Can I get 95 % certainty to find the most serious viruses (Virut/Sality etc) with a combination of ZoneAlarm, Malwarebytes and Kaspersky?

Is it possible to get 95 % certainty to find the most serious viruses (Virut/Sality etc) with a combination of ZoneAlarm Extreme Security, Malwarebytes Anti-malware and Kaspersky?
LVL 1
hermesalphaAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

arixsinCommented:
While I would normally say that NOTHING would catch 95%, the combo of software you suggest are all extremely good.  

A good firewall that closes all unused ports is essential.  Windows firewall is sufficient in most cases these days. This still leaves common ports open to attack (like buffer overflow).  

Malwarebytes free edition is not appropriate in this case. If you pay for the full version with active monitoring, that would do the trick.

Kaspersky is just one of several really good AV programs.  Just make sure not to use any free versions. AVG free is decent, but a pay service would get you closer to the 95% success rate.

There is a 4th element that will get you there. You (or your users if you are an admin).  Training is the most important element.  Not to open suspicious  attachments, not to visit sketchy website, etc.

Good luck!
0
samithsukumarCommented:
give a try with Node32.
0
Mohamed OsamaSenior IT ConsultantCommented:
I can say yes here, a combination of the above tools can help you here ,especially the heuristic scan engine used by Kaspersky should help catch even unknown & new threats, as this relies on behaviour based detection, not just signature based scans.
however, be prepared that using all of the above programs simultaneously could have a negative impact on machine performance.
0
Big Business Goals? Which KPIs Will Help You

The most successful MSPs rely on metrics – known as key performance indicators (KPIs) – for making informed decisions that help their businesses thrive, rather than just survive. This eBook provides an overview of the most important KPIs used by top MSPs.

astralcomputingCommented:
Add a-aquared command line scanner to the system. Download it from here
http://download1.emsisoft.com/a2cmd.zip

Write a batch file called avscan.bat

add the following lines.

a2cmd /u
a2cmd /smart /m /t /c /h /r /a /n /delete

at the dos prompt, type in

at 02:00 /every:m,t,w,th,f,s,su "c:\PATH\avscan.bat"

This runs a manual av scan nightly at 02:00 with a second antivirus scanner.

This gives you a second antivirus scanner without have two memory resident scanners. Kaspersky is absolutely great as an antivirus and well worth the money, but if your paranoid about viruses, this gives you a second full scanner daily without the resident junk.

Definately get the Malwarebytes full version and between these three, the only thing that will get through is zero day viruses that do not show on heuristics scans by two antiviruses (which is hard).

With this, I'd say you will approach 98% of all known viruses and 98% of hueristics. Have patch management on that system (Windows Updates, WSUS or some kind of patch management) and I would call your server a "hardened" server.
0
hermesalphaAuthor Commented:
Thanks astralcomputing, this is definitely something I'll try! So with this avscan.bat, I can detect new unknown viruses? And it will take longer time to do the scan so I run it at nighttime, right?

I have three external HDD, total to search each night would be about 750 GB HDD (internal 250, external 500 GB). Is this possible, or would it take to long time?

When I've downloaded the zip file, do I just unzip and install? And then type in the command lines in Command prompt?

And of course, I would need to have my laptop powered on before going to bed, wouldn't I? But what about when I get automatically logged out, and I get to the welcome screen with password. Will my nightly scan start anyway?
0
arixsinCommented:
Nothing can find new unknown virus', that is why that are unknown........
0
Mohamed OsamaSenior IT ConsultantCommented:
>>Nothing can find new unknown virus', that is why that are unknown........
I beg to differ here, a good heuristic scan engine should detect the majority of unnown malware, based on behaviour and not just Signatures, for example a program trying to write to registry to deny access to regedit or task manager should flag red, another trying to inject its code to windows explorer should also flag red, trying to write to hosts file or an Autorun.inf file to the root of disk drives,etc..

0
astralcomputingCommented:
Hi Hermesalpha.

1. You do run the scan at night.
2. If you really have 750GB of data, it will take a long time to scan, so you may only be able to do this every other day. I'm sure you will work it out.
3. Just unzip the file into whatever directory you want. I recommend something short and on the root, so you can call the batch file easily. c:\dosav or something.
4. When you schedule a task from DOS using the AT command, it does not matter if you are logged in or not, the task runs with no screen interaction. If you want to see what is going on, double click on the batch script and run it interactively.
5. Admin3k is totally correct about heuristic scans.

Cheers
0
hermesalphaAuthor Commented:
astralcomputing,

some questions about typing the batch-file for the a-aquared command line scanner:

1. Should I type at 02:00 /every:m,t,w,th,f,s,su "c:\PATH\avscan.bat" at the third line in the batch file?
2. Where do I save the batch file?
3. Where is citation mark on a US keyboard?
0
astralcomputingCommented:
save the batch file anywhere you would like, but the dir where the a2cmd is stored is easiest.

do not put the at command in the batch, only run that once.

i don't know much about a citation mark :D
0
hermesalphaAuthor Commented:
at command is that @ command?
So I only make two lines in the batch files, and type the @ command at dos prompt to run the file?
Think I got it know, so @ is to run a file with parameters?

And I can store the a2cmd folder anywhere I guess, c:\program files\a2cmd?

If I temporarily want to stop using the nightly scan, how do I do that now that I only run the batch file once?

"   "  these are called citation mark :D, don't know where they are on my keyboard
0
hermesalphaAuthor Commented:
Astralcomputing,

do you mean that I don't even need to power on my laptop, the scan will run by itself as long as it is connected to a power outlet?

