×

Announcing: Slashdot Deals - Explore geek apps, games, gadgets and more. (what is this?)

Thank you!

We are sorry to see you leave - Beta is different and we value the time you took to try it out. Before you decide to go, please take a look at some value-adds for Beta and learn more about it. Thank you for reading Slashdot, and for making the site better!

Anti-Virus Is Dead (But Still Makes Money) Says Symantec

timothy posted about 7 months ago | from the look-for-antivirus-with-the-rms-serial-of-approval dept.

Security 254

judgecorp (778838) writes "Symantec says anti-virus is dead but the company — the world's largest IT security firm — still makes 40 percent of its revenue there. AV now lets through around 55 percent of attacks, the company's senior vice president of information security told the Wall Street Journal. Meanwhile, other security firms including FireEye, RedSocks and Imperva are casting doubt on AV, suggesting a focus on data loss prevention might be better."

Sorry! There are no comments related to the filter you selected.

No explanation for why though? (5, Interesting)

Anonymous Coward | about 7 months ago | (#46928735)

"AV now lets through around 55 percent of attacks" What happened? What's the big game changer from the 95% detections of just a few years ago?

Re:No explanation for why though? (5, Insightful)

Anonymous Coward | about 7 months ago | (#46928785)

Because marketing is more effective than a quality product.

Re:No explanation for why though? (0)

Anonymous Coward | about 7 months ago | (#46929497)

AV is Dead!!! LONG LIVE AV!!!

Re:No explanation for why though? (1)

ComputersKai (3499237) | about 7 months ago | (#46929545)

John McAfee actually said something like that himself...

Re:No explanation for why though? (1)

wisnoskij (1206448) | about 7 months ago | (#46930007)

Because AV's business model is only helped by more computers swimming in viruses.

Re:No explanation for why though? (1)

Anonymous Coward | about 7 months ago | (#46936863)

Because AV's business model is only helped by more computers swimming in viruses.

Why would I buy an AV product that lets my computer get infected???

Re:No explanation for why though? (2, Interesting)

Anonymous Coward | about 7 months ago | (#46933387)

Between the ages of 13 and 16, I made about $50,000 selling a bogus antivirus program that I wrote (didn't really do anything, looked cool though).

Re:No explanation for why though? (1)

Anonymous Coward | about 7 months ago | (#46935309)

Yeah, I've seen it. Norton Antivirus.

Re: No explanation for why though? (0)

Anonymous Coward | about 7 months ago | (#46936003)

Ever consider a career on Wall Street?

Re:No explanation for why though? (4, Insightful)

Xicor (2738029) | about 7 months ago | (#46928807)

they dont update the virus signatures anymore, because ppl who use symantec antivirus dont have any clue wtf they are doing. it is kindof like going to a steak restaurant and ordering your steak well done. the restaurant has lower quality meat for those people because it is cheaper and they cant tell the difference.

Re:No explanation for why though? (-1)

Anonymous Coward | about 7 months ago | (#46929585)

I like my steak well done. (What's the opposite? Badly done, of course.) What I don't like is shit for brain foodie snobs that think they look like they know what they're talking about if they just follow along with the herd.

Re:No explanation for why though? (2)

Xicor (2738029) | about 7 months ago | (#46929849)

... well done vs rare. not well done vs badly done.

really... (1)

Anonymous Coward | about 7 months ago | (#46929997)

I bet some geniouses do think well done is done well. But where do you go to order something and they ask you, "would you like a cup of our crapiest water?" or likewise. Would you like the engine cap fully tightened? How about only half-filled brake light fluid...

Re:really... (1)

painandgreed (692585) | about 7 months ago | (#46934749)

I bet some geniouses do think well done is done well. But where do you go to order something and they ask you, "would you like a cup of our crapiest water?"

Anyplace that serves Budweiser or Coors.

really... (0)

Anonymous Coward | about 7 months ago | (#46943971)

Brake lights are usually electrical rather than hydraulic

Re:No explanation for why though? (2)

Mr0bvious (968303) | about 7 months ago | (#46936131)

what they're talking about if they just follow along with the herd.

Really?

Sounds like you've never had good steak - it's not a fad, not a herd mentality. Good quality rare steak is divine. Well done steak is .... eh.

But this really depends on the cut and quality of the meat (butt end fillet is the way to go). Bad meat is bad any way it's cooked, and in fact it's more palatable when well cooked (ie, not rare). But I avoid poor quality steak and opt to have a different cut cooked differently (slow cooked roast is the way to go for poor quality cuts) rather than eat bad steak (I just don't see the point of it).

Re:No explanation for why though? (-1)

Anonymous Coward | about 7 months ago | (#46936703)

Actually it sounds more like you haven't had good steak. Enjoy your mad cow disease.

Re:No explanation for why though? (1)

Mr0bvious (968303) | about 7 months ago | (#46936793)

Very informative, well done, you should feel proud.

While you're sitting there feeling all proud, you may want to educate yourself on CJD (the thing you're calling 'mad cow disease') since you will not be getting it from eating steak: http://www.thedailybeast.com/a... [thedailybeast.com]

Re:No explanation for why though? (-1)

Anonymous Coward | about 7 months ago | (#46937285)

The disease may be most easily transmitted to human beings by eating food contaminated with the brain, spinal cord or digestive tract of infected carcasses. However, the infectious agent, although most highly concentrated in nervous tissue, can be found in virtually all tissues throughout the body, including blood.

Might want to take your own advice, dipshit. Then again, judging from your complete lack of intelligence, you are probably already afflicted. Have a long and painful death. :)

Re:No explanation for why though? (2)

Mr0bvious (968303) | about 7 months ago | (#46937389)

Point 1) from that link:

You won’t get it from eating steak

Often when there’s a mad cow outbreak, panicked people stop eating red meat which is then pulled from supermarket shelves. But humans can’t get the disease by simply eating regular cow meat. Generally, a human will only be infected if they eat the nerve tissue—brains or spinal cord—of an infected animal. People cannot get the disease by simply eating muscle meat like ground beef or steak, or by drinking milk from an infected cow. Additionally, humans cannot spread it to each other through casual contact. However, people who have spent more than 3 months in an area where many cases of mad cow disease have been reported aren’t allowed to give blood in the U.S.

Point 2) (reflecting on your original comment):

Thoroughly cooking meat won’t help

You could scorch the meat, roast it into shoe leather, nuke it beyond recognition, and boil it for hours on the stove, but that won’t protect you from the deadly CJD variant. The prions aren’t affected by heat or other methods used to kill food-borne pathogens. Prions can survive in extremes, requiring upwards of 1,800 degrees of heat to be neutralized. Even sterilization processes used by hospitals are largely ineffective.

I never claimed that the infectious agent is not present in the meat. But 'well' cooking your meat isn't going to help your (awesomely intelligent non dipshit) chances of not getting CJD in any case. So keep destroying that meat 'just to be safe' though.

I'm totally comfortable eating my delicious rare fillet steak - CJD is the least of my concerns.

I would be concerned if I was you though since the first sign of CJD is being an obnoxious tosser.

Re: No explanation for why though? (0)

Anonymous Coward | about 7 months ago | (#46938293)

How the heck did this go from semantic to mad cow desease in 5 posts??? Focus people, focus!

Re: No explanation for why though? (0)

Anonymous Coward | about 7 months ago | (#46938367)

Godwin's law: we'll be talking about the nazis in 5 minutes.

Re: No explanation for why though? (1)

rezme (1677208) | about 7 months ago | (#46959169)

I've heard the Nazis liked their meat well done... Aaaaaand Godwinned

Re: No explanation for why though? (1)

nukenerd (172703) | about 7 months ago | (#46938423)

How the heck did this go from semantic to mad cow desease in 5 posts??? Focus people, focus!

Don't worry, they'll getting back to talking about how to grill steak in a minute.

Re:No explanation for why though? (1)

Kjella (173770) | about 7 months ago | (#46929619)

Ignorance or preference? I assume those who order it well done have tried medium and didn't like it. Maybe they don't really like it at all, if you go to s sushi restaurant they usually have something for kids, people with allergies and others who got dragged into a sushi place. If they're happy, the restaurant is happy then I don't really care if a chef's heart breaks by turning a juicy steak into leather.

Re:No explanation for why though? (4, Insightful)

Xicor (2738029) | about 7 months ago | (#46929869)

yes, but when you can cut costs and not have any issues, a lot of places will do it. theres no point in spending 20$ on a prime steak if the person eating it cant tell the difference between a shoe and a steak.

Re:No explanation for why though? (5, Interesting)

AthanasiusKircher (1333179) | about 7 months ago | (#46930905)

yes, but when you can cut costs and not have any issues, a lot of places will do it.

I'd like to see reliable evidence of this. I've heard this crap ever since Anthony Bourdain included it in some rant in one of his books about people who liked meat cooked more than medium-rare. Perhaps he was known to serve crappy food to those people, but I'd be really interested to know how widespread the practice is.

Because if you search around on some cooking forums, you'll see other actual chefs chime in and say they do NOT do this. Actual chefs will tell you that they tend to have thinner cuts available for people who like well-done, so as not to delay the entire order while cooking one steak longer. (If they don't have this, they'll generally offer to butterfly the cut.) But actually serving people crappier meat? Not so much that I've heard, outside of Tony's confessions of being a jerk.

theres no point in spending 20$ on a prime steak if the person eating it cant tell the difference between a shoe and a steak.

"Prime" ratings refer to marbling, not necessarily quality of taste. So, if you pay more for "prime," you're paying for more fat. That fat won't disappear completely if the steak is cooked well done: in fact, more of it will often soften, because temperatures about 130 F (temp for medium-rare) allow faster break-down of a lot of fat. Case in point: taste a low-quality fatty cut cooked fast on a hot grill (often lots of gristle) vs. similar meat from the same part of the cow cooked to a much higher temperature longer as a pot roast... all that fat will be melt-in-your-mouth tender. A well-done steak, done properly, can be somewhere in between.

For the record, I generally order my steaks medium rare, and I agree that that maximizes certain aspects (particularly juiciness and tenderness).

But for those who like well-done, they often get extra browning flavors from the Maillard reaction and caramelization, and the extra fat break-down can do good things for the fat (though making the muscle tougher). If the steak is heated slowly before grilling or finished in the oven at a very low temperature, it can also be quite juicy (contrary to popular belief). Cooking a steak well-done that tastes good is also an art, and probably even more finicky that cooking one medium-rare.

Anyhow, sorry, but if you are actually able to tell a prime-grade steak at medium-rare, you should also be able to tell one at well-done. If you can't, you probably don't know as much about steaks as you think you do. Different people like different things, but that doesn't excuse insulting them or serving them crappier food.

Re:No explanation for why though? (1)

hendrips (2722525) | about 7 months ago | (#46931735)

As a lover of well done steaks, thank you for saving me the trouble of replying. Most places that I've ordered well done steaks at will do exactly what you say, and it seems to work out ok. I've only had one restaurant give me trouble about it, so I will never eat there again. I swear, steak snobs like Xicor (or Anthony Bourdain) are worse than wine snobs sometimes.

Re:No explanation for why though? (2)

cHALiTO (101461) | about 7 months ago | (#46931807)

I agree.
If your steak feels like a shoe when it's well done, then it's not well done, it's burnt. That or the meat is crappy to begin with, and you'll notice whether it's raw, well cooked or whatever.
Here in Argentina many people tend to ask for well done steaks, and if the meat is decent, you can pretty much cut it with a spoon. Its quality also depends on the amount of fat vs amount of actual meat, and other stuff (nerves, for example). Tenderness also depends on the type (cut) of meat.. but I hear our cuts are different to those used in the states so I can't comment on that.

Re:No explanation for why though? (1)

Xicor (2738029) | about 7 months ago | (#46931907)

it doesnt really matter how you cook a steak... if it is well done, it will be leather(well done is 155+ degrees) this is well above the temperature at which a steak is best served.

Re:No explanation for why though? (1)

cHALiTO (101461) | about 7 months ago | (#46932373)

(well done is 155+ degrees)

155+ degrees for 1 second doesn't make a steak well done. And lower temperatures over a long time can turn a steak into leather as well.
Cooking a steak isn't just applying heat to it. Some people like it crispy on the outside but 'saignant' on the inside, so you use higher temperatures over a relatively short time. Others like it "well done" (though maybe we use the term differently here) overall, so less heat over a relatively longer time, and you get it well cooked inside and out (which means it isn't "pink", but it's not hard by any means either).

Like for example: http://blogs.lanacion.com.ar/c... [lanacion.com.ar]

Just do a simple google image search for "asado" and you'll get the idea.

Anyways, after all is said and done.. "best served" is highly subjective.

Re:No explanation for why though? (1)

Xicor (2738029) | about 7 months ago | (#46935555)

obviously you just like being obstinate... i didnt say well done is cooking at 155 degrees, i said well done is when the temperature of the meat is up to 155 degrees. this is basically leather

Re:No explanation for why though? (0)

Anonymous Coward | about 7 months ago | (#46932483)

Just because you don't know how to properly cook a well done steak doesn't meant it can't be done. Don't feel too bad, a lot of professional chefs screw it up too. If you want to see a battle of basic skill and technique, get two chefs to cook well done steaks. It is not hard to cook a rare or medium steak, but too many end up with a dry, tough steak and think that is the only way it can be done. That said, if you are getting a well done steak, you will have some trouble distinquishing some of the more expensive steaks and can save some money on the meat, but might end up paying more for it anyway if you don't have much choice in finding a steakhouse that knows how to cook it right.

Re:No explanation for why though? (0)

AaronLS (1804210) | about 7 months ago | (#46933415)

He preemptively prooved your an idiot: "similar meat from the same part of the cow cooked to a much higher temperature longer as a pot roast"

Have you ever had pot roast? If you've had good pot roast it is the opposite of leather. Either your stupid, illiterate, or both.

Re:No explanation for why though? (1)

AaronLS (1804210) | about 7 months ago | (#46933431)

Point being, since you probably are too stupid to pick up on it, that cooking steak longer at higher temperature does not necessarily mean it will be like leather. If it does, then you're doing it wrong.

Re:No explanation for why though? (1)

Xicor (2738029) | about 7 months ago | (#46935559)

pot roasts are not steaks. and even then, you put it in a sous-vide for longer at a lower temperature, it never gets to well done.

Re:No explanation for why though? (0)

Anonymous Coward | about 7 months ago | (#46936755)

Holy shit, you are fucking stupid. A steak is the type of cut, not the way it's prepared.

Re:No explanation for why though? (1)

AaronLS (1804210) | about 7 months ago | (#46939587)

What part of "similar meat from the same part of the cow" do you not understand?

Re:No explanation for why though? (0)

Anonymous Coward | about 7 months ago | (#46941631)

Wow, you're pretty fucking stupid too. You might want to check who I was responding to first, dumbass.

Re:No explanation for why though? (0)

Anonymous Coward | about 7 months ago | (#46944793)

Holy shit. You didn't notice that at this level there are no more nested comments so it all looks like a reply to the comment way above this one? What a dumbass.

