Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Test of 16 Anti-Virus Products Says None Rates "Very Good"

timothy posted more than 4 years ago | from the keeps-the-av-people-in-business-though dept.

Security 344

An anonymous reader writes "AV-Comparative recently released the results of a malware removal test in which they evaluated 16 anti-virus software solutions. The test focused only on the malware removal/cleaning capabilities, therefore all the samples used were ones that the tested anti-virus products were able to detect. The main question was if the products were able to successfully remove malware from an already infected/compromised system. None of the products performed at a level of 'very good' in malware removal or removal of leftovers, based on those 10 samples."

cancel ×

344 comments

Sorry! There are no comments related to the filter you selected.

I use Microsoft anti-virus and love it (3, Funny)

Anonymous Coward | more than 4 years ago | (#30018858)

BuY H3rB@l V1agaRa t0Day!!!

Security... (5, Insightful)

xanadu113 (657977) | more than 4 years ago | (#30018866)

Security is a process, not a product.

Re:Security... (2, Insightful)

sopssa (1498795) | more than 4 years ago | (#30018894)

Since you seem so confident and intelligent, how do you plan to teach that to a "normal person"?

And on real slashdot style, a car analogy; we dont care how the taxi works or how its supposed to secure us, we just want to get around conveniently. Without getting killed. Now the taxi driver might care more about his systems and how the inners of car work, but we just couldn't care less. It's the same thing when casual people use computers, and you're pretty ignorant if you dont understand why it is so or why they "just want it to work" so they can do whatever they want to. Like with every other hobby or thing, only those interested in computers and security are, others are not.

Re:Security... (5, Insightful)

davester666 (731373) | more than 4 years ago | (#30018988)

It's like a piece of wood, a tape measure and a saw. If the person doesn't use the tape measure properly, and saws the wood too short, there isn't any magic that can fix the problem. Even buying a new piece of wood and a new fancy tape measure will still have the same problem if the user can't be bothered to learn how it works.

And a computer is only slightly more complicated than a tape measure...

Re:Security... (5, Insightful)

Kratisto (1080113) | more than 4 years ago | (#30019114)

No, see, it's like a computer and a user and antivirus software. The user expects the antivirus software to either protect him from getting a virus to begin with, or to remove it swiftly if it fails. Unfortunately, the antivirus software isn't very good in the latter situation, and because the user is an idiot, no antivirus software can help him in the first situation.

Re:Security... (1)

N3Roaster (888781) | more than 4 years ago | (#30018996)

Bad car analogy. Ignoring the tautology at the end, the computer user is more analogous to your taxi driver who does care. If you just want to be a passenger who doesn't want or need to know anything other than where they want to go, you hire the taxi driver (or perhaps a chauffeur). Now, I'm not saying that software shouldn't be made better, more secure, to do what you want, and be harder to accidentally scatter your guts over the road while killing innocent bystanders, but it's never going to be perfect, so if you want to drive yourself and not be a menace to yourself and others, some basic awareness is going to be needed. Don't like it? Take the bus.

Re:Security... (3, Interesting)

Jurily (900488) | more than 4 years ago | (#30019066)

Here's another analogy for you: don't rely on the police to catch the robbers. Use houses with locks on them and learn how to use it.

Re:Security... (0)

Anonymous Coward | more than 4 years ago | (#30019306)

Horrible analogy. There isn't a lock out there that can't be picked/broken. Kind of like antivirus software.

Re:Security... (3, Interesting)

v1 (525388) | more than 4 years ago | (#30019434)

It's not a question of being or not being totally effective, you can make that argument from any direction and arrive at the same answer. No product is 100% effective. It looks like this review was just saying that none of the products tested met their expectations.

So that either means that their expectations were unreasonable, or all the tested products stink.

Or a combination of the two. That's where my money is. Regardless of topic, security is best handled from the inside, where your footing is solid and attacks only come from one direction. Problem is, the inside is not secure. At that point you require extraordinary external security, which either means you need to be very good at it yourself, or you have to find someone that's top-notch to make up for the problem. It's no surprise that so many of these products didn't fair well, they're defending the castle while standing outside the walls. And since you're already starting out with a handicap and are going against experts and people motivated by money, if you want the job done right, you're best to do it yourself. The human element of unpredictability along with knowing what's safe and what's not safe is the best defense, not software. If you're a computer noob, there simply isn't a "very good" solution, as this review basically concludes.

Re:Security... (2, Insightful)

similar_name (1164087) | more than 4 years ago | (#30019274)

People still have to learn how drive. It doesn't just work. I can go into oncoming traffic and head end a semi. Cars don't 'just work'. The best security product is never going to keep someone from running something stupid.

they "just want it to work"

My mom used to say 'Want in one hand and shit in the other and see which one fills up faster.'

Re:Security... (3, Insightful)

slarrg (931336) | more than 4 years ago | (#30019344)

Even when people learn to drive, accidents still happen. That's why technology is developed to reduce the negative outcomes of those accidents (crumple zones, seat belts, airbags) or attempt to diminish the likelihood of an accident occurring in the first place (brake lights, mirrors, reflective road signs.) This is the same reason anti-virus software is developed and it's certainly appropriate to debate the effectiveness of these methods.

Re:Security... (2, Interesting)

similar_name (1164087) | more than 4 years ago | (#30019386)

it's certainly appropriate to debate the effectiveness of these methods

I completely agree, but some people seem to think security software is going to prevent anything from happening to their computer. I don't think a seat belt, crumple zones etc are going to prevent anything from happening to me regardless of what I do. Or for that matter what another driver does. Why should I refuse to learn anything about using a computer?

Re:Security... (1)

slarrg (931336) | more than 4 years ago | (#30019508)

There's a difference between not learning anything about the computer (or car for that matter) and just learning enough to do the minimum necessary to use the device. When we get a driver's license, you are demonstrating that you have a minimum proficiency to drive an automobile. Truthfully, many of those people still have problems driving in inclement weather or when it's dark out but we accept that they have the minimum proficiency to share the roadways with others. Are you so certain of your mechanical knowledge of your car that you know that a tire will not fail or the car will not accelerate uncontrollably (such as the recent Lexus recall) potentially killing another person on the road? Are you certain, every time you start your car, that someone didn't maliciously tamper with your car putting you or others at risk once you start driving? Of course not. But, as a society, we accept that your lack of knowledge is an acceptable risk even though it puts other people's lives at risk.

