Slashdot Mirror

← Back to Stories (view on slashdot.org)

Microsoft's Vista AV Fails Certification

Posted by kdawson on from the black-eye dept.

An anonymous reader writes "Microsoft's much-hyped anti-virus solution, Live OneCare and three other Vista AV products failed to achieve the Virus Bulletin's VB100 certification. The other products are McAfee's VirusScan Enterprise, G DATA's AntiVirusKit 2007, and Norman's VirusControl. All failed to pass a series of tests that are required to display the VB100 badge. 'With the number of delays that we've seen in Vista's release, there's no excuse for security vendors not to have got their products right by now,' said John Hawes, technical consultant at Virus Bulletin."

161 comments

  1. excuses... by solstice680 · · Score: 5, Interesting

    What about "We didn't have access to Vista's internals until two months ago?"

    That would be a good excuse for most security vendors...

    1. Re:excuses... by ZachPruckowski · · Score: 1

      In theory, under anti-trust rules, the OneCare Live team has no more access than anyone else. That may not be the case, but that's their line, and they're stickin' to it.

    2. Re:excuses... by ThinkFr33ly · · Score: 5, Informative

      Actually, the details on implementing anti-virus for Vista, and other low level filters, have been available for well over a year. Some documentation has been avilable for more than 2 years.

      That's how companies like Kaspersky and AVG came out with fully Vista compliant versions of their software months ago. Software which works extremely well, by the way. (Kaspersky passed this test. It says so right in the article.)

    3. Re:excuses... by Anonymous Coward · · Score: 0

      I switched the business I work for from Symantec (rap) to Kaspersky. I must say switching is the best thing I've ever done via the antivirus area. Not only do they support Windows and Linux, but many other OSes.

    4. Re:excuses... by Anonymous Coward · · Score: 0

      I just love Kaspersky, especially how their v5 client slowed all computers here to a crawl, and their administration server effectively brought down the network by attempting to find all devices in a /16 network by sending repeated pings to *all* ips in that range at the same time.

      </rant>

    5. Re:excuses... by PitaBred · · Score: 1

      Well, we had our Symantec server DDOS us from inside our network by periodically sending ARP requests for every address in a /16 (or larger... I can't remember the details. It was at least a /16). Had to use Ethereal to figure that out. Switching off of Kaspersky won't help ;)

      --
      My blog. Good stuff (when I remember to update it). Read it.
  2. Re:microsoft by icepick72 · · Score: 1

    proving once again how boring glib security comments are *yawn*

  3. Hello Symantec... by Supp0rtLinux · · Score: 0, Flamebait

    Hello Symantec... I'd never trust the OS manufacturer to be responsible for its security anyone, but even less so considering MS's reputation for security...

    1. Re:Hello Symantec... by L4m3rthanyou · · Score: 1

      That's exactly what I'm afraid of.

      Symantec is a pile of shit, frankly. I was actually hoping that Microsoft's AV would at least force Symantec and McAffee to get their shit together and make an antivirus that doesn't suck.

      AV that's as much as a system hog as the notorious Norton is a pain in the ass, especially on Windows Vista. :|

      --
      One of these days, I'm going to cut you into little pieces.
    2. Re:Hello Symantec... by Stewie241 · · Score: 1

      And oddly buggy at that... I remember getting a call from my mother saying her freecell wouldn't work... odd... turned out it was related to Norton Antivirus - if I stopped the antivirus, Freecell worked. How does THAT work? Ian

    3. Re:Hello Symantec... by BCoates · · Score: 5, Insightful

      ... Symantec and McAffee to get their shit together and make an antivirus that doesn't suck.

      I'm not sure such a thing is even possible anymore. The usefulness of AV software has always been pretty questionable, and they never seem to have gotten over the threat model of months or years-old viruses being passed from floppy to floppy. Most threats are one-off now, like social engineering spam, one-day long trojan horse attacks, adware, and exploiting OS vulnerabilities to run spam zombies. As far as I can tell, my resource-hogging, system-destabilizing virus scanner does effectively nothing against any of those and there's no reason to believe it can be changed to do so.

    4. Re:Hello Symantec... by Magada · · Score: 1

      There's more than two companies making antivirus these days. Check out Eset, BitDefender, Kaspersky...

      --
      Something bad is coming when people are suddenly anxious to tell the truth.
    5. Re:Hello Symantec... by Kazoo+the+Clown · · Score: 3, Insightful

      As far as I can tell, my resource-hogging, system-destabilizing virus scanner does effectively nothing against any of those and there's no reason to believe it can be changed to do so.


      ABSOLUTELY. I gave up on AV programs some time ago. A good firewall, firewall-like execution protection such as Process Guard, not using the most popular email programs or web browsers, and severely restricting web-based application execution (i.e., boycott ActiveX and hamstring Java and Javascript) are far more effective techniques for tripping up a virus as such attacks will almost always try to 1) exploit networking applications most common to the OS, 2) try to run some kind of executable that you haven't run before, and/or 3) attempt some kind of network operation in order to propagate itself. Trying to recognize virus signatures is a lousy use of CPU resources, and has not been seen to be very effective.


      AV software companies are addicted to the subscription model that signature-based AV provides, and consequently are in a serious conflict-of-interest with regards to best security practices. Symantec in particular seems to be short of ideas for an alternative business model, and have opted instead to whine like a six-year-old who's mommy won't let them buy candy at the checkstand.

    6. Re:Hello Symantec... by Anonymous Coward · · Score: 0

      MSFT got into trouble with the European Commission again on this one, but this time with a twist.

      AV software vendors were screaming that they weren't allowed into Vista's internals. MSFT explained that this was precisely the point. The big guys - McAfee and Symantec - managed to convince the Commission to force MSFT to cripple their system to ensure a fair market for people to patch up the newly screwed OS.

      Perverted logic or what? Who's kidding me that this is about vulnerabilities in Vista: it's about keeping a sick market in business - McAfee and SYmantec are the last guys who want to see a fault-free Windows OS, they are parasites.

      Interestingly, MSFT originally offered the European Commission, in a preview to Vista, a scenario in which a user would be prompted, afetr installing Vista, to choose from over 100 AV vendors: McAfee and Symantec put the kybosh on that, as they want to hog the market...

    7. Re:Hello Symantec... by RockDoctor · · Score: 1

      ABSOLUTELY. I gave up on AV programs some time ago. A good firewall, firewall-like execution protection such as Process Guard, not using the most popular email programs or web browsers, and severely restricting web-based application execution (i.e., boycott ActiveX and hamstring Java and Javascript) are far more effective techniques for tripping up a virus


      Oh, ABSOLUTELY^BIGNUM.
      Don't forget also to think carefully about your partitioning scheme and use anything that is not "chuck everything into one partition, system code, application code, data, swap and temporary files". Where you put the stuff and what you call it is entirely up to you, but you must not under any circumstances (OK, honeypots excepted) use the OS installer's default.
      VIRUS to OS "execute C:\Program Files\Outlook\Outlook.exe /print_addressbook > C:\WINDOWS\TEMP\spamminglist.txt"
      OS to VIRUS "Cannot find file or folder C:\Program Files"
      (OK, maybe I've got the command line for LookOut wrong. Do I look like the sort of prick who would actually use the thing?)

