Hot:

I saw this comment today on a malware site and I normally read them to see how folks troll malware sites looking for blame.
Folks, malware is your problem, not anyone elses.  I am constantly reminded how people fail to understand that its their actions and choices that cause the infections, and today social engineering is a big reason.
Even malware experts are not immune from falling victim to their tricks.  Its been like this for years and outside of the increase in targetted attacks,
its still the #1 reason.

Continue reading 'Editorial: Understanding why Malware infects your PC'»

Hot:

Some of you looking at that title might wonder what I’ve been sniffing (packets I tell you!!, Packets!!) In fact this was an article I created on Sept 26, 2006 and actually never posted it!

That’s correct. I typed this article up back then and never published it. I decided that I could honestly publish this now as well I could show you guys some of the pictures I took at the time of building this rig. In early September of last year I finally had all my material for building my two new PC’s were in place. The DVR was cheap running in about $500.00 including all the cabling, keyboards and other miscellaneous stuff that adds considerably. Total system costs break down like so: Existing parts used: Video card. Cost: $0. New parts for PC: motherboard, cpu, harddisk, power supply, ram, case. Cost: $388 Reallocated parts for PC: illuminated keyboard, 50 foot VGA cable, wireless mouse, extended power supply cable. Cost: $112 even though I didn’t actually buy either the keyboard or mouse at this time, I already had them I included their costs since they were now at home in this system.

Ok I didn’t say I’d talk about the cheap system I threw together, I’ll get to the actual story from last September

Well this is a little bit older technology, but still on a very high end.

For this Gaming System I’ve hand picked the parts due to their excellent quality, warranty, and durability. To say nothing of offering the best features and designs to be found anywhere.

The start of our system begins with our case. A Cooler Master CM-Stacker 830. This is a phenomenal case for a gaming rig. However it’s greatness is also it’s curse. This case alone weighs as much as my fully assembled DVR rig, and I’m adding a lot of weight to this. Total should come in around 45~55 lbs completed. Thank god this case features a pair of handholds at the top of the case.

I could get into more and more detail about the case and it’s features but instead I’ll discuss them as I use and work with them. There are many. Primary ones are the many locations for fans, the front jack plate onto of the front of the case and the additional (duplicate) jacks on top with the power/reset buttons and HD activity light. Also is the airflow that this case allows by not having really solid walls. The black mesh is a open grill much like is found in many rack mount components. The other major feature this case offers is it’s size. It sits 22inches high and 25 inches long! Thats 56cm and 64cm for the rest of the planet. This case will support an ATX motherboard in two orientations, or a BTX motherboard.

Our motherboard is a ASUS A8N32-SLI Deluxe powered with an AMD Athlon FX-60 Dual Core CPU. We are using an ATX in normal configuration due to the heat pipes our motherboard features. This is a very important determination of the setup in our case and we will follow the instructions as directed by ASUS.

This is an awesome combination which should give us incredible gaming performance. However in order to not bottleneck the CPU any more than required, we chose the recommended and expensive RAM, Twin 1GB’s matched with the lowest latency we can get for this motherboard. Using unmatched ram is not recommended and we would much prefer to add another 2GB but….unless we are using a x64 compliant OS (not XP or less) it will not work. We could run Redhat or Fedora with 4GB but even this is not that easy to accomplish. We will run Vista on this box so hopefully we can eventually accomplish this.

After we have the RAM installed it’s time to mount the motherboard to the motherboard tray on the case. This makes working on this system very easy since we do not have to work with the entire case while loading the motherboard, etc. This prevents scratching the aluminum case unnecessarily.

All this makes a great computer except for the true power horse behind any decent gaming system…the video card, or in our case the Dual Video Cards. My choice was the extraordinary eVGA Nvidia 7900 GTX times two! These awesome babies are black with silver heat pipes, just perfect match for our black/silver system. They are HUGE! Each card fills two expansion slots (of course each only using ONE PCI-Ex16 slot) and each requiring it’s own power supply connection! These babies are going to get the electricity meter running.

