Can You Trust Anti-Virus Rankings? 258
Slatterz writes "It seems nobody can agree on a universal set of tests for rating anti-virus software, with Eugene Kaspersky the latest to weigh in on the topic, criticizing the well-known Virus Bulletin 100. Kaspersky is one of several big anti-virus brands to fall foul of the VB100 tests, reportedly failing to pass a recent test of security software on Windows Server 2008, along with F-Secure and Computer Associates. At Kaspersky, bloggers have pointed out that they don't focus on detecting PoCs, calling it a 'dead end,' and saying their anti-virus database focuses on 'real threats and exploits.' 'I don't want to say it's rubbish,' Kaspersky told PC Authority. 'But the security experts don't pay attention to these tests. It doesn't reflect the real level of protection.'"
No. (Score:2, Funny)
Re: (Score:3, Interesting)
Re:No. (Score:5, Insightful)
It's "backwards", in that you don't tell them what is "good". They try to guess what would be on your "bad" list. As everyone here knows, it turns out that the "bad" list is much, much longer than the "good" list. In 2007 alone, F-Secure added more virus sigs to their products than the totality of sigs accumulated from the previous 20 years! And last I heard from them, 2008 was projected to double 2007. That sounds almost like quadratic growth to me
It's "blind" in that they aren't seeing what is actually running on your computer. For privacy (and performance) reasons, nobody provides metrics back to AV vendors about all of the executables that weren't labeled "bad", and rarely do the metrics about what is labeled "OK" actually go back to them. The AV vendors have to take a shot in the dark. They can simulate what they think your computing environment looks like, but it's just a guess. They cannot know if you have custom or proprietary software that matches one of their AV sigs unless they actually test that particular program against their sigs (and you don't let them do that, hence the "blind" remark).
Backwards and Blind is very problematic. Every once in awhile, we hear about fiascos like Symantec deciding an asian language DLL is a virus, killing all of their asian customers' windows installs for a day or two.
The question the benchmark is really trying to answer is: Which vendor's product is best tuned for the least amount of false positives and false negatives? When we should really be asking the question: Do I know what is good to run on my computers? And if the answer to that is "yes", then we should be asking the question: Why can't these vendors make a product that only allows my "good" programs to execute and nothing else?
Re:No. (Score:5, Insightful)
Do I know what is good to run on my computers? And if the answer to that is "yes", then ...
The problem with that, of course, is that the answer is "no" for most people.
Re: (Score:2)
Do I know what is good to run on my computers? And if the answer to that is "yes", then ...
The problem with that, of course, is that the answer is "no" for most people.
Not only do they not know - they likely don't have the wherewithal [wikipedia.org] to make that determination.
Re: (Score:2)
Re:No. (Score:4, Interesting)
Indeed; nor should we expect them to. The vast majority of computer users want to use the computer in the same way that they use any other appliance; and frankly, they /should/ be able to. Unfortunately, the only way to give them that experience is to a) line up all malware authors and shoot them; or b) provide them with locked-down machines that can only run Authorized Content in an Approved Manner.
The problem with that is we've just spent the last 20+ years going through massive innovation because there's no particular approval to how this tech is used. Bolting on Approval could have ugly effects. Unless, of course, that approval is from the end user. Which puts us in the same place we are now.
The other issue is that we're not dealing with a toaster. Nobody expects their toaster to also become a calculator, telephone, and TV on demand. We're dealing with a complex and powerful machine. A computer is not a toaster (or a truck - but I digress).
That doesn't mean we shouldn't be trying to simplify the tech. After all, an automobile is also a pretty advanced piece of machinery as well. But the key to this is making really intelligent and sufficiently paranoid choices on how to go about doing this so the end user doesn't have to. Part of the problem is that some aspects of the industry like to portray their products as toasters while making poor design choices; a customer base of monkeys with machineguns.
Re: (Score:2)
Why can't these vendors make a product that only allows my "good" programs to execute and nothing else?
I think you just described the Advanced Packaging Tool. [wikipedia.org]
Re: (Score:3, Insightful)
And if the answer to that is "yes", then we should be asking the question: Why can't these vendors make a product that only allows my "good" programs to execute and nothing else?
