Re[2]: Norton Antivirus

Hello Peter,

Tuesday, January 11, 2005, 7:04:05 PM, you wrote:
PS> The latest version of NAV checks to see if a debugger is attached and if it
PS> is, NAV will fail to load.
then patch NAV. i hate aplications that tell me what other programs i
am allowed to have running and/or installed. patching the driver to
not fail to load because of the debugger must be fairly easy. i don’t
see any point in this behaviour. the cracker or reverse engineer who
is going to play with the program will patch it easily anyway.

–
Best regards,
Ivona Prenosilova

So, now we just need to wait for a virus writer to write a virus to emulate
the presence of a debugger; what a bunch of idiots.

Jamey

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Peter Scott
Sent: Tuesday, January 11, 2005 1:04 PM
To: Windows System Software Devs Interest List
Subject: RE: [ntdev] Norton Antivirus

The latest version of NAV checks to see if a debugger is attached and if it
is, NAV will fail to load.

I would guess this is a ‘protection’ algorithm to ensure that no one can
step through their drivers, though is raises HUGE problems when trying to
debug interop issues.

Look through the history of the IFS list, a month or two back, and you will
find a thread on this exact topic.

Pete

Peter Scott
Windows Filesystem and Device Driver Consulting
www.KernelDrivers.com
(303)546-0300

-----Original Message-----
From: xxxxx@lists.osr.com [mailto:bounce-198083-
xxxxx@lists.osr.com] On Behalf Of AFei
Sent: Tuesday, January 11, 2005 10:51 AM
To: Windows System Software Devs Interest List
Subject: Re:[ntdev] Norton Antivirus

I met a similar problem before (but not this one), since it’s not
your problem, My choice is just uninstall the Norton, after fully
tested my driver in verifier, reinstall the Norton and test it again
without WinDbg.

“Hideyuki Inamasu” wrote in message
> news:xxxxx@ntdev…
> > Hello,
> >
> > Now I am developing TDI filter driver and have a problem with Norton
> > AntiVirus 2004/2005. I tried to run WinDbg and Norton AntiVirus software
> is
> > installed to target PC, then… I found that Kernel debugger is not
> > compatible with that software in Symantic HP, but I do not found how to
> go
> > with such problem.
> >
> > Is there any workaround for this problem? Or is there any good way to
> debug
> > my problem?
> >
> > Please give me your advice.
> >
> > Thank you,
> > Hideyuki Inamasu.
> >
> >
>
>
>
> —
> Questions? First check the Kernel Driver FAQ at
> http://www.osronline.com/article.cfm?id=256
>
> You are currently subscribed to ntdev as: xxxxx@kerneldrivers.com
> To unsubscribe send a blank email to xxxxx@lists.osr.com

—
Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256

You are currently subscribed to ntdev as: xxxxx@tfb.com
To unsubscribe send a blank email to xxxxx@lists.osr.com

NOD32 1.968 (20050111) Information

This message was checked by NOD32 antivirus system.
http://www.nod32.com

Let’s hope David Craig will slap the correct person up-side-the-head!

Good luck David

Jamey

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of ivona prenosilova
Sent: Tuesday, January 11, 2005 1:18 PM
To: Windows System Software Devs Interest List
Subject: Re[2]: [ntdev] Norton Antivirus

Hello Peter,

Tuesday, January 11, 2005, 7:04:05 PM, you wrote:
PS> The latest version of NAV checks to see if a debugger is attached and if
it
PS> is, NAV will fail to load.
then patch NAV. i hate aplications that tell me what other programs i
am allowed to have running and/or installed. patching the driver to
not fail to load because of the debugger must be fairly easy. i don’t
see any point in this behaviour. the cracker or reverse engineer who
is going to play with the program will patch it easily anyway.

–
Best regards,
Ivona Prenosilova

Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256

You are currently subscribed to ntdev as: xxxxx@tfb.com
To unsubscribe send a blank email to xxxxx@lists.osr.com

__________ NOD32 1.968 (20050111) Information __________

This message was checked by NOD32 antivirus system.
http://www.nod32.com

Yes, this would be the best way to show them how smart decision they made. Not only they cause problems to many (not only FS) developers but now they complicate interoperability problems solutions. I guess WHQL tests should require debugger presence to avoid this kind of stupidity.

And maybe current NAV users would decide to use some else antivirus then, which is what I always recommend.

Best regards,

Michal Vodicka
UPEK, Inc.
[xxxxx@upek.com, http://www.upek.com]

---

From: xxxxx@lists.osr.com[SMTP:xxxxx@lists.osr.com] on behalf of Jamey Kirby[SMTP:xxxxx@tfb.com]
Reply To: Windows System Software Devs Interest List
Sent: Tuesday, January 11, 2005 8:37 PM
To: Windows System Software Devs Interest List
Subject: RE: [ntdev] Norton Antivirus

So, now we just need to wait for a virus writer to write a virus to emulate
the presence of a debugger; what a bunch of idiots.

Jamey

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Peter Scott
Sent: Tuesday, January 11, 2005 1:04 PM
To: Windows System Software Devs Interest List
Subject: RE: [ntdev] Norton Antivirus

The latest version of NAV checks to see if a debugger is attached and if it
is, NAV will fail to load.

I would guess this is a ‘protection’ algorithm to ensure that no one can
step through their drivers, though is raises HUGE problems when trying to
debug interop issues.

Look through the history of the IFS list, a month or two back, and you will
find a thread on this exact topic.

