Myths about Dr.Web Anti-virus
The quantity and variety of myths found on the Internet about Dr.Web Anti-virus never cease to amaze our company. We decided to collect all of the myths we could find and ask that you send us any myths you find, too!
|Myths about the degree of protection offered by Dr.Web||Myths about SpIDer Mail|
|Myths about updates and Dr.Web virus databases||Know a myth about Dr.Web? Write about it!|
Other anti-virus programs can find viruses on computers that have already been scanned by Dr.Web Anti-virus.
To explain why this could happen, one must understand what type of code Dr.Web considers to be a virus. By “viruses” the developers of Dr.Web mean only runnable (operable) computer codes, i.e. those that may damage a computer. Damaged, non-operable codes are not included in Dr.Web’s virus database, but such codes are often included in other anti-virus vendors’ virus databases. Our goal is not to supplement our virus database with non-working signatures (virus entries) that only make it bigger, but give no real protection to users. Moreover there is no need to frighten users unnecessarily with virus-alert messages. If the code cannot be run, it is not a virus, nor a Trojan horse, nor anything at all. As it poses no harm, it is, as a rule, not included in the Dr.Web virus database.
Files that are suspected of being infected can be sent for analysis to the Dr.Web Anti-virus Laboratory.
SpIDer Guard does not operate in Core Duo processors and Hyper-Threading technology by Intel.
This is false. SpIDer Guard operates perfectly well in all Windows-based systems — 95/98/Me/NT4/2000/XP/2003/2003 R2, including those with Core Duo processors and processors with Hyper-Threading technology.
Dr.Web cannot be installed on notebooks, as it consumes too many notebook resources.
Notebooks are just like desktop computers, but they have less operating memory and less powerful processors. That is why people often think that an anti-virus hinders a notebook's performance much more than a desktop computer's. Another feature of all notebooks is the slow reading of information from hard drives. This is their weak point. Consequently the scanning of hard drives by an anti-virus takes a little more time, which is completely natural.
Dr.Web's GUI has not changed since Dr.Web’s inception.
The attractiveness of an interface is not top priority when it comes to anti-viruses! The anti-virus’ main job is to detect malware and cure computers from viruses. For example, take console scanners. They do not have any GUI at all, but they protect computers just as well as the GUI scanner does.
Dr.Web Anti-virus does not check critical parts of the system and startup files.
This is a myth. The Dr.Web scanner and SpIDer Guard (XP and Me) scan boot sectors of drives, as well as startup files and cure them, if necessary.
There is a myth that Dr.Web Anti-virus "knows" small number of archives and that is why the level of its protection is not sufficient.
This is a myth. Dr.Web knows many types of archives. At present they are:
ZIP, 7ZIP, ARJ, RAR, LHA, HA, GZIP, TAR, BZIP2, MS CAB, WISE, MSI, (ISO, CPIO, RPM, DEB release is coming soon - follow news!). Their quantity is constantly increasing. Besides, Dr.Web Anti-virus knows many packers, some of them are supported now by Dr.Web Anti-virus only! Here is the list of just some of them.
Dr.Web Anti-virus is not reliable enough since it does not cure viruses in archives.
Each anti-virus program has its own unique concept of building anti-virus protection. Dr.Web does not cure viruses in archives, but this does not decrease the level of protection it provides compared to similar programs on the market. Dr.Web perfectly detects viruses in archives and, with SpIDer Guard constantly enabled, such viruses have no chance of getting outside the infected archive to infect a system. Moreover it’s unlikely that any anti-virus can boast that it cures all of the viruses it detects in an infected archive! To "cure” archives one must not just cure (or remove) the infected file inside the archive, one must repack the archive to make its contents accessible again to the user. In most cases such repacking is impossible without licenses to the archiving algorithm. If an anti-virus developer claims to be able to cure archives, ask to see all of his licenses!
There is no option in the Dr.Web Anti-virus to specify the part of the drive to be controlled by the anti-virus which would speed up the anti-virus’ operation.
Dr.Web Anti-virus developers believe that such functionality is a potential vulnerability and that the idea of such "selective or partial" protection is harmful, as users are offered protection of a part instead of the whole system. Potentially a virus can infect any part of the drive. We are not prepared to increase the speed of the anti-virus’ operation at the expense of a critical decrease in protection.
Dr.Web Anti-virus has no option to set several scanning tasks to occur at the same time.
This is false. One can run several GUI scanners simultaneously and scan several partitions of the hard drive simultaneously. This will result in a considerable increase of scan time.
There is no option in Dr.Web Anti-virus to temporarily interrupt scanning.
This is false. Scanning can be interrupted in the GUI scanner.
Monitoring cannot be suspended in Dr.Web Anti-virus while resource-consuming applications are running.
This is a myth. In SpIDer Guard XP, SpIDer Guard Me, and SpIDer Mail, monitoring can be suspended. In SpIDer Guard XP this option is enabled by default. In other modules the INI file should be configured accordingly.
Dr.Web Anti-virus works so fast because it does not "recognize" macro viruses in MS Office documents and, therefore, does not check such documents.
This is a myth. Dr.Web has long recognized macro viruses in all MS Office document formats. In addition, there are certain algorithms in Dr.Web’s heuristic analyzer that help detect new macro viruses.
Dr.Web Anti-virus does not have an option to specify actions for all types of threats.
This is false, there are such setting options for each type of malware:
- curable viruses;
- incurable viruses;
- joke programs;
- hacker tools.