Because such a product wouldn't need to be updated every year or require monthly subscriptions.
Re: (Score:2)
Why can't these vendors make a product that only allows my "good" programs to execute and nothing else?
Hmm.. sell perfect AV solution once.. or.. sell imperfect solution on a yearly subscription.. let me think now.. no, I can't see why they wouldn't release a product based on white-listing at all!
As thePowerOfGraySkull says though, trying this method with uneducated users doesn't really work anyway, as they tend to just white-list anything without caring. It would probably work quite well for your average geek though - especially when combined with a list of hashes for well known 'good' software. As you say,
Re: (Score:2)
Ok. Then what can we trust?
Free open source anti-virus?
ClamAV is nice.
Re: (Score:2)
Some white hat guy coded RemoveWGA.exe which uninstalls the WGA check installed by Microsoft claiming to be unremovable. When you check it with Kaspersky, it says it is clean. You run trend's 'hijack this" and see what it does manually, it is clean too. You send it to Kaspersky engineer to check it once again, guy says it is really, really clean.
ClamAV detects it as a trojan, not a generic type, an actual one with name.
RemoveWGA.exe: Trojan.RemovWGA FOUND
I also took my time to tell them that it is obviously
Re: (Score:2)
Re: (Score:2)
Ok. Then what can we trust?
Free open source anti-virus?
ClamAV is nice.
How about common sense?
Common sense allowed me to run Windows since 1999 virus AND anti-virus free.
Comment removed (Score:4, Insightful)
Re: (Score:2)
To have a "complete" test we'd have to know every possible vector of attack. If we knew that then couldn't we build a perfect AV system? I doubt that will ever happen.
One man's virus could be another man's new fangled networked utility that could have similar characteristics to a virus. Wouldn't something like P2P clients or a busy SMTP server appear to be threats to a heuristic virus scanner? So you have to use black or whitelists rather than rely on heuristics. Whitelists are pretty good, but you still ne
Re: (Score:2)
Damn. I knew I should have shelled out extra for the anti-virus option on my toaster.
I'm with Kaspersky (Score:5, Insightful)
Game over.
Re:I'm with Kaspersky (Score:4, Informative)
The real fun tho is when I run WAR it detects 'keylogger like behavior' from the software. Heheee.
Re: (Score:2)
having Symantec on these machines is detrimental
Again, I really don't have any experience, but would you feel like elaborating?
Re: (Score:2)
I haven't used their enterprise stuff. But the home stuff is awful. Every time someone asks me to troubleshoot a weird computer problem for them, my first question is "do you have Norton?"
If they say yes, my first answer is "uninstall it and try again." Thus far, that has never failed to fix the problem.
It doesn't matter what the problem is. Windows not going into standby? Uninstalling Norton fixed it. Onboard RAID not working? Somehow, Norton was buggering it up. World of Warcraft not running properly? You
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
Also netcat, which is a "hacker tool", immediately deleted by our policy.
I work on proxy software. Netcat is one of those things I need on a regular basis.
Re:I'm with Kaspersky (Score:4, Funny)
Yeah, I've been pushing for Kapersky for a long time on my server, but The Dell Rep says that Symantec's is The Best AV Software out there. And he is clearly more knowledgeable about such things than a server jockey like me.
Re: (Score:2)
If it didn't have so many false positives I'd agree with you.
However Kaspersky seems far and away the most prone to them.
From random image false positives, to objecting to "hacking" tools, otherwise known as network discovery tools...
--Q
Re: (Score:2)
Doesn't really matter tho, go with what works for you I say.
Re:I'm with Kaspersky (Score:5, Funny)
I don't care about tests either, I only care about anecdotal evidence in random /. posts. If Kaspersky worked for this one guy, it's good enough for me.
(Actually my only anti-virus protection is not using IE, and not running things that shouldn't be run. I've had no problems.)
Re: (Score:2)
- Suave Shampoo for Men
- Reese's Cereal
- SILK Soy milk (great for lactose intolerance)
- Trinidad cigars (try the triple maduro!)
