Slashdot Mirror
Ask Slashdot: How Dead Is Antivirus, Exactly?
Safensoft writes: Symantec recently made a loud statement that antivirus is dead and that they don't really consider it to be a source of profit. Some companies said the same afterwards; some other suggested that Symantec just wants a bit of free media attention. The press is full of data on antivirus efficiency being quite low. A notable example would be the Zeus banking Trojan, and how only 40% of its versions can be stopped by antivirus software. The arms race between malware authors and security companies is unlikely to stop.
On the other hand, experts' opinions of antivirus software have been low for a while, so it's hardly surprising. It's not a panacea. The only question that remains is: how exactly should antivirus operate in modern security solutions? Should it be one of the key parts of a protection solution, or it should be reduced to only stopping the easiest and most well-known threats?
Threats aren't the only issue — there are also performance concerns. Processors get better, and interaction with hard drives becomes faster, but at the same time antivirus solutions require more and more of that power. Real-time file scanning, constant updates and regular checks on the whole system only mean one thing – as long as antivirus is thorough, productivity while using a computer goes down severely. This situation is not going to change, ever, so we have to deal with it. But how, exactly? Is a massive migration of everything, from workstations to automatic control systems in industry, even possible? Is using whitelisting protection on Windows-based machines is the answer? Or we should all just sit and hope for Microsoft to give us a new Windows with good integrated protection? Are there any other ways to deal with it?
On the other hand, experts' opinions of antivirus software have been low for a while, so it's hardly surprising. It's not a panacea. The only question that remains is: how exactly should antivirus operate in modern security solutions? Should it be one of the key parts of a protection solution, or it should be reduced to only stopping the easiest and most well-known threats?
Threats aren't the only issue — there are also performance concerns. Processors get better, and interaction with hard drives becomes faster, but at the same time antivirus solutions require more and more of that power. Real-time file scanning, constant updates and regular checks on the whole system only mean one thing – as long as antivirus is thorough, productivity while using a computer goes down severely. This situation is not going to change, ever, so we have to deal with it. But how, exactly? Is a massive migration of everything, from workstations to automatic control systems in industry, even possible? Is using whitelisting protection on Windows-based machines is the answer? Or we should all just sit and hope for Microsoft to give us a new Windows with good integrated protection? Are there any other ways to deal with it?
How many more questions could they fit in a My Slashdot submission? One? Two? Three? Four? Five more? Six more questions? Seven? Eight? Nine?
Humans are a whole loadda tabula rasa. Create an environment where people's selfishness and greed aren't reinforced from day zero, and you won't find so many people willing to shit on each other for a quick buck.
Universal basic income for all. You enjoy something? Do it for the sake of achievement. What happened to doing things just because they are hard?
"only 40% of its versions can be stopped by antivirus software" Take a general case. What proportion of crime is stopped by the police?
Dead as a security layer - not really. Also not dead as a profit source for other companies.
What are virus writers looking to get out of writing malware? Money? Fame? Absolute Power?? Well neither of the last two are ever going to happen.
We should incentivize the reporting of bugs... Getting recognition as being a prolific bug finder, and fixer in a positive light would be a start. Also being paid is another avenue. Optional fame, and a steady reliable source of money would be very appealing to most people.
Am I just being naive?
Never seen viruses on Linux. I've been using it for 15years.
Whitelisting already works pretty well.
As much as people like to bash Windows, I'd estimate that 99% of malware can be avoided if the user knows what he's doing. (It's not just not running sexy_babe.avi.exe, but also not installing the Java browser plugin, for example.)
As long as the OS leaves the user freedom to install software, malware is inevitable. And that's fine by me. For the rest, the best solution is "centralized whitelisting" done through an app store, as practiced in iOS, WP and such.
I'd say security in the future will converge on three lines:
a) Sandboxed browsers/apps: Different browsers for mail access, general browsing and sensitive browsing (banking, using credit card, etc). All browsers revert to base state after closing, or allowing just a limited set of changes (bookmarks, cookies). The browsers are possibly stored in a USB stick with a physical write protection switch for part of the storage.
b) Trust structure: The OS will only execute programs with a certain signature, based in a chain of trust. You can choose who to trust or not.
c) Closed devices: (See Apple iPhone and iPad, but with paranoid-mode).
Well implemented, these strategies can reduce the malware threat, and they are implementable with current technology. I really don't see the anti-virus surviving much. It's an after-the-fact tech that was born as a patch for systems unprepared for a new threat. The playing board is now set and the structure of the systems must change to reflect that.
Rome taught me patience and assiduous application to detail. Virtues which temper the boldness of great, general views.
I happen to work in a company with roughly 5000 employees, all with antivirus installed. About 30% of the work force are on customer sites, use flash drives and connect to customer networks all the time. In short, it's a potential horror story.
We keep detailed statistics about the health of each system, and while I won't disclose which antivirus solutions we use (it's mainstream), I can tell you they do important work for the 30% that's exposed to "hostile" environments as they quarantine about 10 virii per month.
