Slashdot Mirror
Can You Trust Anti-Virus Rankings?
Slatterz writes "It seems nobody can agree on a universal set of tests for rating anti-virus software, with Eugene Kaspersky the latest to weigh in on the topic, criticizing the well-known Virus Bulletin 100. Kaspersky is one of several big anti-virus brands to fall foul of the VB100 tests, reportedly failing to pass a recent test of security software on Windows Server 2008, along with F-Secure and Computer Associates. At Kaspersky, bloggers have pointed out that they don't focus on detecting PoCs, calling it a 'dead end,' and saying their anti-virus database focuses on 'real threats and exploits.' 'I don't want to say it's rubbish,' Kaspersky told PC Authority. 'But the security experts don't pay attention to these tests. It doesn't reflect the real level of protection.'"
Next Question
Game over.
than I can trust the hackers that write these damn viruses that keep infecting my PC! Yeah, standards in this industry would be a start in the right direction, but right now ANY virus protection software is better than none!
I use Norton Internet Security, and while it is passable, I find that it's a resource hog. I know there are other products out there that are less "intrusive", but I just don't want to take the chance (or time) with another product.
Attention all planets of the Solar Federation! We have assumed control! - Neil Peart
Comment removed based on user account deletion
Wow i thought VB was destroyed after VB6, and now there is a VB100?
Take crash tests on new vehicles. Name me one that doesn't have a 5-star crash rating? The rating system is too easy, and needs to constantly be moved to achieve a new level of betterness. Not everybody should get A's. Once the majority of players reach a standard, the standard should be moved to motivate advancement in the field and show the better of the pack.
For example, the 5-star front-impact crash rating is par for the course now... but nobody seems to advertise the offset crashes, such as the right half of your bumper hitting the left half of your 'opponents' bumper. Why? Because it's sad in comparison. It's also not pretty to watch.
So all the power to making the standards hard to achieve. Yes this may not be the 'real world' threat, but it's a threat nonetheless. They're basically saying "Since England isn't going to declare war on the USA, any preparedness for receipt of an attack by the USA shouldn't be considered in overall military preparedness". That's of course rediculous. Protect only against the popular virus and the unpopular virus will begin to spread.
when you see the word 'Linux', drink!
Comment removed based on user account deletion
I have different Anti virus product on each of my machines at home. I figure the gap of what they won't detect is smaller then what just having one product will detect.
Bullet proof? Of course not.
So far with Avast, AVG, (mind you one virus product per computer only) ZoneAlarm, FireFox, and some basic sense I haven't been hit.
My only issues (sad enough) is when a windows update broke Zone Alarm and when AVG detected Zone Alarm as a virus (cause a new version came out) and shut it down.
Now that i really think of it all the products designed to protect me have been the ones giving me all the trouble. HAHAHA (as I cry)
I'd just like to be able to trust anti-virus software.
http://arstechnica.com/journals/apple.ars/2008/10/20/mac-malware-program-macguard-masquerades-as-antivirus-app
I'm getting really paranoid about things. I find myself avoiding any web service that wants me to download a app or plug in I'm not very familiar with.
Think Deeply.
I have been solidly unimpressed with the results from most of the main stream anti-virus vendors. There are of course huge trade offs between speed, usability and accuracy. I also don't like having programs think for me without giving me a viable option to change the way it's handling a situation on the fly. For my machines I've switched all windows machines to ESET's NOD32. All my personal linux boxes I have on F-Prot. -- a
ok... anonymous coward for obvious reasons...
I have yet to find an anti-virus solution that doesn't
a) slow my computer down
b) continuously download crap
c) works as advertised
d) doesn't crash randomly
e) I'm sure there's a few other things I forgot.
When it came down to it, I got so tired of the hassle I installed Ubuntu to dual boot, and only boot into windows when I need to use the work related software I have.
And no, I don't use any anti-virus, as I'm never in windows more than a few minutes anyway.
So you can keep your apparently useless anti-virus ratings, and your anti-virus software too.
"The government grants you rights, not the other way around."-- beav007. Yes, these people really exist...
I've never seen "Proof of Concept" abbreviated PoC, but there you have it.
That's what happens when you stupify data, you loose data. Anyway Kaspersky don't give a rats ass about any tests, if it was them up there at the top of the list they would have nodded their heads and opened their pockets wide. And I wouldn't be surprised if someone fiddled with the software to the advantage of others, or even worse, fiddled with the logic. The anti-virus industry is ironicly equal to the medicine industry, same overadvertising unnecessary medication using scare tactics. It's simple folks, keep your fucking shit together, don't put your dick wherever it fits and then complain when it falls off because you eat 30 vitamines every day.