- Arm & Hammer Natural Kitty Litter
- Meow Mix (I tasted it, not too bad..)
- Wolf Brand Chili
- HEMP skin care products
Lemme know if you need more suggestions, I use a ton of things in my daily life!
Doesn't actually mean it's better (Score:2)
I've found that some AV scanners are too paranoid, they detect things that aren't really problems. Sophos, for example (which I pick on because it's an amazing piece of shit and we have it at work) gets all suspicious of the VMWare Tools client, and the Intel Audio Drivers because they modify the registry. Yes, really. It pops up a warning, though it doesn't stop them. I've seen other virus scanners that get set off by game trainers. They hook in to monitor key strokes, and the scanners think that's bad beh
No more.... (Score:4, Interesting)
than I can trust the hackers that write these damn viruses that keep infecting my PC! Yeah, standards in this industry would be a start in the right direction, but right now ANY virus protection software is better than none!
I use Norton Internet Security, and while it is passable, I find that it's a resource hog. I know there are other products out there that are less "intrusive", but I just don't want to take the chance (or time) with another product.
Re:No more.... (Score:5, Insightful)
Re: (Score:3, Informative)
Re:No more.... (Score:5, Insightful)
Wow, solid, well supported argument right there.
Indeed, it is. Norton really is a load of crap. It is a resource hog of cpu, memory and hard drive. I believe the only reason it is found on anyone's PC is because Norton pays PC companies to install it by default. Because, frankly, you would have to literally know nothing about AV to choose Norton. As in, you did no research and picked the shiniest box off the shelf. At which point, I have lost sympathy for the user.
My company relies on SOPHOS. In 12 years of working with SOPHOS, never has a virus had a chance to spread...despite the users best efforts.
Re: (Score:2)
My company relies on SOPHOS
Now that is something I would really love to use. I've read really great things about them, and their demo really impressed me. They even offered to craft a custom installer that would remove our current AV at no extra cost. Sadly, the higher-ups didn't go for the price because they're used to AVG. :`(
Re:No more.... (Score:5, Informative)
Correction:
The reason Norton is on any PCs is because Norton pays PC companies to install it by default AND IT IS ALMOST IMPOSSIBLE TO REMOVE.
Cleaning viruses off by hand is easier than uninstalling Norton.
Re:No more.... (Score:5, Informative)
May I recommend the Norton Removal Tool [symantec.com]
It shouldn't need to exist in the first place, of course - the uninstall should work - but IME it works pretty well.
Re:No more.... (Score:4, Interesting)
Norton is ... ALMOST IMPOSSIBLE TO REMOVE.
Which I found especially hilarious/frustrating when I was required to upgrade the version of Norton on a bunch of lab computers. The upgrade wouldn't work, and told me I had to uninstall the previous version. Turns out uninstalling the previous version was unbelievably difficult. The auto-uninstall didn't work. The Norton removal tool didn't work. Finally I had to follow a series of manual step-by-step instructions about what files to delete and what registry keys to modify.
And after all this pain and suffering to remove Norton... I had to install a new version. (That I knew would be a pain to eventually uninstall or upgrade.)
Needless to say I now avoid Norton like the plague. Yet I would argue that Norton/Symantec is widespread not only because of default installs--but because they seem to do a good job marketing to the higher-ups. They win large-scale deployment contracts, where the software annoys end users and many admins, but looks good and secure on paper, I guess.
Re: (Score:2)
Many people had good experiences with their products in the past. I ran Norton since 1999 or so. At that point I was on NT4 and it worked better than the few alternatives for NT. You are also correct about marketing. Most products people mention now were not found in stores several years ago.
