Slashdot Mirror
Test of 16 Anti-Virus Products Says None Rates "Very Good"
An anonymous reader writes "AV-Comparative recently released the results of a malware removal test in which they evaluated 16 anti-virus software solutions. The test focused only on the malware removal/cleaning capabilities, therefore all the samples used were ones that the tested anti-virus products were able to detect. The main question was if the products were able to successfully remove malware from an already infected/compromised system. None of the products performed at a level of 'very good' in malware removal or removal of leftovers, based on those 10 samples."
BuY H3rB@l V1agaRa t0Day!!!
Security is a process, not a product.
-Myke
Despite this being Slashdot, when I first saw the headline about "anti-virus" products, I immediately thought "stuff like Tamiflu".
I see even classic Slashdot is now pretty much unusable on dial up anymore.
They need to try this antivirus it detects thousands of viruses in my computer!!!!!,I can't wait for antivirus 2010 to come out.
Guess they didn't try:
dd if=/dev/zero of=/dev/sda
Only sane way to remove viruses. Rates an "Excellent".
I guess the equivalent in Windows is to buy a new computer. Also, an "Excellent" method.
I don't think anyone sells common sense.
restore from a known good backup whenever the root account is compromised, be it compromised by a worm or a human, in part because it's impossible to tell the difference between a human pretending to be a worm and a worm, so it is quite difficult (perhaps impossible) to know what the attacker did, and how to undo the damage.
Comodo is free, it doesn't bog down the machine, and while I admit I don't go to the sleaziest parts of the net so far it has caught everything that I have run across. It also has a nicer firewall than the crappy Windows built in one, so how come nobody tests it?
ACs don't waste your time replying, your posts are never seen by me.
They said AV-Comparative.org in the article. Try going there and see what happens. The correct site is av-comparatives.org.
computer, my browser is completely broken.
My god you are an ass.
there are virls out there designed for OSX because it is now finally getting a marketshare big enough to have it worth making something to comprimise your precious yuppie OS.
Putz.
The article doesn't say much about what "good" means. If they tested what I assume are the 16 most popular products and none of them achieved "very good," by what standard do they judge? A ranked list would have been more useful for me.
Also, I find it ironic that "average" is one of the scores. "Good" and "poor" imply an objective scoring system, but "average" would imply that the score is relative to the rest of the group. : )
They must not have included the free offering from MS: "format c:" It is very good at complete removal of malware.
How about testing some malware removal programs? Malwarebytes, Adaware, Spybot?
I find Malwarebyte's Anti-malware to work wonders. Paired with Avast home edition, it is a good free combination. I think most system administrators notice the difference between software primarily tailored for virus detection and removal, and ones tailored for malware detection and removal.
They tested these:
Avast Professional Edition 4.8
AVG Anti-Virus 8.5
AVIRA AntiVir Premium 9.0
BitDefender Anti-Virus 2010
eScan Anti-Virus 10.0
ESET NOD32 Antivirus 4.0
F-Secure AntiVirus 2010
G DATA AntiVirus 2010
Kaspersky Anti-Virus 2010
Kingsoft AntiVirus 9
McAfee VirusScan Plus 2009
Microsoft Security Essentials 1.0
Norman Antivirus & Anti-Spyware 7.10
Sophos Anti-Virus 7.6
Symantec Norton Anti-Virus 2010
Trustport Antivirus 2009
Isn't this an example of security through obscurity? Maybe an example of how virus authors subscribe to the pareto principle...
Stop recommending products. The tests demonstrate that av products don't perform well. It is right on. 80% of my day is spent cleaning malware. I have written here many times about how you need a combination of products. I've also emphasized the need to do the initial cleaning with the infected drive as the secondary in a second machine.
Until you do this day in and day out please stop with the recommendations, as you are not helping anyone one bit.
You can lead a man with reason but you can't make him think.
I've been working in the on-site support field for over a decade. I've seen the viruses get nastier and nastier.
It used to be that the virus got a hold of the system, maybe did a little damage or had a little fun. Sometimes it was pretty funny. Such as screwing with the mouse.
Then things started to get a little more serious. The virus would insinuate itself into the system folder and maybe IE. They stated doing tasks. Thus rose the botnets.
