Slashdot Mirror

← Back to Stories (view on slashdot.org)

Why Popular Anti-Virus Apps 'Don't Work'

Posted by ryuzaki0 on from the build-a-better-mousetrap dept.

Avantare writes "ZDNet Australia has a writeup about why AV apps don't work. The reason given is because the malware authors are writing code that will get around the signatures of the application by testing their code on the most popular anti-virus software before release." This comes as a follow up to another article detailing the sad state of anti-virus software currently on the market.

15 of 375 comments (clear)

  1. No S**t by Instine · · Score: 5, Insightful

    AV software, and even most firewall software, which goes beyond port control simply prevents the user using the whole of the internet, but rarely stops the internet using them. This is just one reason why.

    Still an interesting point it raises, and a good example to give to none believers if you ever have to give the "Nothing is perfectly secure" speach to a client.

    --
    Because you can - or because you should?
    1. Re:No S**t by NixLuver · · Score: 3, Insightful

      From TFA:

      '"The most popular brands of antivirus on the market... have an 80 percent miss rate... So if you are running these pieces of software, eight out of 10 pieces of malicious code are going to get in," said Ingram.'

      Your argument is specious. Your conclusion may not be completely so ( that's an individual min-max: Is the effort, expense, and general PITA compensation for my 20% risk reduction ), but I'm more inclined to believe it's an IT-type "No one ever got fired for recommending an antivirus application be installed" rather than any real value-add position. I work for a major technology corporation that shall remain nameless; the corporate desktop image is crippled by some of this AV software that 'does not work' ( per TFA ), costs large quantities of dollars, and does not 'catch' viruses or trojans. To be fair, it might, but the email system in and out of the network scans all attachments and kills anything remotely resembling an executable ( including important Visio diagrams and Word documents). All web traffic is redirected through a transparent proxy that crashes IE (although it jsut irritates firefox) by forcing authentication for any URL it deems 'questionable'. And the desktop AV software has missed every challenge it's been faced with.

      As a Unix Systems Engineer, I just sit at my Solaris, Linux, and OSX machines and shake my head in sympathy for my less fortunate brethren, and (mostly) resist the desire to invoke the ancient Dilbert line... "Here's a nickel, kid; go get yourself a better computer."

      --
      Thinking outside my Head
    2. Re:No S**t by vux984 · · Score: 3, Insightful

      If his PCs bugger up he wastes maybe an hour or two recovering the system from a complete backup and goes about his business,...

      Not necessarily.

      With the right kind of malware afflicting his system, he won't be spending 1-2 hours recovering from a complete backup. He'll have to either reinstall from scratch or revert to a very old backup image and then scavenge his backup(s) for usable files and documents, and even may have to give up on several files and recreate them from scratch. He could lose weeks or much more. Is it unlikely? Hell yeah. But then... so is my house burning down.

      "Good" Malware doesn't bring your system down hard right away, so that you can simply restore it from a recent clean image. It corrupts data over time so your backups are corrupt too. And then restoring it is a *much* bigger hassle, and depending on your backup strategy you might have lost stuff too.

      I'm not saying AV will necessarily save you, but it might give you an earlier warning than you might otherwise have had. The right backup strategy will save your data, but those strategies are tend to be tedious, cumbersome, and complex, especially for home users. And restoring will still be a PITA. Fortunately most malware just wants to annoy you with advertising, or use your computer to launch further attacks on someone else.

      But there are virii that are designed to maliciously cause damage to the systems they are on, or steal your identity/ or harvest 'valuable' data from your PC. Backups won't help much against these kinds of malware. In the former, the backups are themselves likely to be corrupt, and in the latter the real damage cannot simply be undone by restoring from backups -- that won't get your 'stolen' data back.

  2. Did I miss something? by ColdWetDog · · Score: 3, Insightful
    Or are both of these articles the same thing? And not much of anything, either. Two paragraph blurbs on the sad state of AV software.

    Nothing to see here, move along please.

    --
    Faster! Faster! Faster would be better!
  3. Just follow a few basic steps... by gasmonso · · Score: 4, Insightful

    1. Firefox with popup blocker

    2. Firewall software

    3. Sit behind router

    4. Use AV software

    5. Don't click on anything that pops up without read it!

    http://religiousfreaks.com/
    1. Re:Just follow a few basic steps... by arodland · · Score: 3, Insightful

      You can't run Linux because you're not experienced in using it... but you were born knowing how to use Windows? Or what?

    2. Re:Just follow a few basic steps... by NihilEst · · Score: 3, Insightful
      Another poster got it, too. You had to learn to use windoze, you can learn to use Linux, too. Or *BSD, or Mac OS. Anything other than windoze. Necessity makes it practical.

