We have been down for nearly a week as a result of a DDoS. We needed to switch providers. We apologize for any inconvenience this may have caused.

There may be some bugs which occur as a result of the move. Please let us know if you find any.

Thank you --Robin 21:14, 15 July 2008 (UTC)

From CastleCopsWiki

[edit] Anti-Virus

Many AntiVirus companies have released "Home Edition", "Personal Editions" versions of their full product (which include real time protection) for free personal use. Add the many on demand scanners available for a second opinion, and the possibility of a third opinion with full disk online scans of practically every major antivirus product, there seems little reason to pay for a commercial product if one doesn't want to.

Screenshots
Selection of AntiVirus snapshots:
(Click to enlarge)

Avira AntiVir PersonalEdition Classic

Avast! Home Edition

AVG Anti-Virus Free Edition

BitDefender 8 Free Edition

ClamWin Free Antivirus

Comodo AntiVirus

Dr.Web CureIt!

Prevx Computer Security Investigator (CSI)

PC Tools AntiVirus

Kaspersky Virus Removal Tool

Norton Security Scan

-

[edit] Memory Resident antivirus

[edit] Popular

1. Avira AntiVir PersonalEdition Classic (nagware, nags on update)- http://www.free-av.com/ -manual signature update download, How to disable nagscreen
2. Avast! Home Edition - http://www.avast.com/eng/avast_4_home.html
3. AVG Anti-Virus Free Edition - http://free.grisoft.com/
4. Active Virus Shield -http://www.activevirusshield.com/antivirus/freeav/index.adp? Discontinued for new users 1st Aug 2007

The big three freeware antiviruses have traditionally being AntiVir, AVAST! and AVG.

AntiVir in recent times has dominated some on-demand anti-virus tests, with results rivaling that of even top ranked antiviruses like Kaspersky Anti-Virus (KAV). AntiVir however lacks a email scanner unlike the other two, and updates from the free version are very slow (manual updates by downloading the virus update file from the website are faster) and does not offer protection against spyware and adware.

AVAST! provides additional features like Webshield (HTTP shield), IM/P2P shields on top of the standard resident shields. Experts differ on how important such features are (particularly the ability of http shield to handle exploits) given the existence of a classic file resident shield.

AVG is probably the most popular of the three antiviruses. The new release of AVG 8 does not have anti-rootkit abilities but merges/includes antispyware that was formerly in AVG Antispyware.

AOL Active Virus Shield (discontinued) is based on KAV 6. AOL has now replaced AOL Active Virus Shield with McAfee® VirusScan Plus (see below). This provides a more comprehensive range of protection covering email, IM as well as Buffer overflows and a system guard of various hijack points. There is also an option to install the whole suite including the firewall.

[edit] Others

1. Comodo AntiVirus/ Comodo Anti-Viruspyware (CAVS) (betaware) -http://www.antivirus.comodo.com/
2. ClamAV (open source)- Available with http://sourceforge.net/projects/clamrt/ or Spyware Terminator or Winpooch
3. CyberDefenderFREE - http://www.cyberdefender.com/ ad-supported (non-intrusive banners in interface)
4. Esafe - http://www.freedownloadscenter.com/Utilities/Anti-Virus_Utilities/eSafe_Desktop.html Outdated
5. Malware Immunizer - http://faltronsoft.org/index.php?option=com_content&task=view&id=19&Itemid=20
6. McAfee® VirusScan Plus – Special edition from AOL - http://safety.aol.com/isc/BasicSecurity/ 1 year only?
7. Moon Secure Antivirus (open source)- http://sourceforge.net/projects/moonav
8. PCclear Antispyware with Free Antivirus - http://www.softpedia.com/get/Antivirus/PCclear.shtml unverified
9. PC Tools AntiVirus (nagware) - http://www.pctools.com/free-antivirus/ based on VirusBuster engine.
10. RISING Antivirus Free Edition -http://www.freerav.com/ Some Setup tips for the HIPS part of Rising

ClamAV is an open source project, it probably works best on email gateway servers rather than on host personal machines. The main project does not offer real time protection but there's a project to implement real time scanning or you could use Spyware Terminator with ClamAV. Moon Secure Antivirus is yet another ambitious open source project but currently uses only ClamAV signatures for real time protection.

