Norton Warning

[Paul]

MacAfee is not a heap of junk but my new computer (two years ago) came
with a free 90 day trial of MacAfee. After 15 days I began to get
messages encouraging me to buy the real thing. These reached a daily
frequency and I got so irked that I decided to buy Norton. I have not
detected anything that Norton seems to have missed.

To check your setup, introduce a copy of EICAR.
Convenient link at the bottom of the page.

http://en.wikipedia.org/wiki/EICAR_test_file

I placed a file like that, on one of my drives, ran a scanner
over it, and it got picked up.

And I've had a couple scanning tools, where I wondered whether
they could actually pick *anything* up (TrendMicro web scanning thingy???).
Too bad I didn't learn about that test file, sooner.

And here's a scan of the file. Two AVs don't make any notation! Quality.

https://www.virustotal.com/en/file/...9d1663fc695ec2fe2a2c4538aabf651fd0f/analysis/

The file downloads as eicar.com.txt, so you can read it or open in Notepad.
If you change the extension, make it eicar.com, then you can "run it".

Paul

 

[James Silverton]

To check your setup, introduce a copy of EICAR.
Convenient link at the bottom of the page.

http://en.wikipedia.org/wiki/EICAR_test_file

I placed a file like that, on one of my drives, ran a scanner
over it, and it got picked up.

And I've had a couple scanning tools, where I wondered whether
they could actually pick *anything* up (TrendMicro web scanning thingy???).
Too bad I didn't learn about that test file, sooner.

And here's a scan of the file. Two AVs don't make any notation! Quality.

https://www.virustotal.com/en/file/...9d1663fc695ec2fe2a2c4538aabf651fd0f/analysis/


The file downloads as eicar.com.txt, so you can read it or open in Notepad.
If you change the extension, make it eicar.com, then you can "run it".

Thanks for the suggestion but, since Norton has been shown to detect
EICAR, I can't see what the point is in having my own installation of
Norton also find it.

 

[Paul]

Thanks for the suggestion but, since Norton has been shown to detect
EICAR, I can't see what the point is in having my own installation of
Norton also find it.

Just play with it.

That's why we do this stuff. For fun.

Can you sneak an EICAR on your system ? Or is it caught immediately, no
matter how you try to introduce it ? Put an EICAR on a USB flash drive,
plug in into the "armored" computer. Is it scanned and caught immediately ?
Or only caught when you try to run it ?

If malware ever disables your AV, so in fact all malware detection is disabled,
then your attempts to introduce EICAR, will work every time. That's the
situation you'd be checking for - a disarmed AV.

Paul

 

[James Silverton]

Just play with it.

That's why we do this stuff. For fun.

Can you sneak an EICAR on your system ? Or is it caught immediately, no
matter how you try to introduce it ? Put an EICAR on a USB flash drive,
plug in into the "armored" computer. Is it scanned and caught immediately ?
Or only caught when you try to run it ?

If malware ever disables your AV, so in fact all malware detection is
disabled,
then your attempts to introduce EICAR, will work every time. That's the
situation you'd be checking for - a disarmed AV.

It's a long time since I did that sort of thing for fun. I use my
computers, which include an iPad as well as Windows desk and lap-tops.

 

[Dominique]

I wasn't arguing with you Bruce but with the "Heap of Junk" community. I
decided to follow your advice and removed the MacAfee virus scan without
any problems going the usual Microsoft route.

Your first step is done to remove McAfee, all you have to do now is run
this to remove any trace of McAfee on your system.

http://download.mcafee.com/products/licensed/cust_support_patches/MCPR.exe

You might want to read this before.

http://service.mcafee.com/FAQDocument.aspx?id=TS101331

 

[Char Jackson]

Thanks for the suggestion but, since Norton has been shown to detect
EICAR, I can't see what the point is in having my own installation of
Norton also find it.

These days, EICAR is of very limited value. AV programs use signature
detection and recognition to detect EICAR, but most malware these days don't
lend themselves to signature detection. As Paul suggested, use it for fun,
but that's about it.

 

[Paul]

These days, EICAR is of very limited value. AV programs use signature
detection and recognition to detect EICAR, but most malware these days don't
lend themselves to signature detection. As Paul suggested, use it for fun,
but that's about it.

I view the test, as only being useful to see if your AV
has been "neutered". I've had AV programs before, I was not
at all confident they were doing anything. Giving them some
"bait", is one way to test for that.

Paul

 

[James Silverton]

Your first step is done to remove McAfee, all you have to do now is run
this to remove any trace of McAfee on your system.

http://download.mcafee.com/products/licensed/cust_support_patches/MCPR.exe

You might want to read this before.

http://service.mcafee.com/FAQDocument.aspx?id=TS101331

I am not arguing but I am interested in what harm there is in leaving
any traces of McAfee?

 

[Paul]

I am not arguing but I am interested in what harm there is in leaving
any traces of McAfee?

One thing a "cleanup program" will do for you, is remove registry
settings the program was using. And that helps in cases, where you
plan to reinstall the program, and don't want any registry settings
from the old install sitting around.

If you download MCPR.exe, open it with 7ZIP, you can actually look at
some of the text files, as to what registry settings they'll be removing.

Paul

 

[James Silverton]

One thing a "cleanup program" will do for you, is remove registry
settings the program was using. And that helps in cases, where you
plan to reinstall the program, and don't want any registry settings
from the old install sitting around.

If you download MCPR.exe, open it with 7ZIP, you can actually look at
some of the text files, as to what registry settings they'll be removing.

I have not noticed anything untoward since removing the free McAfee
Virus scan, which I had allowed to be present for two years.

 

[Dominique]

James Silverton <[email protected]> écrivait @dont-email.me:

I am not arguing but I am interested in what harm there is in leaving
any traces of McAfee?

Probably none, if all goes well.