Given the large size I decided to dry run the video cards to see how they would fit and how much they may interfere with the cabling I still need to do. I discovered these huge cards would be very troublesome in a smaller case, even a slightly smaller one, but not for me! Still the biggest problem is denying me access to any of the ports on the motherboard for the front panel connections primarily as well as thinking about using any other expansion slot in the case…it ain’t happening!

Another problem with the eVGA cards is the double slot tabs. My case seemed to have very tight slots to attempt to insert this card while using two of them at the same time. What a patience test! One I was able to stretch out enough to get the card to seat nearly perfect, the second one annoyed me so much I cut the tabs off the video card. My first custom modification

Routing the front panel cables was a bit more challenging as they needed to either lie flat on the motherboard or route around the twin video cards. Since I didn’t want to use any of additional back plate connections since room is a premium with the eVGA’s, I got the connections in as best I could. The case offers a routing rack on both sides of the power supply/water cooler shelf, but I chose the one in the middle between the motherboard and the drive bays. This allowed all the wiring to be routed through and tied up except where it was not possible (one PCI-E power cable just wouldn’t reach until it was allow more direct access), or it was impractical (the ATX 12v connector just made sense to use the other routing since it was closer and hid the cable).

The Enermax Liberty Power Supply Unit is one of the nicest PSU’s I’ve bought without a lot on frivolous features. Ok, there were two which I’ll disclose afterwards, but I don’t want to detract from the nice features of this supply. This 750watt badboy has only built-in cables for the motherboard connections, of which we used all of them except the extra 12v motherboard connector since we are not using an advanced ATX or a BTX motherboard.

The supply itself is enclosed in a black mesh grill aluminum and has round cloth cables on most of the lengths. It features a selection of cables to add which consist of; 2 PCI-E cables; 2 Molex and 2 pSATA connections; and two more Molex and pSATA with Floppy connections also. All the cables come in a Velcro wrap storage bag for convenient and safe storage. I used all but one. Additionally it comes with a key tag necklace for what reason I’m not certain, other than you can wear it. But don’t try to attach the power supply to it. It’s a tad heavy for this necklace, but it’s great for thumb drives and other light weight items

After getting this all in place, like requiring a mounting plate to be removed to install the PSU, I’m now ready to start installing the drives. 4 SATA2 Seagate 7200.10 300GB hard drives go into the original 4-in-3 module. This is going to be converted into a RAID 0+1 array equaling roughly 610GB of storage in a mirrored striped array. Formatting this puppy will take most of the afternoon.

Adding a 5th Seagate on the second SATA controller and installing the 6th Seagate in the external enclosure I purchased so it can be removed and plugged in quite simply.
I will have roughly 1.3TB of storage on this box once it’s complete. Plus another 610GB for mirroring on the RAID0+1 array equals nearly 2 TB or Terabytes of disk space.

The case handles a total of 9 120mm fans and only comes with one. Ultimately I’m going to have 6-8 fans. The rear fan was replace with a white w/Blue LED fan. A chassis ceiling fan was installed of the same type and a third was installed on the lower left cage in the access door. Four fans will fill this space ultimately. Ensuring all the front panel connections are done prior to installing the video cards is important and routing the power cables also is done roughly. Technically we could boot this machine but first we want to check a few things and ensure we don’t need to access anything on the motherboard. We still have a matrix LCD display to install, yes in the case.

To top off the drives we add a Silver NEC DVD 16x burner that supports dual layer disks. This will become our workhorse drive but with all the storage space we’ll put Nero to work building virtual DVDROM’s. Below the burner we install our Matrix LCD display. This unit is red in difference to our silver/black/blue theme simply to give the appearance of an eye (ok now you’ll have to sniff or smoke something to get that image in your brain…). We still have room to add another 4 drives if we acquire another 4 in 3 module, which to date we cannot get. Bad CoolerMaster rep’s…BAD! But realistically we have no capability to run them unless I make them IDE…uh no. However it would allow me to split the 4 drives in the one into two modules and greatly improve airflow between the drives. However my drives run currently a nice 32 degrees so I’ve nothing to worry about at this time.