Let's translate the OP's question:
I have this insecure by design environment, while there are more secure by design environments available (yeah, probably not completely secure, but much more secure than what I'm using now). I'd like to patch my grossly insecure environment to get at least an illusion of security instead of considering the alternatives.
I apologize for the lack of a signature.
Its not dead, its just resting.
I saw similar posts before the web existed, let alone Slashdot. A policy of "allow all" was seen to be easiest so the malware problem persists despite all the lessons of the past and good advice like the above.
Java was supposed to be sandboxed entirely with zero chance of malware getting to anything other than it's own litter tray. Look how that turned out when it was seen as all too hard and compromises were made. Then there's the opposite that was born stupid, things like Active-X from MS that were such a stupid idea that a librarian (not a programmer) was telling me how stupid it was before launch. Then things like allowing execution of arbitrary code in images, another case of MS fucking up in a truly astonishing way - how the hell do things like that end up as anything other than SF novel plot points in a large corporation that is supposed to be competantly managed?
The answer as always is to learn from the lessons of the past instead of throwing together a pile of bits that look software shaped and rushing it out the door.
Actually, OS X's system is even better than that. It has a setting allowing only white-listed apps from the store, a setting allowing only apps signed with an Apple-supplied certificate (everybody can get those, but they can and are quickly and easily revoked), and a setting allowing everything. The default is (currently) the middle level, probably moving on to the strictest.
To put it bluntly, the hardware and OS makers have "banded together" to make it impossible to create an easy solution to this problem: a read-only OS.
I have not seen any harddisks with a physical* read-only switch on them (even USB sticks with them are hard to find these days) and the Windows OS has been created in such a way that makes it near to impossible to function from such an read-only drive.
*Software solutions to this extend are not worth their development time. To easy to tamper with.
To Javascript or anything THEM can run against US.
The most important piece of equipment for computer security is the one positioned between the chair and the keyboard. Learn to not click on stupid shit and its entirely possible to remain virus and malware free. I don't run AV software and I've never had a virus or malware on any Windows machine that I didn't purposely infect to see what happens (I work in IT, I'm expected to know that kind of stuff, so I have a machine specifically for the purpose of infecting :) ). And I run Windows almost all the time on my main daily-user machines (I run Linux on a couple of personal servers.) My just-barely-computer-literate 76 year old mother also does not run AV software, and has never had a virus or malware...and various flavors of Windows is all she's ever used.
Yes, Microsoft needs to do a better job on security. But saying its a Windows problem is a polite way of saying 90 percent of computer users are too embarrassed to take responsibility for their own stupidity.
I want a new quote. One that won't spill. One that don't cost too much. Or come in a pill.
Even at the beginning of the "industry" it was obvious that anti-virus applications were useless.
Was there malware in 60s? you bet. Even designed one around 1973 to steal passwords.
How were they handled - by fixing the vulnerability. My password stealer was fixed by requiring the user to do a control C to get the attention of the system. The password stealer could run... but could not trap the control C as it was not the controlling job of the terminal.
No antivirus product can detect the malware that hasn't been seen. If the virus has been seen, then logically the vulnerability being exploited should be fixed. For most systems, creating a patch takes about the same amount of time as it takes to analyze the malware and generate a new signature identity, (which is less time than it takes to develop a "behavior recognition").
No matter what the malware detection system, it ALWAYS lags behind the attack.
The only way to stop malware is to fix the system.
The point is that many companies still rely on signature technologies which are dead. Comprehensive endpoint protection with reputation and behavioral protection is still very valuable, but underutilized.
The more Windows is dead, the more antivirus dies.
Anti-virus is still extremely useful. It is not an end in and of itself, it isn't a panacea that will keep you safe from everything, but it is a useful layer of security. The only true defense that has any chance is defense in depth, layers of security. So that when one layer fails, and they WILL fail there's no perfect security, other layers stop the problem.
AV is a useful layer. It screens for known threats and good AV gets that list updated multiple times per day. So it can flat out stop any known threat from getting on a system. It can scan things as they download, before they execute, and block known threats.
That is useful, particularly against the kind of threats normal users face. They don't usually face highly specialized and targeted threats, they face something that sneaks in through a bad ad in a compromised ad network or the like.
We make plenty of use of AV at work and it has done a great job cutting down on compromised systems, and cleaning up systems that do get compromised (which generally don't have AV). I certainly wouldn't rely on it as the be-all, end-all, but it is a good layer of security.
It's also a pretty cheap one. You can have MSE for free, which has about a 90% catch rate, or for $40ish per year you can get one with a much higher catch rate (NOD32 being my preference). That's not a bad price for a useful layer of security.
Anti-virus software is unfortunately still needed; even if a user can only mess up their own machine, it's still a huge drain on support resources. At the same time, anti-virus software has completely fucked up the Windows eco-system. We're forced to constantly run a whole cluster of parasite de-celerator applications that constantly just randomly makes other, real work, software fail.
The biggest flaw with Windows is it's reliance on antivirus. No matter what computer system I install Windows onto, the antivirus software makes it slow. In some cases the antivirus software is worse than the virus itself.
