Myths about Dr.Web Antivirus
The quantity of unbelievable myths spread on the Internet about Dr.Web Antivirus is a constant source of surprise for our company. We have decided to collect the myths we could find about Dr.Web Antivirus and ask you too to send us myths about our product!
|Myths about degree of protection of Dr.Web||Myths about SpIDer Mail|
|Myths about updates and Dr.Web virus databases|
They say, that in a computer scanned by the Dr.Web Antivirus another antivirus program can find viruses.
To explain why this could happen, you should understand what code is considered by Dr.Web as a virus. By viruses the developers of Dr.Web mean only runnable (operable) computer codes which may damage a computer. The damaged, non-operable codes are not included into Dr.Web virus database, but such codes are often included into virus databases by other av-vendors. We do not strive to supplement our virus database with non-working signatures (virus entries), which only make its size bigger, but give no real protection to users. Besides, the message on the computer screen that a "virus" was found may only threaten a user. If the code cannot be run, it is not a virus, it is not a Troj - it is nothing and is not included, as a rule, into Dr.Web virus database.
If a user suspects a file or files are infected, he may send them for analysis to Dr.Web Antivirus Laboratory.
They say, that SpIDer Guard does not operate in Core Duo processors and Hyper-Treading technology by Intel.
This is not true. SpIDer Guard perfectly operates in all Windows-based systems — 95/98/Me/NT4/2000/XP/2003/2003 R2, including those with Core Duo processors and processos with Hyper-Threading technology.
They say, Dr.Web cannot be installed on notebooks, as it is too resource-consuming for notebooks.
Notebooks are the same computers as desktops. But they have less operating memory, less powerful processors. That is why people often think an anti-virus protracts a notebook's operation much more than a desktop's operation. Another feature of all notebooks, they slow read information from hard drives - this is their weak point. Consequently, the scanning of hard drives by an anti-virus takes a little more time, which is natural.
They say, Dr.Web's GUI has not changed since the day Dr.Web was born.
If we speak about Dr.Web's scanner GUI - yes, its main window (and not the whole GUI!) has not changed. But the beauty of the interface is not of top priority with anti-viruses! The main function of the anti-virus is to detect malware and cure computers from viruses. Let us take as example console scanners. They do not have any GUI at all, but they perfectly protect computers, as good as GUI-scanner does.
There is a myth that Dr.Web Antivirus does not check critical parts of the system and startup files.
This is a myth. The Dr.Web scanner and SpIDer Guard (XP and Me) scan boot sectors of drives, as well as startup files and cure them, if necessary.
Man sagt, dass Dr.Web über keine Inspektionsfunktion verfüge. Diese Funktion sei in anderen Antivirenprogrammen enthalten und sorge dafür, dass einmal geprüfte Objekte nicht mehr durchsucht werden. Die erneute Prüfung erfolge nur nach dem Update der Virendatenbanken. Dadurch werde auch die Prüfungszeit verringert.
Der Datei-Wächter SpIDer Guard, mit dem Dr.Web ausgerüstet ist, verfügt über eine solche Funktion und prüft nicht die bereits durchsuchten Dateien. Das aber vor dem nächsten Update der Virendatenbanken. Nach dem Update der Virendatenbanken können wir nicht sicher sein, dass die geprüften Dateien wirklich harmlos sind. Nach jedem Update wird auch die Datenbank von geprüften Dateien aktualisiert. Alle anderen Algorithmen und Funktionsverfahren stellen nach Ansicht unserer Sicherheitsspezialisten eine Gefahr für das Sicherheitssystem des Computers dar.
There is a myth that Dr.Web Antivirus "knows" small number of archives and that is why the level of its protection is not sufficient.
This is a myth. Dr.Web knows many types of archives. At present they are:
ZIP, 7ZIP, ARJ, RAR, LHA, HA, GZIP, TAR, BZIP2, MS CAB, WISE, MSI, (ISO, CPIO, RPM, DEB release is coming soon - follow news!). Their quantity is constantly increasing. Besides, Dr.Web Antivirus knows many packers, some of them are supported now by Dr.Web Antivirus only! Here is the list of just some of them.
There is a myth that Dr.Web Antivirus is not reliable enough as it does not cure viruses in archives.
