Re: Multi AV ???
- From: "cquirke (MVP Windows shell/user)" <cquirkenews@xxxxxxxxxxxxxxx>
- Date: Thu, 28 Sep 2006 22:03:48 +0200
On Wed, 27 Sep 2006 20:06:01 -0700, Old Rebel
Is the Multi AV tool safe to use as an offline alternative to online AV scans
for dial up users? Or should it only be used in emergencies?
Multi-AV is there to attempt to clean an already-infected system, so
it is NOT a substitute to running av to prevent infection. Once
infected, the malware can and often does resist removal, and is
better-positioned to control the PC than you are to get it back.
In this situation, the more chance the malware has to get control of
the system, the less chance you have of getting it back.
Online scanners are the most unsafe in this situation, because by the
time you've started your infected Windows and connected to the
Internet via this infected code base, and start to look for scanning
sites through infected DNS, you are almost certain to have the malware
perfectly positioned to overrule your attempts to clean it.
Multi-AV is safer, because you don't have to be online to use it, and
it can be used in Safe Mode. But there's still a chance the malware
will be active at that time; it merely has to make use of the
opportunities that Windows hands it on a plate. Many don't, tho.
It's safer still if you can avoid running any code from the infected
system at all, and that can be done by working from Bart CDR boot.
But that means having a clean system to build the Bart disk, and more
to the point, a fair bit of effort and technical fiddling.
I have Windows One Care installed as resident, and I use Kasperky
online scanner for double checking my PC. Most online scans are nearly
impossible on dialup, and I am looking for a thorough AV tool that I can use
offline that will not conflict with One Care.
OK... I'd use on-demand scanners such as free BitDefender, SysClean,
and various CLI scanners; in fact, that's pretty much what Multi-AV is
all about. But I would NOT use these in the sense of a "full system
scan" - instead, I'd use them as on-demand scanners to check material
before it was ever allowed to run. Reasons as above.
Some folks rely on their av to do their thinking for them - they'll
click on anything, often with misplaced confidence because it's "from
someone they know", and expect the av to catch all the nasties before
they hit the system and blow it up.
Then when they realize av will always leak so that stuff seeps
through, they'll do a full system scan once in a while to attempt to
get the system back if it's gotten infected.
Rather than that, it's better to not take chances on hi-risk material,
even if an on-demand scan (or better - as intended here - more than
one on-demand scan) has passed it as OK.
IOW, what I don't trust, I don't scan and I don't "open".
What I do trust, I scan and then I "open" it.
If my resident av then catches something, I don't feel warm and fuzzy
that I'm well-protected. I get the cold grizzlies because I've let a
baddie get past me and close enough to take a crack at goal, and it's
only the resident av (my goalie of last resort) that stopped it.
I have exerienced good results with One Care so far, but I want
to cover all my bases.
Yes, IKWYM. I'm using AVG 7 with BitDefender and F-Prot for DOS as my
on-demand scanners, and a battery of Bart-based av for recovery.
If I had to do a lot of tricky stuff, I'd build the same bunch of
Bart'd tools into a far larger on-demand hammer :-)
-------------------- ----- ---- --- -- - - - -Running Windows-based av to kill active malware is like striking
a match to see if what you are standing in is water or petrol.
-------------------- ----- ---- --- -- - - - -.
- Follow-Ups:
- Re: Multi AV ???
- From: What's in a Name?
- Re: Multi AV ???
- Prev by Date: Re: DNS calls to Ukraine destinations
- Next by Date: Re: Multi AV ???
- Previous by thread: Migration of Symantec AntiVirus Server from version 10.0 to 10.1 problem
- Next by thread: Re: Multi AV ???
- Index(es):
Relevant Pages
|
Loading