All the other freeware antiviruses are probably too new and are not mature enough (needs to catch up with databases) to be worth considering. Comodo AntiVirus is still immature, tests by AV-comparatives show it is still far below the levels of most conventional antivirus. It also incorporates executable whitelisting.

Malware Immunizer is an unorthodox (and probably ineffective) approach to preventing malware by creating harmless text files with the same names of files created by malware.

McAfee® VirusScan Plus – Special edition from AOL - is a complete suite offered by AOL for free that includes McAfee anti-virus, antispyware, firewall and system guards.

RISING Antivirus Free Edition is a new free version of Rising Antivirus (a popular antivirus solution in China). Among all free antivirus, it provides one of the most comprehensive sets of features including real time protection, script protection,HIPS features like registry protection, file protection and application protection/control.

[edit] On Demand antivirus scanners

[edit] Popular

1. BitDefender 10 Free Edition - http://www.bitdefender.com/bd/site/downloads.php?menu_id=21
2. ClamAV (open source) - http://www.clamwin.com/
3. Dr.Web CureIt! - http://download.drweb.com/drweb+antivirus+free+services/#0
4. Kaspersky Virus Removal Tool (betaware) - http://avptool.virusinfo.info/en/
5. Malicious Software Removal Tool - http://www.microsoft.com/security/malwareremove/default.mspx
6. MicroWorld Free AntiVirus Toolkit Utility (MWAV) - http://www.mwti.net/products/mwav/mwav.asp Does not disinfect .
7. Norton Security Scan (Special version from googlepack that cleans) - http://pack.google.com/intl/en/pack_installer.html?hl=en&gl=us
8. Prevx Computer Security Investigator (CSI) - http://www.prevx.com/freescan.asp

One problem with running multiple anti viruses is that conflicts can sometimes occur.Some antiviruses will not install if they detect the presence of another antivirus installed. Of course, you can use Online scanners but these have their own problems. Most of the antiviruses here (with the exception of BitDefender 10 Free Edition and Kaspersky Virus removal tool) are standalone executables that do not install any files or services (all resides in one directory) hence they can be used and removed without any problems. http://www.mwti.net/products/mwav/mwav.asp MWAV which uses the top notch KAV engine used to be popular, however it does not infect, and has annoying false positives with registry entries.

Kaspersky Virus removal tool is a recent (Dec 07) tool released by Kaspersky that does disinfect but still in beta. It will no doubt be popular, as this is the only free KAV disinfection tool (the online scan service also does not disinfect).

Others worth considering are Dr.Web CureIt!, Norton Security Scan and BitDefender 8 Free Edition (though BitDefender is heavy and installs a lot of unnecessary services) because they are top notch antiviruses that can be used as backup scanners.

Prevx Computer Security Investigator (CSI) checks for only active malware but does not scan the whole hard-disk.

[edit] Others

1. ArcaMicroScan - http://www.arcabit.com/products_arcamicroscan.html
2. Antidote - http://www.vintage-solutions.com/English/Antivirus/Super/
3. F-PROT (Dos) - http://www.f-prot.com/products/home_use/dos/
4. Panda commandline scanner - http://research.pandasoftware.com/blogs/research/archive/2007/07/18/Free-commandline-scanner.aspx
5. Multi virus cleaner - http://www.viruskeeper.com/us/mvc.htm
6. ThreatExpert Memory Scanner (TEMS) (beta)- http://www.pctools.com/memory-scanner/
7. VTE Virus scanner - http://www.theory-x.net/users/erick/tt/vte/VTE.HTM

Mostly second tier or outdated products. F-PROT for Dos is respectable though development has stopped (signature updates are still available). Similarly Panda commandline scanner is meant for "research purposes" "or those who wish to implement malware scanning in a not-for-profit project" only. Multi virus cleaner is despite its name not a multi-engine antivirus, rather it is a offering by VirusKeeper, a relatively new anti-malware company.

