ClamWin Free Antivirus Forum Index
ClamWin Free Antivirus
Support and Discussion Forums
Reply to topic
What we want for ClamWin 1.0
ROCKNROLLKID


Joined: 23 Sep 2013
Posts: 562
Location: **UNKNOWN**
Reply with quote
Excluding the fact that Clam Sentinel exists, I think many of us can agree to what we want in the new ClamWin. It's been years since the talk of a real-time scanner built into ClamWin, but there are also other things ClamWin is missing.

1. Real-time scan - In order for any anti-virus to be good, it has to be equipped with a real-time scanner to scan new and changed files on your system. It doesn't really need unnecessary scans like web shielding, IM shielding, or script shielding like you see in popular AVs.

2. Heuristic and generic signatures - Almost, if not all, AVs have both now a days. ClamWin just has some minor samples in its database, but would be better equipped with a full engine.

3. Quick scan - As discussed here: http://forums.clamwin.com/viewtopic.php?t=4062

4. Better Quarantine management - Something like what Clan Sentinel currently has for it's sentinel recovery. Allowing you to ignore, remove, restore, or to report as false positive.

5. Pop-up boxes instead of tray notifications - On detected threats, instead of having tray notifications, include pop-up windows allowing you do tell ClamWin what to do once a detected threat is found. Allowing you to quarantine, remove, ignore, or report as false positive.

6. Improve scanning engine - The current scan engine is a bit complicated for average users. Add an option in the settings to ignore permission denied or access denied files that are found. Also, include a way to have more control such as removing and quarantine threats after a scan is complete rather then automatically doing it.

7. Better GUI - Although, not so important, but as an addition to ClamWin, the current GUI makes it feel like windows 98. Not many people like the new metro look seen in windows 8 and 8.1, but at least make it feel like windows 7 or something better.

8. Native 64-bit - Not many AVs have native 64-bit support and ClamWin having native 64-bit support would improve its reputation and help gain more users, at least in my opinion.
View user's profileSend private message
GuitarBob


Joined: 09 Jul 2006
Posts: 4292
Location: USA
Reply with quote
I second your suggestions, RRK; however, we have to face reality. ClamWin uses the Clam AV scanning engine, which was/is designed for use on Linux email servers for on-demand scanning of email attachments before they are passed on to their Windows users. In that environment, there is no need for real-time scanning or a nice GUI menu. Using the Clam AV scan engine enabled/enables the ClamWin developers to quickly port the Clam AV code over to Windows and slap a GUI menu on it. There is no need for them to spend the huge amount of time to develop/maintain a full-fledged antivirus program, which also requires money/personnel/infrastructure to accomplish. This could not be accomplished in a free, open source project like ClamWin. All other free AVs are given to the users by commercial businesses who could not do it if they did not make a profit elsewhere, and most of them also now bundle the free AV with some sort of advertising/tracking toolbar to subsidize the cost. Therefore, I think that all we will see from ClamWin 1.0 is 2 or 3 of the items on your list. ClamWin 1.0 will probably have a better GUI menu, of course, and perhaps some additional user protection. I think that any heuristics will have to come from Clam AV (unlikely, as that would conflict with Sourcefire's (now Cisco's) commercial AV--Immunet or their HIPS--Snort). Clam Sentinel will continue to look at some heuristics, but there will probably not be any significant developments from there either--it took 2 people three months working almost full-time without pay to set up the heuristics, and they no longer have a pipeline to lots of new malware.

You never know, though. Perhaps someone else will take up the banner and carry it a little further!

Regards,
View user's profileSend private message
ROCKNROLLKID


Joined: 23 Sep 2013
Posts: 562
Location: **UNKNOWN**
Reply with quote
I figured it would be like that. Honestly, though, I just suggested these as based off an averaged user's mind. In reality, the ones that should happen are 3, 5, and 8 or at least the ones I see ClamWin doing in the near future. ClamAV's scan engine is native 64-bit already so ClamWin might already have Native 64-bit scanning and detecting, just the GUI isn't finished. I would much rather prefer a pop-up box instead of tray notifications and log files, though. If you do happen to combine ClamWin and Clam Sentinel, that would already knock off 1, 2, 4, and 6. Whatever happens in the future, I am sure ClamWin team knows what they are doing and they will find something that will suit all of our needs without going overboard on themselves.
View user's profileSend private message
daveydoom


Joined: 30 Nov 2008
Posts: 60
Location: Canada
Reply with quote
I like all of those ideas as well. Maybe someday that will all come to pass but it's asking a lot right now. I'd be happy with 2, 3, 4, 6 and then I'd still keep using it in combination with Clam Sentinel Smile .