Then it became big business for people. The spreading of spam and fake anti-virus (that wanted you to purchase the "full version" so that you'd get rid of the virus they said you had) was the order of the day. They started blocking access to the run box, the task manager, and sites that might be able to help you (online virus scanners). They started killing the AV programs. They also replaced the explorer.exe and iexplore.exe files. Hell, they even go after Firefox, Chorme, and Opera.
They really get their hooks into in and don't want to let go because it means money. Big money. So I'm not surprised that AV programs are having a tough time getting rid of them. It hasn't been kiddies out for fun for a long time. Now it's all about professional programmers out to make an ill gotten buck.
You are going to end up with the aids virus though... just sayin.
Of course, half of the software they tested is not anti-Malware software (Avast, for example, is an AV, not an Anti-Malware).
They also did not test MalwareBytes, probably because it would make all of the others look bad.
Yeah, instead you just lose your data randomly. I think they even came out with a game that deletes 1 file at a time each time you score...I think it was for.......OS X
OK, if I were to rate PC speeds as "Very Good" if they exceeded 500 petaflops, none would get that rating. But it's still quite possible that the fastest ones out there would be worth having, compared to the rest.
If there are differences in performance in the products you are evaluating, your scale should reflect this. If none of the packages rate "Very Good," it's time to recalibrate the scale, unless there's a clear natural distinction between that rating and the next-lowest. Unless you're asking for perfection to achieve that rating (which is unrealistic), it doesn't really mean anything if none of the programs get your top rating.
Paleotechnologist and connoisseur of pretty shiny things.
If AV software kept track of every malware component (non-malicious) the detection engine size would grow by a massive amount and people would then complain about performance.
My neighbor called me in a panic a couple of weeks ago saying that he needed help, that his computer had a virus. I go next door and I sit down in front of his mac which has words flashing "trojans detected." He had clicked on it and it downloaded multiple exe's onto his desktop. That's when I realized that OS X isn't completely useless. Some people can use real scissors, while others need safety scissors.
He was hardly an "ass", though maybe a troll. Certainly an entertaining post, but your response to it was wrong.
1) There are NO viruses for the Mac. There are trojans though, like any OS.
2) The Mac has long had the marketshare for viruses - pre-OS X there were plenty of Mac viruses. There have been none for OS X because it is more difficult to write them with the way the new OS is designed. Writing one for OS X is like a holy grail for virus writers.
3) Who is the "ass" calling OS X a "precious yuppie OS"?
I wonder who tests if the test itself is "very good"...
How about you, good sir...
And you perhaps...?
^^
Any sufficiently advanced intelligence is indistinguishable from stupidity.
for the regular user, I can understand wanting the "feeling" that you're protected. however, when even the shittiest and lamest rogue-AV programs like WinAntiSpyware, Antivirus2009, System Protector Pro, Police Pro, and all the other bogus products can't be stopped by even the best of AV software, ya gotta think. these scanning programs don't do shit and make you feel like they have. so, understand how your system works. use Sysinterals Autoruns to see what shit is being loaded on your system. and become familiar with our dear friend combofix provided by Bleeping Computer. It is the only tool worth a damn that can also get rid of severe rootkits. Sometimes for the real bad ones you'll need to use the Windows Recovery Console to delete files hidden from the Windows API as well as disable infected drivers/services. AV will still be a joke since the bottom line is, you can still get infected. especially if you are prone to getting viruses anyway due to your browsing habits.
*plays the Apogee theme song music*
*whispers*
"Shall I?"
(whisperwhisper)
"Why me??"
(whisperwhisper)
"Ok, damnit! I'll do it! But you owe me one!"
*steps forward into the spotlight*
*loud*
"Well, I found a better combination:"
*louder*
"JUST INSTALL GNU/LINUX!"
*normal voice*
"Thank you, thank you! I will be here..." *dodges flying chair and Granny Smith with bite mark* "... all night!"
(P.S.: I use Linux as my main Desktop. And Windows for the games. No hard feelings here. :)
Any sufficiently advanced intelligence is indistinguishable from stupidity.
Testing online (meaning running the removal program on a running, infected, system) removal seems kinda silly. You are fighting a war there and the malware has the upper hand being there first. On a compromised system you generally want to work on it offline. You either boot a live CD or take the hard disk to another computer. That way the malware can't be running. You can then use tools to track it down and remove it.
Running a scanner on a live system is more of a preventative measure and a detection measure. You have a realtime scanner looking for threats coming in. If it finds them, it can block them before they have a chance to do anything. This is 99.9% of the good a virus scanner does. It stops them before they ever infect the system. It can then also help in terms of alerting you if a system is infected.
