Most Users Think They Have AntiVirus Protection, While Only Half Do

SkiifGeek writes "A survey carried out by McAfee and the NCSA found that while more than 90% of users believed that they were protected by antivirus or antimalware products that were updated at least once a week, only 51% actually were. 'Even with significantly growing awareness by everyday users of the need for efficient and effective antivirus / antimalware software, and the increasing market penetration achieved by the security industry, the nature of rapidly evolving Information Security threats means that the baseline of protection is outstripping the ability of users to keep up (without some form of extra help).' The study is available online in PDF format. What sort of an effect does this sort of thinking, and practice, have on the overall security of your systems, networks, and efforts to educate?"

Comment removed

[account_deleted]

Comment removed based on user account deletion

Does anyone need anti-virus software?

[ceswiedler]

I'm no anti-virus expert--but does anyone need anti-virus software anymore? Gone are the days when viruses are spread by floppy. (Mostly) gone are the days when email clients were so brain-dead that they would automatically execute attachments. But most importantly, gone are the days when the main type of infection is viruses (which spread via some sort of user action). These days, worms (which require no user action) are the dominant threat. And anti-virus software, which relies on signatures, is nearly useless against worms which (by their automatic nature) spread far too quickly for even automatic signature updates to catch. Furthermore, worms generally cause most of their havoc just by spreading (and clogging the network), and by infecting PCs to use as bot-farms.

Perhaps I'm just isolated from the sort of users who are so stupid as to get viruses on their PCs...but are there any left? And does anti-virus software help these people?

Re:How can that be? Easy

[Anonymous Coward]

My wife's computer at work has a secretary account and an administrator account. She always runs in the secretary account. That's a good thing because malware can't install itself when the administrator isn't logged on. On the other hand, the virus update doesn't seem to work unless the administrator is logged on. There also seems to be a problem of the antivirus update getting past the firewall on the router.

It seems that the automatic virus updates don't work unless you're running in an inherently insecure mode.

Re:Virus Protection

[Anonymous Coward]

I hate keeping up on it, but I dont use Anti Virus and I do just fine, I not a stupid porn-looking, spyware infested computer user, I know what to look for and what to stay away from.

Stop listing porn as a reason for viruses and spyware. You can get infected with either from almost anywhere.

I went 18 months without AV software on my Windows 2000 machine a few years back. I did not get infected with any viruses or malware. I was still using that system until March of this year when I moved to Debian Etch. I surfed many pornsites. However, I trusted the maintainers of those sites. I trusted them more than I would trust the maintainers of MSNBC.com and Ebay.com. There is a decent group of people out there who just want porn with no hassles. No viruses, no popups, and no malware. They took advantage of the situation and set up places to get porn without that stuff. Simple free market forces. Other sites were providing porn but with it they were messing with a person's computers. Someone else stepped up and provided porn without messing with a person's computers.

If this was seven years ago your statement might have more merit, but things have changed a lot. People don't like popups, viruses and malware. Those same people know how to run a webserver. They merely extended some courtesy to others and those others kept returning. Some basic Google text ads and they had a nice little income rolling in. All without infecting a person's computers.

By they way, it only takes one of your "what to stay away from." sites to get hit with a XSS or mis-configured item to infect you with something. Same as with any site I go to. And I bet that some of your sites are targeted more heavily than my sites.

Of course they do

[ArchieBunker]

Set up a fake video site like youtube and have a gif show up instead of a actual video player. Tell the user they must install the plugin (some exe file) to watch the video. Anyone with limited html skill should be able to pull that off.

Whats the point?

[adamchou]

I used to believe in virus protection but with the advent of all these rootkits that are undetectable by virus scanners, whats the point of having a virus scanner installed? If someone really wants to get into your computer, they can. If I don't click on everything I get emailed and I keep my windows installation up to date with updates from microsoft, I don't see what added value a virus scanner offers besides slowing down my computer.

Re:How can that be?

[bombastinator]

My favorite bit is having seen an out of date copy of norton on xp causes so much virus like behavior and slowdowns that it fooled a person into thinking it was a virus issue when the offender was in fact norton itself.

I have one friend who bought it merely because it was the only way he knew to make his computer work again. Norton is so much more complicated to uninstall than other software that he couldn't figure it out.

YAY Shovelware! :/

Re:No impact

[Ritchie70]

Nobody really asks me except my mom, and she insists on "paying" me. I took her computer away from her for a couple of weeks, uninstalled everything Norton, installed all the Windows updates, Avast! and a couple other free things, and gave it back to her in a usable state. Took probably 6 hours over those two weeks.

(The biggest impact was scraping Norton off. Did you know Symantec actually has a tool on their web site to remove all modern Norton products from your system?)

For this, $100 gift card showed up in the mail along with a Thank You card. Gotta love mom.

Re:How can that be?

[renegadesx]

I had to deal with a network wide virus infection because AVG didn't detect the particular virus. Lucky for me I didn't get around to uninstalling Norton on my PC and detected a crapload across the network. Norton maybe a bloated piece of crap but I was thankful that one time having it.

I tested and retested it 5 times because my employers at the time were cheap bastards and didn't want to fork out money. Before leaving I reccomended some products but didn't stick round long enough to buy and implement it. Those bastards were slow and reluctent to fork out money even in emergency situations so I figured fuck em.

Re:How can that be?

[arminw]

......It is perhaps worth pointing out that no antivirus could every be uninstalled without an uninstaller......

For Mac users, uninstallers do exist for the very few programs that do install stuff in the OS. An antivirus program would likely be in that category. These are merely a convenience, because unlike Windows, unless you're talking root-kit, malware doesn't have as many places to hide. Malware doesn't do much good if it can't be made to start running automatically either at boot time or when a user logs in. There is a general system startup folder for boot time and each user has one in their user space. The Apple Installer program also keeps a log of where stuff was put in the system. Dragging those itms to the trash gets rid of them.

The system stuff in Macs is much better protected. We don't give the name of the admin account nor the password to any user around here. Even at home, only one person (Dad) knows the admin password. All users run as standard users and are not able to install any software other than in user space. If anyone wants to install downloaded software that wants to write to the system, the administrator must do it. No Mac program requires admin rights in order to RUN, even games. Sadly that is STILL not the case for many Windows programs out there.

It's so much easier to produce and install malware in Windows, and there are so many more Windows systems out there. The bottom line is: In practice, Macs are very safe without the burden and expense of AV type software. The OS and any other programs that use CPU cycles without adding to the productivity of the user is like the overhead of a business.

Re:How is this new?

[Hal_Porter]

I've tried Windows with and without anti virus software, and with and without spam blocking. With no antivirus and no spam block it's pretty obvious that clicking on BritneySpears.jpg.scr is a bad idea. With antivirus, BritneySpears.jpg.scr is deleted from the spam. With spamblocking the spam ends up hidden.

I think if you use email program with decent Bayesian filtering (or gmail) and you don't download pirated software you can live without antivirus, since the main attack vector is over email now that most Windows machines run with a firewall by default.

On Vista clicking on malware pops up a warning box making it clear it's a bad idea to install it. Even if you install it, Windows Defender will get rid of sooner or later. And even processes with Admin rights can't infect the system - all the Windows system directories are protected from everything but the TrustedInstaller process that runs .msi files.