Follow Slashdot stories on Twitter

 



Forgot your password?
typodupeerror
×
Security Software IT

The Insecurity of Security Software 264

H316 writes "BusinessWeek is reporting that, despite a number of software products meant to safeguard Windows PCs from harm, a rising number of them endanger their hosts because of poor design and flaws. From the article: 'A new Yankee Group report, to be released June 20, shows the number of vulnerabilities found in security products increasing sharply for the third straight year -- and for the first time surpassing those found in all Microsoft products.'"
This discussion has been archived. No new comments can be posted.

The Insecurity of Security Software

Comments Filter:
  • Insecure (Score:5, Funny)

    by MarkRose ( 820682 ) on Sunday June 19, 2005 @01:28PM (#12857123) Homepage
    Security software is insecure? Maybe it's just having a bad day and needs a hug. *hugs security software*
    • Re:Insecure (Score:4, Insightful)

      by Reaperducer ( 871695 ) on Sunday June 19, 2005 @01:59PM (#12857266)
      It's official. The cure for Windows is worse than the disease.

      Sounds like a Soviet Russia joke waiting to happen.

      Imagine telling someone you don't run Norton/McAffee/etc... because it's not secure. Now you have to switch to Linux/OS X for both a more secure operating system, and more secure applications.
      • We've been running AVG for the past 3 years and it is a perfect solution for people looking to actually have a virus protection system that works.

        www.grisoft.com

        It will find a LOT of viruses/trojans etc that the 'big' software won't and is completely free for personal use (including updates, no subscriptions etc).

        AVG is one of the 3 main applications (along with zonealarm & firefox) that get put down on any machine that i'm called in 'to fix' - which happens on a weekly basis...average people think that because their computer came with norton or macafee that they should use it, but these programs do nothing but give a false sense of security, take up significant processor & memory resources and are basically useless in actually finding or preventing viruses etc from getting onto their machines.
      • I feel vindicated (Score:3, Interesting)

        by Moraelin ( 679338 )
        As I've been saying before, it's not just that they're insecure too, it's that it's a pain even when working as intended. In fact, it's often worse not just than Windows's being vulnerable, but actually worse than being virused.

        They're slow for a start. At work we've tried copying the same large directory full of many small source files to a file server, once with Norton Antivirus running on the workstation and once without. Without it takes tens of seconds. With it, it takes slightly over 40 minutes.

        And
  • by yagu ( 721525 ) <yayagu.gmail@com> on Sunday June 19, 2005 @01:29PM (#12857127) Journal

    Yeah, don't know if this has changed, but on one of my machines my "virus" protection software absolutely needed Internet Explorer, and would override my default browser setting to use IE for any of it's "transactions"... Considering the history and track record of IE and my long ago decision to eschew any use of IE this was upsetting to say the least. I cancelled my subscription, sent a letter, and re-upped with a different vendor. To this day, I've never gone back to check to see if this vendor has "fixed" their approach, though I never got any response to my letter. (I choose not to name names, it isn't necessarily about "them"... I find this to be a somewhat absurd universe that an entire industry has grown up around an OS stillborn in the context of capable security (not perfect, just capable!) Heavy sigh...

    Not to worry, though, maybe an industry will spring up around the security software industry... providing us with meta-security software...! (even heavier sigh.)

    Aside: (but related), I wonder, has anyone ever investigated, researched, done any benchmarks about how many/what percentage of CPU cylces are allocated just for virus checking (and other security checks)?

    • Oh god what is really scary is that I can imagine a slick salesman selling someone Antivirus-Antivirus software. It makes sense if you are a laymen.

      What happens if your antivirus software is attacked? If it goes down you are vulnerable. Here is a $20 program to protect it.

      Goodbye I'm off to get rich.
      • Oh god what is really scary is that I can imagine a slick salesman selling someone Antivirus-Antivirus software. It makes sense if you are a laymen.

        In a sense (pun intended) it's already happening. Not only is the virus called "anti" sold, it often even comes pre-installed.

        Have you ever heard of a patched roof being sounder than the original?
      • Both Netscape and MS gave away their browsers dreaming of the marketing potential of networked computers. There really are people who dream of a brave new world run by marketers.

        I can imagine a slick salesman selling someone Antivirus-Antivirus software.