However counting on one to be good at removal on a live system seems silly. Take the system offline, fix it, and bring it back up.
Being that even legitimate sites like NYTimes.com and Boston.com can be spreading malware, how is browsing safely going to work?
I'm still horrified by people who have to use Google to get to their destination. No wonder people fall for phishing. Do they know they can type in the address bar?
My God, your ass is full of stars
There were not plenty of viruses for pre-OSX, no one cared.
I've seen virus counts of between 50,000 to 150,000 for Windows around the time OSX came out. Lets say 100,000.
Just before OSX came out MacOS had between 1 and 5% of the market. Lets guess on the low end and say 1%.
That would indicate pre-OSX should have had a "virus market share" of at least 1000. In reality it had at most 80, more likely only 40 in total.
pre-OSX had no were near the number of viruses it's market share would indicate. As pre-OSX had no security at all, security by obscurity worked pretty well for it.
if you are using a browser that is commonly compromised by opening the incorrect webpage, you are a moron. Don't run IE, don't run flash, and run noscript, and you should be fine.
I think they even came out with a game that deletes 1 file at a time each time you score...I think it was for.......OS X
Whereby "they" you mean a conceptual artist who created that game as an art piece - not some script kiddie or malicious programmer or criminal. And the game was clearly labeled as to what it did.
So, would you care to point to any real problems that have affected users, rather than creating a strawman?
... and then they built the supercollider.
Although I agree no one sells common sense, I do think clicking on links in a web browser or email shouldn't put your machine at risk. If clicking a link in Firefox or Thunderbird in Linux or BSD created a compromise in the system, people would eagerly seek a solution by reworking the architecture of the system and software. The system we see today on Linux and BSD and the like grew out of those lessons. That isn't to say you can't click on a link in Firefox that causes trouble or have an bug that is exploitable in Thunderbird but the entire machine isn't ruined. On the other hand in Windows they decided it was "cheaper" to just throw scanning software in the way instead of fixing the design. Why does one feel the right way to approach the problem while the other feels like a work around?
Of course Linux and BSD and Windows aren't frozen and are still evolving but I really see an evolutionary dead end in the way Windows handles this. This is insanity to continue to believe that security in Windows can be maintained by AV software and user intervention and Microsoft staying ahead of the bad guys. Users have no way of knowing before viewing if a link they click is really dangerous and even the best behaved users accidentally miss-click. Users can't tell the difference between malware and anti-virus software. Who validates what is AV software and malware? The AV software industry or Microsoft? These guys haven't given us much reason to trust let alone the problem of having a conflict of interest.
Tree things you need to do to have a Windows Box secure 1) Install an Anti-Virus 2) Don’t use internet explorer use Firefox opera etc 3) Don’t run windows as administrator (this one is the most important rule of all)
Imaging products have become so good and fast that I no longer bother with 'scrubbing' a computer clean when it gets a virus. I can reimage the machine in less time; 15 minutes from start to finish, and I don't have to worry about viral remnants in the registry or some deeply buried hidden folder with a time bomb inside.
I keep our company's image file up-to-date, and when something goes wrong with a computer (drive crash, corrupt registry, malware, whatever) they are back online in 15 minutes. Screw scouring the web for a utility to remove a particular virus that may or may not work, and screw relying on an all-in-one product to save you from malware.
I have come to terms with the absolute fact that users are stupid and careless and aside from rare individual who bother to be responsible, they will always be stupid and careless, no matter how much I wish they would change.
In a business environment, imaging is the way to go.
(I use a Mac at home and don't have to worry about such things)
"Study your math, kids. Key to the universe." -The Archangel Gabriel
If you had more than a passing familiarity with Microsoft's products and the elaborate pile of stuff on top that makes it even more insecure you would be aware that you need more than that. Large numbers of viruses and worms have spread with no user interaction at all, and others that required intervention have spread via things that appear to be quite innocent to the user (banner advertisement on Australia's Telstra white pages telephone number search page one day for instance). Then of course there is downloading that program that the user assumes is only going to give them an animated purple monkey, a weather report or little images of smiles to decorate their emails. They don't know that they system has no way of protecting them from such things being other than what they appear to be.
Don't fall for the copout of accusing the users of being idiots. Instead it's a long chain of events with stupidity at many steps on the part of some developers which gave us a house of cards which the user can upset so easily.