Patch management, is that to update regularly from Control Panel/Automatic updates and link to Microsoft?
0
younghvCommented:
For what you are describing, I would go with the AVG 8.x (current) product or AVAST. Either one will give you all of the protection you need for the AV/Anti-spyware side.

If you want to throw in something like Super-Antispyware or MalwareBytes (mentioned already), it won't interfere with your AV solution.

I have never been a fan of any software FW product. Use the native XP/Vista FW on your computers and add a small Linksys FW/Router (hardware) at your incoming internet connection.

Use a pre-built "HOSTS" protection (http://www.mvps.org/winhelp2002/hosts.htm) and sign up for their auto-mailer to notify you of updates.

Cookies - "First Party" set to 'Prompt' (Allow Session) and "Third Party" set to 'Block'.

Never surf the Internet with an account that has "Administrator" rights.

Ignore any advice about running multiple AV programs.
Multiple "Anti-spyware" applications normally will not interfere with each other -- although the more you load, the more of your processor/RAM you are going to use.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
hermesalphaAuthor Commented:
Thanks younghv, I have tried AVG before and it detected viruses that other AV didn't find. And it doesn't make sense any more to surf the internet with an Administrator account, I've learnt that now. I'll try your other suggestions also.

But I wonder about this batch file for nightly scanning for viruses (se posts from astralcomputing): I've managed to write it using Command prompt and saved it, but what do I do then?

1. at 02:00 /every:m,t,w,th,f,s,su "c:\PATH\avscan.bat" (how and where should I write this?)
2. won't I even need to have my Windows started for the scan to run?
0
hermesalphaAuthor Commented:
Regarding AVG: I only have a Celeron processor with 2 GB RAM, do you think AVG would slow down my processor too much? An alternative could be Eset Smart Security Suite, what do you think?
0
younghvCommented:
hermesalpha,
/opinion/
I have never read, seen, or heard of anyone recommending that activity (avscan.bat), and I think it is unnecessary.
/opinion/

I will tell you that any redundant task can be configured using the Windows "Scheduled Task" function in the Control Panel, so that you don't have to fool around with some kind of manual 'Batch Command'.

And - nothing is going to run when your computer is turned off. Scheduled tasks or batch command MAY start running as soon as you start up your computer - which could really be a drag on the system when you're trying to get started in the morning.

It has always been recommendation to run all computers 24/7. That is what they are designed to do and I see no reason for shutting them down at night.

You should also schedule all of your OS updates & AV/Anti-spyware "System Scans" to be done in the off-use hours. The scans can be pretty processor intensive - so do them when you aren't using the computer.

To answer your second post, this computer I'm typing on is running AVG 8.5 and it is currently using 4MB of RAM and 0 processor use.

Any AV program is going to take away a chunk of your processor capability if it is scanning during normal use - a key reason to schedule all  of your scans during off-use hours.
0
hermesalphaAuthor Commented:
Do you mean I should keep my laptop and Windows switched on all the time, 24 hours every day?
0
younghvCommented:
Any computer properly ventilated should be left on 24/7.
I have had some interesting debates about that over the years, but I have never waivered from my conviction (and being a stubborn kind of guy) probably never will.
0
hermesalphaAuthor Commented:
younghv,

I had some problem with installing AVG:

First, I felt unsecure when I had uninstalled my previous AV and begun to install AVG, because AVG wanted to connect to internet to download the installation files. This takes a long time, and I think I have no protection during this time. So I reinstalled my previous AV and switched it on during the download of AVG installation files.

After that, I uninstalled my previous AV (Eset Smart Security) and begun to install AVG. I couldn't restart my laptop after uninstalling Eset Smart Security (as prompted by the uninstallation wizard) because if I had restarted my laptop, I would have had to download the AVG installation files again (unprotected against viruses).

So I went through the AVG installation wizard and everything seemed fine. But when I finished installation, I received this warning:

"Action failed for registry value HKLM\SOFTWARE\Classes\Component Categories\{56FFCC30-D398-11DO-B2AE-00A0C908FA49}-1:409: creating registry value....Error 0x800703fa"

However, the dialogue box immediately after said that "Congratulations! AVG has been successfully installed on your computer." I wasn't sure about this whether it had been successfully installed or not, so I uninstalled AVG and now use Eset Smart Security until I know how to install AVG.

0
hermesalphaAuthor Commented:
So the problem is that I can't restart my laptop after uninstalling Eset Smart Security. Instead, as soon as I have uninstalled Eset Smart Security, I need to immediately install AVG with the downloaded installation files. If I would restart the machine, I would need to download the AVG installation files from internet unprotected against viruses.
0
younghvCommented:
Couple of things I would do here.
Download and install CCleaner - the basic 'cleaner' function is great for getting rid of all the junk (and worse) that accumulates in your profile.

Then, create a "Limited" account on your computer. If you are surfing the Internet with a 'Limited' account, you can't 'delegate' the privileges to malware to modify your system files.

Uninstall your old AV and reboot.
Run the "Registry" function of CCleaner to clean up all the residue left in your registry (make sure you accept the default "Do you want to Back up your registry?" warning.

You will probably have to run the Registry function three times to clear out all of the residue.

Re-boot again.

Log in with your Admin account and install AVG.
It will run the update automatically.

Unless your computer is infected already, you don't have to worry about getting an infection by running the updates from AVG.

When updated, do a full system scan - just as a precaution.

Finally - when you go surfing around the Internet - just goofing off as so many of us do --- use the Limited Account. To my knowledge, there has never been an example of malware that can use the 'Limited' account to infect a computer.

0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Anti-Virus Apps

From novice to tech pro — start learning today.