# Trend Micro RootkitBuster 1.6.0.1055 Beta



## AshenSugar (Feb 7, 2007)

> Publisher's Description:
> 
> Trend Micro RootkitBuster is a rootkit scanner that offers ability to scan for hidden files, registry entries, processes, drivers and hooked system service. It also includes the cleaning capability for hidden files and registry entries.









if you have xp and have used any sony music cd's in ur system, well u should run this


----------



## Alec§taar (Feb 9, 2007)

AshenSugar said:


> if you have xp and have used any sony music cd's in ur system, well u should run this



Got a URL for download for this? I don't see one above...



* I keep & use these things. along w/ AntiVirus (Symantec Corp. Edition Client 10.2) & AntiSpyware (SpyBot, AdAware, Windows Defender latest) tools, every Sat. A.M. & that's coming up soon (tomorrow a.m.)... & I would like to have its "latest/greatest" around for that job!

(Thanks!)

APK


----------



## oily_17 (Feb 9, 2007)

Damned Sony CD's...Download below

http://www.neowin.net/index.php?act=view&id=37731


----------



## Alec§taar (Feb 9, 2007)

oily_17 said:


> Damned Sony CD's...Download below
> 
> http://www.neowin.net/index.php?act=view&id=37731



Thanks Oily... that's newer than the version I was using (v1049)!



* Cool, & now for my Sat. A.M. AntiVirus/AntiSpyware/AntiRootkit scan tomorrow a.m., I am 'fully armed & up-to-date'...

APK


----------



## AshenSugar (Feb 9, 2007)

fod av i prefer f-prot6 or nod32, bouth KILL norton on ram and cpu use, ZERO system perf hit even on older systems 
f-prot works on even OLD systems without hurting windows perf(it uses around 12mb ram MAX avrage 4mb)

norton, well it hasnt been re-writen in years, since they bought out IBM antivirus and copyed its code all they have really done was update and tweak it, make the gui diffrent, the problem with this is that each time they update/tweak it they make it use more ram and more cpu, i hate poor coding.

also hate that so many viruses can easly dissable norton/mcafee when they cant seem to dissable f-prot,nod32 or a couple others i have used(panda for example)


----------



## Alec§taar (Feb 9, 2007)

AshenSugar said:


> fod av i prefer f-prot6 or nod32, bouth KILL norton on ram and cpu use, ZERO system perf hit even on older systems
> f-prot works on even OLD systems without hurting windows perf(it uses around 12mb ram MAX avrage 4mb)



One day, I am going to have to try this NOD32 you guys all "rave" about here... I haven't to date, but it's THAT kind of review by others that makes me try other wares.

PerfectDisk & VLC being yet others folks HERE, have turned me onto trying for the first time, OR again, & I switched (it happens!)



AshenSugar said:


> norton, well it hasnt been re-writen in years, since they bought out IBM antivirus and copyed its code



Yea, the 'base engine' in its services &/or drivers probably is the same as it has been since, I'd wager, around 2000... admittedly, you're probably correct. BUT, it's interface/usermode code is new, 'dumbed-down' & slower, no questions asked & WHY I stick by Corporate Client model.

ALSO:

Don't mean to be a dork, but do you have "backing substantiation" of that claim it's IBM AntiVirus originally? If so, I'd like it... just for my own knowledgebase here (yes, I actually keep data like that, it interests me where softwares originate from & all that).

Thanks...



AshenSugar said:


> all they have really done was update and tweak it, make the gui diffrent, the problem with this is that each time they update/tweak it they make it use more ram and more cpu, i hate poor coding.



Sometimes, updates are 'downdates', & this isn't the only ware that has undergone that, @ least for the version MOST FOLKS use that is... 

ATI doing its Catalyst (tuning options, not driver stuff or services) series via .NET is one I felt took a 'downturn': 

See, I feel .NET code is great, doing server-side ASP.NET stuff, hands-down it rules there (faster than std. ASP, & has garbage cleanup like Java, etc.), but VB.NET or even C# is just not as quick as say, Pure C/C++, Delphi (both of these latter 3 ROCK, & especially if you embed Win32 direct API calls &/or Assembler code inline), or even other VB6 interpreted code (especially if you embed Win32 direct API calls here), but it is a LOT safer in many ways.