      When I have to set up a machine that can run Windows (which I have to, for Work), it's out with the Linux install CD (you DID get a bootable CD with your OS, didn't you?), partition up a couple of drives for OS and applications (say 2GB each, more than enough for a work machine), another for swap (2xRAM, more than enough), another for data (the rest, maybe doubled to make for easy backing up. Mark them all as FAT32 (no need for anything more than 137GB for work), format and reboot. Then install your OS, choosing whatever arrangement of partitions seems appropriate for your situation. You'll have to do some manual hammering of the OS to make it accept filling the swap partition, but eventually it'll do it.

      On the subject of Work, I suppose I'd better go and do some.
      --
      Birds are not dinosaur descendants;birds are dinosaurs, for all useful meanings of "birds", "are" and "dinosaurs"
  4. bad logic by dave420 · · Score: 0, Flamebait

    So delays mean they should have AV wrapped up? That is a completely baseless statement. What if they were working on that right up until the launch? It doesn't excuse the AV situation, but it would mean his statement is bullshit. I'm all for activism, but straight-up being a little girl about it doesn't help.

    1. Re:bad logic by The+Ham+of+Truth · · Score: 2, Interesting

      You're calling him a little girl because he has bad logic? Then... ipso facto, you're proclaiming to us a love for unicorns and Barbie dolls?

      In an unrelated topic: I don't think the statement is baseless. IIRC, Gates responds to "OSX had it first" with "yeah, but we got delayed in order to secure the product first" (paraphrased, of course). Shouldn't we then expect a higher level of security then?

    2. Re:bad logic by Matt+Edd · · Score: 1

      "being a little girl" != "a little girl"

      I always explain to my gfs that "being a bitch" doesn't mean "you are a bitch"... just that you are acting like one right now. Of course I have to explain this sometime before we argue.

    3. Re:bad logic by The+Ham+of+Truth · · Score: 1

      Of course I have to explain this sometime before we argue

      Ace! I'm stealing this.

  5. NAV by Araxen · · Score: 0

    Anyone else shocked Norton is not included in this list?

    1. Re:NAV by Columcille · · Score: 1

      Symantec is on the list. These days, Symantec = Norton = Symantec, IIRC.

      --
      I love my sig.
    2. Re:NAV by cheater512 · · Score: 1

      Its either a typo or you need glasses.

      It says Norman not Norton.

    3. Re:NAV by Kymermosst · · Score: 1

      Try reading it again.

      Hell, I'll just give it to you: if you RTFA right at the end it says "Anti-virus software from CA, Fortinet, F-Secure, Kaspersky, Sophos and Symantec successfully achieved VB100 certification."

      --
      "Alcohol, Tobacco, Firearms, and Explosives" should be a convenience store, not a government agency.
    4. Re:NAV by Columcille · · Score: 1

      That's what I said: "Symantec is on the list" - guess I could have specified WHICH list, but I figured the context would show I meant the list of products that passed.

      --
      I love my sig.
  6. I wonder how a Free anti-virus program would do by mrchaotica · · Score: 3, Interesting

    Maybe the ClamAV people ought to submit their program for testing.

    --

    "[Regarding the 'cloud,'] ownership was what made America different than Russia." -- Woz

    1. Re:I wonder how a Free anti-virus program would do by Der+Reiseweltmeister · · Score: 1

      why in the world was this +3 Funny?

    2. Re:I wonder how a Free anti-virus program would do by aztracker1 · · Score: 3, Informative

      There is no resident/active file scanning with ClamAV, at least not from the clamav/clamwin developers afaik.

      --
      Michael J. Ryan - tracker1.info
    3. Re:I wonder how a Free anti-virus program would do by Anonymous Coward · · Score: 0

      But does it run Vista?

    4. Re:I wonder how a Free anti-virus program would do by xiong.chiamiov · · Score: 2, Informative

      There is winpooch, which can be hooked up with clamwin to provide real-time av protection.

      --
      have you read the Moderation Guidelines Addendum?
  7. A very good excuse... by bhirsch · · Score: 4, Interesting

    A VB100 badge means little or nothing to these companies, much less their consumers.

    1. Re:A very good excuse... by zCyl · · Score: 3, Funny

      A VB100 badge means little or nothing to these companies, much less their consumers.
      Most users would just assume that's the next version of Visual Basic.
    2. Re:A very good excuse... by BlackRookSix · · Score: 3, Informative

      Wrong. I was in an AV company for a while, and this is like the Oscars to them. Everything rides on their reputation, and this rating (along with The Pundits Choice Awards: Garner reports) can make or break a small company trying to break into corporate clients. Their sales people now face a HUGE uphill battle that they may never surmount, even if they make the VB100 next test phase.

    3. Re:A very good excuse... by Kojacked · · Score: 1

      You're right! It's just as meaningful as the adult film's version of the oscars! It means so much to them...but can you name who won best porn star of 2006? Pretty sad life if you could...

    4. Re:A very good excuse... by Apathist · · Score: 2, Informative

      You're spot on with how important it is to their reputation, but the fact is that the VB100 award had become something of a rubber stamp, due to the way it was being tested (ie. all the AV vendors knew in advance exactly what they were being tested against).

      What is important about this particular round of VB100 tests is that this was the first round of tests after they changed the way the test was done (to make it more representative of what AV protection needs to actually be out in the wild, and hence more difficult to just coast through). This new testing methodology came unannounced, and caught everyone by surprise... which is why other major vendors missed it, including McAfee.

    5. Re:A very good excuse... by DeepHurtn! · · Score: 1
      ..."most users"? I suspect most users have never even heard of Visual Basic!

      But maybe your low /. ID gives you a distorted perspective on this sort of thing. ;)

    6. Re:A very good excuse... by Tony+Hoyle · · Score: 1

      Hillary Scott, assuming you're talking female.

    7. Re:A very good excuse... by Aryeh+Goretsky · · Score: 2, Insightful

      Hello,

      I think it is a bit disingenuous to say that the reason some of the tested programs failed to receive a VB100 award had anything to do with changes to the test procedures used by Virus Bulletin Magazine. The tests consist of ItW (In The Wild), macro, polymorphic, file infector virus "zoos," with ItW and macro tests being repeated for both scheduled on-demand scanning and on-access (file I/O wedge) scanning, plus a set of clean files which are used to test for false positives. You can view information about the test sets here on Virus Bulletin's web site.

      The tests performed are basically those of detection (or lack of detection in the case of the false positive set—remember, a false positive report can be just as damaging to productivity in a corporate environment as an actual viral outbreak), along with some sometimes-snarky comments about the program being tested (usually related to usability issues). The VB100 award means that a product passed the ItW and false positive tests; it could still have faired poorly on the other tests and received the award.

      The idea that you can somehow "optimize" a product for these tests is a bit silly; ItW viruses are the ones which affect a vendor's customers and their technical support department receive calls about all the day. The idea that a vendor was somehow not concentrating their detection efforts on these is ludicrous; the ability to handle these types of threats is how they generate their revenue. As for avoiding a false-positive report against a clean set, well, I cannot think of a practical way to engineer a virus scanning engine's signature database for that.

      Computer Associates and Symantec received VB100 awards in this test and they are enterprise vendors, so claiming that the "major vendors missed it" this time around is incorrect. Conversely, vendors which specialize in anti-malware like Norman did not receive a VB100 award this time around. While there may be some correlation between the size of a vendor and their detection rate, I do not know if it is as linear a mapping as you imagine.