You could argue that people should have to get a license to operate a computer on a network but we, as a society, generally frown upon additional regulation. The only reason people accept licensing for drivers is because lives can be put at risk. It's unlikely that anyone would suggest that an elderly woman who has a computer online so that she can get pictures of her distant grand children through email should have some advanced understanding of computers. It's somewhat ridiculous that so many in the computer industry insist that people who have no interest in computers must learn a great deal about its inner workings before they can use one as a tool. Certainly no one expected you to be similarly informed about your car, household appliances or plumbing before you were allowed to use them. Why should they need to know more about their computer or the underlying technology within to surf the web or get email? They don't need to understand radio waves to use a television or cell phone.

Look, I've been a programmer for over twenty years and I definitely enjoy learning about many minute details in the systems I use but I hardly expect the same from everyone around me. Developing safeguards to protect others without them becoming experts seems a logical thing to do.

Re:Security... (1)

v1 (525388) | more than 4 years ago | (#30019482)

People still have to learn how drive.

Problem is, in today's world, everyone needs a jet to get to work. Do you know how to drive a jet? I sure don't. That leaves us with companies trying to sell "jets for the common man". I'd personally prefer a jet that flies itself, doesn't randomly run into mountains, has a 100% (not 99%!) effective antimissile system, and doesn't require me to know how to maintain the turbofan. But then it looks like these companies are in the business of selling parachutes, air bags, and duct tape. I just think their whole angle is wrong to begin with, and is never going to produce a "very good" solution.

("an ounce of prevention is worth a pound of cure")

Re:Security... (1)

poetmatt (793785) | more than 4 years ago | (#30018952)

You're dead on. However, it sure is surprising that they didn't test ClamAV, isn't it? /positive MS score and open source antivirus not tested? color me surprised.

Re:Security... (1, Insightful)

Anonymous Coward | more than 4 years ago | (#30019024)

I suspect it's because ClamAV doesn't have "malware removal/cleaning capabilities", which is what they were testing apparently.

Re:Security... (1)

LordLimecat (1103839) | more than 4 years ago | (#30019448)

ClamAV does nothing automatically, so it wouldnt really qualify for the first part of the test. If youre suggesting ClamAV to people as a primary antivirus, youre doing it wrong. Moonsecure would be a different story, but Im not sure how good it is.

Re:Security... (0)

Anonymous Coward | more than 4 years ago | (#30019496)

This is Slashdot, Microsoft marketing's latest sheltered workshop.

Re:Security... (2, Insightful)

engun (1234934) | more than 4 years ago | (#30019068)

Exactly. This is why I don't use any AV product at all. As long as you're reasonably careful not to download and install unknown programs, there's no way to justify incurring a huge performance hit on a daily basis. For example, I once "fixed" a friend's PC in which she had installed two AV programs - Avira and McAfee - for additional protection and security as I heard. File copying had dropped to something like 150Kb/sec between two hard drives because both anti-viruses were scanning it. Disabling one increased the speed to about 1.5Mb/Sec. Disabling both improved it to about 6Mb/Sec (figures according to rough recollection, to be taken with a pinch of salt). I eventually left one on since she wasn't an experienced user and needed some anti-virus program, "just-in-case".

But experiences like these over the years have convinced me that the wisdom about adjusting your process is far more valid than having an army of products. I haven't had a single virus infection for as long as I can recall and if I did, that was because I'd been careless and run some program off the net without finding out what it was. Also, I don't think AV programs offer any meaningful protection against things like browser flaws. If someone decides to exploit say a buffer overflow vulnerability in your browser and you simultaneously decide to browse to that very site which does so, well, so sad, too bad. Might as well wait for the browser vendor to release a patch which fixes that flaw and use a more secure browser like Chrome to browse dodgy sites, rather than pray an ineffective AV magically detects it with its "heuristics". Most often, all that DLL injection and the like result in an unstable browser, rather than providing any real protection.

Having said all that, I do see the utility in being able to do an occasional on-demand scan on an executable. I also see why AV vendors are going for the nanny philosophy to deal with the armies of inexperienced users who have no idea about the "process" behind security. But for those with a reasonable idea of it, it's probably better to suffer the rare virus infection than endure a crawling system on a daily basis thanks to some overzealous AV product.

Re:Security... (1)

pelrun (25021) | more than 4 years ago | (#30019130)

Which is fine until that one virus manages to get through by accident. I ran my machine AV-free for a long time until that happened, and the cleanup was unpleasant - the preventive features of AV software are far superior their cleanup ones. :S

That said, the performance of my machine running AVG got worse and worse with each new version till I got fed up and ditched it. I'm running Avast now, and the best feature is the easy access to the "disable on-access protection" option in the systray. It stays on most of the time, but I don't have to go digging through menus when I just want it to get the hell out of the way.

Re:Security... (3, Insightful)

Darkness404 (1287218) | more than 4 years ago | (#30019190)

Which is fine until that one virus manages to get through by accident. I ran my machine AV-free for a long time until that happened, and the cleanup was unpleasant - the preventive features of AV software are far superior their cleanup ones. :S

Yes, but think about it this way. Lets say your computer runs at half its speed with an anti-virus. You run your machine for 365 days without an AV for 30 mins doing routine work that would be slowed down by the AV (file copying, plus additional maintenance for the AV itself, etc) so it would take an hour. That is 182.5 hours per year you use it for maintenance without an AV. With an AV that doubles to 365 hours. Even if you add in a entirely long clean up process of 48 hours, you still come out ahead. And unless you get a nasty virus that somehow corrupts everything you can just restore from backup (you do have a backup of everything important right?) and if you don't have a backup you can usually boot from a Linux disk (most can read NTFS just fine) and copy things to an external HDD. So unless that machine was really mission critical (such as, if its down for 2 days you are out of lots of money) not having an AV and having a long clean up may actually save you time.