Anyhow - I use the "Corporate Edition 10.2 Client" & it's pretty solid & bugfree/invulnerable @ this point, or last I knew of @ least... I haven't checked in awhile, but if you can point me to some? I might think of work-arounds for it, as I did below:

E.G.-> The vulnerabilities 10.1 had, I countered for in the registry anyhow via bufferoverflow hacking & service privelege lowering per services that CAN be run, less than SYSTEM entity levels of privelege & many of Norton's can, & run fine... & I did that for years now, because it works, & I figured it was going to happen that services would be attacked, eventually.

Also, it's interface? Is like the FAR LIGHTER/less wizardy 2001 NAV edition, what is FAR DIFFERENT than most folks use @ home today...



AshenSugar said:


> also hate that so many viruses can easly dissable norton/mcafee when they cant seem to dissable f-prot,nod32 or a couple others i have used(panda for example)



They don't disable 10.2 corporate that I know of, @ least not by the methods I shut off since way back, regarding buffer-overflow hacking of its usermode components, to access service level process priveleges.

BUT, I'd concede it IS targetted by a great many malware/spyware/virus/rootkit authors, etc. et al, by all means... mainly, because it's popular!

APK


----------



## AshenSugar (Feb 10, 2007)

i will look for the info about nav and ibmav again, the site may not be up anymore tho, but what happened was that OLD norton(dos based with windows "gui") coudnt run properly under nt based os's ibm av could run on win9x and nt no problem, also it was faster and more powerfull per its size(2 floppys for install 1 for the rescue disk) and had native windows gui.
norton needed a new core av, ibm was looking to sell off ibmav because they where tired of supporting it, norton bought it, then changed the GUI and name and used that(the sigs where the same and ibmav could get updates that where for nav in those days)  since then they havent fully redesigned the core, they just modifyed it here and there, adding stuff mostly.

the problem with that is the fact that every other major av maker other then mcafee has re-writen their cores a few times since then, mcafee is ok for keeping stuff off ur system, but if anything gets on, well u need another companys rescue disk to remove it(this from alot of personal exp)  they bouth use ALOT more resorces then nod32 or f-prot/f-secure, be it on a server of desktop system.

f-prot has re-writen its windws client a few times, tho 3.x held for years without being fully rewriten, 6 is a new core and gui tho it uses the same sig files(so they can easly update ALL versions, u can get f-prot for dos free, very handy for system recoverys  )

for another rootkit buster try blackice rookit tool( i acctualy like it better then trend)

trend micros stuff is good, i like their av, tho its not as good as nod32 or f-prot in my exp, it isnt neerly as system heavy as nav or mcafee.


----------



## Completely Bonkers (Feb 10, 2007)

I left Norton after moving to Win 2000. While it was the king if Windows 95/98... Norton screwed up SO MANY 2000/XP systems that I am very hesitant to use their products again. (Unless gun or other nasty device pointing at head).


----------



## Deleted member 24505 (Feb 10, 2007)

nod32 seems to work ok on vista too ashensugar.


----------



## Alec§taar (Feb 10, 2007)

tigger69 said:


> nod32 seems to work ok on vista too ashensugar.



Aha, yet another one: I know AVAST does, & Microsoft "OneCare Live" as well!



* Good to know!

APK


----------



## AshenSugar (Feb 10, 2007)

http://www.f-prot.com/
u can try f-prot from there for 30days free, its like 25-30bucks for home licenc(works on any windows version even server 2003) for up to 5 pc's per licence, tho if you have more in your home they arent gonna get upset if they all share the same update code.

for nod32, send me an email i have it in my gmail for quick share


----------



## AshenSugar (Feb 10, 2007)

Alec§taar said:


> Aha, yet another one: I know AVAST does, & Microsoft "OneCare Live" as well!
> 
> 
> 
> ...



ms's dosnt past vb100% even tho they tryed to say it did, ms is now having to pay fines for using the symbol.

f-prot and nod32 bouth pass


----------



## Alcpone (Feb 10, 2007)

For me I use F-Secure AV 2006, got it free for 2 years through bank account!  

I use e-trust pest patrol for spyware, etc!


----------



## Alec§taar (Feb 10, 2007)

AshenSugar said:


> i will look for the info about nav and ibmav again, the site may not be up anymore tho, but what happened was that OLD norton(dos based with windows "gui") coudnt run properly under nt based os's ibm av could run on win9x and nt no problem, also it was faster and more powerfull per its size(2 floppys for install 1 for the rescue disk) and had native windows gui. norton needed a new core av, ibm was looking to sell off ibmav because they where tired of supporting it, norton bought it, then changed the GUI and name and used that(the sigs where the same and ibmav could get updates that where for nav in those days)  since then they havent fully redesigned the core, they just modifyed it here and there, adding stuff mostly.