      Regards,

      Aryeh Goretsky

      --
      Dexter is a good dog.
    8. Re:A very good excuse... by Apathist · · Score: 1

      The idea that a vendor was somehow not concentrating their detection efforts on these is ludicrous Ludicrous it is. False, it is not. Both AV companies I've worked for in the last 10 years have people who are responsible for ensuring the ItW list is covered - ostensibly for the sake of the customers, but that motivation is belied by the fact that there is a big push to add detection for ItW samples right before the VB100 tests begin.

      so claiming that the "major vendors missed it" I think it's a bit disingenuous for you to misquote me like that... I said "other major vendors missed it", and I was referring to McAfee and Norman specifically - both of whom are major vendors.
  8. Nothing to do with Vista by ThinkFr33ly · · Score: 5, Interesting

    This has nothing to do with Vista, and everything to do with crappy anti-virus products. Neither OneCare or McAfee for XP have ever tested well, so why would anybody think that they would test well on Vista?

    If you read the entire article, you'll notice a little blurb at the end that several vendors passed the test, one of which was Kaspersky. Another excellent vendor for Vista is AVG.

    Kaspersky consistantly beats all the other major anti-virus vendors, but I guess the story wouldn't be quite as Slashdot-worthy if it ready "Kaspersky Anti-Virus on Vista Works Great!".

    1. Re:Nothing to do with Vista by Utopia · · Score: 2


      Neowin has more details on the report.
      Apprently only 0.01% of the viruses were not detected by these "failed" product.

    2. Re:Nothing to do with Vista by figleaf · · Score: 4, Informative

      Did you notice that report was created a company which sells its own anti-virus product?

    3. Re:Nothing to do with Vista by zx-15 · · Score: 5, Funny

      Kaskpersky is certainly a very effective antivirus, a lot of security comes from using 100% of CPU when browsing network folders, thus preventing the user from downloading viruses.

    4. Re:Nothing to do with Vista by Anonymous Coward · · Score: 0

      Nice! You say "Windows One Care has never tested well" -- NEVER??

      Then you point us to a page which contains a link that reads "Windows one care gets icsa labs approval"

      http://tech.cybernetnews.com/2006/05/26/windows-on ecare-gets-icsa-labs-approval/

    5. Re:Nothing to do with Vista by Lehk228 · · Score: 2, Insightful

      which virus from the .01% would you like on the machine handling your credit card number and social security number?

      --
      Snowden and Manning are heroes.
    6. Re:Nothing to do with Vista by Khuffie · · Score: 1

      You know why? Because it's fun to bash Vista! This is Slashdot!

    7. Re:Nothing to do with Vista by drinkypoo · · Score: 1

      I stopped using Kaspersky because it slowed my system down more than any other scanner. I went to AVG and haven't looked back. Is there actually something better about Kaspersky than AVG? Most of the time when I go look, AVG added detection for a given virus before, well, anyone else.

      --
      "You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
  9. Hate to say it by Stochastism · · Score: 1

    I hate to say it, but Microsoft were right for once in their earlier VISTA policy of locking down the practice of hooking into the kernel. It's that feature in XP that allows malware to flourish. Just because MS made mistakes years ago that spawned an entire industry (the anti-virus industry), doesn't mean that industry necessarily has the right to continue to exist in its current form.

    1. Re:Hate to say it by Creepy+Crawler · · Score: 3, Informative

      ---I hate to say it, but Microsoft were right for once in their earlier VISTA policy of locking down the practice of hooking into the kernel.

      Locking down along with no source code is simply security by obscurity. There WILL be bugs found, and those bugs will have kernel rights. Do you think that is good? Guess what, I dont.

      Vista will only reassure that bug releasers should not publish bugs, but rather sit on them. BTW, how do you clean out a kernel-infected Windows machine?

      ---It's that feature in XP that allows malware to flourish.

      Is there an executable preventer on Linux? Nosiree, there's nothing preventing a user from affecting his own dataspace. What do you think is bad: Trashing the whole system, or trashing your ~ ? A system can be reinstalled, but most people dont back up their data.

      Now, why dont Linux malwares work? They do, if the user lets them. It's just that much harder to make a program run from a browser window or from bad servers on various ports. Linux machines are usually more locked down to prevent evil stuff on the outside.

      --
    2. Re:Hate to say it by Stochastism · · Score: 1

      I agree with everything you say! I'm simply saying that the lack of strict access privileges in the kernel level of previous MS operating systems has created the A/V industry. And they are now crying foul because they were not allowed to use the very hooks that allowed malware to spread in the first place. Of course the kernel should both be open source, AND have strict controls on access to kernel memory space.. like Linux.

    3. Re:Hate to say it by Creepy+Crawler · · Score: 1

      But they didnt lock the kernel down for the benefit of us users, they instead locked it down for a purely content driven media delivery tool.

      That means we have even less access to their system. This applies to tinkerers AND system trashers.

      I wonder what "premium content" spyware could do?

      --
    4. Re:Hate to say it by Anonymous Coward · · Score: 0

      Nosiree, there's nothing preventing a user from affecting his own dataspace
      You could do it with SeLinux. It'd be a pain to maintain though.

    5. Re:Hate to say it by Creepy+Crawler · · Score: 1

      I was intentionally leaving that out, as its a huge pain in the ass to set up and maintain.

      I've only tried it once, and did a pretty bad job. Windows ACL's are only moderately better.

      --
    6. Re:Hate to say it by the_womble · · Score: 4, Insightful
      What do you think is bad: Trashing the whole system, or trashing your ~ ? A system can be reinstalled, but most people dont back up their data.

      If we talking about trashing the system instead of trashing ~, you would be right in the case of a single user system.

      However, we are talking about trashing everything, against trashing just ~. Obviously just ~ is better.

      In the case of a multi-user system, trashing one users ~ is much better than trashing everything. Most home PCs are multi users. Office PCs are invariably single user, but they should get backed up.

      It is much easier to back up a single user's directory than an entire system.

      Finally, limited access to the system makes it harder for viruses to propagate. How is it going to run again after a log out? Most people do not regularly run executables from their own directories: the executables they do run will not be infected. Certainly something like bash_profile or an autostart directory, but cleaning these up should be trivial. Am I missing anything here?

    7. Re:Hate to say it by drsmithy · · Score: 1

      Locking down along with no source code is simply security by obscurity.

      Untrue. It reduces the surface area for attack by reducing the amount of code typically running at privileged levels.

      There WILL be bugs found, and those bugs will have kernel rights. Do you think that is good? Guess what, I dont.

      Bugs and bad practices are two wholly separate issues.

    8. Re:Hate to say it by vadim_t · · Score: 1

      Is there an executable preventer on Linux? Nosiree, there's nothing preventing a user from affecting his own dataspace. What do you think is bad: Trashing the whole system, or trashing your ~ ? A system can be reinstalled, but most people dont back up their data.
      Yes there is, it's called "grsecurity". There's a kernel patch, quite widely integrated in some distributions (gentoo hardened-sources package say). One of the options is disabling execution completely from non-root-owned directories. So it basically prevents a normal user from executing anything at all that they download.

      Possibly the only workaround would be a Perl or a shell script, but the user would have to run it as "perl foo.pl", which is not the normal way of executing a shell script, so it's very unlikely that a GUI would be set up to do that automatically. That could be closed by patching Perl/bash/etc as well.
    9. Re:Hate to say it by jonadab · · Score: 1

      > However, we are talking about trashing everything, against trashing just ~.
      > Obviously just ~ is better.

      Only because I keep a lot (err, most, actually) of my data on other partitions, mounted outside of my home directory. If all my data were in ~, then I would consider trashing it to be just as bad as trashing everything.

      > In the case of a multi-user system

      Outside of server space, when was the last time you saw a multi-user system with separate logins? Every desktop system I've ever seen, all the users who use it do so from the same account. It's nice that operating systems have multi-user capability, but it is typically not used in the intended way on desktop systems. (It *is*, of course, used in server space, extensively.)

