Most Users Think They Have AntiVirus Protection, While Only Half Do

SkiifGeek writes "A survey carried out by McAfee and the NCSA found that while more than 90% of users believed that they were protected by antivirus or antimalware products that were updated at least once a week, only 51% actually were. 'Even with significantly growing awareness by everyday users of the need for efficient and effective antivirus / antimalware software, and the increasing market penetration achieved by the security industry, the nature of rapidly evolving Information Security threats means that the baseline of protection is outstripping the ability of users to keep up (without some form of extra help).' The study is available online in PDF format. What sort of an effect does this sort of thinking, and practice, have on the overall security of your systems, networks, and efforts to educate?"

How is this new?

[quanticle]

New computer users forget to update antivirus. In other news water is wet, and fire is hot. Film at 11...

Re:How is this new?

modding the fp redundant is my favorite pastime

Re:How is this new?

No, the problem is that you get a free year trial when you buy a new computer. People get annoyed when it starts asking you to update all the time, and turn off the "remember to register" reminders. Then the year passes, and they have a very out of date antivirus running that does no good, but they think they are protected because it still churns away acting like it's doing something.

Re:How is this new?

How is this new?
1) The NSCA was involved. Even though the current definition of supercomputer excludes pretty much everyone surveyed, this must be important if the NCSA is studying it.
2) Oh. McAfee funded it. So if it makes it sound like you and everyone else needs to buy commercial antivirus software from a particular vendor, you might want to consider the money trail.
3) 1 + 2 = 3, This is news because even putative non-biased organization, such the NSCA, are accepting industry funding for research that should be kept clean. I think they are still upset they let Netscape slip through their fingers but this is not the solution.

Re:How is this new?

[Billy+the+Impaler]

The real issue is that people buy computers with software pre-loaded. Among this is an antivirus or a trial for the same. After a while this quits working but the system tray icon still sits there whining about things occasionally. Users click through whatever the annoyance is and continue on their merry ways, thinking that that "picture by the clock" is doing something to protect them. Education is the solution; users can learn about free alternatives to paid antivirus software, why Windows needs an antivirus program, and about what they need to be wary.

Re:How is this new?

[Eevee1]

The Professy will help! WHAAA! Fire INDEED hot.

Re:How is this new?

[SCHecklerX]

The real problem is that viruses are a social issue, not a technical one. I'm not talking about worms. I'm talking about viruses.

If users practice simple common sense, then anti-virus software buys them NOTHING, and actually ends up causing a lot of problems with the proper functioning of the computer.

Don't do stupid things, and keep your software up to date (arguably quite easy for home users using windows update, or yum, or whatever). Antivirus software doesn't help.

You cannot replace common sense with 'smart' software that tries to protect idiots from themselves. Imagine the problems we'd have with cars that tried to drive themselves (had to get the flawed car analogy in :-).

Re:How is this new?

[uncoveror]

Another problem is that the version of McAfee that comes with AOL does nothing if users don't register it, and create a user ID and password. McAfee has no business complaining about this problem when they created it.

Re:How is this new?

[rk075456]

i agreed with you, people these day buy computers with software pre loaded, not mentioning about people in the work place, they just use computer with intention doing their 'job' only.. and also filling their free time with surfing the net of course.. did they aware about the antivirus installed?? obviously not.. not mentioning updated the antivirus they not even bother to scan the pc's!!

Re:How is this new?

[TT076750]

ya i also agree...

Re:How is this new?

[hitmark]

i could have sworn that the winxp sp2 security center gives the user a warning that said antivirus is out of date...

Re:How is this new?

[IT074552]

i think that is not really correct.as far i know,all antivirus software including McAfee have a reminder service on that software that will do their job to remind their user to update.so user will not forget to update their antivirus unless they turn off that reminder function.as example,i am very concern about updating my antivirus and it make me have a habit to always check their update on my own without waiting a reminder to remind me.

Re:How is this new?

[Hal_Porter]

I remember seeing this article a week ago. So yeah, how IS this new? That was the trial version of the article. Now we need to pay or stop talking about it.

Re:How is this new?

[Hal_Porter]

I've tried Windows with and without anti virus software, and with and without spam blocking. With no antivirus and no spam block it's pretty obvious that clicking on BritneySpears.jpg.scr is a bad idea. With antivirus, BritneySpears.jpg.scr is deleted from the spam. With spamblocking the spam ends up hidden.

I think if you use email program with decent Bayesian filtering (or gmail) and you don't download pirated software you can live without antivirus, since the main attack vector is over email now that most Windows machines run with a firewall by default.

On Vista clicking on malware pops up a warning box making it clear it's a bad idea to install it. Even if you install it, Windows Defender will get rid of sooner or later. And even processes with Admin rights can't infect the system - all the Windows system directories are protected from everything but the TrustedInstaller process that runs .msi files.

Re:How is this new?

Or the AV vendors can be more forthright and remove that little icon once it stops doing what it was supposed to do(protect you from viruses)

Re:How is this new?

[MetalPhalanx]

But generally the antivirus is actually still protecting against viruses... Just not the viruses that were released since the last update.

Re:How is this new?

[thePowerOfGrayskull]

Fixed some typos for you:

The real issue is that systems come with Internet Explorer and Outlook Express preloaded. Education is the solution. Users can learn that if they do not run these two applications, they will by default be protected from the vast majority of malware.

Re:How is this new?

[ThePengwin]

The sad thing is the modeern day PC user is ignorant, they dont care how it works, only that it does.

Re:How is this new?

get your new virus signature by updating your antivirus...

Re:How is this new?

[rk075771]

sometimes virus scanner can be used to detect and removed malicious programs but no scanner is 100% accurate or effective and also new viruses appear wekly and may be undetected by the scanner..thus,make sure that your virus scanners are updated regularly!

Re:How is this new?

[TT075127]

Hye.. My opinion, this senario happend because of lack of computer and security acknowledgement..people who doesnt care much about their computer security will just install and leave it function automaticaly without knowing the function of their antivirus..for example some antivirus only provide service for browsing and email scanner..but not on network or p2p service..so people just used it..so they assume the antivirus install will protect the whole system..but actualy not.. For some reason people who on budget will use only free version of antivirus that provide from the developer..but the free version of antivirus just offer basic security with no advance function that can make their pc more secure. People always forget about the Update which mean very important to antivirus program, especially when people get the antivirus from the downloaded site(piracy)..absolutely not secure and not up to date.

Re:How is this new?

[PushpaVeni(TT076754)]

I doesn't know realy why windows needs an antivirus.....is it to protect the computer from the vulnerabiliies? Windows XP is the windows which having the high possibilities from being attacked by virus. Did antivirus really work?

Re:How is this new?

[zairi5811]

sometime to update antivirus is very hard job for us, imagine that who's using dial-up modem, owh, how long they can wait for the updating process..

How can that be?

[Perseid]

Every anti-virus program I've used in years defaults to auto-updating with zero configuration. How can that many people screw that up?

Re:How can that be?

[Simply+Curious]

Most commercial programs only come with a subscription for one or two years. After the time is up, people might forget to resubscribe or figure that it's not worth the cost.

Re:How can that be?

[Jugalator]

I, like another commenter, think it's because of OEM's so often shipping AV trials that expire and they misunderstanding and think "having antivirus included" meant having it all along. Users would probably be less confused if OEM's didn't include any antivirus at all, or offered a lifetime subscription for some extra cost.

Re:How can that be?

[jawtheshark]

Think again! Most budget computers come with a 30 day trail. Don't pay that one, and you're screwed... If you pay, you are screwed too because those Antivirus programs (Symantec, I'm looking at you) are crappy overpriced products.

Your only hope is knowing a Geek/Nerd that is willing too help. Contrary to popular belief on slashdot, not everybody has that luxury.

Re:How can that be?

[bombastinator]

My favorite bit is having seen an out of date copy of norton on xp causes so much virus like behavior and slowdowns that it fooled a person into thinking it was a virus issue when the offender was in fact norton itself.

I have one friend who bought it merely because it was the only way he knew to make his computer work again. Norton is so much more complicated to uninstall than other software that he couldn't figure it out.

YAY Shovelware! :/

Re:How can that be?

[stinerman]

+1

My uncle's computer was having all sorts of problems with slowness and other performance issues. I uninstalled Norton and installed AVG. It was running fine after that.

Re:How can that be?

I, like another commenter, think it's because of OEM's so often shipping AV trials that expire and they misunderstanding and think "having antivirus included" meant having it all along. Users would probably be less confused if OEM's didn't include any antivirus at all, or offered a lifetime subscription for some extra cost.

One of my son's fellow co-workers wanted him to look at their computer to see why it wasn't connecting to the internet via the browser. When he got to checking he found a problem he has seen repeatedly, Norton was expired, but still on and blocking access from just about everything to the internet. So he shuts it down and heads to the Norton web site to snag their uninstaller being as the included one doesn't work very well. Once Norton was uninstalled he downloaded and installed AVG for them.

This ticked him off more at Symantec then he already was, especially on seeing yet again the number the number of different special removal tools for the various versions of Norton Security software there was. The Uninstalls shipped with the software should work, but they do an extremely poor job of it and sometimes crash and lock out the systems. Norton needs to be dealt with before a system restore too, else it will cause it to fail. Not the only AV with this problem of course, but extra aggravating cause of the requirement for the seperate utility to actually clean it off the system. Not to mention that pre-Win95 most of the Norton products were fairly decent, one of my favorites was Norton Desktop which made Win 3.1 more controllable, but with the advent of Win95 on Norton products always seem to be broken. None to the extent that 95 and larger hard drives blew old Norton Utilities 8 away, wouldn't let Norton Desktop even exist for obvious reasons and Norton 95 was just a broken product from its beginning, IMO. After all this time its still a memory hog that doesn't play well with others but then Windows doesn't always play well with others either and some have credited Norton Desktop on Win3.1 as having added extra push to Microsoft radically changing the GUI.

Re:How can that be?

[jbengt]

If they offered an OEM Windows machine with no AV preinstalled, it would become hopelessly infected before any AV could be installed, and require an OS reinstall.

Re:How can that be?

[djl4570]

Lots of dial up users will disable auto update because the updates take "too long to download." Then they neglect to manually update the software. Antivirus software is becoming antisocial nagware as well which will cause many users to disable the features either incrementally with rules or just turn it off and forget to turn it back on. I've been frustrated with product quality over the years and have changed products several times since 2000. I dumped McAfee because I despised the business practices of NAI, then dumped Norton because of the "elephant in the livingroom" footprint and the frequent forced reboots when it updated. Trend got the boot this year for excessive and unnecessary overhead (Moving a bunch of zip files from one folder to another on the same volume should not require scanning every file.) Now Kaspersky is nagging every time I launch an existing application because of registry access. It even nagged me about svchost. Many users would just give up and not replace the product. They just disable it and forget it's disabled.

Re:How can that be?

[jotok]

Huh. So, how would you improve an antivirus product? What do you think is a fair price point?

Re:How can that be?

Why should he have to improve the AV product? Or determine a fair price?

All he was doing was pointing out that most of the antivirus software that comes bundled with computers these days is crappy bloatware.

Frankly I'd rather have a virus or trojan installed on my computer (provided it wasn't a keylogger) instead of McAfee or Symantic AV products. It'd surely consume less system resources.

Re:How can that be?

[whoever57]

One example: Microsoft stopped updating the MS anti-spyware for Windows 2000 machines at the end of 2006. On some machines, the fact that no further upgrades were coming was not obvious to the user.

Re:How can that be?

[v1]

We get in machines constantly that are thoroughly infested and have 1, 2, or 3 antivirus products on their computers, all of which's updates have expired a year or more ago. Customers don't undertand that without paying for the update service, the value of the software drops very near zero a month after the subscription expires. So, we clean them up, sell them the latest AV and get their updates going, and we just KNOW we'll be seeing them again in about 14 months.

Windows' security model doesn't help here. The antivirus software takes the "if we know it's bad, don't let it DO that - otherwise it must be safe". This only works if you are omniscent, which never totally works, and completely falls apart after you lose your updates.

Re:How can that be?

[hazem]

So, they're taking an inherently flawed product (an OS that can be compromised in minutes) and "fixing" it by puttint a bloated piece of trial-ware that will screw up your machine when the trial ends? If they did that in cars, heads would roll. "The wheels tend to fall of, so we glued this piece of plastic on that holds them. But it will only last 30 days. So you need to get a subscription to have a new plastic thing put on every month."

And as for being immediately compromised, doesn't anyone use a router with their broadband that has a firewall in it? Not perfect, but at least a first line of defense.

As for AV, I've been using ClamAV. It seems to work well and doesn't hog up a lot of resources. I like that it's open source too.

Re:How can that be?

[Binestar]

http://free.grisoft.com/

Re:How can that be?

[plover]

Huh. So, how would you improve an antivirus product? What do you think is a fair price point?

About $36,000 dollars. That's roughly the cost of a Comp Sci bachelor's degree at a state university.

Seriously, knowing what the hell you are doing is far more effective protection than relying on a $50 chunk of software. I've had three "malware" infections so far. One was an advertising distribution peer-to-peer network that was intentionally installed by a commercial CD-ROM as a part of a kid's game (Mattel, back in the 1990s), and the other two were at work. Some idiot brought SQL Slammer in on his laptop, and another commercial product (a battery backup software installation CD-ROM) installed one of those "sleepers". Otherwise firewalls and knowledge have kept my gear safe.

My antivirus has legitimately kicked in only once: a Word virus on a resume. I'll give the AV software credit, even though I have auto-run macros disabled and would not have been infected. The only other times my antivirus software has anything to do is when I do suspicious stuff myself, like create my own root authority certificates. It's nice to see it working when that happens.

Re:How can that be?

[jotok]

I didn't say "point at a product you think is better." I said, specifically, how you would go about improving an AV product?

Re:How can that be?

Huh. So, how would you improve an antivirus product? By
1. disabling flawed services
2. patching up security holes
3. uninstalling risky software or monitoring their proceses only ( might become bit CPU intensive with M$ products )

... in that particular order and priority

What do you think is a fair price point? free...
viruses come for free, security holes are kinda payed, so the antivirus must come for free as it is patch for the flawed OS!

Re:How can that be?

[IhuntCIA]

So, they're taking an inherently flawed product (an OS that can be compromised in minutes) ... Yes.

