Slashdot Mirror
Many Antivirus Tools Fail in LinuxWorld Test
talkinsecurity writes "In a public, side-by-side test conducted last night at LinuxWorld, ten antivirus products were confronted with 25 known viruses. The results were surprisingly disparate. Only three of the products caught all of the viruses; three only caught 61 percent, and one caught an abysmal 6 percent. The test, which wasn't particularly complicated, proves that there still are wide differences in the effectiveness of AV tools. A lot of people think all AV tools are the same — they're not!"
I must have missed something. How, with 25 different viruses can one catch 6%? My math skillz tell me that it should be divisible by 4.
Nice to see opensource programs perform so well, so consistently. I only wish the author(s) maintained the ports and packages himself. The Win32 port seems a bit of an afterthought. Anyway, still a brilliant antivirus program.
(My other OS favourites include Audacity, CDex, The GIMP and OpenSolaris (you didn't expect that one coming, did you)).
"The agriculture ministry is not in charge of Gundam" - Japanese ministry official.
I assume the virus software was running on Linux but the viruses being detected were Windows viruses. You might want this type of virus software running on a Linux mail server or Samba server so Windows machines can't spread their viruses to other Windows machines through you. Of course we know they couldn't have come up with 25 Linux viruses, or even 1 for that matter.
thats exactly what I was thinking...how can you have 25 viruses and get anything other than 4%, 8%, 12% etc. The article refers to 6%, 61% and 89%...bizarre - I can only reason that they weighted the severity of each virus.
If you suspect something is evil with your setup, you should go with your gut instincts. You are probably more right than you know.
You should get away from antivirus. Seriously. I'm going to sound like a salesman, but bear with me a bit.
Antivirus and anti-malware in general, on Windows machines, closes the barn door after every single horse has bolted. There is _no_ way to be sure your Windows computer is badware/zombieware free. To top this off, it often sucks up incredible amounts of cycles that turn the latest gamer machine into an XT.
There is something that computer labs and libraries swear by and not at: Faronics' DeepFreeze. What you do is establish a "ground state" for the machine by doing a bare metal install and then installing DeepFreeze. You then have certain areas for data that are unfrozen, but the rest is basically locked up tight.
Surf by an evil site and get a drive-by install? Laugh maniacally, and reboot. The evil bits are then...gone. The machine has returned to its ground state. To install software permanently, you must "unfreeze" the machine, install your software, and then refreeze. The refreezing can be automatic for the next reboot or specified for a certain number of reboots, like if you were doing a Windows update and have to suffer through the interminable reboots. So it also gives Windows "parental supervision" - even for the 9x machines that don't have the concept of an "administrator" account.
Evilware in the presence of DeepFreeze is about as sticky as snot to teflon. If you insist on staying with Windows, this will let you sleep at night.
I swear, Faronics should hire me.
--
BMO
Additionally, they could have calculated the type of virus (by entry method, severity (as you mentioned), spread method, mode of attack, age, etc.) and weighed their percentages in the wild. It's also possible that the programs perhaps prevented some of the damage of some of the virusus, thus meriting partial credit.
It's also possible I'm wrong, but either way, the article is omitting some information we're supposed to know.
Ever consider that every virus infection stopped by anyone, target or not, could cut down on the bandwidth sucked away from all of us by the ever increasing botnets?
What about infected files that don't originate on your systems but are passed through it? If you send out an infected file, the recipient won't care where you think you got it, or how much you feel that it isn't your problem, you're the one who infected them.
You can piss and moan about trash on the sidewalk or you can just pick it up.
All of them depend on guessing whether a file is good or bad.
All of them will have false negatives as well as false positives, most likely skewed to have fewer false positives to reduce the annoyance factor at the expense of missing real viruses - false negatives.
There are substantially better and computationally cheaper ways to protect your system than an anti-virus.
Something you get if you go online. Remember, you may not be infected by a virus, but you can still spread it. Signed, Computer User
You must be one of those old timers that didn't have to suffer the new math from the 60s. Hint: It's all about self esteem now.
What?
Is viruses can be a bitch to remove when the system is online, since the virus can do things to fight the scanner. I see a scanner running on a lice system as preemption, not recovery. You run it to stop the virus before it can cause harm. AVG seems good at that, it seems to notice viruses right away.
If you want to use a tool like that for recovery, they way to do it is on an offline system. Either take the disk to another computer and set it up as a non-system disk, or build yourself a PE boot disc and clean it from that.
It more or less the same for any sort of system analysis or recovery for malware, hacks, whatever. Running tools on the live system is of limited use since you might get back bogus answers. You can run them to see what it going on, but when you actually start cleaning up, you need to do it from a different system, or there may be something working to undo what you've done.