      --
      Cut that out, or I will ship you to Norilsk in a box.
    10. Re:Hate to say it by Mathinker · · Score: 1

      > Am I missing anything here?

      Hmm, I'd add "crontab"s and "at" queues to your list. An even more insidious (but much less reliable) technique is scanning the PATH for user-writable directories and the creation of wrapper scripts for executables found there. Or what about "customizing" the menu definitions on the desktop GUI to point to wrapper scripts?

      See that was easy, and AFAIK, I'm not even particularly devious....

    11. Re:Hate to say it by Magada · · Score: 1

      Interestingly enough, antivirus vendors are exempt from this policy and can still hook (signed) components into kernel.

      --
      Something bad is coming when people are suddenly anxious to tell the truth.
    12. Re:Hate to say it by the_womble · · Score: 1

      If all my data were in ~, then I would consider trashing it to be just as bad as trashing everything

      What about the time you spend cleaning up or reinstalling? I take a backup every few days so all I would have to copy everything back.

      Outside of server space, when was the last time you saw a multi-user system with separate logins?

      I am sitting at one.

      The reason more people do not do it is because Windows has only recently become usable that way - so the average user does not know it is possible. Some people I know have multiple PCs so that the children do not muck up their data.

      In any case, are you sure that it is such a rarity on Linux desktops?

    13. Re:Hate to say it by jonadab · · Score: 1

      > What about the time you spend cleaning up or reinstalling?

      You're going to do that anyway. Your system has been compromised, remember? You're going to salvage what data you can (inert data only, _not_ applications, much less the OS) and then repartition and do a fresh install. Even if you believe the attacker probably didn't gain root access, it's not worth the risk.

      Besides, the major reason I don't do new installations very often is because of the time I would have to spend copying my data to the new installation. If you've got to do that anyway, the extra time to install is small in comparison, so you might as well grab a newer version of your favorite OS, or try a different one, or whatever, while you're at it.

      If my home directory were wiped out by an attack, even if it were only *seconds* after a backup, I'd go ahead and do a clean install anyway.

      --
      Cut that out, or I will ship you to Norilsk in a box.
    14. Re:Hate to say it by the_womble · · Score: 1

      Ouch, I should have thought of some of those.

      The wrapper script around the GUI menu definitions is probably the most dangerous. Maybe we need a way of locking them down?

      The crontab and at queues approach might also work, depending on how common it is for ordinary users to be allowed to use cron (I see no reason why they should be default). AFAIK the default varies with distro.

      As for PATH, my PATH does not contain any user writable directories.

      Now that I think of it another approach might be to use the session manager. The KDE one uses the autostart directory (so I already covered it), I do not know if others do anything different.

      OK, I missed a few (and thanks for pointing them out), but I still think it looks like there are a limited number of things to be checked, that could probably be checked quite simply.

    15. Re:Hate to say it by JebusIsLord · · Score: 1

      or you can put /home on a separate partition, and mount it with the noexec option.

      --
      Jeremy
    16. Re:Hate to say it by vadim_t · · Score: 1

      That too, but it's a much less fine-grained approach.

      grsecurity allows defining a group that can bypass this requirement (say, the normal user account for the admin) or the reverse (making only the users belonging to the group be limited). It's also a lot more fine-grained. For instance, making /var noexec would break CGIs, while with grsecurity you can make sure that CGIs still run, but anything not approved by the admin (by being placed inside a root owned directory only writable by root) doesn't. Since no sane distribution runs Apache as root, this breaks a whole range of exploits.

    17. Re:Hate to say it by j0hn7r0n · · Score: 1

      The iMac I'm on right now requires users to login using their own credentials, as does practically every other college-provided PC. While still a small percentage of the total PCs, there are still PLENTY of multi-user PCs out there.

  10. OH NO, NO VB100??!? by madsheep · · Score: 5, Funny

    I heard they also didn't earn the WTF200 or the LOL500. Based on failing to get the three of these certifcations and seeing how all three of them are as equally popular..this software will surely be going no where.

    1. Re:OH NO, NO VB100??!? by Anonymous Coward · · Score: 1, Funny

      But it was certified by the IOACA (Internationall Organization for the Advancement of Criminal Activity).

    2. Re:OH NO, NO VB100??!? by inphorm · · Score: 0

      Lol.. what's even funnier is that here in Australia, VB is a beer.. so the thought that they didn't pass the VB100 is quite amusing...

      I'm kind of the opinion of "who cares" as well. Although I did notice that the publishers of this also have their own AV software, no conflict of interest there..

      - paul

      http://www.paulpichugin.com.au/

      --

      Pmp @ DeviantArt
    3. Re:OH NO, NO VB100??!? by Jesus_666 · · Score: 1

      However, even one installation of Vista is well above LD50 in geeks.

      --
      USE HOT GRITS WITH STATUE OF NATALIE PORTMAN (NAKED AND PETRIFIED)
  11. Great Sales Pitch by Zonnald · · Score: 3, Informative
    Tried to follow the links to the report to see what the fuss was about. First I was told I had to register for Free. I did that then clicked on the report - only to be told I had to subscribe. Not going to happen.

    For obvious reasons I will leave it to the reader to decide if they want to go and have a look, no links will be provided.

    1. Re:Great Sales Pitch by Bearhouse · · Score: 1

      Don't both to register - use BugMeNot. Great database of sign-ins for sites.

  12. Mark the article tile as FUD and sensationalism. by solitu · · Score: 1, Interesting

    Vista doesn't come with a antivirus program.
    Live OneCare, Mcafee are not specific Vista -- You can install them on XP too.

    And 99.99% detection rate is nothing to be sneered at.

  13. Exactly right by Freaky+Spook · · Score: 2, Insightful

    Most home users wouldn't even knew the VB100 badge exists.

    In that market, anti-virus sales are all about glossy packaging on shelves and fancy flash advertisments.

    If their AV fails and windows gets a virus, its Windows problem, not the AV problem.

    Microsoft are in a loose/loose market, but they stand to make money off joe-sixpack so they don't care.

    1. Re:Exactly right by Anonymous Coward · · Score: 0

      I am sure you mean lose/lose, please get it right.

    2. Re:Exactly right by rbanffy · · Score: 1

      In that market, anti-virus sales are all about glossy packaging on shelves and fancy flash advertisments.

      I would add a lot of fear-mongering to the mix. Sowing panic is a powerful marketing tool.

      --
      http://www.dieblinkenlights.com
  14. Remind me.... by edwardpickman · · Score: 0, Troll

    why am I supposed to upgrade to Vista?

    1. Re:Remind me.... by wordsnyc · · Score: 5, Funny

      They rang the fucking bell days ago. Salivate, dammit.

      --
      Sent from the iPad I found in your car.
    2. Re:Remind me.... by satoshi1 · · Score: 1

      This fucking bell... it indicates that there is to be fucking? 'Cause I'd surely salivate for that. Or food. Food is always good too.

    3. Re:Remind me.... by Anonymous Coward · · Score: 0

      That has got to be the funniest comments I've seen on /. in a long time. Thanks wordsnyc!

    4. Re:Remind me.... by Anonymous Coward · · Score: 0

      Shit. Sometimes being nerdy backfires. Like when you see salivate and try to translate it from latin >.<

    5. Re:Remind me.... by jonadab · · Score: 2, Interesting

      I don't salivate when bells ring. I only salivate when I hear the word "Pavlov". (This is the result of an experiment we did in Intro to Psych (in the fall of 1993, IIRC) and it still works without fail every time.)

