I can say it's a very good software!
Remain suspicious because Chinese are considered as hiding muck in programs them.
我可以說,這是一個非常良好的軟件!
仍然可疑,因為中國被視為藏匿在淤泥程序。
This program is one of the best free softwares to date. It is, IMO, an over all antimalware solution. It is also also light on resources and one of the fastest at scanning (maybe a threat on kaspersky's scanning speed???) scanning a 160 gb hard drive around more or less 25 mins. by the way with all updates it is v.20.56.41 already. Just try and test this one as i have tried and tested it. The only downside of it is that it is a big file and not recommended for users preferring small file security programs.
這一計劃是其中一個最好的免費軟件,以日期。這是,海事組織,一所有antimalware的解決辦法。這亦是輕,也對資源和最快的國家之一,在掃描(也許威脅,卡巴斯基的掃描速度? ? ? )掃描1 160 GB硬盤周圍更多或更少25分鐘。由這樣的所有更新,這是v.20.56.41已經。剛剛嘗試和測試此一正如我剛才是經得起考驗的。唯一的缺點,那就是它是一個大的文件和不建議用戶喜歡的小檔案,安全程序。
For RISING AV, definitions (virus definitions) aren't the best of market, it's his HIPS that makes diferences with other AV's. I know people that disable on-time virus def. protection and works only by RISING HIPS. But appropiate configuration must be mandatory.
I'm thinking RISING needs more developement, but seems they are in the good way and if they maintain the free option for life, they can become a must for the future free security software.
This software is a full integrated antimalware/antivirus/antispyware solution, and less intrussive than others plus less resources needs.
I'm suggesting two links for RISING questions or informations:
* [url=http://anonym.to/?http://www.wilderssecurity.com/showthread.php?t=213187]Wilders Security Forums[/url]
* [url=http://anonym.to/?http://www.raymond.cc/blog/archi ... g-free-alternative/]Raymond.cc[/url]
上升的AV ,定義(病毒定義)是不是最好的市場,這是他的臀部,使diferences與其他著名的。我知道人們認為,禁用對兼職的病毒高清。保護和工程只有不斷上升的臀部。但適當的配置必須是強制性的。
我的思維上升,需要更多的開發,但似乎他們是在良好的方式,如果他們保持自由的選擇生活,他們可以成為一個必須為未來的免費安全軟件。
這個軟件是一個全面的綜合antimalware /防病毒/反間諜軟件解決方案,而較少intrussive比別人加更少的資源需求。
我建議兩個環節崛起的問題或信息:
* wilders安全論壇
* raymond.cc
A simple test for check AV's software capabilyties about packed ".exe's".
I've downloaded to "Virus Total" (online virus scan) a file (.exe) that is a game installer (Galaxy Invaders). I know well this file and when is executed install the game plus some bad stuff, exactly "Bargain Buddy" and these adds are very well knowed by all security software's of the market.
