5841
« on: June 29, 2009, 07:12 AM »
Interesting thing to note from the article is that they eliminated all of the FP's from all of the test group if they involved a key-gen/crack/etc. ... So if the AV company was trying to regulate morality, they don't get penalized for it (I still haven't really decided how I feel about that behavior).
Any how (that being said...) I used a production machine that GFi LANGuard said had some suspicious looking ports open on it.
A quick scan turned up nothing in about 10min.
(Assuming nothing had been found I did not rerun LANGuard at this point)
A full scan turned up about 30 items, but took 11hrs. ...Mind you it had 250Gig of files to scan, 35 of which were .iso's which it did scan inside of ... but Damn! 11 Hours!?! *Sigh*
Being that I let it scan everything, it managed to find all of my hacking tools (Duh!)...and it managed to (IMO) FP on Angryziber.com Angry IP Scanner ...But, everybody seems to do that which annoys me to no end.
The interesting part was that it did not react to any of the other network scanning utilities some commercial & some of my own that were on the drive. It also did not react to a line stressing ping utility I wrote that includes (for diagnostic purposes only...) a Smurf attack option. Which in earlier versions (which are archived on the drive in question) used the original Smurf attack source code. Now you'd think that kinda thing (Smurf.exe) would be easy to spot.
(Back to the results) So GFi Languard said there were 5 suspicious ports open. MSE's scan results found 30 items to question 25 were actually bad files collected from various places & 5 were FP's. None were active running evil files on the machine. However a rescan of said machine with GFi LANGuard...gave the machine a clean bill of health. So what it pulled from where without saying anything about it, is quite odd.
It is delightfully idiot simple to use, and there is no perceivable difference in machine performance. Hay if I gota bust out a stopwatch & a slide-rule to find a difference ... Then there ain't no difference. Even during the full scan (where most AV apps bring a machine to it's knees) I had no problems using the machine via RDP.
The machine in question is a Dell Dimension E521 with SATA HDDs, an Athlon 64 X2 3800+ (2.0Ghz) CPU, & 2GB of RAM running 32bit Vista Business Eddition.
End result being I'm impressed with it's tiny foot print, curious but optimistic about it performance, and completely baffeled with its results ... as it appears to have worked, but I'm not sure how (and appearently neither is it).