        What is even more amusing is that many of the antispyware programs are developed by spyware firms. Some are simply trojans for spyware, while others have the admirable goal of protecting the spyware's programs from other spyware programs. "We will ke

    • by 64nDh1 ( 872430 ) <my/.Username@gmail.com> on Sunday June 19, 2005 @02:14PM (#12857338)
      In my experience Norton Antivirus ignores default browsers and uses Internet Explorer when you ask it to take you to the instructions for manual virus removal.

      Norton Antivirus, despite regular updates by LiveUpdate, does not give full scans in that it does not find certain very frikkin' major trojans on any Windows system. The Shinwow virus that still resides on my XP system is a case in point, as is the Java byte exploit which allowed another user on the system to accidentally have it put there by some scurrilous website,

      On Mac Norton Antivirus lost a lot of respect, and a lot of Mac users will just tell you that AV is for suckers anyway, but Norton pissed off people when their existing disk utilities (Speed Disk, Disk Doctor I think) which handled drive optimization was not Panther compatible. Certain people (those running the 10.2 Norton on Panther 10.3) lost complete functionality on their hard drives ("churning" is how I saw it described) requiring formatting with (AFAIK) no chance of file recovery. Same goes with using Norton 9 on Tiger - don't.

      When using Norton Antivirus year on year the 'upgrades' mean that your boot time, and logon times increase. See my first point that this does not mean that you are more protected as at least one older known trojan is still undetected by a full system scan.

      If you enable Program Launch Monitoring then Norton will tell you about absolutely every little thing that accesses the internet. This is a good thing, but from what I can see, they've taken out the damn option to "Don't show me this bullshit again, of course Firefox is going online!" and it keeps happening.

      Just earlier today, I let Norton integrate itself into my Dad's mail client, Outlook Express, then I got 5 warnings that NORTON was being called by another program, and accessing the internet. This isn't even the veil of a false sense of protection. I increasingly think this junk is being coded by morons. Compared to each other, EZ Armour, eTrust Antivirus whatever it's called runs a scan faster, finds more, and I trust it more. It's not any worse to boot speeds. And while 'the devil you know is better than the devil you don't' I'm looking to return to some sort of honeymoon period so that you don't feel cheated and abused for spending on a program which you need due to stupid security holes and ignorant malicious script kiddies.

      My antivirus experience is getting so bad, and so resource intensive, that I have taken to schooling every member of my family who use the computer and who will listen, and I am showing them how everything can be done as promptly on SuSE 9.1 Pro in KDE with Firefox and KMail. This switch is nothing to do with Windows frustrations which are relatively minor, this is just to do with lugubrious boot times and all those lost proc cycles.


      • Switch to either Grisoft AVG or Avast.

        Both are free for home use, and are lightweight on resources. Neither are supposedly as good at catching everything as Norton or McAfee according to the tests, but they're quite good enough for home use where they aren't dealing with thousands of emails at a time.

        I've used one or the other for over two years with no problems on my 2GHz AMD system. I switched from AVG to Avast when AVG suddenly started turning off its email scanner for no known reason after two years,
      • I was getting tired of the constant uninstall/reinstall cycle for Norton AV caused by LiveUpdate failures, but a specific incident finally killed Norton--and Symantec--dead for me.

        My boss's laptop developed some sort of flaky problem. (It's been a couple of years and I don't rememeber details.) After several days of poking around in newsgroups and Google, I finally found the problem described in Symantec's knowledge base.

        It arose when a particular flawed update to Norton AV was downloaded and install
      • Well, what I do that seems to work is use NOD32 with only on demand scanning, and use drive images to keep everything going well. But that might be beyond most non techies.
    • Not to worry, though, maybe an industry will spring up around the security software industry... providing us with meta-security software...! (even heavier sigh.)
      Sounds like the insurance industry. Next thing you know, you'll be receiving $500 fines for not subscribing to at least one security software scam.
    • "Aside: (but related), I wonder, has anyone ever investigated, researched, done any benchmarks about how many/what percentage of CPU cylces are allocated just for virus checking (and other security checks)?"