We can't just say "haha, user is an idiot" when we in the computer software industry can look in the mirror to see part of the real idiocy. Every time I make a user "admin" or "power user" so that they can run badly written software I add to the idiocy and create another potential node for a botnet or another chance at credit card fraud.
At one site I do work for EVERY user has to be "admin" so they can run an internally developed dotnet application that writes it's config file to the root of the system drive simply because that's where the developer wanted to put it. The developer has a string of certifications and years of experience but still carries on with such overtly STUPID actions, not because he is stupid but because a very large chunk of the industry is stupid and stupidity is standard operating procedure. Most of the new security options in Microsoft's products are rendered pointless when the applications on top come from such a culture of stupidity.
The primary purpose of an antivirus is to keep you from getting infected in the first place. Cleaning up an existing infection is secondary and, in a growing number of cases, impossible.
Don't take life so seriously. No one makes it out alive.
Dust off and fdisk from orbit, it's the only way to be sure.
I don't know about you, but I heard of Apple some time before I heard of Microsoft. The young ones may of course not noticed that Apple music player, you know just like the Zune only it works every day of the year :)
In other words your argument has even less value than it had twenty years ago when it was merely bullshit.
Such a game would work just as well on windows, or any other OS. Beyond that, the sibling has said everything worth saying about it.
We've been fighting computer viruses for decades now. And we haven't made any headway. It just seems to get worse. Isn't it time that we all just give up and allow viruses to infect our computers? Let's stop fighting it. Let's stop playing 'whack a mole'. No? You don't think so? Sorry, I just has to say that to parody all of the 'you can't stop piracy, you should just permit it' arguments.
The offline approach worked fantastically in the year 2000, but now... the playing field has changed.
We have root kits that embed themselves into alternate data streams, utilize virtualization, employ self-encryption and password protection and randomize what would otherwise be easy-to-detect signatures etc.. Some root kits can *only* be reliably detected if they are actually *running* because they conceal themselves using these techniques. *Even then*, it requires a competent utility with things like stealth detection which look specifically for that behavior of concealing/unconcealing itself. As a result, some of these viruses don't show up in Safe Mode either...
Scanning offline is a good first step if the system is hosed. From my experiences though -- if the system can boot and mostly works -- do whatever scanning you can first while it is online. Use your best judgment as to whether you have mitigated the threat and THEN take it offline for the final clean up.
Fact: Everything I say is fiction.
If you look at the PDF of the report that the article references you will see that many of the products were completely successful at identifying and at least neutralizing the tested malware. The reason why none of them rated "very good" is because some of the programs required you to reboot your computer to remove some specific malware programs while for others the use of a boot CD was required. The report also criticizes when some anti-virus programs leave some non-malicious components behind instead of eliminating 100% of the program.
The article gives the impression that the programs are failing to combat the malware, but the criticism is more about the convenience of the malware removal process. And yeah, I think it is a nice thing to completely remove a piece of malware but the report doesn't explain why it is so tragic if some anti-virus programs sometimes fail to remove some of the non-malicious components of the malware.
So what happens is that very few websites actually do their own ads. Instead, they sign on with a banner ad firm. They then just put code in their HTML to display those ads. so they aren't screening what goes on their sites. Now as to why you'd get hat form an ad company, most likely they got duped but who knows. At any rate they aren't doing it on purpose and it doesn't happen very often. They are just being lazy.
So use "None"!
Also, nothing works faster than Anadin. So you can save some money there too next time you've got a headache.
I say if we can't win the software battle, set up alternative defenses.
Emails should have a captcha (enter text above please) before you can send an email. Yes, this is a global pissoff, but spam is too, and this would do something about spam mail. All of those spam bots would be out of a job.
Kids should be educated about viruses, and not to click that golden "buy full version to fix virus" button. Sure, many people still will, but educating people on not buying into the tricks would help.
If we take away how malware developers can profit, that is doing a lot in the direction of fixing this problem.
The problem with AV removal tools is that once the infection is in place it's near impossible to run them. (at least in normal mode) The infection will often create restrictive GPO's, a chain of self replicating drivers/ services/ scheduled tasks/ startup entries so that even if one piece is removed it will be recreated.
