Overclock.net › Forums › Software, Programming and Coding › Networking & Security › Best free downloadable virus software ?
New Posts  All Forums:Forum Nav:

Best free downloadable virus software ? - Page 6

post #51 of 62
Quote:
Originally Posted by fazio93 View Post
I'm getting real tired of going in circles with you. So what? You run a file through a crypter and COMODO's AV can no longer detect it until it adds that signature into its database. We've already established that that is what crypters do and that I am not talking about AV's. COMODO's HIPS will still detect it when it executes...HIPS is not an AV.
no it wont. It gave the file a clean bill of health. Nexty boot Comodo disabled. and the file wasnt run through a crypter.
HIPS is part of the firewall not the antivirus. Their av never got out of the beta stage. Just look at STUXNET? Its driver certificates were signed with JMicron Technology and Realtek digital certificates, which lets it bypass HIPS security measures, so if the malware is executed it will not be prevented by HIPS as the signature of the driver is from authorized firms. Your relying on a firewall to keep your pc safe
post #52 of 62
Quote:
Originally Posted by Spooony View Post
no it wont. It gave the file a clean bill of health. Nexty boot Comodo disabled. and the file wasnt run through a crypter.
HIPS is part of the firewall not the antivirus. Their av never got out of the beta stage. Just look at STUXNET? Its driver certificates were signed with JMicron Technology and Realtek digital certificates, which lets it bypass HIPS security measures, so if the malware is executed it will not be prevented by HIPS as the signature of the driver is from authorized firms. Your relying on a firewall to keep your pc safe
HIPS is not part of the AV. HIPS is not part of the firewall. HIPS is a total separate entity incorporated into CIS. Their older AV (v2) never got out of beta because they were already working on v3 which was built from the ground up and is now incorporated into CIS v5.

Comodo automatically revokes any legitimate certificates that have been used with malware (the whitelist is updated with the AV database). So JMicron Technology Corp. & Realtek Semiconductor Corp have been removed. As you can see, it's a very rare occasion that malware can steal a certificate, but it can easily be rectified by revoking. And this would have only been a concern to people who use the whitelist (I don't). Whitelisting is the safest method of defense. If you're scared every piece of malware is going to start stealing certificates, then you shouldn't be hooked up to the interent in the first place.
Old Reliable
(15 items)
 
  
CPUMotherboardGraphicsRAM
955BE C3 @ 3.82 GHz [1.404v Load] ASUS M4A88T-V EVO/USB3 [2.8 GHz NB @ 1.318v] ASUS ROG STRIX RX 470 2x4GB G.SKILL Ripjaws [1600 8-8-8-24 @ 1.5v] 
Hard DriveOptical DriveCoolingOS
320GB WD Caviar Blue Sony Optiarc DVD RW AD-7260S ATA XSPC Rasa 750 RS240 [Backplate Mod] [MX-2] Windows 7 Ultimate 64-Bit 
MonitorKeyboardPowerCase
Acer H236HLbid  Logitech K120 OCZ ModXStream Pro 600W Modular NZXT M59 [5 x 120mm Fans + Rheobus Fan Controller] 
MouseAudioAudio
Logitech MX518 ASUS Xonar DG + Logitech Z523 Turtle Beach Ear Force X11s 
  hide details  
Reply
Old Reliable
(15 items)
 
  
CPUMotherboardGraphicsRAM
955BE C3 @ 3.82 GHz [1.404v Load] ASUS M4A88T-V EVO/USB3 [2.8 GHz NB @ 1.318v] ASUS ROG STRIX RX 470 2x4GB G.SKILL Ripjaws [1600 8-8-8-24 @ 1.5v] 
Hard DriveOptical DriveCoolingOS
320GB WD Caviar Blue Sony Optiarc DVD RW AD-7260S ATA XSPC Rasa 750 RS240 [Backplate Mod] [MX-2] Windows 7 Ultimate 64-Bit 
MonitorKeyboardPowerCase
Acer H236HLbid  Logitech K120 OCZ ModXStream Pro 600W Modular NZXT M59 [5 x 120mm Fans + Rheobus Fan Controller] 
MouseAudioAudio
Logitech MX518 ASUS Xonar DG + Logitech Z523 Turtle Beach Ear Force X11s 
  hide details  
Reply
post #53 of 62
Quote:
Originally Posted by fazio93 View Post
HIPS is not part of the AV. HIPS is not part of the firewall. HIPS is a total separate entity incorporated into CIS. Their older AV (v2) never got out of beta because they were already working on v3 which was built from the ground up and is now incorporated into CIS v5.

