Start a Conversation

Unsolved

This post is more than 5 years old

2 Intern

 • 

5.8K Posts

8061

June 28th, 2010 18:00

Anti-virus is a Poor Substitute for Common Sense

"A new study about the (in)efficacy of anti-virus software in detecting the latest malware threats is a much-needed reminder that staying safe online is more about using your head than finding the right mix or brand of security software.

Last week, security software testing firm NSS Labs completed another controversial test of how the major anti-virus products fared in detecting malware pushed by malicious Web sites: Most of the products took an average of more than 45 hours — nearly two days — to detect the latest threats."

Full read: http://krebsonsecurity.com/2010/06/anti-virus-is-a-poor-substitute-for-common-sense/

Comment:
Although Krebs does not mention it, you will have to shell out $495 (USD) to read the report, although NSS did reveal that Panda and AVG finished at the bottom of the pack in this particular test. Also covered in the report are Eset, F-Secure, Kaspersky, McAfee, Norman, Sophos, Symantec, Trend Micro.

But by any standard, it seems no AV shines brightly here. Very depressing ...

881 Posts

June 28th, 2010 20:00

I take this to mean that I should no longer spend hours on the porno and get rich quick sites?? Now I am depressed.

Jeff    :emotion-9:

881 Posts

June 28th, 2010 22:00

I know you are right. Sorry. This probably isn't the place to be silly. It just seemed like a slow day on the forum. I will try to control myself.

But it does seem to me that some folks bring problems on themselves. And in turn whine when they run into trouble. Then the great people on this forum and others bail them out. That's a good thing! I may run into trouble someday and I will make a beeline here in hopes that someone will be willing to help me.

Jeff

2 Intern

 • 

5.8K Posts

June 28th, 2010 22:00

Jeff:

I appreciate your humor. But this study has the ring of truth to it, even if I haven't shelled out the big bucks to read it.

My belief that a good AV is the cornerstone of layered security might well be in error. I have used many AVs over the years (both free, and commercial) and none have ever alerted me to proven infections, or even attempts at infection.

Which leaves me to conclude that perhaps safe surfing, and possibly other layers of security I employ might well be more important than my AV.

3 Apprentice

 • 

15.3K Posts

June 29th, 2010 06:00

Joe wrote:  "My belief that a good AV is the cornerstone of layered security might well be in error".

I don't know that I'd express things so strongly/bluntly.   But yes, it's critical that people realize that anti-virus programs do have their limitations.

First and foremost, the "crux" of most anti-virus programs --- their signature-based detections --- is of necessity a slow, "REactionary"-based process.   Here, the malware writers are ALWAYS one-step ahead:   they create the new garbage, and start circulating it.   It isn't until 1) some victims start reporting the problem, and 2) the anti-virus companies can get their hands on a copy of the infecting files for analysis, and 3) the anti-virus company can isolate/produce a unambiguous signature criterion for that malware, and 4) they beta-test the proposed signature, as quickly as possible, for any problems before releasing it to the general public, and 5) the [tested/debugged] signature is finally released to the general public... only then is the public finally protected.   So can anyone really be surprised to learn that all this can typically take 24 to 48 hours?   Personally, I'm amazed that they can do anything that fast!

[Of course, we may be  partially  protected in the interim by virtue of "generic" / heuristic / "behavior-based" detections... but such detection/protection is highly UNreliable.   But that's another story.]

Secondly, but just as important, malware often makes it way into computers via "holes" in popular programs --- most notably, Adobe's Flash and Reader, and Sun/Oracle Java... and (to a lesser extent) QuickTimePlayer & RealPlayer.    I've often asserted that I have yet to ""meet" an anti-virus program that can successfully protect against the likes of Vundo infections and Zlob trojans.    It doesn't matter whether you're using a paid "big name" product like Symantec/Norton or McAffee, or a freebie like Avast, Avira, or MSE --- Vundo and Zlob exploit the holes in Java (&etc) to bypass the anti-virus protection.    That's why it's so critical/important for people to keep these other "utility" programs up to date.