Just use Linux. Not that nobody writes viruses for Linux, but your chances of getting one is slim. Also distros like Unbuntu/Mint/etc tend to update more then the OS itself. Update Manager will update Java, Firefox, Flash, and everything in between. Windows needs background programs to update the software in your computer, which is why so many vulnerabilities are left exposed in Windows machines.
May I visit your house? I want to see if you might have more than I do, and if so, I'd like to have it so we can be equal. Please let me know when I can drop by. Thanks.
... The current big thing, cryptolocker, would work just as well on Linux. It needs no special privileges, all it needs is to run as the current user to encrypt all of the current user's documents and hold them for ransom....
There is a solution for this class of malware, but it isn't anti-virus. Since cryptolocker only damages user data, the operating system should provide a secure and automatic backup of the user's data. Any time a user's file is changed, the new version is recorded on the backup, with its date. From the user's point of view, the backups are read-only, so malware can't damage them, and the user can retrieve an old version of a file at any time.
All of these are necessary and none are a substitute for one-another. And even in concert and combination, they are not 100% effective and never can be.
The fact is, there are people who think the ability to get beyond security measures is tantamount to the "right" to break, enter and utilize. That is the source of the trouble. And until those humans are addressed effectively, there cannot be any progress against the problem. And why isn't that happening? Should be obvious.
With government writing themselves laws exampting themselves from prosecution (and simply ignoring laws, and refusing to prosecute themselves) and business of every kind, everywhere "lobbying" [read: buying] legislation which enables them to legally circumvent personal privacy and security measures while at the same time criminalizing circumvention of playback control measures? Well the picture sure be clear enough. They can't easily go after anyone without potentially offending the people who support them -- their sponsors.
The establishment itself is the problem. The establishment problem is best addressed by a mob of rebellion. Start with simple things: MS Windows for work and Linux/BSD for home. I don't care which flavors of Linux/BSD anyone uses and variety is a great thing -- no one-virus/malware to rule them all. Similarly to "the truth" Open Source will set you free. It's simply harder and less frequent to get malware through in any consistent and predictable way. With Windows and MacOS, consistency and predictability is far greater.
We preach "defensive driving" in motor vehicle traffic. But we ignore it where communications, privacy and data flows are concerned? And of the two, which are presently more important? (Still a contest but it's not about which is "more" important... that's a matter of context)
Rather then looking for and identifying bad software... look for and identify good software. White lists deal with zero days. Set up security so that all unknown code is forbidden. Obviously let the user if they have permissions exempt unknown code from the security. But anything else... no execution.
Include scripts, etc.
I've decided to stop wasting my time responding to AC trolls/sockpuppets... so if you want a response from me... login.
It seems to me that anti-virus would be a waste of time in a well designed system. Binaries should be protected from modification. Applications with built-in VMs (like browsers) should be secure and with separate memory protection (like Safari). If a vulnerability is discovered in one of these puzzle pieces then the correct solution is to patch the vulnerability. The patch should be provided with the same speed as any upgrade to anti-virus signatures. And if you don't patch a major vulnerability in time... well all bets are off anyway, you can't be sure the virus didn't disable your anti-virus anyway, so you're screwed in any case.
I don't believe I've ever got a virus on my Mac. When I tried to help friends out with their malware on Windows, anti-malware software did a poor job. It didn't prevent infections, and couldn't repair them. My conclusion is you have to stop them at the border with good system design, not with band-aid anti-virus anti-malware.
"Or we should all just sit and hope for Microsoft to give us a new Windows with good integrated protection?"
What is there in MS history that would lead anyone to believe that MS could possibly make a secure Windows OS? I am flabbergasted!
In all the US states I checked it is necessary to "knowingly provide assistance" or similar wording. New York had "believing it probable" your actions would aid a crime. That said, leaving a car with the key in the ignition is kind of like leaving out a loaded firearm for anyone to use. In most places legal, but not the wisest idea.
Not necessarily image formats, but they DID do that with the word formats.
There are currently two solid alternatives to traditional AV. Unfortunately, one is not suitable outside of a well-managed (i.e., corporate) environment and the other probably would not work in a full-featured computer environment.
1. Whitelisting: Application whitelisting is really, really effective. There are ways to circumvent it, but that's true of just about any technical security control. The problem with it is twofold: one, someone needs to develop exactly *what* that whitelist is, and the average home user isn't really up to the task. Bit9 (the leader in the space) has gotten around this to some degree with a cloud-based archive of "known good" files and processes, but your standard home user will still run into a lot of things they don't recognize when they install. And what if one of those things is actually an existing infection? Then they will probably add it to their whitelist...or, on the other hand, err on the side of caution and end up breaking valid software on their systems. The odds of them hitting it exactly right are very small. And even then, they have to maintain the whitelist...so if they're taken in by that "YOU NEED TO UPDATE YOUR VIDEO CODEC LOL" popup window, they'll invariably end up authorizing whatever file gets downloaded ("'Trojan_video.exe'...sounds legit to me!") and infecting their system anyways.
