Slashdot Mirror

The link in the summary is invalid. Here is the correct one:
http://eugene.kaspersky.com/2012/07/25/what-wired-is-not-telling-you-a-response-to-noah-shachtmans-article-in-wired-magazine/

Architecturally, the operating system is constructed in such a way that even a break-in into any of the components or applications loaded onto it won’t allow an intruder to gain control over it or to run malicious code.

Could you expound on this? Are you writing this code or still in the design phase? Or better yet, could you compare it to something like, say, CentOS or Debian and tell us how your architecture is going to be more secure? I understand you're scoping down the requirements of your OS to be more easily manageable but the skeptic in me feels like it just can't be done. The cat and mouse game must be played in some form or fashion.

"Microsoft products no longer feature among the Top 10 products with vulnerabilities"

"Kaspersky Lab is a Microsoft Gold Certified Security Solutions Partner and is currently working on several joint projects with Microsoft". link

I removed this same malware using this disk http://support.kaspersky.com/viruses/rescuedisk

It boots into Linux and offers malware removal tools. Another option is to remove the drive from the machine and us an USB to SATA adaptor. Plug it into a good well protected working machine and use the anti-virus tools on your machine to scan and clean the attached drive. Since you do not boot from or run code from the drive your machine should be clean. Of course you could us a Windows VM running under Linux to clean the attached drive as well but I have never needed to go that far.

This time they don't want to be as dumb as they were in the past when they let our nation's enemies have all the information they need about the attacks we were doing to them. In this case, once they find out exactly what it's doing and can determine if it's some retarded hacking team that wants to steal CC info or it's something the government's involved in.

Hmmm... Checking the Kaspersky website to verify the location of the company headquarters reveals their definition of "our nation's enemies" might not match up with that of chemosh6969's definition.

The companyâ(TM)s headquarters are located in Moscow, Russia, from which it oversees global operations and business development.

This distinction might explain why Kaspersky was responsible for unearthing Stuxnet, while MacAfee, et. al. were pretty silent about it.

Not to mention that reverse engineering isn't something most people think about or specialize in.

Nope, not something people think about... not so much. Except Kapersky. Yeah, Kapersky labs - that's pretty much what they think about and specialize in. Reverse engineering malware and viruses, that is. That's pretty much exactly what their core expertise involves. So maybe suggesting that they use reverse engineering is a little silly. Particularly when the accompanying article states that they reverse engineered the program and gives details as to exactly what it is doing based on this reverse engineering.

Let's see, who are we talking about anyway? Hmm... Eugene Kapersky is the top guy over there. It seems he was involved with building AVP back in the early 90's before founding Kapersky labs in the late 90's. He also "graduated from the Institute of Cryptography, Telecommunications and Computer Science, where he studied mathematics, cryptography and computer technology, majoring in mathematical engineering." - so he's got the training. Yup, I'd say advising this guy that executing the code in a virtualized environment might solve his problem just might be enough to make you look a tiny bit ridiculous.

I just picked up the C&C server list that's known so far for the "FLAME" malware here:

http://www.securelist.com/en/blog/208193540/The_Roof_Is_on_Fire_Tackling_Flames_C_C_Servers

I integrated it into my hosts file - also for my roommate who uses Windows Server 2003 32-bit...

You mean the servers, which had been operating for years, that went offline immediately after Kaspersky Lab disclosed the discovery of the malware’s existence last week ? http://www.kaspersky.com/about/news/virus/2012/Kaspersky_Lab_Experts_Provide_In_Depth_Analysis_of_Flames_Infrastructure

You mean the servers active for the past 4 years changing name more than 80 (known !) times (+ all the unknown ones) ?

So you were not protected (granted nobody was) while they were online and you're now protected when they are all offline ?

"This sarcasm was brought to you by the AAA".

I really want to know: What is so attractive about creating trojans, malware & phishing scams with your tech skills. Surely these people wouldn't want their own systems compromised by malicious software? So why do it to others?

