(Msg. 9) Posted: Sun Jun 11, 2006 11:34 pm
Post subject: Re: F-Prot for Dos not scanning all files [Login to view extended thread Info.] Archived from groups: alt>comp>virus (more info?)
Art <null.TakeThisOut@zilch.com> wrote in news:vkvn8216g9upe58h5lpj79uigknm9rup9q@
4ax.com:
> If you choose to be totally paranoid rather than learn whom to trust
> and whom not to trust, you're going to be at a great disadvantage.
Art,
His paranoia with not accepting executables from strangers is a sound
one. Getting files from the vendor itself whenever possible is always
the preferred method, Although that isn't totally safe either.
> I can tell you that KAVDOS32 is by far the best DOS scanner I've ever
> tested when it comes to handling various compressed and packed
> files ... especially those which are multiply packed with various
> different and unusual packers the bad guys use to confuse av
> scanners. It even handles scanning "within" many Setup and
> Install files.
The dos scanner as I recall is slow.... extrememly slow... has this
improved?
> BTW, when is the last time Frisk did any work on the F-Prot for
> DOS scan engine? I remember him posting here saying that it
> hasn't been updated in years.
The engine hasn't, no.
> In putting effort into my utils for KAVDOS32 I'm fully aware
> that I'm dealing with something that is short-lived. DOS scanners
> are going the way of the Dodo bird. Yet, there is now and there
Which is a pita. Either we need mobile windows apps able to run outside
of being installed, access to the local registry, etc... Or, we still
need dos apps able to run from a bart environment for fixing things when
windows will no longer boot, at all.
(Msg. 10) Posted: Mon Jun 12, 2006 12:40 am
Post subject: Re: F-Prot for Dos not scanning all files [Login to view extended thread Info.] Archived from groups: per prev. post (more info?)
On Sun, 11 Jun 2006 23:34:33 GMT, Dustin Cook
<bughunter.dustin DeleteThis @gmail.com> wrote:
>Art <null DeleteThis @zilch.com> wrote in news:vkvn8216g9upe58h5lpj79uigknm9rup9q@
>4ax.com:
>
>> If you choose to be totally paranoid rather than learn whom to trust
>> and whom not to trust, you're going to be at a great disadvantage.
>
>Art,
>
>His paranoia with not accepting executables from strangers is a sound
>one.
Obviously! Learning whom to trust and whom not to is also sound. Hell,
if those of us offering free sw aren't to be trusted, we might as well
quit ... and that includes you!
>> I can tell you that KAVDOS32 is by far the best DOS scanner I've ever
>> tested when it comes to handling various compressed and packed
>> files ... especially those which are multiply packed with various
>> different and unusual packers the bad guys use to confuse av
>> scanners. It even handles scanning "within" many Setup and
>> Install files.
>
>The dos scanner as I recall is slow.... extrememly slow... has this
>improved?
It's not really slow when you consider its thoroughness. For example,
F-prot for DOS skips over .CHM files (and issues misleading "OK"
messages) whereas KAVDOS32 scans the jillions of files "within"
them. That aspect no doubt fools a lot of users into thinking other
scanners are much faster when actually they may not be much
faster at all. And it's not just .CHM files ... it's many other files
such as Setup and Install files that may still be on a machine.
Most scanners will skip them with a "OK" message while KAVDOS32
will spend time taking them apart and scanning all the "innards"
(in many or most cases). Or many packed and archived files
that KAVDOS32 rips apart that other scanners just say are
"OK" without scanning "inside them" at all. Pisses me off
I'm fed up with the BS from other scanners so much I could
scream! Not that KAVDOS32 doesn't pull the same horseshit
when it can't scan a archive. It will also issue a "OK" instead
of being honest. But by forcing it to put out "OK" messages
on every file scanned, at least through experience with it
I can tell whether or not it's actually scanning innards in may
cases.
>> BTW, when is the last time Frisk did any work on the F-Prot for
>> DOS scan engine? I remember him posting here saying that it
>> hasn't been updated in years.
>
>The engine hasn't, no.