I am the lawn!
would have been nice if the submitter/reviewer put that in the description...
OMG - I really know lots of IT and CS related TLAs (and even longer ones, only very few are shorter AFAIK),
but couldn't resolve "PoC" without RTFAing.
WTF is this, some kind of trick to make us read TFA?
By our assessment, your reply was irrelevant. However, this slashdot post proves that our definition of 'irrelevant' is wrong. Please consider any negative marks you receive as a positive.
Always proofread carefully to see if you any words out.
My guess was that it's a politer version of PoS.
I've had good luck with a combination of Firefox with the No Script addon and Clamwin, and maybe just a little common sense.
Eschew Obfuscation
sudo apt-get purge virus
Mandriva. Suse's pretty good too. Haven't tried Ubantu.
I have my home PC (and PCs of friends who want me to support them) dual boot, with networking disabled on the Windows side. As there are NO LINUX VIRUSES a setup like this needs no AV software.
This makes computing a brain-dead simple, and supporting friends' computers almost as easy. Without the need for AV the thing works faster, too.
Now mod me down, astroturfers. My karma can take it, even if the truth hurts you.
Free Martian Whores!
The last anti-virus program I had on my Windows install was BitDefender. I felt the program protected me well and also didn't use anywhere near the same amount of resources as Norton or McAfee do. At this point, I don't even bother paying for anti-virus programs for my Windows install anymore. I'm just not logged into Windows enough for it to be worthwhile and, even when I am logged into Windows, I have its network access blocked unless I specifically need something from the Internet (Windows updates, primarily). After that, I re-block its network access. All my web surfing, updates to my wife's website, and stuff like that is all done from within Linux. Windows is probably only booted for about 2 hours a month.
Why stick to an OS which is fully virus compatible? I know Microsoft try their hardest to be incompatible with everyone else to lock people into their systems but they do have the market sewn up on malware compatibility.
The whole anti-malware market exists to fit one purpose.....to plug the holes Microsoft's incompetence leaves behind.
The moral of the story is that if you insist on (or have to because of some proprietary software you need) using Windows you're never gonna be secure, no matter how many anti-malware programs you use because the underlying OS is a piece of shit.
Switching away from Windows to UNIX / Linux / OSX will give you a huge head start on security before you even start thinking of what else you can do to stay secure.
It's like choosing the back row as your starting point in a race, knowing you don't have a snowballs chance in hell of catching the pack, let alone overtaking them.
The fact that you could care less than you currently do suggests that you do in fact care. However, this conclusion doesn't quite fit with the general tone of your post. Could you clarify, do you or do you not in fact care?
Proof of concepts are tangible vectors to infection. By not including and rigerously detecting such methods, they AV companies will allow more viral products into the market. This is a very self-serving stance.
I actually see problem of trust emerging. Once upon a time KAV was a brilliant peice of software that ran in DOS well enough to remove the plague of Win95 Marburg infections that hit the UK gaming community after a bad cover CD. That was a time when viruses existed, and you had to stop them infecting you. The prospect of new and novel viruses infecting you wasn't really an issue as home Internet penetration was small. As such, AV software wasn't marketed as the only thing you needed to stop all viruses forever, but as a tool that will detect more than its competitor more reliably. The money you paid was for a good huristics engine that was fast, efficient and more importantly, updated reguarly.
Now I see AV products as nothing more than 'ineffective-ware'. If AV programs claim to prevent the infection of known viruses, and reduce to risk of infection from emerging viruses, I'd probably have more faith in the industry. But they don't... in subscribing the "we can protect you from everything" marketing hype, almost every AV company has asked us to put faith in their product to stop "unknown" viruses... and we expect them to.
They don't. It's a computational nightmare.
KAV are in a past mindset. They have to change. They have to consider that what people really want is reliability - they want software guarantees. If any peice of AV software is going to help the market rather than hinder it, it is going to be reliable. What is the most reliable part of an infection? The vector, not the virus itself.
The truth is really in the pudding. Viruses have changed. Almost all now are polymorphic and highly reentrant. A few lines of code will change a signature making it undetectable. Fnfection is detectable at the point of entry. If the research is put into proof of concept code in making a system vulnerable, then the AV response should be to track and thwart that success.