I got rid of it because the lowend version started incorporating their POS firewall but without configuration options. I've had nothing but bad luck with that firewall. It often gets damaged during updates and I'd
Re:No more.... (Score:5, Funny)
Oh come on who are you kidding? It is easy to remove:
1. Log in as administrator /s Symantec /s Symantec
2. Open command prompt
3. cd \Program Files\ and rmdir
4. CD Common Files and rmdir
5. Open the registry and go to the SERVICES key and delete all the Symantec services
6. Open the registry and go to the RUN key and delete all the Symantec entries
7. Reboot
8. Install and run ccleaner, run the registry tool and let it clean up the now-broken library registrations
9. Use the uninstaller tool in ccleaner to remove now-broken uninstallers (that don't really clean up Symantec's poop trail ANYHOW)
10. Now try removing the directories again (steps 3 & 4) to remove the remaining Symantec poop
There, now Symantec PoopWare is now completely uninstalled. Now, wasn't that easy?
Re: (Score:3, Informative)
>6. Open the registry and go to the RUN key and delete all the Symantec entries
>7. Reboot
Norton likes to hook into stuff like the ATAPI drivers. If you kill all of the Symantec registry entries, neither Windows XP nor vista will be able to start. Easy fix with Vista, but on XP you're just boned. I know this from personal experience.
Just use the Norton Removal Tool provided by Symantec. It works really well, assuming your Norton isntall isn't completely FUBAR. If it is, well, you were probably due for
Re: (Score:2)
Re:No more.... (Score:5, Insightful)
So Norton finally got their act together with the 2009 version? Good for them. But, they have a long road to travel to fix the perception that their product is bloated. Such a history is difficult to change overnight.
Your brief review is possible shilling (Score:4, Insightful)
You do realize that's it's possible, albeit likely Norton encouraged them to write the review?
I believe this is tangent to the point of the /. article: not only are tests flawed, but you should inherently not trust any major news source to unbiasedly review a product.
- Why do they only compare it to Kaspersky?
- Why do they mention ram but not a speed comparison (I'd gladly give up 15mb of more ram just to have better performance in my AV, ram is dirt cheap)
- If NIS2009 is so "lite", why don't they mention the specs in comparison to older NIS (only Norton would want to cover up their old specs, which is a core issue that makes me suspect this is a shill article).
Not to mention I never trust any online news source, including tech sites, to have somebody savvy enough to know how to test an AV properly, which, as the /. article points out, not even the AV "experts" have figured that out, much less some tech site.
Re: (Score:2)
[Your implicitly suggested alternative] is an utter piece of crap, it would be advisable to get rid of it now.
Citation required.
Re: (Score:3, Informative)
Common knowledge generally doesn't require a citation.
Re: (Score:2, Funny)
Re: (Score:2)
Re: (Score:3, Insightful)
Re: (Score:2)
The new version is supposed to be an entirely new rewrite. Not to push it or anything, but I read an article where the Symantec executive admitted that their previous software was shit, and they were starting anew. You know what they say about admitting the problem to be the first step to fixing it.
I hope Symantec goes back to writing their nice, clean antiviral software. I remember the good old days of Symantec not sucking.
Re:No more.... (Score:4, Informative)
Norton is itself a virus. It hogs resources, causes errors, and can't be removed without killing the host.
For what you pay, you should get something that is better than cheaper or free products available on the web...I usually replace Norton with AVG, and while I'm not a huge fan of AVG, I've never had anyone complain.
Re: (Score:3, Informative)
I've had a number of friends say this to me also, and I have been meaning to replace Norton with AVG (after my subscription runs out), but I haven't been able to get off my lazy ass and do it!
I've had a good experience with Norton over the years, but recently the quality of their product (read: quality sucks now!) has gone way down. For me, I first noticed it when they removed parental control from their antivirus product, and made it a free "add-on" that you had to install separately. WTF??? Why did you re
Re: (Score:2)
avg is a product that was last good in 2002. maybe it was still passable in 2003. but by 2006 it was so far behind everything except clam av that it was equivalent to not having any real protection from hackers.
real security comes in 2 parts. 1 part firewall 1 part anti virus/malware/etc. if you're going to push a 'free' product at least pus one that includes a firewall, like comodo. version 3 of their firewall includes a very vistay popup style security against code execution. annoying, yes, but if yo
Re:No more.... (Score:5, Funny)
It doesn't spread, so it's not a virus. More like a cancer. Or a birth defect, if it comes pre-installed.
Re:No more.... (Score:5, Funny)
but right now ANY virus protection software is better than none!
