Antivirus Software
Moderator: General Mods
Re: Antivirus Software
Norton and McCafe are shit ... Thats why they give away free trials of them when you buy a new PC. Its the only way to get customers attention, as nobody is stupid enough to actually PAY for that rubbish.
I use AVG 2012 free and it has switched itself off a few times... but its FREE, so who gives a fuck about minor glitches occasionally?
Be sure to ignore the AVG performance check thing that constantly says you have "500 non-existent broken shortcuts" and "Your C: Drive doesnt need de-fragging, but ill tell you to do it anyway you retard" .... because its just "Scareware" to make you buy the extra crap they are pushing.
I also use SpyBot & Malwarebytes, which are pretty good.
NOTE: Be very careful with Microsoft Security Essentials if you are using a different browser than Internet Explorer ... I had Google Chrome installed when MSE crashed my system saying "Google Chrome is a Trojan or some other shit, so im crashing on you now motherfucker... Beeeeep"
(well, it didnt actually say that exact phrase, i just cant remember the actual message)
I use AVG 2012 free and it has switched itself off a few times... but its FREE, so who gives a fuck about minor glitches occasionally?
Be sure to ignore the AVG performance check thing that constantly says you have "500 non-existent broken shortcuts" and "Your C: Drive doesnt need de-fragging, but ill tell you to do it anyway you retard" .... because its just "Scareware" to make you buy the extra crap they are pushing.
I also use SpyBot & Malwarebytes, which are pretty good.
NOTE: Be very careful with Microsoft Security Essentials if you are using a different browser than Internet Explorer ... I had Google Chrome installed when MSE crashed my system saying "Google Chrome is a Trojan or some other shit, so im crashing on you now motherfucker... Beeeeep"
(well, it didnt actually say that exact phrase, i just cant remember the actual message)
Re: Antivirus Software
Actually, WebKit browsers, at least Safari, and possibly Chrome, managed to trigger an issue in Windows 7 64-bit which could crash inside the kernel and trigger a blue screen error. Hopefully, that issue is fixed now.
-
- Locksmith of Hyrule
- Posts: 3634
- Joined: Sun Aug 08, 2004 7:49 am
- Location: 255.255.255.255
- Contact:
Re: Antivirus Software
Should be good to go with Chrome, since I use it a lot on that Windows 7 laptop..
<Nach> so why don't the two of you get your own room and leave us alone with this stupidity of yours?
NSRT here.
NSRT here.
-
- Hero of Time
- Posts: 2646
- Joined: Fri Jul 30, 2004 2:49 am
- Location: In front of the monitor
- Contact:
Re: Antivirus Software
That false positive with Google Chrome has been fixed ages ago. Plus, Norton has dramatically improved in recent years and is now one of the better virus scanners out there.
-
- Inmate
- Posts: 1751
- Joined: Mon Dec 06, 2004 7:47 am
- Location: WA
Re: Antivirus Software
it's still a for pay anti-virus.
when MSE and safe practices can get you same result, i don't see the point.
they should have never let the free ones catch up to them the way they did.
when MSE and safe practices can get you same result, i don't see the point.
they should have never let the free ones catch up to them the way they did.
[img]http://i26.photobucket.com/albums/c128/sweener2001/StewieSIGPIC.png[/img]
Re: Antivirus Software
Well, it's a good thing they did. Some basic, important things should just be available for free.
Maybe these people were born without that part of their brain that lets you try different things to see if they work better. --Retsupurae
-
- ZSNES Developer
- Posts: 6747
- Joined: Tue Dec 28, 2004 6:47 am
Re: Antivirus Software
AVs these days get their "tentacles" all over the place. General networking problems can be attributed to them. You would hope these things would cause minimal stress to the system, but even with multi-core systems, I guess some people like poop (shitty AVs) in their comps.
Continuing [url=http://slickproductions.org/forum/index.php?board=13.0]FF4[/url] Research...
Re: Antivirus Software
The cure may often be worse than the disease...
Maybe these people were born without that part of their brain that lets you try different things to see if they work better. --Retsupurae
-
- Hero of Time
- Posts: 2646
- Joined: Fri Jul 30, 2004 2:49 am
- Location: In front of the monitor
- Contact:
Re: Antivirus Software
True, but for a paid anti-virus, people are finally getting a great product. This wasn't the case many years back.sweener2001 wrote:it's still a for pay anti-virus.
when MSE and safe practices can get you same result, i don't see the point.
they should have never let the free ones catch up to them the way they did.
Re: Antivirus Software
i'd have to disagree. the people who most need an antivirus are the ones who suck at updates and all that... and the boxes i've worked on recently due to infection all had Norton installed but disabled by whatever they picked up. you can't really fault Symantec for that, but all those customers can say is "i paid $70 and i still got infected?"snkcube wrote:True, but for a paid anti-virus, people are finally getting a great product. This wasn't the case many years back.sweener2001 wrote:it's still a for pay anti-virus.
when MSE and safe practices can get you same result, i don't see the point.
they should have never let the free ones catch up to them the way they did.
Why yes, my shift key *IS* broken.
