McAfee Artemis Claims Protection Online, On-the-Fly 107
Seems like McAfee has created a new Internet-based service to provide active protection on the fly when a PC gets hit by malicious computer code. "[Artemis] is a lot faster than traditional methodologies and it closes the gap between when a piece of malware is written, discovered, analyzed and protected against ... Artemis is available at no charge as part of McAfee VirusScan Enterprise or McAfee Total Protection Service for small and medium-sized businesses. Artemis is also available for McAfee's consumer products, where the functionality is called Active Protection."
Re:And I bet... (Score:4, Interesting)
And what percent of your monthly data transfer allowance?
hmmm (Score:3, Interesting)
Active protection, as in - running "fixes" locally automatically downloaded from the InterTubes? Throw in a pinch of DNS poisoning or muxed up routes and you've got yourself a perfect rootkit injection system with the piece of protection and [sent] immediately back to them! Yeah!
Antivirus software is bullshit (Score:4, Interesting)
when a PC gets hit by malicious computer code.
A PC doesn't "get hit" by "malicious computer code" too often these days. The target unintentionally (but by their own action) runs malicious code because they're ignorant. Even running Windows (patched w/ firewall) there aren't many ways you can get pwned without clicking on the "RUN VIRUS NOW" button (admittedly recognizing the ways that button can masquerade itself is a skill.)
Trying to protect people against themselves is futile. Antivirus software is like the Maginot Line [wikipedia.org]. It only works against shit they're expecting.
There's no substitute for educating computer users about what's not to be clicked upon (and/or run as root.)
Re:Big Brother gets to examine all your files (Score:3, Interesting)
In other words, every time you download a binary file, McAfee HQ knows about it and logs it. Was this dreamed up by the RIAA, the NSA, or the anti-child-porno people?
All of the above. The submissions will be spidered so the users will receive targeted ads from relevant lawyers to help settle the lawsuits.
Re:Flawed methodology (Score:5, Interesting)
Here here.
I usually run on a DMZ. No firewall local or at the router.
I even have a dynamicDNS directed to my main computer.
I scan regularly. And haven't been infected in over 8 years. (which was my fault for opening an attachment without thinking.)
My current windows install is about 2 years old with LOTS of use. The computer is 5 years old and it's time to junk it. It's also still suffering from a 4 year old Norton uninstall that seems to have never completed and is getting worse. Norton was the worst thing that ever happened to one of my computers and I still haven't completely purged it.
What junks up my Windows PCs aren't the illicit viruses that get installed without my permission. It's all the crap that comes along with little freeware worthless pieces of crap that I need to use once to convert some file or another.
Windows PCs and Macs get used very differently. Having run both of them I used them very differently myself--largely because there just isn't the world of little crappy apps available.
I'm with parent. Your comparison is apples to oranges.
Re:This is why you read the fine print... (Score:4, Interesting)
Couldn't they just send the list of hashes of malware to your PC and it could be checked locally? It would be a long list and always growing, but not growing fast enough to put any kind of burden on a PC's memory or network capacity. (Suppose 100 new bad programs are identified every day and you need an SHA-256 hash of each one: that's still only about three kilobytes per day.)
The only way their system makes sense is if you send the whole lump of code back for analysis, not just a hash. A hash can just as well be checked locally.
Re:Antivirus software is bullshit (Score:3, Interesting)
Or you could, y'know, disable autorun. It's not particularly difficult. (Not particularly easy, either -- at one point, I could only figure out how to do it via the Registry. But not difficult.)
Now, it might be worth it to have a piece of software (a script, really) that ran around a Windows install and tightened up security across the board -- turned the firewalls on, set passwords, disable autorun, install Firefox, grab updates, etc.
While it's at it, it could tune you up -- enabling Hibernate is about the first thing I do.
I'm sure such a thing exists. But I suspect that all antivirus software, or anything that would call itself antivirus software, is also going to include the after-the-fact scanning, and is going to advertise that well before the actual securing of the system.
And it's worth mentioning -- no other OS comes so thoroughly pwnable out of the box, especially via things like Autorun. I suspect that's even fixed in Vista.
Re:Flawed methodology (Score:5, Interesting)
He's not trusting what his kids say, he's seeing the results for himself. And who cares what his kids download? They had limited user accounts, it SHOULD NOT HAVE MADE A DIFFERENCE what they downloaded.
Some windows users love closing their eyes to the results and stammer and sputter about marketshare and all that crap - but the fact is that Windows has more attack vectors for whatever reason. Like your parent said, security is a bandaid on windows, not built in. I don't know the entire reasons for that, I heard that in unix, services run as a normal user account, sandboxed away from causing damage while in Windows many services run as root - meaning only one has to be compromised for something malicious to gain control.