2. The "Walled Garden" Model: In a lot of ways, this is like whitelisting built into the underlying OS, with the OS manufacturer being the custodian of the whitelist. This is how iOS works, so it's actually a proven model. There's only been one discovered instance of malware that's slipped into the App Store, and that was easily eradicated with the press of a button back at the Apple mothership. But on the other hand, there are ancillary effects to forcing all devs to go through a single clearinghouse for software. Apple's cut of the profits, and their cut of any revenue passing through any app sold through the App Store, are obvious issues, but the antitrust risk of a PC OS with only one place to go for software is a latent...and larger risk, going forward. One court decision can break the model entirely; if Apple doesn't collect at least some money from developers, then there's no money to support the App Store and the activities around it. But if there's no central authority, then there goes the chain of trust that's necessary to maintain the safety of the OS. And there's complexity in a PC-based OS environment that you don't find in a tablet or smartphone; in the tablet/phone model, each application is an island, separate onto itself for the most part. You don't have browser plugins, underlying execution environments or interpreters (Air, Java, .NET, Python, Perl, etc.).
Either way, the "blacklist" approach doesn't work. It's all fine to point out that other things (firewalls, IPS, etc.) need to be in place, and that's true...but malware is its own threat, and cannot be fully addressed by solutions that only focus on the attack. Applications will have vulnerabilities; railing against this hasn't accomplished anything in two decades. People will make mistakes, or be social-engineered into doing things they should not do. Supply chains will become infected (remember cameras, USB drives, etc. that have come with malware?) and sometimes those mistakes will affect people besides the mistake-maker. So there needs to be a way to address malware itself.
There are two approaches that, while theoretical, also hold promise. The issue is that they are pretty much theoretical; there's no existing implementation of either of them on any scale, or as a deployable off-the-shelf technology today.
3, The Managed Immunological Response: Assume that malware will exist, and somehow get onto systems. Most complex organisms hold pathogens within themselves that are harmful...and in many cases, even contain them in a symbiotic relationship. Eradicate E. Coli from a human's lower GI tract and they'll develop problems, for example...but E.
For your security, this post has been encrypted with ROT-13, twice.
I've been using for 10 years and haven't seen it either.
Would you even know? Perhaps if it's like Windows malware, where you end up with so much of it that the computer is unusable, but what if you only end up with one piece of malware which is careful to do things covertly?
Ten years ago you may have been able to spot malware with a simple "ps -A" but I don't even look at the output of that command anymore. There's so many processes running on my computer that any of them could be malware and I'd have no idea. ...and that's talking about malware that doesn't bother to hide itself by infecting another executable or at least adopting the same executable name as a daemon that's supposed to be running.
One question that should've been first. Is your username root by any chance?
I'm curious why everyone thinks this matters. The only way I could see it making any difference is if you had a virus scanner, which could then run as root and be immune to any BS that the malware attempted as a normal user. ...but who has a Linux virus scanner? I know there's ClamAV, but I get the feeling it isn't for finding malware in Linux, it's for finding malware in email that passes through Linux. So what exactly do you prevent malware from doing by not allowing it access to the root account? Does it prevent it from accessing the internet to send spam? Does it prevent it from recording your keystrokes and sending them to someone else? Does it prevent it from accessing your microphone and bugging your house? Last I checked, I could record audio without 'sudo' and so I'm pretty sure a non-root piece of malware could do it too.
Telling people not to run processes as root is just ignoring real security solutions. Every application should be sandboxed, no matter what it is. For example, when I use a word processing application, why should it be able to read/write any file anywhere on my hard disk that I'm allowed to access? If it wants to read or write a file, it can make an API call that brings up a file open/save dialogee provided by the OS, which ensures that I'm giving it permission to access the files it reads or writes. As for storing settings and other random bits of data, the OS can provide it with a folder on the filesystem it has free access to, but to access anything outside of that, it needs to use the API for the file open/save dialogue. With this kind of security, you can open documents with all kinds of stupid scripting that takes over the entire application, but it's largely stopped right there, and can't access anything on the computer that you don't give that application permission to access. ...and it's all entirely transparent to the user, because they already open/save their files via a file open/save dialogue provided by the OS. The only thing that changes is that the open() system call is limited to a specific directory for each application to store it's settings/history data in. Very few applications need that sort of free access to the computer, and essentially all of them are provided by the OS itself, like the basic file manager, file archive/compression tools, etc. So it'd be easy to do, it'd provide real security, and yet rather than do that, all we do is tell people "as long as you don't run as root, you'll be perfectly secure" as if that makes any difference at all.
I mean, just imagine how secure Adobe Flash would be if it were sandboxed such that all it can do is get the web browser to perform HTTP requests on its behalf, and output audio and video? What would any exploit for it be able to do, besides make HTTP requests and display audio and video? ...but that's not how our computers work. For some reason our OSs allow applications we run to do anything at all that we ourselves are allowed to do on our computers, and everyone thinks that's not a problem.
