Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Why Popular Anti-Virus Apps 'Don't Work'

ScuttleMonkey posted more than 8 years ago | from the build-a-better-mousetrap dept.

375

Avantare writes "ZDNet Australia has a writeup about why AV apps don't work. The reason given is because the malware authors are writing code that will get around the signatures of the application by testing their code on the most popular anti-virus software before release." This comes as a follow up to another article detailing the sad state of anti-virus software currently on the market.

cancel ×

375 comments

Sorry! There are no comments related to the filter you selected.

First post! (-1, Flamebait)

Happy Nigger (989201) | more than 8 years ago | (#15763723)

Are you GAY [klerck.org] ?
Are you a NIGGER [mugshots.org] ?
Are you a GAY NIGGER [gay-sex-access.com] ?

If you answered "Yes" to all of the above questions, then GNAA (GAY NIGGER ASSOCIATION OF AMERICA) might be exactly what you've been looking for!
Join GNAA (GAY NIGGER ASSOCIATION OF AMERICA) today, and enjoy all the benefits of being a full-time GNAA member.
GNAA (GAY NIGGER ASSOCIATION OF AMERICA) is the fastest-growing GAY NIGGER community with THOUSANDS of members all over United States of America and the World! You, too, can be a part of GNAA if you join today!

Why not? It's quick and easy - only 3 simple steps!
  • First, you have to obtain a copy of GAYNIGGERS FROM OUTER SPACE THE MOVIE [imdb.com] and watch it. You can download the movie [idge.net] (~130mb) using BitTorrent.
  • Second, you need to succeed in posting a GNAA First Post [wikipedia.org] on slashdot.org [slashdot.org] , a popular "news for trolls" website.
  • Third, you need to join the official GNAA irc channel #GNAA on irc.gnaa.us, and apply for membership.
Talk to one of the ops or any of the other members in the channel to sign up today! Upon submitting your application, you will be required to submit links to your successful First Post, and you will be tested on your knowledge of GAYNIGGERS FROM OUTER SPACE.

If you are having trouble locating #GNAA, the official GAY NIGGER ASSOCIATION OF AMERICA irc channel, you might be on a wrong irc network. The correct network is NiggerNET, and you can connect to irc.gnaa.us as our official server. Follow this link [irc] if you are using an irc client such as mIRC.

If you have mod points and would like to support GNAA, please moderate this post up.

.________________________________________________.
| ______________________________________._a,____ | Press contact:
| _______a_._______a_______aj#0s_____aWY!400.___ | Gary Niger
| __ad#7!!*P____a.d#0a____#!-_#0i___.#!__W#0#___ | gary_niger@gnaa.us [mailto]
| _j#'_.00#,___4#dP_"#,__j#,__0#Wi___*00P!_"#L,_ | GNAA Corporate Headquarters
| _"#ga#9!01___"#01__40,_"4Lj#!_4#g_________"01_ | 143 Rolloffle Avenue
| ________"#,___*@`__-N#____`___-!^_____________ | Tarzana, California 91356
| _________#1__________?________________________ |
| _________j1___________________________________ | All other inquiries:
| ____a,___jk_GAY_NIGGER_ASSOCIATION_OF_AMERICA_ | Enid Al-Punjabi
| ____!4yaa#l___________________________________ | enid_al_punjabi@gnaa.us [mailto]
| ______-"!^____________________________________ | GNAA World Headquarters
` _______________________________________________' 160-0023 Japan Tokyo-to Shinjuku-ku Nishi-Shinjuku 3-20-2

FP (-1, Flamebait)

NarkersMarker (989475) | more than 8 years ago | (#15763724)

LastMeasure hits the 100000 watermark
LastMeasure hits the 100000 watermark
Zeikfried - Reuters, Nigeria

In a self congratulatory press conference described by one historical analyst as to be "worth 10 Dresdens", the now world famous egalitarians of the Gay Nigger Association of America announced to the worlds press that their highly successful open source lastmeasure project has now reached over one hundred thousand homes across the world.

Amidst a snowstorm of tickertape and parade like festivity, Penisbird, one of the founders of the LastMeasure project, screeched triumphantly from his now gold plated dong perch that the exponental growth of the sought after shock site can only continue. And even those outside the GNAAs dark skinned sphere of influence can only agree, in the face of the cutting edge "xangadot" marketing techniques applied by GNAA LM sales reps Incog, Saturn, Trake, qat, and Zeikfred Tuvai.

The sheer ferocity of the xangadot effect has caught many by surprise, none more so than xanga spokesperson AzN_ThuG_08, who was quoted as saying "MUTHAFUCKA TAKE DOWN MAH SITE...BITCH IM LETTIN U...FUCK DIS SITE AND FUCK U TOO. I CAN MAKE A NEW ONE I GOT THA TIME u stupid muthafucka" before driving his nitroglycerin laced riced up honda into GNAA Headquarters in a suicidal and dastardly attempt to decapitate the GNAA leadership. Thankfully the 140 decibel exhaust of the now vapourised vehicle allowed the surrounding buildings to be evacuated several minutes before the atrocity took place.

Speaking from his converted 1970's brothel, overpaid financial analyst Gary Niger told Reuters, "The effects of what has been dubbed the 'Open Source Final Solution' can be felt in almost every area of digital society. A striking example of this would be the once worthless .info TLD being re-energised with a huge cash and semen injection from the GNAA LastMeasure project, punctuated by Netcrafts recent confirmation that the GNAA has now gained a massive controlling stake in .info over the course of the past 2 months".

Can this momentum continue? Or has LastMeasure reached its unsurpassable xenith, with the only way left down? GNAA President timecop refused to comment, instead choosing to bathe naked in a pool of Yen laughing insanely. The future seems bright.

About LastMeasure:

A primitive version of LastMeasure was concieved by Penisbird of the GNAA after playing with an AIM utility named AIM Invader. It offered Penisbird a myriad of ways to crash AIM clients. By far the most powerful crash was the "last measure" crash, which would inundate an AIM client with file transfer requests, buddy list sends, messages full of smileys and colors, until the AIM client crashed due to lack of RAM.

The LastMeasure site originally consisted of Penisbird, Goatse, Tubgirl, Lemonparty, and Shitfaced Lady. But has expanded to include many other of the internets treasured icons. And with the addition of StatsMeasure, the clipboard data of thousands of unwitting victims has now been exposed for the world to see.

For more information about LastMeasure, visit the official website, LastMeasure.com [lastmeasure.com]

LastMeasure is licensed under the BSD Version 2 License.