      On a related note - aren't some of those cpu-cycle-eating virus scan options rather redundant? (Serious question) if you've enabled on-the-fly virus scanning of reads/writes from/to the disk, aren't the other options - incoming email scans, for instance - unnecessary? I guess I'm wondering which "adde
    • by Anonymous Coward
      I wonder, has anyone ever investigated, researched, done any benchmarks about how many/what percentage of CPU cylces are allocated just for virus checking (and other security checks)?

      Realtime virus scans are triggered whenever an application is launched. It literally runs the application in an virtualized sandbox for a designated number of cycles while scanning the memory for heuristic patterns of virus behavior. After the designated time the checker gives up and no longer analyzes the running applicati
    • Name the names, damnit! It's incredible that for once that somebody posts some useful info they then go and make it impossible to use! Just what is the problem with letting other people avoid the same problem you had?
  • by CyricZ ( 887944 ) on Sunday June 19, 2005 @01:30PM (#12857136)
    Companies like McAfee and Symantec are out there to make money. Their first and foremost goal is financial profit. Only then do they concern themselves with providing secure security software. It's plainly obvious that profit comes before quality when dealing with PC security software companies.
    • Exactly. Why would they bother when the sense of security does the trick? They only have to make that sense feel realistic enough...
    • The sick part is that anti-virus software was standard when you bought a new PC (from major brands). Now, you've got to buy their subscription services to use them for more than 30 or 90 days.

      Total rip-off considering Windows is just as insecure as ever and IE is the default web browser when you open the box.

      I've always said, when a new version of Windows is coming out to buy Symantec stock as everyone has to rush out and buy all new versions of anti-virus. (Not that there isn't free alternatives, but it

    • This also perfectly applies to Microsoft's attitude toward security. If it isn't making Bill money, he just doesn't give a shit.

      The other problem is programmer quality: if you don't have corporate standards - and quality control people who know enough about code security to enforce them - you get security problems. Most quality control people are just testing the program to see if it WORKS. They need to have people testing it to see if it can be BROKEN - or broken INTO.
  • Meta-patches (Score:4, Insightful)

    by moz25 ( 262020 ) on Sunday June 19, 2005 @01:31PM (#12857144) Homepage
    Next thing you know, not only the OS and the programs that mitigate/stop the harm which patches protect needs patches, but also the program that does the patching.

    On the plus side, the patch cycle is probably a lot shorter with the security products and automated patching is less of an issue than with the OS itself, which is much more complicated and requires a ton more testing.
  • Chocolate Sprinkles (Score:4, Interesting)

    by Bimo_Dude ( 178966 ) <bimoslash AT theness DOT org> on Sunday June 19, 2005 @01:32PM (#12857150) Homepage Journal
    I can't remember where I read it, but it goes something like this:

    "If you put chocolate sprinkles on shit, all you have is shit with sprinkles on top."

    The point being, the software that runs on top of any OS can only be as secure as the OS itself.

    • You keep saying that joke but I do not think it means what you think it means. The point of that joke would be more appropriate when discussing, say, Windows being made prettier (through GUI widgets, pretty colours, animations, fading menus, etc) without the underlying OS core being improved. Shit: OS Core Sprinkles: Pretty GUI crap
  • Verisign (Score:5, Insightful)

    by tehshen ( 794722 ) <tehshen@gmail.com> on Sunday June 19, 2005 @01:34PM (#12857157)
    "Software is software," says Ken Silva, chief security officer for VeriSign. "I wouldn't classify it as a failure on the part of the security industry. Hackers are just getting a little smarter."

    If hackers (crackers?) are getting smarter, and the security industry isn't catching up with them, then I'd say it's definitely the industry's fault.
  • windows (Score:5, Informative)

    by Anonymous Coward on Sunday June 19, 2005 @01:34PM (#12857160)
    Windows seems to be responsible for that 40 million credit card breach:

    posted originally at groklaw:

    All of the marketing hype in the world cannot make Micro$oft a better system
    http://finance.messages.yahoo.com/bbs?action=m&boa rd=1600684464&tid=cald [yahoo.com]
    &sid=1600684464&mid=274625
    A Tucson Arizona credit card processor has been implicated in a security breach
    which resulted in fraudlent charges and the exposure of 40 MM accounts.
    CardSystems Solutions has helpfully posted a Computer Operator job listing. This
    makes it clear that the system breached was running M$ OS.
    www.cardsystems.com/careers/ComputerOperator_ 0410. pdf
    A seperate database developer job posting has a VBScript experience requirement,
    leading to the presumption that VBScripts were at the heart of the card
    processors data management.
    A quality assurance job posting required experience in Windows NT and Windows
    2000. Using these obsolete systems was part of the innovative "security
    through obscurity" policy of the part of the card processors.
    http://toolbar.netcraft.com/netblock?q=UU-63-83-95 ,63.83.95.0,63.83.95.255 [netcraft.com]
    3330975
    www.cardsystems.com
    CardSystems Solutions, Inc., 6390 East Broadway, Tucson, 85710, United
    States April 1997
    Microsoft-IIS/5.0 Windows 2000

    Mastercard is running Apache on Solaris
    http://toolbar.netcraft.com/site_report?url=http:/ /mastercard.com [netcraft.com]
    Mastercard International
    2200 MasterCard Blvd OFallon MO US 63366
    Solaris 8 Apache/1.3.27 Unix mod_ssl/2.8.12 OpenSSL/0.9.7
    mod_perl/1.27 29-Jul-2003

    Was Mastercard to blame running a decent OS
    Or was CardSystems to blame for running Micro$oft crapware.
    • Re:windows (Score:5, Informative)

      by Saeed al-Sahaf ( 665390 ) on Sunday June 19, 2005 @02:06PM (#12857294) Homepage
      Tru about CardSystems Solutions being a Windows house, though I suspect it's not web site VBScript that is at the root, if anything VB6 or some .NET crap.

      As to MasterCard running Apache on Solaris, what makes you think their web server has much at all to do with back-end credit card processing?

      • As to MasterCard running Apache on Solaris, what makes you think their web server has much at all to do with back-end credit card processing?

        Nothing, but if they care about web server security, then chances are that they also care about the security of their credit card transaction systems.

    • Re:windows (Score:2, Informative)

      by Anonymous Coward
      Ah, now that's not the whole picture.

      Looking through Cardsystems job section, the clearly [cardsystems.com] advertise [cardsystems.com] for non-MS expertise; UNIX scripting, Oracle and a bunch of other stuff besides. From the job descriptions of other jobs, it's clear that they run systems on NT and VMS servers, which - sorry to disappoint you here - is pretty standard for credit card processing. It's not security through obscurity at all, it's security through not having the lastest Swiss cheese OS.

      It's also important to point out that the
    • Of course running with outdated Apache and mod_ssl version is much better. Current versions are Apache 1.3.33 for the 1.x branch and mod_ssl 2.8.22.

      Netcraft reports that the Server string last changed almost 2 years ago!
  • by Psionicist ( 561330 ) on Sunday June 19, 2005 @01:35PM (#12857166)
    Anyone here actually trust Yankee Group anymore? Remember this? http://linux.slashdot.org/article.pl?sid=05/04/05/ 007214&tid=163&tid=187&tid=109&tid=98&tid=106 [slashdot.org] Well, it turned out that the study was funded by a windows house: http://filtered.typepad.com/markjones/2004/04/abou t_face_on_y.html [typepad.com] "The survey was funded and carried out by Sunbelt Software, a vendor of Windows utilities, which publicised the survey through a mailing list called W2Knews, which bills itself as "The world's first and largest e-zine designed for NT/2000 System Admins and Power Users"."

    So who funded this report?
    • Its a choice between heart attack or cancer.

      If you're using Windows or any product developped for and/or with Windows, you're vulnerable.

      Basically, the problem is with the approach to software develpment. It wouldn't matter whether you were using a Microsof product or a product developped with the development tools.

      The end result is you're vulnerable.
    • May be foundede by MS, but this kind of result is not so good for them, so, if it is biased I can't understand how. Discovering that the traditional approaches are becomming useless to solve Windos security problems is not something MS would pay for publishing (makes more sense if you think of this as internal research).
  • by Anonymous Coward on Sunday June 19, 2005 @01:36PM (#12857171)
    You get security by having a secure design. If you need to kludge on some software to take the existing non-secure design and patch it up, that proves that the resulting system is also not going to be secure.

    Linux is somewhat ahead in this in that protected memory is part of its "DNA", unlike Windows which ultimately comes from the culture of DOS, which has no protected memory and is not multi-user.