Matt
Call me a Schneier fanboy, but I practice security on my home network like a process, not as in buying a product and be done with it.
Security for me begins with sensible configuration of the router and the PC's on the network, then it moves to access rights and regular patching of said computers.
This includes regular checkups and glancing at logs every three days or so to look for obviously suspicious traffic. Finally, after all of these steps, I use Kaspersky (since I had heard good things about it) together with rootkit detector. (Oh, and Firefox with NoScript)
All of this prevents pretty much all the scriptkiddies from getting in (I hope), but then again, the best thing you can do is to not download anything you don't know what it is.
I suspect the imaginary threats they fail is like the usual wintrolls argument "So do you think Linux/OS X is secure? Run rm -rf / and see what happens." They run a test which no actual virus/worm author (it is a money making industry) will bother to code and they blame real life solution failing to detect it.
Couple of worms actually install pirate Kaspersky with a special setting to ignore them so they are sure they are the only malware they are running. That is the prestige of Kaspersky for you and state of current threats. Virus/Worm writing as way beyond the amateur sickos writing malware now. It is a huge industry in black hat terms.
Xkcd explains it all.
"I was gratified to be able to answer promptly, and I did. I said I didn't know." -- Mark Twain
That's all fine and good for personal use, but very few businesses can be 100% *nix. Anti-virus software exists for Linux and Mac because they are often networked with Windows machines.
Anything networked to a Windows machine can send a virus to that machine, regardless of the operating system.
$> man woman $> Segmentation fault. (Core dumped)
Have you tried 2009 versions? 2009 version is a total rewrite from scratch. Installs and uninstalls can take about a minute on a fast computer. Low memory usages (no hogs).
Ant(Dude) @ Quality Foraged Links (AQFL.net) & The Ant Farm (antfarm.ma.cx / antfarm.home.dhs.org).
Technically, your operating system should protect you against that in the first place. I don't even know why there are still antivirus programs in this world. We had virusses back in the day of DOS when memory was accessible by anyone and everyone had the same permissions (even back then, OS/2 and other OS'es had better functionality without virusses) but nowadays, the only reason your box should be rooted is because of an exploit in a misconfigured box and nothing can protect you against that.
I was going to say: Anti-Virus programs, how quaint but then again, there is still an OS out there that is criminally retarded.
Custom electronics and digital signage for your business: www.evcircuits.com
Damn. I knew I should have shelled out extra for the anti-virus option on my toaster.
which is totally what she said
That's like saying it's hard to rank which kind of banana, when put into your ear, is best at keeping elephants away.
Ranking AV vendors is pointless, because the products are useless. If your policy is to download and execute random software, hoping that an AV system will filter out the malware, you are guaranteed to eventually lose, no matter how good the AV software.
As copyright owner of this comment, I authorize everyone to defeat any technological measure which limits access to it.
The title should say "Can You Trust Kaspersky?" Since the article is basically Kaspersky complaining that the Anti-Virus test (that his software just failed to score 100% on) is flawed. It sounds like Kaspersky is just upset that his software didn't pass the test and he's now trying to dismiss the test as meaningless.
Although if you look on the products page you'll see they display the VB100 logo. Then in the article Kaspersky goes on to say - "The products which have a very poor level of protection, they have the certificate, while products which have a very high level of protection, they donâ(TM)t have the certificate."
Well his product had the certificate, does that mean he feels that his software had a very poor level of protection?
Unfortunately there seems to be some kind of inherent corruption in the way the antivirus industry operates. I'm sure that most of the individuals involved are as honest and honorable as they can possibly be. The problem isn't really in the people, it's the way they have to operate.
But the result is the same. Anything that comes out of there has to be treated with extreme skepticism, whether it's antivirus software for operating systems where there's not even a credible infection vector, or attempts at taking over operating system responsibilities, or the way they tiptoe around huge lacunae in Windows security model...
For something like crash testing, the ultimate limit is the human body. You can only survive an impact of so much. So if the car can survive more without a catastrophic failure, well it really isn't meaningful. So I can see having something like a 5 star rating meaning "The car can take more than you can." Basically that you are going to die from acceleration shock before something in the car would fail in such a way as to cause injury/death.
Continual raising for the bar for it's own sake isn't always useful. There are realistic limits to consider, in this case the limitations of the human body. I'd say that so long as the car doesn't fail in a way that would cause injury or death before the point where a person is going to die anyway because of the sudden acceleration, then it is a top level rating. If an acceleration from 100kph to 0 in a fraction of a second will will me, I don't really care about the different between a car that will have it's cabin survive or one that will collapse at 150kph to 0. It's already past the point I'd be dead anyhow, if the car fails it doesn't matter.