Pete

Peter Scott
Windows Filesystem and Device Driver Consulting
www.KernelDrivers.com
(303)546-0300

> -----Original Message-----
> From: xxxxx@lists.osr.com [mailto:bounce-198083-
> xxxxx@lists.osr.com] On Behalf Of AFei
> Sent: Tuesday, January 11, 2005 10:51 AM
> To: Windows System Software Devs Interest List
> Subject: Re:[ntdev] Norton Antivirus
>
>
> I met a similar problem before (but not this one), since it’s not
> your problem, My choice is just uninstall the Norton, after fully
> tested my driver in verifier, reinstall the Norton and test it again
> without WinDbg.
>
>
> “Hideyuki Inamasu” wrote in message
> > news:xxxxx@ntdev…
> > > Hello,
> > >
> > > Now I am developing TDI filter driver and have a problem with Norton
> > > AntiVirus 2004/2005. I tried to run WinDbg and Norton AntiVirus software
> > is
> > > installed to target PC, then… I found that Kernel debugger is not
> > > compatible with that software in Symantic HP, but I do not found how to
> > go
> > > with such problem.
> > >
> > > Is there any workaround for this problem? Or is there any good way to
> > debug
> > > my problem?
> > >
> > > Please give me your advice.
> > >
> > > Thank you,
> > > Hideyuki Inamasu.
> > >
> > >
> >
> >
> >
> > —
> > Questions? First check the Kernel Driver FAQ at
> > http://www.osronline.com/article.cfm?id=256
> >
> > You are currently subscribed to ntdev as: xxxxx@kerneldrivers.com
> > To unsubscribe send a blank email to xxxxx@lists.osr.com
>
>
>
> —
> Questions? First check the Kernel Driver FAQ at
> http://www.osronline.com/article.cfm?id=256
>
> You are currently subscribed to ntdev as: xxxxx@tfb.com
> To unsubscribe send a blank email to xxxxx@lists.osr.com
>
> NOD32 1.968 (20050111) Information
>
> This message was checked by NOD32 antivirus system.
> http://www.nod32.com
>
>
>
> —
> Questions? First check the Kernel Driver FAQ at http://www.osronline.com/article.cfm?id=256
>
> You are currently subscribed to ntdev as: xxxxx@upek.com
> To unsubscribe send a blank email to xxxxx@lists.osr.com
>

I realize this is a little off topic, but I’ve had some problems with that
too. I simply changed over to a test machine with mostly the same setup,
minus Antivirus. What would you suggest I use other than Norton?

Thanks for your advice.
Andrew

From: “Peter Scott”
Reply-To: “Windows System Software Devs Interest List”
To: “Windows System Software Devs Interest List”
Subject: RE: [ntdev] Norton Antivirus
Date: Tue, 11 Jan 2005 11:04:05 -0700

The latest version of NAV checks to see if a debugger is attached and if it
is, NAV will fail to load.

I would guess this is a ‘protection’ algorithm to ensure that no one can
step through their drivers, though is raises HUGE problems when trying to
debug interop issues.

Look through the history of the IFS list, a month or two back, and you will
find a thread on this exact topic.

Pete

Peter Scott
Windows Filesystem and Device Driver Consulting
www.KernelDrivers.com
(303)546-0300

> -----Original Message-----
> From: xxxxx@lists.osr.com [mailto:bounce-198083-
> xxxxx@lists.osr.com] On Behalf Of AFei
> Sent: Tuesday, January 11, 2005 10:51 AM
> To: Windows System Software Devs Interest List
> Subject: Re:[ntdev] Norton Antivirus
>
>
> I met a similar problem before (but not this one), since it’s not
> your problem, My choice is just uninstall the Norton, after fully
> tested my driver in verifier, reinstall the Norton and test it again
> without WinDbg.
>
>
> “Hideyuki Inamasu” wrote in message
> news:xxxxx@ntdev…
> > Hello,
> >
> > Now I am developing TDI filter driver and have a problem with Norton
> > AntiVirus 2004/2005. I tried to run WinDbg and Norton AntiVirus
software
> is
> > installed to target PC, then… I found that Kernel debugger is not
> > compatible with that software in Symantic HP, but I do not found how to
> go
> > with such problem.
> >
> > Is there any workaround for this problem? Or is there any good way to
> debug
> > my problem?
> >
> > Please give me your advice.
> >
> > Thank you,
> > Hideyuki Inamasu.
> >
> >
>
>
>
> —
> Questions? First check the Kernel Driver FAQ at
> http://www.osronline.com/article.cfm?id=256
>
> You are currently subscribed to ntdev as: xxxxx@kerneldrivers.com
> To unsubscribe send a blank email to xxxxx@lists.osr.com

—
Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256

You are currently subscribed to ntdev as: xxxxx@hotmail.com
To unsubscribe send a blank email to xxxxx@lists.osr.com

>And maybe current NAV users would decide to use some else antivirus then,
which is what I

Kaspersky runs fine with WinDbg attached, and has better virus database.

Maxim Shatskih, Windows DDK MVP
StorageCraft Corporation
xxxxx@storagecraft.com
http://www.storagecraft.com

Kaspersky does run with WinDbg, but makes a lot of
problems to FS filters include blue screens.

Maxim

----- Original Message -----
From: “Maxim S. Shatskih”
To: “Windows System Software Devs Interest List”
Sent: Wednesday, January 12, 2005 10:01 AM
Subject: Re: [ntdev] Norton Antivirus

> >And maybe current NAV users would decide to use some else antivirus then,
> which is what I
>
> Kaspersky runs fine with WinDbg attached, and has better virus database.
>
> Maxim Shatskih, Windows DDK MVP
> StorageCraft Corporation
> xxxxx@storagecraft.com
> http://www.storagecraft.com
>
>
> —
> Questions? First check the Kernel Driver FAQ at
> http://www.osronline.com/article.cfm?id=256
>
> You are currently subscribed to ntdev as: xxxxx@secureol.com
> To unsubscribe send a blank email to xxxxx@lists.osr.com

These issues are bypassable

Maxim Shatskih, Windows DDK MVP
StorageCraft Corporation
xxxxx@storagecraft.com
http://www.storagecraft.com

----- Original Message -----
From: “Maxim”
To: “Windows System Software Devs Interest List”
Sent: Wednesday, January 12, 2005 11:23 AM
Subject: Re: [ntdev] Norton Antivirus