    But still, Linux is only just a little bit better. We need to move to real secure designs such as:

    • Coyotos [coyotos.org]
    • Jnode [jnode.org]
    • SE Linux [nsa.gov] (already incorporated in Fedora)
    • EROS [eros-os.org] - has now become Coyotos, above
  • by CyricZ ( 887944 ) on Sunday June 19, 2005 @01:39PM (#12857180)
    It's painfully obvious that for any applications requiring real security, you just plain shouldn't use a PC. I got ragged on a lot by my coworkers, but I always recommended an OpenVMS (on Alpha or real VAX) solution. Funnily enough, that stopped after their PC based solutions running Windows 2003 Server were cracked on a weekly basis. And that was on one of our smaller, less known websites. Our major web sites, which we run off of our OpenVMS cluster, remain completely secure.

    Indeed, VMS offers the best combination of security through security and security through obscurity. The system itself is inherently rock-solid, stable and secure. Combined with the fact that most script kiddie crackers, and even some of the more seasoned pros, lack basic VMS knowledge, you're looking at very reliable systems from a security standpoint. The chance of becoming the victim of crackery is very minor.
    • by A beautiful mind ( 821714 ) on Sunday June 19, 2005 @01:51PM (#12857235)
      "Combined with the fact that most script kiddie crackers, and even some of the more seasoned pros, lack basic VMS knowledge, you're looking at very reliable systems from a security standpoint."

      Security by obscurity, security nontheless. But, as some wise man once said something like this: you can increase a system's security right down to unusability. Security only makes sense when you gain from using it. Personally i do not see the point using vms as a webserver, when you could run it for example on openbsd, which would probably decrease security a bit, but improve your productivity a lot. I'm sorry, the DCL-hating person speaks from me. ;)
      • We're running a BIG website. OpenBSD just doesn't scale to the magnitude we're running at. It doesn't offer the clustering capabilities of VMS. While it's better than Windows 2003 Server security-wise, it still doesn't offer the security of VMS. Switching to OpenBSD would most likely lower our productivity, assuming it were possible. Maybe of our web apps were built up around our legacy COBOL applications. While writing CGIs in COBOL is not very fun, at least VMS can handle that. OpenBSD lacks basic COBOL s

        • If you're still running legacy COBOL apps on a legacy OS, you have worse problems with productivity than security, I'd say.

          You're working for a company which will shortly be out of business (unless of course your company dominates your industry - other factors than IT do apply in the real world) - I suggest posting your resume now.
          • by CyricZ ( 887944 )
            On the contrary. Our systems have had years to stabilize and mature. Like I said, attempts to migrate to more recent systems have met with dismal failure, mostly because the proposed PC-based Windows 2003 solutions fall flat on their face security wise. More secure solutions, like OpenBSD, just can't handle the workload. They don't offer the clustering support we need, let alone the infrastructure necessary for an operation the size of ours.

            A switch to a non-VMS, non-COBOL solution would markedly decrease
            • You're missing my point.

              What is it costing you to develop Web solutions in a language and platform never intended for Web solutions? That's GOT to be costing you more than some script kiddie managing to break a newer platform and defacing your Web site.

              I can believe the Windows 2003 Server platforms are inadequate, but a properly hardened Linux platform - running on an IBM mini-mainframe or large SUN systems if necessary - should be quite scalable enough for your needs and would allow you to develop more
      • Something I think too many people forget is that passwords are security through obscurity. It isn't something that should be relied on if you don't have to, but it's better than nothing.
    • >> their PC based solutions running Windows 2003
      >> Server were cracked on a weekly basis

      Microsoft runs a shitload of web presence on W2K3, and the only case when they had a breach was when admins simply ignored applying patches. Maybe your admin is incompetent? Mind you, I run Linux on my servers myself, but having apps broken into on "a weekly basis" indicates that someone is not doing their job. VMS ain't gonna change that.
    • Security through obscurity won't work for one simple reason: if the system is so obscure that hardly anyone can use it, it will be trivial to compromise to anyone who knows what he is doing. If you are worried about script kiddies, it's a workable solution. If you are worried about security, it's not secure unless you have regular 3rd party audits and stuff like that.
      • if the system is so obscure that hardly anyone can use it, it will be trivial to compromise to anyone who knows what he is doing.