About GNAA:
GNAA (GAY NIGGER ASSOCIATION OF AMERICA) is the first organization which gathers GAY NIGGERS from all over America and abroad for one common goal - being GAY NIGGERS.

Are you GAY [klerck.org] ?
Are you a NIGGER [mugshots.org] ?
Are you a GAY NIGGER [gay-sex-access.com] ?

If you answered "Yes" to all of the above questions, then GNAA (GAY NIGGER ASSOCIATION OF AMERICA) might be exactly what you've been looking for!
Join GNAA (GAY NIGGER ASSOCIATION OF AMERICA) today, and enjoy all the benefits of being a full-time GNAA member.
GNAA (GAY NIGGER ASSOCIATION OF AMERICA) is the fastest-growing GAY NIGGER community with THOUSANDS of members all over United States of America and the World! You, too, can be a part of GNAA if you join today!

Why not? It's quick and easy - only 3 simple steps!
  • First, you have to obtain a copy of GAYNIGGERS FROM OUTER SPACE THE MOVIE [imdb.com] and watch it. You can download the movie [idge.net] (~130mb) using BitTorrent.
  • Second, you need to succeed in posting a GNAA First Post [wikipedia.org] on slashdot.org [slashdot.org] , a popular "news for trolls" website.
  • Third, you need to join the official GNAA irc channel #GNAA on irc.gnaa.us, and apply for membership.
Talk to one of the ops or any of the other members in the channel to sign up today! Upon submitting your application, you will be required to submit links to your successful First Post, and you will be tested on your knowledge of GAYNIGGERS FROM OUTER SPACE.

If you are having trouble locating #GNAA, the official GAY NIGGER ASSOCIATION OF AMERICA irc channel, you might be on a wrong irc network. The correct network is NiggerNET, and you can connect to irc.gnaa.us as our official server. Follow this link [irc] if you are using an irc client such as mIRC.

If you have mod points and would like to support GNAA, please moderate this post up.

.________________________________________________.
| ______________________________________._a,____ | Press contact:
| _______a_._______a_______aj#0s_____aWY!400.___ | Gary Niger
| __ad#7!!*P____a.d#0a____#!-_#0i___.#!__W#0#___ | gary_niger@gnaa.us [mailto]
| _j#'_.00#,___4#dP_"#,__j#,__0#Wi___*00P!_"#L,_ | GNAA Corporate Headquarters
| _"#ga#9!01___"#01__40,_"4Lj#!_4#g_________"01_ | 143 Rolloffle Avenue
| ________"#,___*@`__-N#____`___-!^_____________ | Tarzana, California 91356
| _________#1__________?________________________ |
| _________j1___________________________________ | All other inquiries:
| ____a,___jk_GAY_NIGGER_ASSOCIATION_OF_AMERICA_ | Enid Indian
| ____!4yaa#l___________________________________ | enid_indian@gnaa.us [mailto]
| ______-"!^____________________________________ | GNAA World Headquarters
` _______________________________________________' 160-0023 Japan Tokyo-to Shinjuku-ku Nishi-Shinjuku 3-20-2

Copyright (c) 2003-2004 Gay Nigger Association of America [www.gnaa.us]

No S**t (5, Insightful)

Instine (963303) | more than 8 years ago | (#15763740)

AV software, and even most firewall software, which goes beyond port control simply prevents the user using the whole of the internet, but rarely stops the internet using them. This is just one reason why.

Still an interesting point it raises, and a good example to give to none believers if you ever have to give the "Nothing is perfectly secure" speach to a client.

Re:No S**t (5, Informative)

nmb3000 (741169) | more than 8 years ago | (#15763814)

Still an interesting point it raises, and a good example to give to none believers if you ever have to give the "Nothing is perfectly secure" speach to a client.

At least people are starting to realize this.

As for myself, I used to use Symantec's antivirus software both at home and at work, but a year ago decided it just wasn't worth it. The program was the most obscene resource hogs I've ever had the displeasure to use, and in the 7+ years of using the program it never once protected me from getting a virus. The same can be said for a lot of other AV offerings, and yet you still see some idiots suggesting you run 2-4 different AV applications just to "be sure you're safe".

Once people realize that the single best and most effective method of protecting themselves is common sense, they will be a lot better off. If you don't download from untrusted sources, don't click banners, don't install just any (activeX|extensions), and keep your machine patched, you'll be fine (YMMV of course).

The problem is that while people can buy Symantec's latest breakthrough in keeping your processor occupied, they cannot buy common sense.

In my experience, Symantec software is worse... (4, Informative)

Futurepower(R) (558542) | more than 8 years ago | (#15763879)

Symantec software is even worse than you said, in my experience.

You didn't mention the bugginess.

Re:No S**t (4, Interesting)

tokenhillbilly (311564) | more than 8 years ago | (#15763945)

I did the same thing almost the same time ago. I had 5 computers in my home running Symantic AV. The subscriptions kept expiring on a seemingly continuous rotation. Looking at the logs, none of them had detected a single virus in over a year. I finally decided to develop a system of backing up any critical files on a regular basis and a proceedure for reloading my systems if they were affected by any malware that came along. I removed all protection from my systems and waited for the worst.

It's a year later and, other than my systems running almost twice as fast and having a lot fewer weird hangups and crashes, I have not had a single problem.

Re:No S**t (1)

IceCreamGuy (904648) | more than 8 years ago | (#15763996)

You said "...in the 7+ years of using the program it never once protected me from getting a virus." How do you know that? Maybe you would have gotten more viruses if you hadn't been using it. You'll never know since you had it running the whole time. Seriously though I do agree with everything you said, I don't use AV either, I just run trendmicro sysclean every now and then to keep tabs on things and that's it. Hopefully as computers become more and more integrated into everyone's lives, future generations will have gained the common sense needed to keep people from clicking where they shouldn't.

Re:No S**t (0)

Anonymous Coward | more than 8 years ago | (#15763820)

even most firewall software, which goes beyond port control simply prevents the user using the whole of the internet, but rarely stops the internet using them.

And what crappy firewall do you use? Zonealarm, Kerio, and many other firewalls disallow incoming connections from outside by default. Some of them are too generous in what they allow out, but their incoming defaults are decent.

Re:No S**t (2, Insightful)

Instine (963303) | more than 8 years ago | (#15763891)

And what crappy firewall do you use?

Good question. I use XP's SP2 with Advanced Security Tech, plus Router, on my every day machine. I'll not publicise the security I use on more critical machines (eccentricityplus obfuscation is THE only way to minimise security breaches in my opinion). But no AV. I don't open untrustworthy apps, and as TFA goes some way to explain, AV software doesn't work. However I dev and support web apps that must circumvent 'intrusions' made by Norton.