If any modern OS had real security, you'd be able to download malware intentionally, run it just like you'd run any other application you want to use, and still remain safe since the malware would be unable to access anything you don't want it to access.
Who's employee build image is so laden with agents and management software it renders the notion of having a functioning laptop obsolete. In fact if they hadn't made their workforce work from home they'd probably have built a Citrix XEN environment and handed out slim clients. Who knows, they probably will and drive 'productivity' all the way to zero.
Antivirus IMO is made to stop bottom feeders and on down to script kiddies. Most infections are cause by lack of common sense and when you have employees/family/friends clicking email links, banner ads, and downloading/installing anything like it's going out of style it doesn't help.
I block all ads and have done so for years and yes it might be dickish but I've not been hit with a drive-by infection in years. I verify every email sent to me especially emails with attachments. I've not been infected from any email related malware since 2001-2002.
We live in an age of technology and it's not going to get better until people learn how to protect themselves. The most dangerous part of hacking these days is social engineering and antivirus software is worthless when someone gives the hacker keys to the castle. One gullible users can bring an entire corporate firewall to its knees.
Trusted apps need no censorship and away to have censorship and away to have things like user add ones.
Do you really want games with NO user maps or plugins / mods?
What about no more emulators? Other then the few paid ones that are very locked down and due to censorship issues can't have all games in a system.
No more open source apps?
NO VM's as well.
Let's see. Ok, we'll bullshit and strong-arm our way into PC operating system dominance by hook or by crook, dodging anti-trust penalties along the way, and in the process turn the OS into a marketing and data collection platform for all kinds of goods and services, consuming as much user resources as required. Our colleagues at DoD, meanwhile, have this Internet thingy we can apply similiar enhancements to, for a total package of full-spectrum anal probing of witless users all over the globe. The more pointy the hair, the better it works. Hell, if we do it right, clueless lusers will even reinstall the malware vectors immediately after having paid to have it removed when it clogs up the system beyond any semblance of usefulness (to the user, that is.)
Don't mean this to be strictly an anti-MS rant, either. "Open" apps and OS'es seem unable to resist the tempatation as well, and the pull of the web is strong enough to corrupt. But Redmond did show the way.
Thurprise, thurprise, thurprise!
For a given quality, malware can be a good indication that your system is open and free.. Be it the press, government or software. To paraphrase a great quote, Those who would give up essential freedom in their software for "security" deserve neither. What can prepare a person for freedom? The ability to be responsible leads to a rich and diverse education.
As long as it kills the existence of Javascript engines in browsers, it sounds like a good deal to me.
(being sarcastic, but WTF? when I want to read something it doesn't mean I want to RUN something, nor does it means it will impress me that trying to read something takes 40% of my processor's resources.)
First, let me start off with the Notion that All Antivirus sucks. Regardless of the brand, or the Reputation, If you gave me an hour or less and a windows PC with any Antivirus app on the market on it, pay or free, I will give you an infected box. So why does this happen?
1) Hot, Fresh, Just for you! This is not just a slogan you see on McDonalds made to order burgers anymore. Today's Virus Obfuscation techniques are so fast and random, that when you activate an payload dropper (whether it be a Flash, Java, Website, Browser exploit or even a Trojan installer) The Payload that you get will only be statistically seen only once. You and only you will get that version of the virus even though it's using a well known virus kit that would be detected if it was not obfuscated. This technique is the reason why no AV firms detect the Fake antivirus variants or FBI Warnings or cryptolockers of the past even though all of the major codebases were detected by most AV Firms.
2) I'm an Necessary App! People need me to change their search engine, hijack their DNS, spy on them, and pop up ads randomly all over the screen and websites! Read the Slashdot Journal link for some insight on how adware gets on people's PC. Let me make something clear here. Adware is a Virus When a customer comes into my shop and has something like Conduit searchprotect, or Wajam on their machine, I tell them that's a virus because it is. They didn't want it, they got it and it's doing things they don't want. Sounds like a virus to me, yet just about every AV Firm ignores these and lets them gleefully install because they're afraid of getting sued by one of these companies so instead they make guidelines to let them slip through. The first AV I find that reliably removes all Adware as well as viruses without me having to manually remove them or fallback to a removal tool (like ADWCleaner, which is now starting to miss stuff as of late) I will sell in my store.
3) In Soviet Russia, Trojan Exploits You! This Journal link has been on my sig for years now, and is the primary reason why AV doesn't work anymore. This week alone I had no less then three of my customers Directly call Fake Support Scammers because their PC / Printer / Camera didn't work, and they called the phone number on the first link (The Ads) they saw when they searched for "(PC / Printer / Camera) Support" and if you're letting the bad guys in to physically touch your own box you're already screwed and no AV on earth is going to save you.
Right now, I'm telling people three things:
1) Install MSE All AV sucks, The only question is how much do you want to pay for something that sucks. MSE is free, at least blocks most of the ultra bad stuff and doesn't pop up ads of any kind so it's what I install.
