Recommend me comprehensive anti-virus software

Or, Combofix only has to catch up to the code of a few popular kits which are used to generate them, in order to detect them.

That's not how it is. ComboFix can only fix what they can see, and there are almost certainly thousands of variants that they don't know about. They can remove the initial exploit/delivery system.... but their chance of getting the actual payload is far smaller.

If you want to be sure, a reinstall is the only option.

The very best you can get is 'probably' if you try to clean from within the OS, and the value of 'probably' drops with every day that passes. Within the next year or two, it will likely be down to 'maybe'.

Malor wrote:
Or, Combofix only has to catch up to the code of a few popular kits which are used to generate them, in order to detect them.

That's not how it is. ComboFix can only fix what they can see

Why not? From programming perspective it makes perfect sense that if you're a hacker who is familiar with the toolkit then you can figure out how to detect most, if not all, of the variants it generates.

If there's a program that can generate certain code signatures, then you can reverse-engineer this algorithm and instantly compare the file against all the procedurally generated signatures.

If there's a program that can generate certain code signatures, then you can reverse-engineer this algorithm and instantly compare the file against all the procedurally generated signatures.

Not if you don't have access to the original code. There's a huge difference between seeing code run, and guessing what code must be doing, based on indirect observation. The algorithm that actually does the polymorphing is not running on client computers, and there won't be a sample of every possible output; there may be a sample, in fact, of just one.

Unless the ComboFix people happen to figure out the exact correct pattern, they won't always find an infection, even if they get it sometimes.

And then, of course, viruses can hide up in hypervisor space... perhaps just enough virus to reinstall a larger one actually in the OS. A hypervisor virus cannot be detected from the running OS.

And the survey says that the number of gamers running VMs at home is... 0!

And the survey says that the number of gamers running VMs at home is... 0!

Whatever your survey source is, that's ludicrous. Lots of us use VMs.

And, even at that, whole point to a supervisor-mode virus is that it's invisible, so even if that survey were accurate, all it would tell you is that the number of gamers that knew about their processor's supervisor mode being hijacked is zero.

Did you know your processor even has a supervisor mode? It's a more privileged position than ring 0, and code running there can be hidden from the OS completely.

The world is changing. Viruses are not like they were anymore. Hijacking your computer and stealing your data is big business, and the bad guys are getting incredibly good at it.

And one of the major reasons they can is because governments are f*cking up computers so they can spy on people.

Windows as an OS has terrible, broken security from the start, inconsistent rules throughout the system. It's very 20th century.

Supposedly Linux is much better at compartmentalizing, but I do wonder how it would withstand the onslaught of viruses if it had the same popularity with the end-user.

The Linux kernel is such an ongoing mess that it would be just about as porous as Windows. They're constantly shoveling in features, much faster than they can be analyzed for security impact.

It's so bad, in fact, that the kernel devs actively go out of their way to hide it when they're fixing security problems.

The only reason Android isn't more of a mess, I believe, is because of the runtime between code and the kernel. It's hard to talk directly to the kernel in that system.

This might prove interesting: https://www.facebook.com/notes/prote... And the follow up post: https://www.facebook.com/notes/faceb...

TLDR: Get malware, visit facebook, get a link for free malware removal tool.

As for a recommendation, it seems F-Secure and TrendMicro receive and use more external threat signatures. As for the non-traditional approach to threat protection, Bit9 or SolidCore are leading the pack.

I'm reviving this thread because my ESET NOD32 license is about to expire. Is there something better I should switch to? And if not, are there any good deals out there on a renewal/new license right now?

My Eset Nod32 license expires soon also. That Newegg deal last year was amazing!

In another thread, and I'm really not gonna try and find it because there's a TON of threads it could be, Eset was still up there. I'm happy to stay with them if I can find a license on the cheap.

I might just be blissful in my oblivion, but I never renewed my NOD32 subscription over a year ago, and have been running my PCs with nothing but Windows Defender without any incidents (that I'm aware of). I should probably look into that, though....

WipEout wrote:

I might just be blissful in my oblivion, but I never renewed my NOD32 subscription over a year ago, and have been running my PCs with nothing but Windows Defender without any incidents (that I'm aware of). I should probably look into that, though....

From orbit you say?

garion333 wrote:

My Eset Nod32 license expires soon also. That Newegg deal last year was amazing!

In another thread, and I'm really not gonna try and find it because there's a TON of threads it could be, Eset was still up there. I'm happy to stay with them if I can find a license on the cheap.

I paid $40 for a 15 month license through Amazon. Couldn't tell you how well that compares to the Newegg sale.

LilCodger wrote:
WipEout wrote:

I might just be blissful in my oblivion, but I never renewed my NOD32 subscription over a year ago, and have been running my PCs with nothing but Windows Defender without any incidents (that I'm aware of). I should probably look into that, though....

From orbit you say?

Like I said, I haven't noticed any degradation or performance loss with any software I use. Except 3DS Max, but that's because Max is a stupid program. So... maybe?

have been running my PCs with nothing but Windows Defender without any incidents (that I'm aware of)

Ah, the good old virus detection mentality of 2001. "If there aren't any symptoms, my system isn't infected." People like you keep the bot operators happy.

No need to be a dick. I know what I'm doing.

He does have a point, however. Anyone running just Windows Defender and thinking there isn't any issues because their computer doesn't seem slower is a bad idea.

Windows Defender is now the bottom of the barrel for anti-virus and anti-malware. They even said so themselves and tricking yourself into thinking you don't have any bad stuff on your pc is just asking for trouble.

garion333 wrote:

He does have a point, however. Anyone running just Windows Defender and thinking there isn't any issues because their computer doesn't seem slower is a bad idea.

True, but I never suggested that there aren't any issues-- just that I haven't noticed any that have adversely affected my day-to-day. I figured the parts where I said "that I'm aware of" and "I should look into that..." would have implied that I'm aware that I need to beef up my PC's security.

Windows Defender is now the bottom of the barrel for anti-virus and anti-malware. They even said so themselves and tricking yourself into thinking you don't have any bad stuff on your pc is just asking for trouble.

To be fair, Windows Defender (for Win 8.1, anyway-- I should mention I'd been using Security Essentials on my Win 7 machine, as Defender for Win 7 is crap) wasn't at the bottom of the barrel for a period, and that's why I didn't bother paying for NOD32 for a period. Defender has fallen off the quality wagon somewhat recently, though, and that's why I said I need to look into my security solutions again.

Thus, there's no need for Shihonage to be a dick about it: I know what I'm doing, and never suggested others follow suit.