Re:No explanation for why though? (0)

Anonymous Coward | about 7 months ago | (#46947131)

You are a fucking retard and you should have died at birth because you're too stupid to survive in the world. Nobody else has a problem seeing who is responding to whom, it's just you. Go back to 4chan or reddit or whichever little kiddie noob place you came from because you're obviously too fucking stupid to be here.

Re:No explanation for why though? (1)

Anonymous Coward | about 7 months ago | (#46933861)

Ever had a pot roast that was not cooked long enough? It is very tough and leathery because it hasn't had a time to break down. If you are grilling a steak, you are not going to get that kind of cooking time for the insides to toughen then soften, especially without the outside becoming crunchy. If you are cooking the steak sous video or in some sort of roast, then you can achieve that effect while going for well done. If you are grilling a much large piece of meat, then you can get rid of the char and still have something left over.

Re:No explanation for why though? (0)

Anonymous Coward | about 7 months ago | (#46936711)

You really don't know a thing about cooking, do you?

Re:No explanation for why though? (0)

Anonymous Coward | about 7 months ago | (#46936739)

By that same logic, I would say that if you eat fish served any way other than raw, then you aren't eating it correctly. I love my sushi and I always laugh at and belittle the people I see who eat cooked fish.

Re:No explanation for why though? (0)

Anonymous Coward | about 7 months ago | (#46938071)

That analogy works, in the sense that if you consider spending a lot of money on getting sashimi grade fish, then use it in a stew or as some heavily seasons/encrusted bake. You aren't eating fish "wrong," just potentially wasting a lot of money. It reminds me of a computer analogy, when years ago I saw more than once someone building a custom gaming rig insisting on using Windows Server 2003 instead of XP, because once 2003 came out they thought XP was old and unsupported, and wanted the best possible. This included spending extra for the enterprise edition on a single core, 32 bit system...

Re:No explanation for why though? (0)

Anonymous Coward | about 7 months ago | (#46941715)

There is no such thing as "sashimi grade" fish. The fish used in sushi just has to be caught from clean water, same day fresh, never frozen and not cooked. If you go to any halfway decent restaurant and order some seared halibut, it's going to be exactly the same thing. It's not even legal to sell fish from polluted waters, even if it's cooked.

Re:No explanation for why though? (0)

Anonymous Coward | about 7 months ago | (#46945379)

"sashimi grade" fish....just has to be caught from clean water, same day fresh, never frozen and not cooked.

Guess what sashimi grade means? Guess what type of fish gets used for seared and lightly cooked varieties? That doesn't contradict that soups, stews, and heavily seasoned or encrusted fish dishes use less fresh fish, especially in places that have more trouble getting fish caught that day. It takes a lot more than a "halfway decent" restaurant to get same day fresh fish for places that are not on the coast, and they know not to waste it on dishes where you can't taste the difference.

Re:No explanation for why though? (0)

Anonymous Coward | about 7 months ago | (#46947137)

Yeah, will I don't eat at shit restaurants like you do. And no, there is no such thing as "sashimi grade" fish. Go check with the fishermen, go check with the FDA. You just made that term up to try to sound like you knew what you were talking about, but instead I called you out and now you've been exposed for the lying, low class moron that you are.

Re:No explanation for why though? (0)

Anonymous Coward | about 7 months ago | (#46948215)

If they fishermen you talk to don't know about Ikejime, than you need to find a better source for fresh fish

Re:No explanation for why though? (0)

Anonymous Coward | about 7 months ago | (#46944769)

And yet, even though I always cook my steaks well done I never even need a knife? Maybe you are just a terrible cook?

Re:No explanation for why though? (1)

zacherynuk (2782105) | about 7 months ago | (#46932681)

Great post. No mod points do I'll join in even if OT. There is a fad on cooking everything a little as possible (because that's how it should be done!) Bollocks. You like what you like.

I like my red meat pink in the middle, not bloody with a crisp dark and in places caramelised exterior.

I like my turkey dry, but with plenty of gravy / juices. I like my chicken crisp but juicy

I like things how I like them, I was recently refused a kangaroo steak well done, and even after my instance they served it blue. Who the fuck are they to tell me how I like kangaroo?

I have had similar with game food, in England we don't worry too much about the rabbit summer season, but it's a massive US urban myth (citation?) so even serving local rabbit to dinner guests get a funny look - even though it has been fried and or (often stewed FFS)



Bottom line; don't fucking tell me how I like to eat my meat. I don't care if it's fillet, skirt or shin - cooked properly (in any preference) it's good for you and it tastes great. Just don't try and grill me a shin and tell me it's a sirloin.

Re:No explanation for why though? (1)

greenfruitsalad (2008354) | about 7 months ago | (#46934215)

yepp, OT but i'll add my bit. when I was in Paris a few years ago, I was served my "well done" steak so raw it was still twitching. i returned it twice to have it cooked; to no avail. I then called the waiter again and while he and the chef were watching, I wrapped the steak in the tablecloth, squeezed and asked them to explain why the fabric was turning red. at that point half of the staff ganged up on me and tried to tell me I didn't understand what a good steak was. well, f*ck you very much - I decide what I like and blood dripping cold fibrous chewing gum ain't it! (especially at 30 Euro a piece)

Re:No explanation for why though? (1)

DedTV (1652495) | about 7 months ago | (#46943171)

Ahhhh. Classic French Fine dining. Where in about 80% of the restaurants the motto is "We serve you horribly over seasoned food that's soaked in butter and olive oil then cooked by walking it through a warm room, charge you $80 because we make it look pretty on the plate and then when you tell us it's inedible we have some Belgiun waiter tell you that you that if you weren't an uncultured oaf you'd enjoy eating food that tastes like horse shit."

Re:No explanation for why though? (0)

Anonymous Coward | about 7 months ago | (#46947147)

Don't forget the portion sizes wouldn't be filling to an anorexic and the fact that they eat insectoid vermin and slugs. French "cuisine" is possibly the worst in the world, even worse than British or Chinese food.

Re:No explanation for why though? (1)

Anonymous Coward | about 7 months ago | (#46933957)

I like this steak conversation, much more informative and interesting than the original post about "AV being dead"

Re:No explanation for why though? (1)

nukenerd (172703) | about 7 months ago | (#46938521)

I like this steak conversation, much more informative and interesting than the original post about "AV being dead"

I'm scrolling down and down trying to get to comments about AV, and all I can see is about cooking steaks. Christ, people, this is not a foodie forum. I'd need 1000 mod points to clear them out of the way.

Seems to be a weakness of /. that some early post which is OT, or uses an analogy (as in this case), then triggers an OT discussion that occupies the top 100 screenfuls. Perhaps if a post is modded OT by two or more moderators, everything following in that thread should go down with it. Or OT threads should be moved always to the bottom.

Re:No explanation for why though? (1)

DedTV (1652495) | about 7 months ago | (#46943545)

No. It's just that "The big AV firms are using the same old scare tactics to try and shift the market away from their old AV products to their new "Data Loss Prevention" products." isn't news to most /.ers.
It was inevitable. PC users have plenty of AV available for free or cheap and few of the typical tablets or phone users have much use for AV as they don't root their devices and don't sideload apps they get from torrents found on a Chinese forum so AV companies see the writing on the wall.
*YAWN*Steak is a far more worthy and interesting topic.

Re:No explanation for why though? (1)

Archangel Michael (180766) | about 7 months ago | (#46934865)

While you may be true, my wife likes her steak without any "pink" well done. I can assure you that short of low temperature oven, you cannot get there. Period. I have exceptional skill at cooking meat, and having "no pink" is not just an art, it is damn near impossible using normal cooking techniques.

What I tend to do, for her, is to slice the steak very thin, and saute it in butter. Filet Mignon is still tasty this way. But BBQ is damn near impossible, as you cannot get the flame down far enough to not "burn" it in the process.

Re:No explanation for why though? (0)

Anonymous Coward | about 7 months ago | (#46940857)

Why are you getting flames off hard lump charcoal? You're not using gas, are you?

Re:No explanation for why though? (1)

Archangel Michael (180766) | about 7 months ago | (#46954313)

I use everything. Gas, Electric, Charcoal ... even Solar on occasion.

Charcoal is too unstable to cook "well done" on, IMHO. And to cook a nice steak on Charcoal, for more than the ten minutes it should take, allows the coals to start to have Temp Variation zones, even in the best BBQ grills. And to cook steaks they way my wife wants, takes about 45 minutes, on the lowest temperature (almost out) coals to get it "right". That is usually after all the other steaks are cooked, eaten and dishes put up.

I didn't say impossible, I said "damn near impossible".

Re:No explanation for why though? (1)

painandgreed (692585) | about 7 months ago | (#46934899)

I'd like to see reliable evidence of this.

Can't offer you reliable evidence that people ordering well done steaks get less desirable cuts of meat, but considering that the only people I've heard mention this before have been my friends who say they actually do it in restaurants. Nice restaurants at that. They don't order special cheap meat for well done, but those will get the older and less desirable steaks because the flaws won't be detected as they would be with a rare steak. They, in effect said, that ordering your steak well done is a chance for the restaurant to get rid of older meat before they throw it away.

Of course, if you like eating out, don't even work in a restaurant or listen to the stories of those who do. A place one of them worked had a large window for people outside to see them cook. They explained all the ways they had to distract people when they did something like dropped an expensive steak on the floor and had to pick it up so they could wash, cook, and serve it.

Re:No explanation for why though? (1)

Reziac (43301) | about 7 months ago | (#46940895)

Having worked in a restaurant that was locally famous for its steaks -- nope, they all came out of the same batch. Having worked in one that wasn't famous for much of anything -- nope, those all came out of the same batch too. Well-dones got put on the grill before the others, that's how they get 'em all ready at the same time.

And if it's stopped mooing, it's too cooked. :D

Re:No explanation for why though? (1)

MikeBabcock (65886) | about 7 months ago | (#46930951)

My mother-in-law always orders her steak medium but wants there to be no pink visible inside. We always correct her order to well-done immediately after she orders because she returns any steak with pink visible because like many people with red meat, she doesn't understand the difference between 'not cooked' and 'still pink'.

Re:No explanation for why though? (0)

Anonymous Coward | about 7 months ago | (#46931883)

Not using capitals at the start of sentences is sooo annoying...

Re:No explanation for why though? (1)

chuckugly (2030942) | about 7 months ago | (#46934459)

Of course they update the signatures. A lot of threats target things that AV running on a PC can't catch is all. How is PC AV going to help your Android device?

Re:No explanation for why though? (0)

Anonymous Coward | about 7 months ago | (#46935005)

i may have pissed myself laughing.

Re:No explanation for why though? (0)

Anonymous Coward | about 7 months ago | (#46936669)

I can't understand a thing you are trying to say. Speak English please.

Re:No explanation for why though? (0)

Anonymous Coward | about 7 months ago | (#46936685)

it is kindof like going to a steak restaurant and ordering your steak well done

Yes, I would like my food to be cooked and not a runny, bloody, raw mess that only a caveman or wild animal would eat.

the restaurant has lower quality meat for those people because it is cheaper and they cant tell the difference.

Maybe the low class places that you go to. I bet you consider Outback, Ruth's Chris and Applebee's to be "fancy" restaurants.

Re:No explanation for why though? (0)

Anonymous Coward | about 7 months ago | (#46940767)

Indeed. Black and blue is the only proper way to prepare steak, and flatiron is the only proper cut of steak. The rest of the cow and any other method of cooking is wrong. There is no personal choice.

Re:No explanation for why though? (0)

Anonymous Coward | about 7 months ago | (#46952841)

What? Really? Why? Why O Why would they mess w/my meat?

Re:No explanation for why though? (5, Insightful)

manu144x (3377615) | about 7 months ago | (#46928823)

One answer could be because now threats are mostly targeted at the biggest weakness: humans. Phishing, scams, and all that are much more profitable and incredibly hard to detect programmatically. Legit websites are hacked daily and injected phishing sites and then removed fast.

They all rely pretty much on human stupidity and ignorance, and that is very hard to stop...

Re:No explanation for why though? (4, Interesting)

Anubis IV (1279820) | about 7 months ago | (#46929069)

Bingo. Back when automated worms were the biggest threat we faced, programmatic tools were very effective. Likewise when viruses needed to be passed manually from user to user via infected files, AV could do a lot to stop it. Meanwhile, trojans weren't too effective, since software was still being distributed via physical media, so people were distrustful of downloadable executables. Nowadays though? Users are enticed to install trojans on their computers, which is now a perfectly normal thing to do, since that's the simplest vector most of the time, unaware that what they are doing is harmful.

As the saying goes, you can't fix stupid.

Even so, I rather like OS X's current way of combatting trojans, which gives the user three options in the System Preferences: allow anything to run, only run stuff from registered developers, and only run stuff from the Mac App Store. Doing so leaves the control in the user's hands, but allows them to choose the level of protection against executables coming from illegitimate sources that they want. The middle option in particular is a nice one (and used to be the default, though the Mac App Store one may be the default now...not sure), since it's rare that I encounter a legitimate Mac developer who isn't registered, meaning that the warnings about software from unregistered sources are exceedingly rare. Warnings that are rare are exactly the sort of thing we want, since it makes them stand out more and means that users are less likely to become blind to them.

Quick aside: I'm not suggesting anything about the relative worths of the various platforms, nor am I suggesting this feature is unique to OS X (e.g. I know Microsoft has dabbled with registered developer security features in the past). I'm merely citing a feature I think manages to nail a nice middle-ground between providing warnings without rendering users blind to them, while still leaving folks like us with the ability to install whatever the hell we want.

Re:No explanation for why though? (4, Insightful)

mlts (1038732) | about 7 months ago | (#46929405)

One of the biggest infection vector these days are holes in Web browsers or add-ons. I don't see worms and viruses a common threat these days. It is mainly something from a website or even worse, an ad server. By using adblock, noScript (or the "click to play" functionality in Chrome), and SpywareBlaster's black list, this has kept my machines clean where the AV program is mainly for scanning a download (and even then, for small downloads, VirusTotal does the job better.)

IMHO, an AV maker should take a page from that book and start blocking URLs and bad sites. Some ad company allowing malware to get posted through their server? Block it by IP and/or URL.

So far, this has done a good enough job for protection. I mainly browse the Web in a VM, and when I take the VM offline and scan the disks with a decent AV program, the scans turn out clean.

This doesn't mean AV is useless. Not using it is similar to leaving the key in the ignition when running into a gas station. However, it would be nice if AV programs could build in functionality similar to AdBlock and block not just by IP, but by URL.

Re:No explanation for why though? (2)

WuphonsReach (684551) | about 7 months ago | (#46933631)

Depends how often the user downloads and installs something like a new program. There are still plenty of sites out there with shady "add-ons" bundled into the program installer. They'll take a legitimate program, which has no adware/malware attached, re-bundle it, and then SEO their way to the top of the search results.

We also block a few hundred executable scripts attached to spam at the mail gateway each week. So that vector is alive and well.

For everything else web-related (infected ads being most common, followed by hijacked servers) there is NoScript / FlashBlock. They are probably the most prevalent, because there are so many opportunities (if you browse a few hundred web pages per day, that's a lot of chances).