The best way to remove a virus is from a bootable environment which can remotely bind to the registry. Then it's just a matter of disabling the startup entires, deleting the install directories, removing the GPO's and deleting the malicious services and drivers. You can even run a command line version of the mentioned removal tools in bart pe to get the rootkits and hidden system file infections.
The majority of infections I see are the rogue security software where they infect you then tell you to pay to remove it. What's interesting is the company "witabett" provides technical support for their fake AV products after victims have purchased them! Check out their complaint board it even provides a support phone number... Excellent drunk dialing material for my geeky friends.
It's not the malware removal I'm worried about. It is preventing the malware to infect the computer. A lot of anti virus scanners (see av-comparatives) have very high detection rates of more than 97%(of millions of malware samples) in combination with very fast updates. (GData has more than 99%) But this is signature based. So if I have the source code of a virus and I modify it a bit, it could get passed the detection. Heuristics is therefore more important, but even the most advanced virusscanner is after a week of no updates only on at 70% detection(again av-comparatives)
How can we solve this? Can we ever develop a pro active virusscanner?
"If they would really cure you, the drug companies would run out of business"
"The agriculture ministry is not in charge of Gundam" - Japanese ministry official.
Raj Against the Machine! http://social-butterfly.appspot.com/
80 or 40 is still significant. No-one said there should be a linear relationship between user base and virus count.
While Mac OSX has NONE - despite a 5% market share and the fact that Mac OSX users don't usually run AV software and are often more affluent so the potential payoff for keyloggers to steal credit card details and online banking logins is great. Despite that we don't find OSX viruses in the wild.
Knowing how to use the computer properly is far more efficient than installing any of those anti-virus softwares. Those of my friends who care about anti-virus are the ones whose computers often get infected.
They said WHERE they got the samples and how they picked them. But do you think most users get infected by dropping an individual malware sample on their machine and executing it? They probably get a huge load at a time from an installer that claims to be something else and anti-virus, if present, would have a stab at detecting system changes at that point, or maybe even when the file was downloaded...
Obviously a destructive rootkit could change any number of things about your system that COULD be impossible to restore. This isn't a shortcoming of a security product but a factor of being able to perform actions as an administrator, something the system must have SOME way for you to do, and therefore can be abused. Granted, some systems will be tighter about this than others, and there's a trade-off in usability, etc. But that is for the OS designer, not the AV provider.
Long live the BSD license
Certainly I'd rather have a non-descript file sat there which any malware looks at and decides not to reload than to rely purely on the AV solution to catch it. How many times are we told to use more than one AV solution for on demand scans just to be sure?
I only please one person per day. Today is not your day. Tomorrow isn't looking good either. - Scott Adams
remember to have autorun completely disabled, or it might just infect the other machine
I learned the hard way recently that the latest version 9 of AVG Free has a nasty habit of creating hidden directories and files on every partition, even externals, and then keeping some of those files open for no obvious reason at all. The result is that it becomes impossible to use Windows to reformat those partitions, even when they are otherwise empty and idle; the only way for inexperienced folks to format such partitions is to uninstall AVG entirely, since there's no accessible way to remove or close the offending files and no way to even temporarily disable AVG completely. I suspect it applies to the "premium" product as well. There were reports by others of the same problem.
You know your antivirus software is FUBAR when it breaks fundamental operating system features that have been present for two decades. It's arguably a cure worse than the disease at that point. Would you pay money for software sporting such features?
Imaging is definitely the fastest, but if you have a single partition then you need to worry about documents and any apps or driver/os updates since the image. well updates may require periodically recreating the image, but the real problem is user documents.
what i do with windows now is treat it like unix. i have a separate system partition and home partition. this way i can reimage windows and not worry about backing up all the other files. although now the user partition needs to be scanned. having a network drive for user files would be a good solution in a business, but for a home user i set the system partition to less than 8 gig. this way i can back it up to a double layer dvd, as well as keep it on the home partition for quick restore. while im at it i usually make a 2gig or so partition for swap space, although people say swap file fragmentation isnt really a problem and sometimes you might want swap at the outside of the drive for transfer rate and sometimes at the inside of the platter for lower seek time, i usually put the swap partition at the start of the drive and go for the lower seek time. hopefully shaves some time off a page fault.
Common sense. Use it, it doesn't hurt.
could a law suit (class-action or otherwise) be an idea here?
Good luck suing someone who operates out of the former Soviet Union.
Some of it is rather cheap even.