One such feature is their referrer blocking. This seems to serve no purpose, and is simple to work around. Without the work-around, my software, and many other web apps and sites out there are broken by this "security measure". It took me precisely 1 hour to work around this issue, and I'm not that fast a coder.

Am I some kind of evil, nija hacker trying to phish people's personal details? No, I'm a developer trying to make web based accessibility software.

So what DO I suggest? Have a quick and easy backup and recover system. And use it. Oh, and don't think Norton does anything practical to help your system security. It simply stops you from using many honest, trust worthy sites and services, while marginally improving your chances against old, 'orthodox' malware.

Re:No S**t (0)

Anonymous Coward | more than 8 years ago | (#15763860)

"speach"?

is that a kind of peach?

Did I miss something? (3, Insightful)

ColdWetDog (752185) | more than 8 years ago | (#15763741)

Or are both of these articles the same thing? And not much of anything, either. Two paragraph blurbs on the sad state of AV software.

Nothing to see here, move along please.

And they are both wrong. (5, Insightful)

khasim (1285) | more than 8 years ago | (#15763806)

Think about it for a moment. What is the intent of anti-virus software ("anti" + "virus")? Isn't it to stop apps that you don't want running on your computer? Apps that were written by the "bad guys"?

So, the reason that anti-virus software sucks is because the "bad guys" are writing BETTER "viruses" that can bypass the anti-virus programmers' software.

And the reason for that is that anti-virus software is REACTIVE.

A proactive system would patch the holes that are being exploited.

A reactive system issues patches to remove all the specific threats encountered so far.

That approach will ALWAYS result in the "good guys" being behind the "bad guys". Like DUH!!!

Re:And they are both wrong. (3, Insightful)

CashCarSTAR (548853) | more than 8 years ago | (#15763863)

The biggest hole existing right now is the user. Any thought otherwise is simply whistling in the wind.

Once a user runs software, if that software is malicious, that computer is compromised. Period.

You are correct, but inaccurate. (1)

khasim (1285) | more than 8 years ago | (#15763930)

The biggest hole existing right now is the user. Any thought otherwise is simply whistling in the wind.

Not so. There is a lot that can be done as I will explain.
Once a user runs software, if that software is malicious, that computer is compromised. Period.

That is correct. But it is inaccurate as, in most cases, the user is NOT AWARE that s/he is running software or installing software.

Which is one of the reasons that Linux is so resistant to the "viruses" (viruses, worms and trojans) that are out there. The OS protects the OS files from non-root users.

There, the problem is solved for all users except those who will willingly and knowingly install the "virus" themselves.

Re:And they are both wrong. (1)

Bert64 (520050) | more than 8 years ago | (#15763969)

Which is why users should have absoloute minimal privileges...
Really, users should rent computers, not have administrative privileges on them, and pay when they need support or for someone to install something for them etc, this would solve a lot of these problems, and provide the users with a source of help (so they don't need to hassle friends/family)

Re:And they are both wrong. (1)

bcat24 (914105) | more than 8 years ago | (#15764000)

That sounds dangerously like Microsoft's Trusted Computing.

Re:And they are both wrong. (4, Informative)

stevey (64018) | more than 8 years ago | (#15763916)

A proactive system would patch the holes that are being exploited.

The problem here is that virus don't typically exploit any hole. They are simply programs that run with the privileges of the user who executes them.

A typical (old school) virus would do three things:

  • When executed find files that can be written to - pick one at random.
  • Update that program to append itself to the end of it. Patch the header so that execution starts at the newly appended code.
  • Work out where the currently infected program should have started execution from - jump to it.

There are only two things you can do to protect against this, in general:

  • Don't run infected programs.
  • Don't allow the current user to modify binary files.

In Windows it is the second issue which allows viruses to spread - typically the local user would have write access to the system binaries, so eventually Notepad.exe would get infected, etc. Under Linux/Unix root generally is the only person who can write to system binaries, so a typical user can't infect them.

However Linux viruses do exist, and are trivial to write. The reason they don't spread is partly because users are used to getting their binaries from trusted sources, partly because they download things from source, and partly because most users don't run with the ability to modify system files. (Sure you might be able to infect ~/bin - but there isn't a big gain)

Windows is getting better at allowing non-Administrators to work properly, so sooner or later the ability of joe-random-desktop user to modify system binaries will disapear and at that point viruss will stop. Still there will be worms, trojans, and all the other nasties left!

I've gone on a bit much, but I wanted to drive the point home : Viruses do not exploit security holes. (In general)

Just follow a few basic steps... (4, Insightful)

gasmonso (929871) | more than 8 years ago | (#15763745)

1. Firefox with popup blocker

2. Firewall software

3. Sit behind router

4. Use AV software

5. Don't click on anything that pops up without read it!

http://religiousfreaks.com/ [religiousfreaks.com]

Re:Just follow a few basic steps... (2, Funny)

Anonymous Coward | more than 8 years ago | (#15763761)

I clicked on your religous link, and my pc reboots ev

Re:Just follow a few basic steps... (1, Insightful)

Anonymous Coward | more than 8 years ago | (#15763792)

You forgot step 6. Don't run Windows.

Re:Just follow a few basic steps... (1, Insightful)

Anonymous Coward | more than 8 years ago | (#15763795)

good list, but I would add;

6. Don't use Windows

7. Don't install something that you do not know (to within a reasonable degree of certainty) to be trust-worthy

Re:Just follow a few basic steps... (2, Insightful)

Mr. Freeman (933986) | more than 8 years ago | (#15763887)

I agree that windows is insecure. But it isn't exactly practical for a lot of people to switch to another OS. I hate windows, but I'm pretty much forced to use it because I have no idea how to run Linux well, and apple doesn't run any of the applications I use often.

Re:Just follow a few basic steps... (1)

wonkobeeblebrox (983151) | more than 8 years ago | (#15763924)

>I hate windows, but I'm pretty much forced to use it because
>I have no idea how to run Linux well,
>and apple doesn't run any of the applications I use often.

Such as....?

I found the conversion from PC to Mac to be very easy, and the Mac applications are much better than their corresponding Windows ones (think Safari vs IE, iPhoto vs (nothing), iTunes, etc.)! It's very strange: on a Mac, things just kinda work.

Seriously, about the only thing a PC is good for is game playing. Some might argue you need a PC to mainly do Office type tasks (word, excel, etc), but Office works on a Mac as well.

Doing anything of a serious nature on a PC is like leaving all the windows in your house broken and hoping that the wrong attention is not drawn.