With the eVGA video cards installed, now the system looks very menacing and promising. We decide that it’s time to exchange the Molex connectors with the UV reactive ones I purchased. The Molex extractor tool is very handy, even though the task is not a highly rewarding one. I simply not using any of them except for the DVD Burner. The other two are attached to fans at the moment and will probably route to the matrix display. Two connectors you will probably never see will glow. Wow…

The time of trial now comes are we are ready to power up the system for the first time. Booting the system the first time was flawless, as everything came to life after powering the system. Quickly went into the BIOS to make a few changes and then rebooted to get the RAID and SATA controllers working. This proved to be a greater challenge. After a few driver upgrades and reconfiguring we get the drives setup, unfortunately our external SATA drive is missing the correct cable, which we will have to get at a later date.

Originally, I had planned to install Vista beta RC1 on this for the time being, later upgrading to the release version of Vista Ultimate 64bit, but none of my tricks could get the OS to see my SATA drives. I did have to install a floppy drive and have the drivers for the SATA I wished to boot from ready to go during OS setup. But otherwise nothing else needed to be modified from my setup to get this up and running.

Vista was not as accommodating. It simply hung during several phases of the install, but popping the DVD out of the drive usually moved it to the next step. This was not foolproof and was ultimately dumped as a choice and I installed XP SP1a instead. I may upgrade this to SP2, but that will have to be decided later. For now I want to get all the drives working and formatted, drivers installed, and get testing this box out.[Author's Note: At this point I have the PC playing with several OS's using various external SATA drives and Firewire drives, and I've now acquired my Vista Ultimate 64bit I'm going to reattempt this.]

So fan totals: Power Supply = 1 120mm; CPU = 1 80cm; Motherboard = 0; Video Card = 1/each = 2 80cm’s; Chassis has 1 in 4-3 mod, 1 rear, 1 top, 1 side, all 120mm. Total is 8. At this configuration motherboard is running at about 49 C. When we add the 3 other fans this should decrease the temps by about 4-6 degrees. [Authors Note: After getting another 3 fans to fill the side grill up with fans the temperature is now running at 44 idle and 46 peak. The CPU also never peaks over 61 and typically is running around 50] The real beauty is how quiet this whole thing runs at. It’s much quieter than many of my other systems

All the drivers installed ok, and we installed most of the bonus software that came with the hardware, even the time limited stuff, like Nortons Internet Security. Most of this we toasted including the buggy Forceware Firewall that comes with the product. Many other programs had issues with it.

Today the system still runs great. We have also acquired a pair of Viewsonic VX922 monitors to serve as our dual-monitor setup when not playing games, and perform very well when we reduce the output to one display for SLI mode. We have had many games installed and many framerates peaking over 140FPS. Even games like Oblivion we run constantly acheiving over 40FPS even with all the graphics on the highest settings using a display mode of 1280 by 1024. Yes, we do enjoy the games and the performance of these games on this rig. Now we are planning our next build…something to store a incredible amount of files on.

Hot:

In the latest of the current software we are ready to wrap up our final review of Internet Security packages from the major vendors.

We did not review Norton’s/Symantec’s or McAfee’s offerings due to the popularity of these items in the store and the fact that they are the most primitive and intrusive software install offerings in the market. Installing one of these packages in the past usually left us with a box we had to completely rebuild. We tested them out earlier in 2006 when they were available to beta testers and we decided not to bother. If you have used their older versions these are not that different nor better or improved.

To the topic we are discussing CA’s offering.

Computer Associates has a slogan that people have associated with it which says "The place good software goes to die". We certainly agree with this slogan. This company in 2005 bought our favorite firewall product Tiny firewall. This software has completely disappeared and now has been brought back to life in a ‘less filling’ option called CA Firewall. The ISS package comes complete with anti virus, anti spam, anti spyware, and firewall.
This package is one of the better offerings in this field only in the sense that the package is very intuitive to use and requires very little input from the user. If your users are not security savvy or like being dialogged by software to make decisions, then this package is it.