Each anti-virus program has its own unique concept of building of av-protection. Dr.Web does not cure viruses in archives, but this does not decrease the level of protection it provides comparing to other similar programs on the market, which is constantly proved by numerous Virus Bulletin awards. Dr.Web perfectly detects viruses in archives and with SpIDer Guard constantly enabled such a virus has no chances to get outside the infected archive and infect a system. Besides, one must know, that there are a few programs which can cure all viruses they can detect in an infected archive! To "cure archives" means to cure all archives where a program can detect viruses. It is not only to cure or delete the infected file inside the archive, the archive should be packed back to make its content accessible for a user. In most cases such "re-packing" is impossible without licenses of the archiver’s algorithm. If the av-developer says he can cure acrhives - ask him to show all these licenses!
There is a myth that in the Dr.Web Antivirus there is no option to specify the part of the drive to be controlled by the anti-virus and thus to increase the speed of operation of the anti-virus.
Developers of Dr.Web Antivirus believe, that such functionality is a potential vulnerability and the idea of such "selective, partial" protection is harmful, as users are offered a protection of a part instead of providing protection for the whole system. Potentially a virus can infect any part of the drive. We are not ready to increase operation speed of the anti-virus at the expense of a critical decrease of protection degree.
There is a myth that Dr.Web Antivirus has no option to set several scanning tasks at a time.
This is not true. One can run several GUI-scanners simultaneously and scan simultaneously several partitions of the hard drive. This will result in considerable increase of scan time.
There is a myth that in Dr.Web Antivirus there is no option to temporary interrupt scanning.
This is not true. The scanning can be interrupted in the GUI-scanner.
There is a myth that monitoring in Dr.Web Antivirus cannot be terminated during the operation of resource consuming applications.
This is a myth. In SpIDer Guard XP, SpIDer Guard Me, SpIDer Mail the monitoring can be temporarily terminated. In SpIDer Guard XP this option is enabled by default. In other modules the ini-file should be configured accordingly.
There is a myth that Dr.Web Antivirus works so fast because it does not "know" macro viruses in documents of MS Office and therefore does not check such documents.
This is a myth. Dr.Web knows macro viruses of all formats of MS Office documents long ago. In addition, there are certain algorithms in Dr.Web’s heuristic analyzer which help to detect new macro viruses.
There is a myth that Dr.Web Antivirus does not have an option to specify actions for all types of threats.
This is not true, there are such setting options for each types of malware:
- curable viruses;
- incurable viruses;
- joke programs;
- hacker tools.
There is a myth that Dr.Web Antivirus cannot be installed on the already infected machine.
This is a myth. This could be done earlier and can be done till today. Its high virus resistance distinguishes Dr.Web from all similar programs on the market. Besides, Dr.Web can be run without installation into the system from any movable media (for example, from compact disk or USB-stick).
There is a myth that the function of a system scanning before installation implemented in Dr.Web Antivirus does not safeguard installation of the anti-virus on the already infected machine
This is not true. In the already infected system most viruses can be disinfected by Dr.Web during scanning of memory and startup files during the installation. Additionally, before scanning, during the installation procedure, the virus databases can be updated – and this is the installation routine. Thus, installing Dr.Web, a user receives the latest available add-ons to the virus database, and not those burnt onto a CD with distribution.
There is a myth that in Dr.Web Antivirus there is no option for specifying exclusions for scanned applications.
This is not true. Any file or a directory can be excluded from scanning in any components of Dr.Web.
There is a myth that Dr.Web Antivirus does not have a behavior blocker
This is partially true. What can be called parts of a behavior blocker in Dr.Web are:
- virus activity control function in SpIDer Mail;
- virus activity control function in SpIDer Guard Me;
In addition to it, Dr.Web has a powerful heuristic analyzer which gets constantly perfect and is being changed almost with every add-on.
There is a myth that Dr.Web Antivirus does not check HTTP-traffic “on the fly”.
This is partially true. Full support of scanning of HTTP-traffic “on the fly” is implemented in SpIDer Gate beta-version (read our news of 29.12.2005). SpIDer Gate’s functionality will supplement firewalls. Firewalls shut system vulnerabilities, prevent possible attempts of malefactors to hack a system, but they cannot scan files downloaded by users from the internet (files, mails, etc.). Such files may contain Trojan programs, networkaware and mail worms, other malware.
Dr.Web SpIDer Guard can perfectly detect malware, including those brought via browsers. This is not a full scanning of HTTP-traffic but any malware which can be brought into a system via HTTP will be stopped for sure. SpIDer Gate module will reduce load on a system when the only source of infection is HTTP.
There is a myth that Dr.Web Antivirus must have a firewall because some other av-vendors deliver firewalls too.
