Thread: Critical Updates and Decreasing System Stability
View Single Post
  #9  
Old December 19th 04, 07:33 PM
cquirke (MVP Win9x)
external usenet poster
  
Posts: n/a
Default
On Sun, 19 Dec 2004 09:11:19 -0000, "Noel Paton"

Yes - Stinger is a targeted utility for the removal of a number of worms -
many of which have the subsidiary function of switching off traditional
anti-virus programs.

It's like spending 2 days swotting "spots" at the end of a 3-year
course. It doesn't cover all (or even most) of the material :-)

Slightly better is Trend's SysClean. Like Stinger, this is a free
fixer that you can run without having to install it. But it detects a
lot more malware than Stinger does, so I've taken to using it instead;
it fits on a USB stick, but not on a diskette.

Then again, you aren't cursed with NTFS, so there's no reason you
can't use a *real* av that detects "everything". You'd do a diskette
boot, ideally using an EBD that creates a RAM disk, then copy the
relevant files and run the DOS-based av from there.

www.f-prot.com offers F-Prot for DOS as free for personal use, and
it's what I use. You can get updates from the site as well, and you'd
need to, as the data built into the download will likely be stale.

www.sophos.com and www.nod32.com also offer free DOS-based av for
download, but they are evaluation copies only. That means you have to
sign in, and I presume you can't download updates on an ongoing basis.

You can have the most efficient, and up-to-date virus scanner in the world,
and it's of no use at all if it's switched off by a worm!

Absolutely. Chasing active malware from the OS that it's already
running in is doomed, because the malware is positioned to resist,
hide, take punitive action against you, etc. It's merciful that the
last is rare, but it's been done; I wouldn't count on such mercy.

Stinger of itself is no use - it's purely effective against variants of
about 40 worms - without also running a traditional AV immediately
afterwards, but what it does, it does well, and is the type of tool that
worms have little defence against - for the simple reason that it can be
almost totally redesigned every issue, if necessary, while a traditional AV
is locked into an upgrade/update cycle.

Yes - it's a useful lifeline for those cursed with NTFS. Also, once
you've identified a malware, Symantec has several dedicated cleaners
that each kill one particular baddie. Actually, most av sites have
free cleaners for one malware each; I've used these from Symantec,
F-Secure and Sophos (Sophos's fix for Jeefo was da bomb!)



--------------- ----- ---- --- -- - - -
Tech Support: The guys who follow the
'Parade of New Products' with a shovel.
--------------- ----- ---- --- -- - - -