Which is worse? The virus or the virus software?:hmmm:

McAfee had a bad hairday today.:dead: For those of who have haven't heard, McAfee released a "bad software update" that made the virus program think a peticular windows file is a virus, thus causing the computer to crash then a re-boot loop.:o

The problem, the company I work for relys on XP and has a corperate account w/ McAfee:o. So, this morning when the update hit, ALL computers in the company crashed!:dead::o

cAfee DAT 5958 Update Issues
Share (http://www.addthis.com/bookmark.php?v=250&username=jullrich) | [/URL] (http://www.addthis.com/bookmark.php?pub=jullrich&v=250&source=tbx-250&tt=0&s=facebook&url=http%3A%2F%2Fisc.sans.org%2Fdiary.html%3Fstory id%3D8656&title=McAfee%20DAT%205958%20Update%20Issues&content=&lng=en&description=McAfee's%20%22DAT%22%20file%20version% 205958%20is%20causing%20widespread%20problems%20wi th%20Windows%20XP%20SP3.%20The%20affected%20system s%20will%20enter%20a%20reboot%20loop%20and%20loose %20all%20network%20access.%20We%20have%20individua l%20reports%20of%20other%20versions%20of%20Windows %20being%20affected%20as%20well.%20However%2C%20on ly%20particular%20configurations%20of%20the)[URL="http://www.addthis.com/bookmark.php?pub=jullrich&v=250&source=tbx-250&tt=0&s=twitter&url=http%3A%2F%2Fisc.sans.org%2Fdiary.html%3Fstory id%3D8656&title=McAfee%20DAT%205958%20Update%20Issues&content=&lng=en&description=McAfee's%20%22DAT%22%20file%20version% 205958%20is%20causing%20widespread%20problems%20wi th%20Windows%20XP%20SP3.%20The%20affected%20system s%20will%20enter%20a%20reboot%20loop%20and%20loose %20all%20network%20access.%20We%20have%20individua l%20reports%20of%20other%20versions%20of%20Windows %20being%20affected%20as%20well.%20However%2C%20on ly%20particular%20configurations%20of%20the"] (http://www.addthis.com/bookmark.php?pub=jullrich&v=250&source=tbx-250&tt=0&s=google&url=http%3A%2F%2Fisc.sans.org%2Fdiary.html%3Fstory id%3D8656&title=McAfee%20DAT%205958%20Update%20Issues&content=&lng=en&description=McAfee's%20%22DAT%22%20file%20version% 205958%20is%20causing%20widespread%20problems%20wi th%20Windows%20XP%20SP3.%20The%20affected%20system s%20will%20enter%20a%20reboot%20loop%20and%20loose %20all%20network%20access.%20We%20have%20individua l%20reports%20of%20other%20versions%20of%20Windows %20being%20affected%20as%20well.%20However%2C%20on ly%20particular%20configurations%20of%20the)


Published: 2010-04-21,
Last Updated: 2010-04-21 21:08:19 UTC
by Guy Bruneau (Version: 3)
11 comment(s) (http://isc.sans.org/diary.html?storyid=8656#comment)
McAfee's "DAT" file version 5958 is causing widespread problems with Windows XP SP3. The affected systems will enter a reboot loop and loose all network access. We have individual reports of other versions of Windows being affected as well. However, only particular configurations of these versions appear affected. The bad DAT file may infect individual workstations as well as workstations connected to a domain. The use of "ePolicyOrchestrator", which is used to update virus definitions across a network, appears to have lead to a faster spread of the bad DAT file. The ePolicyOrchestrator is used to update "DAT" files throughout enterprises. It can not be used to undo this bad signature because affected system will lose network connectivity.
The problem is a false positive which identifies a regular Windows binary, "svchost.exe", as "W32/Wecorl.a", a virus. If you are affected, you will see a message like:


I had a similar problem with norton anti-virus, and that was the last time norton was on my computer.

