard to work on the computer when it is scanning. This morning, I started it and took off for a while. When I came back, it had scanned 23,000 files, but it is only about 1% completed. It'd be Easter before it scanned all my computer and drives.

I am wondering about a quicker scan program that does not "embed" itself into all my system? I need to download the current DAT files, then run a quick scan, then turn it off and let McAfee protect me the rest of the time.

Anyone have a working solution? (Please, I am not open to switching to a Mac, which is also vulnerable)

http://www.2009softwarereviews.com/defa ... Santivirus

M. Jackson

[Jerry Berg]

Mike,

I've been told by quite a few techs who do this for a living to gp to this site. http://securitytango.com/tango.php

You might want to give it a read. Hope this helps. I've also been told that mcafee is indeed a memory hog and does'nt find all viruses. I used to use it as it came free with comcast. I later downloaded ad-aware, avg and malwarebytes. these found many things that mcafee never found and did it quickly, and no memory hogging.

[Doug Bernhardt]

I also have heard talk of this "worm" on the CBC News here and am worried also. Anyone could have picked it up almost a year ago and it will be dormant until then. All I can add is that a good friend who also happens to be a too-well-paid engineer has me on "Trend-micro" as McAffe is far too intrusive in the systems. I also have CCleaner which runs everyday and from what I can tell has freed the box up enormously.

[erik winkler]

I heard he had a hook on his FOOT!

[Mike Jackson]

I am not too happy with McAfee right now. My subscription is almost up and I seriously doubt I will renew it, and that's if I still have it on any system past April 1. I plan on following the instructions Jeffy Berg supplied on one machine and see how much trouble it is. I read over several sites that reviewed anti-virus software and the reviews are all over the place, making me wonder if some of the sites are actually fronts for the software companies themselves.

Several sites suggested turning off Auto_Play on your system, as that is how the virus initiates iteself.

For now, I want to run a few of the freeware utilities and see if they work faster, with less system bog.

We all have a couple of days to prepare for this virus threat.

Mike Jackson

[Mark Summers]

I like what I read with the previous response on securitytango.com.
Some very good information on a wide range of topics on what we
should be doing to stay secure which is what I will spend more
time doing after this morning. Got my debit card tapped (who knows
how) and spent the morning on the phone calling the likes of LL Bean
and Overstock.com heading off some unsavory events.
Virusus and security go hand in hand if you watched the 60 Minutes
story last night which is maybe where M.J. got the April fools virus
that may go off.
I will now change passwords (read securitytango.com) and watch
my account online more often. You never think fraud will happen to
you until it does. I don't know how some of the merchants let some
of the transactions go through but they did. It looked like they drained
my account but I might get by the most of it.
Take security very seriously. I am also going to look at a new virus
software. Hope to hear what others are doing in that direction also.

Mark

[Mike Jackson]

Hi All,
I had been reading about the Conficker worm before posting originally. I posted again yesterday, and then watch the lead in clip for 60 Minutes and saw they were going to have a segment on it. I watched the program and can say the show didn't leave us with too optimism. This virus has the potential of doing some bad things around the world, and no one knows exactly what it's next command will be. Even though it was slow, I ran McAfee's virus scan last night on all of my computers and only had a few cookies it found and wanted to delete or clean.

I did a google search on Virus Protection Ratings and found numerous pages and sites. I ready quite a few of them, including some of the Pros and Cons on the reader reviews. I don't have a clue how anyone could decipher all the different reviews and know which one is the best. A program rated #1 on one review might be #6 or #8 on another and visa versa. The review at PCMagazine helped quite a bit, mainly to reiterate how slow McAfee is and how much system resources are being hogged by it.

In almost every consumer review, there were one or more people complaining the program ruined their system or crashed it. That's lovely. Then again, no one really knows if that person really had the problem or if they were someone from another company making the post to discredit it. That's lovely, too.

At least with a clean bill of health from McAfee from last night, I can take a bit more time. Several reviews gave Norton 2009 highest ratings, and said it is their slimmest, fastest, and cleanest version to date. It has always had a reputation of embedding itself deep into the system. I may make a decision later today and load it tonight. Right now, I wouldn't mind leaving McAfee on until my subscriptions need to be renewed, but in the meantime, find something I could run occasionally that scans for different virus threats. I'd just turn off McAfee for a short period and turn on the temporary one.