That depends, do you walk around all day with a rubber on your weiner? No? Newsflash, niether does your computer, so stop putting it's dick everywhere.
Re: (Score:2)
It's crude, but a wonderfully accurate analogy. These conversations are like arguing over which condom gives you the best protection when screwing hookers, when the right answer is to just stop screwing hookers.
Re: (Score:3, Interesting)
Would you consider using ZoneAlarm for your software firewall (or get a "hasbro" level appliance for home if you don't have one and don't bother with a software firewall if the PC isn't mobile), and then a F/OSS AntiVirus package that does AntiVirus and ONLY antivirus? If so, then check out Moon Secure AntiVirus. [moonsecure.com] I run it on my Vista installation (which exists for gaming).
On Linux, I don't worry about it. In fact, I submit bug reports to malware authors complaining that their crapware doesn't run on WINE
2009? (Score:2)
Have you tried 2009 versions? 2009 version is a total rewrite from scratch. Installs and uninstalls can take about a minute on a fast computer. Low memory usages (no hogs).
Tests need to evaluate _something_ (Score:5, Informative)
Take crash tests on new vehicles. Name me one that doesn't have a 5-star crash rating? The rating system is too easy, and needs to constantly be moved to achieve a new level of betterness. Not everybody should get A's. Once the majority of players reach a standard, the standard should be moved to motivate advancement in the field and show the better of the pack.
For example, the 5-star front-impact crash rating is par for the course now... but nobody seems to advertise the offset crashes, such as the right half of your bumper hitting the left half of your 'opponents' bumper. Why? Because it's sad in comparison. It's also not pretty to watch.
So all the power to making the standards hard to achieve. Yes this may not be the 'real world' threat, but it's a threat nonetheless. They're basically saying "Since England isn't going to declare war on the USA, any preparedness for receipt of an attack by the USA shouldn't be considered in overall military preparedness". That's of course rediculous. Protect only against the popular virus and the unpopular virus will begin to spread.
Re:Tests need to evaluate _something_ (Score:5, Insightful)
Re: (Score:2)
Well, here's one [safercar.gov].
Also keep in mind that when you see car ads saying "5-star saftey rating", the fine print typically says that it was for only one or two of the half-dozen test the NHSTA does. If you want a car that gets 5 stars across the board, that's not as common as cars which get a single 5-star rating.
NHSTA has one set of standards that all makers must conform to. The IIHS is NOT a government entity and is much harsher on vehicles.
Not necessarily (Score:2)
For something like crash testing, the ultimate limit is the human body. You can only survive an impact of so much. So if the car can survive more without a catastrophic failure, well it really isn't meaningful. So I can see having something like a 5 star rating meaning "The car can take more than you can." Basically that you are going to die from acceleration shock before something in the car would fail in such a way as to cause injury/death.
Continual raising for the bar for it's own sake isn't always usefu
Re: (Score:2)
5-point harnesses have been known to be safer than tri-point lap/shoulder belts, yet other than baby seats, where the size is age based, and which can be sold second hand at thrift stores.. the only people using a 5-point harness (and a whiplash restraint) is nascar/truck racing.
the problem, adjustable 5-point harnesses are a real pain and so the big auto market 3-point 'height adjustable' restraints as an improvement over lap belts. when adjustable 5-point restraints become affordable for the consumer segm
Re: (Score:2)
Not everybody should get A's. Once the majority of players reach a standard, the standard should be moved to motivate advancement in the field and show the better of the pack.
So all the power to making the standards hard to achieve.
I find these to be odd statements. It was my understanding that the test is supposed to exist to give me an idea if I'm actually being protected from a threat, not as a giant dick-measuring contest. What you propose is an infinite "advance the field for the sake of advancin
Comment removed (Score:3, Interesting)
Re: (Score:2)
I suspect the imaginary threats they fail is like the usual wintrolls argument "So do you think Linux/OS X is secure? Run rm -rf / and see what happens." They run a test which no actual virus/worm author (it is a money making industry) will bother to code and they blame real life solution failing to detect it.