I believe you, but I keep this stuff for various things as proofs etc. & IF you can find that URL? That would be COOL!



AshenSugar said:


> the problem with that is the fact that every other major av maker other then mcafee has re-writen their cores a few times since then, mcafee is ok for keeping stuff off ur system, but if anything gets on, well u need another companys rescue disk to remove it(this from alot of personal exp)  they bouth use ALOT more resorces then nod32 or f-prot/f-secure, be it on a server of desktop system. f-prot has re-writen its windws client a few times, tho 3.x held for years without being fully rewriten, 6 is a new core and gui tho it uses the same sig files(so they can easly update ALL versions, u can get f-prot for dos free, very handy for system recoverys  )



It's possible... but, they tend to do well in tests, so, I stick by Norton CORPORATE... it lighter/faster than the std. model most folks use @ home (since 2003 model, iirc, when it really changed/dumbed-down/got wizardy & webpage looking in usercode end).



AshenSugar said:


> for another rootkit buster try blackice rookit tool( i acctualy like it better then trend)



Got it, along with:


AVG AntiRootkit

BitDefender AntiRootkit

GMER

Rootkit Revealer

PrevX AntiRootkit

Rootkit Hook Analyzer

Sophos AntiRootkit

Why so many (8 total) of THIS kind of program? Because imo, this is the biggest threat out there today... ROOTKITS!



AshenSugar said:


> trend micros stuff is good, i like their av, tho its not as good as nod32 or f-prot in my exp, it isnt neerly as system heavy as nav or mcafee.



It's decent I suppose, but I saw it fail (probably due to its setup) in corporate environs, it was NOT updating client ends from server end, & I turned up a keylogging type infection, that was on my machine, from the day I got it (& I didn't set it up either)... 

That tells me it is difficult to setup for networked environs, or my former NETWORK ENGINEERING MGR. didn't know what he was doing (latter is pretty possible, he was more "hardware oriented" imo).

APK


----------



## AshenSugar (Feb 10, 2007)

spyware/addware=webroot spysweeper, best antispyware program i have ever found, kicks addaware arse, and unlike adaware its never fucked up my systems internet connection!!!!(adaware removed some stuff that made my network nolonger work, ended up having to reinstall to fix it  )


----------



## AshenSugar (Feb 10, 2007)

yeah alec i know the feelingk, i have had to go into places and fix setups where the admin/it manager didnt know what they where doing when setting up software/hardware worst was spending 2 weeks reinstalling/setting up a companys av setup because the guy setup mcafee server+clients and it wasnt updating properly it was only updating macro virus sigs.

the company owner went with f-prot and i setup server/workstation versions so that the server downloaded the sigs to a folder(updating itself along the way) then the workstations checked that folder for updates 2x a day, very easy to setup.

trend is a bit more work, but not much, alot of it is doing it right the FIRST TIME, insted of fucking it up and trying to fix it aferword


----------



## Scavar (Feb 13, 2007)

Hey I was wondering if someone, Ashen or Alec specifically hehe could make a list for me with some links to just general protection stuff.

I use to just use BitDefender and Spybot, but BitDefender is really pissing me off(It had a bunch of problems with a few games, and a couple of other annoyances)

Thanks a bunch, you guys are great.


----------



## Mussels (Feb 13, 2007)

Nod32 (antivirus)
Xoftspy (Antispyware - have seen ONE false positive under vista RC2 - careful on that)
SPywareblaster (blocks known bad sites from IE/FFox)

I use these three and never have any issues on any of my systems.


----------



## Wile E (Feb 13, 2007)

I'm gonna ring in with Kaspersky for anti-vir again. Great proggy, right up there with NOD32 in terms of security. I tried NOD32 and liked it, but I just like the features and UI of Kaspersky better. It's more intuitive for me (that's purely personal, of course) and also highly configurable. 

I also use Spyware Doctor for my anti-spy, ranks second next to Webroot Spysweeper. Got 2yrs for free tho, so I can't complain. I'll probably switch to Spysweeper when this is up tho(Unless, of course, something better comes along).