And as for being immediately compromised, doesn't anyone use a router with their broadband that has a firewall in it? Not everyone uses external firewall.
Firewall will not help against true viruses, but if is good can help against worms and trojans by preventing them to spread out from the infected machine. The problem is that firewall does not prevent infection, only can block port / protocol.

Re:How can that be?

Why would you try to improve a bad product rather than switching to a new one?

Re:How can that be?

That isn't even close to true. Even Windows XP SP2 comes with the firewall on by default so there isn't a network worm attack vector. With Vista, the ante is upped even more with IE 7 in protected mode so that IE can't write to the file system. Combine that with the firewall and you are not going to get a virus unless you install the damn thing yourself.

Oh, wait - you were talking about Windows 98 - which is probably the last version you used.

Sorry guys - you can dump on MS about a lot of things, but it is a lot more difficult to infect a new Vista machine even without AV that you seem to think.

Re:How can that be?

[renegadesx]

I had to deal with a network wide virus infection because AVG didn't detect the particular virus. Lucky for me I didn't get around to uninstalling Norton on my PC and detected a crapload across the network. Norton maybe a bloated piece of crap but I was thankful that one time having it.

I tested and retested it 5 times because my employers at the time were cheap bastards and didn't want to fork out money. Before leaving I reccomended some products but didn't stick round long enough to buy and implement it. Those bastards were slow and reluctent to fork out money even in emergency situations so I figured fuck em.

Re:How can that be?

[jotok]

Up until recently I was getting AV intercepts constantly, because where I was working we weren't allowed to configure or patch boxes. There was always a message about the AV product zapping a downloader before it was written to disk, or somesuch. You're right in that knowledge keeps you safe better than software, but sometimes your knowledge isn't going to help :)

Re:How can that be?

[arminw]

.....The Uninstalls shipped with the software should work,.....

On Mac OSX, most programs don't come with an uninstaller, since that is unnecessary. Just drag the program to the trash ... empty trash ... there, it's uninstalled. Why can't Windows have it that easy? Also, other than a few experimental proofs of concept there STILL isn't a virus in the wild, that infects Macs. Now let the market share replies begin.

Re:How can that be?

[arminw]

....Many users would just give up and not replace the product......

I know users who gave their Windows computer, which they used to use for doing real work to their kids for games. Then they got themselves a Mac, which doesn't put its users through all that trauma.

Re:How can that be?

[DavidTC]

It is perhaps worth pointing out that no antivirus could every be uninstalled without an uninstaller, not even ones on a Mac, as, duh, antivirus hook into various operating system functions. Antiviruses are not applications, they are system utilities.

That said, it's only Norton that is consistently broken during uninstall.

Re:How can that be?

[marcansoft]

Hooking into OS functions can be done dynamically. Providing a framework for applications to auto-run on startup and/or override OS functionality while still remaining in a self-contained package isn't hard.

Just because people don't do it doesn't mean it can't be done.

Re:How can that be?

[1u3hr]

Just because people don't do it doesn't mean it can't be done.

It's unavoidable in Windows to use the Registry. Thus any unuistaller at a minumum has to change or delete Registry entries, as well as files. And AV products will often replace system utilities, just deleting them will leave you with a crippled system, unable to go online or do much else.

Re:How can that be?

[marcansoft]

I said it was possible; I never said it was possible using the current situation under Windows. The OS vendors have to set up such a system in the first place. "People" refers to everyone, not just application developers. OS vendors need to provide such a framework and applications need to use it.

Re:How can that be?

[arminw]

......It is perhaps worth pointing out that no antivirus could every be uninstalled without an uninstaller......

For Mac users, uninstallers do exist for the very few programs that do install stuff in the OS. An antivirus program would likely be in that category. These are merely a convenience, because unlike Windows, unless you're talking root-kit, malware doesn't have as many places to hide. Malware doesn't do much good if it can't be made to start running automatically either at boot time or when a user logs in. There is a general system startup folder for boot time and each user has one in their user space. The Apple Installer program also keeps a log of where stuff was put in the system. Dragging those itms to the trash gets rid of them.

The system stuff in Macs is much better protected. We don't give the name of the admin account nor the password to any user around here. Even at home, only one person (Dad) knows the admin password. All users run as standard users and are not able to install any software other than in user space. If anyone wants to install downloaded software that wants to write to the system, the administrator must do it. No Mac program requires admin rights in order to RUN, even games. Sadly that is STILL not the case for many Windows programs out there.

It's so much easier to produce and install malware in Windows, and there are so many more Windows systems out there. The bottom line is: In practice, Macs are very safe without the burden and expense of AV type software. The OS and any other programs that use CPU cycles without adding to the productivity of the user is like the overhead of a business.

Re:How can that be?

[jawtheshark]

And yet, that's exactly the answer I would have given. AVG is free as in beer, lightweight and has all features one needs.

I liked the concept from yonder days where personal users got their antivirus programs for free and companies had to pay for it. McAfee was like that.... That's a long time ago though, but it is the business model that Grisoft uses for AVG.

Re:How can that be?

[CrossChris]

There's a worse problem: no "anti-virus" products actually work properly! It's trivial to build a virus or other malware that is missed by the standard Windows "security" products. There is a "new" virus or virus variant released into the wild every few minutes. With the best will in the world, no anti-virus product can hope to keep up with this!

The only actual "cure" is to either disconnect your Windows machine from the internet, and use it standalone, or change to a truly secure and robust operating system that cannot be infected by this nonsense.

Until Microsoft adopt a proper security model, there is no point in trying to use Windows for anything other than playing games - and serious gamers use dedicated games consoles for that purpose!

Re:How can that be?

[IT074552]

i am really agree with u.many of my friends that buy a new PC told me that they have an AV and they do not have to beware about virus anymore.but in fact,they do not know is it a trial version or full version because sometimes a dealer do not honest with their customers.they just stated that PC have all software especially AV but the truth is only trial version.maybe for average user,they alert when they cheated; of course for expert user but for beginner user?i think an own good research about OEM'S and terms of software must be done before take any actions.

Re:How can that be?

[Hal_Porter]

What about kexts? It seems like an antivirus that can scan files on the fly needs to hook into the OS to do this. So just deleting the application executables won't remove this stuff.

Re:How can that be?

[mpe]

It's unavoidable in Windows to use the Registry.

It's perfectly possible for an application to ignore the registry. There's also a rather long list of Windows applications which mis-use the registry.

Re:How can that be?

[1u3hr]

OS vendors need to provide such a framework and applications need to use it.

Which means it's impossible, because Microsoft will just say the "framework" includes the registry, too bad if you don't like it.

Re:How can that be?

[1u3hr]

It's perfectly possible for an application to ignore the registry.

True. I could have footnoted that, I still run lots of ancient DOS apps. But not the kind of security application we're talking about.

Re:How can that be?

[arminw]

......What about kexts?....

That depends on whether the antivirus utility merely adds itself to the existing ones or replaces an existing, vital one. Merely trashing that is fine in the former case, but can leave a dead system in the latter. By looking at the date it easily determined if a kext is part of the original set or was added later.

On Macs or other *NIX based systems any process running as root can scan files. A kext is not needed. The registry in Windows is a serious design flaw that causes a large amount of the grief that Windows users experience. It is the main reason why most Windows programs need an uninstaller. Also, because of the registry, malware can hide anywhere in a HD. In *NIX systems stuff needs to be in certain limited locations and thus more easily found and eradicated.

Re:How can that be?

[fataugie]

It's unavoidable in Windows to use the Registry

Welcome to the wonderful world of the .ini file.

*RING RING*

Hello?....It's for you....It's 1994 calling

Re:How can that be?

[Hal_Porter]

On Macs or other *NIX based systems any process running as root can scan files.

That's true on Windows too.

A kext is not needed.

What if you want to scan things before they are opened? All Windows antivirus software works like this

1) OS does an open
2) Antivirus intercepts the open, opens the file and scans it for viruses
3) if it's clean then allow it to be opened, if not block it

Now I'm not saying this is a good feature - I always turn it off and do manual scans overnight, but it seems like if you need to intercept open(), close(), read() and write() - and actually in Windows the file APIS are much more extensive than this, you need to hook dozens of API functions, probably hundreds - it seems like you need a kext.

Incidentally, Windows antivirus software works by installing a filter driver over the filesystem. And if you're hooking you need an uninstall to undo the hooking when the software is removed.

Actually, maybe you don't. If you've ever used FileMon it's just one exe file. I think that file contains a filter driver which it writes out to disk and installs. Mind you, the people that wrote FileMon are a lot better programmers than the sort of people who write antivirus software, and FileMon can only track file accesses after it starts. A real antivirus should be able to run from very early in the boot cycle, which requires all sorts of voodoo to get a the driver and userspace parts working before the Win32 subsystem is up.

The registry in Windows is a serious design flaw that causes a large amount of the grief that Windows users experience.

Actually Windows supports .ini files too. In fact back in the Win 3.1 days that was all it supported. The registry was supposed to be some centralized place for config info that could be backed up all at once. It's faster than ini files too since it's binary.

But these days the fashion has changed and most apps use a text file in the user's directory for config. The speed advantage of a binary config database is largely irrelevant since machines are fast and it only needs to be accessed on app startup and shutdown, and it means you can uninstall the app by deleting it, Mac style. Also, you can run it from a USB key.

In fact I read some interview with Microsoft people where they said that the registry was originally only supposed to be for COM components, using it for app config data was basically a mistake.

Re:How can that be?

[arminw]

.....All Windows antivirus software works like this.......

Why do all files need to be scanned for viruses? I am not an expert on the innards of OS, including Macs. If I remember correctly, Macs have a process launcher I believe is called launchd. In Windows, it seems there should be something equivalent. Files containing viruses don't do anything until they attempt to execute any code therein. At that point the launcher can call the antivirus program telling it, hey here is a program that I've never seen before, please tell me if I should let it run. In Macs the launcher asks the user if it is OK to start up code it has never seen before. If a KNOWLEDGEABLE user sees such a message, they can click NO, and the unknown code cannot execute. Users who routinely click OK would likely get a bug if that's what the unknown code was. Scanning files manually for viruses could still be done. It would help identify malware and quarantine it.

(....Also, you can run it from a USB key......)

Not only run an application, but boot the whole computer. I have a small portable 80G firewire drive. I can boot most any G5 or G4 PPC Mac with it. If the firmware of any Mac isn't password protected, holding down the option key brings up a screen where boot-able drives can be selected from which the computer will boot. For Intel based Mac this also works if the portable drive has the Intel version of OSX. If the Intel disk also has Windows and Linux installed, those system will also boot on any Intel processor Mac. For me, that makes a powerful troubleshooting tool for sick Macs. I have booted and resurrected a number of un-bootable Macs this way, backed up the frantic users data and made the Mac boot normally again.

A HD based iPod will do this also, but the tiny little drive doesn't stand up too well for prolonged use in this way.

Re:How can that be?

[Hal_Porter]

Why do all files need to be scanned for viruses? I am not an expert on the innards of OS, including Macs. If I remember correctly, Macs have a process launcher I believe is called launchd.

launchd is just for kexts, right?

http://en.wikipedia.org/wiki/Launchd

In Windows a kext would be a driver and you get a confirmation box if the driver is not signed, assuming you're an admin. If not, it will just fail to install.

But that's not what antivirus software looks for. Some user who doesn't know what they're gets an email saying "See Britney Naked, click the attachment" with BritneySpearsNaked.jpg.scr attached. This is actually a screensaver disguised as a jpg. But a screensaver is just a executable file and if you're running as an Admin as inexperienced users used to do before Vista, you just got owned. BritneySpearsNaked.jpg.scr will scan your address book and email itself to everyone you know. And copy itself somewhere it can start on bootup. Actually I happen to know it could kill the system in few milliseconds if it wanted to, though either virus writers aren't evil enough to do this or they haven't figured it out. I think highly virulent computer viruses might burn themselves out too, like biological ones like ebola do, so there's probably a evolutionary limit on virulence.

Antivirus software intercepts the CreateFile opening the attachment and causes it to fail. Actually it will probably stop the file being written to disk in the first place. In a bizarre piece of software symbiosis, the antivirus knows enough about the email programs file formats to replace it with a text file telling the user that the attachment was a virus that got removed.

These days much of this is fixed - Vista users don't run as admin all the time so processes they start can't damage things or infect the system. Since XP there's a prompt if processes start to use the mail APIs so the user has to confirm. And most modern (as in made in the last seven years) Windows email clients make it very hard to execute an executable attachment or send one. The BritneyNaked.jpg.scr scenario only really worked ten years ago. And intercepting file access was an ugly hack to stop it then.

Re:How can that be?

[1u3hr]

Hello?....It's for you....It's 1994 calling

Duh. I was using ini files in Unix 30 years ago.

Even if you don't write your own app's config there, you MUST read and probably write many Windows parameters to run a firewall or antivirus, and the only way to do that is the Registry.

Re:How can that be?

[RK075580]

start using a firewall software or ip blocker software like Peerguardian 2.

Scary how many people don't know how

[CRCulver]

I've been travelling around the world for the last six months, usually staying with people from hospitality associations. I've connected my iPod to a lot of computers to update Rockbox, and I'm amazed at how often autorun files from some virus or another are left on the iPod. Sure enough, these people have rarely installed antivirus, and don't even realize the need to run Windows Update. Indeed, most couldn't even get much from running Windows Update, since in much of the world legitimate Windows installations are difficult to achieve.

Re:Scary how many people don't know how

[shaiful]

during my studies all this years, I've been using almost all antivirus that you're familiar with....but if you think by having a single antivirus in your PC or computers can free yourself from some virus...you'll be amazed with it.... b'coz each software have their own function.... e.g, antivirus-to detect n kill virus, spyware-to scan n delete all necessary malicious program, firewall- to protect your computer from cracker... thats how things work here.... well, it's easier when u have someone do it for you or you just need to maintain all the part to make all job running smoothly... thats all you need...

McAfee

[zoomshorts]

It is just FUD started by McAfee to sell more crappy software.

Keep moving.

Re:McAfee

[bombastinator]

As the saying goes "lies, damn lies, and statistics". I am particularly interested in two things. The "once a week" statement which seems somehow suspicious, and the fact that MacFee sells pay-for anti-virus products.

Once a week:

How many people use their computers online less than once a week? If you're not online you can't update (nor should you need to)

How many people don't use their computers online at all?