>
>> In putting effort into my utils for KAVDOS32 I'm fully aware
>> that I'm dealing with something that is short-lived. DOS scanners
>> are going the way of the Dodo bird. Yet, there is now and there
>
>Which is a pita. Either we need mobile windows apps able to run outside
>of being installed, access to the local registry, etc... Or, we still
>need dos apps able to run from a bart environment for fixing things when
>windows will no longer boot, at all.
Yes, well I haven't investigated other approaches than DOS much at
all. DOS would really be nice to use. I wish av vendors, and
particularly Kaspersky, would change their ways and reconsider
offering DOS scanners suitable for formal scanning the drives of
modern OS ... and include NTFS capability.
(Msg. 11) Posted: Mon Jun 12, 2006 12:40 am
Post subject: Re: F-Prot for Dos not scanning all files [Login to view extended thread Info.] Archived from groups: per prev. post (more info?)
Art wrote:
[snip]
> Obviously! Learning whom to trust and whom not to is also sound. Hell,
> if those of us offering free sw aren't to be trusted, we might as well
> quit ... and that includes you!
i don't know if you've heard but there are now quite a number of 'rogue'
security apps out there these days... offering free software on it's own
isn't enough to prove trustworthiness...
if he wants to get an impression of how trustworthy you are then he's
going to have to google you... you could get him started with a link to
a google search... you might also disclose any professional/commercial
affiliations you might have (if you have any) as an indicator that
you're not some creep lurking in the shadows of the internet...
--
"it's not the right time to be sober
now the idiots have taken over
spreading like a social cancer,
is there an answer?"
(Msg. 12) Posted: Mon Jun 12, 2006 12:49 am
Post subject: Re: F-Prot for Dos not scanning all files [Login to view extended thread Info.] Archived from groups: per prev. post (more info?)
Art <null.TakeThisOut@zilch.com> wrote in news:0vbp82tnsk15st6ssdmo02e4li0jj78mn7@
4ax.com:
>>Art,
>>
>>His paranoia with not accepting executables from strangers is a sound
>>one. >
> Obviously! Learning whom to trust and whom not to is also sound. Hell,
> if those of us offering free sw aren't to be trusted, we might as well
> quit ... and that includes you!
It's not the software he mistrusts, necessarily. We are not known to him
currently, so it's us he doesn't trust.
I'm surprised your not in agreement with it. Once he reads more posts,
and/or responses to his original post he may go and try your recommended
software. He's just practicing safe hex.
> It's not really slow when you consider its thoroughness. For example,
> F-prot for DOS skips over .CHM files (and issues misleading "OK"
> messages) whereas KAVDOS32 scans the jillions of files "within"
I know, hence the slowness. It tries to take everything apart. 4+ hours
typical scan time for a machine with many types of files on it. > Yes, well I haven't investigated other approaches than DOS much at
> all. DOS would really be nice to use. I wish av vendors, and
> particularly Kaspersky, would change their ways and reconsider
> offering DOS scanners suitable for formal scanning the drives of
> modern OS ... and include NTFS capability.
A BartPE disc is a handy resource. If you haven't already got one in your
toolkit, I'd recommend you give it a try.
It's not always wise to assume the machine is still operational. If
you can't boot into safe mode, another OS in charge (booting clean) is
really the only choice you have.
(Msg. 13) Posted: Mon Jun 12, 2006 1:11 am
Post subject: Re: F-Prot for Dos not scanning all files [Login to view extended thread Info.] Archived from groups: per prev. post (more info?)
On Mon, 12 Jun 2006 00:49:25 GMT, Dustin Cook
<bughunter.dustin DeleteThis @gmail.com> wrote:
>It's not the software he mistrusts, necessarily. We are not known to him
>currently, so it's us he doesn't trust.
Again, why state the obvious?
>I'm surprised your not in agreement with it. Once he reads more posts,
>and/or responses to his original post he may go and try your recommended
>software. He's just practicing safe hex.
Sure, and I'm simply telling him to take the time to learn whom to
tust. Is that so hard to understand?