The anti virus offering is below par, but still decent enough to not miss any of our test patterns. The anti spyware is pestpatrol which is one of the better packages on the market and CA still offers access to its wonderful database of files. The anti spam is basic white/black lister so nothing special here, other than its clean and works well to protect you immediately. However its not complete alone so we would not recommend this product on its own, but with the ISS package features anti virus so it can also help prevent infection in addition to blocking. The firewall is very well done, but simply is missing very critical components that were part of Tiny Firewall. I assume that this is only being offered now with commercial products.

The real downside of this whole package is its lack of documentation, a feature comparison, its lack of instruction, its terrible help file and its just strange terminology.

Sure there isn’t much to set or change, but for experts who want more control this software is simply inadequate especially coming from Tiny’s excessively tweaky interface, your constantly feeling like you are missing things, and rightfully you are.

It doesn’t prevent anything like keyloggers from working or stealth dll intercepts or global hooks (except in a generic sense which doesn’t give enough detail to determine good or evil intent) so it’s still not going to deter any 0 day vulnerabilities but for the lightweight user or for your kids computer this is a competent package.
We give this a 6 out of 10, which if I’m not mistaken is the best rating we have given a ‘Integrated Security Solution’ ever.

Surprise to us that its from Computer Associates. Maybe this is a change to that old slogan but they are still paddling up the river with the same old boat. Good job guys, maybe next year we get a new boat to float in.

Hot:

Well everyone needs an antivirus solution don’t they?

 

No.  I don’t believe everyone NEEDS one anymore.  To be truly effective you will probably need two or three, but good luck running them all together.  Its not recommended, and you will probably have real issues.

As a consequence even software designers are realizing this and integrating their AV solution into a more comprehensive and complete solution, bringing other features that should not be part of a pure anti-virus solution.

 

Let me state some declarations for the security vendors out there who may read this.

First declaration.  We don’t want “vendor-specific” integrated solutions.  Period.  Anyone who thinks they do can email me directly or on the forums and we can discuss it. 

Second declaration.  No AV/Security Vendor has a ‘good’ integrated solution let alone a ‘excellent’ one.

Third declaration.  Stay out of endeavors unless your going to do them well.

Now even some AV products are moving into integrating other ‘features’ into their software.  Kaspersky v6 Beta is one of those.  This was supposed to be a pure Anti-Virus program but as I highlight it isn’t.

 

Since this is an article about my last 24 hours with this program I shall try not to pick on integrated solutions any more. 

Why I don’t believe you need AV products anymore?

Truthfully virus’ are very very rare forms of malware these days.  They are making a bit of a comeback but mostly as rebuilt worms or trojans.  Worms and trojans are the big purveyors of nasty malware, and of course spam, phishing etc are even larger spreaders of the disease, BUT they are not virus either. 

 

So Anti-virus products simply waste resources and offer little to no actual protection?

Exactly.  Almost none are capable of “true” real-time protection unless you are being infected with very old malware.  However this is really where the value in Anti-virus software is.  Typically the value comes into play only after you discover that your already infected. [1]  Sure none of us like this, and we wish we would never get infected but it happens.  Our AV solution typically works good to excellent at removing and cleaning ‘known’ infections.  Sure, sometimes we need to do more than scan, quarantine, and delete, but our investment in the AV program should be able to assist at weeding out the ‘known’ malware and ensuring our data is clean. 

Only in the know…

It doesn’t stop unknown virus’.  Hence why you need to keep updating your software with new ‘signatures’ and additionally keep scanning your systems to keep up to date with what’s ‘known’.

