Norton Antivirus - Is Really Protecting You the Way It Should
Tecknomage
I am posting this subject because I discovered something about Norton
Antivirus (2008) email scanning.
For those who don't know, email is passed via POP (outbound) and SMTP
(inbound) TCP Ports. See link below:
http://en.wikipedia.org/wiki/List_of_well-known_ports_%28computing%29
It turns out that Norton Antivirus ONLY scans email via "standard"
ports (POP2 = 109, POP3 = 110, SMTP = 25). Why can this restriction
to standard email ports be a problem? My ISP uses SMTP Port 587 which
is a newer standard (see list in link above), and Norton Antivirus
does not scan outbound email on this port.
Not only that, my ISP has secure email servers, and Norton does NOT
scan inbound nor outbound email because the ports use are also not the
standard ones Norton is restricted to.
Also, I have always wondered if Norton scans inbound Newsgroup posts
which come in via NNTP Port 119.
How can ANY antivirus program claim to be protecting you if it cannot
be set to scan whatever port is being used for email?
Even better, why not have an Antivirus Settings Option (Advanced)
where a user could designate ANY port you wish Norton Antivirus to
scan?
In fairness, McAfee also does not scan email on non-standard ports.
--
======== Tecknomage ========
Computer Systems Specialist
San Diego, CA
David H. Lipman
You forgot mentioning scanning through MAPI and VIM compliance.
Anyway, the only thing email scanning is good for is Phishing Email (The vast majority of AV
companies are members of the APWG).
Otherwise, the "On Access" scanner will handle and attached threats. You'll find that most
professionals think email scanning (for home users) adds very little benefit. Thus with the
"On Access" scanning you ARE protected (well to the point of signature and heuristic
detection).
--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp
Tecknomage
Please, define "On Access" scanning. Haven't heard the term before.
Better, point to software or site for this.
David H. Lipman
|
| Please, define "On Access" scanning. Haven't heard the term before.
|
| Better, point to software or site for this.
|
There are two modes of operation for any anti malware aopplications, "On Demand" and "On
Access".
On Demand -- When a user manually or via a scheduler forces a scan to be performed.
On Access -- Whenever a file is written or read from media the files are scanned for
malicious intent via signature and hueristic detection.
Tecknomage
<DLipman~nospam~@Verizon.Net> wrote:
> From: "Tecknomage" <teck...@NOSPAM.com>
>
>
> |
> | Please, define "On Access" scanning. Haven't heard the term before.
> |
> | Better, point to software or site for this.
> |
>
> There are two modes of operation for any anti malware aopplications, "On Demand" and "On
> Access".
>
> On Demand -- When a user manually or via a scheduler forces a scan to be performed.
> On Access -- Whenever a file is written or read from media the files are scanned for
> malicious intent via signature and hueristic detection.
You definition for "On Access" does not specify files downloaded via a
network. Does your "read from media" include downloads?
I am assuming that Norton AntiVirus 2008 (used on my home PC) does "On
Access." Am I correct?
David H. Lipman
|
| You definition for "On Access" does not specify files downloaded via a
| network. Does your "read from media" include downloads?
Of course ! I wrote... "Whenever a file is written or read from media..." That mans the
hard disk, fals drives, zip drives, etc.
|
| I am assuming that Norton AntiVirus 2008 (used on my home PC) does "On
| Access." Am I correct?
|
100% correct!
The following information is on my Multi AV Scanning Tool. It provides four different "On
Demand" anti virus scanners from; McAfee, Sophos, Trend Micro and Kaspersky.
The reason I include four different vendors respective scanners is that one may catch what
another may miss.
Download MULTI_AV.EXE from the URL --
http://www.pctipp.ch/ds/28400/28470/Multi_AV.exe
http://www.pctipp.ch/downloads/dl/35905.asp
English:
http://www.raymond.cc/blog/archives/2008/01/09/scan-your-computer-with-multiple-anti-virus-for-free/
To use this utility, perform the following...
Execute; Multi_AV.exe { Note: You must use the default folder C:\AV-CLS }
Choose; Unzip
Choose; Close
Execute; C:\AV-CLS\StartMenu.BAT
{ or Double-click on 'Start Menu' in C:\AV-CLS }
NOTE: You may have to disable your software FireWall or allow WGET.EXE to go through your
FireWall to allow it to download the needed AV vendor related files.
C:\AV-CLS\StartMenu.BAT -- { or Double-click on 'Start Menu' in C:\AV-CLS}
This will bring up the initial menu of choices and should be executed in Normal Mode.
This way all the components can be downloaded from each AV vendor's web site.
The choices are; Sophos, Trend, McAfee, Kaspersky, Exit this menu and Reboot the PC.
You can choose to go to each menu item and just download the needed files or you can
download the files and perform a scan in Normal Mode. Once you have downloaded the files
needed for each scanner you want to use, you should reboot the PC into Safe Mode [F8 key
during boot] and re-run the menu again and choose which scanner you want to run in Safe
Mode. It is suggested to run the scanners in both Safe Mode and Normal Mode.
When the menu is displayed hitting 'H' or 'h' will bring up a more comprehensive PDF help
file.
Additional Instructions:
http://pcdid.com/Multi_AV.htm
* * * Please report back your results * * *