> Kaspersky does run with WinDbg, but makes a lot of
> problems to FS filters include blue screens.
>
> Maxim
>
>
> ----- Original Message -----
> From: “Maxim S. Shatskih”
> To: “Windows System Software Devs Interest List”
> Sent: Wednesday, January 12, 2005 10:01 AM
> Subject: Re: [ntdev] Norton Antivirus
>
>
> > >And maybe current NAV users would decide to use some else antivirus then,
> > which is what I
> >
> > Kaspersky runs fine with WinDbg attached, and has better virus database.
> >
> > Maxim Shatskih, Windows DDK MVP
> > StorageCraft Corporation
> > xxxxx@storagecraft.com
> > http://www.storagecraft.com
> >
> >
> > —
> > Questions? First check the Kernel Driver FAQ at
> > http://www.osronline.com/article.cfm?id=256
> >
> > You are currently subscribed to ntdev as: xxxxx@secureol.com
> > To unsubscribe send a blank email to xxxxx@lists.osr.com
>
>
> —
> Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256
>
> You are currently subscribed to ntdev as: xxxxx@storagecraft.com
> To unsubscribe send a blank email to xxxxx@lists.osr.com

I’m not going to say that it’s the best product on the market, but at least
it’s got no conflict with WinDBG, and we don’t seem to have problems with
viruses in the company [fingers crossed]. We use McAfee/Network Associates
VirusScan.

–
Mats

-------- Notice --------
The information in this message is confidential and may be legally
privileged. It is intended solely for the addressee. Access to this
message by anyone else is unauthorized. If you are not the intended
recipient, any disclosure, copying or distribution of the message, or any
action taken by you in reliance on it, is prohibited and may be unlawful.
If you have received this message in error, please delete it and contact
the sender immediately. Thank you.

xxxxx@lists.osr.com wrote on 01/11/2005 11:09:19 PM:

I realize this is a little off topic, but I’ve had some problems with
that
too. I simply changed over to a test machine with mostly the same setup,

minus Antivirus. What would you suggest I use other than Norton?

Thanks for your advice.
Andrew

From: “Peter Scott”
> Reply-To: “Windows System Software Devs Interest List”

> To: “Windows System Software Devs Interest List”
> Subject: RE: [ntdev] Norton Antivirus
> Date: Tue, 11 Jan 2005 11:04:05 -0700
>
>
> The latest version of NAV checks to see if a debugger is attached and if
it
> is, NAV will fail to load.
>
> I would guess this is a ‘protection’ algorithm to ensure that no one can
> step through their drivers, though is raises HUGE problems when trying to
> debug interop issues.
>
> Look through the history of the IFS list, a month or two back, and you
will
> find a thread on this exact topic.
>
> Pete
>
> Peter Scott
> Windows Filesystem and Device Driver Consulting
> www.KernelDrivers.com
> (303)546-0300
>
>
> > -----Original Message-----
> > From: xxxxx@lists.osr.com [mailto:bounce-198083-
> > xxxxx@lists.osr.com] On Behalf Of AFei
> > Sent: Tuesday, January 11, 2005 10:51 AM
> > To: Windows System Software Devs Interest List
> > Subject: Re:[ntdev] Norton Antivirus
> >
> >
> > I met a similar problem before (but not this one), since it’s not
> > your problem, My choice is just uninstall the Norton, after fully
> > tested my driver in verifier, reinstall the Norton and test it again
> > without WinDbg.
> >
> >
> > “Hideyuki Inamasu” wrote in message
> > news:xxxxx@ntdev…
> > > Hello,
> > >
> > > Now I am developing TDI filter driver and have a problem with Norton
> > > AntiVirus 2004/2005. I tried to run WinDbg and Norton AntiVirus
> software
> > is
> > > installed to target PC, then… I found that Kernel debugger is
not
> > > compatible with that software in Symantic HP, but I do not found how
to
> > go
> > > with such problem.
> > >
> > > Is there any workaround for this problem? Or is there any good way
to
> > debug
> > > my problem?
> > >
> > > Please give me your advice.
> > >
> > > Thank you,
> > > Hideyuki Inamasu.
> > >
> > >
> >
> >
> >
> > —
> > Questions? First check the Kernel Driver FAQ at
> > http://www.osronline.com/article.cfm?id=256
> >
> > You are currently subscribed to ntdev as: xxxxx@kerneldrivers.com
> > To unsubscribe send a blank email to xxxxx@lists.osr.com
>
>
>
> —
> Questions? First check the Kernel Driver FAQ at
> http://www.osronline.com/article.cfm?id=256
>
> You are currently subscribed to ntdev as: xxxxx@hotmail.com
> To unsubscribe send a blank email to xxxxx@lists.osr.com
>
>
>
> —
> Questions? First check the Kernel Driver FAQ at http://www.
> osronline.com/article.cfm?id=256
>
> You are currently subscribed to ntdev as: xxxxx@3dlabs.com
> To unsubscribe send a blank email to xxxxx@lists.osr.com

> ForwardSourceID:NT0000AACE

So if this is the problem, it would be possible to load the virus scanner,
and then attach the debugger after it’s done it’s check [unless it’s also
checking periodically]. I’ve used this method on other products [some
Canadian company doing 3D drawing software seems to think that a debugger
shouldn’t be attached when starting their product], and it works just fine
for this purpose.

Of course, this solution doesn’t work if the filter driver is problematic
during the startup of the anti-virus software. In that case, I’d do one of
two things:

1. Change what the pointer “hal!KdDebuggerEnabled” is pointing at to “0”
   before NAV loads. You can change it back to 1 later on.
2. Patch the executable of NAV so that it no longer detects the debugger.

You can use the “break on load module” to detect when NAV is loaded, as
long as you know the name of the driver (or enough to set a wildcard name,
such as “NAV*”.