Anti-virus software tends to be excellent at dealing with virus, pretty good at trojans and worms, but ‘only’ if the signature is up to date.  Besides nobody trades floppy disks much anymore so boot sector virus’ are dying out as malware matures in new forms[2].  So the AV product typically cannot stop trojans or worms from moving around, unless it has detection signatures for it.  But these definitely are acquired after the trojan or worm has typically ran it’s course.  Some worms have lifetimes in seconds.  How do you detect it, report it, confirm it, publish it, add it, update it, scan it all in a few seconds?  You can’t.  You would be infected during that phase with no trigger from your AV software.  

Since I don’t need to waste time and money getting little return on investment I choose not to install Anti-Virus tools.  Regardless of the solution though remember, “true” real time protection comes at a cost to performance.  On a home PC who wants to give up performance?  On a gaming machine, no WAY your giving up performance.  So don’t waste your time installing this software on these machines.  There are better solutions. 

Isn’t Kaspersky Anti-Virus v6 Beta different?

Yes.  Kaspersky v6 Beta was downloaded as I have always heard good things about this company and they tend to get fairly favorable reviews.  However most people hated v5 for a variety of reasons and I was led to believe (reading other reviews) that 6 was like a phoenix from the ashes type of release compared to v5.  It wasn’t.  It’s very like 5 and add new features you may love, but I guess you won’t, I sure didn’t.

From the beginning

Well the MSI installer was the first strike against this product. I’m no fan of the MSI installer, it creates numerous difficulties at installing software, and there should NEVER be a PROBLEM installing software. If there is, you shouldn’t have released it with the problem.

 

I attempted the installer on Vista RC2 and it completely failed with no real error (unknown error, didn’t I just type this…).  I then attempted to install this on a XP SP2 box I use that has ‘never’ seen an Anti-virus product before, and has been running for 6 months.  This installed fine requiring a reboot at the end.  However it attempted to update during the install, and this simply caused a hangup of both the installer and windows explorer.  I wasn’t impressed.  The reason for this hanging will be clear in a minute.

 

After a successful reboot, the software came up and started flagging various dll’s mostly, with nice smallish yellow popups,  and asking me what I wanted to do.  Folks, this is like many MANY other products out there, most are firewall solutions, but a few call themselves Anti-Virus solutions.   Now with all these packages the capabilities are morphing also.  Its an application tracking program that shows hooks into system routines, accesses and injections and changes of course.  This can be a very powerful tool to ensuring you stay protected.  However this!?!?!? In an AV product?  Give me a break.  Someone forgot to tell these folks ‘I only want my AV software bothering me IF IT’S A VIRUS OR OTHER MALWARE!!!!!!!’, we do need to remind them.

Why is this a problem?

I expect my anti-virus tool to ‘detect’ virus’.  Not tell me every little thing going on inside my system.  If I wanted an effective tool for active malware discovery I would use a serious appliance built for that purpose.  Maybe  the Anti-virus software guys and gals want to detect 0-days, something they never have done in the entire history of anti-virus tools.  Great lofty goal, but then they break trusted processes (detecting and removing virus’) with new features that can misplace trust, and then all bets are off.

So, question is.  Do I really want this level of protection?  Maybe. 

Do I want it from a trusted application like an anti-virus tool?

No, since they don’t know whether it’s malware or not, it asks you to make the decision.  I’m not sure if this would have an effect on scanning files against known attacks but I’m not about to either guess or take a chance.  Of course in my case I’m sure this is all innocent routine stuff, but it’s being treated inappropriately by Kaspersky so it’s possible one can make bad decisions.

 

Every little task generates this ‘alertwindow’ providing you only with:

 

A:  The classification of the alert;

B:  The location of the file causing the alert.

Then you have to make decisions as to:

C:  Whether to accept or deny it;

D:  Whether to make the above choice permanent, or just this time;

E:  Whether to simply trust this application to do what it wants, or not.

 

Lets look at each of these in more detail.

 

A:  The classification is a single word.  “Invader”  “Downloader”  “Threat”.  You can click on it to go to http://www.viruslist.com and check the definition in the encyclopedia, but don’t waste your time.   The definition you probably already formed in your head is more accurate and descriptive.