      --
      Cut that out, or I will ship you to Norilsk in a box.
  15. *What* VirusControl? by SeaFox · · Score: 4, Insightful

    The other products are McAfee's VirusScan Enterprise, G DATA's AntiVirusKit 2007, and Norman's VirusControl.
    Norman's VirusControl. Yeah, that doesn't look like an attempt to market a product that deliberately sounds like a competitor...

    Now, if you're excuse me, I need to get back to setting up my Linkskey router...
    1. Re:*What* VirusControl? by DeeZee · · Score: 5, Informative

      Norman was founded in 1984, well before Peter Norton made an antivirus utility.

      Thanks for playing, though!

    2. Re:*What* VirusControl? by JambisJubilee · · Score: 1

      Pfft. I know a genuine Panaphonics when I see it. And look, there's Magnetbox and Sorny.

  16. Wait a minute by ChromeAeonium · · Score: 1

    Microsoft's anti-virus was 'much-hyped'? I don't recall any Microsoft anti-virus software being much-hyped. Where was I during this hyping? Cynically scoffed at maybe, but I don't remember much hype going on.

    1. Re:Wait a minute by Anonymous Coward · · Score: 0

      I agree, the website looks more like we're selling helpdesk services or something for fuck's sake...

  17. What Bill Thought by stox · · Score: 1

    Steve: We need to have Vista committed to security.
    Bill: You mean make all our security programmers wear straight-jackets and prescribed large doses of anti-psychotic drugs.
    Steve: I guess so.
    Bill: OK, get right on it.

    --
    "To those who are overly cautious, everything is impossible. "
  18. Umm.. by Anonymous Coward · · Score: 0

    Call me uninformed but what is Virus Bulletin and why do we care what they think?

    1. Re:Umm.. by Anonymous Coward · · Score: 0

      We care about all things anti-MS around here.

    2. Re:Umm.. by Anonymous Coward · · Score: 2, Informative

      Virus Bulletin is a major newsletter in the anti-virus/malware/spyware/etc industry. They publish disections of new "threats", various studies, and reviews of the latest products. It's not really a resource for the general population because subscriptions are expensive and many of the articles are quite technical (source code, executable disassembly, "kernel hacking", etc). It's more of a trade publication where people in the industry can keep track of the latest trends and what new technologies are coming around. You should care about what they think because they are one of the de facto authorities on these kinds of things. It is distributed in PDF form so it is probably floating around somewhere out there. If you can get a copy and read some of the technical articles you'll get a better idea of what they are all about.

  19. Re:microsoft by megaditto · · Score: 3, Insightful

    Well, how many people run AV on their linux/BSD boxes?

    Now, since Vista is securebydesign, it too no longer needs any anti-viruses!

    --
    Obama likes poor people so much, he wants to make more of them.
  20. No excuse, like no excuse... by djupedal · · Score: 4, Funny

    "With the number of delays that we've seen in Vista's release, there's no excuse for security vendors not to have got their products right by now..."

    Security vendors. They're all alike. They say they come to help...to save us from all things dark, but in their black hearts, they all want the same thing. They all want to RULE the earth!

    1. Re:No excuse, like no excuse... by jonadab · · Score: 1

      > in their black hearts, they all want the same thing. They all want to RULE the earth!

      Well, sure, doesn't everyone? Thing is, most people don't have a workable plan to achieve it. I, on the other hand, have a plan that I'm quite sure I can implement. Phase one of my plan is to go to work today and do my job. I'm pretty sure I can manage that. Phase two is to do the same thing tomorrow. I'm still working on phase three.

      --
      Cut that out, or I will ship you to Norilsk in a box.
  21. Better Solution by MikeDataLink · · Score: 2, Informative

    I think the better solution is to get noobs to be better educated on how to avoid spyware and viruses, etc in the first place.

    This website has a great video I think all noobs should be required to watch BEFORE owning a computer.
    http://www.my-pc-help.com/video/v10017.htm

    An ounce of prevention is always better than the cure.

    --
    Mike @ The Geek Pub. Let's Make Stuff!
    1. Re:Better Solution by Falladir · · Score: 1

      I think the better solution is to get noobs to be better educated on how to avoid spyware and viruses, etc in the first place.

      Yeah, but Windows was so un-secured and so prone to attack that even semi-competent users can wreck there systems. I doubt that Microsoft consists of such utter dullards that Vista will be *easier* to crack than XP, but even if it's a good deal harder, it will still be broken enough for spyware to get out and for botnets to persist.

      Also, there's the occasional "aww fuck, did I really just execute that file?" (I've done it once and I'm pretty knowledgeable; I'm sure even fairly well-educated noobs will fall for something eventually) that will also fuck up a system. And while that doesn't mean you lose all your data (utterly malicious viruses are rare, too unprofitable to be worth the time) it could very well mean a rootkit that's impossible to dislodge without going nuclear.

      The real and lasting solution is to make reformatting and reinstalling everything a task for an average user in a couple of hours (preferably with little enough attention that the user can watch a movie at the same time), instead of a task for a geek overnight, IF he can find all the CDs that the programs came on. At least when automatic detection and configuration work properly, GNU/Linux has reached this target (which is ironic, because reformatting is not needed often on a Linux machine, due to better security practices and of course obscurity) with APT and remote package repositories. But proprietary software has to protect itself, so there would need to be measures in place to prevent unauthorized users from downloading the material. A simple solution, though not perfect, would be to store small licenses in a privileged folder on the user's hard drive, so that he need only migrate this license folder (and his documents and configuration preference files) to the new installation.

      That would be a good solution, but of course the license folder would be a popular target for attack. Plant something there that instructs the machine to download malware (that would pose as MS Office, or whatever) up reinstallation, and the system is back in the botnets.

    2. Re:Better Solution by Gen.+Malaise · · Score: 1

      Way to pimp your own site..... noob

  22. This is just one review... by Aryeh+Goretsky · · Score: 4, Informative

    Hello,

    I shared my thoughts on this over here on Neowin.Net's forums, so I really don't just want to do a cut-and-paste job and post what I wrote in verbatim here.

    This is one of the first of a series of comparisons to include Microsoft Windows Live OneCare that Virus Bulletin Magazine has been doing for many years. While I suspect it is more frustrating than embarrassing at this point for the team responsible for Microsoft's Windows Live OneCare, this is really Microsoft's first attempt at providing their own comprehensive anti-malware solution—MSAV, the product which shipped with DOS does not count, it was licensed from Central Point Software (who was later acquired by Symantec) who, in turn, had licensed the software from Carmel Software—and it is going to take some time and lots of signature release cycles in order to get their detection rate fine-tuned.

    I don't expect this first Virus Bulletin product comparison to be the last, and the question really isn't how Microsoft did this time: It is how their product does over the next year or two that matters. If it gets worse or stays the same, they are just another competitor in the space (albeit the one with the deepest products). If, however, their detection rate improves, it is going to make it just that much more difficult for their competitors to compete against them.

    As a disclaimer of sorts, I should mention that happen I work for one of the computer security companies that Microsoft competes against with this products, so this dicussion is far from academic for me. Frankly, though, I'm not expecting Microsoft's entry into this space to have any effect on my employer—we are good at what we do and have a very loyal customer base. Also, we tend to compete against other, similarly-sized companies in the field. What I do worry about, though, is how some of my friends and colleagues at the largest companies are going to handle Microsoft's entrance as they are going to be competing head-to-head against Microsoft for marketshare.


