Slashdot Mirror
Symantec Exec Warns Against Relying On Free Antivirus
thefickler writes "Clearly, the rise of free antivirus is starting to worry Symantec, with one of their top executives warning consumers not to rely on free antivirus software (including Microsoft's Security Essentials). 'If you are only relying on free antivirus to offer you protection in this modern age, you are not getting the protection you need to be able to stay clean and have a reasonable chance of avoiding identity theft,' said David Hall, a Product Manager for Symantec. According to Hall, there is a widening gap between people's understanding of what protection they need and the threats they're actually facing."
"IT admins across the globe are letting out a collective groan after servers and PCs running McAfee VirusScan were brought down when the anti-virus program attack their core system files. In some cases, this caused the machines to display the dreaded blue screen of death"
If there were any high-quality for-pay alternatives, I'd say he might have a point.
Unfortunately, most antivirus software sucks, with Symantec more or less epitomizing how good ideas on paper can turn into terrible/buggy/bloated security software that actually increases your exposure since it adds another node malicious code can attack. Symantec's argument-from-assertion notwithstanding, there doesn't seem to be any correlation between antivirus software being for-pay and higher quality.
From my experience, there's really bad antivirus software (such as Norton, which I have zero confidence in and would never let touch my machine), and slightly less bad antivirus software. What went wrong? Why does this industry suck so badly? Anyone have any insight?
except the one at www.virustotal.com when on rare occasion I encounter a suspicious file
Of course they say that. They are in the business of scaring people into buying their crap so they think they are safe -- when in actuality their vict^Wcostumers get pwned by exploitable holes in IE anydangway.
________
Entranced by anime since late summer 2001 and loving it ^_^
Microsoft warns against free operating systems. "They're so inferior! Look at ours, it runs the London Stock Exchange...oh wait."
--
BMO
If Symantec's "security" security programs were worth a damn, the "free" products wouldn't stand a chance. So far, that hasn't been the case eh?
...Rob
The American Dream isn't an SUV and a house in the suburbs; it's Don't Tread On Me.
If there choice were only: install Symantec or get a virus, then that's a really difficult choice. I'd be inclined to risk the virus, since Symantec invades and slows your system in a worse way than many infections.
Fortunately, there are many free anti-virus products that work better than Symantec. It's a no-brainer choice. Free is cheaper and better.
I have no understanding of how Symantec remains in business. There's something deeply wrong with that.
If I grew bananas, I would warn everyone that free bananas could be detrimental to their health. After all, consumers have no idea how hard it is to grow good bananas. Free bananas could leave them lacking in any number of impossible to define vitamins and minerals.
As a software author, I've found that free anti-virus, like Avira and Avast, pretty good, given my understanding of computers, email, spam, and security threats. Symantec are just creating FUD. I used to use Norton Security software, but found that it just slows down a Windows XP machine far too much, guesstimate 15 to 20%. The UI would take ages to load. Symantec might be good for the peons, but for experts the performance hit is too much. Expert users can find better, cheaper, and faster working solutions.
Dear Symantec,
The reason you are steadily losing market share has less to do with the availability of reasonably good antivirus software for free, and more to do with the staggeringly awful quality of your own products. Norton Internet Security was so completely terrible, that not only did it fail to stop critical attacks, but it slowed down systems more than the worst available spyware infections. Removing those spyware infections was also easier than removing your software, because the uninstaller would fail more often than it would function. I began to keep the latest version of the Symantec removal tool in my kit because it was better to assume the uninstall would fail, and not bother to use it. Until I managed to get a significant portion of my clients away from your products, they paid me to fix problems with your software more often than any other single product by a factor of 10. At this point, even if your company came out with the perfect security product, I would advise my clients not to buy it purely based on past experience, because you do not deserve their money.
In my experience (which is fixing other peoples Windows infested crap) the most reliable way of detecting a virus is to run from a Linux livecd.
Download clamav, then check the drive.
The reason I say it is better is because many virus/malware disable AV features in Windows so you can never be 100% sure - I know you can get clamwin but again some 'bad thing' could have disabled some it it's features...and linux allows you to write to folders that would be normally projected by the system (i know there is any obvious danger to this)
There has been at least 2 cases in the last month where a vista machine (one had norten and signed up to onecare,,,) which had av protection was not able to completely get rid of a trojan - even using clamwin - clamav in linux sorted it.
You know what is really a non-protection in AV? Products from large companies. No, really.
Malware is today routinely tested against the big players before it's leaving the door. More and more often, you also see protection against specific AV suits (Norton, McAfee, Kaspersky are amongst the top on that list), where the malware specifically tries to disable those AV suits or at least blocks updates.