Re:Just follow a few basic steps... (3, Insightful)

arodland (127775) | more than 8 years ago | (#15763970)

You can't run Linux because you're not experienced in using it... but you were born knowing how to use Windows? Or what?

Re:Just follow a few basic steps... (1)

TCM (130219) | more than 8 years ago | (#15763827)

5a. Even then don't click it.

Re:Just follow a few basic steps... (1)

fm6 (162816) | more than 8 years ago | (#15763875)

That's all sound advice, to which I would add, "Be very careful about what you install". But your attitude sucks. When you say "Just follow a few basic steps..." you imply "... and you don't need to worry." No anti-malware strategy is absolutely guaranteed to protect you. You can miminize your risks, that's all.

Re:Just follow a few basic steps... (1)

Chrispy1000000 the 2 (624021) | more than 8 years ago | (#15763921)

I know a strategy that works: only use Ti-83's as your hardware. There's not to much spyware out for those yet, is there?

A corollary... (1)

mlow82 (889294) | more than 8 years ago | (#15763937)

1. Firefox with popup blocker
A corollary to step one is to install the AdBlock [mozdev.org] extension to block ads before Firefox gets the chance to download them.

Re:Just follow a few basic steps... (5, Informative)

Gnavpot (708731) | more than 8 years ago | (#15763958)

1. Firefox with popup blocker

2. Firewall software

3. Sit behind router

4. Use AV software

5. Don't click on anything that pops up without read it!
You ignore the three most important:

Remove administrative priviledges from your everyday account.

Keep your software and OS updated.

Do not run software with a bad security record.

I don't use Norton.. (2, Interesting)

ACAx1985 (989265) | more than 8 years ago | (#15763754)

I don't use Norton not because I feel it's poor at catching/preventing viruses, but for the level of intrusion that comes with it. The Norton name, and especially Norton Ghost, are just a headache waiting to happen for anyone who installs it. I very happilly use FireFox 1.5 and the latest version of Nod32. Additionally, I don't open e-mails that promise a glimpse into Paris Hilton's private area. -ACA

Re:I don't use Norton.. (5, Funny)

Anonymous Coward | more than 8 years ago | (#15763766)

Additionally, I don't open e-mails that promise a glimpse into Paris Hilton's private area.

Hm. You can call that area on Paris Hilton a lot of things, but "private" isn't one them.

Re:I don't use Norton.. (1, Insightful)

Anonymous Coward | more than 8 years ago | (#15763812)

You mean this [joomeara.info] ?

Re:I don't use Norton.. (1)

gardyloo (512791) | more than 8 years ago | (#15763818)

Finally. An "in-sightful" post!

Kaspersky? (2, Interesting)

morgan_greywolf (835522) | more than 8 years ago | (#15763757)

FTFA:

One vendor Ingram did mention was Russian outfit Kaspersky, which in the same tests managed to block around 90 percent of new malware.


So what's Kaspersky doing that's making it so much better? Or was the study paid for by Kaspersky? It sounds suspiciously like FUD to me.

Re:Kaspersky? (0)

Anonymous Coward | more than 8 years ago | (#15763768)

Yes, Kaspersky sponsored the study in the hopes of achieving 0.8% of the market share.

Re:Kaspersky? (3, Informative)

WombatDeath (681651) | more than 8 years ago | (#15763775)

The article suggests not that it's doing anything better, but that since it has only 0.8% of the market the malware authors don't bother to work around it.

Re:Kaspersky? (0)

Anonymous Coward | more than 8 years ago | (#15763942)

What article did you read?

"One vendor Ingram did mention was Russian outfit Kaspersky, which in the same tests managed to block around 90 percent of new malware.

According to Gartner, Kaspersky's market share is a lowly 0.7 percent."

Re:Kaspersky? (0)

Anonymous Coward | more than 8 years ago | (#15763779)

Kaspersky is at the sweet spot: big enough to have a reasonable virus database, but small enough that the virus creators don't spend extra effort trying to bypass it.

Re:Kaspersky? (0)

Anonymous Coward | more than 8 years ago | (#15763785)

Did you read TFA?

Kapersky works so well because it is so unpopular.

That may or may not be true, and it may or may not be that simple, but that's the main thrust of the article.

Re:Kaspersky? (0)

Anonymous Coward | more than 8 years ago | (#15763842)

It's basically the same reason malware is relatively rare on Mac OS X, Linux, Unix and other minor operating systems: they just aren't popular enough for the malware authors to bother with.

If intelligent malware authors cared about circumventing Kaspersky's software, I've no doubt that they could quite easily do it. Hardly anyone uses this software, however, so the gain (in terms of machines infected) is too small to offset the time and effort that would be required (even if were trivially easy to bypass). On the other hand, no matter how good Norton is, if they manage to circumvent it, the result will be as huge increase in the number of machines infected, so from their perspective, any amount of effort is worth the trouble.

Re:Kaspersky? (1, Funny)

Anonymous Coward | more than 8 years ago | (#15763849)

Its probably a trojan.

And the article is social engineering to get you to install it.

you are not supposed to cure the symptoms (1)

scenestar (828656) | more than 8 years ago | (#15763758)

But the disease [slashdot.org] .

Re:you are not supposed to cure the symptoms (2, Funny)

antifoidulus (807088) | more than 8 years ago | (#15763774)

So..... the disease is slashdot then?

goddammit (1)

scenestar (828656) | more than 8 years ago | (#15763783)

that was supposed to link to www.ubuntu.com/download/ [ubuntu.com]

Re:you are not supposed to cure the symptoms (1)

kfg (145172) | more than 8 years ago | (#15763823)

But first do no harm . . .to the goose that lays the golden egg.

KFG

Dedication to QA (4, Funny)

Distinguished Hero (618385) | more than 8 years ago | (#15763762)

testing their code on the most popular anti-virus software before release.
Now that's good quality assurance. Many programmers have much to learn in this regard, though I suppose virus writers are motivated by doing what they love and not having to put up with PHBs, which are two amenities a lot of programmers have to do without. :)

Re:Dedication to QA (0, Flamebait)

sjwest (948274) | more than 8 years ago | (#15763811)

Welcome to fud (currently promoted by the Bush Family).

Anti virus on windows fails becuase,

1. its the platform to hack
2. Most users are clueless

Re:Dedication to QA (1)

Bert64 (520050) | more than 8 years ago | (#15763874)

3. Because users have administrative privileges by default

Anti-virus Programs Aren't Up to Snuff (1)

sweetnjguy29 (880256) | more than 8 years ago | (#15763771)

I currently run the free edition of Avast! as my real time virus scanner, and ClamAV as a second layer of protection on Windows XP. I recently got infected with an Aol IM worm, which neither program could root out or detect...ended up having to get a free specialty program, AIMfix, to get the crap off my computer.