How many people set their computers to "update only when I tell you to" to keep the anti-virus auto updater from twiddling with their open applications when they are working?

MacFee:

How often have you seen a study that was spontaneously initiated and payed for by a company turn out to be against the company's best interests?

Re:McAfee

[Vlad_the_Inhaler]

A study carried out by McAfee and North Carolina School of the Arts says users need to buy more virus scanners. I'd have been amazed if a McAfee study had reached another conclusion.

I don't understand...

[Spy+der+Mann]

I downloaded this antivirus from this webpage that told me "YOUR COMPUTER IS INFECTED! DOWNLOAD FREE ANTIVIRUS!".
Why do I keep getting popups? :(

Re:I don't understand...

[rk075245]

Anti-virus software, itself having virus!! how this virus want protected my computer from viruses. Doubt!

Re:I don't understand...

[AlgorithMan]

maybe that exact thing is why people think they had AV...
the survey should have included a search for malware that is spreaded that way... maybe they are on the other 49%s PCs...

Re:I don't understand...

[RK077208]

it is because, the virus itself want to attack your computer..you should not believe all the nonsense things..it pretend somebody else to get into your computer...so be aware with all teh advertisement:)

Re:I don't understand...

[Kangburra]

I know this is funny, but sadly, it's also what a lot of "normal" people actually do.

Re:I don't understand...

i have install the antivirus to my PC but forgot to update it every time. these caused me to loss many of my inmportant datas.:( can the antivirus automatically updated for users convenience.

Re:I don't understand...

[rinaazlin]

Maybe because you are already infected, darling

Re:I don't understand...

[zairi5811]

because you use the pirated antivirus before this, so thats why its popups recommending you download the free antivirus :) just joking friends..

It's the AntiVirus companies fault

[Mattwolf7]

It's the antivirus/computer companies fault, since they switched to giving people with new computers only 30-60 days of protection when they would give you a full year or even software that never expired... People think they still get full service when they buy a computer that they did 2-3 years ago.

Re:It's the AntiVirus companies fault

[Original+Replica]

I think it's the ISP's fault, or more exactly their problem. The only way you will get Joe Sixpack to install and update an AntiVirus program is if it's free and automatic. Now most everyone accesses the internet via an ISP so they have the distribution network and the trust of the computer owners. The ISPs also have to deal with the extra bandwidth used by infected computers. The ISPs need to stop making virus protection an opt-in, download this plug-in, thing. Start making virus protection an automatic, only the computer savvy can figure out how to opt-out, thing. Block people who don't have some sort of antivirus from accessing the internet and redirect them to the free update.

Re:It's the AntiVirus companies fault

[ScrewMaster]

If you want to assign blame, I'd say it's a certain operating system vendor's fault. Granted, no operating system is immune to malware, but at least if the bar were raised a bit higher we might not see so much of it.

Re:It's the AntiVirus companies fault

[Pharmboy]

How many people don't use any service from their ISP except internet connectivity? I couldn't tell you what my "free" email address is, or what their USENET server name/IP is, or anything else they offer. I pay to get access to the net and won't install their "extra" software with a bunch of shit that changes my preferences, homepage, etc. I am betting I am not the only one that finds most ISP's "free" software and such to be enough of a pain in the ass to not warrant finding out anything else they offer.

Re:It's the AntiVirus companies fault

[ScrewMaster]

You win that bet, hands down. One of the other engineers with whom I work put it this way: "Just gimme the damn pipe." I mean, my server does poll the free address from my ISP, just to get the occasional notification, but I've never given it out to anyone and I've never used it.

Back when I was on AT&T Broadband, they insisted I run their "diagnostic" spyware package before they would do anything to fix any communications issues (God help you if admitted to using NAT or an external firewall.) I ended up installing a Windows partition with all their crap on a removable drive that I would throw in whenever I had to call them to report an outage or something, one that I would cheerfully plug right into the cable modem if I was asked. I didn't care if it got infected, since when they were done admitting that I was right all along and the problem was on their end, I would just pull the drive out and put it back on the shelf until next time.

What does bother me is how often ISPs technical support people deliberately put their customers in harm's way with instructions such as, "okay, I'll need you to turn off your firewall" or "if you're using a router, be sure to plug your computer directly into the cable modem." With that kind of negligence, they have no right to complain about the support and bandwidth costs of zombied boxes. What's the mean time to infection for an unpatched Windows system nowadays, anyway?

Re:It's the AntiVirus companies fault

[TheRaven64]

What does bother me is how often ISPs technical support people deliberately put their customers in harm's way with instructions My favourite was refusing to support someone I had set up Thunderbird for unless they checked their email with Outlook express. The problem was clearly not related to their mail client choice (I was getting emails bounced back by their server), but they insisted the person check their mail with the least safe program on the net.

Re:It's the AntiVirus companies fault

[shaiful]

yeah, it is true what you said here....but dun you really think, actually it is your mistake by having that thought...hehe ^_^

Re:It's the AntiVirus companies fault

[hackstraw]

It's the antivirus/computer companies fault, since they switched to giving people with new computers only 30-60 days of protection when they would give you a full year or even software that never expired... People think they still get full service when they buy a computer that they did 2-3 years ago.

OK. My computer did not come with any antivirus trial or program. At work, I use a computer and admin over 1,000 other computers, and none of them have installed or came with an antivirus thing.

Back in 1994, I did get some kind of Monkey virus or something when I ran Windows and DOS because a roommate used a floppy in the computer lab at school. I have not ran or used an antivirus thing on any of my computers since then.

So, my question is. Am I in the half that has antivirus protection or the half that thinks they do?

Re:It's the AntiVirus companies fault

[mikael_j]

...God help you if admitted to using NAT or an external firewall.)...

Well, let's say you have a DSL service that comes with a "free" bridged DSL modem, most likely your ISP will refuse to troubleshoot any non-sync-related issues unless you get rid of any NAT routers, hardware firewalls, software firewalls and such since they have to assume you're a moron who just set his firewall to "Block all". You see, 99% of the users who call in about problems like this don't know enough to gain any kind of access to their router, firewall or whatever weird device they've attached and they sure don't know how to troubleshoot based on instructions along the lines of "Now could you give me your router's MAC address?". They need instructions closer to "Click the big Start button, then click Run, now type SEE EM DEE and click Ok. Right, so now do you see a black square with white text? Good, now type...". Since the ISP can't possibly have their first, second or third line support techs trained in the black arts of every consumer router and firewall out there, YOU have to disconnect your equipment.

Now, if a user obviously is able to configure their equipment then fine, let them use a NAT router, but if there's any indication that the router is the problem (this indication may not be visible to you but from the tech's side it may seem like a pretty big possibility sometimes) then the user should be prepared to disconnect this equipment.

What does bother me is how often ISPs technical support people deliberately put their customers in harm's way with instructions such as, "okay, I'll need you to turn off your firewall" or "if you're using a router, be sure to plug your computer directly into the cable modem." With that kind of negligence, they have no right to complain about the support and bandwidth costs of zombied boxes. What's the mean time to infection for an unpatched Windows system nowadays, anyway?

Like I just pointed out, if the user could be trusted to have not completely botched their software/hardware settings then this would be a non-issue, but you can't expect anyone in tech support (or elsewhere really) to be an expert in the buggy and sometimes irrational behaviour of every consumer router, firewall and AV software out there. And since the customer most likely doesn't know what he/she is doing (even if they sometimes try to give that impression, "I'm a network technician, don't talk down to me!" "Ok sir, what's your IP address?" "Where do I find that?") turning off and disconnecting all firewalls, routers and such crap actually gives the tech a chance of analyzing and fixing the problem.

/Mikael

Re:It's the AntiVirus companies fault

[Your+Pal+Dave]

I think it's the ISP's fault, or more exactly their problem. The only way you will get Joe Sixpack to install and update an AntiVirus program is if it's free and automatic. Comcast, at least, provides security software for its subscribers. They still have to take the initiative to go download it, however...

Re:It's the AntiVirus companies fault

less than ten minutes for Windows XP SP1 last time I ran the experiment. if you have install media with SP2, you're probably okay.

Re:It's the AntiVirus companies fault

[ozbon]

It's not just that [certain operating system's company] fault though - why not have the manufacturers of the machines actually install useful *FREE* anti/virus (as other posters have suggested, AVG by grisoft, for one) that doesn't need you to pay for a subscription?

OK, a nice secure OS is better, but Joe Sixpack doesn't know that he needs a secure OS - after all, "the internet" has that nice 'secure' padlock icon. Doesn't that mean his computer is secure? So pre-install software that a) does the job and b) doesn't need Joe to do more than click "OK" when the update's finished. (Hell, AVG even times the notification window, so that it disappears after 30 secs)

My parents both use AVG on their machines now (yeah, I told them where to get it, but that's all) and are far happier with that than they were with Norton/Symantec/McAfee nag/crapware. They're well into their sixties, but they like AVG because it's simple. It does what it says, without them needing to know how it all works.

So why do the manufacturers keep on installing Norton Shitware, rather than something that works?

Re:It's the AntiVirus companies fault

[ScrewMaster]

So why do the manufacturers keep on installing Norton Shitware, rather than something that works?

Why do manufacturers keep on installing Microsoft Windows, rather than something that works? The rationale that Joe Sixpack can't handle protecting himself is all the more reason the operating system itself should be reasonably bulletproof. If Windows were as hardened as SELinux, Solaris or pretty much any of the BSDs we wouldn't be having this discussion.

I agree, though, I wouldn't use Symantec either. Personally I like NOD32, but at work we use AVG. Works very well.

Sometimes you can have too much of a good thing. One day we received an HP-Compaq box that, after we booted it for the first time and ran the post-startup initialization, refused to talk to our network. We couldn't map any file shares, anything. It was also a 2.4 Ghz box that was running like an 8088 on Valium. Turned out that it was configured to have the Windows firewall, Symantec's and another vendor's firewalls on at the same time, with both virus scanners beating away on the hard disk.

What do you think Joe Sixpack would have made of that? I have to wonder how many machines they shipped like that before someone figured it out.

Re:It's the AntiVirus companies fault

[PK075014]

You know what.. that why a big company always make a profit out of this.. there is no such thing that you can use freely this days.. it all about politics and biznes.. they all dirty dude! no matter how secure our product, software, website etc etc.. there will always people who will constantly make it vulnerable.. there will always people who will create a new virus, spam etc etc.. this is why we constantly buy an antivirus product.. it's simply bcoz.. this is what rules da world.. this is what we follow every day of our life.. (^_^)

p/s: that why G. Bush always talk how he care about people but keep killing people every day... =P

Re:It's the AntiVirus companies fault

[brotherdugs]

there are no mistake bout dat..it depend on how people thinks

PEBKAC

[Kjella]

I run Windows. If I don't have anti-virus or the definitions are out of date (last time this summer when I was away for a few weeks) it'll nag. Same if I disable my firewall just to see if the reason an application isn't working is because I've blocked something I shouldn't have. It really doesn't get any easier than that, if they're not running updates they must have disabled everything themselves, and there's really nothing you can do with users that insist on shooting themselves in the foot because the safety is annoying.

Re:PEBKAC

[CRCulver]

Not all users are running antivirus that nags. In the city I reside in in Romania, most young people are running a cracked version of a fairly old antivirus program. Updates are still available, but the software does not automatically update. When I visit the homes of friends, I have to show them that it is their responsibility to click Update.

Re:PEBKAC

[LordSnooty]

Just watch a novice use a computer. They don't need to be a 'novice' as such, just someone who doesn't understand how they work. They become desensitised to the popups. They'll gladly click through them without paying any attention to what they say. They accept it as part of the everyday running of the computer, what you have to do to get into your email. This is why when helpdesk operators ask what the problem is, many reply "there was an error". When you ask what the error said, they say "I don't know I just clicked past it". Message boxes have become ineffective as they are roundly ignored by up to 50% of computer users (based on 75% running XP)

Re:PEBKAC

[v1]

and there's really nothing you can do with users that insist on shooting themselves in the foot because the safety is annoying.

Sure is. Make protection that's not annoying. If you make a software that you know is annoying, it should not surprise you when people refuse to use it.

Re:PEBKAC

[VGPowerlord]

If you have an anti-virus program that Windows recognizes, the Windows Security Center will nag you if it's out of date.

Re:PEBKAC

[Fred_A]

I've seen users who as part of their daily routine would casually get rid of their "your anti virus is now effectively dead in the water" nag screen would click on the pup up, wait for the web browser to spawn with the anti-virus registration page (which would dismiss the pop up), close the browser and do their stuff without thinking about it or even really understanding what that was all about.
Amazing really.

Re:PEBKAC

[LordSnooty]

Hey, you know my father too... :)

i think this may be caused by...

[sh3l1]

people thinking that a anti-virus program that requires people to update manually, updates automatically, and they therefore don't have to do anything.

Re:i think this may be caused by...

[drawfour]

Do you know of any antivirus program that requires manual updates? I'm not aware of such a beast anymore -- the ubiquity of the internet makes it really easy to do auto-updates, even for people on dialup. The program can just detect being connected to the internet and do its update then. There is _zero_ excuse from any antivirus vendor to not include auto updates as the default configuration.

Like some other comments I've seen, it seems like most problems are probably related to "free 60 day trial" versions that OEMs like to ship. People don't realize that they only have protection for a limited time. Dell/Gateway/et al should come to some agreements with AVG or Avast (or some other antivirus program that is totally free for end-users) instead of being whores for Symantec. I've been using AVG for a while now, and it's pretty good. I've never had to manually update it, and it says it's current as of today.

Re:i think this may be caused by...

[RK077208]

maybe the beginner did not know that they should be aware about all the antivirus things... they need to update all the virus definition in order to protect from attackers.. Its also like human that need medicine when they have fever or cough..:) need to cure unhealthy condition..

Re:i think this may be caused by...

[rinaazlin]

It's not their job to update the anti virus program. They are just scanning our computer and tell us everything is ok while the virus is replicated at the back.. Sure nice job for anti virus

To be fair...

Etch-A-Sketch doesn't actually need anti-virus.

Re:To be fair...

[Dunbal]

Etch-A-Sketch doesn't actually need anti-virus.

If your Etch-A-Sketch is shared between 2 or more kids, you can bet that viruses will be shared among them. There's nothing more infested than a toddler.

Re:To be fair...

There's nothing more infested than a toddler.