Malware protecting against smaller players in the AV field is rare. Market dictates that. It does not pay to protect your malware against an AV suit the market share or which is less than 5 percent.
So, I essentially agree with him: MS Antivirus will offer ... well, let me say not the best protection, because EVERY piece of malware will be tested and hardened against it. But, and I guess Mr. Hall will not enjoy that, Symantec doesn't offer protection any better, because, since they're big enough with a big enough market share, they, too, are on the malware writer's radar.
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
I agree, all free antivirus sucks, so does all paid for software. However there is a magical amulet which will protect you from all computer attacks, I happen to be selling these items for a very reasonable price.
...
On the other hand, I know plenty of people running active commercial anti-virus software that's been plagued with virii.
The reason?
1. No Awareness.
2. No Patching.
3. No Prudence.
4. Running Windows
There. Fixed that for you.
Worm/Virus are spread so fast these days, the AV software just can't catch up in time to prevent the infection and in quite a few cases, the Worm/Virus disables the AV software, making it more difficult (in some cases impossible) to remove the infection without booting to another OS (Live OS from a CD/USB Drive).
Except that spreading fast is nothing new. Most worms hit peak a few hours sooner than the average time it takes for the AV makers to create and push out a new profile.
That's why I use ClamWin for occasional scanning.
ClamWin, ClamAV are fine for remedial action. The best remedy, as in all things, is prevention and that can be accomplished by moving to systems that are resistant to malware. Here even the consumer unions fall flat on their faces and fail to mention the Linux distros. Most mainstream distros are years ahead of Windows as far as ease of use, maintenance and speed. The main weakness of real systems (non-M$) is that Web 2.0 script crap.
If someone wanted to make a really hardened desktop or netbook appliance, the following steps can be taken:
I wrote the word appliance above, because with extreme settings like that, you are not going to want to try to add, remove or radically reconfigure any packages.
Beta is broken and the link to classic doesn't work. Stop wasting our time or there won't be anybody left here.
I know that myth stays in circulation, but trust me: AV companies do not write malware. For two reasons:
First, AV companies do talk a lot. Not only at conferences. There's a well built and solid network of sample exchange between them. Of course, you delay it a few hours or a day before you forward your new samples to the others so you can have a 'first', but a global malware detection array is in nobody's budget possible. So they split the world and detect together. Should it become known that you spew malware yourself, you're OUT. And that means you're dead.
And second, why bother the cost? You get the malware for free anyway. There are people who make it their (illegal, but who cares?) business to write and spread it. Why should I invest money into something I get free of charge?
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
So what this means is that the McAfee antivirus is so thorough it even finds trojans and viruses that MS ships. Symantec's product manager is right!
Apple has "Mac vs PC", Microsoft has "Laptop Hunters", Linux has recession
A quick Google search shows Symantec products are not much different: Norton - From Symantec - Problems, Problems, Problems..
Or, Multiple serious problems with symantec endpoint 11 - Please help.
Or, Norton Internet Security 2009 has caused me problems. (Norton.com is owned by Symantec, of course.)
You know there are problems when Symantec provides a Removal Tool.
And *that* is a crap statistic; it does nothing to describe the severities of the vulnerabilities, the vendor response, or the amount of time each was left unpatched. Who cares if FF had 184 vulnerabilities and IE 1, if the FF ones were hard to exploit and patched within a few days and the IE one was left open all year and readily attackable by script kiddies?
Here's a problem with ESET's Nod32 discussed on March 9, 2009: NOD32 was deleting very critical and required Windows files.
."
... the gripe is that you can't opt out of this during the purchase. OneCare is the most difficult of the three to opt out of. In fact, you can't. Instead you must must cancel your subscription altogether by calling 866-663-2273."
The fundamental problem is that Microsoft makes more money if there are security problems in Windows.
OpenBSD doesn't require anti-virus and anti-spyware programs partly because it was written to be secure. Apple's Mac OS X is based on BSD, and users rarely have problems with that operating system being insecure.
Amazingly, Microsoft is not only supplying insecure software, it is charging for programs to fix the insecurities!!! See Windows Live OneCare.
Microsoft charges Microsoft Windows users $50 for software to fix problems in Windows! Windows Live OneCare has "Antivirus and antispyware all in one". More: "Two-way firewall helps stop hackers in their tracks". Hmmm, Microsoft, if Windows needs a "Two-way firewall", and it certainly does, why do you supply a one-way firewall with Windows???
