Become a fan of Slashdot on Facebook

 


Forgot your password?
Close
typodupeerror
×
Security Operating Systems Software Windows

Can You Trust Anti-Virus Rankings? 258

Posted by CmdrTaco from the of-course-not dept.
Slatterz writes "It seems nobody can agree on a universal set of tests for rating anti-virus software, with Eugene Kaspersky the latest to weigh in on the topic, criticizing the well-known Virus Bulletin 100. Kaspersky is one of several big anti-virus brands to fall foul of the VB100 tests, reportedly failing to pass a recent test of security software on Windows Server 2008, along with F-Secure and Computer Associates. At Kaspersky, bloggers have pointed out that they don't focus on detecting PoCs, calling it a 'dead end,' and saying their anti-virus database focuses on 'real threats and exploits.' 'I don't want to say it's rubbish,' Kaspersky told PC Authority. 'But the security experts don't pay attention to these tests. It doesn't reflect the real level of protection.'"
This discussion has been archived. No new comments can be posted.

Can You Trust Anti-Virus Rankings? More

Can You Trust Anti-Virus Rankings?

Comments Filter:

  • Re:I'm with Kaspersky (Score:4, Informative)

    by AioKits ( 1235070 ) on Thursday October 23, 2008 @09:46AM (#25481171)
    I'm with you on this one. I have had good experiences with Kaspersky in the past and got the package with three user licenses for like $50 or so off the website (this was back towards the beginning of 07). Two licenses for me and one for a friend who just runs around all day with his laptop.

    The real fun tho is when I run WAR it detects 'keylogger like behavior' from the software. Heheee.

  • Tests need to evaluate _something_ (Score:5, Informative)

    by PhYrE2k2 ( 806396 ) on Thursday October 23, 2008 @09:52AM (#25481243)

    Take crash tests on new vehicles. Name me one that doesn't have a 5-star crash rating? The rating system is too easy, and needs to constantly be moved to achieve a new level of betterness. Not everybody should get A's. Once the majority of players reach a standard, the standard should be moved to motivate advancement in the field and show the better of the pack.

    For example, the 5-star front-impact crash rating is par for the course now... but nobody seems to advertise the offset crashes, such as the right half of your bumper hitting the left half of your 'opponents' bumper. Why? Because it's sad in comparison. It's also not pretty to watch.

    So all the power to making the standards hard to achieve. Yes this may not be the 'real world' threat, but it's a threat nonetheless. They're basically saying "Since England isn't going to declare war on the USA, any preparedness for receipt of an attack by the USA shouldn't be considered in overall military preparedness". That's of course rediculous. Protect only against the popular virus and the unpopular virus will begin to spread.

  • Not a fan (Score:2, Informative)

    by apharas ( 1258484 ) on Thursday October 23, 2008 @09:55AM (#25481279)
    I have been solidly unimpressed with the results from most of the main stream anti-virus vendors. There are of course huge trade offs between speed, usability and accuracy. I also don't like having programs think for me without giving me a viable option to change the way it's handling a situation on the fly. For my machines I've switched all windows machines to ESET's NOD32. All my personal linux boxes I have on F-Prot. -- a

  • Re:No more.... (Score:3, Informative)

    by IceCreamGuy ( 904648 ) on Thursday October 23, 2008 @10:01AM (#25481355) Homepage
    Wow, solid, well supported argument right there.

  • Re:No more.... (Score:4, Informative)

    by SatanicPuppy ( 611928 ) * <Satanicpuppy.gmail@com> on Thursday October 23, 2008 @10:03AM (#25481381) Journal

    Norton is itself a virus. It hogs resources, causes errors, and can't be removed without killing the host.

    For what you pay, you should get something that is better than cheaper or free products available on the web...I usually replace Norton with AVG, and while I'm not a huge fan of AVG, I've never had anyone complain.

  • Re:That's why I (Score:3, Informative)

    by IceCreamGuy ( 904648 ) on Thursday October 23, 2008 @10:09AM (#25481471) Homepage
    I deal with AVG Network edition (which is the same as the free edition but not free and with a semi-functional control center), and I can tell you that they put a lot of what I would consider legitimate software in their defs. Their newest version 8 does not remember your exceptions correctly, either.

  • Re:No more.... (Score:3, Informative)

    by TheNecromancer ( 179644 ) on Thursday October 23, 2008 @10:09AM (#25481473)

    I've had a number of friends say this to me also, and I have been meaning to replace Norton with AVG (after my subscription runs out), but I haven't been able to get off my lazy ass and do it!

    I've had a good experience with Norton over the years, but recently the quality of their product (read: quality sucks now!) has gone way down. For me, I first noticed it when they removed parental control from their antivirus product, and made it a free "add-on" that you had to install separately. WTF??? Why did you remove functionality that was previously included, just so I have to install it separately?!?!? In addition, they made it so goddamn hard to find the install file that it was equivalent to spending a couple hours with a help desk technician in India!

    I'm sure I won't replace Norton until I get my full use of the subscription that I paid for. Or, when a virus kills my PC (knock on wood).

  • Re:PoCs (Score:3, Informative)

    by SatanicPuppy ( 611928 ) * <Satanicpuppy.gmail@com> on Thursday October 23, 2008 @10:11AM (#25481493) Journal

    Proof of Concept; sad, but in Securityville this is actually used often enough that it would be considered a "normal" acronym. The debate usually revolves around the fact that a lot of PoC's are completely esoteric and can't be made into actual workable mass-market exploits.

