Anti-Virus for 64-bit

[TheMailMan78]

100% way for me is a hex editor in in live distro looking at the disk for changes at the mount point, jump, and load. If the rest of the windows files are OK and the disk passes a chkdsk, defrag and isolation test with me watching its traffic, its clean.


Even a DVD distro can contain a pre-boot time rootkit that inserts itself with a different landing sector to hide its own files, and with a few of NTFS weakpoints you could hide it in space supposedly occupied by metadata and the system would know nothing.


But by looking at it in its raw format, by using a scanner like the alternate streams scanner in hijack this, and a basic rootkit tool that looks through metadata and other files at RING0 level with a few latentcy checks you can determine if you are running in a partial VM, or being intercepted.


I can clean anything.

 

[inferKNOX]

I work in a field where I come across anywhere from 10's to 100's to even 1000's of viruses a week from users looking for help cleaning out their PCs or Flash Drives and I really recommend the antivirus:
Avira AntiVir Personal - FREE Antivirus 10
which is essentially Avira Premium w/o some features, but with the same robust anti-virus features.
With Avira I've used my work PC for 2 years now without a single infection, even though I'm constantly connecting infected media.
For a good firewall:
Comodo Firewall (FREE)
Simply unbeatable firewall, but I don't think the Defence+ is necessary for someone on Win7 w/ UAC enabled as it gets a bit annoying. It also contains a Sandbox that quarantines untrusted programs, etc.

With these 2 and good habits by the user, it's virtually impossible to infect a PC.

Some have said Avast is a good Avira alternative, but I've seen it to miss quite a few things Avira catches.
The only other option I trust other than these is Kaspersky Internet Security, if not Kaspersky
AntiVirus + COMODO Firewall.

EDIT:
BTW, I've tested the antiviruses: ESET Nod32, Avast, Avira, Kaspersky, AVG, McAfee, Symantec (incl Norton), BitDefender, COMODO, Panda, Trend & Solo (+ a few others I've forgotten by now).
For firewalls I've tested ZoneAlarm, Outpost, Kaspersky (IS), Symantec/Norton (IS), and COMODO (+ a few others I've forgotten by now... I think).

 

[Perseid]

Even if you have the skills to look at things at this low level to tackle infections, you can't seriously give that out as advice for everyone to do this?

You are very confident in your abilities... I see a case of overconfidence here and I don't believe it's possible for any one person to outwit all of the world's malware writers all of the time.

The DVD will be 100% clean if you have a freshly formatted hard disc that has the OS installed and an image snapshot immediately made. How is malware gonna sneak in then?

No, it remains that my advice is the only sure way to clean malware off a PC: in short, don't tackle it, wipe it.

I think perhaps you're overestimating the power of viruses. If one can hide on my system undetected through even the most rigorous AV scans and manual analysis it sounds like, by your logic, I should just give up and accept my rootkit because there's no way I can keep my system clean.

 

[qubit]

I think perhaps you're overestimating the power of viruses. If one can hide on my system undetected through even the most rigorous AV scans and manual analysis it sounds like, by your logic, I should just give up and accept my rootkit because there's no way I can keep my system clean.

They can indeed hide from the closest scrutiny. It only takes one, remember. And read my post again, I never said you can't keep your system clean.

 

[Steevo]

You are on one end of this spectrum, I'm on the other.

Do I believe I can outwit all the malware creators? Yes, given enough time. However when the 10% or less of infections that I see can't be recovered easily I do reformat and reinstall. You suggestion sounds like a person needs to reformat and reinstall every time they get a virus popup warning or their system acts wierd, unconditionally as they will never be able to defeat the malware.


I trust my cleaning and system, but do watch a independant hardware firewall for active connections, by source IP and track such connections, if a rootkit was present and sending even the tiniest of data I would see it.

 

[qubit]

Indeed, I don't fight them once they're on the system, but I've said this all along. Given the nature of malware's intentions (account lockouts, money theft, identity theft, nice things like that) I prefer not to take a chance and take the admittedly paranoid route and just nuke it on site.

With frequent data backups and a clean system image to slap back on, it really reduces the pain of a reinstall to a mere inconvenience.*

Having said that, what with my safe computing practices, I've only ever had one or two dodgy things happen to my systems in the last decade.

You obviously have quite some skill in flushing them out and if we lived anywhere near each other, I'd be making a pain of myself and invite myself over to see how you do it.

I'm glad you will take the nuclear option though and do a reformat if you can't flush it out. It's just that you can't ever eliminate the possibility of missing something and the dreadful consequences of that possibility, that cause me to take the nuclear option every time - and recommend everybody else to do the same.

Heck, now if I was really paranoid, I could reimage my PC every couple of weeks...

*I have to confess, that while my data backups are excellent, I haven't bothered with a system image. And just go through the pain.

 

[TheMailMan78]

You are on one end of this spectrum, I'm on the other.

Do I believe I can outwit all the malware creators? Yes, given enough time. However when the 10% or less of infections that I see can't be recovered easily I do reformat and reinstall. You suggestion sounds like a person needs to reformat and reinstall every time they get a virus popup warning or their system acts wierd, unconditionally as they will never be able to defeat the malware.


I trust my cleaning and system, but do watch a independant hardware firewall for active connections, by source IP and track such connections, if a rootkit was present and sending even the tiniest of data I would see it.

Steevo I would trust you to clean my rig. No that isn't a go ahead for homosexual intercourse. However I do not trust myself. Therefor a format we go!