Re:No explanation for why though? (4, Insightful)

CastrTroy (595695) | about 7 months ago | (#46929441)

This is similar to the reason that I think the iPad is what most users really want/need. Techies complain about the walled garden, and how that limits what they can do with the hardware. But that's exactly what end users want. They want to be able to install and use software without thinking about all the bad consequences that could come of it.

Imagine going to a store and buying a toaster. Some toasters would be cheap, but would sometimes catch on fire and burn your house down. Some toasters would be cheap but listen in and record all the conversations going on in your kitchen. Some toasters would be more expensive and actually just toast the bread, without any ill effects. Sure it's the customer's choice which one they buy, and you can tell them to read reviews and be careful, but that's really not a good situation to put the customer in. The customer should have reasonable expectations that the product is safe and isn't trying to be malicious. But when installing software, it's very hard to verify that an unknown program is actually safe or not.

Re:No explanation for why though? (0)

Anonymous Coward | about 7 months ago | (#46930073)

This. iPads or Windows RT both fit this usage case.

Re:No explanation for why though? (1)

evultrole (829158) | about 7 months ago | (#46944961)

Yep. Cause replacing the glass is soooo much cheaper and easier and less of a hassle than having viruses removed. Sending an ipad back for $299 in work because it was knocked off the table and losing it for a week, verses having to pay $100 to get a virus removed and getting your PC back in a couple days. Much better.

Not to mention how convenient it is to get your files off an ipad when the nand dies. I have been able to recover files from 19 of the last 20 dead hard drives in my shop. I have been able to recovery files off of 2 of the last 45 dead phones/ipads/whatever that came through the door, and that was because they were water damaged and not a nand problem. Oh, or the 28 ipads that have come in since IOS 7 because the update just decided to delete EVERYTHING and the only way to get their devices back up and running was a full reset. Yeah, that's a lot better than a virus too, isn't it?

Malware doesn't really do any damage anymore, it's just irritating. There has not been a single non-hardware problem through my door that resulted in file loss for my customers over the last 2 years. Suggesting that people buy crap that will 100% lose all their important files because of a fault so that they won't be inconvenienced by a stupid FBI scam is irresponsible. People don't know how "the cloud" works, they don't back up their shit. Tablets are worse for their data safety.

Re:No explanation for why though? (1)

Riceballsan (816702) | about 7 months ago | (#46978069)

I believe the topic is strictly on the software side. The comparison he is putting isn't of Tablet vs PC hardware wise, the discussion is whether OS's as a whole should consider following the walled garden approach.

Re:No explanation for why though? (0)

Anonymous Coward | about 7 months ago | (#46930401)

This is similar to the reason that I think the iPad is what most users really want/need. Techies complain about the walled garden, and how that limits what they can do with the hardware. But that's exactly what end users want. They want to be able to install and use software without thinking about all the bad consequences that could come of it.

That explains why Android is so popular. Oh, right, it's not "Techies" who complain about the wall garden. It's "consumers" who buy into a device "that [doesn't] limit* what they can do with the hardware" and hence has more developers and games/apps--and it's also cheaper. So, perhaps most users need a walled garden for their own protection. But most people want an open garden. Just like how most people want the right to own a gun, but more people are liable to shoot themselves or someone else in a bad way than any sort of useful way. So, yea, that's still not a good reason for inane gun laws (basic training makes sense...and that's about it; but if you think it's hard to get that passed for guns...).

Imagine going to a store and buying a toaster. Some toasters would be cheap, but would sometimes catch on fire and burn your house down. Some toasters would be cheap but listen in and record all the conversations going on in your kitchen. Some toasters would be more expensive and actually just toast the bread, without any ill effects. Sure it's the customer's choice which one they buy, and you can tell them to read reviews and be careful, but that's really not a good situation to put the customer in. The customer should have reasonable expectations that the product is safe and isn't trying to be malicious. But when installing software, it's very hard to verify that an unknown program is actually safe or not.

Yea, because there's government regulation on if you sell a toaster that catches on fire because so many people got sick of houses burning down. Well, perhaps the same thing will happen with software. Is that a good thing? Because I can't imagine enough people choosing a walled garden any more than it was enough to buy a "reliable" brand--which may just be the logo on a 3rd party created--toaster. Of course it'd likely help if said "reliable" brand wasn't needlessly marked up. Really, if Apple gave a fuck about it, they'd cut the price of their iPads drastically--they could still have higher end models, but their lower end models would be just above "toaster spontaneously combusts". But, then, they're in it for the money and the walled garden is more about their control than it is to benefit the user.

Regardless, what users "need" and what they "want" are just way too subjective. Although the whole "listen in and record all conversations going on in your kitchen"? Yea, which manufacturer can you really trust won't do that?

Re:No explanation for why though? (0)

Anonymous Coward | about 7 months ago | (#46931035)

That explains why Android is so popular...and it's also cheaper.

That is all it really comes down to. A vast majority of people use Android because there are cheaper options, or because they want a particular set of hardware regardless of software choices, or because they don't like Apple. What proportion of users install stuff on an Android phone that would not be allowed on a iPhone? I've seen examples among coworkers, but among friends and family outside of computer work, I've seen nothing.

Re:No explanation for why though? (0)

Anonymous Coward | about 7 months ago | (#46936399)

What proportion of users install stuff on an Android phone that would not be allowed on a iPhone? I've seen examples among coworkers, but among friends and family outside of computer work, I've seen nothing.

The question isn't "allowed". The question is "exists".

IOS to much censorship (1)

Joe_Dragon (2206452) | about 7 months ago | (#46936407)

the censorship is a trun off and while it's good to have some kind of app testing but to kick apps out due to there content and or say they can run dos apps, snes roms and so on.

Sort of, but on the flip side .... (3, Interesting)

King_TJ (85913) | about 7 months ago | (#46932629)

It constantly irritates me when I see people installing all sorts of junk simply because they can't be bothered to READ what's on the screen, right in front of them. Thanks to the proliferation of "free" software for Windows (as opposed to true freeware), the installation programs often ask you if you'd like to ALSO install one of several other questionable toolbars, add-ons or other utilities, with an "opt in" default for each prompt. Really, there's no secret here.... It tells you right on the screen what it wants to install, and you simply de-select a check-mark to skip it. But people blow right through those prompts, clicking as fast as they can find the button, and then wonder where the "Super Cool MegaSearch" toolbar came from that keeps popping up ad banners while they surf the web.

Re:Sort of, but on the flip side .... (2)

Neo-Rio-101 (700494) | about 7 months ago | (#46936009)

installation programs often ask you if you'd like to ALSO install one of several other questionable toolbars, add-ons or other utilities, with an "opt in" default for each prompt. Really, there's no secret here.... It tells you right on the screen what it wants to install, and you simply de-select a check-mark to skip it. But people blow right through those prompts, clicking as fast as they can find the button, and then wonder where the "Super Cool MegaSearch" toolbar came from that keeps popping up ad banners while they surf the web.

But that practice is outright bastardry and we all know it. I don't think we should be heaping the blame on people who don't read what's on screen, but rather the opt-in nonsense.

Oracle and Java, I am looking right at you.

Re:Sort of, but on the flip side .... (1)

aybiss (876862) | about 7 months ago | (#46936989)

And on the OTHER other hand, why is installation ON by default? People don't go looking for Ask toolbar when they download CCleaner, they wanted CCleaner. Why would CCleaner allow themselves to be associated with someone who is the very opposite (tracking browsing and adding cookies) to what CCleaner does?

(I know the answer, but just adding a corollary to your point).

Re:Sort of, but on the flip side .... (0)

Anonymous Coward | about 7 months ago | (#46945989)

The bad habits are perpetrated by legit companies practicing bad habits themselves. When normal software trains every user to click "next, next, next" just to get through a boring ridiculous installation wizard, why do you then turn around and blame the users when they learn that behavior?

Re:No explanation for why though? (0)

Anonymous Coward | about 7 months ago | (#46934559)

The problem is one of digital restrictions. Apple should not be preventing users from installing third party software. Nobody is claiming they shouldn't be able to setup a 'walled garden' of sorts. Apple took the whole freaking idea from GNU/Linux distributions and nobody is complaining about them having repositories.

Re:No explanation for why though? (1)

Ravaldy (2621787) | about 7 months ago | (#46931851)

How is this different from UAC on Windows? I get the app store and I love that concept as it makes publishers liable but for the rest you need some control and UAC is the only control available in MS products.

At the end of the day you don't want to make users unproductive by removing their flexibility but at the same time they are very unproductive when their system is down or important information leaks from threats and such.

It's not that people are dumb, it's that they don't have our technical understanding of what can be hacked. They see an email from their bank that tells them to login and they just click on the link. How would they know it's not legit unless they start looking at the URL and validating it?

IMHO the biggest problem currently is how UNSERCURE email is. It's a protocol that I believe dates from user groups (BBS). Isn't it time for us to create a unified system that can be trusted? I know lots of users here will b*tch about the idea of centralizing email but I'd like to see a better option. Currently it's too easy to just hack a mail server and make everybody believe you are someone else.

Re:No explanation for why though? (1)

Anubis IV (1279820) | about 7 months ago | (#46932239)

How is this different from UAC on Windows?

Other than that they're aimed at attacking the same problem, the two really aren't alike at all. If I had to summarize the key difference though, I'd say it's that UAC's warnings are based on the action being done, whereas Gatekeeper (the Mac feature I was describing) bases its warnings on the level of trust (or lack thereof) it has in the app's source at the time that you first launch the app.

Put differently, whether I wrote the app myself, downloaded it from a shady site, or got it on physical disc from a reputable source, UAC will prompt me with a warning if the app tries to make changes to my computer. Were I a "normal" PC user, I'm likely to become blind to those warnings after awhile, since I recognize that they are meaningless the vast majority of the time. I'll likely either turn them off or click through them every time, thus negating any benefit that the UAC may offer me.

In contrast, if I have Gatekeeper set to warn me when I install software from unregistered developers, it's rare that I'll ever see a warning, regardless of where I'm getting apps from, simply because virtually every Mac developer putting software up for download is registered with Apple (which, once again, isn't required of them, but is something that is nearly always the case). As such, in those rare cases where I do see a warning, it stands out to me as something that's unusual.

More or less, it achieves the productivity you're talking about by allowing the users to install pretty much anything they want while also not bothering them with warnings about it all the time, but also provides a level of protection based on something that is easy to measure and manage.

But yes, you're quite correct that there are other vectors for attack which are much more dangerous, such as phishing. And I do agree that we need a successor to e-mail, ideally one that incorporates both trust and encryption as standard features.

Moreover, you don't even need to hack an e-mail server, since anyone at all can spoof any address, with varying levels of success.

Re:No explanation for why though? (1)

Ravaldy (2621787) | about 7 months ago | (#46941587)

Good to know. I didn't use MACs enough to get in the roots of how it works.

As for email, anybody can spoof but spamming is where it becomes a problem. The crooks will hack a trusted server to do their business which will allow to hit more targets since they won't be black listed too quickly.

Re:No explanation for why though? (1)

aybiss (876862) | about 7 months ago | (#46936975)

"allow anything to run, only run stuff from registered developers, and only run stuff from the Mac App Store"

I know it's antithetical to Mac users, but I'm sorry where the fuck is the option to allow ONE specific non-App-Store program (after an intensive barrage of warning dialogs)?

Shit in your bed, then whinge because you have to lie in it. You can't fix stupid, but we've been giving users the stupidest possible options for protecting themselves for years.

Re:No explanation for why though? (1)

ComputersKai (3499237) | about 7 months ago | (#46929625)

Well, often legitimate downloads are sometimes laced with "optional" ad-ware that naive users end up installing, often through some sort of "express installation". Antivirus software may have heuristics and digital signature databases of viruses, but they can't safeguard against human choice and imprudence.

Re: No explanation for why though? (0)

Anonymous Coward | about 7 months ago | (#46928841)

Because less attacks are in the form of viruses that AV can automatically detect.

Re: No explanation for why though? (0)

Anonymous Coward | about 7 months ago | (#46934299)

fewer attacks, you ignominious cur!

Re:No explanation for why though? (1)

Tridus (79566) | about 7 months ago | (#46928859)

Attacks are more sophisticated now, lists of bad things that we've seen before aren't adequate to stop a serious attacker.

Re:No explanation for why though? (1)

Rhymoid (3568547) | about 7 months ago | (#46928981)

Perhaps it has always been 55% (or lower). How did they come up with 95%? Perhaps they missed a lot of infections back then, because they didn't know what to look for, and they do know now.

Re:No explanation for why though? (1)

Anonymous Coward | about 7 months ago | (#46929607)

Malware writer have figure out how to turn off Symantec. In my company, I knew the PC was infected when the Symantec LiveUpdate is dead. When there are more than 1 million Windows virus, 95% detection rate means thousands of viruses will get through. The problem is that the AV use old technology and haven't figure out better way to detect viruses. For example, how difficult is it to figure out that the exe files that are trigger by registry to run inside Windows Recycle Bin are viruses ? I have manually deleted these viruses because Symantec ignore them. The Windows Registry is a single point of failure. When I installed software to protect Windows Registry, the malware infection in my company reduces. I also created Windows Script to disable autorun and autoplay in every PC. Symantec also update their virus definition files later than other vendors. Usually, I need to remove the malware with another vendor AV months before Symantec AV can detect the viruses.

Maybe that their AV sucks? (5, Informative)

Sycraft-fu (314770) | about 7 months ago | (#46929783)

Good anti-virus still has high detection rates. AV Comparitives puts most virus scanners above 90% detection in their March real world protection test. The better ones are in the 98%+ range. http://www.av-comparatives.org... [av-comparatives.org]

Of course Symantec isn't on that list... perhaps there's a reason :).

Re:Maybe that their AV sucks? (3, Informative)

cellocgw (617879) | about 7 months ago | (#46929937)

There are statistics and then there are useful statistics. If an AV product is capable of catching 95% of all the viruses ever written, you should
A) use it
B) be really worried because you don't know what good it's actually doing.

Remember, 99% (a made-up stat) of all malware is no longer used at all because it's either blocked by every tool in existence or doesn't do something actually useful, like bringing cash to the distributor of said malware.
What matters is what percentage of currently active (and dangerous) malware the AV tool can catch, and further, whether the types of malware it can't catch pose a danger to your personal types of computer usage. As a contrived example, all Flash-based malware is irrelevant if you never visit any Flash-enabled web page (and don't run Flash modules locally either).

Re:Maybe that their AV sucks? (1)

asavage (548758) | about 7 months ago | (#46930413)

I remember when Microsoft first came out with their antivirus it seemed to test quite well compared to other antivirus software. Now it comes with windows 8 it seems to have fallen off the chart which makes sense as any virus writer should make sure it works against a default windows 8 install.

Re:Maybe that their AV sucks? (3, Insightful)

MikeBabcock (65886) | about 7 months ago | (#46931063)

The stat you're quoting is "how many of the things we're designed to look for do we find" not "how many of the things that cause problems do we find."

Anti-virus software doesn't work because MOST problems now aren't and don't look like viruses.

Re:No explanation for why though? (2)

Opportunist (166417) | about 7 months ago | (#46930135)

THEIR AV maybe.