To sell antivirus software?

www.kaspersky.com

That is, if you agree that's a contribution. Some don't :).

I had a bit of trouble removing it with TDSS kiler a few weeks ago, but got there in about half an hour.

If it wont run you will need the file association reset tool.

http://support.kaspersky.com/downloads/utils/tdsskiller.zip

TDSSKiller

Kaspersky for Mac? *ducks*

I'm not even going to bother linking all of these...

http://www.mcafee.com/us/products/virusscan-enterprise-for-linux.aspx
http://us.trendmicro.com/us/products/enterprise/serverprotect-for-linux/
http://www.kaspersky.com/linux
http://www.eset.eu/products/nod32-for-linux
http://www.centralcommand.com/Products/VexiraforLinux/VexiraforLinuxFileserver.aspx http://www.centralcommand.com/Products/VexiraforLinux/VexiraforLinuxSambaServer.aspx
http://www.centralcommand.com/Products/VexiraforMailServers.aspx
http://www.f-prot.com/download/home_user/download_fplinux.html
http://www.avast.com/linux-home-edition
http://www.avast.com/linux-unix-edition
http://www.sophos.com/en-us/products/endpoint/endpoint-security-and-data-protection/components/anti-virus-protection/linux.aspx?utm_source=Non-campaign&utm_medium=AdWords&utm_campaign=NA-AW-Linux
http://www.ca.com/us/Support/gsa/Virus-Info/Virus-Signature-Updates/eTrust-Antivirus-7x-for-UNIX-and-Linux.aspx
http://www.pandasecurity.com/homeusers/downloads/desktopsecure/
http://www.pandasecurity.com/enterprise/solutions/
http://www.pandasecurity.com/enterprise/solutions/commandline/
http://free.avg.com/us-en/download.prd-alf
http://download.bitdefender.com/repos/

Seems like Kaspersky is also supporting Linux machines (WS + servers).

This is a new version of a ~2 year old rootkit, also known as TDSS, and the company responsible for this particular parasite is a russian outfit known as Dogma Millions. Eset did a good writeup on the older version here. This newer version is actually even more interesting than the article indicates. It's intelligent enough to send tools like MBRCheck off to look at a backup of the MBR so that they'll erroneously return a "clean" verdict while the system remains infected. The best bet for removal is TDSSKiller by Kaspersky (the company that wrote the blog entry).

Sounds about right. And it's not just bad reporting as usual- the press release had few details on the application, not including a name.

I found it strange it said they can "fix" the problem with a security system which hasn't been released yet.

Found the original announcement. No name of an app there either.

While there could definitely be such an app, the article definitely sounds like an advertisement for their product rather than a security notification.

Wait, you have to plug your phone into your computer? My WinMo phone syncs via Bluetooth (and if I had a data plan, would sync via the 3g).

Actually Kaspersky has a mobile AV that's been available for a while: http://usa.kaspersky.com/products_services/mobile-security.php

Symantec currently makes a great security solution. Instead of following religious dogma or popular opinion bashing you should do some research and fact checking for yourself. They did go through a pretty bad spot for a while so the criticism isn't unwarranted but it's no longer accurate. I always recommend people review their security solutions annually. Sometimes a good vendor can go through problems and not be the optimal solution through a given software version. Both Kaspersky and AVG have had serious problems as well.

Symantec, Kaspersky, AVG, MBAM and several other major vendors have pretty good support forums to help users. What is wrong with your point is that it relies on FUD to support it not facts.

Symantec provides local, intranet, and remote backup solutions. I would guess this acquisition is to support their products and provide their user base with a more secure solution.

I'm posting AC because I'm moderating and no I didn't mod you down even though your "informative" post isn't really all that informative or insightful.

This "software" could not be ordinary software but would rather require Apple opening up the OS to third party extensions which ran at a privileged level above the sandboxes.