At work we use ClamWin/Sentinel along with Windows Defender (built in) and MBAM Corporate version and it all seems to work pretty well. We are all running Windows 7 Pro 64 bit with 8 Gig of RAM so we have lots of power. I think it's a better investment to spend the money on MBAM and use a free antivirus solution (ClamWin and Sentinel).
View user's profileSend private message
GuitarBob


Joined: 09 Jul 2006
Posts: 4292
Location: USA
Reply with quote
It is good to know that you are using Clam Sentinel with ClamWin in a business environment. The inclusion of the ability to monitor network drives in the new Sentinel version 1.21 gives some extra prottection for buinesses--not every AV does a good job at that.

Malwarebytes makes a good backup to clean up anything that gets by ClamWin/Clam Sentinel. I have used Malwarebytes for a long time--it let me easily locate/access dropped malware files when I was working signatures for Clam. The company has purchased/developed several other security software programs in the last year or so, including anti-rootkit, anti-exploit, and backup. I hope they will eventually put it all together into a security suite. If they do, it would probably be worth a few dollars to get it. Unfortunately, the Malwarebytes Pro version only detects high-profile malware on access, but their signature database is getting better.

Regards,
View user's profileSend private message
daveydoom


Joined: 30 Nov 2008
Posts: 60
Location: Canada
Reply with quote
With that crazy CryptoLocker and ZeroAccess rootkit MBAM is a must have IMO Smile . I find it's a good combination of software overall.

I'd like to throw in a Smoothwall firewall to replace our current router but since no one else could manage that, it would make the business too dependant on me and I'd like to have time off once in awhile..lol

(EDIT: Sorry to go off topic everyone).

I'm looking forward to ClamWin v1.
View user's profileSend private message
ROCKNROLLKID


Joined: 23 Sep 2013
Posts: 562
Location: **UNKNOWN**
Reply with quote
While you brought that up, is ClamWin capable of detecting rootkits at its current state?

@daveydoom - I use windows firewall along with Peerblock and have been satisfied, plus Peerblock is free and open source, just like ClamWin. You can create a custom rule to allow Peerblock to block all IPs ranging from 0.0.0.0 to 255.255.255.255.
View user's profileSend private message
GuitarBob


Joined: 09 Jul 2006
Posts: 4292
Location: USA
Reply with quote
The Clam AV signatures include detections for identified (high profile) specific rootkit files, but there are no heuristics to detect rootkits for which there is no signature, and there is no cleanup beyond just quarantining the detected file. You hope that the RK has not been executed, but if it is detected, it has probably not yet been executed--otherwise it would be hidden and undetectable by ClamWin. Your best bet for RK prevention is to use Clam Sentinel, which can detect many suspicious files--including rooktkits. The free Malwarebytes Antirootkit that has been in beta for over a year now is pretty good. I run a daily scan with it. It looks like they are intending to eventually use it as a portable Malwarebytes--it does not need to be installed.

I have not heard of Peerblock--will check it out. Thanks.

Regards,
View user's profileSend private message
ROCKNROLLKID


Joined: 23 Sep 2013
Posts: 562
Location: **UNKNOWN**
Reply with quote
Some more suggestions:

9. Remove the scan priority: This feature is useless as most systems have 2GB or more ram and at least a quad core 2.9 GHz. Plus, this feature doesn't not make a difference to system resources.

10. Remove the email notification: Although I never used this feature before, but it seems a bit pointless especially when there are a lot of false positives.

11. Limiting: Please make it where we can have unlimited file scanning and unlimited archive section. Like 0 value means unlimited.

12. Remove the unload infected programs from memory: This should be done automatically and not be an option to users due to misunderstanding. This feature should be included in the scan engine anyways.