Couple of worms actually install pirate Kaspersky with a special setting to ignore them so they are sure they are the only malware they are running. That is the prestige of Kaspersky for you and state
Re: (Score:2)
Technically, your operating system should protect you against that in the first place. I don't even know why there are still antivirus programs in this world. We had virusses back in the day of DOS when memory was accessible by anyone and everyone had the same permissions (even back then, OS/2 and other OS'es had better functionality without virusses) but nowadays, the only reason your box should be rooted is because of an exploit in a misconfigured box and nothing can protect you against that.
I was going t
That's why I (Score:4, Interesting)
Bullet proof? Of course not.
So far with Avast, AVG, (mind you one virus product per computer only) ZoneAlarm, FireFox, and some basic sense I haven't been hit.
My only issues (sad enough) is when a windows update broke Zone Alarm and when AVG detected Zone Alarm as a virus (cause a new version came out) and shut it down.
Now that i really think of it all the products designed to protect me have been the ones giving me all the trouble. HAHAHA (as I cry)
Re: (Score:3, Informative)
Re: (Score:3, Interesting)
The new version of Kaspersky and couple of other vendors who spends money to development instead of animated ads tries to go with "white list" approach.
For example, while it does very suspicious things (due to its function), Zonealarm is very known to the AV solution and once it is surely the ZA it trusts, it won't bother with it too much UNLESS it starts doing things which it isn't known to do. It adds lot to the performance and Kaspersky is the last vendor to blame about heuristics since its early version
Re: (Score:2)
well, i like comodo as a firewall far better than zone alarm. there ARE ways zone alarm can be replaced with a trojan that simply turns off all the firewall abilities of zone alarm. I've seen it happen in the wild, and was the primary reason i stopped trusting zone alarm. that was when i learned about comodo. free as in beer, and it includes code execution prevention on top of inbound and out bound firewall. yeah i know vista has code execution prevention, but it just says 'program x needs to to be run as
Re: (Score:2)
Comodo sounds really interesting will have to do more research. How is it telling you information about programs asking for internet access?
For example in zone alarm it will say XXX.exe wants access. When you click for more info it tells you jack (except a program wants access...duh) and you have to research it yourself? Is comodo better at this (I hope so)
The other thing I hate about zone alarm is every program gets added to the program list when you run it. So
Re: (Score:2)
i'm not booted into windows at the moment, but off hand it tells you in flat percentages the amount of bandwidth used by each active process, it has a full process tree of every running process and every file it's got allocated in memory, sadly programs that use svchost.exe still show up as svchost.exe but with the process map you can tell if say rundll32 is running svchost.exe and that's a big red flag right there.
it only warns you of specific ports when they're creating a 'listen' stack on the tcp/ip stac
Re: (Score:2)
I have different Anti virus product on each of my machines at home. I figure the gap of what they won't detect is smaller then what just having one product will detect.
[....]
So far with Avast, AVG, (mind you one virus product per computer only) ZoneAlarm, FireFox, and some basic sense I haven't been hit.
I bought a Mac.
Re: (Score:2)
then you're even more in need of some basic security. webkit is a fork of khtml khtml is coded by KDE, you know, Linux Desktop KDE. yeah, that is this culture in linux that it's all about the firewall. i have to admit the firewall is crucial to internet security, but for desktop security dealing with 'the pc is an appliance' crowd, more than a firewall is needed. malware sites running cross browser clickjacking could be coded and debugged with 1 macbook and desktop multi booting linux and windows xp/vist
Re: (Score:2)
So far with Avast, AVG, (mind you one virus product per computer only) ZoneAlarm, FireFox, and some basic sense I haven't been hit.
Somehow with some basic common sense, no antivirus software*, and a hardware router/firewall, the last time I was hit was in 1988 - a non-destructive variant of Stoned which was transferred to my PC by infected floppy. In my experience so far, Antivirus is only necessary if you don't verify your file sources; and/or are in the habit of opening things without thinking. (Or allowing applications to do so for you automatically.) Common sense alone suffices to keep you safe.