In addition, they would want access to other things, if they were to implement their full suite:

        http://usa.kaspersky.com/products_services/mobile-security.php

Anti-Theft Protection:Remotely block access to your phone if it is lost or stolen

Requires access to the (separate) baseband firmware: enables malware using the same interfaces

Privacy Protection: Control what others can see and access when they pick up your phone

Requires access to override UI implementation classes, notification services, enables rootkits

Privacy Protection: Keep designated incoming calls and SMS texts completely hidden until you're ready to view them

Requires access to override connection between application processor and baseband, requires access to baseband firmware, enables rootkits

Privacy Protection: Activate "Private" mode manually, automatically or remotely

Requires background application: reduces battery life; consumes thermal budget; consumes bandwidth; triggers data roaming; enables botnets

Anti-Malware Protection: Control who you'll accept calls and SMS texts from

Requires access to baseband firmware: enables malware using the same interfaces

Anti-Malware Protection: Block unwanted calls and texts from unknown numbers

Requires access to baseband firmware: enables malware using the same interfaces

Anti-Malware Protection: Real-time scanning and advanced firewall for 24/7 protection

Requires background application, access to kernel firmware: reduces battery life; consumes thermal budget; consumes bandwidth; triggers data roaming; enables botnets

Advanced Data Encryption: Prevent unauthorized access to your sensitive or confidential files; Password-protect and encrypt multiple folders

Requires access to kernel firmware: interposes storage management; adds overhead; reduces battery life; consumes thermal budget; enables malware using the same interfaces; enables rootkits

Parental Controls for your child's phone: Block outgoing calls or SMS texts to undesirable numbers, including premium rate services

Requires access to override connection between application processor and baseband, requires access to baseband firmware, enables rootkits

Parental Controls for your child's phone: GPS Find and Google Maps allow you to find your child anytime, day or night

Requires background application: reduces battery life; consumes thermal budget; consumes bandwidth; triggers data roaming; enables botnets ...Thanks for playing, Kaspersky!

-AC

How about the incredibly overrated Conficker / Kido / Downadup worm that was going to cause the end of the Internet on April 1st 2009? Big media blew it out of proportion considering Microsoft had patched the flaw and all major AV vendors had protected against it months before April 1st. The only people really affected by it were the patch-avoiders.

because all antivirus software is made by people who are governed by the laws of the united states...

I couldn't hold back, and have just forwarded this as-is, with a link to http://www.youtube.com/watch?v=eWEjvCRPrCo to the Kaspersky CEO (address guessed) and their press center heads at http://www.kaspersky.com/mediacontact . ^^

Because someone has to fight for our freedom too, right? If you have the balls, go on and tell them your opinion too. As long as speech, press and humor are still free. :)

You do realize that if your running two AV's they stomp on each other and nothing works

No always the case, You can use and Online Scanner with no problem.
Sadly they sometimes pick up things otherones miss.
http://housecall.trendmicro.com/
http://security.symantec.com/
http://www.kaspersky.com/virusscanner
Just to Name a few online ones.

Another vote for Kaspersky here from a satisfied customer. KAV Business Space Security looks like a good choice for your environment.

Kaspersky Enterprise Space Security is comprised of components for the protection of Linux and Windows workstations, file servers and mail systems.

Samba File Servers are also fully supported!

More Information -- http://usa.kaspersky.com/products_services/business/open_space_enterprise.php

I'd second this I recently deployed Kaspersky on a combination of 30 workstations and file servers for a local small business.

The centralized management console is really a time saver.

It was even able to send WoL packets to all the client PCs before scheduled scans.

Kaspersky Enterprise Space Security is comprised of components for the protection of Linux and Windows workstations, file servers and mail systems.

Samba File Servers are also fully supported!

More Information -- http://usa.kaspersky.com/products_services/business/open_space_enterprise.php

First, you know in all of those products automatic updates can be turned off, right? You don't have to un-install them, the company is just trying to provide a service (and make sure they stay in your mind for such services).

