Anti Virus Solutions That Use Their Own Boot CD?

From: "Will" <westes-usc@noemail.nospam>



| The idea of combining multiple anti-virus programs to one integrated
| environment is nice. You would think someone would have figured out how to
| sell that as a subscription service and then send out a new CD every two
| weeks and charge for it? I would gladly pay and do not have the time to
| put these kinds of packages together and then constantly update them.

| --
| Will

I provide the Multi AV Scanning Tool as CareWare.

If you find the tool useful and it has helped you -- Don't donate to me, donaye to
charity. :-)


--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp

The Kaspersky boot CD simply shuts down the computer when it gets to the
graphics display. It has a "safe" mode that looks like a simple bash
shell, and I have no idea what to do there. Clearly an experimental
project for them....

The Avira boots, but it looks like a very simple tool.

--
Will

"David B." <mail@nomail.net> wrote in message
news:ep8e91Q3IHA.2524@TK2MSFTNGP04.phx.gbl...
> Both Avira and Kaspersky have a free boot CD scanner available.
>
> http://www.free-av.com/en/tools/12/a...ue_system.html
> http://ftp.kaspersky.com/devbuilds/RescueDisk/
>
> --
>
> ----
> Crosspost, do not multipost http://www.blakjak.demon.co.uk/mul_crss.htm
> How to ask a question http://support.microsoft.com/kb/555375
>
>
>
> "Will" <westes-usc@noemail.nospam> wrote in message
> news:P-CdnR39nbGKIvbVnZ2dnUVZ_vednZ2d@giganews.com...
> > Can someone recommend an anti-virus solution that lets you build a boot
CD
> > that will inspect the NTFS file system for trojans or viruses without
any
> > need to boot the OS on the file system you are inspecting?
> >
> > --
> > Will
> >
> >
>

> "Doug McIntyre" <merlyn@geeks.org> wrote in message
> news:486bd948$0$60075$8046368a@newsreader.iphouse. net...
>> "Will" <westes-usc@noemail.nospam> writes:
>>> Can someone recommend an anti-virus solution that lets you build a
>>> boot CD that will inspect the NTFS file system for trojans or
>>> viruses without any need to boot the OS on the file system you are
>>> inspecting?
>>
>> Thats not going to be too common, because its not a very effective
>> model for ongoing A/V protection.
>
> Day-to-day protection has to balance many different issues like
> intrusiveness and performance on a system under use. It's very easy
> to subvert modern virus checking programs with root kit viruses. The
> rootkit simply rewrites kernel functions and reports back to the
> virus checker only the data it wants the checker to see.
>
> Booting from a standalone CD is the only approach that guarantees
> that all files on the file system can be inspected by an OS and
> application that is not under control of a trojan or rootkit. It
> would be an extremely good way of checking for hidden files or
> folders that would otherwise be hidden from view if the rootkit were
> active.
> It's a shame if no anti-virus vendor has seen to create such a
> bootable CD.

Norton and, I think McAfee both allow that, actually. The only gotcha
is that only PART of the inspection can be done that way. Since virus
profiles are constantly changing, it will still have to access the drive
to get those signatures. But, it's still a very reliable way of
handling infections on PCs. A CD, once written and its session closed,
is not going to be affected by any virus or malware of any kind. So,
yes, the do it with the exception of using the signature files on the
hard drive.
I can't understand why everyone is saying no one does it; I just
pulled out my CD to make sure I'm right, and, well, I'm right! <g>.
Toss it in the drive, boot from it, the AV process automagically starts,
and off we go. It's not new; been this way for a long, long time.

"Twayne" <nobody@devnull.spamcop.net> wrote in message
news:eRJPHGj3IHA.3500@TK2MSFTNGP05.phx.gbl...
> > "Doug McIntyre" <merlyn@geeks.org> wrote in message
> > news:486bd948$0$60075$8046368a@newsreader.iphouse. net...
> >> "Will" <westes-usc@noemail.nospam> writes:
> >>> Can someone recommend an anti-virus solution that lets you build a
> >>> boot CD that will inspect the NTFS file system for trojans or
> >>> viruses without any need to boot the OS on the file system you are
> >>> inspecting?
> >>
> >> Thats not going to be too common, because its not a very effective
> >> model for ongoing A/V protection.
> >
> > Day-to-day protection has to balance many different issues like
> > intrusiveness and performance on a system under use. It's very easy
> > to subvert modern virus checking programs with root kit viruses. The
> > rootkit simply rewrites kernel functions and reports back to the
> > virus checker only the data it wants the checker to see.
> >
> > Booting from a standalone CD is the only approach that guarantees
> > that all files on the file system can be inspected by an OS and
> > application that is not under control of a trojan or rootkit. It
> > would be an extremely good way of checking for hidden files or
> > folders that would otherwise be hidden from view if the rootkit were
> > active.
> > It's a shame if no anti-virus vendor has seen to create such a
> > bootable CD.
>
> Norton and, I think McAfee both allow that, actually. The only gotcha
> is that only PART of the inspection can be done that way. Since virus
> profiles are constantly changing, it will still have to access the drive
> to get those signatures. But, it's still a very reliable way of
> handling infections on PCs. A CD, once written and its session closed,
> is not going to be affected by any virus or malware of any kind. So,
> yes, the do it with the exception of using the signature files on the
> hard drive.
> I can't understand why everyone is saying no one does it; I just
> pulled out my CD to make sure I'm right, and, well, I'm right! <g>.
> Toss it in the drive, boot from it, the AV process automagically starts,
> and off we go. It's not new; been this way for a long, long time.