Yeah, I believe that without a doubt. I'd have guessed more, to be honest, though.

Re:No explanation for why though? (0)

Anonymous Coward | about 7 months ago | (#46930141)

we now have a lot of very bad APT rootkits making nests in firmware, pci cards, bios, etc. the whole situation is a mess and no anti malware scanners create/compare checksums of valid firmware in the cloud, nothing scans firmware like graphics cards for example.

until the AV industry steps up and begins to verify/scan every piece of hardware capable of being pwned, it's a lost cause.

Re:No explanation for why though? (1)

phantomfive (622387) | about 7 months ago | (#46930145)

Security is a cat-and-mouse game; where the attacker knows everything about the anti-virus. The virus writers can test before releasing their software to make sure Symantec doesn't detect it, so Symantec can never win.

The question is whether they were really getting a 95% rate, or if they were gaming the numbers

Re:No explanation for why though? (3, Insightful)

Bacon Bits (926911) | about 7 months ago | (#46930483)

Viruses used to be targeted at impacting systems. Destroying data. Disabling operations. They were focused on taking your computer down. It was very obvious when you had a virus because your computer was obviously broken. There was no way for a virus creator to make money.

Viruses today are used to steal information, steal resources (network, CPU, etc.), or open access. To function, they require your computer to be on, fully functional, and connected to the Internet. It's trivial to make money with a botnet, meaning viruses are now funded by major criminal business enterprises.

Re:No explanation for why though? (1)

TomGreenhaw (929233) | about 7 months ago | (#46930575)

Because some of these companies have discovered that they can sell products that don't work and still make a boatload of money. Declaring AV dead as an excuse to avoid investment in security threat mitigation technology and still sell the product that doesn't work is basically fraud as far as I'm concerned.

We have switched to Sophos which seems to be doing the job. I'd be very interested in hearing opinions of which AV products aren't dead.

Re:No explanation for why though? (1)

chuckugly (2030942) | about 7 months ago | (#46930611)

Symantec, McAfee, etc really never said this AFAICT, it's people promoting other malware solutions and/or being disingenuous by saying that PC AV won't stop non-PC malware such as embedded and mobile devices get. Well no kidding. Clickbait.

Re:No explanation for why though? (0)

Anonymous Coward | about 7 months ago | (#46930817)

It was always that low, the 95% number of just a marketing gimmick.

Re:No explanation for why though? (1)

WD (96061) | about 7 months ago | (#46932093)

When on earth did AV detect 95% of attacks? (hint: never)

Re:No explanation for why though? (1)

whoever57 (658626) | about 7 months ago | (#46934549)

"AV now lets through around 55 percent of attacks" What happened? What's the big game changer from the 95% detections of just a few years ago?

The was no change. The 95% claim was BS.

Re:No explanation for why though? (0)

Anonymous Coward | about 7 months ago | (#46936657)

What they mean to say is "Our AV now lets through around 55 percent of attacks". Symantec AV is notoriously shit.

If you want real protection use Kaspersky, NOD32 or avast!.

Re:No explanation for why though? (1)

rezme (1677208) | about 7 months ago | (#46959103)

Polymorphism (changing a couple bits of the code in the malware, changing the hash signature of the file) is a big factor, negating MD5 or CRC based detections. Broader detections based on heuristics have a higher incidence of false positives, which consumers naturally bitch about. An AV company has to walk a fine line between being overly aggressive and not aggressive enough. Couple these factors with an increasingly technically illiterate user base, and a malware development community that is especially adept at social engineering, and you've got a recipe for disaster. The number one class of threat we dealt with when I worked for an AV company 6 months ago was the so-called "rogue AV" malware which are almost always extremely polymorphic. Those can be delivered by what is known as a "drive by download" which can come from something like a banner ad on a legitimate site, so you can't even protect yourself by staying away from the shady side of the internet. Also, since the banner ads rotate, and it's difficult to guarantee that you'll get the same ad twice, it's hard as hell to track your infection vector in order to get samples to even build a workable detection. That said, I think some protection is better than none. A bulletproof vest may only protect 50% of my body area, but if I were a cop, I'll be damned if I wouldn't wear one. In the end, user education is the only real way to stop malware.

Snakeoil (0)

Anonymous Coward | about 7 months ago | (#46928769)

They learned they can sell multiple product lines that do nothing.

It's just marketspeek (2)

timeOday (582209) | about 7 months ago | (#46928771)

Sure they want to sell you something in addition to "anti-virus" software with a fresh new name. But host-based security software isn't going away.

To easy to make new viruses (1)

jfdavis668 (1414919) | about 7 months ago | (#46928791)

It has become so easy to make a virus, that creators abandon old virus methods before anti-virus companies even find out that they existed. Unless they come up with new ways to predict the attacks, they will never keep up.

Re:To easy to make new viruses (-1)

rahvin112 (446269) | about 7 months ago | (#46929085)

How about just ditching windows? The prevalence of viruses and their propagation through windows systems is entirely at the feet of MS and their security. They still install the base user as administrator.

Re:To easy to make new viruses (3, Informative)

afidel (530433) | about 7 months ago | (#46929297)

I guess you haven't used a Windows computer since Vista? Users are NOT administrator by default, heck even the domain account Administrator isn't an admin by default, you have to perform an action which requires elevated permissions and then you get a UAC dialog which is required to actually have an Administrator token. This is not at all unlike how SU works *NIX.

Re:To easy to make new viruses (0)

Anonymous Coward | about 7 months ago | (#46929365)

Except, uh, Windows users are so used to seeing 'Program Helly Kitty Screen Saver wants to: Access Hard Disk' (or whatever fscking meaningless message Windows puts up) that they automatically click 'OK'.

Any time I see a sudo password request in Linux when I'm not running some admin software, I would know it can't be valid, whereas just starting some Steam games brings up that retarded box on Windows.

Re:To easy to make new viruses (0)

Anonymous Coward | about 7 months ago | (#46929529)

How would IdiotUser123 clicking Okay to UAC... be any different than IdiotUser123 entering password for SU Request from HelloKitty.scr?

The only reason is the bar to entry for Linux is higher so it's less likely to entertain idiots. An idiot there would be just as dangerous as an idiot in Windows or Mac.

Re:To easy to make new viruses (1)

Opportunist (166417) | about 7 months ago | (#46930321)

The main difference is that even IdiotUser123 would know that a screen saver usually doesn't ask for elevated privileges. Unlike Windows, administrator privileges are usually ONLY asked for if you want to mess with the internal workings of the system. Not to install user space stuff.

How would IdiotUser123 know that? That's what using the system would teach him. Using Windows, he has learned that EVERY time he tries to install something that UAC dialog will come and he has learned that he HAS to click yes or it won't work. Using Linux, he would not get such a request for user space programs, so seeing the request for root privileges would be something that strikes him as odd, he usually doesn't get to see that, he only knows that from installing new hardware and drivers for it. Actually, it's even likely he doesn't because those occasions are rare enough that he lets his friend who knows a thing about computers do it for him. And if said friend has more than a brain cell to spare, IdiotUser123 won't even know the root password for that very reason, because all the cases where he'd need it, he'll have to go to his friend anyway.

Re:To easy to make new viruses (0)

Anonymous Coward | about 7 months ago | (#46931253)

Using Windows, he has learned that EVERY time he tries to install something that UAC dialog will come and he has learned that he HAS to click yes or it won't work

Just like how the package manager GUIs on some Linux distros prompt for an admin password every time you try to install a new package? Or how some systems are configured to prevent chmod +x without permission? On both operating systems I can still download standalone executable and run them as long as they don't touch certain parts of the file system.

Re:To easy to make new viruses (1)

lgw (121541) | about 7 months ago | (#46934155)

User space is what matters, is the thing. Every file I care about is accessible by my user account. The OS files are all disposable, easily replaced. If it only protects OS internals, fuck it, it's useless.

Re:To easy to make new viruses (1)

Opportunist (166417) | about 7 months ago | (#46935577)

Those OS internals are the juicy part if I tried to install a trojan on your computer. If my goal is just to delete all your user files, that's trivial. But that's also quite pointless, where's my gain? Malware is a business. The only chance is ransomware, where I encrypt your data and only give you the key if you first pay. That's easily countered with backups.

The really interesting part is digging into your system and staying there for later use. And that invariably requires access to your system. Yes, it's easy to replace those system files, but how often do you actually do a format&reinstall?

Re:To easy to make new viruses (1)

lgw (121541) | about 7 months ago | (#46937077)

Digging into my system is so 1990s. These days it's all "man in the browser" attacks for the real money. Messing with installed programs, sure, that's worth stopping.

OK, so I'm not the typical user, but if you infect my OS, that's so quick to fix that the reboot is the longest part of the process. Going to backups for user files would suck. But access to my browser as I use it? That's the gold mine.

Re:To easy to make new viruses (1)

Opportunist (166417) | about 7 months ago | (#46945223)

"Man in the browser"? C'mon, browser malware plugins, that's so 2006.

Re:To easy to make new viruses (1)

lgw (121541) | about 7 months ago | (#46945749)

Oh, I think they've moved from plugins to altering the executable. There's a cool one for two-factor banking that tries to find people who have both their PC and phone infected, then coordinates to use both for a clever mitm attack against banks that use SMS verification.

Re:To easy to make new viruses (1)

Opportunist (166417) | about 7 months ago | (#46946985)

Neato, I was predicting that in 2008 when they rolled it out and was shot down with a "but that can never happen, how likely is it..."

Well, very, considering how people use phone and computer to access the same crap, not to mention that they sync them, too.

But hey, what do I know about IT security compared to a bunch of managers?

Re:To easy to make new viruses (1)

lgw (121541) | about 7 months ago | (#46951363)

Yep - as much as RSA tokens have had their woes, they remain my favorite second factor (at least the hardware tokens - the software ones not so much).

Re:To easy to make new viruses (1)

Opportunist (166417) | about 7 months ago | (#46952067)

While I like them for authentication, the text message thing has one big advantage (provided it works...): You can send your customer data and he can verify whether the data he entered is the same you send him via the second channel.

In online banking this is critical, else I just wait for you to do your gas bill and instead of sending your USD 55.00 to Industrial Gas&Power I have your browser alter it to send USD 5500.00 to Patsy Mule while still displaying you 55 to IG&P and ask for your verification key.

That was actually done in 2006/7. Very cool stuff actually, they wrote the mule's account into registry keys and had the malware browser plugin just wait for your next transaction, then replaced the data you entered with the data in the key, while replacing the data returned from the bank with the data you entered to display it to you so you'd enter your verification one-time-pad key.

Re:To easy to make new viruses (1)

lgw (121541) | about 7 months ago | (#46952261)

Ah, sure, that's neat. From what I read the phone attack was similar in "fixing" the displayed info on the phone.

The good part of all of this is that the non-technological solution is working: the bottleneck in this sort of thing has become muling the money, so the value in new clever browser attacks is reduced, and the police can keep doing the sort of police work they actually understand to further reduce the problem.

Re:To easy to make new viruses (1)

Opportunist (166417) | about 7 months ago | (#46952979)

You could actually improve the whole shit considerably if there was better cooperation between police and malware researchers. But handing the police info about mules is a bit like tossing pearls to the swine. Instead of simply contacting the mule (who almost invariably has been duped into some kind of "earn easy money from home" scam) and using him to get to the criminals, they first of all dig through you and after you finally convinced them that you're NOT the one trying to steal from the bank they arrest the mule.

Re:To easy to make new viruses (1)

david_thornley (598059) | about 7 months ago | (#46942107)

Several years ago, I stupidly left an easy ssh login on my Linux box, and somebody (the IP indicated Romania) started a process on it that did network stuff (never did analyze it) to somewhere in Sweden. It did nothing to my OS, as far as I could tell. I used Wireshark to find where the packets were coming from, and had no difficulty, and had no problem shutting down the process and deleting the account. The intruder didn't need to take over my box, just get a user-level process running.

Well you nailed that one. (0)

Anonymous Coward | about 7 months ago | (#46930393)

The only reason is the bar to entry for Linux is higher so it's less likely to entertain idiots. An idiot there would be just as dangerous as an idiot in Windows or Mac.

BOOM. Wish I had mod points!

Yeah, an experienced professional welder with a plasma arc in his shop is not as dangerous as some random guy waving one around on the street.

You could argue, though, that since Apple and Microsoft are purposefly marketing to less educated and skillful users, their systems should be required to be more highly engineered for safety. We do require airbags and dual-circuit master cylinders in cars, for example, even though a expert driver in a superbly maintained vehicle will rarely need them.

Re:To easy to make new viruses (0)

Anonymous Coward | about 7 months ago | (#46929923)

Not only that - I know many people who simply turn off UAC because they get annoyed by the elevation dialogs.

Re:To easy to make new viruses (1)

Scutter (18425) | about 7 months ago | (#46929765)

Users are not administrators by default, but so much poorly-written software out there requires local admin rights to run (let alone install) that it's virtually unavoidable.

Re:To easy to make new viruses (2)

rahvin112 (446269) | about 7 months ago | (#46930077)

Which was my point. Until Microsoft forces ISV's to not use admin accounts and to run software and installs as the user this problem will not go away. This is complicated by the fact that with non-admin accounts you have no right access to program files and will need admin rights to install. Every time that dialog comes up makes it more likely people will simply click the dialog to make it go away, this is the key lesson Microsoft still hasn't learned. That elevated dialog is nothing like the SU in Linux because it's used to do things other than alter major system parameters or files..

As a user on Linux I can install software from my user account, I can run that software, delete it and do any of a million things with that software, the only reason I would need SU is to install for more than my user account, or to alter system parameters. No such privilege separation exists in Windows outside hacks like "portable apps" whose functionality should be part of windows. Even with the dramatically turned down UAC Windows still has broken privileges.

Re:To easy to make new viruses (1)

Anonymous Coward | about 7 months ago | (#46931323)

So you complain about Windows prompting for a password to install to Program Files, but not about Linux requiring permissions to install to somewhere in /usr? And you can run programs from your home directly in Linux, but so can you run a binary on Windows as long as it doesn't require being installed. The systems seem pretty parallel, other than third party creators of Windows programs to be more likely to not create a program that runs without installation. Not that getting packages to install in different locations on Linux is particularly straightforward for the average computer user.

Re:To easy to make new viruses (1)

rahvin112 (446269) | about 7 months ago | (#46931965)

I can install programs to my home directory, the only reason to install in /usr is that the program needs to be multi-user. In such a multi-user situation the program should be installed by the administrator to ensure libraries are shared. But nothing forces me to use SU to install a program, I can choose to install to my home directory and the program will run fine, unlike windows.

There is nothing parallel about the two operations. When I can install a program in windows to my user directory you will have reached the most basic of feature parity and the most important of security operations. SU access should only be needed to configure the system directly or replace system level libraries or binaries. To need SU to install a user program is the worst kind of security.

Re:To easy to make new viruses (0)

Anonymous Coward | about 7 months ago | (#46932567)

And I can install programs in my home directory on Windows too, and most run fine (or the more common situation, install to a second drive). That occasional need to install things in Program Files is not a limit of Windows, but of lazy programmers making assumptions about locations or half-ass installers. And I take it you've never had the occasional Llinux or Unix program that makes assumptions about locations...

