Slashdot Mirror
Can You Trust Anti-Virus Rankings?
Slatterz writes "It seems nobody can agree on a universal set of tests for rating anti-virus software, with Eugene Kaspersky the latest to weigh in on the topic, criticizing the well-known Virus Bulletin 100. Kaspersky is one of several big anti-virus brands to fall foul of the VB100 tests, reportedly failing to pass a recent test of security software on Windows Server 2008, along with F-Secure and Computer Associates. At Kaspersky, bloggers have pointed out that they don't focus on detecting PoCs, calling it a 'dead end,' and saying their anti-virus database focuses on 'real threats and exploits.' 'I don't want to say it's rubbish,' Kaspersky told PC Authority. 'But the security experts don't pay attention to these tests. It doesn't reflect the real level of protection.'"
Game over.
than I can trust the hackers that write these damn viruses that keep infecting my PC! Yeah, standards in this industry would be a start in the right direction, but right now ANY virus protection software is better than none!
I use Norton Internet Security, and while it is passable, I find that it's a resource hog. I know there are other products out there that are less "intrusive", but I just don't want to take the chance (or time) with another product.
Attention all planets of the Solar Federation! We have assumed control! - Neil Peart
Take crash tests on new vehicles. Name me one that doesn't have a 5-star crash rating? The rating system is too easy, and needs to constantly be moved to achieve a new level of betterness. Not everybody should get A's. Once the majority of players reach a standard, the standard should be moved to motivate advancement in the field and show the better of the pack.
For example, the 5-star front-impact crash rating is par for the course now... but nobody seems to advertise the offset crashes, such as the right half of your bumper hitting the left half of your 'opponents' bumper. Why? Because it's sad in comparison. It's also not pretty to watch.
So all the power to making the standards hard to achieve. Yes this may not be the 'real world' threat, but it's a threat nonetheless. They're basically saying "Since England isn't going to declare war on the USA, any preparedness for receipt of an attack by the USA shouldn't be considered in overall military preparedness". That's of course rediculous. Protect only against the popular virus and the unpopular virus will begin to spread.
when you see the word 'Linux', drink!
Comment removed based on user account deletion
I have different Anti virus product on each of my machines at home. I figure the gap of what they won't detect is smaller then what just having one product will detect.
Bullet proof? Of course not.
So far with Avast, AVG, (mind you one virus product per computer only) ZoneAlarm, FireFox, and some basic sense I haven't been hit.
My only issues (sad enough) is when a windows update broke Zone Alarm and when AVG detected Zone Alarm as a virus (cause a new version came out) and shut it down.
Now that i really think of it all the products designed to protect me have been the ones giving me all the trouble. HAHAHA (as I cry)
Anti-Virus is outsourcing the problem of deciding what is good to execute on your computer to a vendor who works backwards and blind.
... and keeping up with that growth rate is not a game I'd want to play! My list of "good" software doesn't increase on a quadratic growth rate, does yours? If this were any other field of computation, the signature approach would have been laughed off the planet by now.
It's "backwards", in that you don't tell them what is "good". They try to guess what would be on your "bad" list. As everyone here knows, it turns out that the "bad" list is much, much longer than the "good" list. In 2007 alone, F-Secure added more virus sigs to their products than the totality of sigs accumulated from the previous 20 years! And last I heard from them, 2008 was projected to double 2007. That sounds almost like quadratic growth to me
It's "blind" in that they aren't seeing what is actually running on your computer. For privacy (and performance) reasons, nobody provides metrics back to AV vendors about all of the executables that weren't labeled "bad", and rarely do the metrics about what is labeled "OK" actually go back to them. The AV vendors have to take a shot in the dark. They can simulate what they think your computing environment looks like, but it's just a guess. They cannot know if you have custom or proprietary software that matches one of their AV sigs unless they actually test that particular program against their sigs (and you don't let them do that, hence the "blind" remark).