Yeah, with registry hacks: Acrobat, or with this or that homegrown solution. There's no excuse for that-- Acrobat is now gone, and the alternative is quite a bit faster as well...

Second, Acrobat (reader), QT Player, RealAudio Player, Firefox, and Safari are already free, did you pay for them? If so, you got scammed son.

I didn't mean to imply they're not free-- but so are the alternatives so it's not like I'm saving money by using Acrobat Reader.

Third, you know browsers can handle all of those things but the editing, and ripping right? And I wouldn't be surprised if local versions of web services weren't made available at some point, browsers are very flexible and there are web based services for most all of these functions.

No, that's not correct. While there may be browser-based paint programs, show me the browser-based programs of the quality of Corel Painter, Z-Brush, Maya, Cubase, Pro-Tools, Sonar, Pinnacle Studio, Vegas Pro, Poser, etc. Given the speed of web-based tools of this nature, I'd have to say-- don't quit your day job.

Lastly, why would a BIOS browser OS preclude a monolithic OS as an alternate boot option?

Because it's cheaper not to include and have to support something I have no need for? If you're going to boot an alternative "monolithic" OS, exactly what was the point of a BIOS based browser again?

It must be time to go back and revisit why service-bureau computing waned in the face of the desktop machine-- people wanted more control over their data, people wanted more control over their computer performance, people wanted more control over their computer access, and people wanted more control over their privacy. "always-on" internet based computing requires a constant internet connection, a utility that does go down or get slow now and then, and doesn't do well in remote environments, including environments as remote as about 20 miles outside of town in rural areas.

• Antivirus (use with firewall)
  • NOD32 ESET (fast, reasonably secure)
  • GData (slower, best possible protection)
  • Avira (fast, highly secure, & free version)
• Firewall (use with antivirus & antispyware)
  • Comodo (free, hard to configure)
  • PC Tools (free, easier to configure)
  • Zone Alarm (pay & free versions)
  • Agnitum Outpost (pay)
  • Jetico Firewall (pay & free versions, hard to configure)
• Internet Security Suites
  • Kaspersky
  • GData
  • BitDefender (cheapest)

That and lock down your browser, by installing Firefox, with NoScript, Better privacy, adblock plus, and deny cookies by default, then enable the cookies you want using the cookingSafe extension. Do that no matter what security software you have installed. Or of course you could save yourself a great deal of trouble by using Linux.

ESET and Kaspersky in that order.

I recently got burnt by symantec and their inability to provide a working product for Windows 2008 Server x64 a year after its release and after numerous patches that claimed to make their product compatible.

Kaspersky always scores well in tests.

Kaspersky

It's because of security reports like this, I always recommend Kaspersky security suite over any other anti-virus solution available (free or otherwise). These guys are in the internet-trenches fighting for a more secure internet, and a more secure planet. It is widely known that they are the best in the business. So while many users will try and limp by on free anti-virus, Kaspersky just updated all my computers with protection against these attacks.

Well, you were lucky. I had a virus on my usb drive ... (something that changed autorun.inf, i didn't bother to write down the name). So i was sure that something was wrong, but AVG was saying everything's ok ...
I tried to check the file with Kaspersky's online virus scanner. Like i suspected it was a trojan of some sorts.
I tried avast!, clam-av and avira (I'm cheap like that), and only avira recognized the file as being a virus.

From the Kaspersky Forums, Kaspersky does not find obfuscated trojans.

-hunag

Kaspersky has had a very shakey reputation in the last couple years due to the data they were stuffing into the NTFS file system to help "speed up" their scanning performance.

I looked it up (horse's mouth, plus random google searches to collaborate). It seems to just be using NTFS streams to put a hash down that gets attached to the file to mark it as having been scanned. That seems totally legit to me (it's a documented NTFS thing, you can create your own via the command prompt). I assume it's only useful for the background scan stuff, since any malware can duplicate their signature...

I'm sure their software has actual bad points (everybody has some), but at least don't use invalid ones?