Re:To easy to make new viruses (0)

rahvin112 (446269) | about 7 months ago | (#46933101)

Putting an executable in the directory and running it is not the same as installing it and you bloody well know it or are an idiot. The only way to install a program in the user directory without admin rights is to use a program like portable apps that creates a secondary registry and mirrors admin-only windows resources in the user directory. It's absurd that such features require proprietary extensions outside windows. I need no such proprietary programs in Linux, the capability is understood and fully supported by the OS.

For the most part Windows is still fully impossible to use in a fully locked down state without either secondary programs that can provide restricted admin features or routinely giving admin rights to programs. This is the primary reason Windows can never be secured and won't be fixed until Microsoft recognizes and restricts Admin access to actual system updates.

Re:To easy to make new viruses (0)

Anonymous Coward | about 7 months ago | (#46933947)

And those of us that have had computers that ran low on disk space, or especially family members that had computers run low on disk space, and needed to add a second hard drive while not touching the original, know you can install things to other places and not need admin rights. You still find programs that won't work unless they are installed on the c: drive, but that is not window's fault. Likewise, changing the directory where something installs to some place other than Program Files, whether to your user directory or elsewhere with user permission works fine.

Re:To easy to make new viruses (0)

Anonymous Coward | about 7 months ago | (#46934089)

So what exactly does "installing" something in your home directly on Linux involve other than just putting files in a directory?

Re:To easy to make new viruses (2)

Agret (752467) | about 7 months ago | (#46935157)

Putting an executable in the directory and running it is not the same as installing it and you bloody well know it or are an idiot. The only way to install a program in the user directory without admin rights is to use a program like portable apps that creates a secondary registry and mirrors admin-only windows resources in the user directory.

Huh? On windows there is an entire registry hive called HKEY_CURRENT_USER which you can read/write without admin rights. The only difference between putting an executable in a directory and installing it is a couple of registry keys and an automatically created shortcut on your start menu/desktop (both userspace accessible)

Re: To easy to make new viruses (0)

Anonymous Coward | about 7 months ago | (#46938373)

Have you ever wondered what the Windows installer option to install only for myself or for all users does? It's only been there for nearly a decade, so I know it's tough to keep current on operating systems.

Re:To easy to make new viruses (1)

sjames (1099) | about 7 months ago | (#46932099)

That's the thing in Windows. It's not just MS but every vendor that 'grew up' with the old admin by default Windows.

I once tried to lock a system down reasonably. As an experiment, I gave myself access to the program files, and the user access to the quickbooks data based on l;east privilege. The result is that the user couldn't use quickbooks because it wouldn't even try to run if there was an update available that they couldn't perform without admin rights. O*M*G* there's a pixel out of place in the help file! It is like, *CRUCIAL* that you update *IMMEDIATELY*! No bookkeeping for you until this *VITAL* update solving a decade long flaw nobody noticed is fixed! I could have lived with it if it happened once in a great while, but it seemed to be just about daily.

So in the name of security for quickbooks, it was necessary to totally wipe out security on the accounting machines.

Re:To easy to make new viruses (1)

Amtrak (2430376) | about 7 months ago | (#46934621)

You are exactly correct. There are very few programs that couldn't run completely in user space on a modern version of Windows (Vista SP1 or higher). The problem is that developers don't want to take the time to handle tokens and user permissions when the develop a program so they just require admin and since it's been going on for years no one complains.

I think that M$ is keenly aware of this too. It seems to me that every time they do a major update they try despratly to get developers to switch away from admin all the time and into trusted computing. I mean first it was "Click Once" and now it's Windows RT and the M$ App Store. It's just hard to get people to spend money on a system that they think won't let them run there stuff.

Also with quickbooks, something tells me that you found a DRM scheme that looks like an updater. I mean why the hell else would it need to call home so often?

Re:To easy to make new viruses (1)

sjames (1099) | about 7 months ago | (#46934729)

I really do have to wonder about quickbooks, but surely it could phone home without demanding admin access.

Re:To easy to make new viruses (0)

Opportunist (166417) | about 7 months ago | (#46930245)

The problem is that you need elevated privileges for every crap you try to poop out in Windows. "You moved the mouse, please hit yes to allow that".

Every single piece of user space program I tried to install lately expected administrative privileges from me. And the problem here is that there is only "all or nothing", either you deny EVERYTHING or you let the program do ANYTHING it wants. There's no sensible in between, there is also no way to tell just WHY that program wants the privileges. A program trying to write into the "program files" folder that is read-only for the normal account, that makes sense. Writing into the "user space" area of the registry, makes sense. But I can only allow this if I also permit the program to mess with system files. Where is the sense in that?

The whole security mess of UAC is some show security, security theater at its finest. Blame shifting, actually, because "it was not Windows that is insecure, see, the user clicked YES, HE is at fault, it's not Windows". BULLSHIT! The system doesn't give the user even remotely any chance to make a sensible decision. Worse, the user only learns from the whole bull that his software only works if he clicks yes, when he clicks no it simply refuses to work. That's what this bullshit teaches people.

It does not improve security for the user. It only improves security for MS because now they can blame the user for their system's shortcomings.

Re:To easy to make new viruses (0)

Anonymous Coward | about 7 months ago | (#46944015)

wow, another expert that has no idea what he's talking about, ahh Slashdot, how I've missed you!

Re:To easy to make new viruses (1)

Salafrance Underhill (2947653) | about 7 months ago | (#46930311)

I had a friend attempt to disable UAC on my laptop, once. He left with a flea in his ear.

Makes sense (3, Insightful)

American AC in Paris (230456) | about 7 months ago | (#46928851)

When the back door was made of cloth and paper, there wasn't much sense in trying to fool the user guarding the front gate. Now that we've locked that down with a steel door and a proper deadbolt, it's a lot easier to try to sneak past the guard--and it's a lot harder to upgrade a guard than it is to upgrade a door.

I think we're entering a period where forensics and an effective legal apparatus are going to become the primary means of defense.

Re:Makes sense (4, Interesting)

Charliemopps (1157495) | about 7 months ago | (#46929015)

I noticed my idiot bother-in-laws computer was sitting on a wide open wifi connection, no password, no encryption. Then I looked and the computer had no antivirus, UAC, the Firewall, everything was disabled. I pointed all this out to him and he said "I don't get viruses anymore." So I ran a standard on-line anti-virus product and he had hundreds of infections. I doubt he's done anything with it at all.

The authors of viruses make a profit off your infection by either displaying ads to you, or using your computer to host data or attacks. If they make what they are doing too obvious, you're going to do something about it. So it's in their best interest to make sure you don't notice it. Why fix something that's not bothering you? My brother-in-law has no idea the risks he's taking and likely thinks I'm dumb for bothering him with it. I suspect the majority of the people feel the same way.

Shields Down! (3, Interesting)

epine (68316) | about 7 months ago | (#46932209)

I suspect the majority of the people feel the same way.

Not even close, unless you also think that the majority of people who suffer in silence all fret over the same life issue.

Apathy has at least a dozen different root causes at the level of kingdom and phyla. Some people dislike how their computer turns into a vat of sticky molasses right after the anti-virus software gets installed. They didn't know you need twice as much bare metal to eke out a tolerable user experience once the protective condom—prosthetic cylinder—is superglued onto the pink skin under the hood. When you find a male user whose entire panoply of defences are on the floor (or around his ankles), one suspects the anti-virus software was interfering with a cherished late-night hobby.

The entire anti-virus program was misconceived to begin with. It's not ultimately impossible to write secure code, but it will remain impossible until we've exhausted every other dodge.

You can always count on Americans to do the right thing - after they've tried everything else. — Winston Churchill

Note that by "secure" I don't mean "flawless". A better proxy is that once a flaw is discovered, it takes far longer to work up a successful exploit than it does to fix the problem and test the patch, assuming both lines of development hear the same gun.

I've been reading security threads for at least two decades. There's always someone who pipes up with the view that because the travelling salesman problem is NP-complete, you might as well plan your route by flipping coins. This is the strange and not-so-wonderful archaea kingdom of the apathy tree. Brain the size of a planet, and all these people can manage is to cop a snivel. These people have their edge enhancement (aka paranoia) dialed up so far, the entire universe looks like a chessboard in the movie Tron. I'm guessing that the evolution of intelligent life is also NP-complete, yet somehow it happened. Hard to notice this if your giant brain perceives itself as living on planet Tron.

At the end of the day secure code has no hope of survival in a winner-take-all market with a short little span of attention (winner take all, until it's all siphoned away by a Chinese triad). It probably boils down to prisoner's dilemma—until there's a sea change, and secure code gets the girl.

The answer lies in a systems theory analysis of human mating-instinct time horizons. This is a different difficulty class than NP-complete, founded on the technique of proof by partial induction: well, we're still here.

Re:Shields Down! (1)

david_thornley (598059) | about 7 months ago | (#46942167)

Thing is, what's secure code here? Certainly a user should be able to get a program and run it, but how can we possibly make sure that the program does what the user expects? It's possible to make code resistant (if not immune to) privilege exploits and stuff like that, but if the dancing penguins also monitor browser use and mine bitcoins, how do we prevent that?

Re:Shields Down! (1)

Jasper Ragworth (3199593) | about 7 months ago | (#46962627)

How on earth is this only a +4? This is the most interesting comment I've seen on /. in months!

Re:Makes sense (0)

Anonymous Coward | about 7 months ago | (#46937603)

Oh, he thinks you're dumb for bothering him. Until he is billed for being part of some botnet doing 11 billion worth of stock market fraud - and has to pay his share along with 6000 other dumb users.

Different option (1)

CBravo (35450) | about 7 months ago | (#46931561)

In the email world there are 'reputation' providers that will give an IP address a score (e.g. from 0 to 100). On many domains if your 'reputation' is too low, the email bounces. However we are heading towards an IPv6 world where ip-reputation is too hard (too many addresses). So you need another way to base your reputation on (e.g. your domain name or email address).

Who is providing the content and are they trusted (you better prove you are trustworthy). Just another option.

Re:Different option (1)

JesseMcDonald (536341) | about 7 months ago | (#46935381)

However we are heading towards an IPv6 world where ip-reputation is too hard (too many addresses).

I don't believe that for a moment. "Too many addresses" is only an issue if you're trying to store reputation for every individual /128. To begin with, you can ignore everything below /64. A /64 is the minimum ISPs are supposed to allocate to individual customers, much like a /32 address in IPv4. The remaining 64 bits still leave a lot of space to map out, to be sure, but there aren't significantly more end-users than there were before—they just get larger ranges each. If you store reputation by network, with variable prefix lengths, you should be able to compress the results quite nicely.

If anything, IPv6 should lead to more (mostly-)static address assignments and thus less headaches when it comes to tracking reputations, compared to dynamic IPv4 addresses which are frequently repurposed.

Re:Different option (1)

CBravo (35450) | about 7 months ago | (#46936835)

I am aware of technical possibilities. I still think it is an option to _not_ use IPs and it may be a valid choice.

Does the nature of the business hold it back (3, Insightful)

Eravnrekaree (467752) | about 7 months ago | (#46928917)

Part of the problem may be the closed source nature of AV itself. I have always wondered if the closed source AV vendors are basically reinventing the wheel and needlessly wasting resources on finding viruses that have already been found by other companies, and that maybe there should be a central virus database that all of the companies would contribute to instead. The model of each company having to independantly find viruses is inefficient and leads to much slower progress on eliminating them. It is wasted time and effort reinventing the wheel, and as well it actually worsens things for users because things do not work as well as they could.

Does anyone here have a recommendation for the best AV software?

What about ClamAV? Is this as good as the closed source AV products?

Re:Does the nature of the business hold it back (1)

erikina (1112587) | about 7 months ago | (#46929035)

I use Avast for AV and Bitcoin Vigil for IDS. Both are free and work well together (although, Avast does noticeably lag my computer -- but less so than competitors)

Re:Does the nature of the business hold it back (2)

xxxJonBoyxxx (565205) | about 7 months ago | (#46929067)

>> Does anyone here have a recommendation for the best AV software?

The built-in Windows AV on modern OS's works OK. (We don't have any machines except test machines older than Windows 7.) I guess I haven't even thought about Symantec or McAfee for the past few years.

>> What about ClamAV? Is this as good as the closed source AV products?

IMHO, it's slower and not as thorough. I wouldn't use it on Windows.

Re:Does the nature of the business hold it back (4, Insightful)

Arker (91948) | about 7 months ago | (#46929327)

The problem is deeper than that. It goes back decades to the very idea of a scanner vs other methods of security. Scanners are good 'solutions' if you dont really want to solve the problem but rather want to profit from it. They are reactive, they require constant updates (which justifies continuing payments) and will absolutely never do more than partially ameliorate the problem. Scanners only find old threats and it's a very old game to just switch bytes around until the scanner says you are clean.

A system actually designed for security would instead focus on behavior and abilities, and look more like SELinux than a traditional virus scanner. It wouldnt care if a program was exceeding its authority because it's a virus or because it's damaged or just because it's poorly programmed - it would prevent it from doing damage regardless.

This is far from impossible, but as an industry we turned away from that road several decades ago, because it's slower, more expensive, and harder to develop for. First to market seems to trump well designed every time. :(

Re:Does the nature of the business hold it back (5, Funny)

westlake (615356) | about 7 months ago | (#46931195)

Your typewriter needs a new ribbon.

Re:Does the nature of the business hold it back (0)

Anonymous Coward | about 7 months ago | (#46935459)

indeed

Re:Does the nature of the business hold it back (0)

Anonymous Coward | about 7 months ago | (#46935515)

test

Re:Does the nature of the business hold it back (1)

Eravnrekaree (467752) | about 7 months ago | (#46931265)

I do agree that making systems secure to begin with is vitally important. This includes making sure the software is not running vulnerable versions to attack. Part of the problem with Windows and some other UIs is that they make it inconvenient, even unnatural for non-tech users to take advantage of the privelege seperation features. Which is why the OS should have a wizard that on first boot puts the user into a non-root account by default. Another is to have app stores for desktop OSs. Another is to prohibit execution of executables which have regular user file permissions which would prevent users from downloading and executing trojans. The user by default does not even need to know about root or be given access to it. Though, root could be accessed through a control panel deep in configuration settings or from a command line window by a tech, things non-tech users probably will never find or know what they will do. It sounds draconian but its easy for advanced users to get around, and seeing how non-tech users operate, its really necessary. Non-tech users usually have no clue how computer works, they dont really even have a concept of what an operating system is or what executables are and such. Another idea is to use virtual roots to run download applications in, that is, an application is in its own sandbox and really every downloaded app could be, and only with user permission be given access to a documents directory but certainly not access to any of the real system files. The damage an app could do would then be confined to that environment and could be totally removed by completely deleting the environment.