ThreatExpert Memory Scanner (TEMS) ,new on-demand scanner that scans only the memory. By Pctools, makers of Spyware doctor and ThreatFire.

[edit] On demand (specific cleaners)

1. Avast! Virus Cleaner - http://www.avast.com/eng/down_cleaner.html
2. AVG removal tools - http://www.grisoft.com/doc/34/us/crp/0
3. Bitdefender removal tools - http://www.bitdefender.com/site/Downloads/browseFreeRemovalTool/
4. Etrust removal tools - http://www3.ca.com/securityadvisor/newsinfo/collateral.aspx?CID=40387
5. F-secure removal tools - http://www.f-secure.com/download-purchase/tools.shtml
6. KAV removal tools - http://www.kaspersky.com/removaltools
7. McAfee Stinger - http://vil.nai.com/vil/stinger/
8. McAfee Removal Tools - http://us.mcafee.com/virusInfo/default.asp?id=vrt
9. Multi-AV (includes Malware removal utility incorporating multiple command line scanners inclucing McAfee, Sophos, Kaspersky and Trend engines.) - http://www.pctipp.ch/downloads/dl/35905.asp ,similar script(beta),
10. Multi Virus Cleaner - http://www.viruskeeper.com/us/mvc.htm
11. Norman NGenFix - http://www.norman.com/Virus/Virus_removal_tools/en-us
12. Panda repair utilities - http://www.pandasoftware.com/download/utilities/
13. Sophos - http://www.sophos.com/support/disinfection/
14. Symantec removal tools - http://www.symantec.com/enterprise/security_response/removaltools.jsp
15. Trend Sysclean - http://www.trendmicro.com/download/dcs.asp
16. Virusbuster removal tools - http://www.virusbuster.hu/en/downloads/free/
17. See also List of freeware antispyware specific cleaners

Generic tools to remove specific malware or groups of popular/common malware encountered. Use this, if you know what malware has infected the machine and/or you don't want or can't install the full antivirus packages. Multi-AV is particularly interesting since it is a program written that automates the handling of several of the programs listed here.

[edit] Bootdisks

1. Alternate Operating System Scanner - http://www.pctools.com/aoss/
2. Avira AntiVir Rescue System - http://www.free-av.com/en/tools/12/avira_antivir_rescue_system.html
3. Bitdefender Linux Live cd - http://archive.bitdefender.com/bd/site/mirrors.php
4. Kaspersky Rescue Disk - http://fileforum.betanews.com/detail/Kaspersky_Rescue_Disk/1213647614/1
5. Ultimate Boot CD for Windows - http://www.ubcd4win.com/index.htm

[edit] Online Scanners

Note: This section is no longer updated, For updated list and more details about online scans including screenshots, file upload limits, ability to clean etc, see Online Antivirus Scans .

[edit] Other related utilities

1. NoSpyZone Security Cente - http://nospyzone.com/SecurityCenter/Download/index.html - organizes various security software into one interface for control.
2. VirusTotal Uploader - http://www.virustotal.com/metodos.html - enables you to directly send files from your system using the context menu.

[edit] Information Sources

[edit] Testing and certification sites

1. Anti-malware test lab
2. AV Comparatives - Latest on demand and retrospective testing results Aug 07 and Nov 07
3. Avtest.org - Latest 1Q 08 results, Aug 07, pdf
4. CheckVir -Latest October 07
5. CSRRT Nepenthes
6. ICSALabs - List of certified products
7. Malware-test lab
8. Malware Threat Center Most Effective Antivirus Tools Against New Malware Binaries
9. Qnet labs
10. Shadowserver virus stats
11. Virus.gr - Latest Jun 08 results
12. Virus Bulletin - VB100 awards needs free registration.
13. VirusTotal realtime stats of samples submitted by Malware Incident Reporting & Termination (MIRT) + OITC
14. West Coast Labs checkmark certification
15. Virus Info
16. av-comparative forum on antivirus tests

