Main Area and Open Discussion > General Software Discussion

Another reason to drop Kaspersky?

<< < (6/18) > >>

Stoic Joker:
I'm thinking the original is signature-based and the new beta (which I'm running at work) has (some) heuristics. But I wouldn't bet money on it...Just have a vague recollection of it being discussed.

You're right about the 0-day privilege escalation thing ... But I can't help but think of Defensive Driving, because nothing is 100% fool-proof. User is (supposed-to-be) the first line of defense.

I just wish the definitions updates would run automatically independent of Windows Update. Because it's easy to miss an update on a 24/7 machine that's waiting for you to hit go.

Bamse:
superboyac, you should read closely what CWuestefeld wrote. Norton Internet Security has something similar but are those core features of Kaspersky monster really unknown to you? They are not stupid bloat at all but made to improve less than perfect scanners, including MSE. Risky tactic but in theory you can click and install anything you want, nothing can go wrong as long as you do not interfer, like white listing quarantined files. Dumping real time protection would be stupid when you deliberately seek problems. With such demands you have probably made a good choice in Kaspersky if you decide to use it at full force. KIS is not overkill and MSE is not made to be tested the way you seem to compute. Will go wrong sooner than later. Visit any hacker forum to see how easy it is to avoid simple scanners. At least search "virus FUD", may be more hits with "fully undetectable". Test in a Virtualbox. Not being holy, just stating facts which might include some risk of FPs but not much to do about that.

May be you should consider the 100% foolproof method as was mentioned in another thread. Stop learning and worrying, just re-image computer. Returnil and others can do that. Windows SteadyState was mentioned as well, supported until 30. juni 2011.

patthecat:
I just wish the definitions updates would run automatically independent of Windows Update. -Stoic Joker (September 25, 2010, 10:46 AM)
--- End quote ---

I have several machines that are on 24/7 with Windows autoupdate turned off and yet the MS Security Essentials definitions are automatically updated daily.

superboyac:
superboyac, you should read closely what CWuestefeld wrote. Norton Internet Security has something similar but are those core features of Kaspersky monster really unknown to you? They are not stupid bloat at all but made to improve less than perfect scanners, including MSE. Risky tactic but in theory you can click and install anything you want, nothing can go wrong as long as you do not interfer, like white listing quarantined files. Dumping real time protection would be stupid when you deliberately seek problems. With such demands you have probably made a good choice in Kaspersky if you decide to use it at full force. KIS is not overkill and MSE is not made to be tested the way you seem to compute. Will go wrong sooner than later. Visit any hacker forum to see how easy it is to avoid simple scanners. At least search "virus FUD", may be more hits with "fully undetectable". Test in a Virtualbox. Not being holy, just stating facts which might include some risk of FPs but not much to do about that.

May be you should consider the 100% foolproof method as was mentioned in another thread. Stop learning and worrying, just re-image computer. Returnil and others can do that. Windows SteadyState was mentioned as well, supported until 30. juni 2011.
-Bamse (September 25, 2010, 11:34 AM)
--- End quote ---
This is exactly the kind of thing I need to consider.  You guys really don't have to tell me about the software I use.  I'm very familiar with Kaspersky.  I've used those sandboxing features, they are largely useless to me.  Sandboxing doesn't do anything for me.  Unless I start trying everything I install in a sandbox first, it is no good to me.  It's not like I intentionally download bad stuff and realize that I should probably run it in a sandbox first.  The only stuff I sandbox are large installations that get their fingers everywhere (MS Office new versions, Adobe stuff, Nero, etc.)  And I don't do it because I think they are unsafe, I do it because they are huge installs and i first want to see if it's worth it before committing to them.  For the sake of protection, i'd have to know i have a bad thing before i sandbox it.  That's why the whole sandboxing thing is nonsense to me.  if I knew it was bad, i wouldn't even bother testing it in the first place!  it's not like I'm thinking, "I'm pretty sure this is bad...I'll just sandbox it to be sure."  If I have any doubt, I don't do anything other than Shift-Delete.

I don't want to think.  I just want to be protected AND fast.

bamse, i know turning stuff off is risky.  That's why i don't do it.  I'm just curious if i can actually speed up my computer and still be idiot-safe.  The answer may be no, but I'd like to explore the possibilities.  So i agree with everything you are saying, and I may not find an answer.

I also don't like the image solution.  Imaging is a tough thing to do regularly.  Each image is so huge.  I've never found a way around that.  I'm really bad with imaging.  I intended to image regularly (monthly) but I never actually did it.  I did an initial image when Windows was first installed, but not much since then.  Like I said yesterday, I'll eventually have a home server with dozens of hard drives, and I'll be backing up and imaging and RAID-ing like a muthafu--a!

Bamse:
Well then you don't need Kaspersky or any other suite. You don't have to chose interactive instead of automatic http://support.kaspersky.com/faq/?qid=208281922 But I still say you should check out their forum and FAQs. Solution is manual tweaking of settings only those with program installed know about, have you set up a list of trusted apps? http://support.kaspersky.com/kis2011/tech?qid=208282089 Iswift/Ichecker is on? Do you need System Watcher when you don't see much point in sandbox theory? http://support.kaspersky.com/faq/?qid=208281830 Some modules might only become unnoticeable by turning them off, others can be tweaked. PDM used to be the big one, several versions ago http://support.kaspersky.com/kis2011/start?qid=208281949 Trial and error.

Slow Kaspersky is cpu spiking while doing X or Y?, crazy file activity? impossible to put finger on any Kaspersky process in task manager or monitor software, but computer runs much faster without prgram? May be only Kaspersky can fix your problem with a new patch. Most useful section of their forum could be BETA one http://forum.kaspersky.com/index.php?showforum=16 What they are trying to fix will point at problems with current version. That way you can get hints on how to tweak effectively.

Navigation

[0] Message Index

[#] Next page

[*] Previous page