2) Install Adblock on all browsers I install Adblock Plus on any machine that leaves the store. if you're going to infect yourself chances are an Ad is going to lead you there. Blocking the ads blocks most of the infection vectors off the bat.
3) Don't Download or Install anything. There is no safe place I can direct people to download files without getting some sort of Adware Virus. This is easier to tell users rather than pay attention to what you download. (See #3 to understand) If they protest, go to your PC, go to ask.com with your adware blocker turned off, type in any program you would think they would download (I use VLC Media player. It never fails to show me adware links) and have them pick the download link, when they get it wrong (chances are they will) download the file and send it to virustotal.com. chances are one of the scanners will detect the Adware dropper from the fake site, Then drill it home about not downloading anything.
4)
In Soviet Russia, Trojan exploits YOU!
run as many programs as a regular user so that User Account Control can stop malware. user needs password to run most setup programs. might work if administrator creates a user account for people who use computers. Caveat: setup programs won't run under user accounts though. Many people don't even think of creating a limited user account on windows though. Just a thought.
Or maybe I can switch my computers to Linux or use Chrome books. I never did run into any malware on Linux or PC-BSD. I actually got a suspicious app from the Google Play store one day. I forgot the name of the app. It was bundled with a game I think. The extra app slowed my tablet down.
How long will it take compliance bodies etc like PCI to not require AV for scoped-in machines? Til then, AV is and will be alive and well.
anti-virus is alive and well; and in my view the best sliding piece puzzle ever!
Hmm, Maybe it is a better idea to block outgoing traffic from countries that do not comply to standards in chasing the culprits in stead of punishing the victim.
I haven't used Norton/Symantec in a long time, way too many processes and just bloat in general. NOD32 was one I liked for a while, but now I'm happy using MSE combined with Malwarebytes and a few extras: Process blocker, WiFi Guard, herdProtect, a good hosts file and Windows 7 Manager used to check all the startup apps, services and task manager. All together this takes less memory and CPU than McAfee or Symantec and hasn't let me down yet. Apply updates immediately and watch for any new directories, running processes, startups, turn off remote connections, etc. Even with UAC turned off (It annoys the hell out of me) I've still been issue free for a long time.
The root cause is that the security model of Unix that everyone copied isn't compatible with the modern world. The OS never asks what resources you want to allow a given program to access, instead it ass-u-me-s that it should have full run of everything, and just trusts the program to do the right thing.
So antivirus programs were invented to serve as a "no-fly-list" type system.... only programs on the list are stopped. This worked well until methods for changing the signature of programs got up to speed. Imagine a terrorist being able to make up a name before trying to buy/board a flight... this is where we are now.
Until we get the OS to ask what resources a program should be allowed... things will keep getting worse.
I know this will make me sound like a Microsoft hater, but the problem is the ability for anyone to develop viruses and malware for windows based systems. That is simply the nature of the "openness" of the platform. look at the other major computing platforms OSX, Linux, IOS, Chrome OS, and Android; which don't have the overwhelming security issues Windows does. Android, IOS, and Chrome OS, use a vertical application ÃoestoreÃ. While there are methods to side-load potentially malicious code, they are far and above more secure Platforms than windows. Apple is moving in the same direction with its desktop operating system OSX. OSX also handles application with better sandboxing than windows does. Most linux system use a software repository that is well documented and open source so the code can be reviewed for malicious code.
These other platforms have in common a single feature which alone increases their security. The user by default does not operate with root or admin privileges. When setting up a new windows system it always defaults to making the initial account an administrator account. Personal computers often only have this single account. Windows administrator accounts can run any code without requiring a password. Single account machines are thus easily compromised. OSX now requires a password on all accounts and requires a root password be entered when installing all software.
I am the store manager of a Computer and Mobile repair shop. I always advise my clients to password protect an admin account and use the computer with a user account. The clients that heed my advice are in far less frequently than those who don't. personally I use mostly my chromebook or my android tablet but i do use both my win7 laptop and desktop. I don't even run any AV software on my laptop, on my desktop I run MSE and Malwarebytes only because my son and nephew play games on it.
If you have never gotten a virus, then you don't have enough man hours using a computer.
"as long as antivirus is thorough, productivity while using a computer goes down severely"
Where by 'severely' they mean 'negligibly in most cases'
At the sources (you can't be infected by them) via hosts adding security, speed, reliability, + more & does more, more efficiently by FAR vs. addons + fixes DNS' security issues:
APK Hosts File Engine 9.0++ 32/64-bit:
http://start64.com/index.php?o...
(Details of benefits in link)
Summary:
---
A.) Hosts do more than:
1.) AdBlock ("souled-out" 2 Google/Crippled by default)
2.) Ghostery (Advertiser owned) - "Fox guards henhouse"
3.) Request Policy -> http://yro.slashdot.org/commen...
B.) Hosts add reliability vs. downed/redirected dns (& overcome redirects on sites, /. beta as an example).