I think it's a plot by microsoft to get you to dump XP and switch to the current flavo(u)r of windows.:timeout::-?

Last update made my security center go bonkers - now it comes up as a blank screen. McAfee works when it works, but when it gets screwed up, boy does it screw up :dead:

Norton.... urk!

I used the bundled norton AV when I first got a computer. It worked fine for a year or so. But when it came to the endless updates that would just hang and then crash the machine and also its habit of treating my cpu like its own unlimited resource provider....
Since then I've used AVG, NOD32 (was great) but now I'm a cheapskate using Avast (free) which seems to do a good job.

At work I've had the misfortune to experience Mcaffe and Panda. Panda was clunky and used to take about 10 hours to scan (automatic set by the IT department) so I couldn't do any work whilst it was running because AutoCAD needed more resources than the scan would allow.
All of the 'business AV solutions' seemed to be somewhat difficult to use and proved more of an inconvenience than they were worth.

But saying that, one company I worked at for several years had no antivirus protection at all. When I started there, the 'hand-me-down' computer was slower than it should have been. So I DL avg, spybot and adaware. Almost a day later of scanning and the lot of 'em removed thousands of nasty things that a previous user had acquired. From 'helpful browser toolbars' to worms and trojans and general malware, it was all there. I was quite nonplussed to learn of such a lax attitude to that stuff; it was a reasonably big company too.

Gotta say that it's a bit of a faux-pas to release an update that kills everyone's computer though. Companies like microsoft and Mcaffe should know better really... I refused to install XP SP2 for almost 18 months at work because of the trouble it caused upon its initial release.

I've been using Kaspersky antivirus for past year. I liked it but it has its own quirks. I need to renew my license in couple days but I'mactually tempted to switch to full version AVG.

What is in your opinion the best and most solid antivirus on the market novadays?

I've been using Kaspersky antivirus for past year. I liked it but it has its own quirks. I need to renew my license in couple days but I'mactually tempted to switch to full version AVG.

What is in your opinion the best and most solid antivirus on the market novadays?
I have AVG and love it. It caught things norton didn't.

I really liked NOD32.
Of all of the av software I've used, the version I had was the most unobtrusive of the lot. iirc there's a 30day trial then you have to pay. I'd say it's not for the novice pc user; it had lots of settings and features you could mess about with (unlike AVG or Zone Alarm).
Avast comes close to how you can adjust the settings, but looks like it uses a little more system resources, but avast was free so I'm not going to complain when it asks me to reboot for an update once every now and then.

I currently use a suite made by Computer Associates for antivirus/spyware and firewall. It works well, doesn't hog gargantuan amounts of system resources, and has the option of temporarily turning some features off when I need a little extra horsepower. The update process is a snap, and it hasn't crashed my computer once. A couple of downsides might be the learning curve, and the extra amount of processing that has to be done by Internet Explorer after installing the optional website inspector.

I use Avast Free, doesn't use much resources, 4,164k's to be exact, works fine for me.
I've used all sorts of AV's, from Norton's many many years ago, Zone Alarm Pro, AVG more recently, and now Avast.
Out of all of them, Avast seems to do it's job better then the ones i've used, scanning is quick and easy, regular updates (automated and notified to user), good detection settings, using very little resources, i guess a few things are dependent on how well a AV works:
Your system specs, what sort of online activity you perform, other utils/tools which may conflict with each other, it all makes a big difference in the way you "allow" the AV to work for you. Or not.

LOL apparently the update caused about 10% of a major supermarket chain's cash registers to go bonkers over here.:D

LOL apparently the update caused about 10% of a major supermarket chain's cash registers to go bonkers over here.:D
Which one? I'm in Oz.

I have been using kaspersky for a while, but have been thinking of moving to NOD32 for a while now.