I went to several of the sites suggested on Security Tango's page. By the time I was in the download section of Spybot Searh and Destroy, everything was in Russian. Yikes! The 60 Minutes program said most of the malware and virus problems are coming FROM Russia. I didn't download that one.

This thing can give you a headache!

Mike Jackson

[Mark Summers]

Russia definitely. Seems I have some people looking out for my best
interest in Viet Nam also.

password checker: tests the strenghth of your password
http://www.microsoft.com/protect/yourse ... ecker.mspx


Mark

[Kent Smith]

I have been using McAfee since '89 or so with consistant success and they assure me that their recent updates cover all versions of Conficker. My broadband service now provides McAfee as part of the subscription for every computer I use, so I don't have extra fees anymore. My contract which covered all 7 of our computers ran out just at the right time so we are all good.

I used Sybot and Webroot once when McAfee did not have a working spyware and they had an English version which fount the trojans and destroyed them. Then McAfee improved and had those tools. This was some years ago and have not had issues since.

[erik winkler]

Happy aprils foolsday!
I told you he had a hook on his foot!

[James Warwick]

My Mac's and I woke up today from a very restful worry free sleep. Most virus's don't speak Mac.

[Mike Jackson]

All my PCs woke up fine today, too, but anytime something like this hits the news with such a potential threat, it is certainly worth taking the extra time to make sure everything is up to date. According to 60 Minutes, all these little worms are sitting on unprotected computers dormant, waiting for a command. At least some of the ones they were able to decipher seem to be waiting for a signal beginning April 1. They don't know what the signal might be, or if they will ever get it, and if they do, what kind of damage it might bring on. So, it might have been an overblown hoax, or it could still cause problems. I don't regret spending some time running my scans or updating my virus detection services.

I'd still like to find something faster and that uses less system resources. When it finally did run the full scan on my C drive, it checked 1,500,000 files.

I have a Mac and a PC, so this isn't an either/or issue for me.

Best regards,
Mike Jackson

[Kelly Thorson]

We've been with Trend Micro for years now. I'm sold on it.

[Danny Baronian]

Most virus's don't speak Mac.?

You may get a rude wake up call some day. For those working on a mac pre OSX you won't see a difference, but compare the hierarchy between OSX and MS OS and you'll discover they're identical, same file structure, as seen working with both platforms.

Had a problem about a month ago on my laptop. Took it to the apple store for a system check. Afterwords they recommended the purchase and use of maintenance software that looked identical to a registry check on the PC. Macs are slowly catching up with the same problems that plaque the PC.

There risk may be less on a mac, but they're not immune.

I'll stick with the old saying: An ounce of prevention is worth a pound of cure.

[erik winkler]

Ohhh no!
My computer crashed!!!!!
All my bought fonts are gone....
Well it is going to take 3 days or more to exactly build my computer up again and have it running with all mine prefs back in line....
I should have listened and get the latest virusscanner and do a complete scan.

[Mike Jackson]

Hey Erik,
Is this an April Fools joke...or for real? If it is a joke, ha, ha, ha. If it is for real, good luck recovering everything!

M. Jackson

[Mark Summers]

Here is a tip for those of you that don't have it. Do you
ever wonder what would have if your computer crashed or
was stolen? How bout all the files you wished you had backed
up. I found a way around that. I use www.carbonite.com. It backs
up all your files automatically as you work. Just tag all the folders
you want backed up and it seemlessly takes it away for you. Even
your revises. It may take a week to back up all your files (uploads
are slow). Once you have it though you are golden. The neatest
thing since sliced bread. Same price for all the space you want.
I have about 5 gigs of space for my needs. I think I paid $90. for
two years.

Mark
p.s. don't lose your password

[Mike Jackson]

Hi Mark,
I checked carbonite's site and asked about how much data they would store each month for the advertised price.

I received an automatic email response from them, and one of the comments in the frequently asked questions states it does not back up extrenal or networked drives. I only keep my program files and a few odd job files on the main drive. The photos and other data are stored in external drives on my system. That'd pretty much make the utility useless for me.

M. Jackson

[Mark Summers]

I understand your point Mike. For some it won't make sense.
I also have an external backup for a complete and also throw
the work files on a DVD now and again. I think carbonite is
the perfect lazy-man's backup.
I've sat in front of my computer red-faced after a crash.
Don't plan on that happening again.

Mark

[erik winkler]

Hey Erik,
Is this an April Fools joke...or for real? If it is a joke, ha, ha, ha. If it is for real, good luck recovering everything!

