lordpuffer
I Was Very Drunk At The Time
Premium
join:2004-09-19
West Hollywood, CA | reply to Kerodo
Re: The Best Free Antivirus Program?
If I use AOL AVS, does it also download other AOL stuff? I don't want any other AOL stuff on my computer. |
|
Tuneraider
join:2003-05-21
Mckee, KY | lordpuffer,
during the AVS installation uncheck the option to install the security toolbar. You should be good to go then. |
|
jmorlan
Hmm... That's funny.
Premium
join:2001-02-05
Pacifica, CA
 ·Pacific Bell - SBC
| reply to lordpuffer
said by lordpuffer  :If I use AOL AVS, does it also download other AOL stuff? I don't want any other AOL stuff on my computer. I've been using it since September 2006 and have never seen so much as a single ad or email from AOL even though they have my email address. That should not be a worry.
The big advantage of AVS is that it uses KAV definitions and you can configure AVS to check for updates as often as you want. For a while I had mine set to every five minutes which is probably overkill. It has fewer features than the real KAV, but the core is the same and it takes less memory and uses fewer resources than KAV.
One downside to AVS (and KAV) in my opinion is that it defaults to enabling the built-in iSwift technology which adds undocumented NTFS-identifiers to your NTFS indexes. It does this to speed up scanning by skipping files that have already been scanned and cleared. However, there appears to be a side-effect of this technology in that some (many?) systems will experience long pauses during or before stage 2 CHKDSK after these NTFS-identifiers have been added. In some cases CHKDSK may not be able to run to completion.
If you remove KAV or AVS, these NTFS-identifiers remain in your file system and there is no way to remove them except heroic measures such as copying your drive to a backup, removing your data and then copying it back. The NTFS-identifiers are not copied, so that's one way to be rid of them. Unfortunately KAV has been unwilling to acknowledge this issue. In my opinion they need to offer a removal tool for the unwanted NTFS-identifiers, but thus far have turned a deaf ear to this issue.
If you use AVS (or KAV) there is an option to turn iSwift off and I recommend that you do (see above screenshot). However, if you run a scan with it on, you will have those NTFS-identifiers forever and there is no going back. However, if your system was clean to begin with, there's really no need to do an initial scan and you will still get AVS's excellent real-time protection should a parasite get downloaded or try to execute on your system. |
|
lordpuffer
I Was Very Drunk At The Time
Premium
join:2004-09-19
West Hollywood, CA
 ·T-Mobile US
 ·Vonage
 ·RoadRunner Cable
·AT&T Yahoo
| Thanks jmorlan....I downloaded the AOL AVS program and disabled iSwift before I ran a scan. Can you or somebody answer a question that I cannot figure out? How do you set the program to run a scan on it's own like once a week? I couldn't figure that out. Thanks. |
|
jmorlan
Hmm... That's funny.
Premium
join:2001-02-05
Pacifica, CA
·Pacific Bell - SBC
| You can set scheduled scans at the "Run Mode" check box above. Check the box and then click on "change." You can schedule scans daily, weekly, monthly, Wednesdays, whatever you want. There is also a similar setting for scheduling scans of "My Computer" and "Startup Objects." |
|
lordpuffer
I Was Very Drunk At The Time
Premium
join:2004-09-19
West Hollywood, CA | Thanks |
|
hpguru
Curb Your Dogma
Premium
join:2002-04-12 | reply to jmorlan
No issues with iSwift here. Works great.  |
|
dantz
join:2005-05-09
Honolulu, HI
·Hawaiian Telcom
| said by hpguru :No issues with iSwift here. Works great. If you run at least one full scan of Drive C with iSwift enabled then the so-called NTFS identifiers will be permanently added to your filesystem indexes. (Uninstalling KAV or AVS won't remove them). After this happens, try running CHKDSK on Drive C and see if your system experiences a noticeable delay at the beginning of Phase 2 (or "Stage" 2, if you scheduled CHKDSK to run after a reboot). If you are lucky this is all that will happen, but some people experience worse symptoms.