There are probably other reasons and the OP may have well talked about Ubuntu instead of a Mac -- but your sample size of one is unconvincing from every angle. You're obviously not the average computer user, nor do you anticipate the truly stupid shit some people do and how kids play with their computers.
Running as root would be just as stupid (something Ubuntu does not have one do by default but I believe Mac does?) but having extensive contact with the administrators in my old school - they let the macs be while the Windows based systems are set to be reimaged every night simply because it's too much of a pain to keep Windows clean for more than a week among groups of students. Default UAC in Vista might have finally changed that, but their machines still run the cheapest form of XP (without UAC) and it also does not get rid of the services issue.
Re:This is why you read the preview. (Score:4, Interesting)
Re:Flawed methodology (Score:3, Interesting)
What does limited user accounts have to do with anything? User separation protects users from each other and the system from users but it doesn't protect the user from himself, on any desktop OS.
It was built in from the beginning in the NT line. The security system in the kernel is better than any other desktop systems, it's only in userspace that it hasn't been implemented correctly because it's inconvenient to users. But that's a far cry from being a "bandaid" or not built-in. The only bandaid is making shit software work when security features that were always there are actually used.
Even the design guidelines for userspace apps that have been in place since Win95 are blithely ignored - it's only now that the rules are being enforced that problems show.
I don't see much difference between my Linux and Windows servers in that regard - both use privileged and non-privileged accounts depending on what resources the service needs to access. But that's pretty much irrelevant since the OP specifically said it was firewalled, so the network services aren't the attack vector.
It also can't be a privilege issue since they're running as guest (and I bet I can get root via local exploit easier on Linux than Windows). It can't be evil Intarweb Exploder because they're using FF. And it probably isn't even a real virus or trojan because they're running AVG, so it's likely that what he's got isn't a virus, worm or anything that AVG would remove, but simply crapware - toolbars, themes, cursors, tray widgets and other bullshit that "normal" people seem to like, things they intentionally install.
UAC is privilege escalation. Which is pretty much irrelevant since his system got hosed even as a guest user.
Here's the simple version: as long as users are allowed to run any programs the system didn't come with, it will suffer this problem.
Linux is "immune" because installing software that didn't come from the vendor's own repository is basically impossible for normal people. Hell, most users probably couldn't figure out how to make anything they download executable. That will change if/when Linux gets popular - users will demand the ability to use 3rd party programs.
Re:Flawed methodology (Score:5, Interesting)
I'm pondering the following set-up:
This allows various cool stuff: incoming HTTP and IMAP connections could be scanned with ClamAV, for example. What would be really great would be to just discard changes to the main VB disk image at the end of every session. Obviously user docs + data would be somewhere else, and could potentially get infected, but that's a lot less data to periodically virus scan, or to restore if anything does get in to it.
Preliminary tests suggest that virtualized windows without on-access scanning runs quite a lot more smoothly than a bare-metal install does with it. The added bonus is that I can ssh into the underlying Ubuntu system and do admin with the rather richer toolset available there than on Windows (though greater personal familiarity with that toolset is also an issue, I admit.)
Only windows let you do it. (Score:4, Interesting)
Bullshit. You must be a retard if you trust anything your kids say. They may be surfing the same sites, but they're downloading and *executing* ZOMG U MUST SEE THIS!!1 shit on the PC which isn't compatible with any other OS. {note:emphasis mine}
Yes, you have a point about the "compatible" part. But you missed something fundamental.
The major flaw that the parent wanted to point is that, because of the sloppy design of Windows XP (partly inherits from its NT ancestrors which had some privileges restriction but never really used it, partly inhertis from its DOS/Win9x inspiration where every software does whatever pleases it),
you *can* download and execute code trivially in the first place.
In Linux, downloading and executing random bit of code isn't trivial, on purpose. Before executing, the use must first manually grant execution rights to the piece that was downloaded (i.e.: "+x" chmod isn't activated by default), and then, the code only runs with the privileges it inherits from the user (non administrative privileges. All the juicy bits like sending raw network packet, deploying a root-kit, etc. aren't accessible).
The only real canonical way to install a software in Linux is going through the package manager and install it from one of the (trusted) repositories. (you can "apt-get", "yum", "YaST", etc. to install additional software)
in short : in linux, you can't download and run a random exe. you can only install an exe from a repository, otherwise you have to do special steps (downloaded material isn't runnable by default).
in windows every idiot could download and run whatever at a simple click.
only the most recent version Vista has an UAC that asks the user to confirm its intent to run foreign code. But, most users either disable UAC because it's too bothersome, or have developed a spinal reflex to "Ok-Yes-click-thru" any thing on the screen as a habit they got from all the repetitive "cancel or allow ?".