–
Mats

xxxxx@lists.osr.com wrote on 01/11/2005 06:04:05 PM:

The latest version of NAV checks to see if a debugger is attached and if
it
is, NAV will fail to load.

I would guess this is a ‘protection’ algorithm to ensure that no one can
step through their drivers, though is raises HUGE problems when trying to
debug interop issues.

Look through the history of the IFS list, a month or two back, and you
will
find a thread on this exact topic.

Pete

Peter Scott
Windows Filesystem and Device Driver Consulting
www.KernelDrivers.com
(303)546-0300

> -----Original Message-----
> From: xxxxx@lists.osr.com [mailto:bounce-198083-
> xxxxx@lists.osr.com] On Behalf Of AFei
> Sent: Tuesday, January 11, 2005 10:51 AM
> To: Windows System Software Devs Interest List
> Subject: Re:[ntdev] Norton Antivirus
>
>
> I met a similar problem before (but not this one), since it’s not
> your problem, My choice is just uninstall the Norton, after fully
> tested my driver in verifier, reinstall the Norton and test it again
> without WinDbg.
>
>
> “Hideyuki Inamasu” wrote in message
> > news:xxxxx@ntdev…
> > > Hello,
> > >
> > > Now I am developing TDI filter driver and have a problem with Norton
> > > AntiVirus 2004/2005. I tried to run WinDbg and Norton AntiVirus
software
> > is
> > > installed to target PC, then… I found that Kernel debugger is not
> > > compatible with that software in Symantic HP, but I do not found how
to
> > go
> > > with such problem.
> > >
> > > Is there any workaround for this problem? Or is there any good way to
> > debug
> > > my problem?
> > >
> > > Please give me your advice.
> > >
> > > Thank you,
> > > Hideyuki Inamasu.
> > >
> > >
> >
> >
> >
> > —
> > Questions? First check the Kernel Driver FAQ at
> > http://www.osronline.com/article.cfm?id=256
> >
> > You are currently subscribed to ntdev as: xxxxx@kerneldrivers.com
> > To unsubscribe send a blank email to xxxxx@lists.osr.com
>
>
>
> —
> Questions? First check the Kernel Driver FAQ at http://www.
> osronline.com/article.cfm?id=256
>
> You are currently subscribed to ntdev as: xxxxx@3dlabs.com
> To unsubscribe send a blank email to xxxxx@lists.osr.com

> ForwardSourceID:NT0000AA82

Also, NOD32 is a great! In fact, I would venture to say that NOD32 is, by
far, the best of show.

Jamey

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Maxim S. Shatskih
Sent: Wednesday, January 12, 2005 3:02 AM
To: Windows System Software Devs Interest List
Subject: Re: [ntdev] Norton Antivirus

And maybe current NAV users would decide to use some else antivirus then,
which is what I

Kaspersky runs fine with WinDbg attached, and has better virus database.

Maxim Shatskih, Windows DDK MVP
StorageCraft Corporation
xxxxx@storagecraft.com
http://www.storagecraft.com

Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256

You are currently subscribed to ntdev as: xxxxx@tfb.com
To unsubscribe send a blank email to xxxxx@lists.osr.com

__________ NOD32 1.968 (20050111) Information __________

This message was checked by NOD32 antivirus system.
http://www.nod32.com

Hello,

Wednesday, January 12, 2005, 4:25:10 PM, you wrote:

i find these what’s the best antivirus discussion funny. even though i
agree with Jamey that nod32 is the best av it is still useless.

today mainly worms that uses exploits not social engineering are
spreading. maybe some of you have read those papers about how far this
year worms spread, how it is dangerous and that you should buy
<put_a_name_here> to protect yourself and in that in the future worms
will spread even faster! usual pr crap. now, if worms in next year
will spread so fast that they’ll have their peak behind them after 15
minutes and AV vendors are able to respond in 2 hours and release their
database diff.(if they’re fast) for what are there general av programs
for?

maybe some of you read that <put_a_name_here> AV program can detect
over 100k viruses. oh, what a number!? how many viruses/worms have you
met on your machine? 100k? maybe 10 that are ITW on top. for what you
need av program that can catch 100k viruses?

av programs today are unable to cure most of the viruses they
detect. that’s funny, because they’ll tell you you have an infection
and they cannot cure that so it will be the best thing for you to do
to reformat/reinstall all your stuff. heh. so better if you’re machine
starts to behave abnormally forget the av program and
reformat/reinstall on your own. it will safe you some bucks.

one-purpose av programs, personal firewalls, next generation networks,
that are able to detect massive worm spreading, behaviour blockers etc
is the way to go. forget todays general av programs, they’re useless,
they just eat resources on your box as they’re overbloated.

–
Best regards,
Ivona Prenosilova</put_a_name_here></put_a_name_here>

But Jamey that implies they all are dogs. Sorry, still not down from the
anesthesia this morning.

–
The personal opinion of
Gary G. Little

“Jamey Kirby” wrote in message news:xxxxx@ntdev…
> Also, NOD32 is a great! In fact, I would venture to say that NOD32 is, by
> far, the best of show.
>
> Jamey
>
> -----Original Message-----
> From: xxxxx@lists.osr.com
> [mailto:xxxxx@lists.osr.com] On Behalf Of Maxim S. Shatskih
> Sent: Wednesday, January 12, 2005 3:02 AM
> To: Windows System Software Devs Interest List
> Subject: Re: [ntdev] Norton Antivirus
>
> >And maybe current NAV users would decide to use some else antivirus then,
> which is what I
>
> Kaspersky runs fine with WinDbg attached, and has better virus database.
>
> Maxim Shatskih, Windows DDK MVP
> StorageCraft Corporation
> xxxxx@storagecraft.com
> http://www.storagecraft.com
>
>
> —
> Questions? First check the Kernel Driver FAQ at
> http://www.osronline.com/article.cfm?id=256
>
> You are currently subscribed to ntdev as: xxxxx@tfb.com
> To unsubscribe send a blank email to xxxxx@lists.osr.com
>
> NOD32 1.968 (20050111) Information
>
> This message was checked by NOD32 antivirus system.
> http://www.nod32.com
>
>
>

NAV and NIS doesn’t work with a lot things. I generally have to disable the
network, then disable NAV/NIS before I can install so much as a Notepad
application. I would think that if Norton/Symantec would remove their rectum
from their cranial cavity, these kinds of things would not be a problem.