Re:Security... (1)

an unsound mind (1419599) | more than 4 years ago | (#30019250)

Throwing some hardware at the anti-virus is easy.

Throwing some hardware at it doesn't work for me.

Re:Security... (2, Informative)

dmorris68 (1532203) | more than 4 years ago | (#30019392)

Yes, but think about it this way. Lets say your computer runs at half its speed with an anti-virus.

I wouldn't run any AV that causes my computer run at "half its speed."

I used to be a huge Norton AV hater. But since v2009 they did a major overhaul to their AV engine and now it runs extremely well. 2009 and 2010 consume virtually NO detectable resources, update themselves literally every few minutes, and turn themselves off completely during gaming. Kaspersky 2010 is a bit worse performance-wise, but not terribly so. I've also installed MSE on a few PC's for people and have been impressed with its performance. None of these three slow your PC "by half" and of the three, I'd say Kaspersky is the biggest hog, but still far and away better than the Norton of old. AVG used to be lean and mean until v8 I think, then it bloated up and got slow too. Avira free was decent but the ads were too annoying, as was the mandatory annual registration renewal for it and Avast. I finally decided to pay, and have been quite satisfied.

So based on my experience, for free AV (that doesn't bug you with ads) I'd recommend MSE. If you're willing to pay, Norton 2010. And if you shop around online, you can get some good deals. I got 3 PC's w/ 2 year subscription of Norton Internet Security 2009 (and free upgrade to 2010) for $60, and I've actually found it even cheaper since.

Re:Security... (1)

mlts (1038732) | more than 4 years ago | (#30019290)

I run AV software for a few reasons: The first is that most AV software has heuristics. This is important for a "burglar alarm" in case something manages to get executing natively on a system. The second is to catch known threats before an OS update. AV products update at least daily, which is usually faster than OS or browser updates unless the hole is super critical. Another use is scanning files and documents before emailing. This way, if the recipient claims to have gotten an infection, I can say that it was scanned with a utility before it was sent, thus the recipient's problem.

Of course, there is the legal element. A business that doesn't have AV software on machines (regardless of how really effective it is), is like a business that doesn't have locks on building doors. People would say the business is not doing due diligence.

Re:Security... (1)

LordLimecat (1103839) | more than 4 years ago | (#30019454)

Im not sure how much water the due diligence argument holds; antivirus doesnt keep anyone out. Firewalls and IDS would be due diligence; antivirus is of debatable value.

Re:Security... (2, Insightful)

Afforess (1310263) | more than 4 years ago | (#30019222)

I find it interesting though that Microsoft Security Essentials was one of the top three AV tested, with two "good" ratings. It also happens to be free. Maybe Microsoft is learning lessons from the past?

Re:Security... (2, Interesting)

ZosX (517789) | more than 4 years ago | (#30019412)

Using it right now. It found a suspected trojan in my half life 1 install. It looked like a false positive, but who knows. I quarantined the file anyways. It was for opposing force. Anyone else have this detection? What was interesting was that it said it listed it as active. I was kind of surprised by this. Since I long lost my half life cds, it was a pirated copy, but usually they embed trojans in the installer exe or the cracked exe, which all tested out to be fine. Security essentials seems pretty good though and is relatively lightweight. I agree that it is about time that microsoft starts getting a lot more serious about security and vista/win7 and now this seems like steps in a good direction.

Re:Security... (4, Insightful)

Leekle2ManE (1673760) | more than 4 years ago | (#30019258)

I've been reading slashdot for a while and I've avoided commenting because... I'm not a nerd. I'm a geek. Which my friend always find annoying because 'back in his day' nerd and geek were the same thing.

I've been into computers for over 10 years now and while I know far more than the average user, I don't know enough to hold a flame to many nerdier folk.

However. I've dealt with enough real life cases in computer security/maint to know that the average user doesn't care about a process. They don't want to hear about it being a process. They view the computer as a glorified telephone/television combo. They just want to be able to power up, do what they want and log out. The average user these days isn't going to spend time to learn about how to properly protect themselves online because they have other things to do.

To expand on a car analogy someone else used...
Likening computer security to a car would mean comparing it to car security. While some people might take their cars to a car audio shop to get a security system installed, most will just buy their car from the dealer and just want to push the button and have their car secured. Even if they won't always push the button. Unless they're in an 'unsafe' neighborhood.

What the average user doesn't understand is that every time the get online they're in an unsafe neighborhood. They don't know it and they're not going to do the research to find out. They're not reading /. They don't see comments about Security being a process and not a product. They just want to start up the computer and feel safe that their security system is working. They're not going to search online to find the best anti-virus product(s) available. They're not going to look for reviews of 16 anti-virus programs reviewed. They quite simply don't care and don't feel that they should have to care.

What good is firewall software if the user has no clue whether to allow a process access to the internet or not, but since it just popped up while they were installing something new, they allow it anyways? The firewall/software does nothing for them.

And before someone brings up the Linux solution. I love Linux. I use it. It is NOT user friendly though. With all the different flavors around, the *cough* average user would just rub their temples in frustration and stick with Macrohard products. And if they did pick a Linux distro, they would have to pray that all the components in their computer are compatible. I've installed linux on multiple systems (which previously ran some variation of winblows) and every system has had at least one piece of hardware that didn't have a driver available.

So, to make a long story short (TOO LATE) computer security for the average person will never happen. The only way to make computers secure for the average user to make the internet secure. The only way to make the internet secure is to allow your local ISP to start white-listing/black-listing sites, thus dictating where you can and can not go. And that's never going to happen. Or at least, we hope it doesn't.

Re:Security... (0)

Anonymous Coward | more than 4 years ago | (#30019368)

"And before someone brings up the Linux solution. I love Linux. I use it. It is NOT user friendly though. With all the different flavors around, the *cough* average user would just rub their temples in frustration and stick with Macrohard products."

Um... wait a second. Did you just infer that Microsoft has a big, hard dick? If anything, their "proper" name is more fitting. Or MicroFlabby...

Re:Security... (2, Insightful)

mysidia (191772) | more than 4 years ago | (#30019288)

Yes, but malware is a product.