----------



## Alec§taar (Feb 14, 2007)

Scavar said:


> Hey I was wondering if someone, Ashen or Alec specifically hehe could make a list for me with some links to just general protection stuff.
> 
> I use to just use BitDefender and Spybot, but BitDefender is really pissing me off(It had a bunch of problems with a few games, and a couple of other annoyances)
> 
> Thanks a bunch, you guys are great.



Here is a list of programs I use:

*AntiRootkit (from above)*

AVG AntiRootkit
BitDefender AntiRootkit
GMER
Rootkit Revealer
PrevX AntiRootkit
Rootkit Hook Analyzer
Sophos AntiRootkit

*AntiVirus*

I use Norton Corporate Edition version 10.2

*AntiSpyware*

AdAware latest
SpyBot latest

(They're a decent list of 3rd party wares I use for scanning & patrolling for virus/malware/spyware/trojans etc. et al)

*Native GUI tools can be immensely helpful too though... stuff like:*

*SCW (security configuration wizard)* - Windows Server 2003 only afaik
*msconfig.exe* (for analyzing startup groups & registry run areas, + .ini files)
*regedit.exe* (for altering ACL's on registry hives/keys for security purposes)
*explorer.exe* (for altering ACL's on folders-directories/files on NTFS for security purposes)
*services.msc* (for altering ACL's on service logon entities assigned to less than SYSTEM, if & when possible (not all can do this) for security purposes)
*secpol.msc* (for stepping up the default security level on various items in its tree lists)
*gpedit.msc* (" same as secpol.msc ")
*lusrmgr.msc* (" same as secpol.msc ")
*eventvwr.msc* (to view the results of changes I made, & fix any errs that MAY occur in the OS, services, or apps from said changes mentioned above)
*Windows native firewal* (or, other ones that are better in that they report outgoing transmissions too, not just incoming ones)

To use those tools though, & imo, that's ONLY a start in that tiny list of the ones native to the OS, you need to understand a few things WELL imo, first:

I.E.-> What REALLY can help you though, is first understanding the registry & NTFS filesystem, & then applying the correct users allowed to access either (ACL alteration via rightclick permissions stuff) & services securing, as well as trimming off ones you do NOT need to be running, & far more...

Then, understanding things like how IP works, for helping stall invaders into your system that way, via hacks/cracks/remotely accessible vulnerabilities in the OS, & applications on it (that use the web)... things in your webbrowsers, email programs, etc. & understanding ow ActiveX/OLE/DCOM/COM+ & Java/JavaScript - ActiveScript work, & how to stall those potential remote threats as well via hardware AND software combined.

(If you don't understand ALL of that stuff well enough, well, my advice is to STEER CLEAR of playing w/ that which you do not!)

See, until you do, some of that stuff (ACL stuff especially, access control lists, & NTFS + registry hive/key user rights) can be 'dangerous' in that you can lock yourself out of your rig, or lose functionality (e.g.-> I literally ran Windows Server 2003 earlier this a.m. with NO SERVICES RUNNING @ ALL, because of it, but, could not get online, hear sound in games or otherwise, but it sure was interesting AND FAST TOO)...

However, the only way to get to really understanding those tools, is experience & experimentation using them (especially NTFS & Registry rights imo)!

See - once you get it down though? You can TRULY get more secure both online & locally vs. dangers out there now (imo @ least!)



* ALSO/of course - Staying ontop of OS & application patches &/or updates, another good thing to practice.

APK

P.S.=> Perfectly safe, I don't know IF that is possible, BUT, I know that "safer", is!

Then, @ that point, I figure the rest is up to you, & your user habits really... being smart (the usual -> don't open email attachments from strangers, etc. type stuff)... apk


----------



## AshenSugar (Feb 15, 2007)

Wile E said:


> I'm gonna ring in with Kaspersky for anti-vir again. Great proggy, right up there with NOD32 in terms of security. I tried NOD32 and liked it, but I just like the features and UI of Kaspersky better. It's more intuitive for me (that's purely personal, of course) and also highly configurable.
> 
> I also use Spyware Doctor for my anti-spy, ranks second next to Webroot Spysweeper. Got 2yrs for free tho, so I can't complain. I'll probably switch to Spysweeper when this is up tho(Unless, of course, something better comes along).



kasp is ok, i have used it, but its as resorce heavy  as norton, and thats not a good thing, i like my tools to be light and fast, not causing any kind of performance impact.