Why are so many people tightwads about anti-virus? Computer related infections could be very expensive, so I wouldn't go with anything but the very best money can buy and that is Kaspersky.

Also, I wouldn't advocate home dentistry, either. Although I'm sure many are trying to figure out how to do just that, these days.

The title should say "Can You Trust Kaspersky?" Since the article is basically Kaspersky complaining that the Anti-Virus test (that his software just failed to score 100% on) is flawed. It sounds like Kaspersky is just upset that his software didn't pass the test and he's now trying to dismiss the test as meaningless.

Although if you look on the products page you'll see they display the VB100 logo. Then in the article Kaspersky goes on to say - "The products which have a very poor level of protection, they have the certificate, while products which have a very high level of protection, they donâ(TM)t have the certificate."

Well his product had the certificate, does that mean he feels that his software had a very poor level of protection?

The worm, which was named Worm.Win32.GetCodec.a, converts mp3 files to the Windows Media Audio (WMA) format (without changing the .mp3 extension)

If malware based on this "attack code" got into the wild, it sounds like one of the attack vectors would be malicious Web sites (which is nothing new). As many security researchers have been recommending for years, turning off JavaScript and other active content by default will greatly reduce the potential for infection, even from many kinds of as-yet undiscovered exploits. A good way to do this with Firefox (without ruining compatibility with trustworthy sites) is to install NoScript, which allows you to whitelist trusted sites while allowing you to block scripts, Java, Flash, Silverlight, other plug-ins, etc. on every other site by default.

Of course, if the flaw lies in the microprocessor, then there are certainly other potential attack vectors than just malicious Web sites.

Someone pointed out that Intel processors are BIOS-upgradeable. What about computers based on EFI instead of BIOS, such as all the Intel-based Macs?

Also, as someone else pointed out, the headline is extremely misleading. The security researcher Kris Kaspersky is not affiliated with Kaspersky Lab or Eugene Kaspersky, but he's apparently the author of a number of books on programming and other computer subjects.

You're going to get a ton of different advice. A lot of it will be total crap. A lot of it will be valid. It is going to be hard to know the difference.

Personally, like many folks, I've been battling spam for years, and have used a lot of different solutions: DSPAM, SpamAssassin (SA), and a lot of other random tools. DSPAM and SA both worked reasonably well for me, but many of my users, for one reason or another, had troubles with them. I'm sure I could have put effort into making either of them work better, but frankly, a fair amount of labor had already gone into them, and I didn't want to invest more. About a year ago, I decided to try Kaspersky Anti-Spam[1], and have been very, very happy with the results. It was a simple install, there aren't too many options, and it seems to "just work".

Professionally, I have administered some very large mail service provider systems. The largest of them used a pool of Proofpoint[2] PPS servers to filter mail. While I am not sure it was the best product for what we were doing, it was an impressive product, and if I were handling mail for a business of any size, I would seriously consider this product. It is highly configurable and the results were solid.

Good luck,

robert

[1] http://usa.kaspersky.com/products_services/anti-spam3.php

[2] http://www.proofpoint.com/products/pps.php

From microsofts own webiste.
List of know applications that service pack 2 broke
Untest updates are always bad for business.