Comodo automatically revokes any legitimate certificates that have been used with malware (the whitelist is updated with the AV database). So JMicron Technology Corp. & Realtek Semiconductor Corp have been removed. As you can see, it's a very rare occasion that malware can steal a certificate, but it can easily be rectified by revoking. And this would have only been a concern to people who use the whitelist (I don't). Whitelisting is the safest method of defense. If you're scared every piece of malware is going to start stealing certificates, then you shouldn't be hooked up to the interent in the first place.
HIPS is part of their firewall not av
so your legal drivers gets revoked too by it? False postives. BSOD. How can they revoke drivers of legally signed drivers? See the problem when stuxnet stuck its head out and it was reversed they discover 4 zero-days in Microsoft Windows operating system. Then TDL4 managed to bypass windows method of not allowing any unsigned drivers to install. The scary thing is TDSS is one of the most complex and dangerous malicious programs categories in the world, and it continues to evolve. See HIPS is basically a anti rootkit. Now you kknow a rootkit is a program controlled by someone. Now what rootkit creators do they mount offences by making modifications to the system hardware and kernel designed to confuse HIPS like Okena and Entercept is a good example. What a rootkit does it attack HIPS in the memory. With elevated privelages cause its running a token as the admin user it will be able to disable it. Even a users account thats deleted malware can still run under that name with its priveleges in windows. Thats why so many people get infencted by clicking on the wrong link. Theyre running as a admin so anything they click on got admin rights to their system.
post #54 of 62
Quote:
Originally Posted by Spooony View Post
HIPS is part of their firewall not av
No, it's not part of either. I think I would know...

Quote:
Originally Posted by Spooony View Post
so your legal drivers gets revoked too by it? False postives. BSOD. How can they revoke drivers of legally signed drivers?
Well, they can't really be trusted anymore, so obviously they are removed. And it wouldn't be a false positive. Defense+ would not tag it as malware, just as an 'Unsigned' or 'Unknown' file.

Quote:
Originally Posted by Spooony View Post
See HIPS is basically a anti rootkit. Now you kknow a rootkit is a program controlled by someone. Now what rootkit creators do they mount offences by making modifications to the system hardware and kernel designed to confuse HIPS like Okena and Entercept is a good example.
I don't know what HIPS you've ever used, but there is no way a rootkit would be able to get to the kernel level with COMODO enabled. COMODO runs its code at the kernel level.

Quote:
Originally Posted by Spooony View Post
With elevated privelages cause its running a token as the admin user it will be able to disable it. Even a users account thats deleted malware can still run under that name with its priveleges in windows. Thats why so many people get infencted by clicking on the wrong link. Theyre running as a admin so anything they click on got admin rights to their system.
We've already established this. I don't know why you keep repeating it..
It's not an issue when you're using HIPS (a good one)
Old Reliable
(15 items)
 
  
CPUMotherboardGraphicsRAM
955BE C3 @ 3.82 GHz [1.404v Load] ASUS M4A88T-V EVO/USB3 [2.8 GHz NB @ 1.318v] ASUS ROG STRIX RX 470 2x4GB G.SKILL Ripjaws [1600 8-8-8-24 @ 1.5v] 
Hard DriveOptical DriveCoolingOS
320GB WD Caviar Blue Sony Optiarc DVD RW AD-7260S ATA XSPC Rasa 750 RS240 [Backplate Mod] [MX-2] Windows 7 Ultimate 64-Bit 
MonitorKeyboardPowerCase
Acer H236HLbid  Logitech K120 OCZ ModXStream Pro 600W Modular NZXT M59 [5 x 120mm Fans + Rheobus Fan Controller] 
MouseAudioAudio
Logitech MX518 ASUS Xonar DG + Logitech Z523 Turtle Beach Ear Force X11s 
  hide details  
Reply
Old Reliable
(15 items)
 