-
- Inmate
- Posts: 1751
- Joined: Mon Dec 06, 2004 7:47 am
- Location: WA
Re: Antivirus Software
seconding the network issues. my in-laws' pc had an ISP sponsored f-prot thing on their computer, and it was definitely doing more harm than good. it didn't allow programs like flash and firefox to update themselves, etc. i had to dig for offline installers, but i was able to loosen the chokehold on the computer the next time i visited.Deathlike2 wrote:AVs these days get their "tentacles" all over the place. General networking problems can be attributed to them. You would hope these things would cause minimal stress to the system, but even with multi-core systems, I guess some people like poop (shitty AVs) in their comps.
they also still had norton that came with the pc co-installed with the new isp bundled f-prot.
and i like the point paulguy made.
[img]http://i26.photobucket.com/albums/c128/sweener2001/StewieSIGPIC.png[/img]
Re: Antivirus Software
Avira is shitware, TR/Crypt.XPACK.Gen on the following code:
Which is stupid.
A) All my code does currently is append a new PE section, make it the PE entrypoint and embedd that code into it
B) That code posted above does not compress, it simply diverts the code execution before jumping to main code.
So yeh, recommend me a AV thats not Avira.
kthnx.
Code: Select all
BITS 32
global _pe_loader
section .text
LOADER_START_MAGIC equ 0xC0DE1111
LOADER_END_MAGIC equ 0xC0DE2222
LOADER_DATA equ 0xC0DE3333
_pe_loader:
dd LOADER_START_MAGIC
pushad
call GetBasePointer
GetBasePointer:
pop ebp
sub ebp, GetBasePointer ;delta offset trick..
;get kernel32 imagebase for loadlibrary
xor eax, eax
add eax, [fs:eax + 30h]
test eax, eax
js os_9x
mov eax, [eax + 0ch]
mov esi, [eax + 1ch]
lodsd
mov eax, [eax+8]
jmp finished
os_9x:
mov eax, [eax + 34h]
lea eax, [eax + 7ch]
mov eax, [eax + 3ch]
finished:
mov [ebp + load_kernel32], eax
mov eax, [ebp+load_oep]
add eax, [ebp+load_imgbase]
jmp eax
;strlen replacement
_strlen:
push edi
sub ecx, ecx
mov edi, [esp + 8]
not ecx
sub al, al
cld
repne scasb
not ecx
pop edi
lea eax, [ecx]
retn
; Input: Hash of API or name of API in esi
; Output: Address of API(eax)
GetK32ApiAddress:
xor eax, eax
mov edx, esi
push esi
call _strlen
add esp, 4
mov ecx, eax ; ecx = api name string length
mov esi, dword [ebp + load_kernel32]
add esi, 0x3C
lodsw
add eax, dword [ebp + load_kernel32]
mov esi, [eax + 0x78]
add esi, [ebp + load_kernel32]
add esi, 0x1C
lodsd
add eax, [ebp + load_kernel32]
mov dword [ebp + k32_AddressTableVa], eax
lodsd
add eax, [ebp + load_kernel32]
push eax
lodsd
add eax, [ebp + load_kernel32]
mov dword [ebp + k32_OrdinalTableVa], eax
pop esi ; esi = name pointer table VA
; walk EAT API name table
mov word [ebp + k32_i], 0
_gotoNextApi:
push esi
lodsd
add eax, [ebp + load_kernel32]
mov esi, eax ; esi = VA of API name
mov edi, edx ; edx = to wanted API
push ecx ; ecx = API size
cld
repe cmpsb ; compare API names
pop ecx
jz _gotApiAddress
pop esi
add esi, 4
inc word [ebp + k32_i]
jmp _gotoNextApi
_gotApiAddress:
pop esi
movzx eax, word [ebp + k32_i]
shl eax, 1
add eax, dword [ebp + k32_OrdinalTableVa]
xor esi, esi
xchg eax, esi
lodsw
shl eax, 2
add eax, dword [ebp + k32_AddressTableVa]
mov esi, eax
lodsd
add eax, [ebp + load_kernel32]
retn
dd LOADER_DATA
load_imgbase: dd 0xB00BFACE
load_oep: dd 0xB00BFACE
load_kernel32: dd 0xB00BFACE
;for kernel32 api addr
k32_OrdinalTableVa: dd(0xFFFFFFFF)
k32_AddressTableVa: dd(0xFFFFFFFF)
k32_i: dd(0x0000)
dd LOADER_END_MAGIC
ret
A) All my code does currently is append a new PE section, make it the PE entrypoint and embedd that code into it
B) That code posted above does not compress, it simply diverts the code execution before jumping to main code.
So yeh, recommend me a AV thats not Avira.
kthnx.
Re: Antivirus Software
well, its quite similar fashion with oldie JMP manipulation from .com file, dos-era virus.mudlord88 wrote:it simply diverts the code execution before jumping to main code.
but, naming such behaviour into "TR/Crypt.XPACK.Gen" were way off.
Re: Antivirus Software
Yes, all copy protections these days work the same way: wrapping all code in a envelope and decrypting it in real time, like a virus.
-
- Inmate
- Posts: 1751
- Joined: Mon Dec 06, 2004 7:47 am
- Location: WA
Re: Antivirus Software
or avast! is terrible.
i mean, if you deliberately download a virus, and your antivirus doesn't do anything, it's not because it's super awesome.
i mean, if you deliberately download a virus, and your antivirus doesn't do anything, it's not because it's super awesome.
[img]http://i26.photobucket.com/albums/c128/sweener2001/StewieSIGPIC.png[/img]