So, like preventing credit card fraud? (1)

mcrbids (148650) | about 7 months ago | (#46931853)

In case you hadn't noticed, Credit Card companies secure your credit card using techniques very similar to A/V vendors' products. They do heuristic scanning of transactions, looking for consumer spending patterns and throwing red flags when they change significantly. You can wax poetic all you want about "smart cards" but the system is big enough that we'll probably *never* be without similar methods for protecting your bank account

Re:So, like preventing credit card fraud? (1)

Arker (91948) | about 7 months ago | (#46933695)

Latest statistics I found with a quick LMGTFY says just under $12 BILLION last year in cc/dc fraud alone, so it sounds like you just supported my point rather than disagreeing with it.

Re:Does the nature of the business hold it back (1)

Burz (138833) | about 7 months ago | (#46932001)

Security by isolation [qubes-os.org] is one way to solve that problem. With a hypervisor designed for strong security instead of primarily for conveniece as is usually the case, users can safely allocate their tasks and data to different domains. For instance, 'Work' and 'Personal' could be two domains that have network access, whereas 'Vault' would hold the most sensitive info (like certain keys and passwords) and have no networking. An 'Untrusted' domain is used for most of the general web surfing-- reading articles, watching video streams, etc. On Qubes, there is also a TorVM package that facilitates the creation of anonymous domains.

So, whatever "happens in Vegas stays in Vegas". Qubes even assigns high-risk hardware, like NICs, to their own unprivileged domains.

The nice thing about this setup is that the window manager resides in the privileged domain and both the WM and its graphics stack are isolated from attacks originating in the VM domains. Further, each domain is assigned a border-color when its created so you can always get an idea of what is running in which context [qubes-os.org] by glancing at the desktop. A compromised browser in 'Untrusted', for instance, could put up a window asking for admin access to the privileged domain, but the red border (and [untrusted] marker in the title) would give it away.

Copy/paste and file copy between domains are also protected; they are integrated into the UI so as to require a confirmation step so the privileged domain knows the user really intends to perform the action.

Re:Does the nature of the business hold it back (1)

jbmartin6 (1232050) | about 7 months ago | (#46929565)

You are absolutely correct, this drives me nuts. An illustration from the corporate end user perspective: it is almost impossible to get any information from any AV vendor about WHY a certain signature was triggered. Given the prevalence of false positives with the latest heuristic and reputation-based detections, this information can be absolutely vital to making the correct decisions. But the best you can usually get is 'it is a trojan' or some other vague crap. They seem to view their signatures as some sort of secret sauce that must never be revealed.

Re:Does the nature of the business hold it back (1)

chispito (1870390) | about 7 months ago | (#46933109)

And the flipside: if I have a known malware sample ignored by the AV, why can't I add its signature to the database myself? Why must I submit it to the vendor first to await their sluggish response?

You are absolutely correct, this drives me nuts. An illustration from the corporate end user perspective: it is almost impossible to get any information from any AV vendor about WHY a certain signature was triggered. Given the prevalence of false positives with the latest heuristic and reputation-based detections, this information can be absolutely vital to making the correct decisions. But the best you can usually get is 'it is a trojan' or some other vague crap. They seem to view their signatures as some sort of secret sauce that must never be revealed.

Re:Does the nature of the business hold it back (1)

chuckugly (2030942) | about 7 months ago | (#46934711)

Because you lack the skills and tools to do so.

Re:Does the nature of the business hold it back (2)

CAIMLAS (41445) | about 7 months ago | (#46929579)

ESET is by far the best I've had the opportunity to use.

Yeah, it's actually worth paying for: it's unobtrusive where it needs to be and I've not seen anything sneak by. The big things that break other AV doesn't hurt ESET. I make it a pre-requirement for anyone who wants my help on their Windows, and so far... no "I've got a virus" type requests. :)

Re:Does the nature of the business hold it back (0)

Anonymous Coward | about 7 months ago | (#46929689)

When I was buying AV for a small company ESET is what I used too and was always happy. I still use their online scanner once in a while, just to check, but for home use I just use MSE.

Re:Does the nature of the business hold it back (1)

Quirkz (1206400) | about 7 months ago | (#46932163)

I've been looking for a replacement AV so I can get rid of Symantec Endpoint Protection at work. I've been looking at Eset, but the initial test had me concerned. Windows popped up every time I changed network, asking me to make choices, and there were a handful of other notifications that I don't want to inflict on users. Maybe once I dig around in the preferences there's ways to silence those things, but it didn't seem ideal out of the box.

Re:Does the nature of the business hold it back (1)

Fireshadow (632041) | about 7 months ago | (#46931245)

Does anyone here have a recommendation for the best AV software?

What about ClamAV? Is this as good as the closed source AV products?

One resource that you may want to look at is the not for profit av-comparatives (http://www.av-comparatives.org/). From the Dec. 2013 summary report:"AV-Comparatives’ 2013 Product of the Year Award for the best overall score, considering all the tests, goes to Kaspersky Lab ClamAV was not tested. As the testing is based on vendor submissions, it may not have had anyone to speak for it. .

The numbers don't add up. (0)

Anonymous Coward | about 7 months ago | (#46928941)

In the article, Redsocks makes the claim that between January and March, the detection rate for something (their own software? Symantec's?) was between 64 and 73 percent. How does this add up to letting through 55% of attacks? Honestly, this sounds more like people waking up and realizing that Norton is badly-coded bloatware, and are uninstalling it and not buying it.

Makes Sense (1)

erikina (1112587) | about 7 months ago | (#46928945)

Sounds about right. I've had at least 3 viruses that have circumvented Norton -- but caught by Bitcoin Vigil (a honey pot based approached to catching malware). I guess it's a combination of outdated signatures, and novel attacks and Antivirus needing to limit its false positives

Re:Makes Sense (0)

Anonymous Coward | about 7 months ago | (#46929313)

The fuck are you doing that causes you to get 3 viruses? Wonder how many you got that were blocked...

Re:Makes Sense (2)

erikina (1112587) | about 7 months ago | (#46929395)

I work in the security field, so I experimentally run hundreds of programs :)

Maybe their piece of crap software (1)

slashmydots (2189826) | about 7 months ago | (#46928955)

I think they're only talking about their own software. In the last quarter's test at AV-Test, Avast (which is free) detected 100% of known samples and 98% of unknown virus samples. I never figured out how they obtained over 100 "unknown" samples of malware without reporting it to antivirus companies but I think it was an ongoing zero day, detect them as they're released type of thing.

Re:Maybe their piece of crap software (1)

erikina (1112587) | about 7 months ago | (#46929003)

They could just freeze a version for a couple of weeks -- and test it with the new samples. However, I'd be a lot more interested in seeing a ROC curve -- it's pretty easy to have 100% TP if your FP is high ;D

Re:Maybe their piece of crap software (1)

fnj (64210) | about 7 months ago | (#46929125)

I'd be a lot more interested in seeing a Republic of China curve
it's pretty easy to have 100% Tissue Paper if your First Post is high

Boy, you really cleared the whole thing up for me.

Re:Maybe their piece of crap software (1)

slashmydots (2189826) | about 7 months ago | (#46929161)

No no no, it's: However, I'd be a lot more interested in seeing a Raviolis over Cheddar curve -- it's pretty easy to have 100% Thermal Pasta if your Fried Peanut is high.

Re:Maybe their piece of crap software (0)

Anonymous Coward | about 7 months ago | (#46929471)

FYI: TP = True Positive FP = False Positive And ROC curve is a way of graphically showing it. He means if you identify 100% of programs as viruses, you will have excellent "detection rate". So it's important to see how many you get wrong

are you kidding me? (1)

slashmydots (2189826) | about 7 months ago | (#46928977)

"...are casting doubt on AV, suggesting a focus on data loss prevention might be better"
Oh yes, prevent your data from being deleted or Cryptolocker-ed while you're a spam-sending robot with all your credit card numbers and login passwords being recorded by a rootkit. Great strategy.

Re:are you kidding me? (1)

BitZtream (692029) | about 7 months ago | (#46929543)

Data loss prevention is like loss prevention in retail. Its not lost, its stolen. What you're referring to with credit cards and logins ... thats what they are talking about stopping.

Most AV is malware (5, Interesting)

EmperorOfCanada (1332175) | about 7 months ago | (#46929001)

Of all the problems that my relatives have called upon me to fix on their machines AV might be the number one complaint. They buy a machine from some big box store (against my recommendation) and the AV becomes more and more threatening as to the dire situation their machine is in and how only a subscription to their product will solve the problem.

Then to make it worse the AV infests the machine like a spreading cancer. The browsers work funny, the startup is longer, the thing periodically pigs out on the internet. But it might be the popups that are the worst. We have all see the public jumbotron/Kiosk with a big AV popup front and center.

Personally I blame AV bloatware for being one of the downfalls of the PC industry. People were buying their shiny new machines hoping that all their problems would go away and poof their new machine is effectively just as crappy as their old machine with these incomprehensible popups and threats.

My only happiness in this situation is that the AV products haven't managed to get much traction in the mobile device industry.

The key thing to keep in mind is that when you buy a basic PC from a manufacturer that they don't make much if any profit from the machine. It is the kickbacks they get from the crap AV, crap game, and crap music services that come as trialware. So if the AV industry has a business model based upon fooling people, kickbacks, and annoying people; then they can't die too soon.

The horrible thing is that some products like NOD32 were awesome and didn't play those MBA games.

Re:Most AV is malware (-1)

Anonymous Coward | about 7 months ago | (#46929231)

Canadian delusions should be tht title here

Your arg looked great in 1st par
2nd sours as "you must replace blocked content with something" Even SQUID does such, and so it seems more the bofh sissy- ad ought be more proactive in fine tuning the graphic or lack of graphic displayed, dare I ask if you have any blacklists at all? Im thinking no, which means you really don't care. Don't leave your fsckin mom with a hosts file, deliver an appliance tuned. See now? Even bo bo the clown can plug in the yard (MOWER/ORICK/ZOOMBA) temperature sensor. Oh what's that it's SUNNY today with 800 - 1200 MPH wind gusts and 1400-1600 degrees -- either a nuke has gone off and mom is dust, or your her little fsckin dog chewed up the wires again.

For HARDWARE? I blame mobile devices not AV bloatware. Firefox OS 2013 -- Australis foobar worid tour 2014
So shut up and go buy one of those used dell 960's.. if ya momma has a TV show!

and get pale moon. Reinstall Everything. Piece by piece.

Or. Rollback your clone. that's right you don't have a clone hardware. nevermind.

AV products haven't managed to get much traction in the mobile device industry.
(I almost lost a keyb)

they don't make much if any profit from the machine
abject nonsense! if they didn't there would be NO MORE.

I know life's tough right now. But god damn get it together
AV is great if you want to identify your VIRUS COLLECTIONS
right?

so not sure where your going with this.

Re:Most AV is malware (2)

CAIMLAS (41445) | about 7 months ago | (#46929613)

What do you mean, "were" awesome? NOD32 is still the best game in town. Not sure what you mean by "didn't play those MBA games"...

Re:Most AV is malware (1)

EmperorOfCanada (1332175) | about 7 months ago | (#46930059)

I can't say much about them as I haven't used them in years. My "were" was more my own subjective were. I don't hear much about them but I have never heard anyone in my circle ever complain about them.

Re:Most AV is malware (1)

EmperorOfCanada (1332175) | about 7 months ago | (#46930199)

Sorry for the two replies. But by MBA games I find that many MBA schools teach the wrong half of Game Theory. It seems that most people who leave with an MBA find some metric of success and then beat it to death. Sales are an easy metric and often a good one. But in this case I think that they pushed sales so hard that people began to hate the entire PC experience, let alone the AV experience.

AVG is a good example. Basically you can instal the free version but if you click on the wrong thing( as probably intended) you end up installing a 30 day full trial which then royally amps up the hard sell.

It seems that the original business model of the free AV service was that the home user could get away with basic features for free and would either upgrade for a price. Or would learn to love their AV and then would want it in the enterprise where it was not free at all. But nope, I can see some MBA twat saying something like, "We must monetize these non-performing customers." This probably even worked well for the next few years as not only did they fool those customers into paying but they also would have been able to ride the laurels of their previously good reviews. But in the end the reviews would have long been turning against them and now their very future is in peril.

But I am willing to bet where NOD32 never took the low road that their sales are probably tracking right along with PC sales. But as for the game theory part. I am a firm believer that the abuse that most people suffered at the hands of bloatware is one of the present factors in the plummeting PC sales. I also think that it is a factor for people paying such massive premiums for Apple machines. No default bloatware (unless you include iTunes and iCloud which do piss me off with their in your face crap). But my Apple has never threatened me once.

You could throw in Linux as an option but I am not sure there is a single big box store that will sell you a Linux only machine and in all likelihood they will have found a bloatware version of Linux.

Re:Most AV is malware (1)

kesuki (321456) | about 7 months ago | (#46934913)

if you count a quad core cell phone running a linux kernel as a 'linux only' machine then the big boxes will sell you one. but then the carrier has fees more extravagant than any av suite.

Re:Most AV is malware (1)

EmperorOfCanada (1332175) | about 7 months ago | (#46936951)

The carriers also put their stupid bloatware onto many phones. Again making their customers angry for some short term gains. Stupid MBAs.

Re:Most AV is malware (1)

toddestan (632714) | about 7 months ago | (#46945109)

I use and pay for NOD32. I was basically hooked when I downloaded the trail version, installed it, and promptly forgot about it as it silently and unobtrusively did it's thing while completely staying out of my way. When it finally piped up when the trial was about to end I decided it was well worth it.

Re:Most AV is malware (0)

Anonymous Coward | about 7 months ago | (#46929737)

Yup. I couldn't understand how people fell for those cheesy blinking red "YOUR ANTIVIRUS IS OUT OF DATE" messages until I saw Norton AV trial edition on a new computer doing the exact same thing when it expired. The major AV companies have resorted to scare tactics to drum up business.

Re:Most AV is malware (1)

BasilBrush (643681) | about 7 months ago | (#46930425)

It's my theory that any OS that is secure enough not to get malware is secure enough to not allow AV software.

A user shouldn't be able to install software that scans every other file arriving on the computer, and alters or deletes executable files. If they are allowed to, then they will install every item of malware presented to them.

As illustration I give you iOS. An AV scanner is not technically possible (from anyone other than Apple). 2013 malware threats: zero.
http://www.forbes.com/sites/go... [forbes.com]

Re:Most AV is malware (0)

Anonymous Coward | about 7 months ago | (#46930861)

But there was malware anyway. It posted to facebook.

Re:Most AV is malware (1)

BasilBrush (643681) | about 7 months ago | (#46931023)

You mean the one that required you to have physical contact with the iPhone via the use of a custom charger that didn't look anything like an Apple charger. That required that the attacker purchase one paid developer account at $99 for every 100 device attacks?

That was a concept, not in the wild malware. And the very unpractical nature of it demonstrates how impossible the conventional avenues of attack are on iOS.

Re:Most AV is malware (0)

Anonymous Coward | about 7 months ago | (#46938035)

+1 Nice response
(I'm not the AC to whom you replied)

BTW: "impractical"

Re:Most AV is malware (1)

Opportunist (166417) | about 7 months ago | (#46930441)

I agree completely with the "trial" ware on "new" computers. Personally, I think the first thing to be done when getting such a computer is cleaning out the HD and reinstall the system. That's the only way you can be certain that this pest is gone.