  
CPUMotherboardGraphicsRAM
955BE C3 @ 3.82 GHz [1.404v Load] ASUS M4A88T-V EVO/USB3 [2.8 GHz NB @ 1.318v] ASUS ROG STRIX RX 470 2x4GB G.SKILL Ripjaws [1600 8-8-8-24 @ 1.5v] 
Hard DriveOptical DriveCoolingOS
320GB WD Caviar Blue Sony Optiarc DVD RW AD-7260S ATA XSPC Rasa 750 RS240 [Backplate Mod] [MX-2] Windows 7 Ultimate 64-Bit 
MonitorKeyboardPowerCase
Acer H236HLbid  Logitech K120 OCZ ModXStream Pro 600W Modular NZXT M59 [5 x 120mm Fans + Rheobus Fan Controller] 
MouseAudioAudio
Logitech MX518 ASUS Xonar DG + Logitech Z523 Turtle Beach Ear Force X11s 
  hide details  
Reply
post #55 of 62
Quote:
Originally Posted by Spooony View Post
HIPS is part of their firewall not av
so your legal drivers gets revoked too by it? False postives. BSOD. How can they revoke drivers of legally signed drivers? See the problem when stuxnet stuck its head out and it was reversed they discover 4 zero-days in Microsoft Windows operating system. Then TDL4 managed to bypass windows method of not allowing any unsigned drivers to install. The scary thing is TDSS is one of the most complex and dangerous malicious programs categories in the world, and it continues to evolve. See HIPS is basically a anti rootkit. Now you kknow a rootkit is a program controlled by someone. Now what rootkit creators do they mount offences by making modifications to the system hardware and kernel designed to confuse HIPS like Okena and Entercept is a good example. What a rootkit does it attack HIPS in the memory. With elevated privelages cause its running a token as the admin user it will be able to disable it. Even a users account thats deleted malware can still run under that name with its priveleges in windows. Thats why so many people get infencted by clicking on the wrong link. Theyre running as a admin so anything they click on got admin rights to their system.
LUA is great, but you are treating it like the end all of security. Most people don't want to run a LUA because it's rather annoying. Instead, you can drop the rights of programs/browsers running in a sandbox and do virtually the same thing. The chances of malware getting through a sandbox, your AV, a second opinion scanner like AppGuard or Prevx, plus disable your firewall/HIPS (like a Comodo or WinPatrol) are very slim.
Quote:
Originally Posted by fazio
I don't know what HIPS you've ever used, but there is no way a rootkit would be able to get to the kernel level with COMODO enabled. COMODO runs its code at the kernel level.
Comodo is only kernel level on x86 systems. No security software runs kernel level on x64 machines. However, there is malware that can actually run kernel level on x64.
Edited by lucido - 4/22/11 at 3:32pm
Good Ol' Bob
(15 items)
 
  
CPUMotherboardGraphicsGraphics
Intel Core i7-950 ASUS P6X58D LGA 1366 EVGA GeForce GTX 470 EVGA GeForce GTX 470 
RAMHard DriveOptical DriveOS
CORSAIR XMS3 6GB (3 x 2GB) 240-Pin DDR3 1600 1TB Western Digital LG DVD-RW Windows 7 x64 Home Premium 
MonitorKeyboardPowerCase
Acer P243W 24" Logitech K200 600W NZXT Tempest 
MouseMouse PadAudio
Logitech g9x X TRAC PADS PRO Senheisser HD555 
  hide details  
Reply
Good Ol' Bob
(15 items)
 
