Thread: Road Runner Virus! (pic)

And just today I heard someone praising nod32 for having such great heuristics that it often picks up even undiscovered new viruses... looks like sometimes it's a little over-eager

AFAIK, all heuristic virus scanners give way too many false positives.
I turn heuristic scanning off for that reason, regardless of the anti-virus software.

Think about it..
The whole idea behind heuristic scanning is for the software to say "Hey! This file might be a virus!"
****... ANY file could be flagged as something virulent.

Originally Posted by mike6789

well im sure there are guidlines the virus scanner follows... it wont just say "OMG, THIS IS AN EXE, MUST BE A VIROOZ"

Actually, you are wrong, it will do that to anything it wants to. When it doesn't know what the exe belongs to, it will pop up a warning message.

The problem is the scanner can't figure it out what RR is, and most likely because it calls and interacts with the other programs on your computer, like Winamp and whatever, it THINKS it might be a virus, so it calls it one.

Michael

Either of those might trigger alerts:
-The number of (and which) windows API functions used in RR
-The on-the-fly compressor used to make the EXE smaller

IMHO, the best anti-virus you can use is yourself. The existing anti-virus applications are in many cases worse (in effect) than many existing viruses... in any case, if you toggle the auto-protect off and just scan suspicious files manually it should virtually have o adverse effect on the machine performance and use (except your waste of time). The best policy is, if you don't trust it, don't open it.. if you doubt the integrity of the RR.EXE file for instance, you can simply not use it OR get the sources and compile it yourself.. I have done research on bypassing this kind of heuristic flags and they're very easy to fool -- so I personally find it very useless.

Originally Posted by guino

IMHO, the best anti-virus you can use is yourself.

Rock on, Guino.