CheckVir, ICSALabs, West Coast Labs checkmark certification are certifying organizations but not all antiviruses submit to such testing. Reputable (though this is often a matter of opinion) antivirus tests are generally on-demand tests, where the tester collects an archive of malware and the antiviruses are nade to scan it without running the malware. Examples include AV Comparatives, Avtest.org, Virus.gr. These generally include samples in the tens or hundreds of thousands and are done at monthly or longer periods. Historically the most famous and reputable test is VB100 awards, however this test differs from the others mentioned because of their relatively small sample size as they test mainly against malware that have being reported in the wild.

Malware Incident Reporting & Termination (MIRT) + OITC and Shadowserver virus stats differing from the tests already mentioned in that malware are tested against scanners (loaded on VirusTotal for the former) as and when they are reported as opposed to waiting and testing all of the them at the same time at fixed intervals (monthly or more). These tests appear to favour scanners with aggressive heuristics because most samples tests will be new or rare.

Qnet labs and CSRRT Nepenthes are honeypot based (similar to Shadowserver) but test only a small subset of antiviruses.

Virus InfoThe testing of anti-viruses by VirusInfo is powered by free online scanner VirusTotal. Project participants, being practising specialists in the area of computer security, are uploading at VirusTotal the malicious software that they have received form infected machines, and then publish the results of scanning in a special topic on VirusInfo forum

AV Comparatives also provide retrospective tests where scanner signatures are held back for 3 months and tested against current malware to see how much is detected.

Malware-test lab actually executes and runs the malware first and then tests to see how much of it is removed. The sample size is obviously much smaller. There are many other adhoc tests done on the net of course, but are of limited usefulness. See also this document.

Anti-malware test lab is a russian based organization, which does periodic tests on a variety of subjects relating to antiviruses. In the past, they have tested antiviruses against rootkits, ability to remove existing infections, support of packers as well as resistance to anti-termination attacks.

[edit] Technicial details

1. Building an Anti-Virus Engine - http://www.securityfocus.com/infocus/1552
2. Antivirus Research and Detection Techniques by Extreme Tech - http://www.extremetech.com/article2/0,3973,325439,00.asp and http://www.extremetech.com/article2/0,1697,367051,00.asp
3. Who Goes There? An Introduction to On-Access Virus Scanning - http://www.securityfocus.com/infocus/1622 and http://www.securityfocus.com/infocus/1626
4. Heuristic Techniques in AV Solutions: An Overview - http://www.securityfocus.com/infocus/1542
5. Detecting Complex Viruses - http://www.securityfocus.com/infocus/1813
6. Malicious cryptography - http://www.securityfocus.com/infocus/1865/2
7. http://www.securitytechnet.com/security/virus.html
8. The Evolution of Self-Defense Technologies in Malware - http://www.net-security.org/article.php?id=1028&p=1
9. The WildList—Still Useful? http://www.people.frisk-software.com/~bontchev/papers/wildlist.html
10. International Antivirus Testing Workshop 2007 - http://www.f-prot.com/workshop2007/presentations.html
11. Comparing the comparatives - http://www.mcafee.com/us/local_content/white_papers/threat_center/wp_imuttik_vb_conf_2001.pdf
12. Counting Spyware Detections Perception and Reality - http://www.mcafee.com/us/local_content/white_papers/threat_center/wp_pupcounts_0305v1.pdf
13. From Traditional Antivirus to Collective Intelligence Panda’s Technology Evolution - http://research.pandasoftware.com/blogs/images/wp_pb_collective_intelligence.pdf

[edit] Others

1. List of Antivirus Blogs
2. Very comprehensive antivirus resource databases

$ Antivirus Support Forums and Virus encyclopedias