AV/Anti-malware software should be a product that can expunge/protect against one type of security threat: rogue/malicious software.

Nothing beyond the product should be required for expunging malware. If you are updating and the software maker is doing their job, that security threat is permanently dispensed with, and you can move on to other threat categories, if they ever become important to you.

If not, you are secure, and done.

Security is a process, not a product, refers to security in general, which is a lot harder than security against specific types of threats.

Anti-malware won't stop an insider from offloading sensitive customer records to their USB stick and selling them off to some ID thief living in india.

Well, you use another security tool for that: group policy. Configure all workstations so that removable media is allowed, and you no longer need to worry about USB sticks.

Group policy won't protect against a hacker guessing your admin password, FTP'ing into your server, and pulling the files.

There's a product for that too: A firewall. Which you install, and configure properly. Voila: hacker FTP'ing in is no longer a threat.

Security is not just a process, but a bunch of products and proper configuration of those products.

Probably one of the most important products is proper training and education of your staff, and proper configuration and choice of what issues to educate them about, and how you configure your organization's HUMAN security policies, for example, how you prevent random untrusted outsiders from pretending to be "maintenance" and gaining unescorted/unapproved access to your server room, from an employee @ front desk who knows where the key is.

Re:Security... (1)

Runaway1956 (1322357) | more than 4 years ago | (#30019312)

True - security is a process. But, the process should have reliable results. When the process proves unreliable, then it's called a "failure". Security failures on Windows are common - just tally up the number of banks that have been compromised, then try to make some kind of a wild stab at the numbers of consumers who have been compromised. Some of them are actually pretty savvy, too.

Now, look to the world of Unix and Unix-like OS's. The process is FAR MORE reliable, and requires less user input to be effective. The least secure default installation of *nix that I have ever seen is on an equal footing with the most secure installation of Windows that I have ever seen.

Just to clarify - the clueless bozo can give his information away in a number of ways, no matter how secure his system. We only ask that the system doesn't turn on the owner, and give the information away FOR him!

Reliability. What a concept.

Re:Security... (1, Funny)

Anonymous Coward | more than 4 years ago | (#30019334)

Mod parent up! He just upgraded my arsenal of meaningless statements that convey authority.

Re:Security... (1)

syousef (465911) | more than 4 years ago | (#30019380)

Security is a process, not a product.

Where can I buy that process? Who's the best supplier?

Sign of the times... (2, Interesting)

unitron (5733) | more than 4 years ago | (#30018882)

Despite this being Slashdot, when I first saw the headline about "anti-virus" products, I immediately thought "stuff like Tamiflu".

Re:Sign of the times... (-1, Troll)

sopssa (1498795) | more than 4 years ago | (#30018974)

Theres interesting twist on that one lately. Baxter, which also previously almost "accidentally" spread modified bird flu in 2008 [scienceblogs.com] until it was noticed in one of the labs just at final moment, was supposedly testing some bio weapon in Ukraine.

http://www.consciousape.com/news/swine-flu-wars-baxters-ukraine-bio-weapon-exposed/ [consciousape.com]

And further: “He said that Baxter’s Ukrainian lab was in fact producing a bio-weapon disguised as a vaccine. He claimed that the vaccine contained an adjuvant (additive) designed to weaken the immune system, and replicated RNA from the virus responsible for the 1918 pandemic Spanish flu, causing global sickness and mass death.”

We should perhaps note that Moshe revealed this information in August, a full two months and more before the Ukrainian ‘flu’ epidemic broke out.

Interestingly that was noted 2 months ago, and something unknown is now spreading there [kyivpost.com] .

Since the moment the epidemic started to spread, 871,037 people have been diagnosed with flu and other respiratory viral infections, including 101,317 over the past 24 hours. As many as 39,603 of these people have been hospitalized, including 4,732 over the past 24 hours, and 317 are in intensive care.

60 people have died of severe respiratory conditions in the past week – 4 confirmed swine flu deaths, and what are being described as 56 “unexplained deaths” in the west of the country.

Looking at whatever has been happening with Baxter previously and with the swine flu.. interesting stuff.

Re:Sign of the times... (0)

Anonymous Coward | more than 4 years ago | (#30019036)

Nice conspiracy theory. -1 tin foil hat

Re:Sign of the times... (3, Interesting)

buchner.johannes (1139593) | more than 4 years ago | (#30019470)

They took 16 flu shots from companies that produce flu products, and used several flu strains that all companies advertise their products for (influenza C, H1N1, H1N2, H3N1, H3N2, and H2N3). The study focused on creating the necessary antibodies and 'cleaning the system' from the flu. Unfortunately, none of them rated 'very good'.

If you have a dark sense of humor, read on.
399234 test subjects were used, and 4735 deaths recorded.

antivirus 2009 (0)

Anonymous Coward | more than 4 years ago | (#30018898)

They need to try this antivirus it detects thousands of viruses in my computer!!!!!,I can't wait for antivirus 2010 to come out.

dd (2, Funny)

Anonymous Coward | more than 4 years ago | (#30018904)

Guess they didn't try:

dd if=/dev/zero of=/dev/sda

Only sane way to remove viruses. Rates an "Excellent".

I guess the equivalent in Windows is to buy a new computer. Also, an "Excellent" method.

Re:dd (1)

gzipped_tar (1151931) | more than 4 years ago | (#30019132)

I'd use /dev/urandom. Three times ;)

Browsing safely (5, Insightful)

Utopia Tree (1040146) | more than 4 years ago | (#30018912)

I don't think anyone sells common sense.

if mearly loading a website compromises my (2, Insightful)

LukeCrawford (918758) | more than 4 years ago | (#30018934)

computer, my browser is completely broken.

Re:if mearly loading a website compromises my (0)

Anonymous Coward | more than 4 years ago | (#30019298)

Here, let me fix [ubuntu.com] that [noscript.net] for [adblockplus.org] you. [isc.org]

Re:if mearly loading a website compromises my (1)

LukeCrawford (918758) | more than 4 years ago | (#30019352)

Exactly what I meant. firefox on linux noscript and without flash is fairly safe

Re:if mearly loading a website compromises my (2, Interesting)

GigaplexNZ (1233886) | more than 4 years ago | (#30019316)

Completely broken? No, it still functions correctly most of the time, so just partially broken. Writing bug free software is virtually impossible, so while blaming your browser might seem like a good idea, the only way to guarantee that you aren't using a broken browser is to not use any browser.

