Thread: Comparison of Anti-Virus software
View Single Post
  #63  
Old May 12th 20, 09:34 AM posted to alt.comp.os.windows-10
Paul[_32_]
external usenet poster
  
Posts: 11,873
Default Comparison of Anti-Virus software
David_B wrote:
On 08/05/2020 20:44, Paul wrote:
Jim H wrote:
On Thu, 7 May 2020 10:57:31 +0100, in
, David_B
wrote:

Here's a huge table from Wikipedia .....

https://en.wikipedia.org/wiki/Compar...virus_software

It's well worth a look!

No mention, though, of ClamXav.

*Odd*.

https://www.clamxav.com

https://www.facebook.com/clamxav


This is a list of claimed features, not an actual measure of reliable
performance. It has it's uses when it comes to reducing the number of
AVs to consider but I would never use this list to make a FINAL
choice.

https://en.wikipedia.org/wiki/Clam_AntiVirus

"In the 2008 AV-Test, which compared ClamAV to other
antivirus software, it rated:

on-demand: very poor;
false positives: poor;
response time: very good;
rootkits: very poor.[9]
"

Sorta like the "Bud Light" of beers. "Less filling",
being its major attribute.

I'm sure the ClamXav developer has turned the ship
around, and that version has become a great light beer.
We just need someone to test it (properly). On a
Macintosh, how would you do that ? Can you run Sality
on a Mac ? How ???

Paul

Is this item of any interest, Paul?

https://www.pcrisk.com/removal-guide...y-trojan-virus

Is the article referring to a Mac when you review the link using Windows
or Linux?

I took note of that one a while back, because a discussion thread
on a site like Bleepingcomputer, said it was better to nuke and pave,
than to attempt to clean/repair the damage it causes. Most of the time,
the AV cleanup sites will attack the worst problem, given a chance.
But not that one.

It's a Windows malware.

It would be in the ClamAV database.

It can be spread over the network. If one Windows PC gets it,
in a matter of minutes, the other Windows PCs will get it
(if they're powered and network connected). I don't know if
any of the SMB patches cover it or not.

As far as I know, that one wasn't released for commercial gain,
it wasn't a money maker. It was released to damage stuff.
It could be, that it modifies every EXE on the machine
(modifies executables, in such a way that it's not trivial
to remove it from the EXE and put the original bytes back).
It would be a lot of work using a backup, to attempt to undo
all of that (you have to be careful that you've covered all
the file types it attacks). Especially if it was a new variant
that had features added or something.

The idea is, if you execute any EXE on the machine, it puts
the infection back. So when booting the machine, when Explorer.exe
starts, that would be enough to reinfect.

We're very lucky, that so many computer problems can be
trivially undone. That one is an example of how easy it is
to make a royal mess.

Paul
Ads