      When you use windoze, you're using the most targeted OS on the Earth ... you're lumping yourself in with a vast crowd of people who know absolutely nothing and suspect even less. Putting one of these machines on the 'Net is an invitation to be robbed -- literally; in many, many ways -- not to mention being held hostage by MS and whatever it decides to implement for DRM and other issues yet to be named.

      No AV package/author is going to be able to stay even one step ahead of the black hats out there, who are getting more criminal as time goes on. You don't have to actively do anything other than visit a website to be infected/ripped off any more. The black hats have gotten very, very sophisticated. There's money available for the taking, and you're hanging it out there as long as you run windoze and store any kind of personal data on it.

      I've heard all the excuses; none of them wash. Either you're intelligent enough to own, administer, and operate a computer; or you're not. If you have that level of intelligence, you are certainly capable of learning and retaining enough knowledge to run something else. So it takes an investment of time and effort ... okay, live with it.

      Use windoze at your own risk.

      --
      Founding member: He-Man Windoze Hater Club
  4. Default Deny by lapagecp · · Score: 4, Insightful

    Say it with me people Default Deny, Say it louder now so that Microsoft can here it. Operating systems need to by default deny the right to execute. This whole let anything run unless it looks like a virus crap is not working. Oh and Microsoft that doesn't mean make a pop up so that someone can click "Yeah run it already." Every program shipped with the OS gets to run, every program you add to the list gets to run, maybe every program on a white list maintained by a person or company you trust gets to run, and thats it. Now before you all freak out and starting talking about linux and how you can already do this let you remind you that, everyone switch to linux, is not a valid solutions because its not going to happen anytime soon. Sure it works on a case by case basis but I still need to go in to work and be able to keep 30 or 40 computers safe and clean that are going to run on windows because thats what our software will run on. So Microsoft do you let anyone into every room in every building you own unless security sees them on a list or do you determine who can go where and then keep everyone one else out? Why is it that we are forced to use security that anyone can see hasn't worked in the past and has no hope of work in the future?

  5. AV stuff serves it purpose by tomstdenis · · Score: 3, Insightful

    I routinely get files [or browse for files] on random homebrew sites where "smart" people try and sneak a virus in there.

    AV isn't supposed to make your computer stupid-proof. If you download and run every single application you can find no AV in the world will help.

    If you happen to stumble on a 4 week old virus that either got bot-mailed to you or stored in a public archive they're a godsend. Specially since most AVs scan archives so before you even open it you're good.

    Tom

    --
    Someday, I'll have a real sig.
  6. And they are both wrong. by khasim · · Score: 5, Insightful

    Think about it for a moment. What is the intent of anti-virus software ("anti" + "virus")? Isn't it to stop apps that you don't want running on your computer? Apps that were written by the "bad guys"?

    So, the reason that anti-virus software sucks is because the "bad guys" are writing BETTER "viruses" that can bypass the anti-virus programmers' software.

    And the reason for that is that anti-virus software is REACTIVE.

    A proactive system would patch the holes that are being exploited.

    A reactive system issues patches to remove all the specific threats encountered so far.

    That approach will ALWAYS result in the "good guys" being behind the "bad guys". Like DUH!!!

    1. Re:And they are both wrong. by CashCarSTAR · · Score: 3, Insightful

      The biggest hole existing right now is the user. Any thought otherwise is simply whistling in the wind.

      Once a user runs software, if that software is malicious, that computer is compromised. Period.

  7. The Black Hats are winning... by __aaclcg7560 · · Score: 3, Insightful

    ...by testing their code on the most popular anti-virus software before release.

    It's a sad state of affairs that worms, trojans and viruses are probably more tested before release than the anti-virus software.

  8. Eye-Candy by Anonymous Coward · · Score: 3, Insightful

    That's why: there is too much eye-candy!

    I gave up a long time ago on NAV because it had a heavy interface -- fancy background, fade in/out, and all the other stuff that don't really contribute to its operation, especially for an application whose GUI you don't really pop or see very often.

    Simple buttons and windows are enough, coupled with a good proper operation within a restricted account -- i.e. good communication with the service that runs in the background.

    That is why I like the free AVG option.

  9. Re:Linux is not a silver bullet. by Lord+Ender · · Score: 3, Insightful

    Most end-user linux installs have one user who admins the maching with sudo. Anyone with any skill who writes a linux virus would simply make his code wait for the user to sudo, then install the rootkit.

    The one reason viruses aren't a problem in linux: fewer gullible users.
    The one reason worms aren't a problem in linux: the small number of diverse builds.

    User seperation has very little to do with it.

    --
    A slashdotter who didn't build his own computer is like a Jedi who didn't build his own lightsaber.
  10. Security through Obscurity by Mantrid42 · · Score: 3, Insightful

    So does this mean that I'm better off using an AV that isn't widely used? Is this one case where security through obscurity is actually valid?