The Anti-Virus Solution

I’d had been working on a long comprehensive test of anti-virus suites out there. Then I realized after a quick google search that the work had been done for me already.

After hours of reading several sites and results I’d like to share a few with you and point you to the most detailed results. Don’t simply look at the initial score given by a reviewer. It is often misleading and not reflective of the product itself. Some sites rate the product not only in terms of its effectiveness as an anti-virus but the support options as well. I personally would not include support in my decision when choosing an anti-virus but you may be different.

I’m not going to tell you which security software is better because it is a subjective answer for some people. What I will do is show you where all the information is so that you can make up your own mind.

1. – AV-COMPARATIVES

This site offers a wealth of information for those will to dig a tiny bit for it. By clicking on the “Comparatives” tab you can choose to view the results of the two most recent tests. Please view both as they are different tests. The first one is a test of known viruses while the second is a test against unknown viruses as well as a look at false positive results.

2. PC WORLD

The above is one giant URL link to a chart with all the security suites they tested on a comparison chart. Saves you the time from selecting all of the suites and hitting the “compare” button.

3. Virus Bulletin

To view the more detailed results that this provides you do have to register but it generally echoes the information found on the previous two sites. This site is more than just an anti-virus comparison website. It also tracks malware and appears to have a large community behind it. Well worth registering for in my opinion.

Happy Reading!

6:33 AM | 0 komentar | Read More

ClamAV – Linux Anti Virus Solution

ClamAV is a GNU/GPL Antivirus application made for Unix-like operating system. It is primarily use to detect viruses and remove infected files from email attachements.

The default installation of ClamAV also includes a command line scanner to files for possible virus infection. The scanner has built in support to scan files inside :

• Common Archives (zip,rar,tar,gzip,bzip2,arj)
• Windows Compressed files (CHM,CAB,OLE2)
• Mail format (mbox, uuencode, base64)
• Common document files (html,pdf,rtf,sxw,odt)

Linux is safe and Secure, Why do you need anti virus on Linux ?
Although viruses in Unix-like operating system is uncommon, ClamAV is still handy if you want to weed out those viruses from spreading through your mail system and using your computer server as a vector.

Using ClamAV
Using ClamAV is easy, to scan for viruses you only need to use the 'clamscan' command

$ clamscan

/home/mypapit/mypapit.js: OK
/home/mypapit/ubuntu_service.png: OK
/home/mypapit/style.css: OK
/home/mypapit/repo1.png: OK
/home/mypapit/bg_button2.jpg: OK
/home/mypapit/repo1tn.png: OK
/home/mypapit/ChiSquareDistribution.zip: OK
/home/mypapit/javapackage.png: OK
/home/mypapit/jdk14.png: OK

The scanner will detect any known viruses and alert you and a summary will be displayed at the end of the command.

add '--remove' switch to remove the files that has been detected by virus.

$ clamscan --remove

Note that ClamAV has a policy of 'sanitizing' any files infected by viruses, that means it will delete the files permanently (it has no 'heal' or 'repair' option).

Updating Virus Database
Keeping up to date with ClamAV is easy, you just need to run freshclam to download the latest virus database from ClamAV servers.

$ sudo freshclam

The official website for ClamAV is on http://clamav.net, hopefully with this post, you can explore more option about fighting viruses on Linux based operating system.

6:31 AM | 0 komentar | Read More

Auditing Anti-Virus Products with Nessus

For credentialed scans of Windows systems, Nessus can detect the presence of many leading anti-virus solutions. This blog entry will discuss what sort of information can be reported, how this is relevant for compliance and vulnerability audits and the specific anti-virus solutions supported.

Auditing Anti-Virus Deployments

Nessus uses credentialed scans of Windows systems to audit the local files and registry settings to determine both the presence of an anti-virus solution, if it is indeed running and if it is up to date.

For supported anti-virus solutions, a separate Nessus plugin is used to specifically identify that software and determine if the signatures are up to date. At Tenable, our research group monitors vendor signature updates for each solution and then updates the corresponding Nessus plugin. To take advantage of this sort of auditing, your Nessus scanners should be subscribed for either the Registered Feed or the Direct Feed.

There are many reasons why an anti-virus solution can't receive an updated list of new signatures. Some of these could be due to licensing issues, expiring demos or even network connectivity issues such as DNS or firewall changes. In some cases, mal-ware or a new virus may have gotten into a system and explicitly attacked the existing anti-virus solution.

For IT organizations that wish to minimize complexity, detecting unauthorized anti-virus solutions present on the corporate network is very useful. Having multiple anti-virus solutions on one system can lead to performance, compatibility and stability issues.

Compliance and Vulnerability Auditing

For compliance, if an organization has selected one or more anti-virus solutions, being able to audit this with Nessus can prove to an auditor that a solution is indeed installed, in use and up to date. Residing solely on software enumeration won't let you know if an anti-virus has been installed, but has been disabled. It also won't let you know if the license or network connectivity is up to date.

Depending on the function of a system that is being scanned by Nessus, not having an anti-virus solution may be considered a vulnerability. Also, if it is assumed that a system is protected by an anti-virus solution, but in fact the solution isn't running, or does not have the latest signatures then it isn't really protected.

Detected Anti-Virus Applications

At the time of this writing, the following anti-virus solutions are detected as installed, running and up-to-date by Nessus:

• #24232 BitDefender Check
• #20284 Kaspersky Anti-Virus Check
• #12107 McAfee Anti Virus Check
• #21608 NOD32 Antivirus System Check
• #12106 Norton Anti Virus Check
• #12215 Sophos Anti Virus Check
• #20283 Panda Antivirus Check
• #21725 Symantec Anti Virus Corporate Edition Check
• #16192 Trend Micro Anti Virus Check
• #24344 Windows Live OneCare AntiVirus Check

Nessus also has plugin #16193 which aggregates the results from these other plugins. It is useful if you are in a multiple anti-virus solution environment and just want to find hosts that have a solution installed and operational.

The above plugins only report an issue if a problem is found with the detected anti-virus solution. Plugin #16193 reports if a system does have a known working anti-virus solution.

6:30 AM | 0 komentar | Read More