C.) Hosts secure vs. malicious domains too -> http://tech.slashdot.org/comme... w/ less added "moving parts" complexity/room 4 breakdown,
D.) Hosts files yield more:
1.) Speed (adblock & hardcodes fav sites - faster than remote dns)
2.) Security (vs. malicious domains serving malcontent + block spam/phish & trackers)
3.) Reliability (vs. downed or Kaminsky redirect vulnerable dns, 99% = unpatched vs. it & worst @ isp level + weak vs Fastflux + dynamic dns botnets)
4.) Anonymity (vs. dns request logs + dnsbl's).
---
* Hosts do more w/ less (1 file) @ faster levels (ring 0) vs redundant inefficient addons (slowing slower ring 3 browsers) via filtering 4 the IP stack (coded in C, loads w/ os, & 1st net resolver queried w\ 45++ yrs.of optimization).
* Addons = more complex + slow browsers in message passing (use a few concurrently & see) & are nullified by native browser methods - It's how Clarityray is destroying Adblock.
* Addons slowup slower usermode browsers layering on more - & bloat RAM consumption too + hugely excessive cpu use (4++gb extra in FireFox https://blog.mozilla.org/nneth...)
Work w/ a native kernelmode part - hosts files (An integrated part of the ip stack)
APK
P.S.=> "The premise is quite simple: Take something designed by nature & reprogram it to make it work for the body rather than against it..." - Dr. Alice Krippen: "I am legend"
...apk
You can't be infected by what you can't touch is why & hosts stop modern threats (from online) + worst kinds in fastflux, dynamic dns, & "dga" utilizing types:
APK Hosts File Engine 9.0++ 32/64-bit:
http://start64.com/index.php?o...
(Details of benefits in link)
Summary:
---
A.) Hosts do more than:
1.) AdBlock ("souled-out" 2 Google/Crippled by default)
2.) Ghostery (Advertiser owned) - "Fox guards henhouse"
3.) Request Policy -> http://yro.slashdot.org/commen...
B.) Hosts add reliability vs. downed/redirected dns (& overcome redirects on sites, /. beta as an example).
C.) Hosts secure vs. malicious domains too -> http://tech.slashdot.org/comme... w/ less added "moving parts" complexity/room 4 breakdown,
D.) Hosts files yield more:
1.) Speed (adblock & hardcodes fav sites - faster than remote dns)
2.) Security (vs. malicious domains serving malcontent + block spam/phish & trackers)
3.) Reliability (vs. downed or Kaminsky redirect vulnerable dns, 99% = unpatched vs. it & worst @ isp level + weak vs Fastflux + dynamic dns botnets)
4.) Anonymity (vs. dns request logs + dnsbl's).
---
* Hosts do more w/ less (1 file) @ faster levels (ring 0) vs redundant inefficient addons (slowing slower ring 3 browsers) via filtering 4 the IP stack (coded in C, loads w/ os, & 1st net resolver queried w\ 45++ yrs.of optimization).
* Addons = more complex + slow browsers in message passing (use a few concurrently & see) & are nullified by native browser methods - It's how Clarityray is destroying Adblock.
* Addons slowup slower usermode browsers layering on more - & bloat RAM consumption too + hugely excessive cpu use (4++gb extra in FireFox https://blog.mozilla.org/nneth...)
Work w/ a native kernelmode part - hosts files (An integrated part of the ip stack)
APK
P.S.=> "The premise is quite simple: Take something designed by nature & reprogram it to make it work for the body rather than against it..." - Dr. Alice Krippen: "I am legend"
...apk
You can't be infected by what you can't touch is why & hosts stop modern threats (from online) + worst kinds in fastflux, dynamic dns, & "dga" utilizing types:
APK Hosts File Engine 9.0++ 32/64-bit:
http://start64.com/index.php?o...
(Details of benefits in link)
Summary:
---
A.) Hosts do more than:
1.) AdBlock ("souled-out" 2 Google/Crippled by default)
2.) Ghostery (Advertiser owned) - "Fox guards henhouse"
3.) Request Policy -> http://yro.slashdot.org/commen...
B.) Hosts add reliability vs. downed/redirected dns (& overcome redirects on sites, /. beta as an example).
C.) Hosts secure vs. malicious domains too -> http://tech.slashdot.org/comme... w/ less added "moving parts" complexity/room 4 breakdown,
D.) Hosts files yield more:
1.) Speed (adblock & hardcodes fav sites - faster than remote dns)
2.) Security (vs. malicious domains serving malcontent + block spam/phish & trackers)
3.) Reliability (vs. downed or Kaminsky redirect vulnerable dns, 99% = unpatched vs. it & worst @ isp level + weak vs Fastflux + dynamic dns botnets)
4.) Anonymity (vs. dns request logs + dnsbl's).
---
* Hosts do more w/ less (1 file) @ faster levels (ring 0) vs redundant inefficient addons (slowing slower ring 3 browsers) via filtering 4 the IP stack (coded in C, loads w/ os, & 1st net resolver queried w\ 45++ yrs.of optimization).
* Addons = more complex + slow browsers in message passing (use a few concurrently & see) & are nullified by native browser methods - It's how Clarityray is destroying Adblock.