See Windows Live OneCare Gripes. Quote: "Create the problem, then charge people money to solve it." Another quote: "Why should Microsoft profit from the plague of viruses and Spyware? Shouldn't it have designed Windows better to begin with? And if it has indeed found a way to protect Windows, isn't it a tad exploitative to charge for it? Microsoft has no convincing answer for these questions . .
Another quote: "McAfee, Symantec and Microsoft (with Windows Live OneCare) all set your credit card up for automatic renewals when you purchase their security software on-line.
To me, it seems like this: Testing... Testing... How much abuse will computer users accept?
If you make a product and then make a new version how can the new version freakout and break because you once had the older version made by the same company?
That's a pretty easy question. You skip the regression testing phase. Or maybe they trusted the OS too much, moved a function from one dll to another, changed how the function worked, and forgot to have the update script remove the dll from the OS. If the program gets the invalid response from the older function, it might cause problems. Anyway you work this, it all comes down to them not testing enough.
Antivirus software would be required on WHATEVER was the popular platform, because not being able to run code makes a computer worthless and sheeple can easily be tricked into running bad code.
There are 4 boxes to use in the defense of liberty: soap, ballot, jury, ammo. Use in that order. Starting now.
I used Norton Antivirus for a while (made by Symantec).
number of times it stopped me from getting a virus: 1
Number of false positives: 7 (security tools and a Y2K joke program)
Number of times it screwed up my computer: 2 (Once randomly and once when I went to uninstall that piece of crap)
honestly Id be better off with no protection than with their product.
All misspellings and grammatical errors in the above post are intentional and part of my artistic expression.
It's been getting harder and harder for me to distinguish Symantec and McAfee software from malware.
Rather than advocating a specific anti-virus product, I feel that the question is how do you know you need anti-virus. I would recommend choosing two anti-virus product and keep them up to date for the shortest subscription period allowed. During this time, work as usual, and take note of any virus alert you get, and how that happens. Get rid of one of the anti-virus that doesn't appear to be as effective (and recommend the remaining one to other people). Also adjust your computer using habit until you get no virus alerts. Then make sure you keep your habit within the confines of rules you find working well for you, so you don't get virus alert. Then get rid of the anti-virus software altogether.
I regard anti-virus software as some sort of potty training. You only need it until you find out what behavior will get you into trouble.
I once had a signature.
Exactly. Isn't this just like a wolf warning that the chicken coop should have a free and open society with no fences?
Or to put it another way: Is there any answer that you're going to give that doesn't recommend I spend dump trucks full of cash at your company?
There's no place like
One of my clients bought a new Dell Inspiron notebook with an integrated Verizon cellular card. He wound up needing my help getting the Verizon card set up, because every time he ran the Dell utility to manage the card, it just hour-glassed the PC for about 30 seconds, and finally returned an error message about being unable to connect to one of its components.
I fought and fought with it, checking to see if the cellular card might be disabled at the BIOS level, or if a Windows service was incorrectly set to "disabled" or something.... nope.
I finally gave up and called Dell tech support, to see if they knew anything about the issue. The tech had no clue, other than suggesting steps I already tried, and seeing if I could launch the configuration program from the START menu, as opposed to from its system tray icon (same result).
Then, on a "shot in the dark" troubleshooting step, I did a full uninstall of the McAfee Security Suite provided with the machine (with 1 year subscription). That did the trick! McAfee was blocking the cellular card utility from launching, despite its firewall not even listing it as a blocked executable or anything! Nice.....
Your facts are so bizzarely wrong its hilarious.
OneCare has been discontinued. The scanning engine it was based on, along with definition updates, are now available free. If you'd even bothered to read *anything* about the product related to this article, you'd know that.
Windows does ship with a two-way firewall, and it's remarkably powerful and versatile. OneCare was basically a giant patch for those fools still running an 8-year-old OS.
"designed Windows better..." You can't fix stupid. The OS itself is pretty damn secure these days, much more so than (for example) OS X - see the Pwn2Own contests and the competitor's comments for an interesting case study. Actually exploiting Windows pretty much requires third-party software, and even then you have to deal with security features that no other os *except* OpenBSD has fully implemented (DEP, ASLR, etc.). What most malware for Windows (and usually for other platforms too) is, these days, is Trojans. Not a lot your OS can do to protect you from those. See the Dancing Pigs (or Bunnies) Problem. Pop up a warning dialog? Users will click right through it. Make them run as non-Administrators? They'll gain whatever rights the program says it needs (in the case of Trojan-infected installers, you would probably need admin rights anyhow). Antivirus provides only a very small amount of protection against this, but I suppose if you're going to have that kind of person online anyhow they should have that protection. If a company wants to charge more to protect against that stupidity, though, I don't see that as being so evil.
There's no place I could be, since I've found Serenity...