What you are describing is a way to run a virus checker from a CD after
booting the OS on the affected system. The problem with that approach is
that a rootkit virus can alter the operating system calls to disguise what
is on the disk.

The c:\windows folder might contain a subdirectory named evilvirustoolkit,
but as long as you boot your OS under the control of the rootkit that folder
stays invisible to every application on the system, including your virus
checker.

What I was asking for was a virus checker that boots from *its own operating
system embedded on a CD*. That way there is no involvement with infected
OS code on the system being inspected.

--
Will

"Will" <westes-usc@noemail.nospam> wrote in message
news:JfydnQ3UJ91BXPPVnZ2dnUVZ_hOdnZ2d@giganews.com ...
> "Twayne" <nobody@devnull.spamcop.net> wrote in message
> news:eRJPHGj3IHA.3500@TK2MSFTNGP05.phx.gbl...
>> > "Doug McIntyre" <merlyn@geeks.org> wrote in message
>> > news:486bd948$0$60075$8046368a@newsreader.iphouse. net...
>> >> "Will" <westes-usc@noemail.nospam> writes:
>> >>> Can someone recommend an anti-virus solution that lets you build a
>> >>> boot CD that will inspect the NTFS file system for trojans or
>> >>> viruses without any need to boot the OS on the file system you are
>> >>> inspecting?
>> >>
>> >> Thats not going to be too common, because its not a very effective
>> >> model for ongoing A/V protection.
>> >
>> > Day-to-day protection has to balance many different issues like
>> > intrusiveness and performance on a system under use. It's very easy
>> > to subvert modern virus checking programs with root kit viruses. The
>> > rootkit simply rewrites kernel functions and reports back to the
>> > virus checker only the data it wants the checker to see.
>> >
>> > Booting from a standalone CD is the only approach that guarantees
>> > that all files on the file system can be inspected by an OS and
>> > application that is not under control of a trojan or rootkit. It
>> > would be an extremely good way of checking for hidden files or
>> > folders that would otherwise be hidden from view if the rootkit were
>> > active.
>> > It's a shame if no anti-virus vendor has seen to create such a
>> > bootable CD.
>>
>> Norton and, I think McAfee both allow that, actually. The only gotcha
>> is that only PART of the inspection can be done that way. Since virus
>> profiles are constantly changing, it will still have to access the drive
>> to get those signatures. But, it's still a very reliable way of
>> handling infections on PCs. A CD, once written and its session closed,
>> is not going to be affected by any virus or malware of any kind. So,
>> yes, the do it with the exception of using the signature files on the
>> hard drive.
>> I can't understand why everyone is saying no one does it; I just
>> pulled out my CD to make sure I'm right, and, well, I'm right! <g>.
>> Toss it in the drive, boot from it, the AV process automagically starts,
>> and off we go. It's not new; been this way for a long, long time.
>
> What you are describing is a way to run a virus checker from a CD after
> booting the OS on the affected system.

Re-read what Twayne wrote: "Toss it in the drive, boot from it, the AV
process automagically starts". to me that means booting from the CD, not
booting the OS installed on the machine.

/Al

> The problem with that approach is
> that a rootkit virus can alter the operating system calls to disguise what
> is on the disk.
>
> The c:\windows folder might contain a subdirectory named evilvirustoolkit,
> but as long as you boot your OS under the control of the rootkit that
> folder
> stays invisible to every application on the system, including your virus
> checker.
>
> What I was asking for was a virus checker that boots from *its own
> operating
> system embedded on a CD*. That way there is no involvement with infected
> OS code on the system being inspected.
>
> --
> Will
>
>