Let me put that another way: (1)

LukeCrawford (918758) | more than 4 years ago | (#30019358)

if you are using a browser that is commonly compromised by opening the incorrect webpage, you are a moron. Don't run IE, don't run flash, and run noscript, and you should be fine.

Re:if mearly loading a website compromises my (0)

Anonymous Coward | more than 4 years ago | (#30019466)

My browser is `wget -O - | html2text | less`. Try exploiting that!

Googling for URLs? (1)

ScottCooperDotNet (929575) | more than 4 years ago | (#30019260)

Being that even legitimate sites like NYTimes.com and Boston.com can be spreading malware [slashdot.org] , how is browsing safely going to work?

I'm still horrified by people who have to use Google to get to their destination [google.com] . No wonder people fall for phishing. Do they know they can type in the address bar?

Re:Googling for URLs? (1)

Darkness404 (1287218) | more than 4 years ago | (#30019326)

Googling for URLs is much safer than typing in the address bar. How many times do we misspell Google if we are in a hurry? We might spell gogole.com, gooogle.com, gogle.com, googgle.com googl.com, and a whole lot of others. Any one of those could be a phishing site. With Google you get a nice spellcheck for your search for one and for another it tries to block any site that has malware on it. Using Google you will avoid phishing much more than using the address bar.

Re:Googling for URLs? (0)

LordLimecat (1103839) | more than 4 years ago | (#30019462)

Or you could just use Chrome or OpenDNS, both of which do this automatically.

Re:Googling for URLs? (1)

GigaplexNZ (1233886) | more than 4 years ago | (#30019330)

Do they know they can type in the address bar?

Have you ever heard of typosquatting [wikipedia.org] ? Or searching for some general piece of information without knowing what site hosts that information?

Clicking On Links Shouldn't Be Dangerous (1)

EXTomar (78739) | more than 4 years ago | (#30019436)

Although I agree no one sells common sense, I do think clicking on links in a web browser or email shouldn't put your machine at risk. If clicking a link in Firefox or Thunderbird in Linux or BSD created a compromise in the system, people would eagerly seek a solution by reworking the architecture of the system and software. The system we see today on Linux and BSD and the like grew out of those lessons. That isn't to say you can't click on a link in Firefox that causes trouble or have an bug that is exploitable in Thunderbird but the entire machine isn't ruined. On the other hand in Windows they decided it was "cheaper" to just throw scanning software in the way instead of fixing the design. Why does one feel the right way to approach the problem while the other feels like a work around?

Of course Linux and BSD and Windows aren't frozen and are still evolving but I really see an evolutionary dead end in the way Windows handles this. This is insanity to continue to believe that security in Windows can be maintained by AV software and user intervention and Microsoft staying ahead of the bad guys. Users have no way of knowing before viewing if a link they click is really dangerous and even the best behaved users accidentally miss-click. Users can't tell the difference between malware and anti-virus software. Who validates what is AV software and malware? The AV software industry or Microsoft? These guys haven't given us much reason to trust let alone the problem of having a conflict of interest.

On *NIX it is standard policy to format and (2, Insightful)

LukeCrawford (918758) | more than 4 years ago | (#30018920)

restore from a known good backup whenever the root account is compromised, be it compromised by a worm or a human, in part because it's impossible to tell the difference between a human pretending to be a worm and a worm, so it is quite difficult (perhaps impossible) to know what the attacker did, and how to undo the damage.

How come they never test Comodo? (1)

hairyfeet (841228) | more than 4 years ago | (#30018922)

Comodo is free, it doesn't bog down the machine, and while I admit I don't go to the sleaziest parts of the net so far it has caught everything that I have run across. It also has a nicer firewall than the crappy Windows built in one, so how come nobody tests it?

Re:How come they never test Comodo? (1)

wizardforce (1005805) | more than 4 years ago | (#30018966)

Don't forget the open source Clamwin [clamwin.com] antivirus program.

Re:How come they never test Comodo? (1)

jesseck (942036) | more than 4 years ago | (#30019196)

I use Clamwin at work, but I would never recommend it to the users. I'm smart enough to watch where I browse, scan suspicious files before opening, etc. But the users aren't... they click on everything, and need a real-time scanner to watch what they do. Clamwin doesn't offer that (yet), but the moment it's available I'd roll it out to everyone.

Re:How come they never test Comodo? (1)

mysidia (191772) | more than 4 years ago | (#30019414)

This is typical of AV-comparatives. They don't test every single product in every single comparative, see their testing methodology [av-comparatives.org] and conditions for participation; they test a select list of products that have passed certain criteria, generally no more than 16 per test, and their board chooses which products.

Note, they didn't test other popular AV software such as Trend Micro, CA Antivirus, F-Prot, Fortinet, Panda, ZoneAlarm, DriveSentry, Cisco Security Agent, nProtect, eSafe, in this test, either.

Also, the vendor has to choose to participate and have applied for inclusion. AV comparitives won't just take any AV products they see off the street and test them, the vendor participates in this, and signed an application and agreement with the vendor's seal. The vendor gets to provide software and license keys, pay some fees for using AV Comparitives logos, etc, and make some agreements regarding the exchange of missed virus/malware samples.

Also, see here [av-comparatives.org]

:

Qualified Candidates: At AV-Comparatives we limit the participants in our tests to about sixteen and where possible we include only good and reliable products/vendors. Due to this, we have devised various requirements in order to take part. One of these is the detection of a minimum percentage of SET A test set. We believe that even for new vendors this should be easy to pass, as long as they have a good engine (products included in the current main tests all scored between 97-100% over SET A). This also aids us identifying and filtering out rouge anti-virus vendors. Fulfilling this requirement does not necessarily mean that a product has good detection rates over SET B.

Re:How come they never test Comodo? (1)

John Hasler (414242) | more than 4 years ago | (#30019018)

> ...so how come nobody tests it?