  
CPUMotherboardGraphicsGraphics
Intel Core i7-950 ASUS P6X58D LGA 1366 EVGA GeForce GTX 470 EVGA GeForce GTX 470 
RAMHard DriveOptical DriveOS
CORSAIR XMS3 6GB (3 x 2GB) 240-Pin DDR3 1600 1TB Western Digital LG DVD-RW Windows 7 x64 Home Premium 
MonitorKeyboardPowerCase
Acer P243W 24" Logitech K200 600W NZXT Tempest 
MouseMouse PadAudio
Logitech g9x X TRAC PADS PRO Senheisser HD555 
  hide details  
Reply
post #56 of 62
Quote:
Originally Posted by lucido View Post
Spoony, I have a bigger list of programs that will hurt your "Virus" self

DefenseWall HIPS
RETURNIL
Shadow Defender
Sandboxie
Bufferzone
WinPatrol
AppGuard
Paragon
Question: would running my browser in a VM be even safer than sandboxie? I remember reading something about a virus or something that was able to get out of a VM but not sure if it was real.
The Aztec Cyclone
(13 items)
 
  
CPUMotherboardGraphicsRAM
Core i7 920 @ 3.7Ghz EVGA X58 SLI LE MSI GTX460 1GB Cyclone SLI 3x2GB Corsair Dominator-GT DDR3 1600 
Hard DriveOSKeyboardPower
G.Skill 120GB SSD, WD 7200rpm 640GB, Samsung 54... Windows 7 Ultimate x64 Logitech G11 Corsair CMPSU-750TX 750W 
CaseMouse
Cooler Master HAF 932 Logitech G500 
  hide details  
Reply
The Aztec Cyclone
(13 items)
 
  
CPUMotherboardGraphicsRAM
Core i7 920 @ 3.7Ghz EVGA X58 SLI LE MSI GTX460 1GB Cyclone SLI 3x2GB Corsair Dominator-GT DDR3 1600 
Hard DriveOSKeyboardPower
G.Skill 120GB SSD, WD 7200rpm 640GB, Samsung 54... Windows 7 Ultimate x64 Logitech G11 Corsair CMPSU-750TX 750W 
CaseMouse
Cooler Master HAF 932 Logitech G500 
  hide details  
Reply
post #57 of 62
To my knowledge there is no malware that ever transfered itself between a (reputable) virtual system and a regular system in a real world environment
Edited by lucido - 4/22/11 at 5:13pm
Good Ol' Bob
(15 items)
 
  
CPUMotherboardGraphicsGraphics
Intel Core i7-950 ASUS P6X58D LGA 1366 EVGA GeForce GTX 470 EVGA GeForce GTX 470 
RAMHard DriveOptical DriveOS
CORSAIR XMS3 6GB (3 x 2GB) 240-Pin DDR3 1600 1TB Western Digital LG DVD-RW Windows 7 x64 Home Premium 
MonitorKeyboardPowerCase
Acer P243W 24" Logitech K200 600W NZXT Tempest 
MouseMouse PadAudio
Logitech g9x X TRAC PADS PRO Senheisser HD555 
  hide details  
Reply
Good Ol' Bob
(15 items)
 
  
CPUMotherboardGraphicsGraphics
Intel Core i7-950 ASUS P6X58D LGA 1366 EVGA GeForce GTX 470 EVGA GeForce GTX 470 
RAMHard DriveOptical DriveOS
CORSAIR XMS3 6GB (3 x 2GB) 240-Pin DDR3 1600 1TB Western Digital LG DVD-RW Windows 7 x64 Home Premium 
MonitorKeyboardPowerCase
Acer P243W 24" Logitech K200 600W NZXT Tempest 
MouseMouse PadAudio
Logitech g9x X TRAC PADS PRO Senheisser HD555 
  hide details  
Reply
post #58 of 62
Quote:
Originally Posted by lucido View Post
Comodo is only kernel level on x86 systems. No security software runs kernel level on x64 machines. However, there is malware that can actually run kernel level on x64.
Well, sadly nothing can be done for that. It's MS's own fault for implementing that patchguard which ironically locks out security vendors form helping, but allows malware.