I'm not saying that there isn't a
Trust anti-virus ratings? (Score:3, Insightful)
I'd just like to be able to trust anti-virus software.
http://arstechnica.com/journals/apple.ars/2008/10/20/mac-malware-program-macguard-masquerades-as-antivirus-app [arstechnica.com]
I'm getting really paranoid about things. I find myself avoiding any web service that wants me to download a app or plug in I'm not very familiar with.
Re: (Score:2)
as a very paranoid person i have a few suggestions.
first off, there is noscript, no script only runs on gecko browsers, so you really only have firefox, icecat, ice weasel, and ephiphany, and whatever other gecko based browsers are out there... noscript is sexy, and was the first program to protect from clickjacking.
secondly i recommend getting a hardened firewall running on some cheap dumpster grade pentium 1-2,3 system, dumpster grade systems are easy to find, and if you cant' find one, there is always th
Not a fan (Score:2, Informative)
Re: (Score:2)
+1 for NOD32. I've been happy with the way you never notice it, until it catches something. Just what I want from an antivirus program. We've been running it here for 3 years now, and no issues. It does help that we have a 3rd party scanning our email before it even hits our server, so we rarely get alerts.
Re: (Score:2)
PoCs (Score:2)
but couldn't resolve "PoC" without RTFAing.
WTF is this, some kind of trick to make us read TFA?
Re: (Score:3, Informative)
Proof of Concept; sad, but in Securityville this is actually used often enough that it would be considered a "normal" acronym. The debate usually revolves around the fact that a lot of PoC's are completely esoteric and can't be made into actual workable mass-market exploits.
Re: (Score:2)
Re: (Score:3, Funny)
Is there an acronym for "woooosh"?
IMHO: no. YMMV.
HTH HAND
8^)
Re: (Score:2)
Is there an acronym for "woooosh"?
IMHO: no.
ITYM "AFAIK"
Open Source and Free (Score:2)
I've had good luck with a combination of Firefox with the No Script addon and Clamwin, and maybe just a little common sense.
industry created whole (Score:3, Informative)
Proof of concepts are tangible vectors to infection. By not including and rigerously detecting such methods, they AV companies will allow more viral products into the market. This is a very self-serving stance.
I actually see problem of trust emerging. Once upon a time KAV was a brilliant peice of software that ran in DOS well enough to remove the plague of Win95 Marburg infections that hit the UK gaming community after a bad cover CD. That was a time when viruses existed, and you had to stop them infecting you. The prospect of new and novel viruses infecting you wasn't really an issue as home Internet penetration was small. As such, AV software wasn't marketed as the only thing you needed to stop all viruses forever, but as a tool that will detect more than its competitor more reliably. The money you paid was for a good huristics engine that was fast, efficient and more importantly, updated reguarly.
Now I see AV products as nothing more than 'ineffective-ware'. If AV programs claim to prevent the infection of known viruses, and reduce to risk of infection from emerging viruses, I'd probably have more faith in the industry. But they don't... in subscribing the "we can protect you from everything" marketing hype, almost every AV company has asked us to put faith in their product to stop "unknown" viruses... and we expect them to.
They don't. It's a computational nightmare.
KAV are in a past mindset. They have to change. They have to consider that what people really want is reliability - they want software guarantees. If any peice of AV software is going to help the market rather than hinder it, it is going to be reliable. What is the most reliable part of an infection? The vector, not the virus itself.
The truth is really in the pudding. Viruses have changed. Almost all now are polymorphic and highly reentrant. A few lines of code will change a signature making it undetectable. Fnfection is detectable at the point of entry. If the research is put into proof of concept code in making a system vulnerable, then the AV response should be to track and thwart that success.
Matt
Process - Not Product (Score:4, Informative)
Security for me begins with sensible configuration of the router and the PC's on the network, then it moves to access rights and regular patching of said computers.
This includes regular checkups and glancing at logs every three days or so to look for obviously suspicious traffic. Finally, after all of these steps, I use Kaspersky (since I had heard good things about it) together with rootkit detector. (Oh, and Firefox with NoScript)
All of this prevents pretty much all the scriptkiddies from getting in (I hope), but then again, the best thing you can do is to not download anything you don't know what it is.
why bother ranking AV crap? (Score:2)
That's like saying it's hard to rank which kind of banana, when put into your ear, is best at keeping elephants away.
