Samker's Computer Forum - SCforum.info
Security Software Armory: => Miscellaneous: Anti-Malware tools, discussions, advices... => Topic started by: Fireberg on 24. November 2009., 23:14:08
-
(http://regmedia.co.uk/2009/08/04/bsod_scareware.jpg)
After writing 10 ways to detect computer malware, I received messages from members wondering why I didn’t include various other anti-malware programs. I was hoping that would happen, simply because of the many applications I am not aware of. Once I did some due diligence, I compiled the following list of additional programs.
Note: This article is also available as a download that includes a PDF and a PowerPoint version of these recommendations.
1: Avira AntiVir
When they learned that my antivirus program is Avast!, several members mentioned I should give Avira AntiVir a try. According to trusted reviews, AntiVir scores well on malware-locating tests. It also rates high on prompt delivery of new signature files. Both are important, with the proliferation of zero-day malware, making AntiVir a good choice.
2: Emsi a-squared
Emsi a-squared is another member favorite. I now understand why. The anti-malware scanner was reviewed favorably in respected third-party surveys. All of the reports mentioned a-squared’s user interface and fast scan times as valuable features. Note: The free version of a-squared is only a scanner, so additional real-time protection is needed.
3: Microsoft Security Essentials
Security Essentials needs to be mentioned, even though it hasn’t been released yet. I couldn’t test it because I missed the beta cutoff. But a CIO friend of mine is running tests and likes it. Her only issue is the slow scan rate.
She also commented, “It’s about time Microsoft offered an antivirus application.” Her opinion makes sense. Having a built-in AV simplifies things and should eliminate problems like Windows Firewall did. There are plenty of rumors as to when Security Essentials will be released, all pointing to sometime in the fourth quarter of 2009.
4: Microsoft Event Viewer
While I’m on Microsoft, I want to mention Microsoft’s built-in Event Viewer. It should be the first place to look if something appears to be wrong. If an error shows up, double-click it and look at event properties to see what happened. If that’s not enough of an answer, check Randy Franklin Smith’s Ultimate Windows Security Web site for more detailed explanations.
5: X-RayPC
X-RayPC is a diagnostic tool similar to HijackThis. X-RayPC’s developers admit they like HijackThis and incorporated many of the same features. To enhance X-RayPC, they added a triage service. The service checks scan results against SpywareGuide, an online database. X-RayPC then reports back whether the file is known, unknown, or suspicious. This allows the user to make an informed decision before removing questionable files.
Note: I debated whether to include both SystemLookup and VirusTotal, because of their similarity. But SystemLookup represents the opinions of independent experts and VirusTotal represents the views of anti-malware companies. That difference convinced me each has its place.
6: SystemLookup.com
If you want more information about a certain process or file, SystemLookup.com is the place to go. Type the filename or CLSID into the search box, and an answer should appear. As of today, the site’s database contains more than 85,000 items, all verified by an independent community of anti-malware experts.
7: VirusTotal
VirusTotal is the go-to Web site if you have any apprehension about a file/program already on the computer or if you wants to load unknown software on it. In either case, it’s simple to find more information.
Upload the file to the VirusTotal Web site. After a few seconds, a detailed report will display. If one or more of the 32 anti-malware companies has an issue with the file, their comments will show up in red.
8: Third-party firewalls
I mentioned earlier that Windows Firewall was a welcome addition. Still, it’s limited in its functionality. That’s why I consider third-party software firewalls necessary, especially if the computer travels.
Most firewall applications offer additional services. They act as program guards, determining what software exists on a computer, learning what the software is doing, and preventing malware from altering application code.
There are many free firewall applications. I hope members will mention their favorites and why. I currently use Online Armor.
9: Wireshark
When other options aren’t working, using a network protocol analyzer like Wireshark may be the only way to recognize the existence of malware. Wireshark lets you determine if any unexplained data traffic is being received or sent by the computer.