In summary, we must always be cognizant that anti-virus programs have their limitations.   they are not perfect:  one cannot rely solely on their anti-virus program as if it offered "impenetrable armored" protection.

Safe-Surfing is very important.   Avoiding pornography, file-sharing, and other high-risk-category sites can be very helpful in avoiding problems.

Finally, the use of layered protection... preferably dynamic (i.e., it's automatically/continually updated centrally by the "vendor") rather than static [lists of bad sites you manually download, e.g., in the form of a HOSTS file, or IE-restricted sites] is still the best way to go.   Here, I strongly advocate the use of OpenDNS and WOT (and for those who use IE8, be sure to enable its SmartScreen Filter).    And just to clarify, static protection [e.g., a good HOSTS file, and a program like SpywareBlaster] is reasonable, when used in conjunction with dynamic protection... just saying that no one should be relying exclusively on static protection nowadays.

2 Intern

 • 

2.2K Posts

June 29th, 2010 07:00

David sums up a lot of excellent points. About all we can do is to use the multi-layered approach, even to the point of overkill, and keep it all strictly up to date. I don't, but probably should, use Open DNS and WOT. I will check them out. I have not had troubles to this point, but at least know to come here to these forums...where I have learned a lot of what to do, and what not to do, in the interest of keeping my computers clean.

3 Apprentice

 • 

15.3K Posts

June 29th, 2010 07:00

Dale,

if you're using IE or Firefox, then definitely get WOT immediately... there's no reason not to have it.   It will automatically warn you anytime you attempt to access what it believes to be a bad site... preventing infection if that site is really bad... yet allowing you the option to bypass its recommendation, should you definitively know better.

(Unfortunately, the WOT "toobar"/extension is not available for Opera users.)

the protection offered by OpenDNS is not as obvious... nonetheless, I believe it to be beneficial.

for more information/details, including links to these features, see items 4 and 5 in my "short guide", here:   http://en.community.dell.com/support-forums/virus-spyware/f/3522/p/19334094/19703248.aspx#19703248

Note:   OpenDNS now offers a "Family Shield" version, which automatically filters/blocks "Adult Content" [The "basic" version of OpenDNS doesn't do this (by default), unless you go through a few extra steps to customize things.]

 

2 Intern

 • 

5.8K Posts

June 30th, 2010 00:00

Nice summary, ky.

But I did use the qualifier "might" in my reply, and I'm not sure I'm wrong. I was not suggesting that an AV compatible with one's needs and system is irrelevent or unnecessary. But to be honest, none of the AVs I've used has ever blocked anything (unless they did it silently, which I doubt).

I've been more impressed with the alerts from Windows Defender, WinPatrol, and my OutPost firewall HIPS whenever I've installed new software which makes changes to critical areas. To be sure, they were all alerts about legit software, but I like the "second guessing". Perhaps MSE/avast!/Avira does the same now also, but I've not used them for some time, and can't comment.

When I see the variety of AVs (all the major vendors, both free and paid) listed in the Malware Removal forum HJT posts, I have to question why. Clearly an AV, no matter how good, is not a panacea.

Necessary, no doubt, but not sufficient.

2 Intern

 • 

2.2K Posts

June 30th, 2010 06:00

Most important of all AV's need to up to date and reliable. When MSE recently went almost three whole days without updating it made me leery of using it again. It just sat there too quietly for my tastes. For the time being I am going to stick with Avast 5 and Windows Defender. I figure there are only so many ways and means to distribute malware and perhaps the bad guys are going to run out ideas while the good guys discover new and improved ways to detect and remove the junk. Perhaps I am just dreaming about this, but maybe they can keep reducing the time delay between detection and getting the fixes out.  

3 Apprentice

 • 

15.3K Posts

June 30th, 2010 07:00

One thing that I really like about avast5 is its relatively frequent (at least, for a FREE anti-virus) updating capability:   it will automatically search for new updates

1) EVERY time you boot-up your PC, and

2) EVERY four hours thereafter.

No Events found!

Top