Frequiently Asked Questions (F.A.Q.)
-
What is the role of ADinf32 in providing antivirus protection? Quite often, the term "antivirus program" is used to refer to only one class of antivirus software, antivirus scanners. Scanners can identify thousands of known viruses. Many of modern scanners are equipped with heuristic analyzers that can detect - with certain probability, sometimes relying on indirect evidence - unknown viruses.
There are also other classes of antivirus software. Although simple and intuitive in use, scanners alone cannot secure your system against viral attacks. For more efficient and reliable protection, you will have to integrate different antivirus programs into a single suite. Why? Let's try to understand.
- Firstly, scanners are slow and this is the most obvious disadvantage that prevents their daily use. When scanning a file, a modern scanner has to emulate CPU commands in order to be able to detect polymorphic viruses -- and this is a time-consuming process. Scanning large disks may take several hours. Memory-resident scanners also adversely affect overall system performance.
- Secondly, you have to update scanners regularly. Only the latest version of a scanner -- with its databases that contain the signatures of recently detected viruses -- can provide an adequate protection. If not updated for a mere couple of weeks, a scanner is considered out-of-date.
Antivirus integrity checkers are free from these drawbacks. For instance, ADinf32 can complete disk scan in just a few minutes and doesn't require frequent updates. And it is still able to detect both known and unknown viruses.
However, integrity checkers alone cannot provide an absolute protection either, since they are not designed to check new files. The best approach is to use both a scanner and integrity checker. You'll still have to update the scanner's databases, but this won't be such a critical issue anymore since any unknown viruses will be reliably detected by the integrity checker.
ADinf32 supports interface to antivirus scanners, in particular, DrWeb, Kaspesky AV, and McAfee VirusScan. If a file was checked by a scanner and hasn't changed since, there's no point in checking it with the scanner again. So, ADinf32 can create a list of new, changed, renamed, and moved files, i.e. files that do require an antivirus check. Then it can launch a scanner and pass the list to it. This technique can help you considerably reduce overall scan time and organize real daily antivirus checks in your system. ADinf32 became a real user of your scanner.
You will find ADinf32 useful for other purposes, too. It can help you streamline the maintenance of your disks, find files that have been lost accidentally, analyze the results of system failures, check the integrity of your data (say, databases, archives, or documents), etc.You will find ADinf32 useful for other purposes, too. It can help you streamline the maintenance of your disks, find files that have been lost accidentally, analyze the results of system failures, check the integrity of your data (say, databases, archives, or documents), etc.
-
Can ADinf32 fail to notice a virus? This is a common question, and there is only one answer to it. Unfortunately, there is no panacea against PC virus infection, nor can there be ever one. ADinf32 seems to be the best virus detector today. But bear in mind its capabilities and limitations. Let us examine the situations where ADinf32 may keep quite.
- First, if you have installed ADinf32 on an already infected machine, it will not notice any virus, because it detects viruses through the changes in file information. And in our case there are no changes in file information and so it does not alert you. If the virus is hiding its presence, i.e., you have a stealth virus in the machine; ADinf32 will certainly detect it, if you run under the STEALTH SEARCH mode. This is a very useful mode and run ADinf32 from time to time under this mode.
- Second, ADinf32 may fail to notice the viruses tailored specifically to infect a file only at the time of creation. If they are additionally hiding themselves, you may trap them, running ADinf32 in STEALTH SEARCH mode. If they are NOT hiding their presence, you can easily detect them with your naked eyes. For example, suppose you are copying a file from drive A to drive C and you notice that the source file has a different size than the target file. You can easily detect such infectors, running ADinf32 as follows: write a batch file (call it TRAP) which copies several executable files, say, to your another drive and then copies them back from the drive to the source drive. Run the TRAP batch file before turning off your computer. When you start the computer next time, ADinf32 will report about such viruses, if any. For greater reliability, you better include files to be copied in STABLE FILES list.
