Many Antivirus Tools Fail in LinuxWorld Test 234
talkinsecurity writes "In a public, side-by-side test conducted last night at LinuxWorld, ten antivirus products were confronted with 25 known viruses. The results were surprisingly disparate. Only three of the products caught all of the viruses; three only caught 61 percent, and one caught an abysmal 6 percent. The test, which wasn't particularly complicated, proves that there still are wide differences in the effectiveness of AV tools. A lot of people think all AV tools are the same — they're not!"
Re:The winners: (Score:5, Insightful)
ClamAV among top 3! (Score:3, Insightful)
(My other OS favourites include Audacity, CDex, The GIMP and OpenSolaris (you didn't expect that one coming, did you)).
These had to be Windows viruses being tested.. (Score:1, Insightful)
Re:math question (Score:3, Insightful)
Re:Zombies (Score:5, Insightful)
You should get away from antivirus. Seriously. I'm going to sound like a salesman, but bear with me a bit.
Antivirus and anti-malware in general, on Windows machines, closes the barn door after every single horse has bolted. There is _no_ way to be sure your Windows computer is badware/zombieware free. To top this off, it often sucks up incredible amounts of cycles that turn the latest gamer machine into an XT.
There is something that computer labs and libraries swear by and not at: Faronics' DeepFreeze. What you do is establish a "ground state" for the machine by doing a bare metal install and then installing DeepFreeze. You then have certain areas for data that are unfrozen, but the rest is basically locked up tight.
Surf by an evil site and get a drive-by install? Laugh maniacally, and reboot. The evil bits are then...gone. The machine has returned to its ground state. To install software permanently, you must "unfreeze" the machine, install your software, and then refreeze. The refreezing can be automatic for the next reboot or specified for a certain number of reboots, like if you were doing a Windows update and have to suffer through the interminable reboots. So it also gives Windows "parental supervision" - even for the 9x machines that don't have the concept of an "administrator" account.
Evilware in the presence of DeepFreeze is about as sticky as snot to teflon. If you insist on staying with Windows, this will let you sleep at night.
I swear, Faronics should hire me.
--
BMO
Re:math question (Score:4, Insightful)
It's also possible I'm wrong, but either way, the article is omitting some information we're supposed to know.
Re:I run Linux because... (Score:3, Insightful)
What about infected files that don't originate on your systems but are passed through it? If you send out an infected file, the recipient won't care where you think you got it, or how much you feel that it isn't your problem, you're the one who infected them.
You can piss and moan about trash on the sidewalk or you can just pick it up.
All antivirus tools *are* the same (Score:2, Insightful)
All of them will have false negatives as well as false positives, most likely skewed to have fewer false positives to reduce the annoyance factor at the expense of missing real viruses - false negatives.
There are substantially better and computationally cheaper ways to protect your system than an anti-virus.
Re:huh? (Score:2, Insightful)
Re:The winners: (Score:2, Insightful)
Part of the problem (Score:3, Insightful)
If you want to use a tool like that for recovery, they way to do it is on an offline system. Either take the disk to another computer and set it up as a non-system disk, or build yourself a PE boot disc and clean it from that.
It more or less the same for any sort of system analysis or recovery for malware, hacks, whatever. Running tools on the live system is of limited use since you might get back bogus answers. You can run them to see what it going on, but when you actually start cleaning up, you need to do it from a different system, or there may be something working to undo what you've done.