Windows XP, Windows Defender, Windows Firewall, or Avast! should be able to prevent the worm from installing itself...Heck, my Ubuntu installation wouldn't let me install some stupid .inf type file without the correct permissions...

Re:Anti-virus Programs Aren't Up to Snuff (1)

Jarnis (266190) | more than 8 years ago | (#15763793)

Sure it would, assuming you ran it as root - just like you run your Windows XP.

True, XP is a huge pain to use without admin rights due to braindead apps, but that problem is going to get fixed soon with Vista, as it will push non-admin account as default, and developers have to get their braindead apps fixed.

Re:Anti-virus Programs Aren't Up to Snuff (1)

narfbot (515956) | more than 8 years ago | (#15763816)

and developers have to get their braindead apps fixed.

Is that really going to happen? Most games require admin privileges because they install some kernel level driver for copy protection on run. Either they'll still run as admin, or the non-admin account will be admin in different clothes. Even if vista has a real non-admin mode, something is going to spectacularly fail.

Re:Anti-virus Programs Aren't Up to Snuff (1)

Mr Tall (767172) | more than 8 years ago | (#15763883)

Yep, there's a whole slew of things you have to do to get the "vista approved" sticker on your game box. The main thing is running under a non-admin account.

Of course you can still release windows games that don't do this stuff, but I reckon everyone will want the sticker :)

Re:Anti-virus Programs Aren't Up to Snuff (4, Informative)

Apraxhren (964852) | more than 8 years ago | (#15763857)

XP is a huge pain to use without admin rights due to braindead apps
I'm not sure if that is all that true anymore at least. Granted I don't run a vast amount of software but in my experience it seems more recent software tends to be non brain dead at least in the gaming industry. What was once one of the worst offenders, nearly everything used to write to the program files dir but now all the ones I have had experience with write to the user space. Every other program I run allows a choice of where to save data so they work perfectly as well. However, like I said I don't have every software title at my disposal and really it could just be luck in the programs I run. Aaron Margosis does an excellent job of providing all the information needed to run as non-admin on his blog: http://blogs.msdn.com/aaron_margosis/archive/2005/ 04/18/TableOfContents.aspx [msdn.com]

Then don't run as admin (1)

Sycraft-fu (314770) | more than 8 years ago | (#15763807)

If you want the OS to protect you by denying you access make an admin and a non-admin account. Use the non-admin account for normal use, switch to the admin account if you need to install something.

Why is... (2, Insightful)

twmf (990382) | more than 8 years ago | (#15763784)

...the endless repetition of the obvious considered news?

Ummmmm...

Aw crap. Sorry, forgot which planet I was on again.

Please move along.

Amateurs talking, never mind (1, Insightful)

Anonymous Coward | more than 8 years ago | (#15763808)

Indeed. None of these "brand new AV product problems" are hardly new. Every real professional has known over 10 years that anti-virus software is based on flawed assumptions and the fundamental principles behind them are plain broken.

You have to distinguish what they do against lame mindless amateurs and random automated attacks versus targeted attacks. Using those scenarios as a backdrop you will very fast realize that it's easier mostly to fix the problems (the security problems) and not the symptoms.

Mac AV Software (1, Informative)

Anonymous Coward | more than 8 years ago | (#15763786)

If anti-virus software on WIndows is bad, anti-virus software on the Mac is doubly so. And you don't even need it (on the Mac), except that some of us work in IT and the end-users refuse to believe the tech support staff and instead choose to believe the hyped-up newspaper reports about viruses being a problem on the Mac (sorry, no, they aren't). So, we have to have a "solution" present on their computers to make them feel "safe". Except the major A/V makers' products on the Mac side don't even do the job of appearing to work. A prime example is McAfee Virex and its virus definition update functionality. It gives an error message even when it works correctly (but of course an end-user is going to be put off by the error message and call tech support). Do you feel safe when your anti-virus software can't even report the status of virus definitions updates correctly?

Re:Mac AV Software (1)

KDR_11k (778916) | more than 8 years ago | (#15763809)

Another question is: If Macs are as secure as some people claim they are, what exactly is in those virus definition files? Zeros?

Re:Mac AV Software (0)

Anonymous Coward | more than 8 years ago | (#15763826)

If Macs are as secure as some people claim they are, what exactly is in those virus definition files? Zeros?

No, the definitions for all the Windows malware out there, plus (probably) the definitions for long-extinct pre-OS X Mac viruses.

Mac users are apparently expected to purchase antivirus software as a courtesy to Windows users everywhere, lest their Windows-malware-impervious machines serve as carriers.

As a Mac user, my personal position on this is that I will return the courtesy shown me by the Windows world. To wit: "Go fuck yourselves, the lot of you."

Re:Mac AV Software (0)

Anonymous Coward | more than 8 years ago | (#15763828)

1. Office macro viruses.
2. Every Win32/DOS virus known just so they can remove them before sending files to PCs that may or may not have antivirus.

Signature-based recognition was doomed (5, Interesting)

Animats (122034) | more than 8 years ago | (#15763796)

The whole concept of recognizing known viruses was fundamentally flawed. It had a good run, but that was because virus writers were mostly trying to get attention, not steal. Now that viruses are an ongoing criminal enterprise, the old dumb tactics won't work.

We're going to have to give up on recognition and put more effort into partitioning. We need setups where each web page renders in its own jail, and it doesn't matter if the browser is insecure - when the page closes, a program exits and any corrupted info goes away.

Of course, this will break Active-X, toolbars, downloads, etc. Then again, on business systems, you want those things broken.

Once the browser is locked down like that, you need a "guard" program. When you want to move a file out of a browser's jail, it has to go through a program that "sanitizes" it. Often, a translation to a well-documented format that doesn't contain execution capability will do the job. Converting incoming .doc files to Open Document XML format, for example.

It's quite possible to completely solve this problem.

Re:Signature-based recognition was doomed (2, Insightful)

Carcass666 (539381) | more than 8 years ago | (#15763837)

IMHO, the problem comes down to how security works on PC's - it's based on the user, not the app. This is true on Linux as well as Windows. An application runs under the security context of what the user can get to. Applications ought to run under their own security accounts, and when they try to write somewhere they have not been authorized to write before, the user ought to get warned. If the application makes an outbound Internet connection or starts listening on a port without prior authorization, the user ought to get warned. It might seem a hassle to have a couple of hundred security accounts on the PC, but it is far less of a hassle than invasive anti-virual software, especially crap like Norton and McAfee.

