Can You Trust Anti-Virus Rankings? 258
Slatterz writes "It seems nobody can agree on a universal set of tests for rating anti-virus software, with Eugene Kaspersky the latest to weigh in on the topic, criticizing the well-known Virus Bulletin 100. Kaspersky is one of several big anti-virus brands to fall foul of the VB100 tests, reportedly failing to pass a recent test of security software on Windows Server 2008, along with F-Secure and Computer Associates. At Kaspersky, bloggers have pointed out that they don't focus on detecting PoCs, calling it a 'dead end,' and saying their anti-virus database focuses on 'real threats and exploits.' 'I don't want to say it's rubbish,' Kaspersky told PC Authority. 'But the security experts don't pay attention to these tests. It doesn't reflect the real level of protection.'"
Re:I'm with Kaspersky (Score:4, Informative)
The real fun tho is when I run WAR it detects 'keylogger like behavior' from the software. Heheee.
Tests need to evaluate _something_ (Score:5, Informative)
Take crash tests on new vehicles. Name me one that doesn't have a 5-star crash rating? The rating system is too easy, and needs to constantly be moved to achieve a new level of betterness. Not everybody should get A's. Once the majority of players reach a standard, the standard should be moved to motivate advancement in the field and show the better of the pack.
For example, the 5-star front-impact crash rating is par for the course now... but nobody seems to advertise the offset crashes, such as the right half of your bumper hitting the left half of your 'opponents' bumper. Why? Because it's sad in comparison. It's also not pretty to watch.
So all the power to making the standards hard to achieve. Yes this may not be the 'real world' threat, but it's a threat nonetheless. They're basically saying "Since England isn't going to declare war on the USA, any preparedness for receipt of an attack by the USA shouldn't be considered in overall military preparedness". That's of course rediculous. Protect only against the popular virus and the unpopular virus will begin to spread.
Not a fan (Score:2, Informative)
Re:No more.... (Score:3, Informative)
Re:No more.... (Score:4, Informative)
Norton is itself a virus. It hogs resources, causes errors, and can't be removed without killing the host.
For what you pay, you should get something that is better than cheaper or free products available on the web...I usually replace Norton with AVG, and while I'm not a huge fan of AVG, I've never had anyone complain.
Re:That's why I (Score:3, Informative)
Re:No more.... (Score:3, Informative)
I've had a number of friends say this to me also, and I have been meaning to replace Norton with AVG (after my subscription runs out), but I haven't been able to get off my lazy ass and do it!
I've had a good experience with Norton over the years, but recently the quality of their product (read: quality sucks now!) has gone way down. For me, I first noticed it when they removed parental control from their antivirus product, and made it a free "add-on" that you had to install separately. WTF??? Why did you remove functionality that was previously included, just so I have to install it separately?!?!? In addition, they made it so goddamn hard to find the install file that it was equivalent to spending a couple hours with a help desk technician in India!
I'm sure I won't replace Norton until I get my full use of the subscription that I paid for. Or, when a virus kills my PC (knock on wood).
Re:PoCs (Score:3, Informative)
Proof of Concept; sad, but in Securityville this is actually used often enough that it would be considered a "normal" acronym. The debate usually revolves around the fact that a lot of PoC's are completely esoteric and can't be made into actual workable mass-market exploits.
Re:What's a PoC? (Score:1, Informative)
Proof of Concept.
Re:No more.... (Score:5, Informative)
Correction:
The reason Norton is on any PCs is because Norton pays PC companies to install it by default AND IT IS ALMOST IMPOSSIBLE TO REMOVE.
Cleaning viruses off by hand is easier than uninstalling Norton.
Re:No more.... (Score:3, Informative)
Common knowledge generally doesn't require a citation.
industry created whole (Score:3, Informative)
Proof of concepts are tangible vectors to infection. By not including and rigerously detecting such methods, they AV companies will allow more viral products into the market. This is a very self-serving stance.
I actually see problem of trust emerging. Once upon a time KAV was a brilliant peice of software that ran in DOS well enough to remove the plague of Win95 Marburg infections that hit the UK gaming community after a bad cover CD. That was a time when viruses existed, and you had to stop them infecting you. The prospect of new and novel viruses infecting you wasn't really an issue as home Internet penetration was small. As such, AV software wasn't marketed as the only thing you needed to stop all viruses forever, but as a tool that will detect more than its competitor more reliably. The money you paid was for a good huristics engine that was fast, efficient and more importantly, updated reguarly.
Now I see AV products as nothing more than 'ineffective-ware'. If AV programs claim to prevent the infection of known viruses, and reduce to risk of infection from emerging viruses, I'd probably have more faith in the industry. But they don't... in subscribing the "we can protect you from everything" marketing hype, almost every AV company has asked us to put faith in their product to stop "unknown" viruses... and we expect them to.
They don't. It's a computational nightmare.
KAV are in a past mindset. They have to change. They have to consider that what people really want is reliability - they want software guarantees. If any peice of AV software is going to help the market rather than hinder it, it is going to be reliable. What is the most reliable part of an infection? The vector, not the virus itself.
The truth is really in the pudding. Viruses have changed. Almost all now are polymorphic and highly reentrant. A few lines of code will change a signature making it undetectable. Fnfection is detectable at the point of entry. If the research is put into proof of concept code in making a system vulnerable, then the AV response should be to track and thwart that success.
Matt
Process - Not Product (Score:4, Informative)
Security for me begins with sensible configuration of the router and the PC's on the network, then it moves to access rights and regular patching of said computers.
This includes regular checkups and glancing at logs every three days or so to look for obviously suspicious traffic. Finally, after all of these steps, I use Kaspersky (since I had heard good things about it) together with rootkit detector. (Oh, and Firefox with NoScript)
All of this prevents pretty much all the scriptkiddies from getting in (I hope), but then again, the best thing you can do is to not download anything you don't know what it is.
Re:No more.... (Score:5, Informative)
May I recommend the Norton Removal Tool [symantec.com]
It shouldn't need to exist in the first place, of course - the uninstall should work - but IME it works pretty well.
Used Many AV over the years (Score:2, Informative)
Re:No more.... (Score:3, Informative)
>6. Open the registry and go to the RUN key and delete all the Symantec entries
>7. Reboot
Norton likes to hook into stuff like the ATAPI drivers. If you kill all of the Symantec registry entries, neither Windows XP nor vista will be able to start. Easy fix with Vista, but on XP you're just boned. I know this from personal experience.
Just use the Norton Removal Tool provided by Symantec. It works really well, assuming your Norton isntall isn't completely FUBAR. If it is, well, you were probably due for a format anyway.
On another note, when Norton is uninstalled or the subscription runs out, it sometimes completely destroys the computer's ability to network. As in you can't even get an IP address. I can't count the number of times that a PC had mysterious network problems that were solved by Norton Removal Tool. And this is in addition to NIS blocking legitimate traffic like Windows file sharing. There really is no excuse for running Norton anything, let along Norton Internet Security.