Well, the test results of an on-line scan of the .exe file:
Análisis del archivo Galaxy_Invaders.exe recibido el 10.08.2008 00:44:27 (CET)
Motor antivirus Versión Última actualización Resultado
AhnLab-V3 2008.8.9.0 2008.08.08 -
AntiVir 7.8.1.19 2008.08.09 -
Authentium 5.1.0.4 2008.08.09 -
Avast 4.8.1195.0 2008.08.09 Win32:TSUpdate
AVG 8.0.0.156 2008.08.09 -
BitDefender 7.2 2008.08.10 Trojan.Downloader.TSUpdate.E
CAT-QuickHeal 9.50 2008.08.08 -
ClamAV 0.93.1 2008.08.09 -
DrWeb 4.44.0.09170 2008.08.09 Trojan.Isbar.99
eSafe 7.0.17.0 2008.08.07 -
eTrust-Vet 31.6.6021 2008.08.08 -
Ewido 4.0 2008.08.09 -
F-Prot 4.4.4.56 2008.08.08 -
Fortinet 3.14.0.0 2008.08.09 -
GData 2.0.7306.1023 2008.08.09 Trojan-Downloader.Win32.TSUpdate.e
Ikarus T3.1.1.34.0 2008.08.09 -
K7AntiVirus 7.10.408 2008.08.09 -
Kaspersky 7.0.0.125 2008.08.10 Trojan-Downloader.Win32.TSUpdate.e
McAfee 5357 2008.08.08 -
Microsoft 1.3807 2008.08.09 -
NOD32v2 3342 2008.08.09 -
Norman 5.80.02 2008.08.08 -
Panda 9.0.0.4 2008.08.09 -
PCTools 4.4.2.0 2008.08.09 -
Prevx1 V2 2008.08.10 -
Rising 20.56.41.00 2008.08.08 Trojan.DL.IstBar.ant
Sophos 4.32.0 2008.08.09 Troj/Istbar-ER
Sunbelt 3.1.1538.1 2008.08.09 -
Symantec 10 2008.08.10 -
TheHacker 6.2.96.395 2008.08.08 -
TrendMicro 8.700.0.1004 2008.08.08 -
VBA32 3.12.8.3 2008.08.09 -
ViRobot 2008.8.8.1329 2008.08.08 -
VirusBuster 4.5.11.0 2008.08.09 -
Webwasher-Gateway 6.6.2 2008.08.09 -
Información adicional
Tamano archivo: 2959083 bytes
MD5...: e7c502a7fbb00c0c44a63386c731d007
SHA1..: 8d0e8a90ec6e341313aee546fc4ddfb2e14298ac
SHA256: 9848f3a47570da868a06715c57db38f18028370c9f409603c9d0e503476e659f
SHA512: 425f7e35d3d458de90aa876321a22dff8d09ccc686f875c0efe17d99bc153fca<br>c8ef0ade0b8c1814cdd9d5186ab1d4f59765c3f8c9a8e7f894e3ac246690aa55
PEiD..: -
PEInfo: PE Structure information<br><br>( base data )<br>entrypointaddress.: 0x409264<br>timedatestamp.....: 0x2a425e19 (Fri Jun 19 22:22:17 1992)<br>machinetype.......: 0x14c (I386)<br><br>( 8 sections )<br>name viradd virsiz rawdsiz ntrpy md5<br>CODE 0x1000 0x899c 0x8a00 6.58 115b61e1c5465331d9474f97dba7cecc<br>DATA 0xa000 0x248 0x400 2.73 bdcce76ec0f282cbbb668e7d373997fd<br>BSS 0xb000 0xe50 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e<br>.idata 0xc000 0x8c2 0xa00 4.24 1620d6ec7f3163d926b520226c9399bd<br>.tls 0xd000 0x8 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e<br>.rdata 0xe000 0x18 0x200 0.20 d293bf8d4ebe9826d58e1d27c25fe4b6<br>.reloc 0xf000 0x844 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e<br>.rsrc 0x10000 0x2800 0x2800 4.28 1677d9f9e71668a9cdf62710c911cb89<br><br>( 8 imports ) <br>> kernel32.dll: DeleteCriticalSection, LeaveCriticalSection, EnterCriticalSection, InitializeCriticalSection, VirtualFree, VirtualAlloc, LocalFree, LocalAlloc, WideCharToMultiByte, TlsSetValue, TlsGetValue, MultiByteToWideChar, GetModuleHandleA, GetLastError, GetCommandLineA, WriteFile, SetFilePointer, SetEndOfFile, RtlUnwind, ReadFile, RaiseException, GetStdHandle, GetFileSize, GetSystemTime, GetFileType, ExitProcess, CreateFileA, CloseHandle<br>> user32.dll: MessageBoxA<br>> oleaut32.dll: VariantChangeTypeEx, VariantCopyInd, VariantClear, SysStringLen, SysAllocStringLen<br>> advapi32.dll: RegQueryValueExA, RegOpenKeyExA, RegCloseKey, OpenProcessToken, LookupPrivilegeValueA<br>> kernel32.dll: WriteFile, VirtualQuery, VirtualProtect, VirtualFree, VirtualAlloc, Sleep, SetLastError, SetFilePointer, SetErrorMode, RemoveDirectoryA, ReadFile, GetWindowsDirectoryA, GetVersionExA, GetUserDefaultLangID, GetSystemInfo, GetSystemDefaultLCID, GetProcAddress, GetModuleHandleA, GetModuleFileNameA, GetLocaleInfoA, GetLastError, GetFullPathNameA, GetFileSize, GetFileAttributesA, GetExitCodeProcess, GetEnvironmentVariableA, GetCurrentProcess, GetCommandLineA, InterlockedExchange, FormatMessageA, DeleteFileA, CreateProcessA, CreateFileA, CreateDirectoryA, CloseHandle<br>> user32.dll: TranslateMessage, SetWindowLongA, PeekMessageA, MsgWaitForMultipleObjects, MessageBoxA, LoadStringA, ExitWindowsEx, DispatchMessageA, DestroyWindow, CreateWindowExA, CallWindowProcA, CharPrevA, CharNextA<br>> comctl32.dll: InitCommonControls<br>> advapi32.dll: AdjustTokenPrivileges<br><br>( 0 exports ) <br>
packers (Kaspersky): PE_Patch, ASProtect, UPX, Swf2Swc, Swf2Swc, Swf2Swc, UPX
packers (Avast): UPX
AVIRA ANTIVIR, NORTON, NOD32 and others fail and detect nothing.
I repeated the scan in my laptop using AVIRA ANTIVIR and RISING AV and the results are the same.
With AVIRA, nothing to say, detects nothing.
With RISING AV (on-demand scan) the results are very different, detects 2 bad files inside the .exe file ("Trojan.DL.IstBar.ant" and "Bargain Buddy add"). When I clicked delete or clean, the .exe file remains untouched (I've scanned more times the same for assure this). Nothing was quarantined, desinfected or deleted. I'm thinking RISING decompress or execute the installation file for scanning it in a secure directory (sandbox), and erases all bad after, but from the secure directory nor from the source directory.
When I've executed the .exe, the real-time RISING protection blocked all attempts for install & connections from this bad stuff and allows the installation of the game, but some files with no showed activity where writed to my system. These files are detected bad when I've uploaded these to VIRUS TOTAL on-line virus scanner by AVIRA ANTIVIR, but not for RISING AV (because not detected by signature definitions).
My own conclussion: RISING detects well suspicious activity of unknown threats and AVIRA ANTIVIR not, but AVIRA has better signature definitions. Plus, RISING AV is more effective scanning installation files (.exe) and AVIRA ANTIVIR not, fails with it.
一個簡單的測試檢查著名的軟件capabilyties約包裝“的。 exe的” 。
我已經下載到“病毒的總” (在線病毒掃描)文件( 。 exe )的,這是遊戲安裝(銀河侵略者) 。我清楚知道這個檔案時,執行安裝遊戲,另加一些不好的東西,正是“討價還價好友” ,這些增加了很好的knowed所有安全軟件的的市場份額。
那麼,測試結果一上線掃描。 exe檔案:
設計分析刪除文件為galaxy_invaders.exe recibido下午2008年8月10日0時44分27秒(中歐)
汽車防病毒版本上次更新時間actualización resultado