–
The personal opinion of
Gary G. Little

“Dan Partelly” wrote in message news:xxxxx@ntdev…
> Im interesting as well into a complete description of the problem. Who
> knows
> maybe in future Ill run into problems with NAV. I agree with Mat, if
Windbg
> do not works with Windbg, its because they do a lot of dirty ugly things,
> which makes me wonder … about a lot of in NAV.
>
> Thanks, Dan
>
>
> ----- Original Message -----
> From: “Maxim”
> To: “Windows System Software Devs Interest List”
> Sent: Tuesday, January 11, 2005 4:29 PM
> Subject: Re: Re:[ntdev] Norton Antivirus
>
>
> > Did you try to debug computer with debugport (com1 for example) ?
> >
> > Maxim
> >
> >
> > ----- Original Message -----
> > From: “Hideyuki Inamasu”
> > Newsgroups: ntdev
> > To: “Windows System Software Devs Interest List”
> > Sent: Tuesday, January 11, 2005 3:55 PM
> > Subject: Re:[ntdev] Norton Antivirus
> >
> >
> >> Thank you Mats for your advice.
> >>
> >> Anyway, NAV is not compatible with WinDBG and it is described on
Symantec
> >> HP. And I would like to know why you are pretty sure it works with
> >> WinDBG?
> >>
> >> In addition, I setup NAV with default configuration which NAV setup
> >> recommend.
> >>
> >> I really appreciate your advice.
> >>
> >> Thank you,
> >> Hideyuki Inamasu.
> >>
> >> “Mats PETERSSON” wrote in message
> >> news:xxxxx@ntdev…
> >>>
> >>>
> >>>
> >>>
> >>>
> >>> Can you explain exactly what your setup is, and what the problem is.
We
> >>> don’t use NAV, but I’m pretty sure that it would work with WinDBG…
> >>>
> >>> –
> >>> Mats
> >>>
> >>> xxxxx@lists.osr.com wrote on 01/11/2005 01:28:40 PM:
> >>>
> >>>> Hello,
> >>>>
> >>>> Now I am developing TDI filter driver and have a problem with Norton
> >>>> AntiVirus 2004/2005. I tried to run WinDbg and Norton AntiVirus
> >>>> software
> >>> is
> >>>> installed to target PC, then… I found that Kernel debugger is not
> >>>> compatible with that software in Symantic HP, but I do not found how
to
> >>> go
> >>>> with such problem.
> >>>>
> >>>> Is there any workaround for this problem? Or is there any good way to
> >>> debug
> >>>> my problem?
> >>>>
> >>>> Please give me your advice.
> >>>>
> >>>> Thank you,
> >>>> Hideyuki Inamasu.
> >>>>
> >>>>
> >>>> —
> >>>> Questions? First check the Kernel Driver FAQ at http://www.
> >>>> osronline.com/article.cfm?id=256
> >>>>
> >>>> You are currently subscribed to ntdev as: xxxxx@3dlabs.com
> >>>> To unsubscribe send a blank email to xxxxx@lists.osr.com
> >>>
> >>>> ForwardSourceID:NT0000AA12
> >>>
> >>>
> >>
> >>
> >> —
> >> Questions? First check the Kernel Driver FAQ at
> >> http://www.osronline.com/article.cfm?id=256
> >>
> >> You are currently subscribed to ntdev as: xxxxx@secureol.com
> >> To unsubscribe send a blank email to xxxxx@lists.osr.com
> >
> >
> > —
> > Questions? First check the Kernel Driver FAQ at
> > http://www.osronline.com/article.cfm?id=256
> >
> > You are currently subscribed to ntdev as: xxxxx@rdsor.ro
> > To unsubscribe send a blank email to xxxxx@lists.osr.com
>
>

Take is from ordinal user perspective. There is a lot of known worms and viruses in the wild and why? Just because of lusers who don’t use AVs, firewalls and don’t know safe procedures how to protect themselves. Most of them use IE/OE and tell them about installing latest patch. For them it is better to have something which may not ensure 100% safety (and what does?) but at least catches known animals and protects them against their mistakes. In this case even false sense of security is better than no security. Weird, but infected lusers computers cause problems for others and whole 'Net.

Personally, I never used any AV and never had a virus or worm. But I know rather clever people who use computers just as a tools and which were infected because or IE/OE exploits. Some I persuaded to use different browser and mailer and for the rest it is better to have some AV.

What is the best AV is questionable, I also heard good references about NOD32. But there is no question the worst AV is.

Best regards,

Michal Vodicka
UPEK, Inc.
[xxxxx@upek.com, http://www.upek.com]

---

From: xxxxx@lists.osr.com[SMTP:xxxxx@lists.osr.com] on behalf of ivona prenosilova[SMTP:xxxxx@post.cz]
Reply To: Windows System Software Devs Interest List
Sent: Wednesday, January 12, 2005 7:04 PM
To: Windows System Software Devs Interest List
Subject: Re[2]: [ntdev] Norton Antivirus

Hello,

Wednesday, January 12, 2005, 4:25:10 PM, you wrote:

i find these what’s the best antivirus discussion funny. even though i
agree with Jamey that nod32 is the best av it is still useless.

