Justakiwi
Premium
join:2004-11-24
New Zealand
clubs:
|  Etrust InoculateIT
Anybody have any experience with Etrust InoculateIT Workgroup/Advanced Edition 6.0 by any remote chance?
A friend transfered her licence for InoculateIT 6 to me (with CA's approval) several years ago, which subsequently became Etrust InoculateIT. I haven't been using it for a couple of years but my current AV is due to expire and I can't afford to renew, so I'm thinking about going back to this one. Does anyone know if it's compatible with XP Home? CA's support system is a pita if you're not a corporate customer and I can't seem to find the answers I need on their website.
TIA to anyone who can help!
--
"You are never given a dream without also being given the power to make it true" ~ Richard Bach |
|
prana
join:2005-03-22
Australia
2 edits | we were using Inoculate on eTrust 6 for a long time on XP Pro, so I assume it should be okay.
Why not use something free, like Kapersky ? Just a suggest. |
|
HA Nut
Premium
join:2004-05-13
USA
| reply to Justakiwi
IMO, eTrust A/V is pretty decent protection. BUT, version 6 is outdated. I'm not even sure it would update (I'm guessing it will but that's purely a guess.) Current eTrust version 7.1 now has 2 virus scanning engines bundled with it. I have even heard rumours that Microsoft itself uses eTrust. No idea if it's true...)
(BTW, don't confuse eTrust with Computer Associates EZ Antivirus. eTrust is the version aimed at commercial users.) |
|
prana
join:2005-03-22
Australia
| its true. CA bought out VET. Now VET is badly supported and neglected to death, signatures are released hours to days after a signature is released for Inocculate. Wasnt like this before CA bought over VET, when sorted out many of theri problems from the past in their Melbourne office.
Very sad to see |
|
Justakiwi
Premium
join:2004-11-24
New Zealand
clubs:
| reply to prana
said by prana  :we were using Inoculate on eTrust 6 for a long time on XP Pro, so I assume it should be okay. I wouldnt trust my system on it though. Any particular reason why you wouldn't trust it?
Was this Etrust InoculateIT Workgroup/Advanced Edition or just the Etrust Antivirus? I think there's a difference.
--
"You are never given a dream without also being given the power to make it true" ~ Richard Bach |
|
prana
join:2005-03-22
Australia
| one example you asked 
Check release dates for generic detection for GDI+ vulnerability for McAfee, Symantec, TrendMicro, then check when CA released their version of generic signature.
Want another one ? |
|
Justakiwi
Premium
join:2004-11-24
New Zealand
clubs:
| said by prana :one example you asked Check release dates for generic detection for GDI+ vulnerability for McAfee, Symantec, TrendMicro, then check when CA released their version of generic signature. Want another one ? Yes please 
Actually I am interested in hearing your opinion, assuming we are talking the same AV product here (The edition I'm talking about here is a commercial version even though I am using it on a home computer)
Frequency of updates is important, but for me personally it is not my main criteria for choosing an AV. If there are any other "problems" with this product that you experienced I'd be keen to hear them.
--
"You are never given a dream without also being given the power to make it true" ~ Richard Bach |
|
prana
join:2005-03-22
Australia
3 edits | Yes it is the corporate edition I am referring to, you should also check out the trend of signatures releases between today and 6 months ago for their new engine, and compare the difference. VET used to be first almost everytime. Then came the transition period, VET has a signature before InocculateIT, but it is always 'under testing' for days at end.
ok here is another one, as promised
If a malware changes their magic numbers to another, the malware technically has changed in terms of binary. However, the code section of actual malware code is in the executable section of the binary (barring obfuscation techniques) rather than in the read only header, especially the magic byte.
When quized, eTrust engineers refused to create a fix, allowing detection to be bypassed. eTrust engineers came out on the open forum beating down the founder of the engine bypass weakness, saying he is just trying to get attention (which researcher isn't ? actually I agree but that is besides the point)
Workaround - use 'Reviewer' mode rather than 'secure' mode. Reviewer mode scans exhaustively, and rather slowly, every binary file regardless of the magic bytes, into the code section to reveal malicious binaries.
What do you have then is
. Should default to reviewer mode
. If a thousand new magic byte headers are released for the same malware, then a thousand new signatures are required for secure mode, but only one is required for reviewer mode.
Other vendors are fixing or have fixed this issue without fuss. Why not CA ? Perhaps its just me and my personal opinion, but I dont want to say anymore before I bend the rules of the forum or trade ...
for your reference
»www3.ca.com/securityadvisor/viru···id=47884
tests results »www.securityelf.org/updmagic.html
Kapersky response »www.kaspersky.com/technews?id=173127139
TM response »lists.grok.org.uk/pipermail/full···238.html |
|
Justakiwi
Premium
join:2004-11-24
New Zealand
clubs:
| Interesting ... thanks for your input.
Out of interest, did you run Etrust with the VET engine or the InoculateIT engine? I never did figure out how the heck one is supposed to know which option to use.
--
"You are never given a dream without also being given the power to make it true" ~ Richard Bach |
|
HA Nut
Premium
join:2004-05-13
USA | We run eTrust 7 on our server and we chose InoculateIT for the real-time scanner and Vet for the manual scans we do every other day... |
|