        Have you looked at the documentation [hp.com] for OpenVMS? Is is most definitely not security through obscurity in the sense that you appear to mean.

        This [cert.org] is the last really major security problem OpenVMS had. Unlike Microsoft there weren't a million and one variants of this, or occurrences of the same problem in different places.

        Now, if OpenVMS seems obscure to you, I'm sure t [vistech.net]

  • by Anonymous Coward on Sunday June 19, 2005 @01:39PM (#12857181)
    Instead of fixing the underlying problem most 'security software' (at least at the desktop users end of things) is a patch which restricts, inhibits or breaks some 'weak' feature of the code beneath it. Adding further layers of complexity only increases the chances of creating further holes with the added danger that users feel protected and hence don't pay attention to simple day to day good security practices.

    As time goes by I am becoming fascinated by the whole 'security software industry'. It doesn't take a leap of tin foil hat conspiracy theory to get to wonder whether large companies with a vested interest in there being malware in the environment, and who admittedly employ virus writers, might not be playing with an entirely straight bat when it comes to ethics. I wonder if someday soon we will see 'proof' of this in some form when it becomes apparent that a 'security' company had apriori knowledge (ie they wrote it) of a nasty virus which then went on to cause a lot of damage out there. Holes in their software comes as no suprise. In fact when you use a security product you are handing over huge amounts of trust to the writers. Do I trust Symantec et al. No way, for one I haven't seen their source.
    • by slavemowgli ( 585321 ) on Sunday June 19, 2005 @04:32PM (#12858108) Homepage
      Here's some food for thought with regard to anti-virus companies possibly being responsible for (some) viri.

      If you look at the computer viri there were in the last 20 or 25 years, there's of course many trends, but one in particular stands out: there has been a huge shift from destructive to non-destructive viri. Remember things like Michelangelo, Stoned and so on? Many of these were actually doing damage - they'd delete your harddisk on certain dates, or overwrite files on access, or other such things.

      However, things have changed: these days, at least 99% of all viri, worms, trojans and other malware seem to be content to simply reproduce as much as possible instead of carrying an actually destructive payload. Some might be used to send spam, perform (distributed) DoS attacks and the like and thus cause economic damage, true; but the individual users' boxes are typically unaffected (except for slowdowns and similar things).

      Why did this happen? One might argue that the reason is simply that virus writers don't want to bite off the hand that distributes them anymore, or that dead zombies are useless for launching attacks against third parties. But it could also conceivably be an indication that it's different people who write viri these days, with different motivations, different limits, and different morals. And the idea that (some) anti-virus companies are secretly helping out with the creation of new malware doesn't seem so far-fetched anymore when you take into account that with a non-destructive worm, it's much easier to convince yourself that you're not doing *real* damage - especially if there's also the prospect of making money, which probably already has weakened your morals.
  • by suitepotato ( 863945 ) on Sunday June 19, 2005 @01:43PM (#12857199)
    See how many anti-spyware, anti-virus, anti-malware apps there are on sale there, with names you've likely never ever heard of. People who cannot even write semi-reliable shareware are now writing these things, and people like gullible fools are buying them.

    On the other side, you have companies like Symantec and McAfee whose best written and supported products have been known to totally hose business PCs at the drop of a hat. Secure? I don't trust them to run correctly, never mind actually do what they were installed for.

    None of this is very new, most of it seems obvious, and it is truly sad that it so many will read this and think it a groundbreaking notice instead of an afterthought by the IT world which it is. The horses are out of the barn, and now people are realizing that they got out because the tried using screen doors to hold them in, and they will predictably go look for spline and a tool to put more screening in.
  • by Anonymous Coward
    Well, the answer here is simple. We need more security products to secure the security products that are securing Windows!
  • This is surprising? (Score:4, Interesting)

    by Debiant ( 254216 ) on Sunday June 19, 2005 @01:52PM (#12857236)
    I've avoided anti-virus programs far as I can recall. I use them, but I don't like to run them in real time or pay too much for them.

    Basic problem with them is that they're just more complex code above already complex code, that tries to fix the problems that is mainly caused by that complexity in the first place.

    Result is much slower computer that the anti-virus software inadvertly affects like a viruses would.
    Stopping programms, and causing something not work correctly.