    Regards,

    Aryeh Goretsky

    --
    Dexter is a good dog.
  23. Big whoop.. by scoot80 · · Score: 1

    So what? For someone only wanting basic protection, its probably good enough. For someone wanting better antivirus protection, they'll get another antivirus program. Is this supposed to be big news?

  24. Strange... by Critical_ · · Score: 4, Informative

    Has anyone bothered to do some fact/typo checking before posting this stuff?

    Microsoft's offering was one of four suites which failed to detect all malware. The others were G-Data AntiVirusKit 2007 v.17.0.6353, McAfee VirusScan Enterprise 8.1i and Norman Virus Control 5.90.

    See, I run McAfee VirusScan Enterprise on Desktops and Servers here without problems. The latest version in the 8.0 line is 8.0i patch 15. The Vista-compatible version is 8.5i which also works on Windows XP. There is no version 8.1i that I know of. Obviously this doesn't change the message that McAfee didn't earn the seal but I've never had problems with the VirusScan Enterprise line. To be frank, I've never encountered a single infection or uncontrolled virus problem on our network.

    Plus, who honestly uses just *one* virus scanner on the perimeter of their Microsoft Server-system based network? I certainly don't. For example, Exchange 2003 server on the perimeter runs software from GFI which has three separate virus scanning engines. This coupled with application executable hash-based protection offered in BlackICE takes care of the rest of the problems at the desktop/server level. It's the price we pay for using MS software.

    1. Re:Strange... by Anonymous Coward · · Score: 0

      Full disclosure: I am a GFI technical support employee.

      GFI MailSecurity 10 can have up to five, not three as the parent said, antivirus scanning engines: Kaspersky, Bitdefender, AVG, McAfee, and Norman. The product always includes Norman and BitDefender. I think our sales guys can set you up with the AVG engine for free if you ask for it, but I'm not sure if they're still doing this, since AVG is moving away from licensing their stuff for free these days.

    2. Re:Strange... by sporkmonger · · Score: 2, Interesting

      I've had problems with it. Namely this problem. We ended up having almost every install of Office corrupted, as well as huge numbers of random system files as a result. My previous employer had to run System Restore on virtually every single computer on the network. The only computers that weren't down that day were the servers that were running Solaris and the Macs in the QA department. After that experience, I swore I'd never willingly install any of McAfee's products again.

    3. Re:Strange... by Aryeh+Goretsky · · Score: 1

      Hello,

      I just checked the review (have Virus Bulletin subscription at work) and it is indeed McAfee VirusScan Enterprise 8.5i that was reviewed.

      Regards,

      Aryeh Goretsky

      --
      Dexter is a good dog.
  25. Sensationalism at its finest by I'm+Don+Giovanni · · Score: 1, Insightful

    According to the BBC article on this matter, Live One care failed the test because it only detected 99.91% of the malware rather than 100%. And McAfee and the others did better but didn't achieve 100%. So, yes they failed, but at least talk about this in the proper context by using the actual numbers, instead of linking to a blog entry with the sensationalistic headline "Microsoft's Vista anti-virus solution slammed". Does slashdot not even *want* to have any credibility?

    --
    -- "I never gave these stories much credence." - HAL 9000
    1. Re:Sensationalism at its finest by sadsfth · · Score: 2, Insightful

      "Live One care failed the test because it only detected 99.91% of the malware rather than 100%. "

      If we extrapolate the data does this mean that of the known 100,000+ pieces of malware targeting windows we're only in danger of 9,000+ pieces.

      If so what a relief;-)

    2. Re:Sensationalism at its finest by grcumb · · Score: 1

      Live One care failed the test because it only detected 99.91% of the malware rather than 100%.

      So you're okay with having all of your Vista machines get fucked up 0.01% of the time?

      That's a legitimate question, by the way. There are good reasons to answer 'yes' to it, but we need to be clear that relying on that service implies an acceptance of risk that is greater than that of some of its competitors.

      --
      Crumb's Corollary: Never bring a knife to a bun fight.
    3. Re:Sensationalism at its finest by ThinkFr33ly · · Score: 2, Funny

      Does slashdot not even *want* to have any credibility? You must be new here.
    4. Re:Sensationalism at its finest by Keeper · · Score: 1

      Are you ok with driving a car while the odds of having an accident are > 0.01%?

    5. Re:Sensationalism at its finest by grcumb · · Score: 1

      Are you ok with driving a car while the odds of having an accident are > 0.01%?

      Ack! Car analogy! Run away! 8^)

      Okay, seriously. The comparison is invalid. Virus infection represents total compromise of a running system, and it's not just my car - it's every car that my company operates, all at once. And in answer to your question: No, I do not think that total failure of a last line of defense once every ten thousand unique attempts is an acceptable risk. Not when I have other options available that offer lower risk and lower cost.

      But systems integration and management is a game of compromise and balancing competing factors. I can understand perfectly if someone else could justify it.

      --
      Crumb's Corollary: Never bring a knife to a bun fight.
    6. Re:Sensationalism at its finest by Keeper · · Score: 1

      When the odds of a disaster occuring approach that of the odds of being struck by lightning, my willingness to care about the difference decreases significantly. Especially when excercising common sense serves to further cut the odds of a problem occuring (ie: don't install crap from people you don't know, don't stand outside in the middle of a thunderstome, etc).

      In this case, all of the applications are "good enough" to me that performance doesn't seem to be the primary deciding factor (ie: if everything else were equal, then yes it would influence the decision, but if it weren't...those other factors might take priority).

      It sounds like you aren't examining risk for 1 "vehicle", but rather a fleet of them; I would certainly expect your risk analysis to be different than what I'd use for my home pc.

    7. Re:Sensationalism at its finest by grcumb · · Score: 1

      When the odds of a disaster occuring approach that of the odds of being struck by lightning, my willingness to care about the difference decreases significantly.... It sounds like you aren't examining risk for 1 "vehicle", but rather a fleet of them; I would certainly expect your risk analysis to be different than what I'd use for my home pc.

      Precisely. That's also why not many private houses have lightning rods, but most commercial buildings do. 8^)

      --
      Crumb's Corollary: Never bring a knife to a bun fight.
  26. Actually, cure is now worth more by ChromeAeonium · · Score: 3, Funny

    Prevention may be better than cure, but did you know that, contrary to the popular adage, an ounce of prevention is actually worth much less than a pound of cure? Its simply the law of supply and demand. Most people lack the foresight to use prevention, so they run for cure when the shit hits the fan. This leaves large quantities of prevention just sitting in warehouses, collecting dust. They even buried a few tons of it next to those E.T. games for the 2600. Due to this oversupply, and the huge demand for cure, the cure-prevention exchange rate is one ounce of cure is now worth 5.78 pounds of prevention.

  27. options... by Grinin · · Score: 0, Offtopic

    I am most pissed that I have to order crappier computers from Dell if I want to get Windows XP on them. To get a box without an OS on the HDD I have to buy some P.O.S. My clients need machines really fast sometimes and can't always wait for me to get the parts in and build it myself... and its really frustrating that I can't order them a good machine without Vista on it.

    Shouldn't that be illegal?!

    --
    Relocating to San Francisco / Palo Alto... Hire me?
    1. Re:options... by newt0311 · · Score: 1

      Its called tying and it is very illegal (anti-trust kind of illegal) for everybody except for MS. why not for MS? I wish I knew.

    2. Re:options... by scoot80 · · Score: 1

      No, not necessarily illegal.