I guess you've never seen Kathleen Fent's cunt.

Re:To be fair...

If your Etch-A-Sketch is shared between 2 or more kids, you can bet that viruses will be shared among them. There's nothing more infested than a toddler.

Parents of toddlers are a close second, and, strangely, Catholic Priests...

Re:To be fair...

Or Linux, or MacOSX...

Re:To be fair...

[Deliveranc3]

People are my botnet.

- The Infecting Mushroom.

Number closer to 20% ...

[phoxix]

People who have McAfee and Norton installed shouldn't count .... I can't remember the last time either piece of bloatware did anything useful.

Re:Number closer to 20% ...

[tsjaikdus]

Apparently they are used to test new virii before they are released, that's why they perform that poor.

I used to run a small computer repair business.

[Silverlancer]

In the very early 2000s, when I started my business, most of my "problems" involved dealing with Windows 98 crapping out or computers just grinding to a halt from overbloatedness and installation of a few too many Bonzi Buddies. Often I was asked to help install antivirus software. But they almost never had viruses.

A few years later, almost all the computers I worked on had antivirus and/or antispyware software... yet almost every single one had some sort of virus, usually a botnet-style worm, or at least loads of spyware. In my opinion this is proof that viruses are something one can only avoid through overall system security and, most importantly, knowledge about computers--no antivirus will protect you if you cannot protect yourself.

Re:I used to run a small computer repair business.

[Nimey]

Viruses != worms != trojans. In my experience you need not only an antivirus program (I prefer AVG Free) but also a selection of anti-spyware programs, since trojans often conceal spyware, and anti-virus programs aren't focused on spyware.

I use Spybot S&D (immunize and don't install teatimer, it's annoying (unless you've got an infection, then use it to help contain it and remove it after you're done) and sometimes Windows Defender on those machines which need periodic scanning w/o user intervention. I don't care for Ad-aware 2007 (1.06 was much better). Ultimate Boot CD for Windows (http://www.ubcd4win.com/) is very useful for cleaning up infections, and for many other uses.

It also helps to only let users have Admin rights if there's a need -- unless they run crappy Adobe s/w that requires Admin to *run* or if they're secretary to someone high up in the org (yay politics) or they actually know what they're doing, have them run as limited user. Come by and install s/w if they need something new added.

Re:I used to run a small computer repair business.

[vertinox]

In my opinion this is proof that viruses are something one can only avoid through overall system security and, most importantly, knowledge about computers--no antivirus will protect you if you cannot protect yourself.

True. Even though I run OS X most of the time, I won't open email attachments or download random software programs because I'm just used to having to have that behavior on a Windows PC back in the late 90s early 00s. Every now and then I get paranoid and look at all the open processes and look them up on Google. Old habits die hard.

Re:I used to run a small computer repair business.

No no no no... no software is needed atm.
Judging by the number of viri / virii posts in this discussion, education is more needed.

viri http://dictionary.reference.com/browse/viri
virii http://dictionary.reference.com/browse/virii
--
/. - 95% IT-professionals, 1% of them capable of properly immunizing the windows...

Virus Protection

[codo678]

I hate keeping up on it, but I dont use Anti Virus and I do just fine, I not a stupid porn-looking, spyware infested computer user, I know what to look for and what to stay away from.

Re:Virus Protection

[tsjaikdus]

Same for me. Until I was given a free copy of Kaspersky from my provider. It's like looking at your own intestines after having spent a 6 year period in the rainforests of Borneo.

Re:Virus Protection

I hate keeping up on it, but I dont use Anti Virus and I do just fine, I not a stupid porn-looking, spyware infested computer user, I know what to look for and what to stay away from.

Stop listing porn as a reason for viruses and spyware. You can get infected with either from almost anywhere.

I went 18 months without AV software on my Windows 2000 machine a few years back. I did not get infected with any viruses or malware. I was still using that system until March of this year when I moved to Debian Etch. I surfed many pornsites. However, I trusted the maintainers of those sites. I trusted them more than I would trust the maintainers of MSNBC.com and Ebay.com. There is a decent group of people out there who just want porn with no hassles. No viruses, no popups, and no malware. They took advantage of the situation and set up places to get porn without that stuff. Simple free market forces. Other sites were providing porn but with it they were messing with a person's computers. Someone else stepped up and provided porn without messing with a person's computers.

If this was seven years ago your statement might have more merit, but things have changed a lot. People don't like popups, viruses and malware. Those same people know how to run a webserver. They merely extended some courtesy to others and those others kept returning. Some basic Google text ads and they had a nice little income rolling in. All without infecting a person's computers.

By they way, it only takes one of your "what to stay away from." sites to get hit with a XSS or mis-configured item to infect you with something. Same as with any site I go to. And I bet that some of your sites are targeted more heavily than my sites.

ISP incomplete advertising partially to blame

While doing tech support for some family and friends I have come across this. I would ask them what AV program they were using, and they would state, "Whatever my ISP is giving me" I ask for more info and they tell me that their ISP told them they get free antivirus with their service. I asked what program they installed, and they would respond with a blank stare.

From what I have gathered, half believe the ISP installed and updates their AV in the same way Microsoft works. They believed that the ISP installed AV when they set up service and that the AV program gets updated the same way MS updates their system. The other half believe the ISP runs antivirus for them on the line so they do not need anything installed.

When I inform them that they need their own, they ask how much. I inform them of AVG and ClamAv* and that those two are at no cost. They then state they cannot be any good if they are free and they go buy either Norton or McAfee.

*I am now Linux only, so I am not familiar with current Windows AV programs. I have Clam on a few systems and AVG on a few others.

Re:ISP incomplete advertising partially to blame

Just tell people it's free for home use, but if they were a company they'd have to pay. It's not that uncommon, and people then feel like they're getting a great deal.

Re:ISP incomplete advertising partially to blame

[Telvin_3d]

Here is what I tell people about AVG to get them over the 'free' thing. Just say that AVG's real business is anti-virus for big business. They give their stuff away free to normal people because it helps lower the total number of viruses on the internet. That makes their real job easier.

People are happy with anything they can attribute SOME sort of selfish motive to.

Re:ISP incomplete advertising partially to blame

[HalAtWork]

They then state they cannot be any good if they are free and they go buy either Norton or McAfee.
 
That makes sense, obviously since they knew all about the antivirus situation on their PCs they must know better than you about what antivirus to use. *rolls eyes* Maybe that ASUS motherboard with SplashTop will be the only desktop these people really need... they could've stumbled onto something here. Of course, livecds do the same and are more functional... attach USB storage for downloads and you're good to go.

Re:ISP incomplete advertising partially to blame

[Tim+C]

They believed that the ISP installed AV when they set up service

My ex recently moved flat, and moved broadband provider at the same time (from Orange to Sky). The installation CD she received along with her router installed McAfee.

I don't know about wherever you live, but here in the UK some of those people who believe that their ISP installs AV software when their service is set up are correct.

Re:ISP incomplete advertising partially to blame

[Laebshade]

The other half believe the ISP runs antivirus for them on the line so they do not need anything installed.

I work for tech support for a major ISP, and I hear this a lot. When we tell them we have some protection in place (very minimal), in the end it's up to the customer to have and keep an updated/regularly scanned with AV.

They then state they cannot be any good if they are free and they go buy either Norton or McAfee.

I hear this a lot, too. I tell them some of the best things in life and free, and more often than not, the free AV is better than the one you pay for. I usually refer customers to download AVG. Other reps tell customers to get Avast!, mostly because it detects more viruses and has a boot scanner that runs automatically first install.

One other thing (not for you since you run linux, but just others reading this comment). I use 3 tools to get rid of a lot of AVs/trojans: McAfee Stinger (small, specific AV scan), bitdefender online scan (free and removes, may require to run in safe mode to get rid of actively running viruses/trojans), and The Cleaner (it's just for trojans). The Cleaner is the only one on that list that is free for 30 days, then you have to buy it, but it's a good program. I use The Cleaner when there's something left that the AVs are missing.

Re:ISP incomplete advertising partially to blame

[DavidTC]

Or just don't tell them it's free. Tell them that it's a $40 product and that a few months back they gave away a bunch of copies as a promotion, and you can get a hold of them. Be sure to emphasizes these are real legal copies with some of the bells and whistles stripped out, for security experts to play with to get them to buy company licenses. (This is all literally true, except you're implying the supply of free copies was somehow limited.)

Pretty soon they'll be telling their friends about the 'free copies you have', and asking if you have any more left and can their friend have one.

Re:ISP incomplete advertising partially to blame

[vux984]

When I inform them that they need their own, they ask how much. I inform them of AVG and ClamAv* and that those two are at no cost. They then state they cannot be any good if they are free and they go buy either Norton or McAfee.

Perhaps you should listen to them. Many ISPs do provide free antivirus software as part of their service. Its true that you do still have to install it, but that's a separate issue.

For example, in my area, we have Shaw for cable, and Telus for DSL:

Shaw: Shaw Secure (powered by F-secure)
  https://secure.shaw.ca/apps/shawsecure/

Telus: Telus Internet Security (powered by Zero Knowledge Systems)
  http://about.telus.com/bav/jumpL5.html

Both are free as part of your broadband service subscription.

As an added bonus, if a user has a problem with either package the ISP customer support will provide them free phone support. Both ISPs phone support, while manned by your typical CS monkeys, is quite responsive, and usually able to handle most basic problems, and is far better than what I've seen users get from Norton and McAfee et al.

If you happen to be a telus or shaw subscriber I wouldn't hesitate to recommend using either of their free packages. You -are- paying for them. I have nothing against ClamAV or AVG, but having them call their ISP instead of us for first level support is worth it. :)

cheers

Re:ISP incomplete advertising partially to blame

[rinaazlin]

I'm running Norton for my home PC. The original Norton of course. For 6 month, the computer is ok. after that the virus came from a pendrive and i have to format my pc again. Even an original anti virus is not so secure. It is not just the ISP to blame, I think the anti virus didn't support us 24/7 when it is free. Although it is not free, it is not 100% secure. We need anti virus, firewall, altogether to protect the PC

Re:ISP incomplete advertising partially to blame

[zairi5811]

Im an AVG fan since then. It's easy to use and auto updates 3-4 times a week. it just the AVG free edition..

Does anyone need anti-virus software?

[ceswiedler]

I'm no anti-virus expert--but does anyone need anti-virus software anymore? Gone are the days when viruses are spread by floppy. (Mostly) gone are the days when email clients were so brain-dead that they would automatically execute attachments. But most importantly, gone are the days when the main type of infection is viruses (which spread via some sort of user action). These days, worms (which require no user action) are the dominant threat. And anti-virus software, which relies on signatures, is nearly useless against worms which (by their automatic nature) spread far too quickly for even automatic signature updates to catch. Furthermore, worms generally cause most of their havoc just by spreading (and clogging the network), and by infecting PCs to use as bot-farms.

Perhaps I'm just isolated from the sort of users who are so stupid as to get viruses on their PCs...but are there any left? And does anti-virus software help these people?

Re:Does anyone need anti-virus software?

[Dunbal]

Perhaps I'm just isolated from the sort of users who are so stupid as to get viruses on their PCs...but are there any left?

      Teenagers. My 14 year old infected her computer the other day when she received a copy of a IM worm that disguised itself as a .zip file and said "here are my new pics". Since the message was from one of her friends, obviously she opened it. Now she has learned to be careful, but there's always someone around the house who will screw up.

Re:Does anyone need anti-virus software?

[jmpeax]

The idea I think is to push for more heuristic analysis, so signatures aren't as big a part of anti-virus software as they used to be. However, the amount of adware/spyware out there that so many inexperienced users end up downloading actually can be countered with decent anti-virus software (I say decent - Norton and McAfee are practically useless, I recommend NOD32 exclusively).

Re:Does anyone need anti-virus software?

[Smordnys+s'regrepsA]

I can tell you right now that I couldn't live without AVG's virus and spyware protection. The idiots in my home will click anything, and the ones that kinda know what they're doing think its hilarious to install key-loggers!

Re:Does anyone need anti-virus software?

[v1]

at this point I think the "virus" threat is more now the spyware you get from clicking popups.

Re:Does anyone need anti-virus software?

[SirLurksAlot]

Perhaps I'm just isolated from the sort of users who are so stupid as to get viruses on their PCs...but are there any left? And does anti-virus software help these people?

I do "premium" tech support for $_majorDslProvider, and believe me, there are A LOT of these folks out there. I would say that 70% of the calls I get are virus/spyware related, and I spend a lot of time explaining how their systems get infected, and what the differences between virii and spyware are. I usually end up installing AVG and Spybot, even if they're already using $_majorDslProvider's branded suite (which is complete crap), so in a sense their ISP really does install their A/V software. I don't think it's really a case of "people are stupid," so much as it is "people don't care enough to learn." Most folks only want to check their mail, browse, and chat with their friends or family. If it falls outside of the realm of those activities they simply can't be bothered with it until something bites them in the ass. This is what keeps my paycheck coming; they would rather have a tech take care of all of that for them. As for whether the A/V software works, some is better than none as far I'm concerned.

Re:Does anyone need anti-virus software?

[piquadratCH]

Teenagers.

Not only. I used to get that "here are my new pics" message from a friend of mine. He's a friggin' CS student. When I told him to get rid of it he said he doesn't bother since the virus didn't have any noticeable effect on his system. I couldn't believe my ears...

Re:Does anyone need anti-virus software?

[Mr_Mirsal]

Fortunately I don't, as I'm running GNU/Linux and BSDs on my machines.
So a little bit of common sense and frequent updates keep me far away from all this stuff.

IMO, more people should realize that a system that requires additional software for antivirus protection is flawed and should not be used.

Re:Does anyone need anti-virus software?

[jimicus]

Yes, because most antivirus software also protects against worms and trojans.

There also exists antispyware software and AV vendors have updated their heuristic tests to detect software which looks like it may be malicious, but ATEOTD most of the work done by AV software is through signatures.

Problem is, the only way which has a snowflakes' chance in Hell in being trully effective against all malware is a certificate-based or a signature-based whitelist system with support at a hardware level. But both of these require significant changes to how computing works today, and there's a lot of inertia to overcome.

Re:Does anyone need anti-virus software?

[mpe]

My 14 year old infected her computer the other day when she received a copy of a IM worm that disguised itself as a .zip file and said "here are my new pics".