today mainly worms that uses exploits not social engineering are
spreading. maybe some of you have read those papers about how far this
year worms spread, how it is dangerous and that you should buy
<put_a_name_here> to protect yourself and in that in the future worms
> will spread even faster! usual pr crap. now, if worms in next year
> will spread so fast that they’ll have their peak behind them after 15
> minutes and AV vendors are able to respond in 2 hours and release their
> database diff.(if they’re fast) for what are there general av programs
> for?
>
> maybe some of you read that <put_a_name_here> AV program can detect
> over 100k viruses. oh, what a number!? how many viruses/worms have you
> met on your machine? 100k? maybe 10 that are ITW on top. for what you
> need av program that can catch 100k viruses?
>
> av programs today are unable to cure most of the viruses they
> detect. that’s funny, because they’ll tell you you have an infection
> and they cannot cure that so it will be the best thing for you to do
> to reformat/reinstall all your stuff. heh. so better if you’re machine
> starts to behave abnormally forget the av program and
> reformat/reinstall on your own. it will safe you some bucks.
>
> one-purpose av programs, personal firewalls, next generation networks,
> that are able to detect massive worm spreading, behaviour blockers etc
> is the way to go. forget todays general av programs, they’re useless,
> they just eat resources on your box as they’re overbloated.
>
> –
> Best regards,
> Ivona Prenosilova
>
>
> —
> Questions? First check the Kernel Driver FAQ at http://www.osronline.com/article.cfm?id=256
>
> You are currently subscribed to ntdev as: xxxxx@upek.com
> To unsubscribe send a blank email to xxxxx@lists.osr.com
></put_a_name_here></put_a_name_here>

Michal,

My experience with virus is horrible !!!

I have on domain, and I can get a slab of 8 to 10 fixed ip ( old
fashioned ). Started using BlackICE ( not quite AV), but a firewall back in
1998, before that I was experiencing heavy knocks to my machines, and it was
constantly spoofing my machine(s)…

Then when personal firwall and AV combination(s) came along, I switched over
to ZoneAlarm P-fw, and norton/Mcaffee AV and that also did not leave me w/o
hits, though much less provided I keep the updates ( that is also some time
behind time ).

In an office env., or in a home env with a router ( syslink etc ),
penetration is much harder even w/o firewall/av due to NAT feature, but most
office router and personal router now-a-days have firewall/av types
firmware, and Norton plays a big role there.
IHMO, there are old softwares, that might surface as incompatibilites and/or
security bugs, and NAV happens to be one. They are usually monstorous,
having touched by zillion developers, w/o sufficient design abstarct etc.,
so it makes doubly difficult for major architectural renovation…

There are companies they are also into analysis tools to find holes in
binaries to attack this worm/virus problems and they are doing fine. May be
I dont know enough of technology, so I think it is at this point vital to
have a good grasp of what solutions these security people are providing. I
bet they can’t be that WRONG, as some of you trying to stress !!!

-pro

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com]On Behalf Of Michal Vodicka
Sent: Wednesday, January 12, 2005 1:13 PM
To: Windows System Software Devs Interest List
Subject: RE: Re[2]: [ntdev] Norton Antivirus

Take is from ordinal user perspective. There is a lot of known worms and
viruses in the wild and why? Just because of lusers who don’t use AVs,
firewalls and don’t know safe procedures how to protect themselves. Most of
them use IE/OE and tell them about installing latest patch. For them it is
better to have something which may not ensure 100% safety (and what does?)
but at least catches known animals and protects them against their mistakes.
In this case even false sense of security is better than no security. Weird,
but infected lusers computers cause problems for others and whole 'Net.

Personally, I never used any AV and never had a virus or worm. But I know
rather clever people who use computers just as a tools and which were
infected because or IE/OE exploits. Some I persuaded to use different
browser and mailer and for the rest it is better to have some AV.

What is the best AV is questionable, I also heard good references about
NOD32. But there is no question the worst AV is.

Best regards,

Michal Vodicka
UPEK, Inc.
[xxxxx@upek.com, http://www.upek.com]

---

From:
xxxxx@lists.osr.com[SMTP:xxxxx@lists.osr.com] on
behalf of ivona prenosilova[SMTP:xxxxx@post.cz]
Reply To: Windows System Software Devs Interest List
Sent: Wednesday, January 12, 2005 7:04 PM
To: Windows System Software Devs Interest List
Subject: Re[2]: [ntdev] Norton Antivirus

Hello,

Wednesday, January 12, 2005, 4:25:10 PM, you wrote:

i find these what’s the best antivirus discussion funny. even though i
agree with Jamey that nod32 is the best av it is still useless.

today mainly worms that uses exploits not social engineering are
spreading. maybe some of you have read those papers about how far this
year worms spread, how it is dangerous and that you should buy
<put_a_name_here> to protect yourself and in that in the future worms
> will spread even faster! usual pr crap. now, if worms in next year
> will spread so fast that they’ll have their peak behind them after 15
> minutes and AV vendors are able to respond in 2 hours and release their
> database diff.(if they’re fast) for what are there general av programs
> for?
>
> maybe some of you read that <put_a_name_here> AV program can detect
> over 100k viruses. oh, what a number!? how many viruses/worms have you
> met on your machine? 100k? maybe 10 that are ITW on top. for what you
> need av program that can catch 100k viruses?
>
> av programs today are unable to cure most of the viruses they
> detect. that’s funny, because they’ll tell you you have an infection
> and they cannot cure that so it will be the best thing for you to do
> to reformat/reinstall all your stuff. heh. so better if you’re machine
> starts to behave abnormally forget the av program and
> reformat/reinstall on your own. it will safe you some bucks.
>
> one-purpose av programs, personal firewalls, next generation networks,
> that are able to detect massive worm spreading, behaviour blockers etc
> is the way to go. forget todays general av programs, they’re useless,
> they just eat resources on your box as they’re overbloated.
>
> –
> Best regards,
> Ivona Prenosilova
>
>
> —
> Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256
>
> You are currently subscribed to ntdev as: xxxxx@upek.com
> To unsubscribe send a blank email to xxxxx@lists.osr.com
>

—
Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256

You are currently subscribed to ntdev as: unknown lmsubst tag argument: ‘’
To unsubscribe send a blank email to xxxxx@lists.osr.com</put_a_name_here></put_a_name_here>

DISCLAIMER: I am in no way associated with ESET.