M. Jackson

Mike you've got me. It was a silly joke On April the second.
But just to show we all have to take special care of our computer and files I thought it would be fun to make an "What if..."

I think you all have heard about Ghost?
It is a program that makes an exact copy of your pc.
When you crash it, just take the ghost cd and your portable back up hard drive and your are saved.
We have recently installed a server which updates every day and makes back up on a second hard drive containing one terrabite of memory.
It is a nice thought to be a little on the save side, because save with computers is allways an illusion.
Good luck you all with your virusscanners and back ups.

Erik

[Mike Jackson]

Just a quick follow-up...

My McAfee license came up for renewal on four of my machines. I did quite a bit more searches and finally decided to go with BitDefender Antivirus 2009. It has a 30 day money back guarantee, so I can see how it works. Actually, they also had a 30 day trial period if I had chosen to go that way. I got quite a few emails from McAfee advising me my licenses were about to expire, followed by a phone call from some guy named Mohammed Burhan. Not great PR to have someone from overseas trying to get me to renew. BitDefender had pretty high ratings in almost all the reviews I found, plus I was able to get five licenses for a total of $50 for a year.

The program seems to be loading fine, did a fairly quick scan of my computer, and is now running in the background with much less resources than McAfee.

I hope I made a good decision, but I think it was certainly time to move away from that clunker.

M. Jackson

[Kent Smith]

Let us know how this new one works out. I notice McAfee using more resources all the time too.

[Dave Dubé]

I shot McAfee over a year ago. I was part of a test team to select a new product for an enterprise of over 20,000 connected machines. McAfee lost. ESET NOD32 won - hands down. It has separate 'engines' that run as needed for web access, email (scans in and out) and file system scans. McAfee is a system resource pig. The ESET product is not that much more expensive for a three year license than McAfee, and it is competitively priced against all the other options. I am not a salesman for ESET. I just wanted virus protection that worked. When we did the cutover, ESET found over a thousand infected machines of which McAfee was blissfully ignorant.

[Mike Jackson]

Hi Kent,
In just the first few days of use, I can say I already like it better. I was running their McAfee's TOPS (Total Protection for Small Business) which loaded on all machines, ran the DAT updates daily, but didn't actually scan the machine nightly. You run it once, then hope it finds new virus as they try to enter. This new software pops up a box anytime you put in a CD, compact flash or add in a hard drive, allowing you to do a quick scan. I like that feature. McAfee did that a long time ago, but not with TOPS.

Quite honestly, it was very difficult to pick one from the list. The more reviews I read, the more confusing it got. The pattern seemed to be that many of the product review sites may have been owned by the company that was on the top of the list. BitDefender was always near the top, but hardly ever on top, yet the reviews always gave it good marks.

I just did a basic install on all five machines, flushing McAfee from them. From what I can see, this software can perform a quick scan or you also have an option to scan every file. McAfee only had a full scan. With about 6 terabytes of storage on my main machine (mostly raw file photos), McAfee would take forever to scan, and take most of my resources with it. I couldn't do any Photoshop work while it was scanning, and it was slow in basic programs, too. The BitDefender quick scan is only scanning virus prone formats such as .bat, .exe, .dll, and so forth. There isn't much need for my scanning software to scan a couple hundred thousand photo files.

So for now, the change seems to be a good one for me. I should also say that BitDefender didn't find any virus threats on any of my machines. Apparently McAfee was doing its job all along, even if slow.

M. Jackson

[Mike Jackson]

Minor update:
I have been having bitdetector do a "deep scan" on all computers today. It found some infected files on several of the machines McAfee missed. That's interesting.

My main machine has been running the detector for 7.5 hours, going through 2 million files so far. If found 31 infected files on my C drive McAfee missed.

It has been scanning away all day and I didn't really notice it until I had Lightroom open and was viewing folders of new photo images. It slowed that program down quite a bit. Luckily, BitDetector has a "pause" button allowing me to pause the thorough scan long enough to do my Lightroom/Photoshop projects, then hit the "resume" button.

It may be in the software, but I don't see the option yet to scan a specific drive on demand. Drive C is usually the one with the virus prone files, but I might occasionally want to scan just one external drive. I have a feeling that option is there.

May 6 edit: As it turns out the 31 "infections" were only cookies, which it automatically deleted.

M. Jackson