Quote:
Originally Posted by Daggerfist View Post
Question: would running my browser in a VM be even safer than sandboxie? I remember reading something about a virus or something that was able to get out of a VM but not sure if it was real.
like 64bit kernel-accessing malware, malware that can jump out of virtualized environments is fairly rare if it exists. but it's possible i believe. i think i read it somewhere as well.
Old Reliable
(15 items)
 
  
CPUMotherboardGraphicsRAM
955BE C3 @ 3.82 GHz [1.404v Load] ASUS M4A88T-V EVO/USB3 [2.8 GHz NB @ 1.318v] ASUS ROG STRIX RX 470 2x4GB G.SKILL Ripjaws [1600 8-8-8-24 @ 1.5v] 
Hard DriveOptical DriveCoolingOS
320GB WD Caviar Blue Sony Optiarc DVD RW AD-7260S ATA XSPC Rasa 750 RS240 [Backplate Mod] [MX-2] Windows 7 Ultimate 64-Bit 
MonitorKeyboardPowerCase
Acer H236HLbid  Logitech K120 OCZ ModXStream Pro 600W Modular NZXT M59 [5 x 120mm Fans + Rheobus Fan Controller] 
MouseAudioAudio
Logitech MX518 ASUS Xonar DG + Logitech Z523 Turtle Beach Ear Force X11s 
  hide details  
Reply
Old Reliable
(15 items)
 
  
CPUMotherboardGraphicsRAM
955BE C3 @ 3.82 GHz [1.404v Load] ASUS M4A88T-V EVO/USB3 [2.8 GHz NB @ 1.318v] ASUS ROG STRIX RX 470 2x4GB G.SKILL Ripjaws [1600 8-8-8-24 @ 1.5v] 
Hard DriveOptical DriveCoolingOS
320GB WD Caviar Blue Sony Optiarc DVD RW AD-7260S ATA XSPC Rasa 750 RS240 [Backplate Mod] [MX-2] Windows 7 Ultimate 64-Bit 
MonitorKeyboardPowerCase
Acer H236HLbid  Logitech K120 OCZ ModXStream Pro 600W Modular NZXT M59 [5 x 120mm Fans + Rheobus Fan Controller] 
MouseAudioAudio
Logitech MX518 ASUS Xonar DG + Logitech Z523 Turtle Beach Ear Force X11s 
  hide details  
Reply
post #59 of 62
Quote:
Originally Posted by Sheyster View Post
Give Avast and Avira a try. I've used both, currently using Avast.
IMO Avast is slightly > Avira
Top three AV-applications IMO are MSE>Avast>Avira>the rest>>>>>>>>>>>>Panda.

You should absolutely test MSE since you have Windows 7.
Though I would not use it if you have a Windows 7.
I use MSE and LOVE IT.
Uhh.. Thing
(19 items)
 
TERA
(22 items)
 
 
CPUMotherboardGraphicsRAM
4690K Z97-PRO GAMER ASUS STRIX GTX1070 Corsair Vengeance 
Hard DriveHard DriveHard DriveCooling
Samsung 830 Pro Samsung 850 EVO Samsung 830 Noctua D15 
OSMonitorKeyboardPower
Windows 10 x64 Enterprise ASUS VG248QE QPAD MK-50 EVGA 750W G2 
CaseMouseMouse PadAudio
Fractal Design R5 Logitech G502 Some Steelseries thing SupremeFX -> Pioneer VSX-D711-S 5.1 receiver 
AudioAudioOther
Dali Concept 2+SUB E-12F Focusrite Scarlett Solo Logitech G27 
CPUMotherboardGraphicsGraphics
Intel i7 2700k @ 4.5GHz 1.425v with HT enabled ASUS P8Z77-V Gigabyte GTX670 OC Gigabyte GTX670 OC 
RAMHard DriveHard DriveHard Drive
Corsair Vengeanve LP White 16GB Corsair Force GT 120GB WD RED SOHO 3TB WD RED SOHO 3TB 
Hard DriveHard DriveCoolingCooling
WD BLACK 4TB Seagate 5900 LP 2TB XSPC Raystorm D5 XSPC RX480 w/ GT AP-13 
CoolingOSMonitorKeyboard
XSPC RX360 w/ GT AP-15 Windows 7 Ultimate x64 DELL U3011 Logitech K800 
PowerCaseMouseMouse Pad
Corsair HX1000W Corsair 900D Logitech G500 SARGAS 460 
AudioAudio
Denon AVR-2313 Dali Zensor 7, 5, Vocal 
  hide details  
Reply
Uhh.. Thing
(19 items)
 