The best way to use Wireshark is to run a baseline scan, trapping all traffic to and from the computer. Later on, if something appears suspicious, run another scan, comparing the results.
10: Bleeping Computer’s Combofix
Combofix is an efficient scanner capable of removing files designated as malware. It also allows you to create situation reports that can be used when seeking additional help. Combofix is one of those programs where you have to be careful about removing files. I recommend using it to create a baseline report when the computer is operating properly. That way, anything out of the ordinary will be obvious.
Combofix comes highly recommended by several TechRepublic members.
Final thoughts
As before, if I have missed your favorite anti-malware application, please let me know. For additional information, check out the first article in this series, The 10 faces of computer malware.
Check out 10 Things… the newsletter
Get the key facts on a wide range of technologies, techniques, strategies, and skills with the help of the concise need-to-know lists featured in TechRepublic’s 10 Things newsletter, delivered every Friday. Automatically sign up today.
Source: 10 Things
-
Thanks Fireberg.
I never heard for some of them, but will try... ;)
-
Yes, give Avira Antivir a try, I switched from McAfee VSE to Avira Personal and find it is light, though not so quick in full scan but sure it detects most of them. Good list by the way ;)
-
I personally use Virusscan enterprise 8.7 patch 2,but on on access scanning,i have disabled scanning of archive files such that it is lighter on ressouces.since new mcafee products include in the cloud Artemis technology,detection rates should be much higher than traditional antimalware.
-
You can also try panda cloud antivirus,it has stellar detection/blocking rates and very light on computer ressouces.
-
Third-party firewalls:
Privatefirewall FREE
http://www.privacyware.com/personal_firewall.html (http://www.privacyware.com/personal_firewall.html)
Or Look'n'Stop Paid
http://www.looknstop.com (http://www.looknstop.com)
-
Immunet Protect (Cloud Antivirus)
http://www.immunet.com/ (http://www.immunet.com/) very light than Panda Cloud.
-
Mcafee detects potential virus material in keygens?are they harmful?
-
Mcafee detects potential virus material in keygens?are they harmful?
Yes, 99% of them are infected with some kind of Malware.
-
As the OP briefly mentioned, ComboFix is one of those tools to be used by personnel with a sound knowledge of operating systems and malware. It is very powerful.
Good lists overall.
-
I have used several of these tools. ComboFix has a lot of capabilities and is very powerful. As stated above, though, know what yo are doing when using some of these or they can really mess things up to. A tool is just that, a tool. If not used properly, it doesn't work the way its intended...
-
a squared is the best
-
Malwarebytes is an excellent product for Malware. Its free for the on demand scanner and if you want full time coverage ( in the background ) the cost of the product is minimul. WWW.malwarebytes.org (http://WWW.malwarebytes.org)
It has pickup up various problems that the other so called "virus and malware" programs could not find :up:
-
Mcafee detects potential virus material in keygens?are they harmful?
Yes, 99% of them are infected with some kind of Malware.
Actually.... Most of them are clean. Detection occurs due to strange encryption and compression algorithms - at least I've been promissed over the years by those tools ; )
When I download warez (torrents), I always double-check the patch/crack/activator with one of the online multi antivirus scanners (see some of them here: http://scforum.info/index.php/topic,1282.10.html ).
Peace!
Devvie
~~~ notemail@facebook.com ~~~
Cuisvis hominis est errare, nullius nisi insipientis in errore persevare
——
All spelling mistakes are my own and may only be distributed under the GNU General Public License! – (© 95-1 by Coredump; 2-013 by DevNullius)
-
When it comes to that kind of software.. all you have is if you trust the source or not.
I remember a SetupVSE repackaged with a trojan that was being distributed in torrent...
-
When it comes to that kind of software.. all you have is if you trust the source or not.
I remember a SetupVSE repackaged with a trojan that was being distributed in torrent...
Shit does happen, once every few years ; )
devnullius
-
i would just use malwarebytes to detect any malware.. it's very usefull app btw :D