Most likely because they don't have a big enough marketing budget.

WRONG SITE! (5, Informative)

Anonymous Coward | more than 4 years ago | (#30018926)

They said AV-Comparative.org in the article. Try going there and see what happens. The correct site is av-comparatives.org.

I Just switched to an interesting product .... (-1, Troll)

TechnoGrl (322690) | more than 4 years ago | (#30018936)

That has kept me completely virus free for about 3 months now.

I think they call it ... OS X

Re:I Just switched to an interesting product .... (0)

Anonymous Coward | more than 4 years ago | (#30018960)

My god you are an ass.
there are virls out there designed for OSX because it is now finally getting a marketshare big enough to have it worth making something to comprimise your precious yuppie OS.
Putz.

Re:I Just switched to an interesting product .... (2, Insightful)

curmi (205804) | more than 4 years ago | (#30019140)

He was hardly an "ass", though maybe a troll. Certainly an entertaining post, but your response to it was wrong.

1) There are NO viruses for the Mac. There are trojans though, like any OS.

2) The Mac has long had the marketshare for viruses - pre-OS X there were plenty of Mac viruses. There have been none for OS X because it is more difficult to write them with the way the new OS is designed. Writing one for OS X is like a holy grail for virus writers.

3) Who is the "ass" calling OS X a "precious yuppie OS"?

Re:I Just switched to an interesting product .... (1)

washu_k (1628007) | more than 4 years ago | (#30019266)

There were not plenty of viruses for pre-OSX, no one cared.

I've seen virus counts of between 50,000 to 150,000 for Windows around the time OSX came out. Lets say 100,000.

Just before OSX came out MacOS had between 1 and 5% of the market. Lets guess on the low end and say 1%.

That would indicate pre-OSX should have had a "virus market share" of at least 1000. In reality it had at most 80, more likely only 40 in total.

pre-OSX had no were near the number of viruses it's market share would indicate. As pre-OSX had no security at all, security by obscurity worked pretty well for it.

Re:I Just switched to an interesting product .... (0)

Anonymous Coward | more than 4 years ago | (#30019262)

My God, your ass is full of stars

Re:I Just switched to an interesting product .... (0, Flamebait)

davitur (1112845) | more than 4 years ago | (#30018994)

Isn't this an example of security through obscurity? Maybe an example of how virus authors subscribe to the pareto principle...

Re:I Just switched to an interesting product .... (0)

Anonymous Coward | more than 4 years ago | (#30019040)

You are going to end up with the aids virus though... just sayin.

Re:I Just switched to an interesting product .... (1)

Thantik (1207112) | more than 4 years ago | (#30019062)

Yeah, instead you just lose your data randomly. I think they even came out with a game that deletes 1 file at a time each time you score...I think it was for.......OS X

Re:I Just switched to an interesting product .... (1)

dangitman (862676) | more than 4 years ago | (#30019430)

I think they even came out with a game that deletes 1 file at a time each time you score...I think it was for.......OS X

Whereby "they" you mean a conceptual artist who created that game as an art piece - not some script kiddie or malicious programmer or criminal. And the game was clearly labeled as to what it did.

So, would you care to point to any real problems that have affected users, rather than creating a strawman?

Re:I Just switched to an interesting product .... (0)

Anonymous Coward | more than 4 years ago | (#30019084)

My neighbor called me in a panic a couple of weeks ago saying that he needed help, that his computer had a virus. I go next door and I sit down in front of his mac which has words flashing "trojans detected." He had clicked on it and it downloaded multiple exe's onto his desktop. That's when I realized that OS X isn't completely useless. Some people can use real scissors, while others need safety scissors.

Somewhat vague... (1)

allknowingfrog (1661721) | more than 4 years ago | (#30018962)

The article doesn't say much about what "good" means. If they tested what I assume are the 16 most popular products and none of them achieved "very good," by what standard do they judge? A ranked list would have been more useful for me.

Also, I find it ironic that "average" is one of the scores. "Good" and "poor" imply an objective scoring system, but "average" would imply that the score is relative to the rest of the group. : )

Format C: (0)

Anonymous Coward | more than 4 years ago | (#30018970)

They must not have included the free offering from MS: "format c:" It is very good at complete removal of malware.

Re:Format C: (0)

Anonymous Coward | more than 4 years ago | (#30019080)

HAW HAW HAW! never thought of that, how hilarious! oh my god i'm still laughing! keep it going! HOOOOOOOOOOOOOOOOODAAAAAAAAAAAWGY!LOL.

They tested Anti-virus software for malware (5, Insightful)

Jazz-Masta (240659) | more than 4 years ago | (#30018982)

How about testing some malware removal programs? Malwarebytes, Adaware, Spybot?

I find Malwarebyte's Anti-malware to work wonders. Paired with Avast home edition, it is a good free combination. I think most system administrators notice the difference between software primarily tailored for virus detection and removal, and ones tailored for malware detection and removal.

They tested these:

Avast Professional Edition 4.8
AVG Anti-Virus 8.5
AVIRA AntiVir Premium 9.0
BitDefender Anti-Virus 2010
eScan Anti-Virus 10.0
ESET NOD32 Antivirus 4.0
F-Secure AntiVirus 2010
G DATA AntiVirus 2010
Kaspersky Anti-Virus 2010
Kingsoft AntiVirus 9
McAfee VirusScan Plus 2009
Microsoft Security Essentials 1.0
Norman Antivirus & Anti-Spyware 7.10
Sophos Anti-Virus 7.6
Symantec Norton Anti-Virus 2010
Trustport Antivirus 2009

Re:They tested Anti-virus software for malware (1)

ScottCooperDotNet (929575) | more than 4 years ago | (#30019192)

I find Malwarebyte's Anti-malware to work wonders.

It appears Malwarebytes uses simple techniques, like the name of a file, to determine if it is infected or not. This works very well against malware that uses the same name/path, but also makes it highly likely to find false positives. Try naming a harmless file after a fraudware program (say, Personal_AV) and you will see MBAM mark it as infected.

I have yet to see these antimalware programs be tested for false positives, but it would be interesting to see the results.