Scavar said:


> Hey I was wondering if someone, Ashen or Alec specifically hehe could make a list for me with some links to just general protection stuff.
> 
> I use to just use BitDefender and Spybot, but BitDefender is really pissing me off(It had a bunch of problems with a few games, and a couple of other annoyances)
> 
> Thanks a bunch, you guys are great.




spyware: webroot spy sweeper+spybot search and destroy, spysweeper kicks adaware arse, yes u gotta buy it, but it is by far the better choice, it finds stuff bouth spybot and adaware miss, tho adawares never found anything spybot+spysweeper have missed in my exp.

av, nod32 or f-prot, eather is a good choice in my exp, they work on ANY windows version(currently useable ver anyway server or workstation) and have close to zero perf impact even on my OLD laptop(p233mmz 208mb ram)  and nothings gotten by them yet and i dont exectly surf the safist sites.

if you want/need a 3rd part firewall, theres only one i currently am willing to reccomend to buy and its not just a firewall anymore.
blackice protection, once you have this setup its pretty much fool proof for stoping unwanted apps from getting internet access, and its very good at tracking and blocking atacks, its not free but its worth getting if you have secuiry concerns, i just use the firewall portion, tho its also got app security keeping unwanted apps from being able to start/run(asks if u want them to run)

i use to use sygate personal/pro for a firewall but they sold out as did kerio from what i reammber, the only other firewall i have had good luck with is tiny, and its last ver i tested was a bit buggy(may have been abeta cant remmber)


also a good app to have is windowwasher, it is VERY good for long run systems, can clean out GIGS of crap, i got back 36gb on a system recently by running it, no joke, the system was a winxp rig(no sp, EARLY xp rig) it was VERY slow and VERY VERY full of crap, after washing and removing spyware and then running a perfect disk boottime defrag the system was like a whole diffrent rig, faster and more responcive, and wasnt low on hdd space anymore.

some apps are worth buying, and windowswasher+spysweeper are for sure worth it, best in class apps!!!!
BlackIce Protection is the only firewall/app protection app i can reccomend anymore really, its quility is unsurpassed, and once your use to its gui(layout takes a few min to get use to) you will find its easy to use and VERY robust, infact i know of a few companys that use it on their secure servers(ones a bank)  

watch it with adaware, never delete the backups you may need to restore something if adaware removes something that kills ur net connection(happened to me(5t times) and clients of mine more then once) 

tryed ultimet defrag,  i gotta say im VERY impressed, now using it in cunjunction with perfect disk(perfects faster on drives that are quite full)


----------



## Wile E (Feb 15, 2007)

AshenSugar said:


> kasp is ok, i have used it, but its as resorce heavy  as norton, and thats not a good thing, i like my tools to be light and fast, not causing any kind of performance impact.


I couldn't disagree more. Although it uses more resources than NOD32, it is nowhere nears the hog that Norton is. If I can remember where I saw the article I'll post a link, but in the test, Norton cause a 14-16% performance loss in benchmarks, McAfee = 11-13%, Kaspersky = 8-10% and NOD32 = 5-7%, if memory serves me correctly. I'm googling for confirmation right now.


----------



## Alec§taar (Feb 15, 2007)

Wile E said:


> I couldn't disagree more. Although it uses more resources than NOD32, it is nowhere nears the hog that Norton is. If I can remember where I saw the article I'll post a link, but in the test, Norton cause a 14-16% performance loss in benchmarks, McAfee = 11-13%, Kaspersky = 8-10% and NOD32 = 5-7%, if memory serves me correctly. I'm googling for confirmation right now.



Ah, I hope you CAN turn that up: Because THAT's the type of information, via legit comparisons done in reviews, that often make me try NEW softwares for a particular purpose, vs. the ones I use now... in this case, AntiVirus programs.

Resource usage on this NOD32 sounds great, but the MOST important part, imo @ least, is how well they do @ finding & killing virus' themselves though...

I get a lot of "the good word" on this NOD32 program from you guys, & yes, word-of-mouth is important, but seeing a formal test, run right? Does the job for me, & puts the "icing on the cake" so-to-speak, for me to move from one ware for a particular job, to another.

It happens: Diskeeper -> PerfectDisk, WinZip -> WinRar, IE/FireFox -> Opera, Windows Media Player -> VLC... list goes on, but those are MY recent "conversions" the past few years now... due to all of the above (folks word, & tests I have seen run comparing them).