>> It's not really slow when you consider its thoroughness. For example,
>> F-prot for DOS skips over .CHM files (and issues misleading "OK"
>> messages) whereas KAVDOS32 scans the jillions of files "within"
>
>I know, hence the slowness. It tries to take everything apart. 4+ hours
>typical scan time for a machine with many types of files on it.
Try my K-BOOT. You might be surprised at the high scan speeds
in plain DOS you get with KAVDOS32 using it. Or make a bootable
CD based on the diskette it creates.
>> Yes, well I haven't investigated other approaches than DOS much at
>> all. DOS would really be nice to use. I wish av vendors, and
>> particularly Kaspersky, would change their ways and reconsider
>> offering DOS scanners suitable for formal scanning the drives of
>> modern OS ... and include NTFS capability.
>
>A BartPE disc is a handy resource. If you haven't already got one in your
>toolkit, I'd recommend you give it a try.
I don't use XP. I use Win 2K. Besides that, I don't need or want a
Bart PE. In case I can't fix something I simply boot up into my
bootable cloned drive and reclone the main drive from it. That
way I'm covered for the the event of h.d. failure as well.
>It's not always wise to assume the machine is still operational. If
>you can't boot into safe mode, another OS in charge (booting clean) is
>really the only choice you have.
(Msg. 14) Posted: Mon Jun 12, 2006 2:01 am
Post subject: Re: F-Prot for Dos not scanning all files [Login to view extended thread Info.] Archived from groups: per prev. post (more info?)
> A BartPE disc is a handy resource. If you haven't already got one in
> your toolkit, I'd recommend you give it a try.
>
Need XP or later though to build it, eh. Hey, Art, I'll send you a copy of
my XP if you want it! Microsoft are seriously pissing me off these days
treating us guilty until proven innocent, so it'd be a pleasure. More so if
they got to hear about it
(Msg. 15) Posted: Mon Jun 12, 2006 2:01 am
Post subject: Re: F-Prot for Dos not scanning all files [Login to view extended thread Info.] Archived from groups: per prev. post (more info?)
On Mon, 12 Jun 2006 02:01:36 +0100, "Shane" <shanebeatson RemoveThis @gmail.com>
wrote:
>> A BartPE disc is a handy resource. If you haven't already got one in
>> your toolkit, I'd recommend you give it a try.
>>
>
>Need XP or later though to build it, eh. Hey, Art, I'll send you a copy of
>my XP if you want it! Microsoft are seriously pissing me off these days
>treating us guilty until proven innocent, so it'd be a pleasure. More so if
>they got to hear about it
Thanks but no thanks. I want XP and a Bart PE like I want a hole in
the head
(Msg. 16) Posted: Mon Jun 12, 2006 5:59 am
Post subject: Re: F-Prot for Dos not scanning all files [Login to view extended thread Info.] Archived from groups: per prev. post (more info?)
Art wrote:
> On 10 Jun 2006 18:29:33 -0700, "Hugo Trebl" <singalong.TakeThisOut@dodgeit.com>
> wrote:
>
>
> >I'm worried that it might miss something that is not obvious at first
> >glance.
> >I doubt that it can scan the new rar format without an engine update
> >for example.
>
> I just downloaded a trial of the DOS version of Winrar. It's Version
> 3.60 Beta 4. I compressed a RAR archive of files using it. KAVDOS32
> had no problem scanning all the files "within" the RAR archive.
I stand corrected.
As for the other thread, I did find another version of kavdos32 and
compared the exe and dll, and it did not show any suspicious behaviour
in vmware, so I'll have no choice but to trust you from now on
I made a simple batch file for the %username%\sendTo folder for win
2000/XP, in case anyone is interested:
@echo off
:LOOP
for %%a in (%1) do c:\tools\kavdosnt\kavdos32 /* /a- /u- /MD- /MP- /b
/p /m %%~fsa & pause
SHIFT
IF '%1' == '' GOTO END
GOTO LOOP
:END
All times are: Eastern Time (US & Canada) (change) Goto page Previous1, 2, 3, 4
Page 2 of 4
You can post new topics in this forum You can reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
Home
Forums
Home
FAQ
Profile
Private Messages
Log in
Getting files from the vendor itself whenever possible is always
Security