      However, they really should have a grace period of at least 6 months where they are still selling their computers with the option of Windows XP. After all, you can't guarantee everyone's business application will run on Vista, so untill thats sorted, businesses will still want to run XP, or 2000 for that matter.

      Unfortunately, they don't really care about that point of view, what they do care is about selling as many machines with Vista on it. For the home user buying a new PC, it probably won't make much difference in the end.

    3. Re:options... by Grinin · · Score: 1

      I have always made it a point to wait for the first Service Pack to be released before deploying a new Windows version onto corporate networks. Right now Vista is way too buggy for me to allow my clients to put them to use. Personally, I think having an OS free HDD on a new computer should always be an option. I shouldn't be forced to buy a specific model just because I do not want to use the only OS they are offering me.

      It would be really nice to see the government grow some brains, step in, and force these big companies to change their bad habits. Yes, I know Microsoft has major kick-backs to their channel partners, but I don't think this is fair for the consumer. Especially since NTLoader is so stubborn at interacting with other operating systems...

      Why can't they just play nice?

      --
      Relocating to San Francisco / Palo Alto... Hire me?
  28. ESET Nod32 Rocks... by Anonymous Coward · · Score: 0

    Bit obligatory, but it's worth saying that ESET track record on the VB100 has been exceptionally strong for the past 5 years....

  29. Farnsworth says... by Anonymous Coward · · Score: 0

    Thus, solving the AV problem once and for all.

  30. Vista is irrelevant to this "award" by RootWind · · Score: 1

    This is really a test of the scan engine and database. You would most likely get the exact same results from using the same product on all platforms they sell it on. Since they didn't test the same products on XP (why VirusBulletin always skips around with OS is beyond me), I am not sure how anyone could make any correlation to Vista versions of antiviruses.

  31. NORMAN... by gardyloo · · Score: 1

    ... is in Ireland!

  32. Math by gardyloo · · Score: 1

    90+ :)

  33. Terrible Tagging by Guanine · · Score: 3, Insightful

    This may be tough on my karma, but I have to get it out: goddammit what's with the worthless tagging? I know the feature's beta, but if I see "haha" or "yes" followed by "no" one more time ... (ok I have no recourse). But seriously guys this feature is supposed to, as far as I can tell, eventually provide a useful augmentation or even replacement for search. Please try not to screw it up.

    1. Re:Terrible Tagging by Allador · · Score: 1

      Wait ... you mean the tagging feature is supposed to be useful?

      I thought it was put in for humourous effect.

      But then again, I also miss 'itsatrap'.

    2. Re:Terrible Tagging by MyOtherUIDis3digits · · Score: 1

      I thought they just misspelled "quick & useless commentaries".

      Hopefully once the novelty wears off, it will actually be used for its intended purpose, as I can see it being very useful.

      --
      Ignore anything I said above, I actually agree with everything you believe - mod accordingly.
  34. living on borrowed time? by codepunk · · Score: 1

    The Netscape engineers thought they had a loyal following and they where very good at what they
    did also....poof gone

    Foxpro had a loyal following and great engineers....poof gone

    DR Dos had a loyal following and great engineers....poof gone

    Word Perfect had a loyal following and great engineers...poof gone

    You probably have a loyal following and great engineers....yea you guessed it, poof gone

    --


    Got Code?
    1. Re:living on borrowed time? by Tim+C · · Score: 0

      I have no direct experience of any of the other examples you cite, but Netscape essentially committed suicide. Netscape Navigator wiped the floor with all versions of IE up to and including 3. NN4 was arguably comparable to IE4. NN4 was a barely usable, slow, crash prone monstrosity compared to IE5, yet rather than make incremental improvements and stay in the game, Netscape decided to throw away their established codebase and restart from scratch. That is what killed them, not IE itself; they were out of the game for far too long, and lost too much ground. Lately they've lost their way; Mozilla and Firefox are what Netscape Communicator/Navigator (respectively) were, and should have remained, but they blew it.

      Believe me, I'm no MS/IE fanboy; I have never and likely will never use IE, and stuck with Netscape 4 long past the time almost everyone else had abandoned it, finally moving to Mozilla at around M14 or so. MS had much less to do with Netscape's loss than Netscape itself did, however.

      --
      It's official. Most of you are morons.
  35. Best AntiVirus Still.... by HerculesMO · · Score: 1

    NOD32. Low resource usage and high effectiveness. What more can you ask for?

    --
    The price is always right if someone else is paying.
    1. Re:Best AntiVirus Still.... by Phil+John · · Score: 1

      And fantastic support. The initial release for Vista kept crashing my computer on login, then on boot. Not even safe mode worked.

      ESET took around a week and a half, but tracked down the problem, and released a new version that fixed it. And I'm not a corp customer with hundreds of licenses, that's damn good service in my book.

      --
      I am NaN
    2. Re:Best AntiVirus Still.... by nevesis · · Score: 1

      Eset's NOD32 consistently scores in the top AV detection ratings.

      (usually with Kaspersky, though NOD is considerably less resource-hungry. F-Secure also is usually in the top three.)

    3. Re:Best AntiVirus Still.... by meridian · · Score: 2, Informative

      F-Secure is in there because it uses the Kaspersky engine and another one as well for twice the resources.
      F-Secure - highest detection rate, 4x the resources of nod32
      Kaspersky - highest detection rate bar F-Secure, less chance of false positives but, 2x resources of nod32
      nod32 - Pretty damn good and fast

      Most vendors seem to sit somewhere between Kaspersky and F-Secure for resources from many reviews I spent time reading about 12 months ago, and below nod32 for scanning ability from what I have read. Haven't seen any Vista based reviews but I am sure it hasn't changed too much.

      And of the three only F-Secure supports NAC. I have used the F-Secure demo and I wouldn't buy it myself. If I needed enterprise with NAC support I'd look at either Panda, Trend or Sophos (McAfee if the others weren't decent for enterprise solutions) (sorry shameless Cisco plug :)

      For home I would use nod32 if I had a Windows box of my own

      Mum uses AVG cause ITS FREE :) I did delete her windows once and put debian on but she reinstalled windows herself heh

      --
      meridian at tha.net
    4. Re:Best AntiVirus Still.... by b0bby · · Score: 1

      Yep, I'm running NOD32 & happy - it has been effective, yet has a small footprint. Just what I want.

  36. Re:Strange... = P4wn3d by Anonymous Coward · · Score: 0

    To be frank, I've never encountered a single infection or uncontrolled virus problem on our network.


    I'm betting you just haven't unearthed the creepy malwares, I've seen it miss many times.

  37. Whoever submitted this by wumpus188 · · Score: 1, Funny

    Whoever submitted this article is a troll. We all know that Vista do not need anti-virus.

  38. Re:microsoft by Duhavid · · Score: 4, Funny

    Who cares which lib they used? glib, libc, etc, etc.

    --
    emt 377 emt 4
  39. New tag by arpy · · Score: 2, Funny

    defectivebyaccident

  40. Re:Mark the article tile as FUD and sensationalism by Apathist · · Score: 1

    Not quite.

    It's 99.99% of a very limited test set. Against all know malware, most of those products get something like 70-95%...

  41. Re:microsoft by value_added · · Score: 2, Informative

    Well, how many people run AV on their linux/BSD boxes?

    Huh?

    For starters, lots of people.

    How else to protect Windows systems?

  42. It's norMan, not norTon that failed by Anonymous Coward · · Score: 0

    Believe it or not, there is a product named Norman Viruscontrol which from a cursory review of their website doesn't appear to be associated with Symantec.