TERA
(22 items)
 
 
CPUMotherboardGraphicsRAM
4690K Z97-PRO GAMER ASUS STRIX GTX1070 Corsair Vengeance 
Hard DriveHard DriveHard DriveCooling
Samsung 830 Pro Samsung 850 EVO Samsung 830 Noctua D15 
OSMonitorKeyboardPower
Windows 10 x64 Enterprise ASUS VG248QE QPAD MK-50 EVGA 750W G2 
CaseMouseMouse PadAudio
Fractal Design R5 Logitech G502 Some Steelseries thing SupremeFX -> Pioneer VSX-D711-S 5.1 receiver 
AudioAudioOther
Dali Concept 2+SUB E-12F Focusrite Scarlett Solo Logitech G27 
CPUMotherboardGraphicsGraphics
Intel i7 2700k @ 4.5GHz 1.425v with HT enabled ASUS P8Z77-V Gigabyte GTX670 OC Gigabyte GTX670 OC 
RAMHard DriveHard DriveHard Drive
Corsair Vengeanve LP White 16GB Corsair Force GT 120GB WD RED SOHO 3TB WD RED SOHO 3TB 
Hard DriveHard DriveCoolingCooling
WD BLACK 4TB Seagate 5900 LP 2TB XSPC Raystorm D5 XSPC RX480 w/ GT AP-13 
CoolingOSMonitorKeyboard
XSPC RX360 w/ GT AP-15 Windows 7 Ultimate x64 DELL U3011 Logitech K800 
PowerCaseMouseMouse Pad
Corsair HX1000W Corsair 900D Logitech G500 SARGAS 460 
AudioAudio
Denon AVR-2313 Dali Zensor 7, 5, Vocal 
  hide details  
Reply
post #60 of 62
Quote:
like 64bit kernel-accessing malware, malware that can jump out of virtualized environments is fairly rare. but it's possible i believe. i think i read it somewhere as well.
The only exploit I know of was NAT based on VMware when the player first came out quite a few years ago. Haven't heard anything since, or anything at all in regards to virtualbox.
Good Ol' Bob
(15 items)
 
  
CPUMotherboardGraphicsGraphics
Intel Core i7-950 ASUS P6X58D LGA 1366 EVGA GeForce GTX 470 EVGA GeForce GTX 470 
RAMHard DriveOptical DriveOS
CORSAIR XMS3 6GB (3 x 2GB) 240-Pin DDR3 1600 1TB Western Digital LG DVD-RW Windows 7 x64 Home Premium 
MonitorKeyboardPowerCase
Acer P243W 24" Logitech K200 600W NZXT Tempest 
MouseMouse PadAudio
Logitech g9x X TRAC PADS PRO Senheisser HD555 
  hide details  
Reply
Good Ol' Bob
(15 items)
 
  
CPUMotherboardGraphicsGraphics
Intel Core i7-950 ASUS P6X58D LGA 1366 EVGA GeForce GTX 470 EVGA GeForce GTX 470 
RAMHard DriveOptical DriveOS
CORSAIR XMS3 6GB (3 x 2GB) 240-Pin DDR3 1600 1TB Western Digital LG DVD-RW Windows 7 x64 Home Premium 
MonitorKeyboardPowerCase
Acer P243W 24" Logitech K200 600W NZXT Tempest 
MouseMouse PadAudio
Logitech g9x X TRAC PADS PRO Senheisser HD555 
  hide details  
Reply
New Posts  All Forums:Forum Nav:
  Return Home
  Back to Forum: Networking & Security
Overclock.net › Forums › Software, Programming and Coding › Networking & Security › Best free downloadable virus software ?