This probably wouldn't work as well if the likes of Windows didn't use the "extension" to work out what icon to display, then used something akin to /etc/magic to work out what to do with it when you clicked on it. If things were consistent either it would be obviously an executable or clicking on it would generate a message along the lines of "corrupt ZIP file".

Re:Does anyone need anti-virus software?

[Pukeye]

I agree that antivirus software is useless, but I have different reasons.

I think that protection of home computers is overrated. I have this simple solution:

1. Install system and every program that you think is usefull for the user of PC.
2. Backup system partition. (http://apcmag.com/install/)
3. Let the user use PC for a month.
4. Restore backed-up system partition.
5. If you like the user, update all the programs, ask her what she wants to add, ... And actualize the backup.
6. Repeat from step 3.

There should be no antivirus, no firewall and no anti-spyware software needed. Restoring image-based backed-up system partition takes at most 10 minutes on modern computer. Important thing is to carefully set up the system, so that all user's data (e.g. Firefox profile) is stored to another partition. And you should not forget to check for new files on the system partition before restoring it.

I never run any anti-virus...

[Lost+Penguin]

I can't get that stuff to run under WINE.

No impact

[Ritchie70]

What impact does this have on systems and networks we run?

None.

If it's desktop systems we run, I assume those systems are locked down, antivirus and firewall running, and the users don't have admin rights.

If it's networks or servers, those systems are locked down every way possible to protect them from the compromised systems.

What impact does it have on my interactions with families and friend looking for free tech support?

Now there, there may be an impact.

Re:No impact

[DeadChobi]

I don't do free tech support for anyone outside my immediate family. The going rate for a callout is a 30-pack of beer per 2-hour period.

Re:No impact

[Ritchie70]

Nobody really asks me except my mom, and she insists on "paying" me. I took her computer away from her for a couple of weeks, uninstalled everything Norton, installed all the Windows updates, Avast! and a couple other free things, and gave it back to her in a usable state. Took probably 6 hours over those two weeks.

(The biggest impact was scraping Norton off. Did you know Symantec actually has a tool on their web site to remove all modern Norton products from your system?)

For this, $100 gift card showed up in the mail along with a Thank You card. Gotta love mom.

PARENT IS DEAD ON!!!

The parent poster is dead on. However, HP saves a little for not buying 3 year subscriptions, and more importantly, they sell another computer a year sooner because the computer becomes useless. McAfee wins, because they sell another shitty copy of McAfee with the new computer.

Unfortunately, none of the free ones are more then marginally useful in unattended installations; you have to click on stuff to get the new version, which my grandmother won't do. It's just as stupid as the pandemic itself.

Re:PARENT IS DEAD ON!!!

[gardyloo]

Unfortunately, none of the free ones are more then marginally useful in unattended installations; you have to click on stuff to get the new version, which my grandmother won't do. It's just as stupid as the pandemic itself. Not sure if you mean that you have to click on stuff to get the entirely new antivirus engine, or just the definitions. If it's the latter, Avast! is a free one which updates automatically, at least once a day. No clicky, no worries. You can even remove the notifications that it's been updated, if grandma can't handle those.

Re:PARENT IS DEAD ON!!!

[mpe]

Not sure if you mean that you have to click on stuff to get the entirely new antivirus engine, or just the definitions.

If it's necessary to mess around clicking on stuff then in many cases the thing won't get updated.

If it's the latter, Avast! is a free one which updates automatically, at least once a day. No clicky, no worries. You can even remove the notifications that it's been updated, if grandma can't handle those.

There are good and bad products from this POV. The interesting thing is that price dosn't appear to be a factor here. There are free products which can quietly update and there are expensive products which require manual intervention to do so.

Heh.

[MsGeek]

Solution #1: Linux.
Solution #2: Mac OS X.
Solution #3: No computer for you! Come back, one year!

Re:Heh.

[DarrenBaker]

I was waiting for the obligatory Slashdot 'But Windows *is* a virus!! Linux is pwns Windows!' post. This'll do nicely...

Re:Heh.

[Dunbal]

Solution #1: Linux.

    I have news for you...

Re:Heh.

[bigstrat2003]

Solution #3: No computer for you! Come back, one year! I think you seriously overestimate the Geek Squad's responsiveness. It'd take 2 years, at least!

Re:Heh.

[maxwell+demon]

[ ] You know the difference between a virus and a rootkit.

Re:Heh.

[toddestan]

Solution #1: Linux.
Solution #2: Mac OS X.

So the solution to thinking your protected on Windows but not really is to move to thinking you are magically protected because "Linux and Mac don't get viruses"?

Re:Heh.

[grcumb]

Solution #1: Linux.
Solution #2: Mac OS X.

So the solution to thinking your protected on Windows but not really is to move to thinking you are magically protected because "Linux and Mac don't get viruses"?

That's absolutely right. Effectively, Linux and Macs don't get viruses.

Look, we can talk till the cows come home about technical details and 'potential' risk. But it all comes down to this: Am I willing to trade potential exposure tomorrow for the certainty of malware infection today? The answer to that is a gimme.

I sell computer systems, and my first advice to people is, 'If you don't absolutely need Windows, buy a Mac. If you do absolutely need Windows, try a Mac with Parallels installed.' And I don't even sell Macs.[*] I support only Linux/Unix on the server, period. And none of the non-Windows machines I support gets infected by malware.

Risk Analysis 101: Immediate threats require immediate action. Provided the cost of failure isn't too high, potential threats can wait. Moving from Windows to Linux or a Mac is a wise course of action, with no immediate downsides. And I have more faith in the Linux community and (to a lesser degree) Apple that they will find ways to effectively deal with whatever threats may arise in the future.

----------
[*]I make my real money off services. Hardware is just a necessary element of the overall service offering.

Re:Heh.

[toddestan]

That's absolutely right. Effectively, Linux and Macs don't get viruses.

Of course not. That's why we never see stories like these.

Look, we can talk till the cows come home about technical details and 'potential' risk. But it all comes down to this: Am I willing to trade potential exposure tomorrow for the certainty of malware infection today? The answer to that is a gimme.

What's all this certainity business? I have no problems keeping crap off of my Windows boxes, and I'm not alone. All it takes is some common sense. Education is the key, if people keep on with their old habits when moving to a Mac or Linux, they'll be one of the first infected should malware start cropping up on those systems and they'll be right back where they started. It's like telling people that they should move out in the country if they can't remember to lock their doors when they leave their house.

I sell computer systems, and my first advice to people is, 'If you don't absolutely need Windows, buy a Mac. If you do absolutely need Windows, try a Mac with Parallels installed.' And I don't even sell Macs.[*] I support only Linux/Unix on the server, period. And none of the non-Windows machines I support gets infected by malware.

Parallels? If you are going to have them dump Windows, then have them dump Windows. Windows on a Mac isn't magically immune to malware and viruses because it's running on a Mac. The only thing I see that you gain is that clean up should be easier as you can do it from the host OS.

Re:Heh.

[SargentDU]

toddenstan wrote: "Parallels? If you are going to have them dump Windows, then have them dump Windows. Windows on a Mac isn't magically immune to malware and viruses because it's running on a Mac. The only thing I see that you gain is that clean up should be easier as you can do it from the host OS."

Parallels is great because you do not have to use the windows in it on the internet, just run the silly "necessary" program and then go back to MacOs for the other work including Internet access.

Re:Heh.

[grcumb]

What's all this certainity business? I have no problems keeping crap off of my Windows boxes, and I'm not alone. All it takes is some common sense.

It is certain that the vast majority of my customers (including the users of my corporate customers' systems) will not consistently behave with what you describe as 'common sense'. If they do not consistently behave using such 'common sense', Windows users face near certain compromise. Therefore I face a 100% certainty that my customers will be continually and consistently compromised by malware if they continue using Windows.

Last time I did an informal survey of time spent cleaning compromised machines, I arrived at a rough figure that 40% of all service calls were caused by malware. Since I've begun reducing people's dependence on the Microsoft 'stack', malware-related service calls have dropped significantly. More importantly, though: 100% of all malware-related service calls were for Windows machines.

I challenge anyone to enumerate all the steps necessary to defend an Internet-connected Windows computer and demonstrate that each of them is self-evident enough to merit the term 'common sense'.

Start with 'run anti-virus software'. I once explained the rationale behind anti-virus software to a very smart but not very technical person. He replied, 'That's like taking antibiotics because you're too lazy to clean your food!'

Re:Heh.

No. He does not need to. He is an IT expert.

Re:Heh.

[toddestan]

Start with 'run anti-virus software'. I once explained the rationale behind anti-virus software to a very smart but not very technical person. He replied, 'That's like taking antibiotics because you're too lazy to clean your food!'

That's actually not a terrible analogy. I run anti-virus/anti-spyware on my Windows computers, and they have yet to catch anything (well, anything nastier than a tracking cookie) - in other words I could get by without it, though I feel better with it present. Common sense says not to run random crap off of the internet and to be careful about what you install, and that's what I follow. I would hope that you teach the Mac/Linux users that, because otherwise the only thing protecting them is the fact that the harmful stuff won't run on their systems right now. Don't think that they wouldn't hand over their root password for a spiffy screensaver either.

Windows AV Programs

[LameAssTheMity]

Most PCs come with 'free' AV programs, typically limited to 30-60 days or whatnot, so most of us student types are left with a large investment or no protection.

I am using a cracked version of McAfee Security Center, mainly because my ancient copy of Symantec Antivirus stopped being able to update its definitions.

I STILL can't update my definitions with the cracked version, right now I'm looking into an FOSS antivirus.

Could someone please recommend an option for the unprotected?

Re:Windows AV Programs

[Urd.Yggdrasil]

I recommend AVG Free: http://free.grisoft.com/doc/download-free-anti-virus/us/frt/0
It isn't as good as some paid AV software, but as long as you aren't going to russian crack sites it should be all you need.

Re:Windows AV Programs

[Doitroygsbre]

http://www.clamwin.com/

It is simple to install and run. It doesn't have all the features that McAfee or Norton have, but on the few occasions that I've had problems with computer viruses, this has worked to remove them

Re:Windows AV Programs

[my+$anity++0]

My college recognizes the danger of letting infected PCs on the network, and gives out Symantec for free.

Re:Windows AV Programs

[feuerfalke]

Clamwin: http://www.clamwin.com/content/view/18/46/

Re:Windows AV Programs

[LameAssTheMity]

Lets just say, for the sake of argument, that I AM visiting Russian crack sites....

What now?

Re:Windows AV Programs

[TheBOfN]

Then shell out 20 USD a year for a student lisence of NOD32... Just make sure you get to the US webshop no matter where in the world you are, as their prices are better than the european ones... (Can't even find student prices anywhere else...)

Re:Windows AV Programs

try this avast home www.avast.com

Re:Windows AV Programs

[roguetrick]

My college recognizes the danger of letting infected PCs on the network, forces us to pay for Symantec with our tuition. Fixed that for you.

Re:Windows AV Programs

[pak9rabid]

Could someone please recommend an option for the unprotected?

You could try pulling out.

Re:Windows AV Programs

[Stormwatch]

Could someone please recommend an option for the unprotected?

Ubuntu.

Re:Windows AV Programs

[BenoitRen]

BRAIN.EXE

Re:Windows AV Programs

I think my free AV program is not working. Every time I boot my new Laptop, a new virus named Vista starts running.

Re:Windows AV Programs

[Tink2000]

As does mine. Of course, during the late 90s the IT department spent a good deal of time trying to educate the public, but they eventually gave up and now just give out a cd to all freshmen that installs the av client, configures Outlook (or Mail, recently) for the university mailbox, and installs a couple of anti-spy programs.

Then again, we always get a few people in here who claim the "Get Connected!" cd totally broke their system. These people are usually the same people who have trouble installing Office as well, though ... gone by their third semester ;).

Re:Windows AV Programs

[my+$anity++0]

No, I think that's lumped into the forced fees.
See, they are nice enough to call it something that's different from tuition.
So they can advertise a lower tuition, maybe? Nah. Not at all.

Re:Windows AV Programs

You meant to say, they give you Norton AV so your PCs will all be half as fast as before you installed it so you can do less of the (risky) things you would have done to go find the worms?

Re:How can that be? Easy

My wife's computer at work has a secretary account and an administrator account. She always runs in the secretary account. That's a good thing because malware can't install itself when the administrator isn't logged on. On the other hand, the virus update doesn't seem to work unless the administrator is logged on. There also seems to be a problem of the antivirus update getting past the firewall on the router.

It seems that the automatic virus updates don't work unless you're running in an inherently insecure mode.

Of course they do

[ArchieBunker]

Set up a fake video site like youtube and have a gif show up instead of a actual video player. Tell the user they must install the plugin (some exe file) to watch the video. Anyone with limited html skill should be able to pull that off.

Re:Of course they do

[jesser]

Better yet, put a video *on* Youtube that's just a static picture telling them they have to download another plugin to see the video.

I hate anti virus software

[tsa]

Almost every morning after I switch on my computer at work it's unusable for about half an hour because it has to check for viruses. Why does it have to be like that? Why can't that #&%#&@ program just be niced so I can do my work?

Re:I hate anti virus software

[Dunbal]

Almost every morning after I switch on my computer at work it's unusable for about half an hour because it has to check for viruses. Why does it have to be like that?

      Because either you have a crappy anti-virus program (I'm looking at you, Norton) that needlessly hogs system resources, or perhaps it's time to upgrade your computer...

Re:I hate anti virus software

[tsa]

I believe we have Symantec. One thing is certain: it sure is crappy. The computer is a 1800 MHz PIV with 512 MB, which is fast enough after it has checked the viruses. :) Yep, they're all there! :)

Re:I hate anti virus software

[kanweg]

It is a feature. In fact, it was the most requested feature by work-shy workers and got implemented because of this heavy demand. Bosses are happy too, because it shows that the software they paid for actually is working (as in, doing something).

Bert
Whose company is Windows-less, and doesn't have these problems.

Re:I hate anti virus software

[deamonpainter33]

easy answer, it's called NOD32 and you should think about switching to it.

Re:I hate anti virus software

[Ant+P.]

My high school did that. The computers were loaded up with so much "security" software it took 30 minutes from boot to being ready to do anything. That left about 10-20 minutes of usable time in class.

It's worth noting that their idea of security was force-closing windows based on string-matching in the title, and disabling right-click globally. We had two weeks wasted while they cleaned up Sasser several times.

