Live OneCare

Continuing the foray into uncharted territory, I decided that I'd make a break from Symantec's increasingly intrusive antivirus solutions and set up a trial of Live OneCare, Microsoft's all in one AV/firewall/tuning solution.  I know it doesn't have the greatest reputation out there, but I thought I'd see what it did.

Now, I can't remember the last time I picked up a virus on my system - so either Symantec got compromised a long time ago, or I've been lucky/careful (strike out as appropriate).  Since building the new system, neither my incoming email nor browsing habits have changed markedly.

However, the first full pass of OneCare identified not one, but two infections - and wasn't able to quarantine either.  Nor was it able to give me any good details about the files involved.  I like my AV programs to put big popup windows on the screen, the sort of thing that screams at you so even the least involved user has to recognise that there's an issue here,and has enough information to make a sensible report to the support team.

Trojan/Format.CY was the easier to define - depending on who you believe, there's either an 18 byte bat file that will wipe your C drive, or a somewhat larger exe with an instantly recognisable and unique name.  Despite full disk searches, neither variant turned up on the PC.  I don't think this one is stealthy enough to evade the kind of checks I made.

The other bit of malware was supposed to be a worm, W32/Frethem-L.  This is carried by an email with a password recovery program.  Now I may look stupid, but never ever have I opened an executable from an email.  It simply isn't going to happen.

So why did OneCare create these reports?  I have no idea - the application itself is of no real help, especially if it refuses to tell me why it couldn't quarantine the files (probably because they were never there in the first place?).  Searches for similar reports don't seem to have turned up any answers.  I'll keep looking, and run further checks across the whole PC (an operation that seems to take far too long, given the performance of this system overall), but I suspect OneCare has a very short life expectancy on this box.