There are many sources for getting detailed information on anti-virus software. Sites like www.toptenreviews.com and www.starreviews.com have both expert and consumer written reviews and rankings.
For the most part under Vista and XP you get a virus for the same reason you would on any other system:
- You haven't kept things up to date (installed patches for vulnerabilities)
- You have a user running with escalated privileges that is doing something they shouldn't be doing.
The biggest problem with Windows remains that by default you run as administrator. Vista made it less painful to run as a standard user, but still left the default user account as an administrator.
Additionally, since it has always been common for Windows users to have administrator access, a lot of software assumed it was available or did things that required administrator access when they didn't really need it. This meant that when Vista was first released, it was common to get prompted for administrator access when installing non-administrative software and performing some actions that wouldn't normally require administrator access (like running a game, for instance).
This meant that early adopters were either conditioned to grant programs access that shouldn't have needed it or turn off User Access Control (which additionally had/has some performance penalties associated with it), which returned them to the previous state of Windows where everyone ran as administrators and didn't know whether or not the software they are using is doing something it shouldn't be doing.
At this point it's far less common for programs to try to gain administrator access in Windows, but until MS changes the defaults and makes the primary account a user account, or somehow makes it more annoying to run as an administrator than as a normal user (which would just piss people off, I'm sure), these problems will still persist.
Personally, the company I work for mandates AV software on their computers, so the computer I work on, which is technically better than the computer I use at home, is slow and has unusual glitches (like random blue-screens when working with a lot of open files in varied programs that require a lot of resources; or the long periods of thrashing on the hard drive as the virus scanner tries to scan every file I'm accessing).
At home, where I switch between Vista and Linux, I don't use AV software unless Vista starts misbehaving. The computer is much more stable and much faster than the work computer, and when it does start acting up I usually find that it's some piece of spyware that most AV software won't pick up anyway (and running 1 or 2 spyware scanners picks it up right away and kills it). So, someone gets to spy on my surfing habits until they get annoying, and they get the boot.
Of course, I don't assume my Linux system is secure, either, I just don't run a stable enough Linux system to worry about it, and reload the whole thing every other week.
-PainKilleR-[CE]
I've found that some AV scanners are too paranoid, they detect things that aren't really problems. Sophos, for example (which I pick on because it's an amazing piece of shit and we have it at work) gets all suspicious of the VMWare Tools client, and the Intel Audio Drivers because they modify the registry. Yes, really. It pops up a warning, though it doesn't stop them. I've seen other virus scanners that get set off by game trainers. They hook in to monitor key strokes, and the scanners think that's bad behavior.
So just because it finds more, doesn't mean it is right. I had that problem with AVG. Kept giving false positives. NOD32 I find is much better at that (not to mention a lighter weight program) though I still caught it on one false positive.
The question isn't just how many baddies does a program catch, but how good is it at not flagging legit programs. I mean after all, I can make a 100% effective virus scanner so long as you don't care about false positives. I'll just stop any program that isn't on a specific white list from running (or heck, maybe any program at all). Done. Not so useful in the real world though.
I've never used Kaspersky so I dunno how good it is, just saying that a high catch rate isn't necessarily indicative of a good program, maybe just a paranoid one.
After all, no one antivirus can protect from unknown virus, for example here have many crappy "virus" (bankers stealers from script kiddies) not found on any other country. The best protection still is a educated and alert user.
Religion: The greatest weapon of mass destruction of all time
You have a Networked Toaster?
My Progression in AV software went: Mcafee-> Norton AV -> AVG -> AVG + No script + Zone Alarm -> Linux (Fedora 9)with Clam AV -> Linux F-Secure (trying it out) What sparked the changes in AV was always "Computer Performance". Some of the above devoured my computer and left me with little reasources.
http://av-comparatives.org/ provides pretty decent testing. The most recent results are as follows:
Advanced +
AVIRA
GDATA
Symantec
McAfee (with Artemis)
Avast
TrustPort
Kaspersky
AVG
Advanced
ESET
BitDefender
F-Secure
eScan
Sophos
Norman
Standard
Microsoft
McAfee (without Artemis)
No Award
VBA32
The government can't save you.