Re:I hate anti virus software

[flyingfsck]

Why don't you stick a USB key in the PCs ear and boot Linux off it?

Re:I hate anti virus software

[greyhueofdoubt]

Why don't you leave the computer running? How do updates get pushed through- during the work day? Just curious.

-ben

Re:I hate anti virus software

[tsa]

Unfortunately, that's not my decision to make. If I were in charge of my own computer at work I wouldn't have any anti virus software, just a good firewall. And I do use Windows because according to our university there is nothing better. Although they started supporting Linux about a week ago. Sigh.

Re:I hate anti virus software

[tsa]

Because computers are powerhogs and we do care about global warming. Besides, leaving it on makes it much more vulnerable to attacks. We're not behind a firewall and even if we were, the University campus is full of nerds who are dying to give this new software they downloaded from the site full of naked women a try.

Re:I hate anti virus software

[IT074552]

yeah,u hate it when u feel annoying with their job but u will love it when they find a virus before your PC got corrupted and will cost u a time to heal that.trust me..;)

Re:I hate anti virus software

[tsa]

The time I spent waiting for my PC to become useable after switching it on is many times the time it costs to get a new PC up and running.

Whats the point?

[adamchou]

I used to believe in virus protection but with the advent of all these rootkits that are undetectable by virus scanners, whats the point of having a virus scanner installed? If someone really wants to get into your computer, they can. If I don't click on everything I get emailed and I keep my windows installation up to date with updates from microsoft, I don't see what added value a virus scanner offers besides slowing down my computer.

Re:Whats the point?

[derrida]

I totally agree. I personally do not use any AV for the last two years now and I had no problems by following these simple steps (I'm talking about WinXP, since there is where viruses are usually found):

1. Enable Windows Firewall (by default on after some point).
2. Disable autorun.
3. Do be careful with mail attachments.
4. Use Firefox (use NoScript/AdBlock).
5. Update regularly.
6. In any case backup frequently.

Now why should I need an AV?

Re:Whats the point?

[edibobb]

Same here. I run an average of four Windows systems with firewall but no AV. I have had one virus in the past 5 years, a new one that came in over an open port when I wasn't running a firewall. If you don't click on executable email attachments (which seems to include pdf files now), update Windows, and have a firewall, I think you're reasonably safe. A virus scanner is nice to verify that you're clean, but real-time protection gives me more problems that benefits. I should be clear of rootkits because I rip my CDs instead of playing them directly. :-)

Antivirus next to worthless.

Companies that sell antivirus software are just playing off the fears of naive users. These products are simply chasing a moving target, making them pretty much worthless once the latest virus, worm, or trojan comes along.

What's more, they are often easy to bypass. Back in the late 90s, I was a nerdy teenager into computers and got some sort of a cheap thrill out of abusing the security of other people's machines. (Yes, I was sort of a script kiddie in those days -- but I've gotten over that since then.) But many of the trojans I was using were recognized by virus scanners. I noticed that I could bypass all of the major Windows virus scanners by creating a program that contained a ROT13-shifted EXE file. Then, using HKEY_CLASSES_ROOT, I created a new filename extension handler that would act the same as the one for .exe files. So my little program would save the un-ROT13 payload of an existing trojan horse that McAfee and Norton recognized, but under this new filename extension, then run it. Sure enough, it would run without detection. I discovered how to do this when I was 14. If it's that easy, think of what smart programmers of adult wisdom could do.

I used to think that virus scanning and detection software was important. But really, the best safeguard is to stay current with security patches, and don't run software you don't trust.

Re:Antivirus next to worthless.

[IhuntCIA]

The problem with modern antivirus software is that they relay mostly on definitions.
Definitions are by definition either obsolete, ether will be updated next time when user hits update button. In both cases antivirus software relays completely on heuristic detection, by default turned on to lightest level of detection to reduce resource hoging and nag-like behaviour.

I can remember the viruses of late 90s. Most of them were quite small, had exceptional hiding capabilities and had used BIOS functions directly, avoiding detection easily. They did nasty stuff, mike256, WinWierd32 anyone ?

Re:How can that be? Easy

[jawtheshark]

On the other hand, the virus update doesn't seem to work unless the administrator is logged on.

The you have a crappy antivirus program. Even AVG Free does this in Limited User. I used Limited User everywhere on my computers, I rarely log in as Admin. Of course, I do have the knowledge to set up a machine that way. Something most -normal- people cannot...

Don't forget Rootkits....

[DarrenBaker]

The fact that there really isn't an antivirus solution out there that protects against rootkits by default is also quite scary, because I have a fair knowledge of things computery, and it took me half an hour to find a rootkit detector that would run on Windows x64. It's not that much better for regular XP users, since 'rootkit' isn't (for whatever reason) yet lumped in with 'virus'.

Anyone know why that is?

Re:Don't forget Rootkits....

[Aetuneo]

Because if they refer to Rootkits as Viruses, than Sony will sue them - because a music CD installing a rootkit is better than a music CD giving you a virus.

Re:Don't forget Rootkits....

[Z34107]

Actually, McAfee 8.5 checks for rootkits by default (at least in the Enterprise Edition - it's a required install at my college.)

ClamWin

[Rob+Simpson]

It's free and open-source, but doesn't have an on-access scanner. AVG and Avast are commercial, but have free versions.

Do you even need antivirus?

[sound+vision]

Honestly, I haven't used antivirus software in years (and I'm running a pirated, not-up-to-date Windows XP), although I do have SpywareBlaster blocking some malware sites. But I've never gotten a virus, not once. How hard is it to not run every crazy binary you'll come across on the internet? Well, I guess you need to know what you're doing. Which is an issue for most people.

Re:Do you even need antivirus?

[Dunbal]

But I've never gotten a virus, not once.

      Sorry but how do you know, if you haven't used anti-virus software in years? Do you expect a little flag to come up saying "help help I'm infected, get an anti-virus program!"? You could be infected and not even know it.

Re:Do you even need antivirus?

[bigstrat2003]

Presumably, his computer behaves as responsively and well as a clean computer should, thus, he concludes he has no virus. I mean, for all you know, you have some super-stealthy virus that your AV doesn't catch. You would rightly conclude you don't, because your computer is running fine. And on the off chance you have a virus that doesn't affect your computer, and can't be detected... can it really be called a virus any more?

Re:Do you even need antivirus?

[Dunbal]

can it really be called a virus any more?

      If it's sending v14gR4 emails on the sly, sure it can! :)

Re:Do you even need antivirus?

Umm. There was my last boss, who was fairly bright, and yet somehow managed to accumulate a fair box full of viruses. Never figured out exactly what he was doing to collect them.

But, in 25 years, I've only collected 1/2 a virus. Early, crappy Word trojan, actually-- canceled before it could get a grip. Viruses are damned hard to get if you have any clue of what you're doing. The anti-virus software tends to be a lot more dangerous than the viruses. I've seen Norton and McAfee nail more computers to the wall than I've ever seen locked down with viruses.

Re:Do you even need antivirus?

[Goalie_Ca]

/me is Ubuntu64 user :-)

Re:Do you even need antivirus?

[maxwell+demon]

As long as it still is able to infect other computers, yes, it's a virus.
Also note that the fact that it didn't affect your computer yet doesn't mean it will never affect it. But then, unless the virus writer's goal is to harm the host, it's the most logical thing to make the virus as stealth as possible, and that includes eating as little resources as possible for the goal of the virus. For example, a keylogger looking for your passwords could be very stealthy; after all, the only thing it would have to do is store your keys, and from time to time send them to some IRC network or similar. That's nothing which would need a lot of resources.

Re:Do you even need antivirus?

[foniksonik]

Maybe he's on a Mac?

Re:Do you even need antivirus?

[rwyoder]

But I've never gotten a virus, not once.

Neither have I. Also, the last time I touched Microsoft crap was in 1993. Since then I have only used Solaris, Linux, and {Free,Net,Open,Dragonfly}BSD. After Mac OS X came out, I bought a Mac as my first laptop. It is really a sad state of affairs, that in the 21st century people are still using an OS so broken in design that it requires 3rd-party duct-tape products for (semi)security.

Re:Do you even need antivirus?

Your not living if you dont get virii. PLENTY of attack vectors, too many to list. Do you let other people use your pc? What about at a party where your not paying attention? Do you trust every file that anyone EVER gives you? Based on, their word? Their knowledge of security? Do you have keyloggers running from some unscrupulous voyeur tech you took your pc to 4 years ago?

Ive had viruses in PACKAGED SOFTWARE. Ive mis typed URLS and hit clone pages that look exactly like the regular ones. Was that downloaded binary really corrupted? or did it just run something in the background and own me... A program like norton corporate is very lightweight on anything above a p3 and very non intrusive. The simple fact is you DO NOT KNOW if you have a virus or not. I guess people like you see them the same as "outbound software firewalls", too meddlesome and inneffective. I agree with software firewalls, but I would never think of not running antivirus. Theres been too many close calls.

Re:Do you even need antivirus?

[IhuntCIA]

It is true, Windows XP SP2 can be "tuned" to be passively safe but even then You need something to immunize and check your system.
I ma using SpybotSD for a long time, without tea-timer feature, to immunize the system.
Using a browser that uses security ratings on sites, and can open unrated sites with disabled scripting can help a lot.
I use Netscape 8.1.3, as it can open sites in 3 different security levels, + one custom.

Common sense helps allot on the Internet ( downloading cracks anyone ? ) so little paranoia makes healthy Windoze. I guess that FireFox can be secured using noscript and similar plugins, but I have never tried it.

BTW I don't use IE / Outlook since 1998, and did my Windows install more than 2 years ago, so much for the security record.

Re:Do you even need antivirus?

[Butterspoon]

Count me in with the people who don't use AV bloatware on Windows and get along just fine. This is the guidance I give to friends who are competent enough to understand it:

1. Don't run day to day as an administrator
2. Use the firewall in your router
3. Take regular backups
4. Keep Windows and Office automatically updated
5. Don't click the attachments, duh!
6. Be cautious about what you access on the net and use a quarantine account if necessary

Those are in rough order of importance except maybe #5.

Never had a virus; I occasionally give myself the once-over with Trend Micro's web-based scanner and Sysinternals' RootkitRevealer and all is well.

Re:Do you even need antivirus?

[Loke+the+Dog]

Do you let other people use your pc?

No, I have a guest PC.

What about at a party where your not paying attention?

Shut computer down and have a password.

Do you trust every file that anyone EVER gives you?

No, I just trust the files I accept.

Based on, their word? Their knowledge of security?

Based on the fact that some file types can not contain viruses.

Do you have keyloggers running from some unscrupulous voyeur tech you took your pc to 4 years ago?

Hahaha, of course not. How many people on slashdot takes their computer to a tech?

The simple fact is you DO NOT KNOW if you have a virus or not.

And you do not know if the alarms given by your virus software are false or not. I have actually had anti virus software on my computer for years without them detecting anything (that wasn't a false alarm), so I just stopped using them. Sure, it is slightly safer to use them as a final layer of protection, but is it worth it? I don't think so. It slows my computer down and often costs money.

Re:Do you even need antivirus?

[Delinquent+Debonair]

Dunbal, thats pretty funny "help help im infected, get an anti-virus!". Why bother using anti-virus? Always be ALERT of the incoming files to your system and a NAT(native address translation) device installed in between your own network and the outside world is brilliant. NAT was introduced as a consequence of address space shortage for IPv4 and it also has limitations to connectivity with other hosts. The limitations as in no full connectivity is not a disadvantage, but it adds to security as it disguises the internal network's structure where by, all traffic appears to outside parties as if it originates from the gateway machine. Thus it prevents worms, viruses, trojan horses initiated by outside hosts from reaching those local hosts. Fantastic indeed.

Re:Do you even need antivirus?

[shaiful]

do you think your PC can survive without any antivirus installed in it? well, u might have ways to avoid any viruses from getting into your system or windows but just imagine if ur PC are infected with viruses n not just a common viruses. It is new viruses or worms that are unknown to everyone...just imagine it...i'm sure dat your life will go easier if this happen... why? because you just have to click n pick 'FORMAT', n in few seconds your PC is formated back as new when u buy it... it is nice... ^_^ i'm now currently using AVG antivirus, AVG spyware and zone alarm..Currently, everything go smooth... FYI, Kaspersky n AVG antivirus cannot be installed together. If you do so, your PC might end up going crazy if luckily or you cannot open your Windows...

Re:Do you even need antivirus?

[shaiful]

But I've never gotten a virus, not once. hahaha...dun make me laugh...it's impossible not to get virus if u get your PC connected to internet... there are tons of virus spread out in the world of internet....
but if there are a flag as you said..it's wonderfull dont you think...

Re:How can that be? Easy

[Urd.Yggdrasil]

I have attempted to run as a limited user on my home PC, but almost every program I use (mainly PC games) requires admin rights for some stupid reason; if people would make there programs use user spaces instead of system spaces then this would be much more feasible for more people.

most people "think" or most people "say"?

[snsh]

The survey results are probably bogus. A lot of people who don't have antivirus software will lie and say "of course i do", either out of embarrassment or avoid a sales pitch.

Its not the 30 day trials...

[webmaster404]

People think that a Firewall is going to protect them and because Windows ships with a (low security) firewall they think they are protected. Also, it seems that the people who are unprotected aren't those that have low risk systems,I have had people on Dial-up pay for an anti-virus for checking their e-mails. And people who go online a ton seem to be unprotected. Ill admit, when I was on Windows all I had was ad-aware (free) to check for spyware every now and then. It only got really infected once. Then I switched to a Linux system and am very happy that the security risks are minimal all I really have to do is put chkrootkit on cron, install the updates, and set up iptables and Im mostly fine save I don't run unknown binaries or shellscripts. And because the code is open, I don't have to worry about installing software from the package manager because I know that someone has looked at the code and If I really want to I can look at the code and compile it from source. Unix security owns Windows insecurity

Re:How can that be? Easy

[jawtheshark]

As said, it requires "special knowledge". Often you need to go into the registry editor and adapt security settings for certain registry keys ("Edit"-"Permissions..."). The same for filesystems: games that write savegames in their own directoy will need write access for limited users. You can do this with cacls on a XP Home system, XP Pro has the appropriate tabs in the properties of the file/directory.

There are some other caveats, like the "User"/"All Users" separation in the Start menu that you have to adapt in some cases. In the end it's all a matter of experience.

