McAfee Artemis Claims Protection Online, On-the-Fly

Seems like McAfee has created a new Internet-based service to provide active protection on the fly when a PC gets hit by malicious computer code. "[Artemis] is a lot faster than traditional methodologies and it closes the gap between when a piece of malware is written, discovered, analyzed and protected against ... Artemis is available at no charge as part of McAfee VirusScan Enterprise or McAfee Total Protection Service for small and medium-sized businesses. Artemis is also available for McAfee's consumer products, where the functionality is called Active Protection."

Antivirus software is bullshit

[Mike610544]

when a PC gets hit by malicious computer code.

A PC doesn't "get hit" by "malicious computer code" too often these days. The target unintentionally (but by their own action) runs malicious code because they're ignorant. Even running Windows (patched w/ firewall) there aren't many ways you can get pwned without clicking on the "RUN VIRUS NOW" button (admittedly recognizing the ways that button can masquerade itself is a skill.)

Trying to protect people against themselves is futile. Antivirus software is like the Maginot Line. It only works against shit they're expecting.

There's no substitute for educating computer users about what's not to be clicked upon (and/or run as root.)

Re:Flawed methodology

[im_thatoneguy]

Here here.

I usually run on a DMZ. No firewall local or at the router.

I even have a dynamicDNS directed to my main computer.

I scan regularly. And haven't been infected in over 8 years. (which was my fault for opening an attachment without thinking.)

My current windows install is about 2 years old with LOTS of use. The computer is 5 years old and it's time to junk it. It's also still suffering from a 4 year old Norton uninstall that seems to have never completed and is getting worse. Norton was the worst thing that ever happened to one of my computers and I still haven't completely purged it.

What junks up my Windows PCs aren't the illicit viruses that get installed without my permission. It's all the crap that comes along with little freeware worthless pieces of crap that I need to use once to convert some file or another.

Windows PCs and Macs get used very differently. Having run both of them I used them very differently myself--largely because there just isn't the world of little crappy apps available.

I'm with parent. Your comparison is apples to oranges.

Re:Flawed methodology

[rolfwind]

Bullshit. You must be a retard if you trust anything your kids say. They may be surfing the same sites, but they're downloading and executing ZOMG U MUST SEE THIS!!1 shit on the PC which isn't compatible with any other OS.

I haven't seen a virus on my PCs since my 286, which came preloaded with them, and my own deliberate HPAVC collection from the BBS days.

He's not trusting what his kids say, he's seeing the results for himself. And who cares what his kids download? They had limited user accounts, it SHOULD NOT HAVE MADE A DIFFERENCE what they downloaded.

Some windows users love closing their eyes to the results and stammer and sputter about marketshare and all that crap - but the fact is that Windows has more attack vectors for whatever reason. Like your parent said, security is a bandaid on windows, not built in. I don't know the entire reasons for that, I heard that in unix, services run as a normal user account, sandboxed away from causing damage while in Windows many services run as root - meaning only one has to be compromised for something malicious to gain control.

There are probably other reasons and the OP may have well talked about Ubuntu instead of a Mac -- but your sample size of one is unconvincing from every angle. You're obviously not the average computer user, nor do you anticipate the truly stupid shit some people do and how kids play with their computers.

Running as root would be just as stupid (something Ubuntu does not have one do by default but I believe Mac does?) but having extensive contact with the administrators in my old school - they let the macs be while the Windows based systems are set to be reimaged every night simply because it's too much of a pain to keep Windows clean for more than a week among groups of students. Default UAC in Vista might have finally changed that, but their machines still run the cheapest form of XP (without UAC) and it also does not get rid of the services issue.

Re:Flawed methodology

[stevied]

I'm pondering the following set-up:

• 1Gb ageing Athlon box
• Ubuntu installed on the raw hardware
• Virtualbox installed on Ubuntu
• WinXP running in Virtualbox with about 50% of the RAM.
• Auto login set up on Ubuntu and WinXP, so apart from the Ubuntu splash screen, there's nothing particularly scary to see for the dyed-the-wool Windows user I'm jumping through all these hoops for.

This allows various cool stuff: incoming HTTP and IMAP connections could be scanned with ClamAV, for example. What would be really great would be to just discard changes to the main VB disk image at the end of every session. Obviously user docs + data would be somewhere else, and could potentially get infected, but that's a lot less data to periodically virus scan, or to restore if anything does get in to it.

Preliminary tests suggest that virtualized windows without on-access scanning runs quite a lot more smoothly than a bare-metal install does with it. The added bonus is that I can ssh into the underlying Ubuntu system and do admin with the rather richer toolset available there than on Windows (though greater personal familiarity with that toolset is also an issue, I admit.)