Ranking AV vendors is pointless, because the products are useless. If your policy is to download and execute random software, hoping that an AV system will filter out the malware, you are guaranteed to eventually lose, no matter how good the AV software.
The title should be "Can you trust Kaspersky?" (Score:2)
The title should say "Can You Trust Kaspersky?" Since the article is basically Kaspersky complaining that the Anti-Virus test (that his software just failed to score 100% on) is flawed. It sounds like Kaspersky is just upset that his software didn't pass the test and he's now trying to dismiss the test as meaningless.
Although if you look on the products page [kaspersky.com] you'll see they display the VB100 logo. Then in the article Kaspersky goes on to say - "The products which have a very poor level of protection, the
Inherently corrupt... (Score:2)
Unfortunately there seems to be some kind of inherent corruption in the way the antivirus industry operates. I'm sure that most of the individuals involved are as honest and honorable as they can possibly be. The problem isn't really in the people, it's the way they have to operate.
But the result is the same. Anything that comes out of there has to be treated with extreme skepticism, whether it's antivirus software for operating systems where there's not even a credible infection vector, or attempts at taki
Used Many AV over the years (Score:2, Informative)
TLAs (Score:3, Funny)
My guess was that it's a politer version of PoS.
Re: (Score:2)
I had all sorts of troubles trying to install AVG on a heavily infected system. But once I installed it on a fresh system it was fine. If the virus scanner is blowing up, something is probably attacking it.
And yes, running Linux is a lot less of a hassle. And you don't have to buy a new $40-80 AV license every year or so. Also you can install ClamAV on Linux, it's pretty handy if you're allowing Windows users to upload/share files with your Linux computer. Also helpful if you're one of those poor saps that
Re: (Score:2)
And yes, running Linux is a lot less of a hassle. And you don't have to buy a new $40-80 AV license every year or so.
The Symantec "Corporate" line of AV products have the advantage of not being subscription based (at least up to version 10).
Although only useful if you have more than one PC to protect (because the minimum number of licenses is 5), you end up paying about $40/machine for a permanent license (i.e., updates forever). I had been using version 7 for many years before jumping up to version 10 last year. It's not free, but it works out to about $10/year for my usage, and that's acceptable to me.
Re: (Score:2)
That's what happens when you stupify data, you loose data. Anyway Kaspersky don't give a rats ass about any tests, if it was them up there at the top of the list they would have nodded their heads and opened their pockets wide. And I wouldn't be surprised if someone fiddled with the software to the advantage of others, or even worse, fiddled with the logic. The anti-virus industry is ironicly equal to the medicine industry, same overadvertising unnecessary medication using scare tactics. It's simple folks, keep your fucking shit together, don't put your dick wherever it fits and then complain when it falls off because you eat 30 vitamines every day.
Well, that about speaks for itself . . ..
Re: (Score:3, Insightful)
Virus or not, there is plenty of malware out there so it is still prudent to be regularly check your system and be aware of these threats, even on Linux. [c|k
Re: (Score:3, Interesting)
You are correct; as I just told another guy, a trojan will work on any platform, and the only unhackable computer is a broken computer.
Backdoors, trojans, and DoSes are not "technically" viruses any more than a window is not "technically" a door and a screw is not "technically" a nail. And I doubt very seriously that Linux has 300 back doors; I'd be surprise dit it had one. If your source calls a trojan a "backdoor" your source is ignorant.
And yes, it's prudent to be vigilant. But with Windows, vigilance is
Re: (Score:2)
The whole anti-malware market exists to fit one purpose.....to plug the holes Microsoft's incompetence leaves behind.
Although there is no doubt that there is a lot of poor code from Microsoft that causes some of the virus issues, at this point there is also no doubt that market share has a lot to do with it.
If Linux had even 25% desktop market share, there would be spam bots for it that would drive-by download from thousands of web pages. You don't need a root account in Linux to send e-mail...you just need an e-mail server running.
There are also a fair number Linux root exploits that require you to start as a user that