Mit der Dummheit kämpfen Götter selbst vergebens
Did they test Ubuntu?
I don't know what they mean, my /etc/hosts files are only modifiable by "root". :)
Joke aside, what would you expect from a system where configuration files are not protected.
--- Bouh !!! ---
Is more like it. I have been burnt by more then one commercial product lately.
But of course, if they fail, they aren't liable in the least. its a lot like tossing money out the window for insurance that wont do anything when you have a accident.
---- Booth was a patriot ----
What bothers me greatly with these kind of tests is that they never want to put the finger on the sore spot. Over the past 2 years most of the "major" vendor products have managed to render many Windows systems totally useless because they (falsely) picked up system files as being infected; immediately removed them and left the user with a non-working PC.
Why do we never get a nice overview of which programs have such an history and which actually try to protect themselves from this? I think to know; because the common goal here is to make money from the viruses, and as such you can't blame one product over the other because that would be bad for business.
Personally I think a test like this is laughable when you see that some of the products which score "good" on malware removal also scored "bad" on rendering Windows useless.
Just my 2 cents.
It was nice to see how various products did on the simple tests. However, several serious mistakes were made in the test methodology.
First, 10 virus samples for the test cannot give a statistically meaningful result. At least 31 different samples are necessary, as people who have had testing statistics and quality control education would know.
Second, and even worse, the tests were not performed under real world conditions. No system has ever been shown to have only one infection in the real world. The testing should have included detection / removal on systems with all malware installed. This is what real world users see.
Third, the "cleaned" systems should have been retested to see if infection would repeat under supposedly "cleaned" conditions. If the registry entries blocked reinfection (I seriously doubt it), then that would be seen. This would not have been a valid complaint if they had not brought it up in their article. (courtroom trial rules)
Fourth, with the anti-malware product running and protection fully enabled, would any of the malware be blocked from installing, or even downloading? This would not be a valid complaint if they only chose products which have no preventative methods (firewall, sandbox operation). Products which do not ahve adequate protective behavior are worse than worthless to the public, as they would have the idea that they are safe when using the product. That is the whole purpose of these products, to make the user believe he is in some way safe. But he is seriously not safe.
Fifth, using only non-damaging malware samples is also unrealistic. Performance against damaging malware is very important, and was untested. Performance against one small, safe, variety of malware does not indicate anything about the anti-malware product's usefulness to the public.
Sheesh, I could probably go on for a while, but I give up. We have surpassed the three strikes rule quite a bit already. This post is just an advertisement for AV-Comparative. Did someone get paid for this post? They should have.
wake up and hold your nose
Comment removed based on user account deletion
That is good news... http://www.cypress.com/
As far as cleaning up after this crap, I've been relying on Trinity a lot. LiveCD, boots, mounts and scans. http://trinityhome.org/Home/index.php?wpid=1&front_id=12
The only problem is, you need some Linux skills to use it. Last time I applied it, it missed the Windows partition and I had to go in and manually mount it.
If I were better with rolling Linux LiveCDs, I would add more scanners and set it up to run out of X
if the answer isn't violence, neither is your silence / freedom of expression doesn't make it alright
No no no... It's like paying the mafia for protection... and by "protection" they mean sending a couple of guys around every month to take your money. When they're breaking your knees for not having the money because it was stolen last week they tell you that you should have called the cops.
PS I couldn't help but notice that MS's free software that so many CEO's derided over the previous months is doing a better job than many of their products, and as good as the best and most expensive.
Platform advocacy is like choosing a favorite severely developmentally disabled child.
The results are interesting, in that they show MS Security Essentials - which is free and new to the market - performing essentially as well as the Symantec AV, and better than everything else. That's somewhat surprising, given the geek preference for NOD32/F-Secure/etc. over Semantec and MS products.
I think I'll just keep recommending MS Security Essentials to my clients over Symantec or McAfee, though. Those products are junk and aren't worth the system overhead.
~/ssh slashdot.org ssh: connect to host slashdot.org port 22: too many beers
If you type the following smiley in a shell, you get some interesting results: :(){ :;:; };:
I'm happy to report that the experiment worked. I don't know towards what, but it worked...
Non-Linux Penguins ?
It wouldn't matter if they did; no one would buy [common sense] as everyone thinks they already have it.
I'd be first in line!
Wait, maybe I shouldn't have admitted to that in public...
