Symantec needs to read some tutorials

Apparently they don't know how to unpack UPX:

hxxp://www.zdnet.com.au/news/security/0,2000061744,39180674,00.htm

Pretty funny just read it on slashdot.org too. I think they should rethink the way they identify viri, not real big fan on the current way they detect them using virus defentions.

Pathetic, glad I use kaspersky :> Norton's really gone down hill the last couple years and I guess they just keep sliding..

[elephant]

For those interested:

- Original Symantec advisory
hxxp://www.sarc.com/avcenter/security/Content/2005.02.08.html

- ISS advisory
hxxp://xforce.iss.net/xforce/alerts/id/187

- Secunia advisory
hxxp://secunia.com/advisories/14179/

[aldente]

i'd recommend nod32

quite good results, and - what is much more important to me - the fastest scanner available and you turn off checking executables before they are being loaded, so you can scan just what YOU want

no problems so far with different software-products, while norton-bullshit is famous for it's problems. in addition, nav is designed for dummy-users

Interesting related story from article pointed by MrAnonymous:
Does anybody like Norton AntiVirus? and this pragraph:
"So the situation right now is that Norton AntiVirus 2005 ?which costs more than AU$90 from Symantec�s Web site and is labelled "The world's most trusted antivirus solution" -- can be fooled by a simple script into turning off its auto-protect functionality and leaving the computer at a malicious user's mercy."

I'm using Kaspersky and it is fine but the problem is that it slows down the computer big time...ingoring the fact that on it took 3 hours to perform a full system scan on 2 drives.

Does anybody here have expirience with good anti vir/trojan tool that will work in background and be almost "invisible".

10x to all suggestion in advance

I got a virus becuse of Norton once. The virus was packed with UPX Norton didn't detect it.
Now I use kaspersky and know trouble yet.

[WhoCares]

NAV Corp Edition 8.0(latest is v9.x) hang my system when I open a folder which contains a exe file generated by ASPackDie. I reproduced it by sending the generated exe to my friends. But if I manually unpack the packed exe, it's ok.

WhoCares could you hook me up with that file or a file which is packet with same packer (version), we use both corp versions here at my job, would be nice 2 test it

[xobor]

@AgentSmith

try nod32 - is fast and don't use much resources

or try avast home - it's free and new version is much faster then previous

regards

[WhoCares]

spokey,
I encountered that problem about one year ago when I unpacked UltraISO with ASPackDie, so it's a pity to have no such an exe file now. I remember that I disabled the real-time file protection of NAV then the exe ran well. I think there must be some bug in NAV engine driver so that it can't handle malformed PE file.

Personally I found the corp edition to be better than the regular editiont they give out. I don't like either truely but if I had to chose the lesser of two evils, that's what I would choose.

Also back when IE 6.0 was getting bombed (it still is in many respects) with ActiveX spyware I ran into a virus that disabled Norton (Normal Edition) because nortan used IE 6.0's API in their software. Then it downloaded the rest of the virus and installed itself.

Quite creative and ingenious if you ask me but that's how most viruses are. Ingenious.

Either way, I like Bit Defender and as AgentSmith said, kaspersky.

[dyn!o]

Guys, I suppose this thread went a little exaggerated. I don't care about Symantec AV (I don't use it because it takes too much resources) but here goes my humble opinion.

The problem is not that Symantec cannot handle UPX (for sure they can) but Symantec Norton Anti-Virus engine vulnerabilitiy. I believe the problem should be treated rather as Symantec SDE/T team oversight. Similar kind of vulnerabilities exist in many titles but the more popular "exploited" application is the sooner and louder you will hear about it. World's monopolists are in the worst situation - each day hundreds of people are trying to find bugs and exploits.

If you are really interested if they have problems with packers (ASPack, UPX, PECompact, etc.) then answer is NO. They (Symantec, Kaspersky, McAfee) do have problems but with advanced protectors (for instance: few viruses were protected with XProtector + XP VM signatures) and advanced metamorph engines (own made) used in few viruses.

Regards.

Hi Eskimobob ,

Norton AV has a dll named "OfficeAv.dll" that could be loaded whenever the IE downloads some ActiveX or files .

Quote:

Originally Posted by Eskimobob

..Also back when IE 6.0 was getting bombed (it still is in many respects) with ActiveX spyware I ran into a virus that disabled Norton (Normal Edition) because nortan used IE 6.0's API in their software. Then it downloaded the rest of the virus and installed itself...

May be this dll doesn't treated well , but what about the NAV guard ? (ofcourse , as it uses most of the resources , users disable it first! ) did u disable it ?
in my book , no antivirus is reliable exactly , for each of the has some disadvantages .
you yourself should protect your system . while all recent viruses are almost only a worm (they don't infect a file) .
Viruses are good teachers !

[jjhsd]

I don't use any AV program, as virus definition always comes after new virus, which means it is too late in most time.