Italicworld.If you aren't satisfied with NAV,there's nothing wrong with trying another product.I use NOD32.I won't even consider switching to another av program.Check it out at www.nod32.com.Regards.JB

0

I would recommend two antivirus products for a trial: Eset's NOD32 and www.srnmicro.com SOLO. Take care and all the best!

0

I think NAV is the best available as far as detection of viri and worms etc but it its a resource hog and doesn't really cut it against trojans. Thats not Norton's fault though. Trojans are just too easily packed with compressors or hex edited which changes there signature and gets them past your av. Hell, simple XOR encryption is enough to slip a known trojan past your AV. AVG is good but still misses some small things that Nav gets, on a positive it uses far less resources though. So NAV gets my vote for viri detection, but a good firewall is best defense for a Trojan horse/Rat. Cheers.

0

Hehe, you asked "Is NAV cutting it these days?" The answer is definitely NO! Symantec answers this question for themself when by also releasing a product called "Norton Firewall" I think NAV has their priorities messed up, especially from my experience with Opaserv. It seems that NAV's philosophy is to only stop virus code after it RUNS on computer, but doesn't do anything to BLOCK getting infected. Its Norton Firewall's responsibility to block these reinfections. In my opinion, that's a worthless philosophy. With the way virus's are today, (opaserv especially), you get todays NAV situation, where it catches another opaserv variant infection every 5 minutes. Yes, it stops your machine from ever letting the virus run too long, but why the hell is that any good when the user is constantly getting annoying by NAV popping up every 5 minutes for reinfections, as well as the user having to clean out his win.ini file so he doesn't get those annoying error messages every bootup? Symantec is also wrong with their virus information policy. Despite many people explaining to them that they get reinfected with Opaserv, NOWHERE on symantec's website does it mention this fact. They definitely need to explain on their Opaserv pages that continual reinfection is a possibility, and that you must block these ports of entry. I wouldn't care if they told me I need to also buy their Norton Firewall for $50. At least they're telling me the truth. Again, their information policies are terrible when it comes to responding to new viruses. Its a well known fact that brasil.pif came out on Oct 19, (I sent it to them on Oct 21). Yet they claim it was discovered on Oct 23 (and coincidentally, they also made a fix that very same day!). I didn't enjoy googling the web for brasil.pif on Oct 19, not finding any help about it, and then finding out that Norton sat on this information FOR 4 DAYS, but refused to tell anyone! The least they could do is verify its existance, explain that they were working on the problem, and that it would be a few days before they could have a fix. But that does no good when the NAV fix DOESN'T EVEN WORK! Its not that hard to do this. NAV just needs to list on their website every change a virus makes to your comptuer, (which they don't do, i.e. opaserv), as well as having NAV clean up all these changes (which they also don't do, i.e. lots of other viruses). Finally, NAV's technical shows that they like to hide from fixing peoples problems. Its either a $30 per technical phone call, or nothing. There's not even a single place to email them! I sure didn't want to call them over opaserv only to have them reread the same incomplete information I could find on their website. As for email, every time I submitted new opaserv variants to them before they listed these variants as "discovered", I included in the message "I would really enjoy a quick response verifying that other people with opaserv are getting reinfected as well by all these variants." I never received one email back. Its pretty clear that NAV has major problems, and that they need to change in many areas. Unfortunately, the competition isn't any better, so there's nothing motivating NAV clean up their act. This means that anti-virus software will continue to ignore normal software rules, where the software does all the work for you, so you don't have to be a tech-savvy person who takes an active role in maintaining their computer. So unfortunately, we still have take an active role to combat viruses by doing 3 things: Own anti-virus software, have a firewall, and constantly read computing.net's virus forum to find out about the rest of the information nobody told us. Brad Peterson b_peterson@yahoo.com

0

to help nav to catch the current virii a manual download-install is required mon through fri. except wed when live update runs auto. http://www.sarc.com/avcenter/defs.download.html

0

well said Brad Peterson

0

ok here goes. i have followed the post on Opasrv and the other viruses here. I ran a few test for myself on these. I found today after running a test with the opasrv that.... 1) Opasrv does call out to other PC's on the network to see who is infected. It also scan random IP's for open ports to infect other PC's. (this is when infected!) 2) After infecting a PC with opasrv then cleaning it of the virus I put the PC on a subnet behind a router with all ports open. (so that the "infected then cleand PC was on a dif IP/Subnet then the rest of the network") The PC DID NOT get reinfected!!!!!! This tells me that the PC does not call out to the last PC that were infected to get reinfected! (runing full NAT) Instead that thier are other PC out there scanning port on the IP/subnet in order to reinfect the PC. The main problem is that people are not securing thier file sharing and downloading the patch for it. Download the patch and put a password on your shares and you can defeat the virus! If you have to get a router and sit behind it with your ports configured the way you want them. (the problem here is not many people "as in home users" know how to confige the ports.) The main problem is the fact that people do not know they are infected with the virus! Yes NAV put out the Norton Firewall to stop hackers!!!!! Not viruses!!!!