APK


----------



## AshenSugar (Feb 15, 2007)

alec read vb100% reviews, nod32 has gotten the most vb100% awards ever


----------



## Wile E (Feb 15, 2007)

Well I'm still loooking for the performance tests, but in the meantime I found what seems to be a good site on AV effectiveness.  http://www.av-comparatives.org/


----------



## Wile E (Feb 15, 2007)

My performance test search is turning up fruitless. Everything I have found uses Kaspersky 5 in their testing, Ver 6 is much lighter on resources than 5. I'm starting to think I have it in hard copy around here, maybe Maximum PC or CPU mags. 

I'm in the process of redoing my system. Should be done in a couple of hours. If you guys want, pick the benchmarks and the AV's and I'll run a few tests myself. Just keep in mind there has to be a way to fully clean the product from the system, and it needs to offer a fully functional trial, or equivalent.


----------



## Scavar (Feb 15, 2007)

Thanks a lot everyone for the suggestions. Already trying out a lot of it.

Not too sure on all the ACL and NTFS/REG. I only ever knew a little bit. Going to do some reading on it though. I was never really worried for safety, but I don't want to have to worry about it either.


----------



## Alec§taar (Feb 15, 2007)

AshenSugar said:


> alec read vb100% reviews, nod32 has gotten the most vb100% awards ever



Will do - I am ALWAYS on the "lookout" for that, ontop of the 'good word' of others...



* It's 'contagious stuff', word-of-mouth... you guys have me ALMOST wanting to give this NOD32 program from ESET a shot!

APK


----------



## Alec§taar (Feb 15, 2007)

Wile E said:


> Well I'm still loooking for the performance tests, but in the meantime I found what seems to be a good site on AV effectiveness.  http://www.av-comparatives.org/



Yup, been there before, but it HAS been awhile... I will take a peek again, shortly, after I reply to the last poster!



* EDIT PART - NOD32 seems to do VERY well, on the last test they did too no less, November 2006... this program's looking more appealing to me, by the minute!

APK

P.S.=> Above all else, don't sweat it - that page is current (enough so, imo) from NOV. 2006 results, to fit the bill here Wile E... thanks for the effort & the URL you did come up with! apk


----------



## Alec§taar (Feb 15, 2007)

Scavar said:


> Thanks a lot everyone for the suggestions. Already trying out a lot of it.



You're welcome... it's always good to ask others, if you're not sure, & all that + to get their "feedback" on what tools are good etc. as well (because I don't know ANYONE that has tested every software out there under the sun!).



Scavar said:


> Not too sure on all the ACL and NTFS/REG. I only ever knew a little bit. Going to do some reading on it though. I was never really worried for safety, but I don't want to have to worry about it either.



The hardest part imo?

Learning what entities have the "most power" to the "least power" (by default, because you can alter this for ANYONE just about in secpol.msc & lusrmgr.msc) & how groups related to individuals IN SAID GROUPS work!

Also how they can 'inherit properties from their parent', cascading from root of disks (or registry hives) where you apply security on this end first, to subfolders & files (or, in the case of the registry, subhives & values) beneath them.

Once you get THAT part down, you can start applying them... knowing how to get out of a jam if you messup w/ them though? THE MOST IMPORTANT PART, of course!

LOL!

APK

P.S.=> In the "Securing Windows Services" sticky thread's last page as of today (02/15/2007) in the GENERAL SOFTWARE SECTION:

http://forums.techpowerup.com/showthread.php?p=258262#post258262

Right there in THAT response, I outlined this all for "CompletelyBonkers"!

(I.E.-> How to use ACL registry & NTFS rights, & how to GET OUT OF JAMS if you mess up using them as well, again, the MOST important part, because you CAN lock yourself out of your system with either one - NEVER remove SYSTEM or ADMINISTRATOR having FULL rights on either the registry, or the NTFS filesystem, & 9/10 times, you can STILL get back into your rig, & undo it, + try again)!

CompletelyBonkers' a relatively new user here, who turned me onto BELARC ADVISOR (decent security analysis program, but has SOME 'bugs' in it imo @ least) to analyze my security setup here, kind of 'forced me' to reapply what setups of mine in the past had, this stuff (ACL in registry being 'hardened', as well as NTFS filesystem rights too being 'hardened' more)...

When I ran it, initially, to get the highest score I could? WELL, I had to apply that stuff (new setup here, it wasn't done yet until that test, so it needed to be done again, so I redid it, had some interesting results too one time, didn't lock myself outta my rig, but I did manage to get Windows Server 2003 to run WITH NO SERVICES - very interesting!)