I recently moved from Norton Internet Security to Avast Internet Security
talk about a stress relief from your system resources :up:

HunterICX

I've probably used the majority of the popular ones and my choices would be:

Retail
1st NOD32
2nd Kaspersky

Free
1st AVG
2nd Avira

I heard by a techie friend of mine that AVG is not being supported anymore? Since last year sometime?
Edit: just checked out their website, seems not supporting 98, me and nt was the case, version 9 is newest, with 8.5 not being supported anymore.
Anyone use AVG Internet Security 9?
If so, good? Bad?

Now these are the kind of reviews i like,
an overview of all products with features and ratings, prices, ahh, cool.
Seriously though, check it out:
http://internet-security-suite-review.toptenreviews.com/

i like the layout, not pages upon pages of words...
Interesting that McAfee isn't there! :O:

Which one? I'm in Oz.
http://www.smh.com.au/technology/enterprise/botched-antivirus-knocks-out-10-of-coles-registers-20100422-teif.html

http://www.smh.com.au/technology/enterprise/botched-antivirus-knocks-out-10-of-coles-registers-20100422-teif.html
Fascinating, considering i work for the Coles Group, manage a restaurant of theirs...
Phew!!!

Avast! :yeah:

Avast! :yeah:

Me too. Used to have the retail F-Secure for a long time but it got really bulky in the end.

I had some other security software problems recently with my laptop, not McAfee but with another program. Was able to recover but it cost a little. :damn: Oh well, live and learn.

Avast! :yeah:

Same here...since I dumped AVG and all there false positives two years ago, Avast has done the job for me. :up:

Missed this thread earlier sorry...

Add me to the rank and file of angry consumers my home machine is so effed up I cant even copy paste files :damn:

This will probably end up in a class action suit as I am estimating that 100's of thousands have been effected.

"A moderate disruption" huh.... those dorks turned my fine running pc into a paperweight.

Missed this thread earlier sorry...

Add me to the rank and file of angry consumers my home machine is so effed up I cant even copy paste files :damn:

This will probably end up in a class action suit as I am estimating that 100's of thousands have been effected.

"A moderate disruption" huh.... those dorks turned my fine running pc into a paperweight.

Well you can take your PC to "PC - fixers" who will help you out...for a fee. :shifty: It's good times for those guys.

Well I'm supposed to be 'one of those guys' its part of my job here.

But the machine affected was my home pc and dident have the adaquate materials to deal with the situation there and tried a bunch of kludge work arounds. After 4 hours of frustration and about 100 reboots I finally just had to walk away from it.

Tonight I will be better armed.

I know I shouldn't feel "Schadenfreude (http://en.wikipedia.org/wiki/Schadenfreude)" (sp?) (happiness over others misfortune), but having gone through this recently I just can't help myself. :)

Go figure, I have always used the AVG Free Virus Program, never any issues, just go a refurbished laptop for work, came with McAfee and boom this happens :dead::dead:

**** :damn:

I'm glad Comcast switched from McAfee a couple of months ago(came free with their internet service), but......

they switched to Norton 360. :doh:
I don't have the warm fuzzies about them. I haven't had any problems(nor had I with McAfee), but I've heard some not good things about them before.

:)

Mi oline banker are offering Kaspersky free for a year.....could be handy for the non gameing rig.

I use avast but it uses more than 4000kb.

The ashWebSv.exe uses 87,624K then there are a few other related processes...So I wonder what I am doing wrong.

I've probably used the majority of the popular ones and my choices would be:

Retail
1st NOD32
2nd Kaspersky



In small words typed slowly so I can read them, could you give us a paragraph on why you like those two?

I am in the market for some anti-virus/security software and wanna get some learnin.

NOD32 = quiet and unobtrusive.
Lots of settings and ability to customise scans.
Didn't hog resources.
Performed regular auto-updates.
Found several things hidden in archived zip/rar files that were known to be bad or malicious files (other av didn't).
Performed real-time system scanning with unused system resources, as well as the on demand scans etc.
It never let any suspect attachments through my email client - and there were a few from people who's webmail had been compromised.

On the whole it sat there quietly in the background and did the job.