I learnt this over the years, and every new game will be trial and error all over again. It's login to admin mode, change keys, login to user, try game, rinse repeat lather.... It's hard, but not impossible. Some games require patches: for example The Sims 2 doesn't work without Admin rights out of the box, but bring it to a certain patch level and it will work. This was one of the most asked features for the game, IIRC.

Re:How can that be? Easy

[Dunbal]

My wife's computer at work has a secretary account and an administrator account.

      So tell, me what will happen the day you catch the secretary account in bed with the administrator account??? This sounds better than a soap opera!

Scarier...

I have autorun turned off on my computer. The other day, I connected a U3 drive and the U3 Launchpad started after Windows was done with the drivers (or something along those lines).

When you can't even count on having autorun disabled, that's when it gets scarier. At least I usually don't log in as an administrator.

McAfee is garbage

[romi]

AntiVirus programs seem to be largely useless, and McAfee is particularly awful because of its horrendous implementation that sits there just sucking.

http://www.cnet.com/internet-security-and-firewall/mcafee-virusscan-plus-2007/4505-3667_7-31995275.html?tag=prod.txt.2

Antivirus software, and *good* antivirus software

[david.given]

I recently had to fix my parents' machine, because it got massively infected. This turned out to be a blessing in disguise, because I ended up flattening it and reinstalling XP from Microsoft's disks rather than the crappy OEM version that was preinstalled on it, but that's another story.

My father had a subscription to Norton. So, why didn't Norton protect him against the virus? Well, a quick install and run of AVG later, I figured out why: Norton had been lobotomised by the virus. Half of its files were corrupted beyond repair. Most of the Javascript that its crappy UI was written in had been replaced by binaries. It was like one of those caterpillars whose brain gets eaten by wasp larvae, and the caterpillar never notices. It was horrific.

Unfortunately I still can't persuade him that AVG (which is free, which gets good reviews, which actually seems to work, and which doesn't keep popping up crap in your face) might be a better choice on the new system; but hopefully the new improved installation will protect him. We'll see.

get a degree in virii

[tsjaikdus]

I think most people who say it's all easy and all that are ignorant. If you're connected to the internet you need protection like Avast, Windows Defender, Windows Firewall, you'll also need to be sure they are enabled and you'll need to let them search your system now and then. Then you'll need to know that apparently inert files like wmv, mov and perhaps pdf and jpg can actually be used as exploits and shouldn't be opened in your browser. Then you should not log in as an administrator (did you ever bother to change that?). Then you should not have children that click OK to get rid of every popup they see. You should not use IE6. Not use anything before XP. Be sure XP is updated. Do you ever create a spreadsheet to find out what mix of programs you need to cover a large part of protection agains virii, worms, trojans, spyware, etc.? All programs have their key strengths and may be rated as very good or excellent, but is that still useful if that rating covers the category BIOS virii only? As I have read McAfee and Norton are used to test new virii before they are released. And that they perform so poor to catch new ones as a result of that.

I don't, and probably I've made some mistakes above. But then again. I don't bother to get very interested in it actually. Think of it this way. You buy a new car, but without brakes. Then you have buttons to press, gears to add, electrical connections to make, press your own oil out of raw seeds and do lots of other things before your brakes function. The manual mentions none of them. The only thing you have is a pdf by McAfee and the NCSA talking about the number of people without brakes.

Re:get a degree in virii

[BenoitRen]

Excuse me, sir, but that's bogus.

If you're connected to the internet you need protection like Avast, Windows Defender, Windows Firewall, you'll also need to be sure they are enabled and you'll need to let them search your system now and then.

None of that is needed if you use common sense, like not opening attachments from people you don't know, using a secure browser, etc.

A hardware firewall is also much better than a software one.

Not use anything before XP.

I've been using Windows 95 for years, and haven't ever had an infection ever since I started using Mozilla (now SeaMonkey). Today's malware targets IE, XP's open ports and insecure network protocol implementations. None of that exists on Windows 95 (neither on 98 or ME).

Bottom line: long live BRAIN.EXE

when do they work

In the last 5 years have you seen an anti-virus product do anything useful ?

zonk read good

http://it.slashdot.org/article.pl?sid=07/10/03/1916207

antivirus is not a solution

[froschmann]

Antivirus software isn't a solution. It might help in an MS-Blaster situation, but I've seen far too many computers loaded with spyware and trojans that have fully up-to-date antivirus software think that it will solve the problem.

It makes users more complacent, and more willing to run questionable stuff. It also tends to hurt performance. You're better off educating users to not visit porn sites and run random downloads. Maybe even install firefox, check startup items /services, and run rootkit revealer once in a while.

1d10t

[headkase]

...and I'm running a pirated...

Buddy, you're not at the top of the intelligence heap for running without AV and you're definitely downright stupid for admitting you run pirated software on a public forum. People from Microsoft browse here too you know. Jesus man, if you don't want to buy your software then show some integrity and completely switch to free alternatives.

Re:1d10t

[janrinok]

I can see the point that you are making but:

How will Microsoft trace him from his sig? Is /. obliged to give out user information to anyone who asks? Do you really expect NSA to devote effort in trying to track him down. So Microsoft browse this forum - so what? They are only a company and have no legal powers - at least not outside the USA.

If he is not in the US, what do you think Microsoft will do? What evidence do they have? His 'admission'? Nope - there are people on /. who claim all sorts of things that are patently not true. I do not see this impressing any court (outside the US).

Yep, he is not being smart by not using AV, but I hardly think that being paranoid is called for. Haven't you got enough to worry about with all the terrorists that are stalking the streets of America, all the pedophiles that are threatening your children and all those enemies who are waiting to attack you? Yes, you're right, none of these things are anywhere near as bad as most Americans appear to imagine that they are. If Microsoft could catch pirates that easily don't you think that they would have done so by now?

Just my viewpoint.

Re:1d10t

I used a hacked version of NOD32 for a year or so. And after trying all the above I actually settled down and bought Eset's NOD32 for a 3 year term. PIRACY DOES HELP!

Re:1d10t

[schnipschnap]

People from Microsoft browse here too you know. And what are they gonna do?

Besides, there are a variety of cases in which it wouldn't make sense to run an antivirus program:
1) Your computer is behind a NAT or firewall (this is most often the case nowadays). This will take care of all "automatic" infections (unless the settings are weird).
2) You are running as an unprivileged user, you aren't running many services in the background, and your system is up to date. Almost no attack area. Your apps should be up to date too. Or you could run them as a special user with limited access to even your normal home directory.
3) The machine isn't connected to the internet and doesn't touch possibly virus-infested media either.
4) You are able to detect and to get rid of viruses on your own. (Do antivirus programs actually do anything besides moving stuff into a special folder?)
5) You're relying on security through obscurity (for example by using hardware or software (especially OS's) that noone else is using) - almost bulletproof, actually.
6) You're running a honeypot project.
7) You're being asked each time something odd happens if said thing should be allowed to happen (okay, so this is actually pretty close to antivirus software).
8) You're using specialized hardware to prevent common attack methods (such as buffer overruns) from working.

I'm sure there are some more interesting conditions, but it's getting late, and I'd like to hear what you guys think. (Boilerplate line to cover up place where I got tired of thinking.)
Disclaimer: I'm not a Windows-user.

Re:How can that be? Easy

[v1]

I think you are misinformed. Viruses and other nasties don't require the logged in user to be an administrator to infect every account on the machine. They use a wide variety of unpatched system vulnerabilities and can dig themselves in deep enough to be essentially impossible to remove.

Our pc tech here is constantly moaning about a machine that's got malware that has planted itself in the registry of every user on the system (admin and standard) and if he misses even ONE of those when cleaning, it'll just reinfect the entire system (all users) as soon as the missed user logs in.

The funny part is he can't scan the other registries without logging into the accounts, because of "windows security". (then how did they get infected to begin with?!)

I find it hilarious how viruses can run rings around windows security while the admins are restricted from doing the same thing the viruses and trojans do freely.

TAG IT: WINDOZE

This is a windoze only problem. Micro$oft exclusive.

No worries on GNU/Linux.

Re:TAG IT: WINDOZE

No worries on Linux or Mac OS X. My home systems of 2 Mac OS X boxes and 2 Ubuntu boxes are sitting happily without worry.

Geez, don't people get tired of this stupid virus/adware/trojan crap on MS Windows? Just go OS X and be done with it. If you have some techy abilities, give Ubuntu a shot, you may just like it. If not, OS X will be a great OS for you.

My next door neighbors system was just hosed because of stupid WinXP and trojan crap. They lost some family pictures because of it. I didn't charge them. I don't charge friends/families/etc, though I should. It took a crap load of time to reinstall WinXP SP 2, download hundreds of MB of updates, install a basic version of MS Office, do the updates/reboot, install anti-virus, reboot, etc, etc. Why do people put up with this crap? Only a small percentage are "gamers" that want WinXP for PC games. The rest just want a usable system.

Oh well, I am a happy camper here with OS X and Linux. I get enough of WinXP writing programs at work, thanks.

Re:TAG IT: WINDOZE

[mdwh2]

No worries on Linux or Mac OS X.

No worries on Linux or Mac OS X or Commodore 64.

Anyway, my home systems of 3 Windows boxes are sitting fine without worry too. In fact, I've never had a virus on Windows.

Welcome to last week

This story is 5 days old.

Re:Antivirus software, and *good* antivirus softwa

[v1]

well of course. There's a reason armies don't just hand over their plans to the enemy. If you are fighting an opponent and you have perfect knowledge of them, you win. every single time. Norton is such a ridiculously well known target that any virus or worm updated in the last two years has SOME active defense against it.

Re:Antivirus software, and *good* antivirus softwa

[deamonpainter33]

if you want real anti-virus protection, invest in NOD32. ever since i deployed this at work recently after also getting rid of the dreaded PC Cillian, and we have destroyed any traces of viri infections and the best thing (other than it's awesome functionality) is it's ability to not take up so much freakin memory space!

The Horrible Graph

[malvidin]

I know I shouldn't have, but I read it. Did anyone else notice the huge difference between 87% and 88% in the graph?

Also, who here would allow a "survey group" have access to conduct a remote scan on their computer? Methinks this survey is skewed, even if (especially because) they used quotas.

Re:How can that be? Easy

[frank_adrian314159]

...what will happen the day you catch the secretary account in bed with the administrator account???

Pfft! Like that would ever happen...

Has anyone realized

[rm999]

that pretty much every study about viruses or computer security are paid for by the virus and computer security companies, and their conclusion is always more people need to buy their software?

I'm tired of those companies and their products. They overcharge for their products, force you to upgrade when the upgrade barely offers any additional coverage, and their products slow down computers (my biggest pet peeve).

A few preventive measures can make virus checking useless. Use firefox, not IE. Don't use outlook. Never open VBS files. And run something like this: http://www.mlin.net/StartupMonitor.shtml
Not only does startup monitor catch most viruses (who always place something in your startup registry), it keeps your computer lean from bloated software.

Re:Has anyone realized

[gl4ss]

yeah.

in the mobile side especially. every article originates from companies trying to sell protection against "threats". and if there is a mobile virus epidemic at some big sports happening or whatever.. it never happens unless there's some antivirus companys booth there.

Re:How can that be? Easy

[TheRaven64]

This is Windows. They aren't ever allowed to be in the same room at the same time.

Maintenance

[RAMMS+EIN]

Here, here. Confirmation of what I've been saying for a couple of years now. Windows forces you to know a whole lot more about computers than you should have to. Viruses? Updating your virus definitions? Why should you have to know about these things, hmm? And then people claim they use Windows 'cause it's easier. Yeah, right.

Re:Maintenance

[IhuntCIA]

You got all Your facts right.
Windows users can be dumb and work on bot camp or smart and never have any virus / worm / trojan even with no antivirus software installed at all.

Re:Antivirus software, and *good* antivirus softwa

[Nimey]

It's better to seek forgiveness than ask permission. Go over sometime, and when they're not paying attention nuke NAV and install AVG. Install Spybot S&D and immunize while you're there, since it's a passive defense and is probably harder to dislodge.

Oh, Really.

[Sitnalta]

Wow, a security company telling us we're not secure enough? Who'd ever have guessed.

Re:Oh, Really.

[Boogaroo]

It's too easy to be cynical.
I know McAfee would love to have some of those 49% of computers that need antivir buy their stuff, but the NCSA is a well respected organization.

Honestly, if the message gets it across to some of the millions of computer users who have zombie computers, then perhaps we'll cut the problem down a bit. There's no way we'll ever get 100% compliance, but a mainstream story like this(heard it on the radio) will hopefully improve things.

You can start by stripping out all the crap....

[Joce640k]

Read this

Norton Internet security breaks so many apps it's not even funny.

Last time I installed Norton "Antivirus" I also got Norton Recycle Bin and a load of other stuff I didn't want (and had no option to not install).

Re:Go back to school

WTF is virii ?

viri http://dictionary.reference.com/browse/viri
virii http://dictionary.reference.com/browse/virii

http://www.reference.com/browse/wiki/Plural_of_virus

dude, we don't need brakes, we need wings

Terrorism and AV software

[fullback]

Turn off ActiveX and scripting if using IE or use another browser. Put .microsoft as a trusted site in IE for updates. Use a router. Don't open attachments. If that's too hard, buy a Mac. Dump the AV software. The administration learned to turn terror into a business by watching you sleazebags tout AV software. You are worse than lawyers and have no shame.

ClamAV is not detected

[flyingfsck]

I guess that a good many of the 'found no trace' part in this 'study' were either running Linux, Macintosh or using ClamAV. I always have to jump through hoops to convince Windoze to stop bugging me because the PC is running ClamAV, thank you very much...

Re:How can that be? Easy

[arminw]

.......Our pc tech here is constantly moaning about a machine that's got malware that has planted itself in the registry of every user on the system.....

That's why its better in the long run to get a computer that doesn't need a registry and is more secure by design. For computer smart folks that are also poor, Linux is the way to go. For those who don't know beans about computers, they can pay time for some education or money for a Mac. Macs even run Windows nicely. The windows part may not need a network connection. Since HD space is cheap a clean copy of the virtual Windows machine can replace and infected one in seconds.

