Anti Virus Solutions That Use Their Own Boot CD?

Can someone recommend an anti-virus solution that lets you build a boot CD
that will inspect the NTFS file system for trojans or viruses without any
need to boot the OS on the file system you are inspecting?

--
Will

"Will" <westes-usc@noemail.nospam> writes:
>Can someone recommend an anti-virus solution that lets you build a boot CD
>that will inspect the NTFS file system for trojans or viruses without any
>need to boot the OS on the file system you are inspecting?

Thats not going to be too common, because its not a very effective
model for ongoing A/V protection.

You could probably do something like this by combining together
something like BartPE or WindowsPE boot disks with Clamwin so that can
you can boot (or even PXE boot) off CD and run Clamwin to scan files
on the mounted hard drive.

Has Clamwin now gone beyond the mostly email scanning
database? I recall that Clam's original purpose had been to
look for the types of malware that you would expect to find
in the email environment and misused as an all around scanner
by many of the open source proponents.

It shouldn't be any problem inspecting the files, but affecting
them is another matter.

"Doug McIntyre" <merlyn@geeks.org> wrote in message
news:486bd948$0$60075$8046368a@newsreader.iphouse. net...
> "Will" <westes-usc@noemail.nospam> writes:
>>Can someone recommend an anti-virus solution that lets you build a boot CD
>>that will inspect the NTFS file system for trojans or viruses without any
>>need to boot the OS on the file system you are inspecting?
>
> Thats not going to be too common, because its not a very effective
> model for ongoing A/V protection.
>
> You could probably do something like this by combining together
> something like BartPE or WindowsPE boot disks with Clamwin so that can
> you can boot (or even PXE boot) off CD and run Clamwin to scan files
> on the mounted hard drive.
>
>
>
>
>

"Doug McIntyre" <merlyn@geeks.org> wrote in message
news:486bd948$0$60075$8046368a@newsreader.iphouse. net...
> "Will" <westes-usc@noemail.nospam> writes:
>>Can someone recommend an anti-virus solution that lets you build a boot CD
>>that will inspect the NTFS file system for trojans or viruses without any
>>need to boot the OS on the file system you are inspecting?
>
> Thats not going to be too common, because its not a very effective
> model for ongoing A/V protection.

Day-to-day protection has to balance many different issues like
intrusiveness and performance on a system under use. It's very easy to
subvert modern virus checking programs with root kit viruses. The rootkit
simply rewrites kernel functions and reports back to the virus checker only
the data it wants the checker to see.

Booting from a standalone CD is the only approach that guarantees that all
files on the file system can be inspected by an OS and application that is
not under control of a trojan or rootkit. It would be an extremely good
way of checking for hidden files or folders that would otherwise be hidden
from view if the rootkit were active.

It's a shame if no anti-virus vendor has seen to create such a bootable CD.

--
Will

From: "Will" <westes-usc@noemail.nospam>

| "Doug McIntyre" <merlyn@geeks.org> wrote in message
| news:486bd948$0$60075$8046368a@newsreader.iphouse. net...
>> "Will" <westes-usc@noemail.nospam> writes:
>>>Can someone recommend an anti-virus solution that lets you build a boot CD
>>>that will inspect the NTFS file system for trojans or viruses without any
>>>need to boot the OS on the file system you are inspecting?

>> Thats not going to be too common, because its not a very effective
>> model for ongoing A/V protection.

| Day-to-day protection has to balance many different issues like
| intrusiveness and performance on a system under use. It's very easy to
| subvert modern virus checking programs with root kit viruses. The rootkit
| simply rewrites kernel functions and reports back to the virus checker only
| the data it wants the checker to see.

| Booting from a standalone CD is the only approach that guarantees that all
| files on the file system can be inspected by an OS and application that is
| not under control of a trojan or rootkit. It would be an extremely good
| way of checking for hidden files or folders that would otherwise be hidden
| from view if the rootkit were active.

| It's a shame if no anti-virus vendor has seen to create such a bootable CD.

| --
| Will



The problem is by nature a CDROM is Read-Only and thus can't be updated easily. Thus, its
signature would go out of date rather rapidly.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp

Both Avira and Kaspersky have a free boot CD scanner available.

http://www.free-av.com/en/tools/12/a...ue_system.html
http://ftp.kaspersky.com/devbuilds/RescueDisk/

--

----
Crosspost, do not multipost http://www.blakjak.demon.co.uk/mul_crss.htm
How to ask a question http://support.microsoft.com/kb/555375



"Will" <westes-usc@noemail.nospam> wrote in message
news:P-CdnR39nbGKIvbVnZ2dnUVZ_vednZ2d@giganews.com...
> Can someone recommend an anti-virus solution that lets you build a boot CD
> that will inspect the NTFS file system for trojans or viruses without any
> need to boot the OS on the file system you are inspecting?
>
> --
> Will
>
>

A well-made product of the kind I am describing contains a program to create
that boot CD on demand, from the latest updates.

It's the same model that ERD Commander uses to build new recovery boot CDs,
installing different sets of device drivers on each build.

If you have a suspect computer, you would go to the "safe" computer,
download the latest virus files, then build a new boot CD and use it the
same day to do your inspection of the infected computer.