  • Re:What's a PoC? (Score:1, Informative)

    by Anonymous Coward on Thursday October 23, 2008 @10:18AM (#25481573)

    Proof of Concept.

  • Re:No more.... (Score:5, Informative)

    by Welsh Dwarf ( 743630 ) <d,mills-slashdot&guesny,net> on Thursday October 23, 2008 @10:24AM (#25481641) Homepage

    Correction:

    The reason Norton is on any PCs is because Norton pays PC companies to install it by default AND IT IS ALMOST IMPOSSIBLE TO REMOVE.

    Cleaning viruses off by hand is easier than uninstalling Norton.

  • Re:No more.... (Score:3, Informative)

    by mhall119 ( 1035984 ) on Thursday October 23, 2008 @10:26AM (#25481675) Homepage Journal

    Common knowledge generally doesn't require a citation.

  • industry created whole (Score:3, Informative)

    by QX-Mat ( 460729 ) on Thursday October 23, 2008 @10:27AM (#25481689)

    Proof of concepts are tangible vectors to infection. By not including and rigerously detecting such methods, they AV companies will allow more viral products into the market. This is a very self-serving stance.

    I actually see problem of trust emerging. Once upon a time KAV was a brilliant peice of software that ran in DOS well enough to remove the plague of Win95 Marburg infections that hit the UK gaming community after a bad cover CD. That was a time when viruses existed, and you had to stop them infecting you. The prospect of new and novel viruses infecting you wasn't really an issue as home Internet penetration was small. As such, AV software wasn't marketed as the only thing you needed to stop all viruses forever, but as a tool that will detect more than its competitor more reliably. The money you paid was for a good huristics engine that was fast, efficient and more importantly, updated reguarly.

    Now I see AV products as nothing more than 'ineffective-ware'. If AV programs claim to prevent the infection of known viruses, and reduce to risk of infection from emerging viruses, I'd probably have more faith in the industry. But they don't... in subscribing the "we can protect you from everything" marketing hype, almost every AV company has asked us to put faith in their product to stop "unknown" viruses... and we expect them to.

    They don't. It's a computational nightmare.

    KAV are in a past mindset. They have to change. They have to consider that what people really want is reliability - they want software guarantees. If any peice of AV software is going to help the market rather than hinder it, it is going to be reliable. What is the most reliable part of an infection? The vector, not the virus itself.

    The truth is really in the pudding. Viruses have changed. Almost all now are polymorphic and highly reentrant. A few lines of code will change a signature making it undetectable. Fnfection is detectable at the point of entry. If the research is put into proof of concept code in making a system vulnerable, then the AV response should be to track and thwart that success.

    Matt

  • Process - Not Product (Score:4, Informative)

    by Exanon ( 1277926 ) on Thursday October 23, 2008 @10:29AM (#25481703)
    Call me a Schneier fanboy, but I practice security on my home network like a process, not as in buying a product and be done with it.

    Security for me begins with sensible configuration of the router and the PC's on the network, then it moves to access rights and regular patching of said computers.
    This includes regular checkups and glancing at logs every three days or so to look for obviously suspicious traffic. Finally, after all of these steps, I use Kaspersky (since I had heard good things about it) together with rootkit detector. (Oh, and Firefox with NoScript)

    All of this prevents pretty much all the scriptkiddies from getting in (I hope), but then again, the best thing you can do is to not download anything you don't know what it is.

  • Re:No more.... (Score:5, Informative)

    by jimicus ( 737525 ) on Thursday October 23, 2008 @10:47AM (#25481979)

    May I recommend the Norton Removal Tool [symantec.com]

    It shouldn't need to exist in the first place, of course - the uninstall should work - but IME it works pretty well.

  • Used Many AV over the years (Score:2, Informative)

    by GlassHammer ( 1336191 ) on Thursday October 23, 2008 @11:32AM (#25482579)
    My Progression in AV software went: Mcafee-> Norton AV -> AVG -> AVG + No script + Zone Alarm -> Linux (Fedora 9)with Clam AV -> Linux F-Secure (trying it out) What sparked the changes in AV was always "Computer Performance". Some of the above devoured my computer and left me with little reasources.

  • Re:No more.... (Score:3, Informative)

    by Anonymous Coward on Thursday October 23, 2008 @11:48AM (#25482825)

    >6. Open the registry and go to the RUN key and delete all the Symantec entries
    >7. Reboot

    Norton likes to hook into stuff like the ATAPI drivers. If you kill all of the Symantec registry entries, neither Windows XP nor vista will be able to start. Easy fix with Vista, but on XP you're just boned. I know this from personal experience.

    Just use the Norton Removal Tool provided by Symantec. It works really well, assuming your Norton isntall isn't completely FUBAR. If it is, well, you were probably due for a format anyway.

    On another note, when Norton is uninstalled or the subscription runs out, it sometimes completely destroys the computer's ability to network. As in you can't even get an IP address. I can't count the number of times that a PC had mysterious network problems that were solved by Norton Removal Tool. And this is in addition to NIS blocking legitimate traffic like Windows file sharing. There really is no excuse for running Norton anything, let along Norton Internet Security.

Slashdot Top Deals

Love may laugh at locksmiths, but he has a profound respect for money bags. -- Sidney Paternoster, "The Folly of the Wise"

Close