- Third, ADinf32 permits to toggle off many checks. If you, for example, have toggled off check of boot sector of drive C or you have deleted COM or EXE from extension list for control, you may not notice virus-inducted changes.
- Finally, because of its beneficent policy aggressive strategy and ingenious tactics ADinf32 irritates to virus designers. One fine day it is not excepted that you may find a new virus specially tailored to dodge the ADinf32 in your machine. Today there are several viruses which try to delete files with a name begining with "ADIN". What will these evil-mongers do further, God alone knows.
-
How to choose CRC type for checking your files? ADinf32 allows you to choose several methods to monitor your files:
- don't check CRC, check file size only;
- check "fast" CRC;
- check CRC16 or CRC32;
- check CRC48. This method combines the file check algorithms used in CRC16 and CRC32;
- check LAN64. This method employs a special 64-bit hash function and is available in ADinf32 Pro only;
- check changes in macros of Microsoft Word documents (.DOC, .DOT files) and Excel spreadsheets (.XLS, .XLT and other files).
"Fast" CRCs are calculated for executable files with a well-known internal structure, such as COM, MZ (MS-DOS), NE (Windows 3.xx), PE (Windows 95/98/NT) and LE (VxD). Thus, fast CRCs are only recommended for files with the following extensions: COM, EXE, DLL, DRV, VXD, and 386. Fast CRCs are calculated over certain portions of a file, which provides a faster (but still reliable) check. Naturally, changes to certain segments of the file (that wouldn't be normally made by a virus) may remain unnoticed.
CRC16, CRC32 and CRC48 provide reliable detection of both virus infection and accidental modification of a file (that, for instance, may result from a disk write error). The longer CRC is, the higher reliability it provides.
LAN64, a specialized hash function, is intended for particularly valuable files whose safety is your top priority. Naturally, this CRC ensures a highly reliable detection of accidental errors. Furthermore, it makes impossible to covertly modify your data. You can read more about LAN64 hash function below in ADinf32 Pro answer.
And the last CRC, "Macro", is specifically intended to detect macro-viruses. If .DOC, .DOT, .XLT and .XLS files are controlled by this CRC, ADinf32 ignores any changes made to the text of a document. However, modification of macros (an infecting technique used by macro-viruses) is immediately detected.
-
How to configure the check level? ADinf32 offers substantially enhanced check levels. You can exclude from check not only folders, but individual files too. Check levels can be changed interactively while viewing scan results, with the dynamic update of the results without re-scanning your system.
-
Can ADinf32 control network drives? Unfortunately, you can't. ADinf32 checks a drive, reading it sector by sector. Therefore it can check local drives only.
-
How to change the interface language in ADinf32? To view languages supported by your ADinf32, click on the window icon in the main window title and open the system menu. If, in addition to English, at least one localization module is installed in your system, the "Language" item will appear in the system menu. Selecting this item opens a list of available languages.
-
What is the objective of ADinf32 Pro version? ADinf32 Pro is a special modification for users who demand guaranteed integrity and security of large volumes of valuable information, for example, databases or document archieves. Because of a new LAN64 algorithm used for computing the checksums of files, ADinf32 Pro is not a simple integrity checker, but a powerful utility which keeps strict control over data security.
LAN64 algorithm computes 64-digit checksums by the hash function developed by LAN Crypto Corporation (site is in Russian) for controlling the security of specially valuable information. It guarantees reliable control over data security and leaves no room for modification of files without changing the value of the hash function.
Under CRC16 and CRC32 algorithms employed in standard ADinf32 versions, the checksums of files can be algorithmically modified so as to introduce slight modifications in files. In this sense, CRC16 and CRC32 checksums are helpless against smart tricks. For both these CRC types, there are algorithms which compute additional bytes so that checksum remains unchanged.
The LAN64 algorithm (hash function) is intelligent enough not to permit anyone to compute the necessary changes without altering the checksum. Trial-and-error method is only way and this cannot be accomplished in real time. Here lies the superiority of LAN 64-digit checksum.