Aside of that, I can't really agree with the sentiment that antivirus is useless. For most people it does serve a very valuable purpose, if, and only if, it is actually antivirus software and doesn't try to be every- and anything from AV to firewall to content filter to popup blocker to spam killer to some internet child-proof lock...

Do one thing. But do it right.

Re:Most AV is malware (1)

EmperorOfCanada (1332175) | about 7 months ago | (#46931095)

I wouldn't say useless but that it has become malware in its own right. A symptom in the past that someone's machine was infested were casino and porn ads relentlessly popping up. Now there are AV ads relentlessly popping up. Even if you have a subscription there are two pop ups. One telling you how smart the software was do detect a cookie or something; and as the end of your subscription comes near the death threats begin.

Not to mention that some AV software will begin to interfere with the smooth operation of the machine itself.

Re:Most AV is malware (1)

Opportunist (166417) | about 7 months ago | (#46933973)

Which AV software bugs you with popups that tell you just how cool it is, without the option to simply tell it to STFU? Just so we can avoid it altogether.

Re:Most AV is malware (1)

EmperorOfCanada (1332175) | about 7 months ago | (#46935927)

I don't think that any AV software out there (NOD32 excepted) can be told 100% to STFU. Minimally it will pop up when the subscription is running/ran out. The default is that it will tell you when something bad is happening. And shutting that off means that you have to be thorough in saying: don't tell me when something bad is happening, don't tell me when you are scanning, don't tell me when a scan is complete, don't tell me when a scan is complete and it didn't find anything, don't tell me when there is an update, don't tell me when you can't connect with the home server, don't tell me when the subscription is running low, don't tell me when the subscription has run out, don't tell me that the subscription ran out a long time ago, don't tell me that my computer AV library is so out of date that the world is going to end, don't tell me that you just installed an update, don't tell me that you don't like what I am doing, ...... and last but not least, don't tell me that I am a bad person for turning all the warnings off.

I don't think that there is a single AV that I have seen that if left on a jumbo tron/kiosk/public screen, unattended for 18 months would not have many popups over that time period. So if I were running a large screen there is only one OS that I would run and that is something Linux based where I can look into the cron config and say FU to any potential popups, not to mention easily administrate in a terminal window with no discernible public screen action (other than a reboot). Also keeping in mind that even fairly serious upgrades can often be performed without a reboot.

These are the things that keep me away from so many commercial products. Some MBA douche who thinks that their little stupid product should take over my machine as its sole purpose. (I'm looking at you HP all-in-one drivers).

Irresponsible? (2)

unixcorn (120825) | about 7 months ago | (#46929019)

My fear is that some neophyte will read this and believe he doesn't need an anti-virus application anymore because they don't work. While AV applications are not my favorite thing to spend money on, they do have their place for less-then-savvy users who may be surfing or downloading from areas that may not be safe.

Re:Irresponsible? (1)

fnj (64210) | about 7 months ago | (#46929169)

My fear is that some neophyte will read this and believe he doesn't need an anti-virus application anymore because they don't work.

Funny, my take-away was a little different - that AV is no goddam good for nothing.

Re:Irresponsible? (2)

Opportunist (166417) | about 7 months ago | (#46930453)

You're listening to Symantec talking about antivirus and security, you're aware of that?

I stop virus etc. BEFORE you get them... apk (-1)

Anonymous Coward | about 7 months ago | (#46929105)

APK Hosts File Engine 9.0++ 32/64-bit:

http://start64.com/index.php?o... [start64.com]

(Details of hosts' benefits enumerated in link)

Summary:

---

A. ) Hosts do more than AdBlock ("souled-out" 2 Google/Crippled by default) + Ghostery (Advertiser owned) - "Fox guards henhouse", or Request Policy -> http://yro.slashdot.org/commen... [slashdot.org]

B. ) Hosts add reliability vs. downed or redirected DNS + secure vs. known malicious domains too -> http://tech.slashdot.org/comme... [slashdot.org] w/ less added "moving parts" complexity + room 4 breakdown,

C. ) Hosts files yield more speed (blocks ads & hardcodes fav sites - faster than remote DNS), security (vs. malicious domains serving mal-content + block spam/phish), reliability (vs. downed or Kaminsky redirect vulnerable DNS, 99% = unpatched vs. it & worst @ ISP level + weak vs FastFlux + DynDNS botnets), & anonymity (vs. dns request logs + DNSBL's).

---

Hosts do more w/ less (1 file) @ a faster level (ring 0) vs redundant browser addons (slowing up slower ring 3 browsers) via filtering 4 the IP stack (coded in C, loads w/ OS, & 1st net resolver queried w\ 45++ yrs.of optimization).

* Addons are more complex + slowup browsers in message passing (use a few concurrently - you'll see) - Addons slowdown SLOWER usermode browsers layering on MORE: I work w/ what you have in kernelmode, via hosts ( A tightly integrated PART of the IP stack itself )

APK

P.S.=> Currently adding 2 features to it:

1.) 'Shearing away' trackers you CAN'T see, via code techniques that emulate a netstat -ano albeit on an automated timer to do so, as I did here on slashdot (much like how "PEERBLOCK" operates, but, not using ADDED COMPLEXITY laying in a filtering driver, but instead, using the native Windows firewall, creating rulesets for that much too)

AND

2.) Making it FASTER on its slowest part (Convert & Filter) by breaking the file into 100 parts (which process FASTER already than doing the single large intake I do currently) by August!

... apk

Re:I stop virus etc. BEFORE you get them... apk (0)

Anonymous Coward | about 7 months ago | (#46930083)

Your detractors have 0 vs your points on hosts. Only unjustifiable minusmods to try hide your post. They clearly can't disprove your points validly.

Re:I stop virus etc. BEFORE you get them... apk (0)

Anonymous Coward | about 7 months ago | (#46933641)

Hi, I'm another 'anonymous coward' (actually APK but pretending to be anonymous) writing in support of APK, because nobody will ever know that it's me.

I'm so damn clever!!

AV dead? Symantec's certainly is (5, Insightful)

argStyopa (232550) | about 7 months ago | (#46929183)

I wouldn't use a Symantec product if it was an extinguisher and I was on fire.

Nobody even vaguely familiar with PC support over the last 20 years can possibly fail to be acquainted with what was (is?) the most complicated, agonizing, and laborious process that was removing a Symantec/Norton antivirus "product" from a computer.
Seriously, with a newer machine, just re-installing the OS was far quicker, easier, and less likely to leave you with later issues.

As an AV product, it was not terribly successful in most neutral tests I saw.

If you didn't uninstall it, it was a resource hog, bringing even powerful machines to their proverbial knees when scanning. If you were foolish enough to install the 'suite' of security applications, it would involve literally dozens of services installed obscurely across your system. Removing it was very much like (or worse than) trying to get rid of some of the most tenacious malware I've ever encountered.

Truly, the 'cure' in this case was nearly worse than the disease. They *owned* the PC security market in the early days...why do you think its competitors have been so widely successful?

Re:AV dead? Symantec's certainly is (2)

BitZtream (692029) | about 7 months ago | (#46929561)

In Soviet Russia, McAfee sets you on fire!

Re:AV dead? Symantec's certainly is (0)

Anonymous Coward | about 7 months ago | (#46930535)

I wouldn't use a Symantec product if it was an extinguisher and I was on fire.

Nobody even vaguely familiar with PC support over the last 20 years can possibly fail to be acquainted with what was (is?) the most complicated, agonizing, and laborious process that was removing a Symantec/Norton antivirus "product" from a computer.
Seriously, with a newer machine, just re-installing the OS was far quicker, easier, and less likely to leave you with later issues.

As an AV product, it was not terribly successful in most neutral tests I saw.

If you didn't uninstall it, it was a resource hog, bringing even powerful machines to their proverbial knees when scanning. If you were foolish enough to install the 'suite' of security applications, it would involve literally dozens of services installed obscurely across your system. Removing it was very much like (or worse than) trying to get rid of some of the most tenacious malware I've ever encountered.

Truly, the 'cure' in this case was nearly worse than the disease. They *owned* the PC security market in the early days...why do you think its competitors have been so widely successful?

You obviously have no experience with these products in at least the last five years. Yes, there was a time they earned a bad reputation, but the current versions are easily uninstalled and are much lighter on resources. In fact, for many users (not the typical Slashdot user), modern AV (incl Symantec AV) can actually increase felt computer performance due to scheduled background maintenance tasks (defrag, for example). Still, like all software, AV products do consume resources and can have a noticeable performance hit, especially on marginal hardware to start with.

Re:AV dead? Symantec's certainly is (1)

Damian J Pound (3635341) | about 7 months ago | (#46931283)

In Windows XP you can use task scheduler to have the defragmenter automatically run, in Vista onwards, scheduling a defrag is as simple as clicking a checkbox. I would rather just use the OS's utilities than have redundant bloat.

Re:AV dead? Symantec's certainly is (1)

AthanasiusKircher (1333179) | about 7 months ago | (#46931503)

You obviously have no experience with these products in at least the last five years. Yes, there was a time they earned a bad reputation, but the current versions are easily uninstalled and are much lighter on resources.

Not according to people I know who used them recently. For a few different family members in the past few years (who live far enough away that I can't troubleshoot their computer), I recommended installing antivirus to fix symptoms that obviously seemed to be some sort of malware. Yes, they found malware and viruses, and that often fixed some weird behavior. But inevitably it also tended to slow down their computers until they were basically unusable. Two of these family members ended up switching to tablets and just giving up on their laptops... and that's after I tried to recommend some tweaks to settings to stop the incessant background crap.

In fact, for many users (not the typical Slashdot user), modern AV (incl Symantec AV) can actually increase felt computer performance due to scheduled background maintenance tasks (defrag, for example).

What the heck are you talking about? My copy of Norton Utilities (came with AV package) I got in 1995 or 1996 something had automatic defrag operations (and all sorts of other "maintenance" it could do in the background) -- and it was PRECISELY all those background processes and tasks that slowed my system to a halt, leading me to dump the OS and reinstall everything without Norton.

I tried again maybe 10 years ago, and the same crap happened. The only usable AV that doesn't completely slow down your system is usually one tweaked so it doesn't perform any "background maintenance" nonsense.

Still, like all software, AV products do consume resources and can have a noticeable performance hit, especially on marginal hardware to start with.

Yeah, and that's the whole problem. AV products need to be designed for MARGINAL HARDWARE. That's probably their primary audience -- people who buy cheap underpowered systems that have crap "trial versions" of AV on them to try to convince people to buy, and people with older systems who have realized that "weird stuff is happening" and decide to try to purchase AV. If the AV companies can't make their stuff work reasonably well on older or underpowered machines, who the heck do they think they are going to sell to?

Re:AV dead? Symantec's certainly is (1)

Anonymous Coward | about 7 months ago | (#46932153)

I've had some experience with managed Symantec Enterprise Protection in recent years (>2012) and it takes very low resources (I have it running on several high-end computational workstations with no impact to calculation speed pre- and post-installation). Further, it (seems) to remove without any issues. I'm not saying it is the best AV solution, and the manageability is a little obfuscated, but in general, many of the disparaging statements you bring up are inconsistent with my general experience.
~

Re:AV dead? Symantec's certainly is (1)

yuhong (1378501) | about 7 months ago | (#46933851)

Eventually Norton AV began to take less resources and I think became easier to uninstall, but I am not sure about the detection rate.

Re:AV dead? Symantec's certainly is (1)

aybiss (876862) | about 7 months ago | (#46937013)

Heheheh, use SAR Tool much? I remember those days. Pretty bad when they have to have a special removal tool to get the software off your machine.

Plus you have to wonder what back doors were created to allow it to be possible in the first place (since other software should not be able to remove your AV).

Social Engineering. (1)

steeleyeball (1890884) | about 7 months ago | (#46929247)

No amount of Virus protection can prevent Stupidity.

Re:Social Engineering. (3, Insightful)

Notabadguy (961343) | about 7 months ago | (#46929591)

I have a T-Shirt that I got from jinx.com that basically says that.

Front: Social Engineering Expert:
Back: Because there is no patch for human stupidity

Let's see... who has a DLP solution... (1)

mistaryte (2446492) | about 7 months ago | (#46929319)

oh wait, Symantec does!

It was dead at least 5 years ago? (0)

Anonymous Coward | about 7 months ago | (#46929355)

Or whenever AV apps turned from something that protected your Windows machine from malware into scareware that slowed down the OS more than a virus.

You f4il 1t (-1)

Anonymous Coward | about 7 months ago | (#46929479)

they're gone Came learn what mis7akes conversation and DOG THAT IT IS. IT

Knew this (0)

koan (80826) | about 7 months ago | (#46929547)

In the last 5 years the only hits I ever got with McAfee or Kaspersky were for legit files (heuristic fumbling in the dark) or the EICAR file.

I use Virtualbox VM's (and a different OS than the host, the more obscure the better) to do all my web surfing and routinely delete then replace the pristine VM, the important stuff (banking, whatnot) gets done on the host and that's all that I do on the host.
No rootkits, "virus", or malware in 5 years (that I can detect of course).

At first it was a hassle, but now I have it polished down to "slim mode" and no expansion on the one bar that shows on the host.

To sum up, anti-virus is essentially worthless for me, as is any "malware" detection app because they have never had a hit.

Re:Knew this (1)

koan (80826) | about 7 months ago | (#46942001)

For the ass banana that marked me down.
http://krebsonsecurity.com/201... [krebsonsecurity.com]

This isn't news (0)

Anonymous Coward | about 7 months ago | (#46929649)

I can't believe anyone in the industry hasn't already realized that AV is kind of like the police: they don't really prevent crime, but are there to investigate crime after the fact. For the last 10 years at least, it has been my experience, that none of the really stealthy and dangerous viruses are ever detected by AV. It's good at catching the "script kiddie" sort of stuff, but ineffective at finding anything really dangerous, until it's too late. I don't own any Windows machines any longer, but if I did, I wouldn't even bother with installing AV. All it does is slow down your system. The best AV tool is your brain.

Norton AV used to be a leader but no more (2)

Virtucon (127420) | about 7 months ago | (#46929663)

It's now crapware, sorry but Symantec should now be thoroughly flogged in public for turning a once great, working, AV product into a piece of shit. I can't say much about the other vendors in the AV space, well I can for a few and I don't really trust any of them right now because they all miss shit and have lousy customer support.

Re:Norton AV used to be a leader but no more (2)

Voyager529 (1363959) | about 7 months ago | (#46933523)

The worst part is that they ditched the two half-decent products they HAD - PartitionMagic was excellent in its day, and Ghost 2003 was a great tool as well. Symantec discontinued both,leaving Acronis and OSS to eat their lunch in both departments. Alas, the dark side of chasing after subscriptions. ...and, shocker of shockers, they're offering 'cloud storage' now. I'm just waiting for 7-11 to start doing that.

Re:Norton AV used to be a leader but no more (1)

Virtucon (127420) | about 7 months ago | (#46935917)

Everybody is on the Cloud wagon. I hear prostitutes in Nevada are offering 20GB of free cloud storage for customers to photo dump their experiences.. .j/k

Yuo 7ail 1t (-1)

Anonymous Coward | about 7 months ago | (#46929785)

Parts of you are stupid. to the people playing can YOUR REPLIE?S RATHER

'Attacks' (2)

clickclickdrone (964164) | about 7 months ago | (#46929833)

I suspect the key to the 55% number is the word 'attacks' i.e. not viruses, worms etc but using OS holes and other such exploits.