ahnlab - v3的2008.8.9.0 2008.08.08 -
antivir 7.8.1.19 2008.08.09 -
authentium 5.1.0.4 2008.08.09 -
avast 4.8.1195.0 2008.08.09的Win32 : tsupdate
平均8.0.0.156 2008.08.09 -
bitdefender 7.2 2008.08.10 trojan.downloader.tsupdate.e
貓捉老鼠的quickheal 9.50 2008.08.08 -
的ClamAV 0.93.1 2008.08.09 -
drweb 4.44.0.09170 2008.08.09 trojan.isbar.99
esafe 7.0.17.0 2008.08.07 -
的eTrust -審核31.6.6021 2008.08.08 -
ewido 4.0 2008.08.09 -
架F - prot 4.4.4.56 2008.08.08 -
Fortinet的3.14.0.0 2008.08.09 -
gdata 2.0.7306.1023 2008.08.09木馬- downloader.win32.tsupdate.e
ikarus t3.1.1.34.0 2008.08.09 -
k7antivirus 7.10.408 2008.08.09 -
卡巴斯基7.0.0.125 2008.08.10木馬- downloader.win32.tsupdate.e
McAfee的5357 2008.08.08 -
微軟1.3807 2008.08.09 -
nod32v2 3342 2008.08.09 -
諾曼5.80.02 2008.08.08 -
熊貓9.0.0.4 2008.08.09 -
pctools 4.4.2.0 2008.08.09 -
prevx1的V2 2008.08.10 -
上升20.56.41.00 2008.08.08 trojan.dl.istbar.ant
Sophos的4.32.0 2008.08.09 troj / istbar兒
sunbelt 3.1.1538.1 2008.08.09 -
賽門鐵克10 2008.08.10 -
thehacker 6.2.96.395 2008.08.08 -
趨勢8.700.0.1004 2008.08.08 -
vba32 3.12.8.3 2008.08.09 -
virobot 2008.8.8.1329 2008.08.08 -
virusbuster 4.5.11.0 2008.08.09 -
Webwasher等網關6.6.2 2008.08.09 -
其它信息
tamano文件為: 2959083字節
MD5的... : e7c502a7fbb00c0c44a63386c731d007
sha1 .. : 8d0e8a90ec6e341313aee546fc4ddfb2e14298ac
sha256 : 9848f3a47570da868a06715c57db38f18028370c9f409603c9d0e503476e659f
sha512 : 425f7e35d3d458de90aa876321a22dff8d09ccc686f875c0efe17d99bc153fca <br> c8ef0ade0b8c1814cdd9d5186ab1d4f59765c3f8c9a8e7f894e3ac246690aa55
peid .. : -
avira antivir ,諾頓, 32和別人不和偵查無關。
我重複掃描在我的筆記本電腦使用avira antivir和不斷上升的AV和結果是相同的。
與avira ,無話可說,偵測無關。
與上升的AV (對按需掃描)的結果有很大的不同,檢測到2壞的檔案內。 exe檔案( “ trojan.dl.istbar.ant ”和“討價還價好友添加” ) 。當我點擊刪除或清潔, 。 exe文件仍然原封不動(我已經掃描更多的時間,同時為保證本) 。沒有被隔離, desinfected或刪除。我的思維上升減壓或執行安裝文件進行掃描,它在一個安全的目錄(在Sandbox ) ,並刪除所有壞後,但是從安全的目錄,也沒有從源頭上目錄。
當我已經執行的。 exe ,實時上升保護阻止一切企圖為安裝與連接,從這個壞的東西,並允許安裝的遊戲,但有些文件沒有顯示,活動writed我的系統。這些文件是檢測壞時,我已上載這些病毒的總上線病毒掃描,由avira antivir ,而不是上升的AV (因為沒有檢測到簽名的定義) 。
我自己的結論:上升,以及偵測可疑活動的未知的威脅和avira antivir沒有,但avira有更好的簽字的定義。另外,上升的AV是更有效的掃描安裝文件(的。 exe )和avira antivir沒有,失敗。
It has an excellent detection because it is a HIPS program with antivirus (but I guess it is presented as an antivirus with HIPS) much like that of threatfire pro and even much better because of not too much FP's. Its virus signatures is also much better than PC tools (but not with the avira or kaspersky or other excellent AV's). I guess its paid version comes with a built in firewall while the free does not have one. I really don't know how good or effective its firewall and have not either found sites containing leak tests on its firewall. So far it is very light on resources and even light when scanning (and fast too). I also tested and it even works on a P4 1.7 256 mb RAM, 64 mb vc with 40 gb HD with win XP OS and still not slow down the PC. Again its only downside is that it is somewhat a huge file.
直接英文好了~
[ 本帖最后由 英仔 于 2008-8-11 22:47 编辑 ] |
发表于 2008-8-10 19:30:53
发表于 2008-8-10 19:33:54
楼主