If you have not yet run a full scan of Drive C and you want to try this, I strongly recommend that you save a fresh image before you do so, as the NTFS identifiers are very difficult to remove from the partition containing the OS. In fact, the simplest way to "remove" them is to restore from a previous image. |
|
clocks11
join:2002-05-06
00000 | I wish I read your post about this sooner. I have the dreaded delay now. It will be a long time before I use anything Kaspersky again. |
|
hpguru
Curb Your Dogma
Premium
join:2002-04-12
| reply to dantz
said by dantz :...try running CHKDSK on Drive C and see if your system experiences a noticeable delay at the beginning of Phase 2 (or "Stage" 2, if you scheduled CHKDSK to run after a reboot). If you are lucky this is all that will happen, but some people experience worse symptoms. I just checked. There is indeed a slight delay over what I would expect but nothing serious. I suppose if one makes a habit of watching chkdsk it would seem like it is taking forever but it isn't but just a moment. Besides, when I have occasion to scan my disks, I schedule them, reboot and go do something else for a while.
--
The Gospel of Supply Side Jesus |
|
jmorlan
Hmm... That's funny.
Premium
join:2001-02-05
Pacifica, CA
·Pacific Bell - SBC
| Some people see just a minor delay, others a much longer one. Mine is about 10 minutes at the beginning of Stage 2. Some users have reported not being able to get CHKDSK to run to completion.
For many it is just a minor annoyance, for others it's a deal breaker.
Kaspersky has an excellent reputation, but their unwillingness to acknowledge the problem despite numerous documented cases and complaints is disappointing. ISwift is proprietary technology, so it's not easy for a 3rd party to devise a removal tool. In my opinion, Kaspersky really should step up to the plate and offer a removal tool for those users who are affected by this bug.
In the past they did it for iStreams, why not for iSwift? |
|
StraitShoot
Who Loves Ya Baby? - Theo Kojak
Premium
join:2003-02-08
Clinton, MA
| Well, according to this thread, if you uninstall KIS or KAV 6 the ISwift goes away, but even they in the forum seem to ignore the issue.
I will play around later and let you folks know.. and if it's true, I will uninstall KIS and go with AVG. I've had it with all these "little" surprises the AV companies play. Sometimes it seems the cure is worse than the disease with these guys...
»forum.kaspersky.com/index.php?s=···ry212917
--
"Who Loves Ya Baby?" |
|
clocks11
join:2002-05-06
00000 | I can say I have uninstalled, and still have the delay. I guess it could be something else, but I doubt it. |
|
dantz
join:2005-05-09
Honolulu, HI
·Hawaiian Telcom
1 edit | reply to StraitShoot
said by StraitShoot :Well, according to this thread, if you uninstall KIS or KAV 6 the ISwift goes away, but even they in the forum seem to ignore the issue. Nope, sorry, that doesn't work. You can uninstall KAV and/or delete the several "fidbox" files, but the so-called "NTFS identifiers" that were added to the NTFS indexes will still remain. If you are getting the CHKDSK lag, you will keep on getting it. If CHKDSK crashes after the lag, it will keep on crashing. To the best of my knowledge, the changes that were done to the NTFS filesystem cannot be undone by merely uninstalling the program and/or deleting the fidbox files.
Here's a link to the main thread on the Kaspersky forum that discusses this issue in greater detail (18 pages and counting):
»forum.kaspersky.com/index.php?sh···ic=14995
You can also search the KAV forums for "chkdsk" and find a few other related threads.
My current thinking about the fidbox files is that they are a database containing copies of the NTFS identifiers, the last scanned dates, the virus definition version in effect when each file was scanned, etc. that is used for comparison purposes, i.e. for each file being scanned, the index value of the NTFS identifier is compared to the fidbox data, then KAV decides how to handle that file. I think that each file's NTFS identifier is also updated or appended during the scan. I'm just guessing at this point, but eventually I will figure it out. I'm continuing to research this issue and will post my results on the main thread. |
|
jmorlan
Hmm... That's funny.