"Ok. Then what can we trust?" - by 404 Clue Not Found (763556) * on Thursday October 23, @09:49AM (#25481201)
HOW TO SECURE Windows 2000/XP/Server 2003 & even VISTA, plus, make it "fun-to-do", via CIS Tool Guidance (&, beyond it's "industry best practices" for security):
http://www.tcmagazine.com/forums/index.php?s=49125ef36605621c1a4c34eb160411a9&showtopic=2662
----
You can trust that material in the URL link above! Mainly because it's YOU doing the work, yourself, albeit, with a tool that makes it some fun, & explains why you are weak in a particular area in securing your own system, yourself, with a fun to use tool to do so.
The CIS Tool test is much like PC performance benchmark, but this one's for security!
(&, it reviewed well in COMPUTERWORLD no less for doing so)
So, it's a test (which is what you asked for in fact) to quantify your improvements, after you do the work securing yourself based on its advisements (& points that go beyond just that test only are also in that guide above)
E.G. -> In not quite 1 yrs.' time online, it's passed over 200,000 views on the 27 forums its on, & people are doing well using it... but, take a peek @ it yourself, & YOU judge, as to whether it can help YOU, help yourself, vs. the threats present online, today.
----
"Without some sort of test, however imperfect, how is the average home user supposed to choose?" - by 404 Clue Not Found (763556) * on Thursday October 23, @09:49AM (#25481201)
Layered security!
( &, that's what that post from Tech Connect Magazine gives you, & shows YOU, the end user, how to do for security of your system today, online... &, as a bonus? You'll even end up surfing F A S T E R as well... )
The problem with today's antivirus programs is that they're largely MOSTLY "signatures based" & with polymorphic viruses that can "mutate" into ones that look totally different to an antivirus program (defeating signatures based detections) from one minute to the next?
HEURISTICS ("looks like a duck, sounds like a duck, smells like a duck - IT MUST BE A DUCK!" type logic) is the way to go for them, alongside whitelisting &/or blacklisting of applications allowed to run!
I mean, take a look @ this CURRENT information on SECURITY SUITES failing left & right on tests run, vs. the threats out there, TODAY (not yesteryear tech in them):
----
Top security suites fail exploit tests (COMPUTERWORLD):
http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9117042&intsrc=news_ts_head
&/or
Top security suites fail exploit tests (SECUNIA):
http://secunia.com/blog/29/
----
The "old-school methods" (what security suites use generally - like anti-virus programs using virus detections signatures, which only work vs. KNOWN threats, when they ought to be concentrating on white or blacklisting sites &/or HEURISTICS levels of detection ("smells like a duck, tastes like a duck: IT MUST BE A DUCK!" type logic))
Signatures-based detections aren't working that well nowadays guys, vs. std. viruses... & MOST of what folks get today? They're bad javascript driven (in combination with iframes &/or bad or vulnerable plugins) usage, anyhow. AntiSpyware programs do better here, imo @ least, than antivirus programs do. By far...
After all, you know it, & I know it:
People - The REAL, TRUE threat's out there today are coming thru your email, webbrowser, instant messenger programs (& even Adobe .pdf files with javascript active in the program,
Sometimes I feel like the AV companies are the ones who write the viruses, or at least the different strains, so that everyone will be scared into using their anti-virus product. Does anyone have any proof or thoughts on this?
I am a Norton user myself, mainly because my University continues to pay for licensing for it and I've only had one real bad outbreak in the past 6 or 8 years [and it was caused by my family using my computer]. I remember people sang praises of NOD32. Anyone have any experience with that AV?
Also, I think Mcafee is pure trash, considering how many viruses I've cleaned up on friends' computers that had a working subscription that they were doing updates on. *shakes head*
That's right. Security experts recognize Anti-Virus for what it is: an outdated security mechanism which amounts to nothing more than an IPS for your system, detecting known threats. I'm glad this industry is finally starting to realize their approach is ineffective against modern, sophisticated adversaries.
...just remember this when they try to tell you their product protects from "unknown" or "future" threats - threats that start as POC's, or are built from POC's to specifically target your company. These are rubbish to AV vendors. They don't care about these "hard" problems, and have no interest in protecting you from them.
I see it as tacit acknowledgment that their industry has given up on innovation.
akad0nric0
This sentence no verb.
Once again, XKCD predicts the future:
http://xkcd.com/463/
Dang that guy is scary ...