Backwards and Blind is very problematic. Every once in awhile, we hear about fiascos like Symantec deciding an asian language DLL is a virus, killing all of their asian customers' windows installs for a day or two.
The question the benchmark is really trying to answer is: Which vendor's product is best tuned for the least amount of false positives and false negatives? When we should really be asking the question: Do I know what is good to run on my computers? And if the answer to that is "yes", then we should be asking the question: Why can't these vendors make a product that only allows my "good" programs to execute and nothing else?
libertarian: (n) socially liberal, financially conservative; neither left, nor right.
Call me a Schneier fanboy, but I practice security on my home network like a process, not as in buying a product and be done with it.
Security for me begins with sensible configuration of the router and the PC's on the network, then it moves to access rights and regular patching of said computers.
This includes regular checkups and glancing at logs every three days or so to look for obviously suspicious traffic. Finally, after all of these steps, I use Kaspersky (since I had heard good things about it) together with rootkit detector. (Oh, and Firefox with NoScript)
All of this prevents pretty much all the scriptkiddies from getting in (I hope), but then again, the best thing you can do is to not download anything you don't know what it is.
Do I know what is good to run on my computers? And if the answer to that is "yes", then ...
The problem with that, of course, is that the answer is "no" for most people.
Indeed; nor should we expect them to. The vast majority of computer users want to use the computer in the same way that they use any other appliance; and frankly, they /should/ be able to. Unfortunately, the only way to give them that experience is to a) line up all malware authors and shoot them; or b) provide them with locked-down machines that can only run Authorized Content in an Approved Manner.
The problem with that is we've just spent the last 20+ years going through massive innovation because there's no particular approval to how this tech is used. Bolting on Approval could have ugly effects. Unless, of course, that approval is from the end user. Which puts us in the same place we are now.
The other issue is that we're not dealing with a toaster. Nobody expects their toaster to also become a calculator, telephone, and TV on demand. We're dealing with a complex and powerful machine. A computer is not a toaster (or a truck - but I digress).
That doesn't mean we shouldn't be trying to simplify the tech. After all, an automobile is also a pretty advanced piece of machinery as well. But the key to this is making really intelligent and sufficiently paranoid choices on how to go about doing this so the end user doesn't have to. Part of the problem is that some aspects of the industry like to portray their products as toasters while making poor design choices; a customer base of monkeys with machineguns.
Actually as someone who has been working in Win PC repair more years than I can count,I'd say the biggest problem would be a simple fix for MSFT,but for some reason they haven't. And that is that file extensions are all or nothing. What I mean is this: either they can see file extensions,in which case the user can fuck up EVERY single file they touch,because it lets them wipe the file extension when they go to rename the file. Or you can't see the file extensions,in which case the nontechnical user get bit by the "OMG watch Britteny suck teh titties!".avi.exe malware.
There should be a way to show file extensions but not change them unless you right click and explicitly choose "change file extension for this file" which would give the user a warning,like "This can cause the file not to open correctly. Are you SURE that you want to change the file extension?". If you did that,a whole damned lot of the infected machines that cross my desk weekly wouldn't be filled with malware. I don't suppose anyone knows of a freeware solution that does what I just described,do you?
ACs don't waste your time replying, your posts are never seen by me.
You do realize that's it's possible, albeit likely Norton encouraged them to write the review?
I believe this is tangent to the point of the /. article: not only are tests flawed, but you should inherently not trust any major news source to unbiasedly review a product.
- Why do they only compare it to Kaspersky?
- Why do they mention ram but not a speed comparison (I'd gladly give up 15mb of more ram just to have better performance in my AV, ram is dirt cheap)
- If NIS2009 is so "lite", why don't they mention the specs in comparison to older NIS (only Norton would want to cover up their old specs, which is a core issue that makes me suspect this is a shill article).
Not to mention I never trust any online news source, including tech sites, to have somebody savvy enough to know how to test an AV properly, which, as the /. article points out, not even the AV "experts" have figured that out, much less some tech site.