NOD32 is by far the most reliable and solid AV software I have ever used.
Let’s not let companies like Symantec get away with flooding the market with
crappy software. If you need AV software, try NOD32. To date, I have
experienced zero conflicts.

www.nod32.com

Jamey

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Prokash Sinha
Sent: Thursday, January 13, 2005 10:10 AM
To: Windows System Software Devs Interest List
Subject: RE: Re[2]: [ntdev] Norton Antivirus

Michal,

My experience with virus is horrible !!!

I have on domain, and I can get a slab of 8 to 10 fixed ip ( old
fashioned ). Started using BlackICE ( not quite AV), but a firewall back in
1998, before that I was experiencing heavy knocks to my machines, and it was
constantly spoofing my machine(s)…

Then when personal firwall and AV combination(s) came along, I switched over
to ZoneAlarm P-fw, and norton/Mcaffee AV and that also did not leave me w/o
hits, though much less provided I keep the updates ( that is also some time
behind time ).

In an office env., or in a home env with a router ( syslink etc ),
penetration is much harder even w/o firewall/av due to NAT feature, but most
office router and personal router now-a-days have firewall/av types
firmware, and Norton plays a big role there.
IHMO, there are old softwares, that might surface as incompatibilites and/or
security bugs, and NAV happens to be one. They are usually monstorous,
having touched by zillion developers, w/o sufficient design abstarct etc.,
so it makes doubly difficult for major architectural renovation…

There are companies they are also into analysis tools to find holes in
binaries to attack this worm/virus problems and they are doing fine. May be
I dont know enough of technology, so I think it is at this point vital to
have a good grasp of what solutions these security people are providing. I
bet they can’t be that WRONG, as some of you trying to stress !!!

-pro

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com]On Behalf Of Michal Vodicka
Sent: Wednesday, January 12, 2005 1:13 PM
To: Windows System Software Devs Interest List
Subject: RE: Re[2]: [ntdev] Norton Antivirus

Take is from ordinal user perspective. There is a lot of known worms and
viruses in the wild and why? Just because of lusers who don’t use AVs,
firewalls and don’t know safe procedures how to protect themselves. Most of
them use IE/OE and tell them about installing latest patch. For them it is
better to have something which may not ensure 100% safety (and what does?)
but at least catches known animals and protects them against their mistakes.
In this case even false sense of security is better than no security. Weird,
but infected lusers computers cause problems for others and whole 'Net.

Personally, I never used any AV and never had a virus or worm. But I know
rather clever people who use computers just as a tools and which were
infected because or IE/OE exploits. Some I persuaded to use different
browser and mailer and for the rest it is better to have some AV.

What is the best AV is questionable, I also heard good references about
NOD32. But there is no question the worst AV is.

Best regards,

Michal Vodicka
UPEK, Inc.
[xxxxx@upek.com, http://www.upek.com]

---

From:
xxxxx@lists.osr.com[SMTP:xxxxx@lists.osr.com] on
behalf of ivona prenosilova[SMTP:xxxxx@post.cz]
Reply To: Windows System Software Devs Interest List
Sent: Wednesday, January 12, 2005 7:04 PM
To: Windows System Software Devs Interest List
Subject: Re[2]: [ntdev] Norton Antivirus

Hello,

Wednesday, January 12, 2005, 4:25:10 PM, you wrote:

i find these what’s the best antivirus discussion funny. even though i
agree with Jamey that nod32 is the best av it is still useless.

today mainly worms that uses exploits not social engineering are
spreading. maybe some of you have read those papers about how far this
year worms spread, how it is dangerous and that you should buy
<put_a_name_here> to protect yourself and in that in the future worms
> will spread even faster! usual pr crap. now, if worms in next year
> will spread so fast that they’ll have their peak behind them after 15
> minutes and AV vendors are able to respond in 2 hours and release their
> database diff.(if they’re fast) for what are there general av programs
> for?
>
> maybe some of you read that <put_a_name_here> AV program can detect
> over 100k viruses. oh, what a number!? how many viruses/worms have you
> met on your machine? 100k? maybe 10 that are ITW on top. for what you
> need av program that can catch 100k viruses?
>
> av programs today are unable to cure most of the viruses they
> detect. that’s funny, because they’ll tell you you have an infection
> and they cannot cure that so it will be the best thing for you to do
> to reformat/reinstall all your stuff. heh. so better if you’re machine
> starts to behave abnormally forget the av program and
> reformat/reinstall on your own. it will safe you some bucks.
>
> one-purpose av programs, personal firewalls, next generation networks,
> that are able to detect massive worm spreading, behaviour blockers etc
> is the way to go. forget todays general av programs, they’re useless,
> they just eat resources on your box as they’re overbloated.
>
> –
> Best regards,
> Ivona Prenosilova
>
>
> —
> Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256
>
> You are currently subscribed to ntdev as: xxxxx@upek.com
> To unsubscribe send a blank email to xxxxx@lists.osr.com
>

—
Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256

You are currently subscribed to ntdev as: unknown lmsubst tag argument: ‘’
To unsubscribe send a blank email to xxxxx@lists.osr.com

—
Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256

You are currently subscribed to ntdev as: xxxxx@tfb.com
To unsubscribe send a blank email to xxxxx@lists.osr.com

NOD32 1.969 (20050112) Information

This message was checked by NOD32 antivirus system.
http://www.nod32.com</put_a_name_here></put_a_name_here>

Jamey,

Honestly I agree with this. Actually no-one should getaway with crapy
software. But come to think of it, it is very very hard to define/measure
what is/are crapy software. Of course, that does not leave much room for an
excuse, but in general we can not say that all the AV FW etc are bad.