"Al Dunbar" <AlanDrub@hotmail.com.nospaam> wrote in message
news:u1dZcsl3IHA.4988@TK2MSFTNGP04.phx.gbl...
>
> "Will" <westes-usc@noemail.nospam> wrote in message
> news:JfydnQ3UJ91BXPPVnZ2dnUVZ_hOdnZ2d@giganews.com ...
>> "Twayne" <nobody@devnull.spamcop.net> wrote in message
>> news:eRJPHGj3IHA.3500@TK2MSFTNGP05.phx.gbl...
>>> > "Doug McIntyre" <merlyn@geeks.org> wrote in message
>>> > news:486bd948$0$60075$8046368a@newsreader.iphouse. net...
>>> >> "Will" <westes-usc@noemail.nospam> writes:
>>> >>> Can someone recommend an anti-virus solution that lets you build a
>>> >>> boot CD that will inspect the NTFS file system for trojans or
>>> >>> viruses without any need to boot the OS on the file system you are
>>> >>> inspecting?
>>> >>
>>> >> Thats not going to be too common, because its not a very effective
>>> >> model for ongoing A/V protection.
>>> >
>>> > Day-to-day protection has to balance many different issues like
>>> > intrusiveness and performance on a system under use. It's very easy
>>> > to subvert modern virus checking programs with root kit viruses. The
>>> > rootkit simply rewrites kernel functions and reports back to the
>>> > virus checker only the data it wants the checker to see.
>>> >
>>> > Booting from a standalone CD is the only approach that guarantees
>>> > that all files on the file system can be inspected by an OS and
>>> > application that is not under control of a trojan or rootkit. It
>>> > would be an extremely good way of checking for hidden files or
>>> > folders that would otherwise be hidden from view if the rootkit were
>>> > active.
>>> > It's a shame if no anti-virus vendor has seen to create such a
>>> > bootable CD.
>>>
>>> Norton and, I think McAfee both allow that, actually. The only gotcha
>>> is that only PART of the inspection can be done that way. Since virus
>>> profiles are constantly changing, it will still have to access the drive
>>> to get those signatures. But, it's still a very reliable way of
>>> handling infections on PCs. A CD, once written and its session closed,
>>> is not going to be affected by any virus or malware of any kind. So,
>>> yes, the do it with the exception of using the signature files on the
>>> hard drive.
>>> I can't understand why everyone is saying no one does it; I just
>>> pulled out my CD to make sure I'm right, and, well, I'm right! <g>.
>>> Toss it in the drive, boot from it, the AV process automagically starts,
>>> and off we go. It's not new; been this way for a long, long time.
>>
>> What you are describing is a way to run a virus checker from a CD after
>> booting the OS on the affected system.
>
> Re-read what Twayne wrote: "Toss it in the drive, boot from it, the AV
> process automagically starts". to me that means booting from the CD, not
> booting the OS installed on the machine.

I guess I can go buy one and find out. I did read what he wrote, but
somehow thought he didn't mean it as he literally said it.

--
Will


>> The problem with that approach is
>> that a rootkit virus can alter the operating system calls to disguise
>> what
>> is on the disk.
>>
>> The c:\windows folder might contain a subdirectory named
>> evilvirustoolkit,
>> but as long as you boot your OS under the control of the rootkit that
>> folder
>> stays invisible to every application on the system, including your virus
>> checker.
>>
>> What I was asking for was a virus checker that boots from *its own
>> operating
>> system embedded on a CD*. That way there is no involvement with
>> infected
>> OS code on the system being inspected.
>>
>> --
>> Will
>>
>>
>
>

Haven't seen that behavior on any machines I've run it on.
Simple means nothing, as long as it accomplishes the task it's designed to
do, which is scan for nasties.

--

----
Crosspost, do not multipost http://www.blakjak.demon.co.uk/mul_crss.htm
How to ask a question http://support.microsoft.com/kb/555375



"Will" <westes-usc@noemail.nospam> wrote in message
news:qISdndd-R45dNPPVnZ2dnUVZ_sednZ2d@giganews.com...
> The Kaspersky boot CD simply shuts down the computer when it gets to the
> graphics display. It has a "safe" mode that looks like a simple bash
> shell, and I have no idea what to do there. Clearly an experimental
> project for them....
>
> The Avira boots, but it looks like a very simple tool.
>
> --
> Will
>
> "David B." <mail@nomail.net> wrote in message
> news:ep8e91Q3IHA.2524@TK2MSFTNGP04.phx.gbl...
>> Both Avira and Kaspersky have a free boot CD scanner available.
>>
>> http://www.free-av.com/en/tools/12/a...ue_system.html
>> http://ftp.kaspersky.com/devbuilds/RescueDisk/
>>
>> --
>>
>> ----
>> Crosspost, do not multipost http://www.blakjak.demon.co.uk/mul_crss.htm
>> How to ask a question http://support.microsoft.com/kb/555375
>>
>>
>>
>> "Will" <westes-usc@noemail.nospam> wrote in message
>> news:P-CdnR39nbGKIvbVnZ2dnUVZ_vednZ2d@giganews.com...
>> > Can someone recommend an anti-virus solution that lets you build a boot
> CD
>> > that will inspect the NTFS file system for trojans or viruses without
> any
>> > need to boot the OS on the file system you are inspecting?
>> >
>> > --
>> > Will
>> >
>> >
>>
>
>