Expeted Linux fanboy response. (2, Insightful)

Hurricane78 (562437) | more than 4 years ago | (#30019194)

*whispers*
"Shall I?"
(whisperwhisper)
"Why me??"
(whisperwhisper)
"Ok, damnit! I'll do it! But you owe me one!"

*steps forward into the spotlight*

*loud*
"Well, I found a better combination:"
*louder*
"JUST INSTALL GNU/LINUX!"

*normal voice*
"Thank you, thank you! I will be here..." *dodges flying chair and Granny Smith with bite mark* "... all night!"

(P.S.: I use Linux as my main Desktop. And Windows for the games. No hard feelings here. :)

Also (3, Informative)

Sycraft-fu (314770) | more than 4 years ago | (#30019218)

Testing online (meaning running the removal program on a running, infected, system) removal seems kinda silly. You are fighting a war there and the malware has the upper hand being there first. On a compromised system you generally want to work on it offline. You either boot a live CD or take the hard disk to another computer. That way the malware can't be running. You can then use tools to track it down and remove it.

Running a scanner on a live system is more of a preventative measure and a detection measure. You have a realtime scanner looking for threats coming in. If it finds them, it can block them before they have a chance to do anything. This is 99.9% of the good a virus scanner does. It stops them before they ever infect the system. It can then also help in terms of alerting you if a system is infected.

However counting on one to be good at removal on a live system seems silly. Take the system offline, fix it, and bring it back up.

Re:Also (1)

Jazz-Masta (240659) | more than 4 years ago | (#30019296)

This is the best method to remove viruses/malware, I agree, but only if you have physical access to the machine.

If you're supporting one of your 10 000 new friends (how convenient, so many new friends, all have viruses) over the phone, getting them to install one of those quickly, works.

Re:Also (1)

LordLimecat (1103839) | more than 4 years ago | (#30019476)

Just tell them to use combofix. It removes everything.

Re:Also (1)

buchner.johannes (1139593) | more than 4 years ago | (#30019494)

No. That would be the smart thing to do, but the products are designed to run on an infected system. That's why they should be tested in this way.
Also, fixing the system offline is too complicated for the average user (to whom these products aim for).

Re:They tested Anti-virus software for malware (0)

Anonymous Coward | more than 4 years ago | (#30019248)

All security software sucks. Yes, even your favorite package.

Re:They tested Anti-virus software for malware (1)

MojoStan (776183) | more than 4 years ago | (#30019348)

They tested Anti-virus software for malware

How about testing some malware removal programs? Malwarebytes, Adaware, Spybot?

How should we define "malware?" AV-Comparatives.org chose (for now) not to include [av-comparatives.org] "adware, spyware, dialers, tools and rogue programs" (which they define as "Potentially Unwanted Applications"). They do include viruses, trojans, backdoors, rootkits, exploits, DDoS, flooders, sniffers, and nukers (from their "methodology" pdf file).

Also, their "Removal-Test" page [av-comparatives.org] makes it clear that they are testing "Anti-Virus" products. I guess they are using the term "malware" because we expect "anti-virus" products to detect/remove more than just viruses (e.g. trojans, rootkits, etc.)

Re:They tested Anti-virus software for malware (1)

goga_russian (544604) | more than 4 years ago | (#30019410)

where is DrWeb?

Stop with the recommendations (4, Insightful)

HermMunster (972336) | more than 4 years ago | (#30019004)

Stop recommending products. The tests demonstrate that av products don't perform well. It is right on. 80% of my day is spent cleaning malware. I have written here many times about how you need a combination of products. I've also emphasized the need to do the initial cleaning with the infected drive as the secondary in a second machine.

Until you do this day in and day out please stop with the recommendations, as you are not helping anyone one bit.

Re:Stop with the recommendations (0)

Anonymous Coward | more than 4 years ago | (#30019100)

What about recommendations for people trying to prevent malware (the category under which most of us fall, (hopefully))? Would you say they need multiple AVs too or just say 'go away, i will never recommend a single product'?

Re:Stop with the recommendations (1)

Spatial (1235392) | more than 4 years ago | (#30019128)

Here's my recommendation: go hog wild, people! I love your money.

No Joke (5, Interesting)

Das Auge (597142) | more than 4 years ago | (#30019006)

I've been working in the on-site support field for over a decade. I've seen the viruses get nastier and nastier.

It used to be that the virus got a hold of the system, maybe did a little damage or had a little fun. Sometimes it was pretty funny. Such as screwing with the mouse.

Then things started to get a little more serious. The virus would insinuate itself into the system folder and maybe IE. They stated doing tasks. Thus rose the botnets.

Then it became big business for people. The spreading of spam and fake anti-virus (that wanted you to purchase the "full version" so that you'd get rid of the virus they said you had) was the order of the day. They started blocking access to the run box, the task manager, and sites that might be able to help you (online virus scanners). They started killing the AV programs. They also replaced the explorer.exe and iexplore.exe files. Hell, they even go after Firefox, Chorme, and Opera.

They really get their hooks into in and don't want to let go because it means money. Big money. So I'm not surprised that AV programs are having a tough time getting rid of them. It hasn't been kiddies out for fun for a long time. Now it's all about professional programmers out to make an ill gotten buck.

Re:No Joke (5, Interesting)

d3ac0n (715594) | more than 4 years ago | (#30019118)

Ain't that the truth.

The kicker? Most of the infections I deal with on a regular basis are coming from AD BANNERS. I have literally had people get a brand new machine, sit down at it, open IE8 and browse to one of the major sports news sites (ESPN, TSN, MLB, NFL, etc.) and get IMMEDIATELY infected by a banner ad!

There are few things worse than giving someone a brand new machine, and before you've even been able to get back to your cube and sit down your BB is buzzing and you are being told to get back there because they have a virus! ARGH!

Honestly, it's gotten so bad that with most of the fake AV viruses we just freaking wipe the stupid PC immediately. Format and re-image and done. It's faster and easier.