James
There is NO reliable taxonomy for even what a virus is let alone what they can and cannot do to you. More often all AV vendors look for things THEY ARE ABLE TO FIND. And they ignore everything they are not able to find and declare them meaningless. Moreover you really don't even know if what they find when they find it meaningful. When I see a P2P file that 'exhibits traits of xxxxx.xxxxx.' and the tool asks me what to do, I kind of have to accept as an act of blind faith that a) they really found it b) they really found something c) that something is a virus d) it's not a false positive and e) they can actually control it.
Use Linux or purchase an Apple and your Virus troubles will go away.
My name is Inigo Montoya. You killed my Father! Prepare to die!
"That depends, do you walk around all day with a rubber on your weiner? No? Newsflash, niether does your computer" - by noundi (1044080) on Thursday October 23, @10:15AM (#25481543)
Mine does, lol, essentially!
AND?
So can yours, or anyone else's, via following some simple steps (many common sense, others more complex), via this guide (which has you use a noted test of your system's security, which is multiplatform (not just restricted to Windows, but also to many *NIX variants as well), called CIS Tool):
----
HOW TO SECURE Windows 2000/XP/Server 2003 & even VISTA, plus, make it "fun-to-do", via CIS Tool Guidance (&, beyond it's "industry best practices" for security):
http://www.tcmagazine.com/forums/index.php?s=49125ef36605621c1a4c34eb160411a9&showtopic=2662
----
The CIS Tool test is much like PC performance benchmark, but this one's for security!
(&, it reviewed well in COMPUTERWORLD no less for doing so)
----
"so stop putting it's dick everywhere." - by noundi (1044080) on Thursday October 23, @10:15AM (#25481543)
I can, & DO, because I use a simple concept, that works (no virus/worms/trojans/spyware/malware-in-general here, for more than a decade++ now in fact, because of this) -> I practice a thing called "Layered security", nowadays, & yes, it works!
( &, that's what that post from Tech Connect Magazine gives you, & shows YOU, the end user, how to do layered security of your system today, online... &, as a bonus? You'll even end up surfing F A S T E R as well... )
See - The problem with today's antivirus programs is that they're largely MOSTLY "signatures based" & with polymorphic viruses that can "mutate" into ones that look totally different to an antivirus program (defeating signatures based detections) from one minute to the next?
HEURISTICS ("looks like a duck, sounds like a duck, smells like a duck - IT MUST BE A DUCK!" type logic) is the way to go for them, alongside whitelisting &/or blacklisting of applications allowed to run!
I mean, take a look @ this CURRENT information on SECURITY SUITES failing left & right on tests run, vs. the threats out there, TODAY (not yesteryear tech in them):
----
Top security suites fail exploit tests (COMPUTERWORLD):
http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9117042&intsrc=news_ts_head
&/or
Top security suites fail exploit tests (SECUNIA):
http://secunia.com/blog/29/
----
The "old-school methods" (what security suites use generally - like anti-virus programs using virus detections signatures, which only work vs. KNOWN threats, when they ought to be concentrating on white or blacklisting sites &/or HEURISTICS levels of detection ("smells like a duck, tastes like a duck: IT MUST BE A DUCK!" type logic))
Signatures-based detections aren't working that well nowadays guys, vs. std. viruses... & MOST of what folks get today? They're bad javascript driven (in combination with iframes &/or bad or vulnerable plugins) usage, anyhow. AntiSpyware programs do better here, imo @ least, than antivirus programs do. By far...
After all, you know it, & I know it:
People - out online, today/nowadays?
The REAL, TRUE threat's out there today are coming thru your email, webbrowser, instant messenger programs!
(& even Adobe .pdf files with javascript active in the program, & plugins like Adobe Flash (which I guessed correctly on here weeks before it was revealed ->
Is it any surprise that the company that fails these tests will denounce them?
You do realize that's it's possible, albeit likely Norton encouraged them to write the review?
I believe this is tangent to the point of the /. article: not only are tests flawed, but you should inherently not trust any major news source to unbiasedly review a product.
- Why do they only compare it to Kaspersky?
- Why do they mention ram but not a speed comparison (I'd gladly give up 15mb of more ram just to have better performance in my AV, ram is dirt cheap)
- If NIS2009 is so "lite", why don't they mention the specs in comparison to older NIS (only Norton would want to cover up their old specs, which is a core issue that makes me suspect this is a shill article).
Not to mention I never trust any online news source, including tech sites, to have somebody savvy enough to know how to test an AV properly, which, as the /. article points out, not even the AV "experts" have figured that out, much less some tech site.