    All virus programs are basically parasites, anti-virus programs are just bigger parasites far as I'm concerned.
    They have their place, but they should be simple, free and not be the answer for security. When they are not, they're themselves a risk.
    • I agree completely. I often tell people that if you're paying for antivirus or antispyware software you're probably getting ripped off. McAfee and Norton are known to be disreputable, and I have photographic proof that for example Hotmail will let their McAfee definitions expire so that people can download some viruses that have been detectable for days [in an apparent agreement with McAfee to infect enough future customers to keep their business viable].
      And the spyware scam is no more than organized c
  • by saskboy ( 600063 ) on Sunday June 19, 2005 @01:54PM (#12857246) Homepage Journal
    The irony is almost delicious, after me using my computer for years without any antivirus program installed on it and not having a single infection, managed to get my first virus through a website and a Java flaw after installing AVG antivirus.

    Now Zone Alarm, Black Ice Defender, Symantec, and more have found serious flaws in their security products that actually make them VECTORS for infection by executing the viruses they are designed to detect and safely remove or block. It doesn't make me feel bad at all for using a naked computer all those years, as I may have had fewer unpatched/unknown vectors for infection than if I was running something like Zone Alarm all the time [although to be fair to them, the Windows hole count is far from over].
    • after me using my computer for years without any antivirus program installed on it and not having a single infection

      Although I see your point, I have to ask: without any antivirus program installed, how did you know if you weren't infected?

    • There are a lot of people claiming to run uninfected naked machines for years.

      Invariably what it means it they don't run ANY Microsoft products that access the Net - no IE, no Outlook, no Outlook Express, no nothing. AND they patch everything anyway.

      They also never indicate their volume of email, volume of Web site access, nature of Web site access (do you access sports sites, porn sites?), etc.

      To suggest that anybody else who RUNS Microsoft software on the Net can do the same just by not installing secu
    • No, you just didn't realize that you had 10,000 pieces of shit running on your computer. Ignorance is bliss...
  • Told you so.

    Now bugger off and sort yourself out. In the meantime I'll be undercutting your prices.

  • by Glamdrlng ( 654792 ) on Sunday June 19, 2005 @02:23PM (#12857376)
    I'm sure it's just a coincidence that the Yankee Group, who are not exactly known for the impartiality, have released a report saying that 3rd party security apps (read that, AV, firewall, and spyware blockers) are insecure just as Microsoft gets ready to take their spyware software out of beta and unveil their antivirus software. Riiiight.
  • I've used Mcafee Antivirus for several years now. The current version I'm using relies heavily on Internet Explorer functionality to work, which is a pretty stupid design. I haven't had a virus warning in years, and Mcafee and Norton are resource hogs, I don't see much point on using them anymore. I'm seriously thinking about dropping Mcafee once my subscription expires and trying something else.

    • If you don't get hundreds of virus-laden emails a day, switch to the free-for-home-use Grisoft AVG or Avast. They're light on resources, do automatic updates, and while they're not as good as McAfee or Norton at detecting 100% of viruses, they're adequate for home use. I've used one or the other for over two years with no problems. Of course, I don't run IE or Outlook or Outlook Express either which helps.
  • This is very true (Score:2, Interesting)

    by DigitlDud ( 443365 )
    When Microsoft turned on the automated bug reporting in XP the biggest reported cause of crashes was video drivers. But second to that was security software. Virus scanners and the like. Security software has a tendency to dig deep into the system and then crash. Virus scanners will install low-level file system filters to intercept activity, and then have a buffer overflow, bringing the whole system down with it.

    Of course since this was found out. Microsoft has been holding security software conferences a
  • by Master of Transhuman ( 597628 ) on Sunday June 19, 2005 @03:08PM (#12857594) Homepage

    I loaded a thirty-day trial version of TDS-3 on her machine and found there were only a couple trojans left.

    One of them was that goddamn crap that names a file "t?skmgr.exe" - so that you can't delete it from the XP Recovery Console because stupid Microsoft won't let the RC delete command run wildcards (for "security" reasons, right?), and you can't SEE it in Explorer because it looks just like taskmgr.exe, so you can only tell which one it is by looking at where they appear in the file listing. Then they make it a hidden, system and read-only file and of course it's in use by a process, so Windows won't let you touch it.