Re:No Joke (4, Insightful)

dangitman (862676) | more than 4 years ago | (#30019422)

Most of the infections I deal with on a regular basis are coming from AD BANNERS. I have literally had people get a brand new machine, sit down at it, open IE8 and browse to one of the major sports news sites (ESPN, TSN, MLB, NFL, etc.) and get IMMEDIATELY infected by a banner ad!

Hmmm... could a law suit (class-action or otherwise) be an idea here? After all, isn't it illegal to infect someone's computer with malware? How is it that these major websites are getting away with it?

Re:No Joke (1)

Nimey (114278) | more than 4 years ago | (#30019522)

It's not the major sites, it's the compromised ad servers that are run by others.

Re:No Joke (1)

Myrcutio (1006333) | more than 4 years ago | (#30019322)

actually i've been making a fair amount of money off of those fake AV programs lately too. I think it's called Total Security or Cyber Security or something like that, insinuates itself in the AV section of the action center. After the first couple systems i got pretty quick about removing it, only took me 15 minutes for the last system i cleaned. Just kill the active process, delete the CS folder from program files, remove the browser helper object and set avast to a thorough scan of all archives. Incidentally, ALL the systems i've cleaned to date have had norton 2010 installed. Lately i've taken to recommending that any customers with norton just remove it regardless of existing subscriptions and install Avast. Haven't had a single complaint yet about the viruses resurfacing in the cases that took my advice.

makes it somewhat suspicious that TFA claimed that Norton was one of the best rated malware programs out there, and that Avast was hardly average. Sounds highly questionable.

Re:No Joke (1)

bendodge (998616) | more than 4 years ago | (#30019444)

Important! I noticed the other day that one of those fake AV programs (Windows Enterprise Suite), also hijacked the HOSTS files and messed with the permissions on it. I just deleted it and made a default file.

Re:No Joke (3, Informative)

mlts (1038732) | more than 4 years ago | (#30019420)

Its even past that. It used to be kids who were out to knock off someone's machine on a local BBS. Then it became the legion of professionals who went blackhat due to cash.

Now, you have well heeled groups, from criminal organizations to whole governments who have immensely deep pockets who spend billions in order to search through every Windows and UNIX executable just to find the single buffer overrun, race condition, or other small goof that can be used in an elaborate attack. The payoff is big, and not just economics.

Of course the attacks are nastier and nastier.

Best defenses? After the obvious firewall and network IDS, two of the best system level out there are virtualization with a hardened hypervisor and jailing of apps. After that, an OS based IDS that can detect known signatures and unknown suspect activity. This way, something that gets access to the OS via an unjailed browser or plugin hole is stopped.

Re:No Joke (0, Troll)

buchner.johannes (1139593) | more than 4 years ago | (#30019512)

How likely is it that no one will answer 'Screw Windows, just use Linux/BSD, it works for me' to the parent post ...

The usual suspects (5, Informative)

EmagGeek (574360) | more than 4 years ago | (#30019054)

Of course, half of the software they tested is not anti-Malware software (Avast, for example, is an AV, not an Anti-Malware).

They also did not test MalwareBytes, probably because it would make all of the others look bad.

So recalibrate the gradings... (0, Flamebait)

FlyByPC (841016) | more than 4 years ago | (#30019072)

OK, if I were to rate PC speeds as "Very Good" if they exceeded 500 petaflops, none would get that rating. But it's still quite possible that the fastest ones out there would be worth having, compared to the rest.

If there are differences in performance in the products you are evaluating, your scale should reflect this. If none of the packages rate "Very Good," it's time to recalibrate the scale, unless there's a clear natural distinction between that rating and the next-lowest. Unless you're asking for perfection to achieve that rating (which is unrealistic), it doesn't really mean anything if none of the programs get your top rating.

Leftovers = malicious? (0)

Anonymous Coward | more than 4 years ago | (#30019082)

If AV software kept track of every malware component (non-malicious) the detection engine size would grow by a massive amount and people would then complain about performance.

Isn't that dependent on how you define "very good? (1)

Hurricane78 (562437) | more than 4 years ago | (#30019150)

I wonder who tests if the test itself is "very good"...

How about you, good sir...

And you perhaps...?

^^

all lame (3, Informative)

Danzigism (881294) | more than 4 years ago | (#30019186)

for the regular user, I can understand wanting the "feeling" that you're protected. however, when even the shittiest and lamest rogue-AV programs like WinAntiSpyware, Antivirus2009, System Protector Pro, Police Pro, and all the other bogus products can't be stopped by even the best of AV software, ya gotta think. these scanning programs don't do shit and make you feel like they have. so, understand how your system works. use Sysinterals Autoruns to see what shit is being loaded on your system. and become familiar with our dear friend combofix provided by Bleeping Computer [www.bleepingcomputer] . It is the only tool worth a damn that can also get rid of severe rootkits. Sometimes for the real bad ones you'll need to use the Windows Recovery Console to delete files hidden from the Windows API as well as disable infected drivers/services. AV will still be a joke since the bottom line is, you can still get infected. especially if you are prone to getting viruses anyway due to your browsing habits.

Important rules for running windows (0, Redundant)

linu77 (1203400) | more than 4 years ago | (#30019472)

Tree things you need to do to have a Windows Box secure 1) Install an Anti-Virus 2) Don’t use internet explorer use Firefox opera etc 3) Don’t run windows as administrator (this one is the most important rule of all)

Wipe It (4, Insightful)

Talisman (39902) | more than 4 years ago | (#30019526)

Imaging products have become so good and fast that I no longer bother with 'scrubbing' a computer clean when it gets a virus. I can reimage the machine in less time; 15 minutes from start to finish, and I don't have to worry about viral remnants in the registry or some deeply buried hidden folder with a time bomb inside.

I keep our company's image file up-to-date, and when something goes wrong with a computer (drive crash, corrupt registry, malware, whatever) they are back online in 15 minutes. Screw scouring the web for a utility to remove a particular virus that may or may not work, and screw relying on an all-in-one product to save you from malware.

I have come to terms with the absolute fact that users are stupid and careless and aside from rare individual who bother to be responsible, they will always be stupid and careless, no matter how much I wish they would change.

In a business environment, imaging is the way to go.

(I use a Mac at home and don't have to worry about such things)

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?