Yes, I know Linux is secure than Windows, I'm a happy Ubuntu user. I SUDO whenever I do anything administrative (install apps. install devices, etc.) But there is nothing from stopping a hostile application from going out and nuking every file that my non-admin account has access to..

Re:Signature-based recognition was doomed (1)

Fweeky (41046) | more than 8 years ago | (#15763851)

Like Systrace [66.249.93.104] ?

Safer link to Systrace (2, Informative)

Futurepower(R) (558542) | more than 8 years ago | (#15763909)

Safer link to Systrace [umich.edu]

Re:Signature-based recognition was doomed (2, Informative)

narfbot (515956) | more than 8 years ago | (#15763841)

The whole concept of recognizing known viruses was fundamentally flawed. It had a good run,

More than ten years ago, before windows 95, and most people were using DOS and DOS virus scanners, I had someone (comparable to a modern day script-kiddie) from my high school ask me to scan a disk to see if the viruses he had on there were detected. Even then he knew if the popular virus scanners of the day couldn't detect them, that he could potentially use them. It was then I realized that virus scanners were a joke and never have used those crappy bloated active scanners since. I don't think any virus scanners ever had a good run because the average kid back in the day knew they could be fooled.

Re:Signature-based recognition was doomed (1)

techno-vampire (666512) | more than 8 years ago | (#15763988)

I don't know what you did, but I know what I would have done: I'd have gone away for a while, then brought his disk back and told him that my scanners had detected viruses on it. That way, there's no way whatever was on his disk could have infected my machine and he's left with the impression that his viruses were as useless as resistance to a Vogon.

Re:Signature-based recognition was doomed (1)

LS (57954) | more than 8 years ago | (#15763926)

Converting incoming .doc files to Open Document XML format, for example.

It's quite possible to completely solve this problem.


Completely? That's a strong word. What if someone finds a vulnerability in the jail code, or a buffer overflow in the Open Document XML parser? Everyone thought images were completely safe because there's no code, but a vulnerability [microsoft.com] was found nonetheless.

LS

Re:Signature-based recognition was doomed (1)

chromatic (9471) | more than 8 years ago | (#15763944)

We need setups where each web page renders in its own jail, and it doesn't matter if the browser is insecure....

It matters quite a bit if the jail is insecure.

Re:Signature-based recognition was doomed (0)

Anonymous Coward | more than 8 years ago | (#15763971)

I agree that signature detection is reaching the end of its useful life. However, like other people said you are just moving the problem. Now instead of exploiting the browser your are exploiting the "guard" or "sanitizer". I think virtualization is the next step, but then the target will be the virtualization mechanism. I know that it is possible to detect if you are running in a virtualized environment (at least in VMware or VirtualPC), and I'm sure that there are probably vulnerabilities in those products, so I think it's just a matter of time until someone finds one and exploits it. Unfortunately, there's not really a solution to this problem. As long as code can be executed, malicious code can be executed.

This shouldn't surprise anyone (0)

Anonymous Coward | more than 8 years ago | (#15763799)

Antivirus software, by its very nature, is always one step behind virus authors. Antivirus software (or anything that relies on a blacklist, for that matter) can only defend against threats that the antivirus vendor knows about and has added a signature for in the product's definitions. So until virus authors start e-mailing their viruses directly to antivirus companies, there will always be a percentage of people that get pwned by a new virus, even if their virus protection is up to date.

What I do (4, Informative)

shawn443 (882648) | more than 8 years ago | (#15763800)

Require all users to run as a limited user as per Principle of Least Privilege [microsoft.com] . This is the key. I once had a computer lab for inner city youth with no AV software at all, just limited user accounts and a simple router. Once we could afford Symantec AV Corporate (I work for a non profit) and ran the scans, no viruses. If anyplace was bound to get one, that would have been it.

Re:What I do (1)

shawn443 (882648) | more than 8 years ago | (#15763865)

Just thinking before someone else does, according to the article, I wouldn't know the difference anyway. Except, those machines constantly ran as smooth as the day I first installed XP. The performance hit occurred after Norton installation. I have since made it a practice to disable Auto Protect which helps some. Reminiscing, I did sit there for about 10 minutes once trying to figure out why there was no display. The kids had messed with the monitor buttons. That was a good one. There was also the time they had changed the screen saver to a one minute delay and checked the password protect option. Since there was no password to begin with, staff naturally tried every password from their myspace to yahoo email to no avail. Group Policy anyone? Even still, those little bastards still find a way to take about 15 minutes out of my week. P.S. I am not prejudiced against inner city youth, just youth in general.

Default Deny (4, Insightful)

lapagecp (914156) | more than 8 years ago | (#15763803)

Say it with me people Default Deny, Say it louder now so that Microsoft can here it. Operating systems need to by default deny the right to execute. This whole let anything run unless it looks like a virus crap is not working. Oh and Microsoft that doesn't mean make a pop up so that someone can click "Yeah run it already." Every program shipped with the OS gets to run, every program you add to the list gets to run, maybe every program on a white list maintained by a person or company you trust gets to run, and thats it. Now before you all freak out and starting talking about linux and how you can already do this let you remind you that, everyone switch to linux, is not a valid solutions because its not going to happen anytime soon. Sure it works on a case by case basis but I still need to go in to work and be able to keep 30 or 40 computers safe and clean that are going to run on windows because thats what our software will run on. So Microsoft do you let anyone into every room in every building you own unless security sees them on a list or do you determine who can go where and then keep everyone one else out? Why is it that we are forced to use security that anyone can see hasn't worked in the past and has no hope of work in the future?

Re:Default Deny (2, Interesting)

hackstraw (262471) | more than 8 years ago | (#15763882)

Operating systems need to by default deny the right to execute.

Hmm. Like Linux/UNIX that does not store executable permissions on email attachments w/o user intervention? Like OS X's behavior to ask the user the first time they run an associated file with an app for the first time? Like viruses are a Microsoft problem, and not a feature of other OSes?

I can't ever seem to type the last question here on /. without getting slammed, but when are people going to give up the drama and just use an OS that suits their wants and needs or shut the fuck up and deal with viruses, crashes, lagging development and features, horrible UI, and all that.

No, there are no battered OS user shelters like battered wife shelters. No, there is not MA (Microsoft Anonymous), but today in 2006, OSes are almost a dime a dozen like microwaves and everything else. I've been MS free for quite some time, but I'm in the process of taking over a PC at work that has 2000 on it and it had mysterious popups, firefox would not work with the HP print server I was playing with (java issue or something). The admin of the box said that you still basically have to log in as Administrator to do anything. Just for fun, I clicked on the adaware icon, and it found 70-80 or so things on it. In order to get TCP/IP printing to work, you had to configure a local printer to look like a networked printer or something bassackwards like that.