    Bart's PE and Knoppix couldn't help me with this one.

    Acting on a tip from the Net, I loaded Winfile, the old Windows NT file manager, and managed to rename it, move it to another directory, so it couldn't be run, and after rebooting into safe mode, I could delete it.

    The other trojan was the one that originally was driving me nuts. I forget how I finally got rid of that one.

    There was still at least one spyware somewhere, so I loaded HijackThis on and got rid of some more crap.

    And finally I found a "Security Agent" from "CastleCops" which was actually a trojan. The service was running but the rest of it had already been cleaned, so I disabled the service.

    Plus I went into the Registry and clobbered everything I could find that wasn't a known user, Microsoft or Dell installed program. I think I cleaned out a lot iof spyware keys that even all the other antispyware programs didn't find.

    Then I checked the client's account status and found she was running as Administrator, so I switched her to limited. That caused TDS-3 to stop working under her account (apparently it needs not only Admin status to install, but to run, no surprise given what it does). I got confused by XP's stupid "tri-mod flag" technigue of labeling all file folders faux "read-only" into thinking somehow the disk was screwed, but I finally determined that was not the case. So she's back to running as Administrator until I can tell her to create a new account (because I don't know what's been installed by her as Administrator so I don't think it's safe to just change her back to limited - something other than TDS-3 might break) and move her desktop icons over to the new profile.

    She seems to be clean now - no system error messages, no popups, and the system seems stable.

    It only took me another eight hours - mostly because I don't have a Bart's PE and Knoppix that's REALLY loaded with anti-trojan, AV, spyware and other tools. That's my next project - buff up my bootable tools so I can access ANY file ANYWHERE and kill it.

    I get my hands on the asshole wrote that "PurityScan" adware trojan, I'm gonna nail his knees to the floor with railroad spikes - so he stays put while I really do some damage to him.

    Somebody needs to start scanning Web sites where this crap comes from, report the assholes to the law, and get the lot thrown in jail. NONE of this stuff came in through email because my client uses Web mail exclusively. That means it came from Web sites. So why not set up a Web scanner that visits suspicious Web sites, downloads this crap into a sandbox, logs everything as evidence, then publishes it as a blacklist - a "reverse honeypot"?
    • Yup - I am currently trying to re-install a friend's Toshiba notebook. It is totally hosed and doesn't have any removable media that it can boot from and due to a shitty BIOS, it can't boot from USB either.

      The only solution is to set up a RIS system on Linux and do a network install of WinXP via PXE - what a fucking nightmare. After 3 days, I am now at the point where the setup program starts and then halts due to a path problem... Aaaaaarggggghhhh!

      I hate fucking windows.
    • For deleting/moving files that are in use, take a look at the PendingFileRenameOperations [microsoft.com] value under the HKLM\SYSTEM\CurrentControlSet\Control\Session Manager key. This value is a multi-string set of pairs of filenames: the first in each pair is the source file and the second is the destination. If the destination is blank, the source file is deleted. The session manager does this very early in the boot process, before any other user-mode processes have started. The file paths are native NT, not Win32, s
  • Until consumers stop buying broken products just because marketing hypes it up... we'll continue to have this problem. For some reason, big business loves to buy big names even when the product is severely insufficient for the task. No, I'm not talking about OS choice (that's usually a bit more complicated), I'm talking about hardware/software that comes from a big vendor and doesn't perform as advertised. The more the inferior products are subsidized, the more big corporations are encouraged to sell the
  • This is just another nail the coffin of the whole "anti-virus" idea. Even since Melissa (and even earlier) it's been plain that AV software's ability to prevent infection is always going to be limited. Take Explorezip - the company I was working for at the time of that outbreak was running up-to-date AV software. Yet we got completely smashed by that Trojan when it came in over the email and had to wait about 12 hours for a fix.

    The sheer rage on the MDs face when he met the IT director was amazing. How co
  • by Spoing ( 152917 ) on Sunday June 19, 2005 @05:42PM (#12858598) Homepage
    That's much of the reason for my sig.

    Why is this such a mystery?

Ocean: A body of water occupying about two-thirds of a world made for man -- who has no gills. -- Ambrose Bierce

Working...