I had another suggestion, but at this moment, I don't remember what it was. I will post here once I think of it. Anyways Merry Christmas everyone and happy holidays!
View user's profileSend private message
GuitarBob


Joined: 09 Jul 2006
Posts: 4292
Location: USA
Reply with quote
Addition to the Wish list:

13. Ability in the ClamWin GUI (maybe a Quarantine Browser option) to upload a file to Virus Total for a scanning check and (perhaps) another option to send a file to Clam AV. Virus Total presently is the best place since that offers the best chance that Clam AV will prepare a signature, but maybe Clam AV will be the better option at some point in the future.

14. A "lock-down" or Restart option from the GUI (as a last resort) when malware executes on the user's machine.

Regards,
View user's profileSend private message
ROCKNROLLKID


Joined: 23 Sep 2013
Posts: 562
Location: **UNKNOWN**
Reply with quote
I remembered when I used Avast and even though it went downhill, they did have 1 nice feature for novice users.

15. Automatically decision making of infection and suspicious files: I am not talking about how ClamWin currently automatically quarantines or deletes, I am talking about how Avast has a multi choice option. The first option is what you want t do first, then if that fails, a second option occurs if first fails, then a third option. The default options should be first action quarantine, second option delete, and third option can be ask user or ignore or something. Same goes for suspicious but make them seperate, not combine.

@GuitarBob: I know Comodo had issues with their automatic signatures when they first put theirs up. What they did was had their automatic signatures sent directly to their database and had them all names unclassifiedmalware. Not saying you have to do it that way, but it's something to consider. Also #13 is a good idea.
View user's profileSend private message
GuitarBob


Joined: 09 Jul 2006
Posts: 4292
Location: USA
Reply with quote
The Clam AV detections and the signature development/correction process are strictly the reponsibility of Clam AV. If the ClamWin developers got into that area, whatever they did would be subject to future Clam AV developments, so it's probably a good decision to leave that processs alone. It was a good idea to develop the ClamWin Quarantine Browser, which did not really intrude upon the process, and it was several years ahead of Clam AV's recent use of valid Microsoft digital signatures to prevent false positives on important files.

16. An option in the ClamWin GUI to do a quick/fast/minimal scan (perhaps memory/autostart) in the background after each signature update. Since ClamWin is not by itself a resident/real-time scanner, this might detect some malware quicker than waiting for a scheduled scan.

17. A recommended set of basic extensions to scan rather than defaulting to every extension (at present). Some/many users might not want to develop their own extensions. If Clam Sentinel is used, it looks at about 130 extensions anyway, which is a pretty full set, so an option to use a basic set of extensions for ClamWin in that case is logical, and it might save some scan time even without Clam Sentinel. It has been my experience that malware uses no more than about 40 extensions 95% of the time.

18. Number 17 above points out the need to coordinate with Clam Sentinel to get good user protection--regardless of development philosophy/programming language. The users deserve it.

19. Let's face it--it's certainly time for ClamWin to drop support for Windows 98 and similar platforms. This will prevent future development headaches and perhaps free up some needed development time.

Regards,
View user's profileSend private message
ROCKNROLLKID


Joined: 23 Sep 2013
Posts: 562
Location: **UNKNOWN**
Reply with quote
In addition to your #17 and #19:

20. Include a manual insert of extenstions for advanced users with default extenstions of common infected extentions for novice users. Extenstion cap can be 150 or 200.

21. If windows 98 and 2000 drop, then drop support for everything under v.9.8. V.9.8 can still have support for old users with old systems.

Thank you for helping me come up with ideas GuitarBob. As you said, a good AV is nothing without its users help. By the way, it wouldn't let me post here for a while.
View user's profileSend private message
GuitarBob


Joined: 09 Jul 2006
Posts: 4292
Location: USA
Reply with quote
I sometimes have trouble getting a long post through myself. I need to make mine shorter anyway!

I guess the ClamWin developers have plenty of suggestions. Let's see what they come up with. I expect to stick with ClamWin no matter what--I've tried just about every major AV/antimalware out there, and I don't like any of them except Malwarebytes.

Thanks for your suggestions, and thanks for using ClamWin.

Regards,
View user's profileSend private message
ROCKNROLLKID


Joined: 23 Sep 2013
Posts: 562
Location: **UNKNOWN**
Reply with quote
Is there going to be some kind of private alpha or beta testing for 1.0? If so, where do I sign up to help test?
View user's profileSend private message
What we want for ClamWin 1.0
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
All times are GMT  
Page 1 of 3  

  
  
 Reply to topic