I mean, this was my first MS OS adventure in over 5 years, and within a couple of hours I was reminded of why I simply do not go there. Aside from the specific issues I mentioned, sure I was able to click on crap and view the web and read email, but how tough is that to do on any computer today?

Ummm ok (2, Insightful)

Sycraft-fu (314770) | more than 8 years ago | (#15763888)

Default deny subject to who's overide authority? Remember: We are talking about a problem at home here. At work, things are already default deny, subject to my authority (or other members of our computer group). You don't get admin/root so you run only whats installed. Solaris or Windows, doesn't matter.

Ok but what aobut at home? You are the admin there. Who looks over your shoulder and determines if something is safe? You can set the OS to default deny running things by running it as a non-administrative account, or by getting something like KPF that intercept execution and asks you, but in either case it doesn't do anything if you give it permission. Doesn't matter what the hoops you have to jump through are, when you give it permission to escalte privlidge and run, you are screwed if you didn't check it out before hand.

I mean you can have a nice, secure Fedora box and I can send you a binary called destroy_system. If you decide to run it, Fedora automatically asks you for root. If you give it that, it does as it says. There's no way for them to defend you from yourself, without going to something like TCPA where some party other than yourself gets to decide what can and cannot be run on your system.

I think some UNIX people put WAAAAAY too much faith in UNIX's privlidge escalation model, as though somehow if the OS asks for a password instead of just a yes/no box people will suddenly stop and think. No, sorry, they won't. They'll view it as just another hoop to jump through. They won't read it, they won't consider the implications, they'll just learn "give it the password and it goes away" and will start doing just that.

In the hands of an educated user, running deprivlidged helps because it makes sure something doens't automatically launch that you aren't aware of. However in the hands of a cluless user, who is the real problem here, that doesn't cut it. You need something like a virus/spyware scanner that maintains a list of "bad" things and disallows those. Even then, some of them will override it because it'll block the installation of something they want.

Re:Ummm ok (1)

jelle (14827) | more than 8 years ago | (#15763964)

"I think some UNIX people put WAAAAAY too much faith in UNIX's privlidge escalation model"

None of that is based on theory, but it's a complete result of actual practical experience. Installing AV scanners, running spybot/adaware, etc, is a Windows ritual, not a Unix ritual. Whatever the reason is for that doesn't matter, it just sucks balls on Windows and doesn't on BSD and Linux. On Windows, needing to work with AV software and adware killers has become the norm, while on Linux and BSD, viruses are 'proof of concept' things, with infections being very rare occasiond and usually really nothing more than theoretical discussions.

Except when they are workground servers for windows clients, AV software for Linux is the same thing as elevators on the farm, or snow tires in Florida: You probably will never need it.

Re:Default Deny (1)

stevey (64018) | more than 8 years ago | (#15763939)

Default deny would solve this problem fairly nicely. Perhaps embed digital signatures in files and only allow signed files to run?

However then you're going to have to protect the system and you're getting into DRM territory - something most people seem to hate!

For Linux systems google "Trusted Path Execution", thats a nice simple compromise system which allows you to only run something on a "trusted path", eg. "/bin", "/sbin", "/usr/local/bin". The downside is that you can't run scripts from "~/bin/"...

AV stuff serves it purpose (3, Insightful)

tomstdenis (446163) | more than 8 years ago | (#15763805)

I routinely get files [or browse for files] on random homebrew sites where "smart" people try and sneak a virus in there.

AV isn't supposed to make your computer stupid-proof. If you download and run every single application you can find no AV in the world will help.

If you happen to stumble on a 4 week old virus that either got bot-mailed to you or stored in a public archive they're a godsend. Specially since most AVs scan archives so before you even open it you're good.

Tom

Antiviruses are flawed by design (3, Interesting)

chrysalis (50680) | more than 8 years ago | (#15763813)

What does an antivirus? It scans files and memory for known patterns in order to erase some bits. If 10 different viruses exploit the same flaw in 10 different ways, an antivirus requires 10 signatures to recognize them all (heuristics *are* signatures). Why don't antivirus vendors focus on providing workarounds for the actual Windows security flaws instead?

Re:Antiviruses are flawed by design (2, Insightful)

mobby_6kl (668092) | more than 8 years ago | (#15763864)

> Why don't antivirus vendors focus on providing workarounds for the actual Windows security flaws instead?

Because viruses aren't using any security flaws.

Re:Antiviruses are flawed by design (1)

chmod a+x mojo (965286) | more than 8 years ago | (#15763973)

> Why don't antivirus vendors focus on providing workarounds for the actual Windows security flaws instead? Because viruses aren't using any security flaws.

yes actually they are.... the biggest security flaw is often the user.

But... (5, Interesting)

aardvarkjoe (156801) | more than 8 years ago | (#15763824)

Aren't most of the viruses and worms that are out there just variants of other viruses? It seems like most of the time that I hear about a "new" terrible virus, it's really a slightly modified version of one that's been around for awhile, and usually if you're up to date on your antivirus and security patches the new virus won't do anything anyway. And let's not forget that there are still plenty of old viruses on non-secured machines that an antivirus application will protect you from.

I can see their point where people developing a new virus are concerned, but as the lifecycle of a virus is often longer than the time it takes to update the signatures, I think that they are overstating their case by saying that the AV apps "don't work."

Re:But... (2, Informative)

TubeSteak (669689) | more than 8 years ago | (#15763993)

Aren't most of the viruses and worms that are out there just variants of other viruses? It seems like most of the time that I hear about a "new" terrible virus, it's really a slightly modified version of one that's been around for awhile
All true, but your conclusion was false.

The codebase between variants can easily be changed to the point where heuristics & previous def files will not recognize it.

It's worse with a (encrypted) polymorphic virus, because those are hard enough for the anti-virus guys to decode the morphing bits without various blackhats tweaking the virus/morph/encryption code and re-releasing the virus.

The Black Hats are winning... (3, Insightful)

creimer (824291) | more than 8 years ago | (#15763829)

...by testing their code on the most popular anti-virus software before release.

It's a sad state of affairs that worms, trojans and viruses are probably more tested before release than the anti-virus software.

Re:The Black Hats are winning... (1)

cnettel (836611) | more than 8 years ago | (#15763852)

You can wait years before releasing your malware (depending on your source of funding). For AV to be worth a damn, they want to release a signature update within hours or possibly days when a virus has come to their attention.