 

B:  The location is helpful, but in no way assists in decision making.  Does the software ‘belong’ there?  Are there other files called this also?  What is the manufacturers version information from the file?  Do we have a MD5 or SHA hash to verify it’s integrity?  Is this an essential windows file or not?  Is it a virus because my AV program displayed it to me?  Too many questions still and no definitive answers from the program that’s supposed to be definitive.

 

C:  Whether to
accept or deny this activity.  How am I supposed to make an intelligent decision based on the little panic information I have received so far?  Honestly you can’t.  So you flip a coin.  However chances are something ‘legit’ was trying to do something and if you deny it, very likely the application will now no longer have any communication back to the system including the calls and threads it already created and will typically crash the application or worse the desktop, or sadly, the entire machine.  So, the default choice is to accept it.  Why bother me then? 

 

D:  Now we have to make a choice that we will have to live with if we ever run this again.  Again same logic trail as C: above, so same conclusion.  Why bother me then?

 

E:  Should we just ‘trust’ this application to do what it wants? Now here’s the ‘stop annoying me’ choice, we can tell the program “look you annoying software, quit bugging me with popups and just trust the blasted application”.  Still we don’t know whether this is our photo gallery we wanted to start up to add some pictures from the weekend, or the latest worm/trojan file deletion tool.  But we can trust it and never hear from Kaspersky again. 

 

So the conclusion, this behavior from Kaspersky isn’t warranted or desired in an AV product because it doesn’t provide decent support.  It simply gives the user very powerful filtering capability which one can most simply avoid, and probably will.  This type of processing smacks of ‘host intrusion prevention systems (HIPS)’ but these are typically poor or overly complex applications.  Here with Kaspersky AV v6 Beta we have not overcome that hallmark.

 

The second contention I have with Kaspersky AV v6 Beta, is all the links direct one to a page to download the ‘trial version’ from, but with no way to activate the ‘trial version’.  The docs indicate that the activation tool (help -> activate) allows one to buy a license for this or activate later, or activate with a trial code.  Well the ‘trial version’ I downloaded from the ‘trial page’ does not have a ‘activate with trial code’ option.  So it’s either no updates or buy a license.  Well lets see how it does with it’s current database on my box that has never seen a anti-virus tool.  Aha, this is why my install hung up, it won’t allow the updater to update.  How silly.

 

Ok, I start the scan and I do like some of the options it provides like showing you all the exploits at theo >end f the scan.  I like this.  So, I run the scan, it estimates about two hours to scan everything (lots of partitions) and unbelievably it was done in just under two hours.  Very impressive.  Two little things I have seen before but they actually work as expected.  Wow.  It’s truly unfortunate that little else worked as great or made a positive lasting impression on me.

 

Remember we scanned a box that has XP SP2 installed patched semi regular (I let it inform and download, but I install manually) basis, no firewall except windows firewall, no antivirus ever until Kaspersky v6 Beta was installed, This has office 2003 installed runs Outlook as the mail client, has perl installed, IRC runs constantly, and most web browsing is done from this box, including this report being initially typed on it.

 

After a full two hour scan of my box I found one ‘threat’ on my PC.  Oh, that’s darn good I say to myself.  Just one file.  Considering some of the PC’s people have brought to me that I’ve cleaned up, repaired and rebuilt over the years, typically finding unbelievable amounts of malware  or a simple single infection still resulting in numerous files found during a scan.  Just one file infected.  Must have contained it…

So what one did I have?  I clicked on the result and was shocked.  The result was ‘Not-a-virus:mirc-616.exe’.  I couldn’t believe this.  It was showing me a backup copy of MIRC from my last update.  Hey I use MIRC daily, and rely upon it.  I bought the tool so I’m licensed, and when it did an upgrade it created a backup first.  How intelligent. 

So why is Kaspersky bugging me about this innocent tool?