Premium
join:2001-02-05
Pacifica, CA
·Pacific Bell - SBC
| dantz , I think your analysis of these mysterious NTFS identifiers is correct. Here is a link that explains about NTFS "object identifiers" and how they work. Essentially an attribute is added to each file which uniquely identifies it.
»msdn2.microsoft.com/en-us/librar···997.aspx
Here is code which will delete object identifiers:
»msdn2.microsoft.com/en-us/librar···559.aspx
What we need is a simple program that will run that last routine on every file on disk and I think we will have the problem solved.
Antaeogo , that's a separate issue. This CHKDSK problem is not caused by NTFS ADS. There were problems with metadata fragmentation, but this is a separate issue. |
|
StraitShoot
Who Loves Ya Baby? - Theo Kojak
Premium
join:2003-02-08
Clinton, MA
| reply to dantz
said by dantz :said by StraitShoot :Well, according to this thread, if you uninstall KIS or KAV 6 the ISwift goes away, but even they in the forum seem to ignore the issue. Nope, sorry, that doesn't work. I played with it and you're correct...
Jim
--
"Who Loves Ya Baby?" |
|
HA Nut
Premium
join:2004-05-13
USA | reply to jmorlan
Interesting discussion about KAV 6. I ran it for nearly a year and wondered why CHKDSK ran so slow in comparison to other PCs. Thankfully, mine never froze... |
|
Mele20
Premium
join:2001-06-05
Hilo, HI
| reply to jmorlan
said by jmorlan :If you use AVS (or KAV) there is an option to turn iSwift off and I recommend that you do (see above screenshot). However, if you run a scan with it on, you will have those NTFS-identifiers forever and there is no going back. However, if your system was clean to begin with, there's really no need to do an initial scan and you will still get AVS's excellent real-time protection should a parasite get downloaded or try to execute on your system. First, I recommend Avira. It causes less problems than any other AV I have used. I did have a problem with the recent addition of the rootkit scanner so I uninstalled it. It's detection is equal to or better than KAV and it can be set to update every hour. It doesn't have bells and whistles like KAV but supposedly is getting some of those this fall (web checker).
As for the Kaspersky chkdsk problems, Lucian is saying that the only way to turn off ISwift for the file checker is to do so in the Registry (and that may not work). Evidently turning off ISwift for the file checker cannot be done from the GUI so apparently it doesn't matter if one is careful to turn it off for the on demand scanner. I never ran a full scan when I had KAV 2006 and the first thing I did was turn off ISwift and Ichecker yet I still had damage to Chkdsk which has remained after removing KAV back in Nov 2006. ISwift cannot be turned off for the file checker in 2007 version either unless it does work to do so in the Registry.
--
"The same ferocity that our founders devoted to protect the freedom and independence of the press is now appropriate for our defense of the freedom of the internet. The stakes are the same: the survival of our Republic". Al Gore, The Assault on Reason |
|
jmorlan
Hmm... That's funny.
Premium
join:2001-02-05
Pacifica, CA
·Pacific Bell - SBC
| I tried to turn iSwift off in the registry, but it wouldn't let me make the change no matter what I did to the permissions. I'm not sure how to turn off self-defence in AVS, but changing those registry values may not work anyway according to this thread. |
|
dantz
join:2005-05-09
Honolulu, HI
·Hawaiian Telcom
| reply to jmorlan
said by jmorlan : dantz , I think your analysis of these mysterious NTFS identifiers is correct. Here is a link that explains about NTFS "object identifiers" and how they work. Essentially an attribute is added to each file which uniquely identifies it. » msdn2.microsoft.com/en-us/librar···997.aspxHere is code which will delete object identifiers: » msdn2.microsoft.com/en-us/librar···559.aspxWhat we need is a simple program that will run that last routine on every file on disk and I think we will have the problem solved. Thanks. I'm not too sure that's the appropriate code, but I'll look into it. My focus is centered in the MFT's extended attributes, particularly $Extend\$ObjID:$O, as this area showed extensive fragmentation immediately after running a KAV filescan. |
|