Anyhow... now it is done for both Registry ACL & NTFS rights, & more secure (ALL in order to get a better score on it on my part on the BELARC ADVISOR security test!)... apk


----------



## Alec§taar (Feb 15, 2007)

*ANOTHER ANTIVIRUS COMPARISON TEST, SPECIFICALLY ON MACRO-BASED TYPES IN OFFICE DOCUMENTS:*

http://www.eweek.com/article2/0,1895,2095119,00.asp

*Pertinent article exerpt:*

==============================
"Andreas Marx of AV-Test, as reported in PC-Welt, tested AV protection against known (patched) and new (zero-day, unpatched) MS Office exploits (DOC, XLS, PPT and MDB). The article is in German, but it's pretty easy to read: The table shows the name of the product, the number detected, the detection percentage, the number missed and the percentage missed."
==============================

The results chart:

http://www.pcwelt.de/news/sicherheit/71459/index2.html



* May surprise some of you guys, how WELL that NAV did... another one of my former favs on 2000/XP in AntiVir DID beat it here though, but NAV is right on its tail, & ahead of NOD32, & many others.

See for yourselves...

APK

P.S.=> I am using NOD32 right now though, after disabling NAV Corporate 10.2's resident background tasks trayicon scanner & services, & DO like how it only runs 1 service... so far, it seems nice! 

BUT, is it really BETTER (in the most important part - virus detection) than NAV, on ALL levels & types of virii out there? Not on this test...

However, I suppose it depends on the test I guess (like so many other things in life), but the one above's about the MOST PREVALENT TYPE OF INFECTOR THERE IS imo, documents based macro types, @ least lately (they seem to be more of the trend, vs. binary types like bootsector, binary/executable infectors, etc. which makes sense - their code is EASY to get @ & alter to another nearly completely diff. kind)... apk


----------



## Testing (Feb 15, 2007)

I'm in the hunt for memory usage numbers.

Seems everytime I get together with different security suite or firewall+anti virus combo users, I end up losing the information.

(boot/startup load MB)
Norton : ?
McAfee : ?
Sopho : ?
ZA Suite : ?
Panda: ?

(make up your own combo)
ZA Pro + fprot
BlackIce + AVG


Help me restore my list!


----------



## AshenSugar (Feb 16, 2007)

as stated in pm, bice+fprot for ram use, nod32 is 2nd runner up for av in this case.

and macroviruses seems to happend in "jumps" u see them then NONE for a VERY VERY VERY long time, then somebody brings one to work.

i have also found that some av's like norton will see non virilant macro's as infected and wil want to remove them, this can be annoing when you put the macro there for a reasion and need to use it for a presentation 

every review shows diffrent results, one thing i find funny is when u see reviews of viri apps that some of the apps get advanced setting changed and others dont, f-prot works FAR FAR better if you enable huristics and nural network with them enabled on older versions i found no greater system load but FAR better unknown detection.


----------



## Alec§taar (Feb 16, 2007)

Testing said:


> I'm in the hunt for memory usage numbers.
> 
> Seems everytime I get together with different security suite or firewall+anti virus combo users, I end up losing the information.
> 
> ...



Well, 2 I am going to compare (on this note, Memory use & CPU cycles used, most likely) are going to be NOD32 & NAV Corporate Edition 10.2, using a tool like SysInternals ProcessExplorer (because it can 'break out' the constituent processes in services being brokered/run by svchost.exe, services.exe, etc. et al  & much like taskmgr.exe can, w/ DOS & Win16 processes under ntvdm.exe).




* Hey - I am curious myself! I think lemonadsoda & I, or AshenSugar & I, have debated that point as well sometime in the past here, but I never got around to testing it (I didn't load NOD32 before is why, now I have & CAN test this, on which consumes more "resources", specifically memory & CPU cycles).

Is there a "definitive test" out there for DETECTION superiority? Doubt it!

See, I have yet to see one to date, but the 1 url I put up above shows NAV beating NOD32 in macro-virus detections, & I know 1 thing FOR SURE - it is easier to build macro-virus, because it is simpler to get @ their code than it is say, for binary/executable file infectors.

(That said, it is no small wonder you see more of those today as infectors/virus vectors:  You can get their code relatively fast & alter it into a completely NEW virus infection type (Ms has done a good job in Office 2003-2007, afaik, in that AutoExec Macros running by default is protected against better than it used to be in Office versions 2000 & below))

*Anyways/anyhow* - I'll do that sometime soon, mainly because I'm curious in this regard as well (how much memory & cpu cycles NOD32 eats, vs. Norton Corporate 10.2).