 

I guess someone could ‘run’ it and take advantage of the exploits to infect my box, so I deleted it afterwards.  Was it infected?  No.  Why does it flag me with a bunch of insignificant warnings when it’s harmless?  Why did it not say ‘look you should delete this old version or upgrade if this is the current version you are using’?  Because it’s not a patch management solution, nor is it an auditing solution.  So I cannot fathom why my Anti-Virus software is behaving like one. 

 

Maybe it’s trying to be more encompassing and deal with the latest threats, rootkits.   But then shouldn’t it promote itself as an anti-rootkit tool?   Well we all know that there isn’t any such thing (yes many are trying to build one, but nothing actually works in detection), even tools such as ‘Rootkit Revealer’ by F-secure simply tell you a bunch of stuff that may ‘look’ like a rootkit, but you’ll have to do much more system analysis to determine for real or not.

 

Lets do some work

So, I figure I’ll wait and see if I can get the 30 day activation code to use this product, check around to ensure I haven’t missed something in terms of getting the proper beta product.  In my travels I find this great RAR file I want to download.  Ok firefox causes numerous popups in Kaspersky as DLL’s are loaded to process the download.  Ok I get the download and click on open in my download window in firefox, get more including AdobeIEsomethingorother.dll I can’t see why it needs this and select deny.  Windows Explorer crashes.  Ooops.  Attempt to repeat, crashes again.  Turns out that the download window launches in explorer.exe space and any time it looks up how to handle extensions several dlls are loaded for that purpose, including the AdobeIEsomethingorother.dll that I denied.  I wasn’t running IE or Adobe, but Windows Explorer (explorer.exe) required it during it’s initialization and denying it made it quite unstable.

 

Ok, this is not why I have security products installed on my machines.  I install them to:

 

A:  Improve the security of my systems, and improve my ability to do said;

rr

B:  Improve the stability and reliability of my systems and the data that resides on them

C:  To protect and ensure the accuracy and validity and privacy of the data and software that resides on the machines.

 

If the software I’m installing/using interferes with ONE of those conditions it fails and gets removed.

 

Kaspersky failed on the first two accounts.  It did not improve my security, and it destabilized my system by halting processes in stream to popup windows.  This regularly caused issues and in some cases fails, or crashes or unrecoverable applications.  In one case it completely crashed my TCP/IP stack since the protocol doesn’t like waiting for responses.  As for the third I can say the installation/removal of the software did not adversely affect any system files.  It did not interfere with the accuracy of the files that presided, nor did it interfere with them (outside of the routine application issues)

 

I could not recommend this product since:

 

1. It misleads the user about particular findings
2. Activation was a major headache with no immediate solution attainable
3. The product introduces so many additional points of failure that system stability could be a factor
4. It wastes the users time with notices of things that are innocent additionally it doesn’t make notice of important things.
5. Misuse of the tool by the user can render a machine or application useless.  Even to the point of crashing system kernel routines.

 

In my opinion this Anti-virus product is only 1/5th of it’s capabilities, and I was not seeking integrated solutions.  Since the AV portion does seem to work effectively it alerts you to non-virus files, which could cause one to delete something they use accidentally.

Installation Ranking: 3/5 – Using MSI and saying it installs on all windows but would not on Vista nor would it generate a decent error.  XP works fine.

Initial Setup and Patching: 1/5 – Unable to do anything except hang the machine attempting to make connections the
program blocks.  Unable to recify within test period, granted it was very short, so we give it a one.

Usability: 3/5 – Overall the program worked as we expected and did not cause issues or confusion when we asked it to do things.  It was not so clear when it prompted you with popups about app activity.

Dependability: 3/5 – Overall it’s engine scanned effectively and found all the planted malware on our test box.  It’s discovery of non-malware as malware concerned me greatly about it’s ‘cry wolf’ potential.  I would not rely on results singularily by this software I would have to confirm them with another more reliable package to ensure it is accurately determining valid malware, and not potential malware. 