Norton is ... ALMOST IMPOSSIBLE TO REMOVE.
Which I found especially hilarious/frustrating when I was required to upgrade the version of Norton on a bunch of lab computers. The upgrade wouldn't work, and told me I had to uninstall the previous version. Turns out uninstalling the previous version was unbelievably difficult.
My dad runs OS X, but got some emails with a note that said a virus had been removed by his email provider. The messages about a virus were worrying enough to him that he asked my brother (a PC user) about it. Norton was buggy, annoying, caused all kinds of problems with surfing and email, and was almost worse than getting a virus. My dad was really annoyed when he found out that Macs essentially don't get viruses and don't need antivirus software. And just like a virus, it was just about impossible to remove.
Funny note -- I had a friend that worked for Mcafee -- she (and her tech support buddies there) were sure that they hired people to write viruses to increase the demand for antivirus software.
NOD32 FTW!
For these people who are paying for antivirus. I had a commercial AV of CA antivirus and it didn't detect anything like Avast did and they were real virus programs that were on system. This is the free version plus not running any programs that I don't know and not going to pron sites no worries.
When folks publish an article saying company X anti-virus found nn% of the viruses we threw at it in our testing. That's nonsense, it should find 100% (unless the testers are writing new viruses or re-engineering old ones). If it doesn't then I don't want it.
On the whole they would do much better to assess the anti-virus on a) how it reacts to a zero-day threat, b) how much performance it takes out of your CPU and/or hard disk, c) whether it has to scan the whole disk every day/every week/every month or whether it has a constantly running service. Assess anti-virus on cost/performance. How often does it update, how fast does the vendor get the updates puushed out to the users to protect from something new. How much do they screw you for annual subscription.
In general I'm happy running freeware anti-virus like AVG or Avast. (On my linux machines I simply don't bother with having any anti-virus.)
Sigs. We don't need no steenking sigs.
Windows has been doing that now for quite a while, with the warning bit and all!
5-point harnesses are not safer than tri-point for street use. The 5-point harnesses do hold you more securely in your seat, which enables you to be more functional in high-g cornering and similar. There's no denying that it holds you firmly in your seat and distributes pressure better.
That said, the main issue with 5-points is rescue operations. With a tri-point, an emergency official can pry open the door and slide you out of the car without ever releasing the belt. Having the open side enables emergency officials to save your life in the event of its need.
-M
when you see the word 'Linux', drink!
This is an example of how the entire IT industry sucks rocks. This industry couldn't produce a reliable, cost-effective product if not doing so meant the world would explode.
Various tests by AV rankers have shown almost all the AV products on the market can't even come close to detecting spyware (as opposed to viruses and worms) - test rates were around sixty percent or lower, including the big names.
ClamAV's detection rate sucks rocks.
So of course some people try to prove it's REALLY not that bad by doing tests with selected malware, claiming that ClamAV detects more of the so-called "real" malware currently around than the other vendors.
Sorry. The whole point of ranking the AV's with tests is to determine who's better or worse. If we can't do that, the entire issue is up for grabs.
And ClamAV thus has no claim to being anything at all, just like the rest of them.
Neither does Comodo AV, which is completely free as well even for corporate use - but which hasn't been adequately tested or has done poorly when it was tested.
The bottom line is that the AV companies simply aren't doing their jobs because their products both fail to detect actual malware - especially targeted malware which is increasingly the problem - plus their products by cramming in firewall, anti-spam, anti-phishing, anti-spyware, yada, yada, makes them so bloated that people won't even run them once they see the impact on their PC's performance.
I've got 19 users running Kaspersky at one of my clients - at least four or five of them won't run it because they claim it slows their machines down. And that's with Kaspersky set to do ONLY on-access file scans and incoming e-mail scans - all the rest of the features are switched off! I've got another client running 20-odd copies of Kaspersky and most of them don't have that problem - probably because they're running desktops, not laptops, or they're not the sort of users who spend most of their day flipping from one application to the next, as some of my other clients are.
The real problem is that security was never designed into the computing environment, either at the Internet level, the OS level, or the application level. Bolting it on as an afterthought simply isn't working - and may never work. And since redesigning the entire computing environment isn't going to happen, we're stuck with it.
Basically, people need to get used to the fact that you're going to get "mugged" occasionally on your PC - just like you will if you repeatedly go into bad neighborhoods. Well, the Internet is a "bad neighborhood" and it's one that's never going to get better.