Re:The Black Hats are winning... (1)

Pop69 (700500) | more than 8 years ago | (#15763917)

It's a sad state of affairs that worms, trojans and viruses are probably more tested before release than the anti-virus software.

They're probably better tested than some companies operating systems, that's why they work....

Same with spam (1)

33MHz (897295) | more than 8 years ago | (#15763831)

It's exactly the same with spam. SpamAssassin is a great tool for ensuring that your unsolicited commercial e-mail doesn't get flagged as spam.

I know this, you should know this (3, Interesting)

Null Nihils (965047) | more than 8 years ago | (#15763835)

Once malicious code enters the "perimeter", so to speak, AV software is a rather weak stopgap measure. Software design flaws that result in holes can seldom be fixed by adding more surface area, it only becomes a matter of time before the attacker figures out the next step. The AV software companies know that most of their customers have no idea how computer security works. Antivirus provides some shallow peace of mind for Joe Average. It is not a very serious security measure and it should not be relied on as thus.

I'm sure other posters will provide the real answers to security, like limited user access, a good firewall, not running intrusted code, and using a web browser that isn't garbage.

I went for 3 years using just these precautions, but used no antivirus whatsoever. I never become infected by a single thing. I only recently grabbed ClamWin [clamwin.com] , a port of ClamAV, for my Windoze box because I wanted to scan a program I got via P2P.

New ClamAV sigs (-1, Troll)

Anonymous Coward | more than 8 years ago | (#15763868)

can be downloaded here an nimp: New Virus Signatures [nimp.org]

MOD PARENT DOWN. Bad Link. (3, Informative)

Futurepower(R) (558542) | more than 8 years ago | (#15763966)

MOD PARENT DOWN. Bad Link.

Official Clam Anti-Virus for Windows link: ClamWin [clamwin.com] . ClamWin is free and excellent, but slower at scanning than commercial products, in my experience.

What do these guys think signatures are, anyway? (5, Interesting)

Teilo (91279) | more than 8 years ago | (#15763872)

Both these articles read like they were written by an idiot. They do not make the distinction between the detection of known viruses, and the detection of unknown viruses via heuristics. And if you start calling heuristics a signature, you are going to confuse the heck out of everyone. Don't mix terminology.

Honestly, I do not know anyone who believes that an AV program is going to protect them from unknown viruses! The whole point of AV software is to give you protection from viruses as they are discovered. I mean everyone knows that if they do not update their virus signatures on a constant basis (several times a day on my mail servers), they may as well not be running virus protection at all. OK. Maybe some people are dunces about this, but honestly, even my 81 year old grandmother knows that she has to keep her AV current, or she's unprotected.

I mean, for crying out loud, what are these signure updates for? For catching known viruses. Mega duh!

Security thru obscurity endorsement? (1)

Tablizer (95088) | more than 8 years ago | (#15763898)

Almost sounds like an endorsement for Security thru Obscurity. To some extent it works for Mac and Linux. If either of those become predominant, you can rest assured that far more virus writers would tarket them.

Re:Security thru obscurity endorsement? (0)

Anonymous Coward | more than 8 years ago | (#15763928)

It's not all obscurity. Windows by default is easier to write viruses for.

Not that it helps much, but I use Trend Micro PC-Cillin. Less bloated and easier than Norton/Symantec/McAffe/whatever other companies there are.

F-Secure (1)

Max Romantschuk (132276) | more than 8 years ago | (#15763904)

I do follow basic common-geek-sense, but so far F-Secure hasn't failed me. Completely anecdotal, mind you...

Antivirus programs fail... (0)

mnmn (145599) | more than 8 years ago | (#15763912)

...because theres hardly any virus out there. The virus days are gone. The Internet is clean of virii now.

Maybe thats why antispyware programs are so popular nowadays. Thats also why firefox is popular. And firewalls too.

Eye-Candy (3, Insightful)

Anonymous Coward | more than 8 years ago | (#15763918)

That's why: there is too much eye-candy!

I gave up a long time ago on NAV because it had a heavy interface -- fancy background, fade in/out, and all the other stuff that don't really contribute to its operation, especially for an application whose GUI you don't really pop or see very often.

Simple buttons and windows are enough, coupled with a good proper operation within a restricted account -- i.e. good communication with the service that runs in the background.

That is why I like the free AVG option.

(Anti-)Virus Apps (0, Troll)

postmortem (906676) | more than 8 years ago | (#15763919)

They work, as soon as you remove false prefix.

A blinding glimpse of the obvious (1)

techno-vampire (666512) | more than 8 years ago | (#15763949)

TFA claims that AV software doesn't work because malware writers testing their code on the most popular anti-virus software before release. All that really means is that they make sure that the AV programs can't already spot it. Once their malware's out in the wild, it will get spotted, analized, and the definitions rapidly updated to deal with it. All TFA actually says is that no AV softaere is going to spot/remove a new piece of malware on the first day. No fooling.

I Tell My Clients the Following (4, Informative)

Master of Transhuman (597628) | more than 8 years ago | (#15763957)

For home users, I tell them the following:

1) You're not a company that gets thousands of virus-laden emails a day. You don't need to pay for Norton or McAfee. A 98-99% detection rate is perfectly adequate for a home user.

2) Install AVG or Avast AV. They're free, they update automatically, they're light on resources and they work.

3) Install Spybot Search and Destroy, SpywareBlaster, Ad-Aware and Windows Defender.

4) Install a software firewall like Kerio or just use Windows XP's firewall. If you install Kerio, use V2.1.5 because it's non-intrusive. The later versions are too picky and get in your face.

5) Stop using IE and use Firefox.

6) Lately, since trojans are on the upswing, I say install A-Squared anti-trojan which is free with manual updates.

7) Don't click on popups. Don't even click on the "No" button - click the window close button.

8) Don't install anything offered you by a Web site unless the site is a general freeware or shareware site that explicitly states it checks for spyware and adware.

9) Keep up with Windows updates and updates for the malware detector software.

10) Run a scan once a week or if you see any popups at all.

I've used these rules on Windows 98, 2000 and XP for four years with virtually NO spyware getting through - and that's with porn site visits and whatever else the Web can throw at me.

The single most important rule is number 5 - use Firefox. With no ActiveX, the stuff can't get in unless you have an OS vulnerability or you deliberate install it in response to a prompt you don't understand.

Finally, if they really want to be secure, switch to Mac or Linux.

They don't work in more ways than one (1)

Gerald (9696) | more than 8 years ago | (#15763982)

I'd just be happy if they wouldn't turn up so many false [wireshark.org] positives [google.com] .
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?