Overall score: 2.5/5 – Software adequate.  Price to purchase unrealistic to it’s abilities.  Certainly has potential as a combo AV-Application Watcher, but why?

I don’t want to have to second guess my results, my AV software shouldn’t either.  If it does then it no longer has any ability to do what AV software is supposed to do….detect.

 

---

[1]This happens as a result (typically) by being infected during the ‘unknown’ phase, and once the signatures were updated, you now ‘detect’ the infection running around doing whatever it wants until now.

[2]Traditionally you got virus from copying files usually from a floppy disk.  Over time as other file transfer methods developed, the ways for virus to spread changed also.  However malware creators also realized that in order to get the virus around, they needed to figure out how to spread it.  Email, news, IRC protocals were used and the development of hiding virus in (even legit) programs was developed, now commonly referred to as trojans or trojan horses.  Worms also are an effective spreader technology since it’s whole concept in life is to move around the internet.

Hot:

I have played, well I did play World of Warcraft (WoW) when it first was released.  Not much anymore even though I’m thinking I may get back into it again.

However when I hear stories such as this, I recall why I quit playing WoW in the first place.  For those who don\’t know me, I’m an avid beta tester and MMORPG gamer.  I’ve played nearly every game ever released, ever.  Well except those I did not want to play.  If enough people ask me I may sit down and count all the games I’ve played.

Right, now why did I quit playing Wow?  Well the game was fun, easy if not as painful as others when it came to moving around the planet, the graphics were great, and there are enough elements to make this very entertaining.  Guilds and teams were well designed but the PvP could have been improved but it works for not creating two parts to the same world.

No it wasn’t even the cost.  I loved the game card idea, since it saved one from having to risk a credit card on the internet (certainly not a wise idea).

So what was it?

Read more..

It was the constant patching. 

Yes Blizzard in their ignorance decided that bit-torrent would be the way to go.  This way they prevent entire nations populations from having to download patches from them.  Let everyone leech from each other.  Sounds good except.

It’s slower than molasses!  It takes forever to patch!  If you have a firewall (and who doesn’t these days) you have to open half the internet to the download.  Totally *censored*ing stupid!

The lead developer during E3 a few years back explained that it would be state of the art.  Well it’s only saved money for Blizzard, it certainly hasn’t bid them many friends or supporters.  However like most gamers I know..you don’t complain you just jump through the hoops.  Its a shame that such a good game is marred by one really bad design flaw, even though it means a large $$$ savings for the company. 

[Editors note: it could be worse, you could be downloading from premium pay websites WITHOUT a pay account]

[Writers note: it is...read more]

Blizzards latest patch is trying to improve this, but, yep you guessed it, *censored*ing it up even worse.

It appears that now the downloader is running contantly, and stealing bandwidth doing what bit torrents do…move torrents.  ISP’s especially have not been ignoring this increase in traffic, and you shouldn’t either.

Yes there is NOW a forum on DSLREPORTS.COM dealing with WoW.  What does this tell you.

Blizzard get a clue and replace this hapless method with something that doesn’t steal from your customers.

Arenasoft have the RIGHT idea…streaming updates…YES!! That is the way to go.

Until WoW patches get exploited….we’ll be here chuckling at all the stupidity
called ‘state of the art’.

Oh, and here’s the report from DSLREPORTS.com

There’s been ample grumbling this week about the 1.10 patch for World of Warcraft, because the Bit-Torrent based WOW game downloader now apparently runs all the time, slowly leeching your bandwidth, even when the updater isn’t running (a problem clearly for capped users). Blizzard responded to complaints by allowing users to disable the function, though some have had trouble getting it to work.

 

Blizzard responded to complaints by allowing users to disable the function, though some have had trouble getting it to work. Blizzard has also updated their FAQ on the matter.

In Other words…We aren’t doing a thing to make it better.  Suck it up paying (L)user!!
Now submit your credit card to me…yes you cannot resist even though you’ll have to spend 40 hours updating a month!!

Comments welcome.