> rootkit-enabled threats will hide from several Windows API functions Fwiw, that's why we have a boot-time scanner that a) only scans if a threat is detected (not everytime you boot system) and b) runs prior to the Windows APIs.
Alex -----Original Message----- From: Peter van Houten [mailto:[EMAIL PROTECTED] Sent: Thursday, August 07, 2008 12:15 PM To: NT System Admin Issues Subject: Re: Evaluating AV Boot scans are *mostly* a waste of time as modern malware in the form of rootkit-enabled threats will hide from several Windows API functions, rendering signature-searching scans useless. So, unless your A/V has its own fast disk reading routines, you have a problem. It also gets worse: http://www.pcworld.com/businesscenter/article/145703/hackers_find_a_new_ place_to_hide_rootkits.html In case of wrapping: http://tinyurl.com/4vfsce I still recommend NOD32 products for pre-infection detection and protection. On the 07/08/2008 17:45, Joe Heaton wrote the following: > Unlike Symantec v.10. Every morning when the startup scan kicks off, > my users machines bog down tremendously, for 30-45 minutes, until that > darn scan is completed. > > Joe Heaton > -----Original Message----- > From: Micheal Espinola Jr [mailto:[EMAIL PROTECTED] > Sent: Thursday, August 07, 2008 8:43 AM > To: NT System Admin Issues > Subject: Re: Evaluating AV > >>From my observations as a NOD32 user: > > Like many modern applications, NOD32 will use all available resources > if/when it needs to - without interfering with other applications. > > The system does not get "pegged" or become unresponsive. > > > On Wed, Aug 6, 2008 at 9:05 PM, <[EMAIL PROTECTED]> wrote: >> If the Sunbelt ests are accurate, NOD32 takes clowe to 100% CPU >> during scans - worthless in a 7*24 site! >> -------------------------------------- >> Richard McClary, Systems Administrator ASPCA Knowledge Management >> 1717 S Philo Rd, Ste 36, Urbana, IL 61802 >> 217-337-9761 >> http://www.aspca.org >> >> >> "Matt Plahtinsky" <[EMAIL PROTECTED]> wrote on 08/06/2008 >> 03:56:19 > PM: >>> What are people recommending as their favorite AV now days? 6 >>> months ago NOD32 seemed to be all the rage, now you don't hear much >>> about them. Did version 3 make their stock go down? Our AV is >>> coming up for renewal so I'm also going to be testing out a few >>> different vendors. VIPRE along with NOD32 and Kaspersky will be on > my >> list. >>> Matt >>> On Mon, Aug 4, 2008 at 3:51 PM, David Lum <[EMAIL PROTECTED]> wrote: >>> I am evaluating some AV products but really don't have much other >>> than loading the admin console, pushing the client and looking at >>> options. Does anyone have ideas for me to do some semi-useful back- >>> o-back comparisons? >>> >>> Dave Lum - Systems Engineer >>> [EMAIL PROTECTED] - (971)-222-1025 >>> "..remember that, in the past, those who foolishly sought power by >>> riding the back of the tiger ended up inside" - JFK ~ Upgrade to Next Generation Antispam/Antivirus with Ninja! ~ ~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm> ~ ~ Upgrade to Next Generation Antispam/Antivirus with Ninja! ~ ~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm> ~