OL Toolbar 1.13.2 AOL 32-bit and 64-bit (NX) http://www.aol.com/ The Information Bar blocks access to the tool's edit boxes.
PhotoShop CS 8.0 Adobe 64-bit (NX) http://www.adobe.com/products/photoshop/main.html Program installs, but will not start.
BlackICE 3.6 crj Internet Security Systems 64-bit (NX) http://www.iss.net/ When you use this program, you may receive a Stop error that causes the program to quit.
BootSkin All Stardock 32-bit and 64-bit (NX) http://www.stardock.com/ When you restart your computer during the Windows XP SP2 Setup program, a Stop error occurs. For more information, see the following Microsoft Knowledge Base article: http://support.microsoft.com/default.aspx?scid=kb;%5Bln%5D;873159.
Command Antivirus 4.9 Authentium 32-bit and 64-bit (NX) http://www.authentium.com/ This program does not start.
Encyclopedia Britannica 2000 Deluxe 1 Encyclopedia Britannica 32-bit and 64-bit (NX) http://www.britannica.com/ Java rendering does not function after you install this program.
eTrust EZ Armor 1 Computer Associates 64-bit (NX) http://www.ca.com/ The EZ Firewall part of this program generates a Stop error during installation.
Freedom Force 1 Electronic Arts 32-bit and 64-bit (NX) http://www.ea.com/ When you start the program, a message appears that points you to the following EA Web site: http://techsupport.ea.com./
Kaspersky Anti-Virus (German) 4.5 and 5.0 Kaspersky Labs 64-bit (NX) http://www.kaspersky.com/ Real-Time scanning does not work in version 4.5 or 5.0. The vendor's Web site has available product updates that are designed to address this issue.
Live Motion 1 Adobe 32-bit and 64-bit (NX) http://www.adobe.com/ This program displays various errors that prevent typical operation.
MapSend DirectRoute 1.0 Magellan 32-bit and 64-bit (NX) http://www.magellangps.com/ When you start the program, a message appears that points you to the following Web site: http://www.magellangps.com/en/support.
MPEGcraft DVD All Canopus 32-bit and 64-bit (NX) When you try to save an MPEG file, you receive a "Failed to Edit" error, and the file cannot be saved.
NBA LIVE 2000 1 Electronic Arts 32-bit and 64-bit (NX) http://www.ea.com/ This program does not start in certain systems.
NOD32 for Microsoft Windows 2.000.11 Eset 64-bit (NX) http://www.eset.com/ When this program is started on an AMD64-based computer, all network connectivity is lost. To resolve this issue, upgrade to NOD32 version 2.12.2 or higher.
Norman Personal Firewall 1.4 Norman 32-bit and 64-bit (NX) http://www.norman.com/ Norman Personal Firewall Assistant will not start.
Norman Personal Firewall 1.4 Norman 64-bit (NX) After this program installs and restarts, the desktop does not load correctly
Norton AntiVirus 2003 Symantec 32-bit and 64-bit (NX) http://www.symantec.com/ At system startup, Scheduled Tasks in Norton AntiVir

Right now, for someone who wants a desktop system, I would recomend that you look at PC-BSD (see: http://www.pcbsd.org/). It is not a fork of FreeBSD. It's FreeBSD with nice end-user add ons, such as a graphical installer and PIBs. PIBs are apps packaged and easily installed (much like on Macs or Windows). PC-BSD got a lot of positive reviews.

FreeBSD has more software than the other BSDs and has more commercial products being developed for it, such as some IDEs, back-up products, VMs (see: http://www.win4bsd.com/, http://serenityvirtual.com/), anti-virus (although geared toward corporate users, but see: http://www.kaspersky.com/kaspersky_security_mail_server?chapter=207716294) even an excelent Microsoft-Word commpatible Word Processor (see: http://www.softmaker.com/english/). Plus, Java certified by Sun.

Also, a nice feature of BSDs is the ability to run software for Linux on them. I have Maple 8 runing on my FreeBSD and I did it after the thing just broke with the Debian upgrades.

But it shouldn't be news. Anything that can run code, can run malicious code. It's only worth mentioning if there's a chance that a user will a) obtain and b) run the code without knowing it's malicious. If the virus were hidden in a song and could be executed just by being played, that would be news.

Oh, and look: it was discovered by a company that makes antivirus software. Wow, what are the odds that an antivirus company would be the first to discover and publicize a virus that runs on what might be called the least-adopted platform ever in history? I'd bet my next paycheck that somewhere there's a connection between an employee of that company and the author of this "virus"--and not just a six-degrees kind of link, I mean a real, substantial link.