Dr.Web Anti-virus cannot be installed on a machine that is already infected.
This is a myth. This has always been possible and is possible today. Dr.Web’s high virus resistance distinguishes it from all similar programs on the market. Moreover Dr.Web can be run without installing it on a system, directly from any removable media (i.e. from a compact disk or USB stick).
Prior to installing the anti-virus, the system scanning function in Dr.Web Anti-virus does not guarantee that the program can be installed on a machine that is already infected.
This is not true. In a system that is already infected, most viruses can be disinfected by Dr.Web during scanning of memory and startup files during the installation. Additionally, before scanning (during the installation procedure), the virus databases can be updated; this is part of the installation routine. Thus, while installing Dr.Web Anti-virus, the user gets the latest available virus database add-ons, rather than those burned onto a CD for distribution.
In Dr.Web Anti-virus there is no option for specifying exclusions for scanned applications.
This is false. Any file or directory can be excluded from scanning in any components of Dr.Web.
Dr.Web Anti-virus does not have a behavior blocker.
This is partially true. Part of what could be called a behavior blocker in Dr.Web Anti-virus are the virus activity control functions in SpIDer Mail and SpIDer Guard Me.
In addition, Dr.Web’s powerful heuristic analyzer is constantly being perfected and is refined with almost every add-on.
There is a myth that Dr.Web Anti-virus must have a firewall because some other av-vendors deliver firewalls too.
Firewall and antivirus – are programs of very different nature. A simple example. You will hardly ask a director of a tank plant why they do not manufacture warships, though both are means of war. Anti-virus performs its definite functions, analyzes objects on the drive and in the computer memory. Firewall analyzes packages transferred on the network. None of anti-virus programs contains a firewall, though one can find a firewall in the box with anti-virus of the same developer, but it does not mean this firewall is inbuilt into the anti-virus.
Some vendors offer firewalls together with anti-virus for better protection but firewall is not an obligatory components of the anti-virus. Anti-viruses, fiewalls and anti-spyware programs are absolutely different types of data security programs.
Dr.Web Anti-virus is a resource-consuming program.
This is a myth. Dr.Web is one of the most undemanding anti-virus products when it comes to using computer resources.
In addition, the program has special setting options that can save even more computer resources, but at the expense of the user’s security. Any gain in speed and savings in resources come at the expense of the protection level. In comparison with similar products, Dr.Web’s huge advantage is that it has options for very fine tuning.
We often read different comparative reviews on many IT-related media. Sometimes they present Dr.Web as being the most resource-consuming anti-virus, while other products are represented as being just the opposite. This is a simple deception since any anti-virus can be presented as being either extremely voracious or extremely undemanding with regards to computer resources. Everything depends on at what point during testing the measurement was made. To objectively measure the resource use of anti-viruses, the conditions must all be the same--for example when checking a large archive. But this is very seldom done –one anti-virus (that bought a lot of advertising) is measured during idle moments, while another is measured during the checking of a gigantic archive. Reviews like this give rise to such myths.
There is a myth that Dr.Web Anti-virus does not support Windows 98, Me, NT 4.0
This is a myth. Dr.Web Anti-virus supports all versions of Windows - 95 OSR2 (some AV-vendors have long refused to support them) /98/Me/NT4.0/2000/XP/2003, including server platforms . Besides, Dr.Web supports MS-DOS, PC DOS, OS/2.
Dr.Web Anti-virus does not check archives "on the fly" before the archive is written on the hard drive.
This is a myth. With SpIDer Guard enabled, archives are checked "on the fly," before they are written to the drive; similar checks are made with other objects. But anti-virus developers do not recommend leaving this option continuously enabled.
Dr.Web Anti-virus cannot restore a system after infection.
This is true in situations when system files have been damaged by a virus. But restoring system files is not a function of an anti-virus. For this there are special backup programs and standard system restoration tools built into Windows. Some anti-virus vendors claim that their anti-virus products can restore systems after infection, but only they know what they mean by this.
Dr.Web Anti-virus cannot check messages received via IMAP "on the fly" regardless of which mail client is used.
This is a myth. Since 11.05.2006 Dr.Web checks messages via IMAP/NNTP “on the fly” regardless of mail client type. At present Dr.Web is the only program that correctly processes such mail.
In Dr.Web Anti-virus there is no way to specify a port number in mail traffic scan settings.
This is a myth. A port number can be specified in SpIDer Mail. Experienced users can manually set interception ports through which mail traffic flows. For average users, automatic interception is set by default.
Dr.Web’s virus database is updated only once a week.
This is a myth. A user can check the frequency of "hot" add-on releases on the Dr.Web web site). This myth came about because in addition to “hot” add-ons, Dr.Web releases weekly add-ons. Dr.Web for Windows’ virus databases are configured to update hourly.
Dr.Web Anti-virus’ virus database is the most compact because it “knows” few viruses.
This is false. Dr.Web specialists work very hard to optimize the virus database because a small virus database allows files to be scanned more quickly. This saves time and computer resources. For a more detailed answer as to why a small virus database is a good thing, read here.
Dr.Web’s virus database excludes old viruses which is why it is so compact and the scanning speed is so high.
This is false. We never delete old viruses from the virus database.
Dr.Web Anti-virus does not allow you to schedule database updates.
This is a myth. Dr.Web anti-virus for Windows has its own Scheduler, and Dr.Web Security Space uses the Windows System Scheduler. The Schedulers initiate updates whenever needed.