Firewall and antivirus – are programs of very different nature. A simple example. You will hardly ask a director of a tank plant why they do not manufacture warships, though both are means of war. Anti-virus performs its definite functions, analyzes objects on the drive and in the computer memory. Firewall analyzes packages transferred on the network. None of anti-virus programs contains a firewall, though one can find a firewall in the box with anti-virus of the same developer, but it does not mean this firewall is inbuilt into the anti-virus.
Some vendors offer firewalls together with anti-virus for better protection but firewall is not an obligatory components of the anti-virus. Anti-viruses, fiewalls and anti-spyware programs are absolutely different types of data security programs.
There is a myth that Dr.Web Antivirus is a resource consuming program.
This is a myth. Dr.Web is one of the most resource-sparing anti-virus. The distribution of Dr.Web Antivirus is one of the smallest - around 9 MB and it requires 12-15 МB of free space only.
Besides, the programs has special setting options which allow to spare even more computer resources – but at the expense of the user’s security. Any rush for speed and resource sparing is made at the expense of the protection level. Dr.Web huge advantage in comparison with other similar products - options of fine tuning.
We often read different comparative reviews on many IT-related media. Sometimes they present Dr.Web as the most resource consuming AV, while other products are represented as much less resource consuming. This is a simple trick and implying it any anti-virus can be presented as rather resource greedy. Everything depends on what moment of testing the measurement was made. To be objective, all anti-virus of the test should be measured under the same conditions, for example, when large archive is being checked. But this is done very seldom – on anti-virus, (which bought much advertising) is measured during the time-out, the competitor – during the check of the gigantic archive. Such reviews give birth to such myth.
There is a myth that Dr.Web Antivirus does not support Windows 98, Me, NT 4.0
This is a myth. Dr.Web Antivirus supports all versions of Windows - 95 OSR2 (some AV-vendors have long refused to support them) /98/Me/NT4.0/2000/XP/2003, including server platforms . Besides, Dr.Web supports MS DOS, PC DOS, OS/2.
There is a myth that Dr.Web Antivirus does not check archives "on the fly" before the archive is written on the hard drive.
This is a myth. With SpIDer Guard enabled, archives are checked "on the fly" , before they are written on the drive, similar check is made with other objects. But anti-virus developers do not recommend to have this option constantly enabled.
There is a myth that Dr.Web Antivirus cannot restore a system after infection.
It is true if we speak about the situation when system files were damaged by a virus. But to restore system files is not a function of an anti-virus. For this there are special backup programs and standard system restoration tools inbuilt into Windows. Indeed, several AV-vendors often say their anti-virus can restore system after infection, but we do not know what they mean.
There is a myth that Dr.Web Antivirus cannot check messages received via IMAP "on the fly" regardless the mail client used.
This is a myth. 11.05.2006 updated version of SpIDer Mail was released. Now Dr.Web checks messages via IMAP\NNTP “on the fly” regardless the mail client type. At present Dr.Web is the only program which correctly processes such mails.
There is a myth that in Dr.Web Antivirus there is no option for specifying port number in settings for scanning of mail traffic
This is a myth. Port number can be specified in SpIDer Mail. For experienced users there is a setting option of manual interceptions of ports via which the mail traffic goes. For ordinary users, automatic interception sis set by default.
There is a myth that Dr.Web’s virus database is updated only once a week
This is a myth. A user can check the frequency of "hot" add-on release and its content here. This myths was born because in addition to hot add-ons Dr.Web releases weekly add-ons. virus databases of Dr.Web for Windows are set to be updated hourly by default.
There is a myth that Dr.Web Antivirus virus databases is the most compact because it knows "few" viruses.
This is not true. Dr.Web specialist work very hard to optimize as much as possible virus databases because small virus database spares computer resources and saves user time. New version of the Dr.Web Antivirus which is to be released this year the scanning speed will increase in times, due to the optimization of the scanning algorithms.
There is a myth that Dr.Web’s virus databases is the most compact because old viruses are excluded from it that is why it is so compact and the scanning speed is so high.
This is not true. We never delete old viruses from the virus database. And the best proof of it is successful participation in the comparative reviews of the most authoritative magazine Virus Bulletin. The anti-virus programs are tested on the collections where viruses of almost all generations are kept.
There is a myth that Dr.Web Antivirus does not provide a tool for a scheduled update
This is a myth. Dr.Web has its own Scheduler. It is installed by default and it has a default task to receive database add-ons once an hour. But a user can modify this task to update many times an hour!