[27509] in resnet
Re: Switching to Security Essentials
daemon@ATHENA.MIT.EDU (Derek Buchanan)
Thu Mar 29 09:18:52 2012
MIME-Version: 1.0
Content-Type: text/plain; charset=windows-1252
Content-Transfer-Encoding: 8bit
Message-ID: <CA+jTDn-g2T=oQXbJGjMhSmiB=6nb_bu_Rfbs-gWwDGcBZ2ShqQ@mail.gmail.com>
Date: Thu, 29 Mar 2012 09:18:34 -0400
Reply-To: Resnet Forum <RESNET-L@listserv.nd.edu>
From: Derek Buchanan <buchands@gmail.com>
To: RESNET-L@listserv.nd.edu
In-Reply-To: <LISTSERV%201203271700285150.FD9F@LISTSERV.ND.EDU>
After my offer to send my findings on ClamXav and Comodo for the mac,
I have gotten numerous responses personally and a few on the resnet
list asking me to send it. So I have paired it down to the minimum
(no intro, etc.) and am posting the information here. I hope this is
a help to those hoping to avoid some future pitfalls.
Derek
Mary Baldwin College
IT
Bottom Line ClamXav:
ClamXav is a freeware port which includes a graphical user interfaces
and has a "sentry" service which can watch for changes or new files in
many cases. There is also an update and scanning scheduler through a
cron job facilitated by the graphical interface. ClamXav can detect
malware specific to Mac OS X, Unix, or Windows.
ClamXav has no realtime protection like the PC. You start the ClamXav
from the Applications folder to run it, otherwise you can use the
ClamXav sentry can be set to run on startup and check folders for
changes. (obvious folder for this would be the home directory of the
user) You Use ClamXav Sentry to monitor your hard drive and scan new
files as they arrive. The program runs from the login items section.
The uninstaller will remove the engine and any schedules you've got
set up. All that's left is to drag ClamXav.app to the trash.
Scanning the entire hard disk has issues with scanning the whole hard
disk when it hits symbolic links. There are specific directions below
to perform a hard disk scan.
Hard Drive Scan
If you attempt to start a scan with nothing highlighted in the source
list, you will be presented with an open-file dialog box, prompting
you to choose what to scan. In this window, open your hard drive but
don't click "OK" yet. What you have to do is hold down the command key
(the one with the Apple symbol) and then select everything you see in
there. Then click "OK" and continue as normal.
Bottom Line Comodo:
Comodo does put in an auto-startup engine by default that provides
real-time protection. (CAV taskbar icon and CAV dock icon) You can
run scans on any file or folder by simply dragging it onto the CAV
dock icon. It would appear that that Comodo is being started up
automatically from the Application folder? The startup is not in
Login Items, /Library/StartupItems, or System/Library/StartupItems.
The only other place I can think is that it is using the
/etc/sbin/SystemStarter to execute a shell script. To Uninstall you
use the Comodo Antivirus App in /Applications/Comodo.
Comodo appears to only monitor for known threats to Macs and does not
detect Windows threats so it will not pick up on malware/virus that
does not execute on the Mac. It is true that you could have malware
for windows malware sitting in a flashdisk and it won't work on a mac.
The flash drive could be plugged into a PC and put the PC at risk but
Comodo seems to only be worried about the Mac since it is Mac
antivirus.
By default the Stateful File Inspection for real time virus scanning
works to minimize the effects of on-access scanning on the system
performance. Selecting the ‘Stateful’ option means CAV scans only
files that have not been scanned since the last virus update - greatly
improving the speed, relevancy and effectiveness of the scanning.
Comodo Antivirus has two pre-defined scan profiles - 'My Computer'
and 'Critical Areas'. These cannot be edited or removed. They are:
My Computer (Default) - When this Profile is selected, Comodo
Antivirus scans every local drive, folder and file on your system.
Critical Areas - When this profile is selected, Comodo Antivirus
runs a targeted scan of important operating system files and folders.
___________________________________________________
You are subscribed to the ResNet-L mailing list.
To subscribe, unsubscribe or search the archives,
go to http://LISTSERV.ND.EDU/archives/resnet-l.html
___________________________________________________
