Re: [expert] Norton Antivirus and Bloodhound
On Fri, Apr 21, 2000 at 02:49:08PM -0800, Civileme wrote: -> The "local" Alaska Linux Users Group reports that Norton Antivirus and -> Bloodhound, Norton's newer "heuristic" virus hunter, is claiming LILO is -> a boot sector virus in newly installed dual-boot systems. Clearly a complaint to Norton is in order. -> -> So, for their next installfest, they will be recommending the McAfee -> virus scanner for linux that is there to protect windows. I have had problems with McAfee rendering W95 unstable (OK, more so than usual). You might look at fsecure instead. -- -- C^2 No windows were crashed in the making of this email. Looking for fine software and/or web pages? http://w3.trib.com/~ccurley
Re: [expert] Norton Antivirus and Bloodhound
This seems to be an old problem I have encountered with several different virus checkers: When you install them, they take a copy or checksum the mbr and boot sectors. Each time they boot they compare the current mbr/boot sectors to the copy/checksum, and yell "VIRUS" if anything has changed. Installing LILO, of course, changes the mbr, hence these virus checkers calling it a virus! Usually, it is simply a case of telling the checker to update its copy/checksum, and all is well from then on. Hardly a reason to reccomend against an otherwise good viruschecker! (although I am not recommending Norton as a good virus checker - we use it at work & I have other reasons why I would not recommend it!) Trevor On Sat, 22 Apr 2000, you wrote: > The "local" Alaska Linux Users Group reports that Norton Antivirus and > Bloodhound, Norton's newer "heuristic" virus hunter, is claiming LILO is > a boot sector virus in newly installed dual-boot systems. > > So, for their next installfest, they will be recommending the McAfee > virus scanner for linux that is there to protect windows. > > Civileme > > -- > Beta-Testing Netscape 6 Mailer
Re: [expert] Norton Antivirus and Bloodhound
It's not that NAV (Bloodhound is a component of NAV) can't understand the boot sector. It's that NAV is seeing that the boot sector has changed, and is telling the user. Changing the boot sector is EXACTLY what many viruses do, so this is EXACTLY what you want NAV to do, in most cases. You can turn this functionality off. The reason McAfee doesn't do the same thing is that it doesn't scan the boot sector like NAV. In other words, it doesn't do as good a job. Russ Mike Corbeil wrote: > Civileme wrote: > > > The "local" Alaska Linux Users Group reports that Norton Antivirus and > > Bloodhound, Norton's newer "heuristic" virus hunter, is claiming LILO is > > a boot sector virus in newly installed dual-boot systems. > > I think NAV has been doing this for several years. I don't think that NAV > actually thinks LILO is a virus, but instead merely sees the mbr is not as > it would be on a system with only MS OSs installed, that is, NAV is merely > warning the user of something it doesn't understand and therefore can't > properly interpret for the user. > > With the increasing popularity and use of Linux on dual-boot systems, > though, NAV or BH should definitely allow for other boot managers being > installed in the mbr. > > It's good to know that someone's on the ball though - McAfee. > > mike > > > > > > > So, for their next installfest, they will be recommending the McAfee > > virus scanner for linux that is there to protect windows. > > > > Civileme > > > > -- > > Beta-Testing Netscape 6 Mailer
Re: [expert] Norton Antivirus and Bloodhound
On Sun, 23 Apr 2000, you wrote: > Andrew George wrote: > > > Does Bloodhound have an inoculate option? > > Every time I do something to LILO Nortens tells me the boot sector has changed, > > and asks me if it was intentional or not, then gives me the options of > > inoculate or repair > > Check to see if one of the options in Bloodhound is automatically fix or warn > > > > I don't think you want to inoculate, if this causes actual changes. If it merely > means to always ignore this mbr change in the future, then inoculate sounds like a > good idea. If it causes the mbr to be altered in any way, since inoculation > typically means to inject something to cause the inoculation to happen, then don't > inoculate, or at the very least create a boot floppy for your Linux configuration, > first. > > It would be safer to make sure you have a good boot floppy for the Linux > configuration, first, in any case. > > mike Yep, actually the inoculate option in Nortens means replace the image of the MBR that Nortans checks against with a current image of the MBR Repair means replace the MBR with the image Nortans already has > > > > Just a thought > > Andrew > > > > On Sat, 22 Apr 2000, you wrote: > > > The "local" Alaska Linux Users Group reports that Norton Antivirus and > > > Bloodhound, Norton's newer "heuristic" virus hunter, is claiming LILO is > > > a boot sector virus in newly installed dual-boot systems. > > > > > > So, for their next installfest, they will be recommending the McAfee > > > virus scanner for linux that is there to protect windows. > > > > > > Civileme > > > > > > -- > > > Beta-Testing Netscape 6 Mailer
Re: [expert] Norton Antivirus and Bloodhound
Civileme wrote: > The "local" Alaska Linux Users Group reports that Norton Antivirus and > Bloodhound, Norton's newer "heuristic" virus hunter, is claiming LILO is > a boot sector virus in newly installed dual-boot systems. I think NAV has been doing this for several years. I don't think that NAV actually thinks LILO is a virus, but instead merely sees the mbr is not as it would be on a system with only MS OSs installed, that is, NAV is merely warning the user of something it doesn't understand and therefore can't properly interpret for the user. With the increasing popularity and use of Linux on dual-boot systems, though, NAV or BH should definitely allow for other boot managers being installed in the mbr. It's good to know that someone's on the ball though - McAfee. mike > > > So, for their next installfest, they will be recommending the McAfee > virus scanner for linux that is there to protect windows. > > Civileme > > -- > Beta-Testing Netscape 6 Mailer
Re: [expert] Norton Antivirus and Bloodhound
Andrew George wrote: > Does Bloodhound have an inoculate option? > Every time I do something to LILO Nortens tells me the boot sector has changed, > and asks me if it was intentional or not, then gives me the options of > inoculate or repair > Check to see if one of the options in Bloodhound is automatically fix or warn > I don't think you want to inoculate, if this causes actual changes. If it merely means to always ignore this mbr change in the future, then inoculate sounds like a good idea. If it causes the mbr to be altered in any way, since inoculation typically means to inject something to cause the inoculation to happen, then don't inoculate, or at the very least create a boot floppy for your Linux configuration, first. It would be safer to make sure you have a good boot floppy for the Linux configuration, first, in any case. mike > Just a thought > Andrew > > On Sat, 22 Apr 2000, you wrote: > > The "local" Alaska Linux Users Group reports that Norton Antivirus and > > Bloodhound, Norton's newer "heuristic" virus hunter, is claiming LILO is > > a boot sector virus in newly installed dual-boot systems. > > > > So, for their next installfest, they will be recommending the McAfee > > virus scanner for linux that is there to protect windows. > > > > Civileme > > > > -- > > Beta-Testing Netscape 6 Mailer
Re: [expert] Norton Antivirus and Bloodhound
Does Bloodhound have an inoculate option? Every time I do something to LILO Nortens tells me the boot sector has changed, and asks me if it was intentional or not, then gives me the options of inoculate or repair Check to see if one of the options in Bloodhound is automatically fix or warn Just a thought Andrew On Sat, 22 Apr 2000, you wrote: > The "local" Alaska Linux Users Group reports that Norton Antivirus and > Bloodhound, Norton's newer "heuristic" virus hunter, is claiming LILO is > a boot sector virus in newly installed dual-boot systems. > > So, for their next installfest, they will be recommending the McAfee > virus scanner for linux that is there to protect windows. > > Civileme > > -- > Beta-Testing Netscape 6 Mailer