APK


----------



## AshenSugar (Feb 17, 2007)

we did , you never posted shots of nav resorce use dispite your demanding i post shorts of nod32 resorce use >.<


----------



## Wile E (Feb 17, 2007)

Here's the comparison of ram usage with Kaspersky Internet Security.

Kaspersky off = 158MB ram

Kaspersky on = 196MB ram

These figures were taken 2 min after a fresh boot both times, with nothing run in between. Kaspersky was set to not load at start up for the off test.

I've also taken a screenshot of the running protection features. Internet Security offers a couple of extra protection features, including a firewall(Anti-Hacker in the pic). I didn't install the features it offers for mail protection and anti-spam, as I don't use any mail progs on my pc, I use the Mac for that. iirc, The anti-virus only package only includes the first 3 protections.

I'm gonna re-install it with only the Anti-virus options enabled(it's an option during setup), to see what that ram usage is like. I also plan on running pcmark in both setups vs. off. I'll make a new post with my results.


----------



## Testing (Feb 17, 2007)

Thanks Wile!

I noticed that ZA security suite 6.5 with moderate page faulting results in this at startup:

Zlclient -5mb
Vsmon  -28mb
CA-Isafe -off

However, the PFile is reduced by over 40mb when ZA is not loaded on boot. Page faults causing the MB difference? 


Argh


----------



## Alec§taar (Feb 17, 2007)

AshenSugar said:


> we did , you never posted shots of nav resorce use dispite your demanding i post shorts of nod32 resorce use >.<



Yea, I screwed up... I get 'side tracked' @ times, & sometimes never get back to folks, but I DO TRY!

However, the good side, NOW, is? I can do both now, NOD32 &/or NAV Corp. 10.2 edition!

I will get on it @ SOME POINT, this week (I will man, you've turned up a "good egg" here imo, albeit a TOUGH 'hard-boiled egg' on some accounts (can you say "V I S T A"? I knew you could!))

Yup, @ times? You're one that actually 'spooks me' in fact @ times on stuff in this field, as far as doubting or confronting you on some points (specifically software saavy, & I WILL definitely give you that!)

* Anyhow - we'll get on it soon this week, because I too, am curious, & WOULD like to make some determinations on this account too!

APK


----------



## AshenSugar (Feb 17, 2007)

apk its call having no life, i honestly know more then i probbly should about random apps and tweaks that help.

and that tweaks thred, i couldnt respond thanks to that wanker, i wanted to point out that if you have 3+gb ram using system cache mode can be good, i use it and guess what, everythings smoother  

it really depends on the system use, prefetching can be good or bad, boot prefecth is good for me but app prefetch acctualy dosnt benifit me at all because i dont use a small limmited number of the same apps every boot, i use ALOT of apps everyday 

and vista is crap, maby after sp1 it wont be, but thats a big maby, server 2008 may not suck, it may acctualy have some nice fetures, like 2003 vs xp,  but then again ,why buy vista for WAY TO MUCH, when veinna is due out in 2 years?


----------



## Wile E (Feb 17, 2007)

Ok, I decided to redo my Kaspersky installation to the full suite for the purpose of testing. Here's my results:

KIS off = 158MB ram(as per my previous post)

KIS on = 196MB ram (full suite installed, no modules left uninstalled)

PCMark05 scores:

KIS off = 5874

KIS on = 5817

It seems Kaspersky had the biggest effect on web rendering. In my personal experience, there is very little lag on my system using it. Way better than the Norton 05 Suite that I came from. (Is there any surprise there? lol) Next set of tests is Kaspersky with only the anti virus features installed. (The Internet Security Suite installer offers the option to install just the options offered by their standard anti virus) I think I might install NOD32 after that, just cause I'm curious as to how they compare in terms of performance.


----------



## Wile E (Feb 17, 2007)

Well, it seems my idea of using PCMark05 to test performance wasn't a good one. I can't seem to get repeatable results. My web page rendering scores consistently go down, even if Kaspersky isn't installed. I even tried clearing IE7's browsing history, cookies, forms, etc., etc. Although the PCMark testing failed, I'm open to suggestions to other testing ideas to examine av resource usage and performance effects. In the meantime, I did look at ram usage on boot up with Kaspersky Anti Virus installed and running. Kaspersky AV=193MB on boot. No AV=158MB.


----------