Depending on what was going on out there on the internet, you'd occasionally get 2 or perhaps 3 virus definition updates a day, though usually it was once every few days.

I liked it a lot. The only reason I stopped using it was my retail subscription ran out and I've not had the spare income to pay for a decent AV program @ £29.95
Payment for it was online and was simple and quick too.

http://www.eset.co.uk/Trial/Home

Avast at home, Trend Micro Worry Free for servers, exchange, and workstations at work.

I just downloaded trial version of NOD32 and after installation it turned my smoothly running machine into a slide-show. Starting Firefox took about 10 minutes. No need to say that I have uninstalled it within 15 minutes.
WHAT A PIECE OF CRAP SOFTWARE!

Unbelievable. :nope:

Well, off to try something else. Still have 6 days of Kaspersky's licence left...

Just to let yall know I was able to recover without resotring to a reformat.

Been using Comodo for the past year or so with good results so far. Their firewall software is up there as well.

I just downloaded trial version of NOD32 and after installation it turned my smoothly running machine into a slide-show. Starting Firefox took about 10 minutes. No need to say that I have uninstalled it within 15 minutes.
WHAT A PIECE OF CRAP SOFTWARE!

Unbelievable. :nope:

Well, off to try something else. Still have 6 days of Kaspersky's licence left...

Curious, I never had any trouble with it. And my machine isn't exactly cutting edge either - 5-6 years old xp pro machine, AMD X2 3800+ 2GB DDR2 RAM.
Did you go through the settings and put the scanning priority to 'normal' instead of maximum?
Also if you had only just installed it, it was probably doing a full in-depth system scan (like most AV software does when you first install it) so everything starts with a 'clean sheet' as it were. If you have big hard drives this can take a little time to accomplish.

Curious, I never had any trouble with it. And my machine isn't exactly cutting edge either - 5-6 years old xp pro machine, AMD X2 3800+ 2GB DDR2 RAM.
Did you go through the settings and put the scanning priority to 'normal' instead of maximum?
Also if you had only just installed it, it was probably doing a full in-depth system scan (like most AV software does when you first install it) so everything starts with a 'clean sheet' as it were. If you have big hard drives this can take a little time to accomplish.

Yes it started the scan immediately and I stopped it and yes I have played with settings just to try to figure out why it made my computer so slooooow.
It was, seriously, like watching slide show.
Couldn't figure it out so I uninstalled it. The problem immediately disappeared. :nope:

Got this fixed today :yep:

Got this fixed today :yep:

Nice one :up:

I guess you won't be using it again either :DL

Nice one :up:

I guess you won't be using it again either :DL

Got mine fixed but will probably continue to use it .. at least untill the subscription runs out.

Nice one :up:

I guess you won't be using it again either :DL

Same as SW, will wait until the subscription runs out.
Hopefully this decision does not come back to bite me in the
ass :dead::dead:

Honestly, the way I see it.....the majority of anti virus programmes are probably okay but as the saying goes "one mans meat is another mans poison"....we can only go on personal experiences.

I was genuinely shocked to see one poster reporting negative experiences with NOD32....no big deal you can say and rightly so.....but I know of one or two 'official entities' who have used it successfully and continue to do so.

just as well we all have choices I reckon :hmmm:

Information security is a big question here too, the coppers are very lax with stuff like tossing out files into the garbage cans that have sensitive info in them. Autopsy photos etc. have been found there. Who knows what happens to CPU's the cops use.

My question to you the more computer savy folks is, what if your virus software says that you have a file that might be a problem. It might be a genuine threat or not, sometimes different virus programs are just in conflict with each other and detect problems from each others virus libraries. Question is, what do you do with the infected file? Delete it? What if the file is in the rootkit? Can those files be deleted?

@OTH
Quarentine it.

ZoneAlarm has always served me well.
The firewall & Program Control suits my style well.

Just turn off the automated stuff, and it leaves YOU in control of IT.
Not the other way around.