--
Will

"David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in message
news:eyW2kaP3IHA.3544@TK2MSFTNGP05.phx.gbl...
> From: "Will" <westes-usc@noemail.nospam>
>
> | "Doug McIntyre" <merlyn@geeks.org> wrote in message
> | news:486bd948$0$60075$8046368a@newsreader.iphouse. net...
> >> "Will" <westes-usc@noemail.nospam> writes:
> >>>Can someone recommend an anti-virus solution that lets you build a boot
CD
> >>>that will inspect the NTFS file system for trojans or viruses without
any
> >>>need to boot the OS on the file system you are inspecting?
>
> >> Thats not going to be too common, because its not a very effective
> >> model for ongoing A/V protection.
>
> | Day-to-day protection has to balance many different issues like
> | intrusiveness and performance on a system under use. It's very easy to
> | subvert modern virus checking programs with root kit viruses. The
rootkit
> | simply rewrites kernel functions and reports back to the virus checker
only
> | the data it wants the checker to see.
>
> | Booting from a standalone CD is the only approach that guarantees that
all
> | files on the file system can be inspected by an OS and application that
is
> | not under control of a trojan or rootkit. It would be an extremely
good
> | way of checking for hidden files or folders that would otherwise be
hidden
> | from view if the rootkit were active.
>
> | It's a shame if no anti-virus vendor has seen to create such a bootable
CD.
>
> | --
> | Will
>
>
>
> The problem is by nature a CDROM is Read-Only and thus can't be updated
easily. Thus, its
> signature would go out of date rather rapidly.
>
> --
> Dave
> http://www.claymania.com/removal-trojan-adware.html
> Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp
>
>

From: "Will" <westes-usc@noemail.nospam>

| A well-made product of the kind I am describing contains a program to create
| that boot CD on demand, from the latest updates.

| It's the same model that ERD Commander uses to build new recovery boot CDs,
| installing different sets of device drivers on each build.

| If you have a suspect computer, you would go to the "safe" computer,
| download the latest virus files, then build a new boot CD and use it the
| same day to do your inspection of the infected computer.

| --
| Will

That's true. I explain such a concept in using a surrugate PC to download updates for my
Multi AV Scanning tool and transferring the Multi AV to a thumb drive (or media,
preferrably Read/Write media) and then to an infected PC and boot from a DOS Disk or a DOS
disk with NTFS4DOS.


Download MULTI_AV.EXE from the URL --
http://www.pctipp.ch/ds/28400/28470/Multi_AV.exe

http://www.pctipp.ch/downloads/dl/35905.asp

English:
http://www.raymond.cc/blog/archives/...irus-for-free/


--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp

"David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in message
news:uf$ZZBV3IHA.2064@TK2MSFTNGP02.phx.gbl...
> From: "Will" <westes-usc@noemail.nospam>
>
> | A well-made product of the kind I am describing contains a program to
> create
> | that boot CD on demand, from the latest updates.
>
> | It's the same model that ERD Commander uses to build new recovery boot
> CDs,
> | installing different sets of device drivers on each build.
>
> | If you have a suspect computer, you would go to the "safe" computer,
> | download the latest virus files, then build a new boot CD and use it the
> | same day to do your inspection of the infected computer.
>
> | --
> | Will
>
> That's true. I explain such a concept in using a surrugate PC to download
> updates for my
> Multi AV Scanning tool and transferring the Multi AV to a thumb drive (or
> media,
> preferrably Read/Write media) and then to an infected PC and boot from a
> DOS Disk or a DOS
> disk with NTFS4DOS.
>
>
> Download MULTI_AV.EXE from the URL --
> http://www.pctipp.ch/ds/28400/28470/Multi_AV.exe
>
> http://www.pctipp.ch/downloads/dl/35905.asp
>
> English:
> http://www.raymond.cc/blog/archives/...irus-for-free/

The idea of combining multiple anti-virus programs to one integrated
environment is nice. You would think someone would have figured out how to
sell that as a subscription service and then send out a new CD every two
weeks and charge for it? I would gladly pay and do not have the time to
put these kinds of packages together and then constantly update them.

--
Will

That's great stuff. We have a winner. Thanks!

--
Will

"David B." <mail@nomail.net> wrote in message
news:ep8e91Q3IHA.2524@TK2MSFTNGP04.phx.gbl...
> Both Avira and Kaspersky have a free boot CD scanner available.
>
> http://www.free-av.com/en/tools/12/a...ue_system.html
> http://ftp.kaspersky.com/devbuilds/RescueDisk/
>
> --
>
> ----
> Crosspost, do not multipost http://www.blakjak.demon.co.uk/mul_crss.htm
> How to ask a question http://support.microsoft.com/kb/555375
>
>
>
> "Will" <westes-usc@noemail.nospam> wrote in message
> news:P-CdnR39nbGKIvbVnZ2dnUVZ_vednZ2d@giganews.com...
>> Can someone recommend an anti-virus solution that lets you build a boot
>> CD
>> that will inspect the NTFS file system for trojans or viruses without any
>> need to boot the OS on the file system you are inspecting?
>>
>> --
>> Will
>>
>>
>