I would like to see Panda Security products tested to see if they are still good at completely removing malware they could find. Panda Security products are not famous for detecting everything or for being very reliable, but one thing I notice in past is that if they detected, they would be very efficient in removing it from the system... something that at that time other products like symantec, avira (and others) simply wouldn't do (or do it badly). But with this thing of collective intelligence and others technologies I wonder if it got worst or is as good as in past was.
Yeah, so why can't they vet the ads?
There is no algorithm that can determine whether a given script will or will not trigger a malware download. An ad network could just reject all SWF ads and all DHTML ads entirely, but in that case, advertisers will just switch to the competition.
Why are they allowing ads from Ukraine or Russia, or wherever?
Ad networks sometimes fail to see through the maze of twisty little shell companies that is the malware industry. There are ways to seem more reputable than you are and more American or more Western European than you are. Besides, some of the publishers (web sites that have ads on them) are in the ex-USSR area.
And why can't they do tests to see if there is malware on the ads?
I'll explain in more detail once I know how familiar you are with the halting problem.
It does not matter what any of the other Virus scanning software makers do anymore as Microsoft has killed this market; as so many others before them.
Is your Internet Throttled? Install DD-Wrt, OpenWRT or Tomato to learn the truth! Google: 1Gbps/1Gbps: 5 Communities
Wow, so many of you are missing such an important point. You're not worried about viruses because you can just reimage/reformat? Ok so what about a virus that steals your credit card information while entering it into a site? Once you do a format, that's not really going to help you is it?They already have your information. and if you do need to wipe and reformat, what if windows say "nuh-uh you have reached the maximum reinstalls" or that person does't have their windows cd anymore? I would say about 99% percent of the machines that are brought to me ( whether it be for an upgrade, a driver problem, whatever) that are running windows, have some sort of infecting software on them. I used to recommend that people use linux, but I don't don't do that anymore, after so many "why can't I use such and such device" questions you realize that if there is even one program the user uses that windows can run, which linux can't ( even if there is an alternative) they aren't happpy with their new OS. So im basically stuck letting them use windows, and I see all kinds of antivirus software, which does very very little, but with so many competing companies in makes me think that it really just isn't possible to secure and protect windows. I can't imagine how hard it would be to write a piece of software that protected a linux distro that always ran in root with full privledges. I think the only answer to a secure windows os is..... a secure windows OS, made by Microsoft. Maybe this new google-os will have good security, catch on and microsoft will have a reason to make their OS secure. Oh and to all of the, "its the users fault, they or as smartnessers as us!!! durrr!" Alright look, not everyone out there sits around poking and proding their computer like we do. It is our hobby, do you do stupid shit with your car, house, custom-remodeling job? Yes, because that isn't what interest you and you don't spend allot of time messing with it. This doesn't mean that you are smarter than everyone else as much as you wish that were true. -- -AJH
Still, why can't they just restrict themselves to ads from well-known companies (BMW, Nike, McDonalds, etc) rather than accepting ads from companies nobody has ever heard of
Because there is more than one ad network. If one ad network states "you must be at least this tall to advertise with us", advertisers who do not qualify will flock to other ad networks that specialize in smaller businesses, such as local or regional businesses. Dealing with smaller businesses is part of why there's so much more of a selection on Apple's app store than on Nintendo's or Sony's despite that Nintendo and Sony have been in the video game industry much longer than Apple.
I can't see how that has any relevance. What would make the program halt?
For each program P, there exists a program AD whose pseudocode is as follows: "Emulate program P, and when it halts, exhibit malware behavior and then halt." So if you have a program that analyzes AD statically to decide whether it exhibits malware behavior, you have a program that decides whether P halts. Because deciding whether an arbitrary program halts has been proved undecidable (over Turing machines) or intractable (over LBAs, which physical computers are), detecting malware behavior through static analysis is also intractable.
And why couldn't you have a number of machines on different networks sampling the ads for malware?
They won't detect the misbehavior until the ad has already gone live because the ad is programmed not to exhibit malware behavior for the first few days or weeks. That's what I meant by time bomb.
I guess it's just a matter of which false sense of security you prefer.
I sometimes put in some part time work at a local computer shop and you'd be surprised how many customers say "I don't understand how I got a virus when I update my anti-virus program regularly"
which is a little like saying "I don't understand how I could catch a cold when I have an immune system"
They didn't test it on Panda which is a much bigger name than half of those 16 they tested.