The problem is.. (0)

Anonymous Coward | about 7 months ago | (#46929897)

that all AV software like this is reactive. Once the malware is out in the wild, it needs to get reported and analyzed and then added to the database. But the people who write the malware use every trick they can think of to evade the detection heuristics.

Don't get me wrong - I am not arguing that one ought not use AV at all, but that AV by itself doesn't provide you with the level of protection that many people might assume that they have.

I stop virus etc. BEFORE you get 'em (-1)

Anonymous Coward | about 7 months ago | (#46929985)

APK Hosts File Engine 9.0++ 32/64-bit:

http://start64.com/index.php?o... [start64.com]

(Details of hosts' benefits enumerated in link)

Summary:

---

A. ) Hosts do more than AdBlock ("souled-out" 2 Google/Crippled by default) + Ghostery (Advertiser owned) - "Fox guards henhouse", or Request Policy -> http://yro.slashdot.org/commen... [slashdot.org]

B. ) Hosts add reliability vs. downed or redirected DNS + secure vs. known malicious domains too -> http://tech.slashdot.org/comme... [slashdot.org] w/ less added "moving parts" complexity + room 4 breakdown,

C. ) Hosts files yield more speed (blocks ads & hardcodes fav sites - faster than remote DNS), security (vs. malicious domains serving mal-content + block spam/phish), reliability (vs. downed or Kaminsky redirect vulnerable DNS, 99% = unpatched vs. it & worst @ ISP level + weak vs FastFlux + DynDNS botnets), & anonymity (vs. dns request logs + DNSBL's).

---

Hosts do more w/ less (1 file) @ a faster level (ring 0) vs redundant browser addons (slowing up slower ring 3 browsers) via filtering 4 the IP stack (coded in C, loads w/ OS, & 1st net resolver queried w\ 45++ yrs.of optimization).

* Addons are more complex + slowup browsers in message passing (use a few concurrently - you'll see) - Addons slowdown SLOWER usermode browsers layering on MORE: I work w/ what you have in kernelmode, via hosts ( A tightly integrated PART of the IP stack itself )

APK

P.S.=> Currently adding 2 features to it:

1.) 'Shearing away' trackers you CAN'T see, via code techniques that emulate a netstat -ano albeit on an automated timer to do so, as I did here on slashdot (much like how "PEERBLOCK" operates, but, not using ADDED COMPLEXITY laying in a filtering driver, but instead, using the native Windows firewall, creating rulesets for that much too)

AND

2.) Making it FASTER on its slowest part (Convert & Filter) by breaking the file into 100 parts (which process FASTER already than doing the single large intake I do currently) by August!

... apk

Re:I stop virus etc. BEFORE you get 'em (0)

Anonymous Coward | about 7 months ago | (#46930857)

Your detractors have = 0 vs your points on hosts. Only unjustifiable minusmods to try hide your post. They clearly can't disprove your points validly.

Re:I stop virus etc. BEFORE you get 'em (0)

Anonymous Coward | about 7 months ago | (#46934123)

Your detractors have = 0 vs your points on hosts. Only unjustifiable minusmods to try hide your post. They clearly can't disprove your points validly.

Hi fuckwad, allow me to help you out here: nobody cares what you have to say, whether it's accurate or not, so stop annoying everyone by posting your shit over and over again.

No, we're not going to argue the usefulness of the hosts file with you, because we don't care and because nobody wants to talk to you.

You must have noticed by now, right? Nope! Still ignorant as ever, APK. You're too self-absorbed to notice anything outside your own little world. Better idea would be to post the hosts stuff again, maybe THIS TIME people will like you?

Paradigm Shift. (3, Informative)

Anonymous Coward | about 7 months ago | (#46930719)

Malware constitutes the following:
[Injection Method] + [Exploit] + [Persistence or Self-Removal Configuration] + [Payload]

You can jumble around solutions to create a virus.

AV companies have to figure out both signature based and heuristic detection methods as they can't just MD5 and ban files. Malware writers can build files that defy algorithmic description; that self-jumble every time they are copied.

Most viruses can emulate user activities sufficiently that antivirus cannot stop them.

E.G. Cryptolocker. Users have rights to use windows cryptographic processes to encrypt files.

Thus the focus has gone straight to controlling user activities and user data securely. Assume the user is a criminal, what can they do, what can I do to stop them?

Assume the end user will get hijacked; what can they do? Compartmentalize them and their job so the damage done is minimal. E.G. Publishing every application via Citrix Remote applications and setting the interface with the OS on some of them so you cannot copy specific fields in forms. E.G. Websense.

Assume multiple end users will get compromised, Log every attack so each attack becomes a one-trick-pony. E.G. Most Firewalls and their monitoring features.

Assume the end user will take off with their files; encrypt them and setup a system by which the keys are kept locally. E.G. Microsoft RMS or "Next Gen" Firewalls.

This is a big shift in paradigm for security and for Sarbox organizations where compliance objectives trump everything else. It's also a fantastic way to completely decimate an organization, because you limit the ability of organic growth to fudge over incompetent management.

For your Ma' and Pa' business, things have stayed business as usual. And really, there's a whole new set of skills and features big enterprises are expecting out of IT that they will not be able to find in the field or in current certification paths.

I stop virus etc. BEFORE you can get 'em (-1)

Anonymous Coward | about 7 months ago | (#46930847)

APK Hosts File Engine 9.0++ 32/64-bit:

http://start64.com/index.php?o... [start64.com]

(Details of hosts' benefits enumerated in link)

Summary:

---

A. ) Hosts do more than AdBlock ("souled-out" 2 Google/Crippled by default) + Ghostery (Advertiser owned) - "Fox guards henhouse", or Request Policy -> http://yro.slashdot.org/commen... [slashdot.org]

B. ) Hosts add reliability vs. downed or redirected DNS + secure vs. known malicious domains too -> http://tech.slashdot.org/comme... [slashdot.org] w/ less added "moving parts" complexity + room 4 breakdown,

C. ) Hosts files yield more speed (blocks ads & hardcodes fav sites - faster than remote DNS), security (vs. malicious domains serving mal-content + block spam/phish), reliability (vs. downed or Kaminsky redirect vulnerable DNS, 99% = unpatched vs. it & worst @ ISP level + weak vs FastFlux + DynDNS botnets), & anonymity (vs. dns request logs + DNSBL's).

---

Hosts do more w/ less (1 file) @ a faster level (ring 0) vs redundant browser addons (slowing up slower ring 3 browsers) via filtering 4 the IP stack (coded in C, loads w/ OS, & 1st net resolver queried w\ 45++ yrs.of optimization).

* Addons are more complex + slowup browsers in message passing (use a few concurrently - you'll see) - Addons slowdown SLOWER usermode browsers layering on MORE: I work w/ what you have in kernelmode, via hosts ( A tightly integrated PART of the IP stack itself )

APK

P.S.=> Currently adding 2 features to it:

1.) 'Shearing away' trackers you CAN'T see, via code techniques that emulate a netstat -ano albeit on an automated timer to do so, as I did here on slashdot (much like how "PEERBLOCK" operates, but, not using ADDED COMPLEXITY laying in a filtering driver, but instead, using the native Windows firewall, creating rulesets for that much too)

AND

2.) Making it FASTER on its slowest part (Convert & Filter) by breaking the file into 100 parts (which process FASTER already than doing the single large intake I do currently) by August!

... apk

Re:I stop virus etc. BEFORE you can get 'em (0)

Anonymous Coward | about 7 months ago | (#46934217)

Oh, good one - let's have it again! Nobody noticed it the first time, right?

Enterprise vs. Personal (1)

bobwalt (2500092) | about 7 months ago | (#46931353)

I suspect he was referring to enterprise attacks rather than AV attacks on individuals.

Blacklists are dead, Long live white lists. (2)

Karmashock (2415832) | about 7 months ago | (#46931579)

All antivirus software is ultimately based on the notion of a blacklist. That has failed. Whitelists however... that is lists of known good applications are more reasonable. Yes, they require users to know the difference and not just white list any nonsense. But white lists are much better at dealing with zero day attacks etc.

This is what anti virus should be... white lists.

Re:Blacklists are dead, Long live white lists. (1)

Anonymous Coward | about 7 months ago | (#46934039)

The problem with a white list is that if any of the software on it becomes vulnerable, it won't stop an infection. Adobe software has been notorious for having various holes in PDFs, Flash files, etc. A white list won't prevent those problems and most users won't accept removing the entire application when the problem can be avoided if users don't open malicious files.

They're definitely better at stopping the random crapware of the week that likes to trick users into installing it, but they're not going to stop everything.

Re:Blacklists are dead, Long live white lists. (2)

Karmashock (2415832) | about 7 months ago | (#46936033)

White lists can go all the way down to scripts. You can have them evaluate scripts and unknown scripts which run in PDFs or flash won't be allowed to run.

Another thing you can do is sandbox things that are just prone to infection such as flash. So flash etc would exist in a compartmentalized environment is unable to interact with anything outside of it except in a controlled fashion and anything that does interact even at that level has to be known.

Once everything that is not known is automatically prevented from running it will make infections much less likely.

  Of course, your'e going to have people clicking "allow" a lot because there will be a lot of unknown third party content. And there you run into issues. But the average user should be encouraged in that situation to not hit allow ever unless the code asking for permission was authorized by someone else that should know what they're talking about.

More experienced users can take their chances.

In a corporate environment, the "allow" feature would only be available at the admin level. Processes and scripts trying to run but forbidden to do so would be flagged and passed on to the administrator who could either add the file/program/script to the white list or he could track down who, where, and when the process attempted to run and then ask the user why.

This is security.

Anything else is a fucking waste of time.

Re:Blacklists are dead, Long live white lists. (1)

chuckugly (2030942) | about 7 months ago | (#46962737)

If it's going to persist it has to alter something on disk, and if that something isn't on the white list it won't restart. Vulnerabilities "only" get you running for the moment. As soon as the compromised system goes down the infection is gone. Conventional AV won't detect a non-persistent worm either.

Viruses are only part of the problem (0)

Anonymous Coward | about 7 months ago | (#46931675)

The problem is a majority of the stuff that gets on the computer are not viruses at all. Sure they are crappy, annoying, and screw the computer over and hog all the resources, but they are legal "products" being shilled to the internet surfer constantly, telling them their computer is slow and this and that, and they just need to install "blah blah blah registry cleaner" to make it better. But then you install it, and all it does is scan and tell you you need to pay money to actually fix anything (not that it would help, since it is the thing actually slowing the computer down by starting up and scanning constantly now). The user generally does not know how to remove a program, if the uninstaller works at all. Some of these come bundled with other "helpful" trial programs and shopping "helpers" and "savers" that work hard to show you ads all the time of all the deals you could be getting. All of this stuff is legal and installed by the user.

Cure for Cancer (1)

jhumkey (711391) | about 7 months ago | (#46931783)

I found a cure for Cancer . . . but its only effective against 55% of the cancers out there, so it hardly seems worth immunizing the public since its not 100% effective.

As long as the overhead of trapping/blocking the 55% of computer virus attacks is unobtrusive to me . . . Thanks, I'll gladly take what protection I can get.

Almost true (1)

ttyX (1546893) | about 7 months ago | (#46931795)

As much as I dislike the company I have to say Antiviruses can't protect users from being stupid.

AV has been in decline for awhile (2)

DarthVain (724186) | about 7 months ago | (#46931835)

First off, most of the commercial ones like Norton, are barley better than the viruses they claim to protect you from. Except they are more bloated, you pay for them, and usually come pre-installed on your system if you buy retail. Many of the "free" (usually pay for upgrade) options are actually much better. My two favorite are MSE and Spybot. However even they have limitations now. From experience MOST baddies, are not really the viruses of old, but rather adware of some creed. Anyone who had gotten and removed from some of these can tell you about the painful process of trying to go through the complex process to get rid of some of these insidious things. Having a 2nd computer or smart phone is handy in trying to do this so you can take the affected system offline so it doesn't automatically re-infect itself halfway through the process. In many cases it is just easier to wipe the slate clean and install clean again. AV is going to have a very hard time automating some of those complex processes to remove the agent. Hell a good chunk of the malware you are going to get is likely produced with the specific purpose of selling AV software in the first place. Having some AV is a good idea, but it is only a very small piece of the puzzle. Firewalls are more critical. Even more so than that is being critical about what you run, visit or install on your machine. Knowing if you go to a sketchy site you are running a risk. Have install disks. Have a decent backup. That is the world we live in now. I know what the hell I am doing, but every now and again even I get owned. Many of them aren't really infecting your system, so much as vulnerable software, particularly browsers. The last one I had, was easily removed from the "system", but it continued to completely own Chrome, which you would have to go into and manually change all the settings back, or re-install a clean version of Chrome with default settings.

So anyway to summarize, it just isn't all that useful anymore, but like anything you can sell it to people who don't know any better.

The Problem. (1)

zacherynuk (2782105) | about 7 months ago | (#46932971)

Software cannot currently exist in or directly access Layer 8.

Our governments are addressing this and within the decade 'AV Firms' will once again have full access to all IO and static data within layer 8 of the OSI model.

I have been reliably informed that these measures will reduce crime and increase community compliance and by bringing calm to all who have the Thought Process Modification (TPM) chip installed.

You can't protect from an ever evolving threat... (2)

Aboshi (2893469) | about 7 months ago | (#46933323)

The simple fact is the most basic crypter can defeat 99% of the antivirus that are on the market and the 1% that does catch something that is crypeted just gets lucky. Until the app has spread around enough for the antivirii databases to learn the hash of the file in question, only then it gets flagged and nearly all antivirus programs catch it instantly. This is obviously a download and run scenario not a drive by attack (crypted files). Either way you look at it you can expect to get owned with a clever 0-day or crypted app. So watch what you torrent ;)

Re:You can't protect from an ever evolving threat. (1)

chuckugly (2030942) | about 7 months ago | (#46962749)

Self encrypted and polymorphics have been detectable for over 20 years.

fuck beta (0)

Anonymous Coward | about 7 months ago | (#46935013)

Now they've broken login, good job.

Time to leave /. if they can't even get the basics right.

Not rocket science. (0)

Anonymous Coward | about 7 months ago | (#46936173)

1. Disable autorun.
2. Install adblocker.
3. Install EMET.
4. Install the security updates people.
5. Stop opening every freaking email attachment.

Congrats. Your odds of being infected with anything are stupid low. And you did it without even installing an AV yet.

Symantec marketing team: (1)

onproton (3434437) | about 7 months ago | (#46955215)

I have an idea guys, let's draw attention to how useless our product is and see how many suckers still buy it! Purchase antivirus software from Symantec, the world's leader in software that lures you into a false sense of security. Get it now for only $50 and you can enjoy a few more months of 50% less viruses, after that - meh, who knows!
Check for New Comments
Slashdot Login

Need an Account?

Forgot your password?