  43. All I want to know is... by Anonymous Coward · · Score: 0

    which one of them can wipe the viruses off my PCs? I've got dozens infected with Eicar all over my network and I can't seem to get rid of the buggers. And my Exchange server is clogged to the brim with spam messages by "Gtube", which I guess is a YouTube copycat. What's up with that?

  44. Re:microsoft by cheater512 · · Score: 1

    I have it installed. I was intending to make it scan the Windows machines on the network.

    Unfortunately my laziness got in the way. The Windows machines as a result are currently filled with crap.

  45. HOw did it do in the VB100 test? by metushelach · · Score: 1

    Does anybody have the score NOD32 got in this test for Vista?

    1. Re:HOw did it do in the VB100 test? by HerculesMO · · Score: 1

      VB100 is a certification. Either you get it, or you don't. NOD32 has always gotten it for as long as I can remember. Norton, McAfee, etc... they've missed it multiple times.

      --
      The price is always right if someone else is paying.
  46. ...and here's the rest of the story! by purpleraison · · Score: 1, Informative

    I felt that this article was more geared towards highlighting which products were effective, as opposed to providing anything of substance about Microsoft's flagship antivirus product; thus the title is a bit misleading. For those who don't feel like navigating to the site, and registering so they may view the list, here it is: Alwil avast! Professional Edition 4.7- pass CA Anti-Virus 8.2.013 - pass CA eTrust Integrated Threat Management Suite r.8.1 - pass CAT Quick Heal AntiVirus Plus 2007 version 9.00 - pass ESET NOD32 antivirus system 2.7 - pass Fortinet FortiClient 3.0.379 - pass F-Secure Anti-Virus for Vista 2007 - pass Grisoft AVG 7.5.433 - pass Kaspersky Anti-Virus 6.0.2.546 - pass Sophos Anti-Virus 6.5.1 - pass Symantec AntiVirus 10.2.0.276 - pass Microsoft Windows Live OneCare 1.5 - FAIL McAfee VirusScan Enterprise version 8.1i - FAIL G DATA AntiVirusKit 2007 v. 17.0.6353 - FAIL Norman Virus Control v.5.90 - FAIL As you can see, there is much more to this article than meets the eye. Also interesting to note, is that Grisoft has one product that passes, and another that fails. Something that ties in closely with the fact that these tests are done monthly and are not intended to bash companies (which is respectable), but rather point out which are effective in detecting viruses. On a personal note: I found AVG to be a very effective antivirus program on Vista systems I have had to deploy -- and for personal use it is free :)

    --
    I am open source, and Linux baby!
  47. Re:microsoft by rdoger6424 · · Score: 1

    A fairly decent amount of people run ClamAV. Granted, it scans windows viruses exclusively right now, but it's an AV program nonetheless.

    --
    "Hello 911? I just tried to toast some bread, and the toaster grew an arm and stabbed me in the face!"
  48. Live OneCare caught 99.91% of the known viruses by thisispurefud · · Score: 1

    According to the test, "Microsoft Live OneCare caught 99.91% of the known active viruses it was tested against. This left it vulnerable to 37 separate malicious programs." And that was the *worst* result. A 99.91% success rate isn't exactly horrible.

    1. Re:Live OneCare caught 99.91% of the known viruses by NSIM · · Score: 1

      According to the test, "Microsoft Live OneCare caught 99.91% of the known active viruses it was tested against. This left it vulnerable to 37 separate malicious programs." And that was the *worst* result. A 99.91% success rate isn't exactly horrible.

      Another thing that the needs to be considered is how prevalent are the viruses that sneaked by, chances are the ones that got through the AV software are ones that are pretty rare and haven't been seen too much in the wild yet. So the actual chances of anybody catching a virus when running any of these AV programs are very small indeed.

      I actually ran my Vista machine throughout the beta without AV protection and continued to do so until last weekend with no ill effects. I'm now using the AVG free edition and I don't plan on paying anybody for AV protection in the future.

    2. Re:Live OneCare caught 99.91% of the known viruses by 99BottlesOfBeerInMyF · · Score: 1

      A 99.91% success rate isn't exactly horrible.

      Hmm, seems pretty bad to me. That means it misses a significant number of know viruses. Why would it miss known viruses? I mean everyone knows about them, surely they tested their solution against all known viruses as well as some new ones just made in the lab, right? I'd accept a 80% failure rate for unknown viruses, they're hard. A .09% failure rate for known viruses though, I have a hard time understanding.

  49. tilde~ by Sigg3.net · · Score: 0

    What's wrong with tilde?

    --
    Defining Statistics and Social Research
  50. F-Secure by Deathlizard · · Score: 1

    I'm still trying to find out how F-secure passed this test.

    I don't know how many times I had to do virus cleanup on an F-secure PC because it couldn't delete the file, or it would happily let the virus run in the background, or not detect it at all. and that if it's running, since it wouldn't run in safe mode and half the time get corrupted by the virus.

    --
    In Soviet Russia, Trojan exploits YOU!
  51. Heil Grammer Nazi! by VinB · · Score: 0

    'With the number of delays that we've seen in Vista's release, there's no excuse for security vendors not to have got their products right by now,' said John Hawes, technical consultant at Virus Bulletin."

    Um, excuse me. There's no excuse for security vendors not to have gotten their products right by now.
    pft ... swine.

  52. AVG by egandalf · · Score: 2, Interesting

    AVG has earned this certification, as noted on their website, for their professional version at least. Their website doesn't specify whether the free version is VB100 also, but I would assume it does since they both should run on the same AV engine.

    Did I mention they have a free version? For 9x/XP/Vista AND Linux?

    Yeah.

    --
    Those who have telepathy have no need to RTFA.
  53. Education Won't Work by EXTomar · · Score: 1

    Because if "educating the users" had a chance of work, it would have had an effect some 30 years after computers started to become interconnected which initially opened this risk. There is no excuse for irresponsible usage but to lay the blame on the users for being dumb is erroneously placing the fault because there is an equal amount of blame on the vendor for allowing the situation to arise easily. Simply put, systems should be engineered to avoid destroying themselves from normal usage. Many infection vectors come from "normal usage" where we should be yelling at the vendor to fix it instead of scolding the user.

  54. Re:microsoft by mackyrae · · Score: 1

    I usually have AV on my Linux box so that if I'm going to send a file I got from random-place-online to a Windows user I can be sure it won't hurt them.

    --
    look! it's a bird, it's a plane, it's....a girl? yes, a girl browsing Slashdot on Linux
  55. M$ not the only one with crappy virus protection by mcguyver · · Score: 1

    I like the bash M$ when it's due but in this case they're no worse than products from these other guys: McAfee's VirusScan Enterprise, G DATA's AntiVirusKit 2007, and Norman's VirusControl. Yet the headline makes it seem like M$ was the only brand to not pass the litmus test...riight

  56. The major A/V vendor's all failed it . . . by mmell · · Score: 1
    That is illogical . . . illogical . . . all units, Norman co-ordinate. All units, Norman coordinate!

    There's just something wrong about a crewman who never smiles!

  57. What! Not a sex toy? by EmbeddedJanitor · · Score: 1

    Can I cancel my order?

    --
    Engineering is the art of compromise.
  58. Re:microsoft by darkonc · · Score: 1

    Now, since Vista is securebydesign, it too no longer need I guess that's why MS is now selling an anti-virus 'solution' they figure that even if it doesn't work, it won't make any difference.
    --
    Sometimes boldness is in fashion. Sometimes only the brave will be bold.