And as long as the educational system in this country can't turn out people who can think, the PC consumer is never going to be able to deal with the complexities of dealing with PCs AND PC security.
Game over. Go home and get drunk. This is just another case where there is no solution because you're dealing with humans - whose basic nature IS the ORIGINAL "security flaw".
Or as Rutger Hauer, playing a terrorist based on "Carlos the Jackal", used to say in the movie "Nighthawks": "Remember - there IS NO security."
Richard Steven Hack - This sig is TOO GODDAMN SHORT TO DO ANYTHING USEFUL WITH! MORONS!
Well the simple solution is to simply forget all that virus scanner crap and find better solutions.
Simply put, the idea is to make bad ideas harder and good ideas easier.
Under Windows you download a file with the extension .exe and after that the browser will ask you if you want to execute it. That's usually a bad idea. Under other operating systems, you will not be able to execute the file directly, but will have to turn it executable first.
You might now wonder how someone installs software. It's preety simple, you make good ideas easier. On ubuntu-Linux, for example, you have a little programm named "Install or Remove Software". With it you have easy access to large repositories of software, all, at least to some degree, looked over by people who know what they are doing. This greatly reduces the chance of downloading any malware.
Now, why are virus scanners such a bad idea. It's because they are often written by people who can't use their tools. The often use C and seem to be unable to prevent buffer overflows. This has caused them to often execute code from the file they wanted to scan. So in effect they potentially execute every file they scan which might be every file you download, including little pictures your browser needs.
Simple rate based on sheer number of viruses detected. http://bbx.flnet.org/pub/dmsoft/projects/vxav/vxax.c
Right, because a malicious app on a machine inside your network could not possibly ever take advantage of such an bug to spread itself. Nothing has ever slammer'd machines behind a firewall to spread or anything.
Lets just pick a few of the popular ones:
http://en.wikipedia.org/wiki/SQL_slammer_worm
http://en.wikipedia.org/wiki/Blaster_worm
http://en.wikipedia.org/wiki/Sasser_worm
http://en.wikipedia.org/wiki/Nimda - multiple attack vectors, but could easily spread via an internal IIS installation installed by someone behind your firewall.
http://en.wikipedia.org/wiki/ILOVEYOU - requires user action, but thats just another example of how it can get past your firewall.
Firewalls don't fix everything.
Persistent Volume manager for Kubernetes - https://github.com/dwimsey/openshift-pvmanager
a computer infected with a r00t kit these days can be next to impossible to disinfect. even with kaspersky, or nod32 which i consider to be in the top few antivirus programs.
unfortunately they slow your computer down quite a bit.
after comming back from holiday to find my gf had somehow gotten the computer infected and it was a root kit that kept bringing in new malware that was the last straw. this virus must have been brought in on a usb stick and it was an encrypting virus that took some of my music and put it in passworded rar files. argh, this really did aggravate me!
so as i use ubuntu much of the time (as i find interface with the desktop much more relaxing than xp, and i use it for fortran and mathematica under linux. i also enjoy using many linux native programs such as kile and emacs) i decided on the following strategy.
now all documents and anything that is more permanent is saved to another ntfs partition. if windows is ever infected i can just reboot to ubuntu and then use something like zcat xpimage.gz | dd - bs=100M of=/dev/hda2 which is very fast, ive timed it and specifying a large block size speed up the restore significantly reducing it from about 12min to 4min ~ 34meg/s..
so if xp ever gets infected i can restore it in 4min.. its just not necessary to have the speed of the computer constantly crippled by having everything that is executed or accessed, emulated and scanned and analysed.
if i need i will use antivir under linux to scan the secondary ntfs partition. antivir also provide an iso of a linux based virus rescue cd which is great for giving to friends with windows that keep asking for free reinstalls which can take several hours if you have download and install a sp and drivers (depending on how prepared you are and how fast the available internet happens to be)
and of course everything that should be archived is backed up
i really recommend this scheme its saved me a lot of stress and time. i hope it can be of some benefit for my fellow /.ers
So you really COULD care less?
Then, uhh, why don't you?
Please- make our day. Care less.
... but nobody seems to advertise the offset crashes, such as the right half of your bumper hitting the left half of your 'opponents' bumper. Why? Because it's sad in comparison. It's also not pretty to watch.
Euro NCAP do test that one. See the Frontal impact1 test description: frontal impact at 64kph (40 mph) at only 40% overlap.
http://www.av-comparatives.org/