Slashdot Mirror
Microsoft's Vista AV Fails Certification
An anonymous reader writes "Microsoft's much-hyped anti-virus solution, Live OneCare and three other Vista AV products failed to achieve the Virus Bulletin's VB100 certification. The other products are McAfee's VirusScan Enterprise, G DATA's AntiVirusKit 2007, and Norman's VirusControl. All failed to pass a series of tests that are required to display the VB100 badge. 'With the number of delays that we've seen in Vista's release, there's no excuse for security vendors not to have got their products right by now,' said John Hawes, technical consultant at Virus Bulletin."
Most home users wouldn't even knew the VB100 badge exists.
In that market, anti-virus sales are all about glossy packaging on shelves and fancy flash advertisments.
If their AV fails and windows gets a virus, its Windows problem, not the AV problem.
Microsoft are in a loose/loose market, but they stand to make money off joe-sixpack so they don't care.
Now, if you're excuse me, I need to get back to setting up my Linkskey router...
Well, how many people run AV on their linux/BSD boxes?
Now, since Vista is securebydesign, it too no longer needs any anti-viruses!
Obama likes poor people so much, he wants to make more of them.
According to the BBC article on this matter, Live One care failed the test because it only detected 99.91% of the malware rather than 100%. And McAfee and the others did better but didn't achieve 100%. So, yes they failed, but at least talk about this in the proper context by using the actual numbers, instead of linking to a blog entry with the sensationalistic headline "Microsoft's Vista anti-virus solution slammed". Does slashdot not even *want* to have any credibility?
-- "I never gave these stories much credence." - HAL 9000
This may be tough on my karma, but I have to get it out: goddammit what's with the worthless tagging? I know the feature's beta, but if I see "haha" or "yes" followed by "no" one more time ... (ok I have no recourse). But seriously guys this feature is supposed to, as far as I can tell, eventually provide a useful augmentation or even replacement for search. Please try not to screw it up.
which virus from the .01% would you like on the machine handling your credit card number and social security number?
Snowden and Manning are heroes.
If we talking about trashing the system instead of trashing ~, you would be right in the case of a single user system.
However, we are talking about trashing everything, against trashing just ~. Obviously just ~ is better.
In the case of a multi-user system, trashing one users ~ is much better than trashing everything. Most home PCs are multi users. Office PCs are invariably single user, but they should get backed up.
It is much easier to back up a single user's directory than an entire system.
Finally, limited access to the system makes it harder for viruses to propagate. How is it going to run again after a log out? Most people do not regularly run executables from their own directories: the executables they do run will not be infected. Certainly something like bash_profile or an autostart directory, but cleaning these up should be trivial. Am I missing anything here?
... Symantec and McAffee to get their shit together and make an antivirus that doesn't suck.
I'm not sure such a thing is even possible anymore. The usefulness of AV software has always been pretty questionable, and they never seem to have gotten over the threat model of months or years-old viruses being passed from floppy to floppy. Most threats are one-off now, like social engineering spam, one-day long trojan horse attacks, adware, and exploiting OS vulnerabilities to run spam zombies. As far as I can tell, my resource-hogging, system-destabilizing virus scanner does effectively nothing against any of those and there's no reason to believe it can be changed to do so.
As far as I can tell, my resource-hogging, system-destabilizing virus scanner does effectively nothing against any of those and there's no reason to believe it can be changed to do so.
ABSOLUTELY. I gave up on AV programs some time ago. A good firewall, firewall-like execution protection such as Process Guard, not using the most popular email programs or web browsers, and severely restricting web-based application execution (i.e., boycott ActiveX and hamstring Java and Javascript) are far more effective techniques for tripping up a virus as such attacks will almost always try to 1) exploit networking applications most common to the OS, 2) try to run some kind of executable that you haven't run before, and/or 3) attempt some kind of network operation in order to propagate itself. Trying to recognize virus signatures is a lousy use of CPU resources, and has not been seen to be very effective.
AV software companies are addicted to the subscription model that signature-based AV provides, and consequently are in a serious conflict-of-interest with regards to best security practices. Symantec in particular seems to be short of ideas for an alternative business model, and have opted instead to whine like a six-year-old who's mommy won't let them buy candy at the checkstand.
Hello,
I think it is a bit disingenuous to say that the reason some of the tested programs failed to receive a VB100 award had anything to do with changes to the test procedures used by Virus Bulletin Magazine. The tests consist of ItW (In The Wild), macro, polymorphic, file infector virus "zoos," with ItW and macro tests being repeated for both scheduled on-demand scanning and on-access (file I/O wedge) scanning, plus a set of clean files which are used to test for false positives. You can view information about the test sets here on Virus Bulletin's web site.
The tests performed are basically those of detection (or lack of detection in the case of the false positive set—remember, a false positive report can be just as damaging to productivity in a corporate environment as an actual viral outbreak), along with some sometimes-snarky comments about the program being tested (usually related to usability issues). The VB100 award means that a product passed the ItW and false positive tests; it could still have faired poorly on the other tests and received the award.
The idea that you can somehow "optimize" a product for these tests is a bit silly; ItW viruses are the ones which affect a vendor's customers and their technical support department receive calls about all the day. The idea that a vendor was somehow not concentrating their detection efforts on these is ludicrous; the ability to handle these types of threats is how they generate their revenue. As for avoiding a false-positive report against a clean set, well, I cannot think of a practical way to engineer a virus scanning engine's signature database for that.
Computer Associates and Symantec received VB100 awards in this test and they are enterprise vendors, so claiming that the "major vendors missed it" this time around is incorrect. Conversely, vendors which specialize in anti-malware like Norman did not receive a VB100 award this time around. While there may be some correlation between the size of a vendor and their detection rate, I do not know if it is as linear a mapping as you imagine.
Regards,
Aryeh Goretsky
Dexter is a good dog.