Antivirus exec: "Well, in six years, we haven't been able to convince anyone that OS X is insecure. Despite our efforts, there hasn't been a single in-the-wild, self-replicating virus for that platform. What should we try next?"
Underling: "Maybe try spreading FUD about iPods?"
Antivirus exec: "Brilliant!"

This has nothing to do with Vista, and everything to do with crappy anti-virus products. Neither OneCare or McAfee for XP have ever tested well, so why would anybody think that they would test well on Vista?

If you read the entire article, you'll notice a little blurb at the end that several vendors passed the test, one of which was Kaspersky. Another excellent vendor for Vista is AVG.

Kaspersky consistantly beats all the other major anti-virus vendors, but I guess the story wouldn't be quite as Slashdot-worthy if it ready "Kaspersky Anti-Virus on Vista Works Great!".

Actually, every major AV product still relies on signature scanning for detection on client machines. You're right that observation on a honeypot or even VM sandbox is often used to characterize the behavior initially, but this is distinct from a roll-out of detection to the client, which is what I believe everyone's talking about here.

As for signature scanning going the way of the dodo, there are really only 3 choices at present: signature scanning, run in a VM sandbox, or try to detect heuristically without resorting to a VM. The last two are similar, but not identical.

There's already malware that won't run when inside a VM, so 'running in a virtual sandbox' provides no real solution. (And if someone suggests that we solve that by making it impossible to tell whether or not you're running in a VM -- which likely means processor changes -- think about what that will do to being able to detect a rootkit that loads your whole environment into a VM.)

If you take a look at AV-comparatives.org, heuristic scanners don't seem to do very well vs. signature based detection. The very best proactive (heuristic) detection of 'unknown' malware (viruses, trojans, worms, etc.) seems to run about 60%. The very best signature based detection seems to run around 99.9%. (Moreover, the rate of false positives with heuristic detection tends to be much higher.)

60% vs 99.9%? That's a big, big difference. Signature-based detection isn't going away anytime soon.

Let's imagine that Company X has developed a behavioral antivirus AVX, which detects 100% of current malicious programs. So what will the hackers do? Of course, they will invent new types of malicious programs. And then of course it will be necessary to update the behavioral rules. And then update them again, because the hackers and virus writers aren't going to give up that easily. And then update them again and again and again. At the end of the day, we arrive at a signature scanner, except the signatures will be behavioral, and not pieces of code.

This conclusion also applies to the heuristic analyser, another proactive protection method. As soon as hackers perceive that antivirus technologies are preventing them from reaching their victims, they invent new virus technologies which will be used to evade proactive detection. As soon as a product with advanced heuristics and/ or behavior blocking is widely used, the 'advanced' technologies employed will cease working.

This means that 'reinvented' proactive technologies are only effective for a relatively short length of time. Where junior hackers need a few weeks or a couple of months to get round proactive protection, professional hackers will need one or two days, or, in the worst case, a few minutes or hours.

It's a fair question.

Software that installs without the user's knowledge or consent is by definition malware.

Microsoft asks users to temporarily disable AV when installing IE7 because the installer makes complex changes to the Registry. The install can be trashed by something as simple as an out-of-date signature file.

Trouble shooting conflicts with AV software can be a nightmare for non-technical end users and Kaspersky is no exception: Kapersky Lab Forums > Protection for Home Users

Where does that leave the user who doesn't know and cannot know that KAV is resident on his system?

So what's the solution?

Kaspersky AntiVirus. It's a small enough company that the malware writers don't test against it.

For those of you who've never heard of it:

Kaspersky Anti-Virus is the top of the line when it comes to protecting your system from all current and future virus and malware threats. I was skeptical until I tried it, but it really does work. It protects your system at an extremely low level without degrading performance, preventing the mal in malware, and requiring you to OK the way applications access your system sort of like how ZoneAlarm confirms each time a program accesses the internet. ANY possibly harmful action is checked against and you can set up very complex exception rules, so in a few days all your regular apps are up and running like normal and absolutely nothing slips into your system without you knowing about it.

No, I don't work for them, just want to share a wonderful product.