My next try would be NOD32 :).

-pro
-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com]On Behalf Of Jamey Kirby
Sent: Thursday, January 13, 2005 7:52 AM
To: Windows System Software Devs Interest List
Subject: RE: Re[2]: [ntdev] Norton Antivirus

DISCLAIMER: I am in no way associated with ESET.

NOD32 is by far the most reliable and solid AV software I have ever used.
Let’s not let companies like Symantec get away with flooding the market with
crappy software. If you need AV software, try NOD32. To date, I have
experienced zero conflicts.

www.nod32.com

Jamey

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Prokash Sinha
Sent: Thursday, January 13, 2005 10:10 AM
To: Windows System Software Devs Interest List
Subject: RE: Re[2]: [ntdev] Norton Antivirus

Michal,

My experience with virus is horrible !!!

I have on domain, and I can get a slab of 8 to 10 fixed ip ( old
fashioned ). Started using BlackICE ( not quite AV), but a firewall back in
1998, before that I was experiencing heavy knocks to my machines, and it was
constantly spoofing my machine(s)…

Then when personal firwall and AV combination(s) came along, I switched over
to ZoneAlarm P-fw, and norton/Mcaffee AV and that also did not leave me w/o
hits, though much less provided I keep the updates ( that is also some time
behind time ).

In an office env., or in a home env with a router ( syslink etc ),
penetration is much harder even w/o firewall/av due to NAT feature, but most
office router and personal router now-a-days have firewall/av types
firmware, and Norton plays a big role there.
IHMO, there are old softwares, that might surface as incompatibilites and/or
security bugs, and NAV happens to be one. They are usually monstorous,
having touched by zillion developers, w/o sufficient design abstarct etc.,
so it makes doubly difficult for major architectural renovation…

There are companies they are also into analysis tools to find holes in
binaries to attack this worm/virus problems and they are doing fine. May be
I dont know enough of technology, so I think it is at this point vital to
have a good grasp of what solutions these security people are providing. I
bet they can’t be that WRONG, as some of you trying to stress !!!

-pro

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com]On Behalf Of Michal Vodicka
Sent: Wednesday, January 12, 2005 1:13 PM
To: Windows System Software Devs Interest List
Subject: RE: Re[2]: [ntdev] Norton Antivirus

Take is from ordinal user perspective. There is a lot of known worms and
viruses in the wild and why? Just because of lusers who don’t use AVs,
firewalls and don’t know safe procedures how to protect themselves. Most of
them use IE/OE and tell them about installing latest patch. For them it is
better to have something which may not ensure 100% safety (and what does?)
but at least catches known animals and protects them against their mistakes.
In this case even false sense of security is better than no security. Weird,
but infected lusers computers cause problems for others and whole 'Net.

Personally, I never used any AV and never had a virus or worm. But I know
rather clever people who use computers just as a tools and which were
infected because or IE/OE exploits. Some I persuaded to use different
browser and mailer and for the rest it is better to have some AV.

What is the best AV is questionable, I also heard good references about
NOD32. But there is no question the worst AV is.

Best regards,

Michal Vodicka
UPEK, Inc.
[xxxxx@upek.com, http://www.upek.com]

---

From:
xxxxx@lists.osr.com[SMTP:xxxxx@lists.osr.com] on
behalf of ivona prenosilova[SMTP:xxxxx@post.cz]
Reply To: Windows System Software Devs Interest List
Sent: Wednesday, January 12, 2005 7:04 PM
To: Windows System Software Devs Interest List
Subject: Re[2]: [ntdev] Norton Antivirus

Hello,

Wednesday, January 12, 2005, 4:25:10 PM, you wrote:

i find these what’s the best antivirus discussion funny. even though i
agree with Jamey that nod32 is the best av it is still useless.

today mainly worms that uses exploits not social engineering are
spreading. maybe some of you have read those papers about how far this
year worms spread, how it is dangerous and that you should buy
<put_a_name_here> to protect yourself and in that in the future worms
> will spread even faster! usual pr crap. now, if worms in next year
> will spread so fast that they’ll have their peak behind them after 15
> minutes and AV vendors are able to respond in 2 hours and release their
> database diff.(if they’re fast) for what are there general av programs
> for?
>
> maybe some of you read that <put_a_name_here> AV program can detect
> over 100k viruses. oh, what a number!? how many viruses/worms have you
> met on your machine? 100k? maybe 10 that are ITW on top. for what you
> need av program that can catch 100k viruses?
>
> av programs today are unable to cure most of the viruses they
> detect. that’s funny, because they’ll tell you you have an infection
> and they cannot cure that so it will be the best thing for you to do
> to reformat/reinstall all your stuff. heh. so better if you’re machine
> starts to behave abnormally forget the av program and
> reformat/reinstall on your own. it will safe you some bucks.
>
> one-purpose av programs, personal firewalls, next generation networks,
> that are able to detect massive worm spreading, behaviour blockers etc
> is the way to go. forget todays general av programs, they’re useless,
> they just eat resources on your box as they’re overbloated.
>
> –
> Best regards,
> Ivona Prenosilova
>
>
> —
> Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256
>
> You are currently subscribed to ntdev as: xxxxx@upek.com
> To unsubscribe send a blank email to xxxxx@lists.osr.com
>

—
Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256

You are currently subscribed to ntdev as: unknown lmsubst tag argument: ‘’
To unsubscribe send a blank email to xxxxx@lists.osr.com

—
Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256

You are currently subscribed to ntdev as: xxxxx@tfb.com
To unsubscribe send a blank email to xxxxx@lists.osr.com

NOD32 1.969 (20050112) Information

This message was checked by NOD32 antivirus system.
http://www.nod32.com

—
Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256

You are currently subscribed to ntdev as: xxxxx@garlic.com
To unsubscribe send a blank email to xxxxx@lists.osr.com</put_a_name_here></put_a_name_here>