0

Lets go back to this post http://www.computing.net/security/wwwboard/forum/3101.html Brad are you sure there wasnt a inboubd ping or sniff that first started the transmision? I would love to see this log and would like to see what ports you were checking. Being that your PC has over 65,000 ports the viri could have started at any port anywhere asking for a reply on port 137. I am only asking this because most port sniffers work on the 0-5000 range. I am in no way bashing you for your work. You have done a great deal in working with this virus. I will be contacting you Via E-mail to get a few copies of the virus if you do not mind so that I may be able to help. This thing needs to be sovled some how some way, even if it is by the techs here. Has the virus been opened in a hex editor to se what it actually does by anyone here?

0

i agree with john... there's more involved in protecting your machine from viruses that just slapping NAV on it and expecting that to protect you from everything. in my opinion, that's like walking down the street with looga falling out of your pockets and expecting the police to protect you from a mugging. NAV is certainly cutting it for me. i use it - in the form of NIS on one of my clients' servers and i've got nothing to say but props for it. this is after i tried PCcillin (which is just amateur) and mcCrappy (which decimated the OS partition and for which i got no technical support coz no one knew how to start fixing my problems) i recommend NIS for anyone who want's a full internet security package - but use your brain too...! read more than symantec's sites, check out grc.com and use shieldsup, educate yourself rather than expecting someone else to do it coz the hackers and virus breeders make it by being one step ahead. j

0

John, I'll be happy to send you this information. Here's a copy of a post I just sent to JubJub, it pretty much applies to you as well: (it saves me time typing...) I've noticed a couple of other people, John and JubJub, who seem really interested in this thing too. That's great news. From all my testing, of course I think I'm right, but I would be just has happy if everyone else proved me wrong...just as long as we can remove this virus. I will be able to send you copies of the virus and the log file later tonight. I have to take off for my work right now though. I hope the email address you supplied works. I can also send you scrsvr.exe, brasil.pif, alevir.exe, and marco!.scr (I do not have the newest variant out yet...I've kept my ports blocked.) Alright, copy and paste is over. John, I'm still pretty sure my computer makes the first request out. But I haven't been able to confirm that it scans all 65k ports yet (i'm pretty sure it does, just because ethereal is written my open source linix geeks, they want to get it right). As for the calling the last infected computer...I'm still not too sure how that works. The reason I said that is...after having been infected at least 50 times, I opened my ports, and the first communication my computer made was a request to this one IP address, which in turn sent me the virus. It used to just scan down a list. Why did it all of the sudden use this IP address first thing? I'm assuming because it remembered from past experience that it was an infected computer. But I haven't tested that theory nearly enough to prove it. My question for you is, did you let this test computer scan over other IP addresses, find one, and then have this IP address download the computer to you? Or did you simply load on the virus via floppy and run it? Just making sure that you gave this virus a chance to find another infected computer before you moved it behind a different subnet. Also, you are probably right about the password share thing. I don't have my shares password protected. I hadn't thought about that yet. Because of my work, we are set up not to password protect our shares. That may be how this virus gains access to run its executable. It sees there's a share, tries to access it...no password is necessary, so it has access. I'll work with that tonight more. Brad Peterson b_peterson@yahoo.com

0

Thanks Guys. I realized NAV is not going to stop everything, but like Brad said, thats where the use of the firewall comes in. Brad, you seem to know a lot about this security topic, so i want to ask you a few questions. I'm not as knowledgable as you guys on these subjects, but since you are, your knowledge is my power. Basically, why cant NAV recognize remote administrator tools, aka Rats. The only way this is detected is through the use of a firewall or the like. A few brands like Ispy-now and realtime-spy seem to be totally undetectable by nav. Why is this?; So if i was tricked and i downloaded a RAT, it wouldnt be able to reach its host when it called out; but i would be stuck with this file that windows is now using. If i was infected with this, how would i go about removing it? Would just changing its name enable me to delete it? Or msconfig, uncheck, restart and delete? Im unsure and just want to be prepared in case im unlucky enough to aquire one. I've been reading alot about these rats, and its been on my mind for awhile. Thanks again!

0

Your all wrong kaspersky av is the best hands down! i have used it for 4 years now and have never ever been infected

0

I think the "which nav is best" debate is kinda like the battle between Ford's and Chevy's on the drag strip... Sometimes the Ford wins, and sometimes the Chevy wins... Sometimes Norton gets the fix out before AVG does, etc... But I will say this...Since my battle with the Opa worm a few weeks ago, I have been using Norton, Solo, AVG, and Trend on most of the customers computers I support... Norton is the preferred because almost every network we support we have NAVCE installed... Then I add the other AV's in addition to NAV... So far it's been pretty effective... Sometimes something gets thru one and the other catches it... But in reading all the posts re: Opa, this morning...I realize that there is stuff going on with this worm that we just don't know about yet, and neither do most/any of AV folks... To all you guys/gals who are researching this problem...thank you from all of us who don't have the time or knowledge to do what you are doing... Steve

0

I agree that NAV is the best available, but that it should be doing a better job. It sure beats the hell out of MacAfee though. I think the best solution is to run a firewall as well as more than one AV program. What one AV misses, another might pick up. When I first installed ZA I was shocked by all the crap that had been going on behind my back that NAV was ignoring. Does anyone have an opinion about SwatIt? It picked up on a couple of Trojans on my system that got by everything else.

0

Ahhh! Just use the Drweb and Spider. NAV can't heal some doc files... So now I use a drweb

0