Irrelevant

[HermMunster]

The issue of a how many think they have vs. how many that have is not relevant because the threat is from adware/spyware. Viruses are not that big of a threat. Adware/Spyware is a monster threat. It is the likes of ad-aware, spybot search & Destroy, AVG Antispyware, Windows Defender, etc that catch and clean the vast majority of the malware on computers. Virus scanners detect and remove the relatively minor issues that affect computers.

I'm not saying that the antivirus programs should not be used. I'm saying instead that the adware/spyware are the real threats.

Isn't this an outright dup?

[xxxJonBoyxxx]

Isn't this an outright dup?

http://it.slashdot.org/article.pl?sid=07/10/03/1916207

Re:How can that be? Easy

[archen]

So tell, me what will happen the day you catch the secretary account in bed with the administrator account???

Answer: Unaccounted for, child processes

"A survey carried out by McAfee"

[nexu56]

On an unrelated note, a survey carried out by McDonalds last week found 90% of Americans don't eat enough hamburgers.

Re: impact

[rk075245]

Anti-virus programs are able to scan opened files in addition to sent and received e-mails 'on the fly' in a similar manner. This practice is known as "on-access scanning." Anti-virus software does not change the underlying capability of host software to transmit viruses. Users must update their software regularly to patch security holes. Anti-virus software also needs to be regularly updated in order to prevent the latest threats. For example, Linux requires specific software to write to NTFS partitions, so if one does not install such software and uses a separate installation of MS Windows to make the backups on an NTFS partition (and preferably only for that reason), the backup should remain safe from any Linux viruses. Likewise, MS Windows can not read file systems like ext3, so if one normally uses MS Windows, the backups can be made on an ext3 partition using a Linux installation.

This is horsecrap

[fullback]

You Virus Terror Mongers make me sick. With ActiveX and scripting disabled, a properly configured firewall in a router, and not opening attachments, the odds of me getting my first virus after 15 years online are less than getting hit by lightning. Neither have happened so far. You're disgraceful con artists and no better than common thieves.

Users' mindset

[mystical1982]

Most users buy a computer with the antivirus already integrated into the system. They rely on the antivirus alone to protect their computer without realizing the types of attacks made toward their machine. Most of them do not know the actual function of the antivirus and assuming that as long as they have the antivirus installed in their computer, they are safe. A friend of mine had once installed two antiviruses in the same computer, thinking it would strengthen the security of his computer, when the reality of it is that it would only burdened his computer when the functionality of the two antiviruses were more or less the same. Others may suggest that having a firewall helps prevent their computer from attacks. Some even think to the extent that with firewall alone, they are safe. what they dont know is malicious codes can easily past through the firewall when the user initiated a contact with the site containing the malicious code. when the virus passes through the firewall and get into the computer system, there is nothing that firewall can do. The main point here is that people should at least have a knowledge about computer viruses so they know what they are up against. They need to keep in mind that some malicious codes can be prevented using antivirus while some cannot, such as rabbits (Denial of Service).

Conclusion...

[gcauthon]

People click "Yes" to lots of things without actually reading. That includes applets, spyware and even surveys.

built-in AV in OS

[TT076659]

If an operating system would have a built-in antivirus program which is on by default, then the percentage of protected users would surely increase.

Microsoft was attempting to do this but too bad, it was not approved.

This just in...

[DragonTHC]

Most users are dumb.

No effect

[Jessta]

"What sort of an effect does this sort of thinking, and practice, have on the overall security of your systems, networks, and efforts to educate?"

No effect, anti-virus/malware/adware etc. is useless. It creates a false sense of security while wasting your computing resources while being lots of extra code running with Admin privileges.

Re:Antivirus software, and *good* antivirus softwa

AVG isn't good. If you want something free that gets both good detection rates and reviews look at either Avast! or AntiVir.

how they found out:

[AlgorithMan]

do you think you have anti virus protection?
[X] Yes [ ] No

do you actually have anti virus protection?
[ ] Yes [X] No

Thank you for your help.

Is it true?

[IT074552]

i've heard a statement that practically all users on all OS do not need to use antivirus software at all if they use a modem/router with NAT technology?and do not try to click on any invited popup or website that could be from hackers?

Re:Antivirus software, and *good* antivirus softwa

It was like one of those caterpillars whose brain gets eaten by wasp larvae, and the caterpillar never notices. It was horrific.

Euuuu! That's put me right off my lunch...

insert free advert for McAfee ..

[rs232]

How about using a computer that don't get 'viruses' ..

why...

[aman534]

if antivirus can't protected computer as what user expected ... why should we spent our money to buy it? even register for trial antivirus, cost more than what user get. for me its worthless

Re:why...

[PK076191]

I wouldnt consider worthless, i would consider less protective.

You might want to check out http://en.wikipedia.org/wiki/Antivirus Why we need anti-virus.

Yea the AV might be not as we(users) expected but at least it would lessen the risk of being totally open and vulnerable.

Though for an anti-virus might take action if the signature of the virus is recognised.

Anti-virus works this way :

1.Release of new threat/exploit into the wild
2.Detection and study of new exploit
3.Development of new solution
4.Release of patch or updated signature pattern to catch the exploit
5.Distribution and installation of patch on user's systems or updating of virus databases

This is called Zero day exploid. You may want to look at http://en.wikipedia.org/wiki/Zero_day for confirmation.

In this way yea maybe the user might be attacked once, but the 2nd and 3rd times onwards if the signature is out the anti-virus can block it.

Re:why...

[PK076191]

Anti-virus software isn't by any means "security protection", especially the type that works on a heuristical basis. They are simply long lists of known to be disadvantageous programs and a daemon that tries to match the list to data on the system.

Sure, they might offer some kind of help for systems operated by people who do not have the necessary knowledge to operate a computer, but it is first and foremost it is built for security and it does good by providing known signatures or data of viruses and its pattent. This would somewhat decrease the risk level to 50% because for the first time you might be attacked but for the 2nd, 3rd time onwards maybe not anymore.

There are two solutions to the problem by the way. The former is educate the users and the latter is to switch to linux. No, seriously. The important part isn't linux, but switching away from a monoculture preferably to a desktop environment that is ruled by at least 3-4 systems that are different from each other and they are interoperating in well defined ways with each other. That way, you can get the platform (the systems it can possibly infect) down for a virus to a threshold where the percentage is simply too low for it to be able to spread.

Apologies if this starts a flame-war, but...

[jackpot777]

Can anyone tell me why this shouldn't move people over to Mac, Linux, etc.?

I know about malware that can be spread using MS Office, from infected PC to Mac to fresh PC, in the same manner the woman spread the Rage virus in the film '28 Weeks Later'. The Mac itself doesn't get affected by the virus / worm / trojan, even if it has it inside. Besides, I'm using NeoOffice at home without using macros so [raspberry]!![/raspberry]

I know about proof-of-concept 'viruses'. Someone says "you could, hypothetically, use this loophole to write malware" on a Monday, and the hole is usually closed on the Tuesday. It's like hearing that an infected batch of meat in Thailand could infect the world and ...ah, they destroyed the shipment. Carry on...

To me, it's just infuriating. Seeing people deliberately buying products that have gaping flaws, flaws that have been 'features' of the OS for years, and then spending all that time and money and effort to collectively try and polish the turd (as they defiantly defend their bad decisions, which is a bad decision in itself)? I've never understood it ...but then again, I've never found myself staying in a destructive relationship / bought anything expensive based on advertising instead of Consumer Reports reviews / voted for anyone based on looks, lawn-signs, catch-phrases / found myself asking 'friends' or family to repay the thousands of dollars they've owed me over the past x years either.

Yes, I guess I'm calling a lot of people sheep, or gullible, or uninformed. In other news, the sun rose in the East this morning, details and analysis at 11...

Here's my thinking, please pull it apart. Computer fraud is a cash cow for organized crime. It's worth billions. If any one criminal group could cash into the untapped 5%(?) Mac sector, that would be worth an incredible amount of exclusive money. So you'd have thought there would have been a great push to own this Mac portion of the computer fraud market especially because Mac owners, and I'm one of them, have been lulled into a sense of security with the lack of OS X - related reports of identity theft. I'm like a country yokel in the big city for the first time. Never had to worry about concealing a wallet, so I have a big roll of fifties sticking out of my back pocket. DAMMIT, MUG ME! Yet my money is still secure after all these years.

I'm a practical and pragmatic person. And, taking KRS One's idea of being "criminally minded" to heart, I figure that someone would have cracked a way to get all this extra income off us Mac users using the same techniques in the PC world if they could, because 5% of a billion dollars is still fifty million bucks (if the same ratio of Mac users fall for it the way PC users do).

The fact that it hasn't happened yet, for an OS that has been out since 2001, tells me either that the criminals don't like easy money, or it's not easy at all.

So again, at the risk of a flame-war: can anyone tell me why this shouldn't move people over to Mac, Linux, etc.?

the problem

[PJ1216]

the problem is the trial software. users aren't aware that after the subscription is up, it no longer works effectively. most users aren't aware of the subscription based model. they feel that if they pay for it once, it should work forever. whether or not you agree with the model, this is the standard model for security software (aside from the various free ones available). i think it'd be best to not put trial software, but instead a more annoying warning from the OS that no anti-virus is installed. anti-virus & anti-spyware are two software suites that not only benefit the user, but everybody else on the internet. i don't care how annoyed they are by the messages. installing those two things shouldn't really be a simple choice of "yes," or "no," but more like "yes," or "no, but i'm going to annoy the hell out of you." computers are catering too much to the computer illiterate. while business-wise, this makes sense, from an internet-safety point of view, its not. too many vulnerabilities are introduced when trying to make something easier to use. add on top of that, clueless users and you have problems. seeing as how computers pretty much come with a connection to the internet, you can no longer look at them as just isolated products. most of the time, they will connect to the internet and effect the overall effectiveness in a negative manner. Why are computers the only high-tech piece of equipment that EVERYBODY is allowed to use. Scientific instruments can cost a few thousand, yet they're treated like sacred objects (in places that care about their investments), yet the computer is not.

This doesn't surprised me at all

[myz24]

This doesn't surprise me at all. At our company I allow people to bring in laptops to use on our wireless network but only if they have up2date AV. I asked someone once if they have AV and they said, "yea, this thing is two days old." I double checked and found that yea they had AV, but it hadn't been activated.

The sad thing is that AV software today is so in your face (I'm looking at you Symantec) it's incredibly annoying and yet "normal users" still don't know if it's working right or if their computer is protected. Yet the same people aren't content with AV software that is free such as Grisoft. I tell people, if this icon is in color, you're good to go, if not make sure you update. These people will eventually come back to me asking to install the latest version of Norton. ??!??

Re:This doesn't surprised me at all

[PK076191]

Probably they don't even know that Grisoft (AVG AV) is actually an anti-virus program too :P..lol. Maybe would better if you demonstrate that not only Norton protects but other AV Such as AVG, Karpersky too do their work :) Doesn't mean that Norton shows more popups Norton is protecting...

CLAMWIN is NOT Antivirus Software

[VJTod]

Seriously, people.

Clamwin is NOT antivirus software.

As others have stated, Clamwin is not an On Access Scanner. So, as the virus enters and infects your computer, Clamwin sits idly by in your taskbar waiting to either update its database or perform a scheduled scan, but most certainly not warn you or block you from getting infected.

Clamwin is a Virus Scanner, and I seem to remember that the default behavior is to just Report problems, not delete or quarantine.

After you've already been infected and the damage has been done, Clamwin might be able to tell you that you have a virus, and it might not even clean the virus for you.

I know a couple people who install clamwin for their family members - telling them that Clamwin will keep you safe. Clamwin is not protection.

Figure should be far higher...

I think that figure would be far, far higher if we were to include the 100% of OSX and Lunix users who mistakenly believe they have virus protection... or protection of any kind... but obviously do not.

90%=layman?

i think the 90% were layman because only layman 100% believed on antivirus.

antivirus safe?

[PK075010]

i did't think it can protect whole system or application in our computer because it only can protect from certain attact of malicios...but how about hackers?can we avoid them with antivirus from access our computer?

Antivirus cannot prevent all viruses

[ancalikorn_pk073892]

Although good prevention is necessary, it is impossible to completely prevent systems from becoming infected with a virus. With all the viruses around, everyone needs good anti-virus software. But here is not one perfect program that suits everyone's needs. For me, i have used BitDefender and Nod32 but it still cannot remove all the viruses resident in memory.

reduce antivirus false positive invention

[ancalikorn_pk073892]

you can go to the link below to know a method to reduce antivirus false positive invention. http://www.freshpatents.com/System-and-method-for-reducing-antivirus-false-positives-dt20070802ptan20070180528.php

absolutely does not work 100%

[PK075010]

from article about.com
"The so-called "U.Z.A. O/S Eliminator" worm appears to have originated in Maldives sometime in late July or early August 2007. The worm exploits the autorun feature, enabling it to spread from removable USB/thumb drives to other computers. "
it said new worm appeared where the desktop wallpaper has been changed to a black graphic with white lettering that reads 'U.Z.A. Operating System'. mean while the clock in the tray will display 'UZA O/S' to the left of the time. we cannot access the task manager...then, all removable usb/thumb drives will have what appears to be a folder labeled My_Personal_Data on the root of the drive.
so where the antivirus that can prevent from any harm?...
and damm antivirus like norton that make my computer be slower than before..this proof that antivirus absolutely not work 100%...

guess,,,,

[PK075008]

as someone that i know said....antivirus isn't solution for all virus....it's up to user whether they are aware about it(virus) all the time, how to prevent it...etc... avoid viruses from root... NAT...maybe??

Re:Antivirus software, and *good* antivirus softwa

[RK075580]

Most people think (include your father) that buying a well known antivirus software will make their PC safe, receive auto-update regularly and etc.. try to persuade this group of people into free antivirus software like AVG (which is good AV) is waste of time.. "getting something for free and letter you will get something (virus) for free too, nothing is for free" ..... So try to persuade them into kaspersky antivirus (better then NORTON even though it little bit slow - scanning everything that execute in background).

Re:Antivirus software, and *good* antivirus softwa

[PK073913]

I'd used AVG before and found it too good to be true.Beside it is free antivirus,the installations are also much easier. But does it protect again spywares? so, i've used Spyware Terminator (which is free too) for 'better' protection.

Do 1 single anti virus protect again spyware?

[PK073913]

I've used AVG as my anti virus before. but does AVG protect again spyware and adware? i believe that most of users did not realize that they have other programs install together with the softwares they downloaded..