* Addons slowup slower usermode browsers layering on more - & bloat RAM consumption too + hugely excessive cpu use (4++gb extra in FireFox https://blog.mozilla.org/nneth...)
Work w/ a native kernelmode part - hosts files (An integrated part of the ip stack)
APK
P.S.=> "The premise is quite simple: Take something designed by nature & reprogram it to make it work for the body rather than against it..." - Dr. Alice Krippen: "I am legend"
...apk
On a simple principle: You can't be infected by what you can't touch & hosts stop modern threats (from online) + worst ones in fastflux, dynamic dns, & "dga" types:
APK Hosts File Engine 9.0++ 32/64-bit:
http://start64.com/index.php?o...
(Details of benefits in link)
Summary:
---
A.) Hosts do more than:
1.) AdBlock ("souled-out" 2 Google/Crippled by default)
2.) Ghostery (Advertiser owned) - "Fox guards henhouse"
3.) Request Policy -> http://yro.slashdot.org/commen...
B.) Hosts add reliability vs. downed/redirected dns (& overcome redirects on sites, /. beta as an example).
C.) Hosts secure vs. malicious domains too -> http://tech.slashdot.org/comme... w/ less added "moving parts" complexity/room 4 breakdown,
D.) Hosts files yield more:
1.) Speed (adblock & hardcodes fav sites - faster than remote dns)
2.) Security (vs. malicious domains serving malcontent + block spam/phish & trackers)
3.) Reliability (vs. downed or Kaminsky redirect vulnerable dns, 99% = unpatched vs. it & worst @ isp level + weak vs Fastflux + dynamic dns botnets)
4.) Anonymity (vs. dns request logs + dnsbl's).
---
* Hosts do more w/ less (1 file) @ faster levels (ring 0) vs redundant inefficient addons (slowing slower ring 3 browsers) via filtering 4 the IP stack (coded in C, loads w/ os, & 1st net resolver queried w\ 45++ yrs.of optimization).
* Addons = more complex + slow browsers in message passing (use a few concurrently & see) & are nullified by native browser methods - It's how Clarityray is destroying Adblock.
* Addons slowup slower usermode browsers layering on more - & bloat RAM consumption too + hugely excessive cpu use (4++gb extra in FireFox https://blog.mozilla.org/nneth...)
Work w/ a native kernelmode part - hosts files (An integrated part of the ip stack)
APK
P.S.=> "The premise is quite simple: Take something designed by nature & reprogram it to make it work for the body rather than against it..." - Dr. Alice Krippen: "I am legend"
...apk
You can't be infected by what can't be touched: Hosts stop the worst modern online threats (fastflux, dynamic dns, & "dga" types) via 12 reputable security community sources:
APK Hosts File Engine 9.0++ 32/64-bit:
http://start64.com/index.php?o...
(Details of benefits in link)
Summary:
---
A.) Hosts do more than:
1.) AdBlock ("souled-out" 2 Google/Crippled by default)
2.) Ghostery (Advertiser owned) - "Fox guards henhouse"
3.) Request Policy -> http://yro.slashdot.org/commen...
B.) Hosts add reliability vs. downed/redirected dns (& overcome redirects on sites, /. beta as an example).
C.) Hosts secure vs. malicious domains too -> http://tech.slashdot.org/comme... w/ less added "moving parts" complexity/room 4 breakdown,
D.) Hosts files yield more:
1.) Speed (adblock & hardcodes fav sites - faster than remote dns)
2.) Security (vs. malicious domains serving malcontent + block spam/phish & trackers)
3.) Reliability (vs. downed or Kaminsky redirect vulnerable dns, 99% = unpatched vs. it & worst @ isp level + weak vs Fastflux + dynamic dns botnets)
4.) Anonymity (vs. dns request logs + dnsbl's).
---
* Hosts do more w/ less (1 file) @ faster levels (ring 0) vs redundant inefficient addons (slowing slower ring 3 browsers) via filtering 4 the IP stack (coded in C, loads w/ os, & 1st net resolver queried w\ 45++ yrs.of optimization).
* Addons = more complex + slow browsers in message passing (use a few concurrently & see) & are nullified by native browser methods - It's how Clarityray is destroying Adblock.
* Addons slowup slower usermode browsers layering on more - & bloat RAM consumption too + hugely excessive cpu use (4++gb extra in FireFox https://blog.mozilla.org/nneth...)
Work w/ a native kernelmode part - hosts files (An integrated part of the ip stack)
APK
P.S.=> "The premise is quite simple: Take something designed by nature & reprogram it to make it work for the body rather than against it..." - Dr. Alice Krippen: "I am legend"
...apk
One major problem with security is that the permission model on both Windows and Unix doesn't really give you the tools you need to keep yourself safe. We're still stuck in the 1970s university mentality where the user is assumed to have written or at least compiled the program themselves, and is supposed to have a good understanding of what it does. The program is assumed to be operating as an agent of the user, so it inherits all the user's permissions. On modern systems, with semi-trusted and untrusted code downloaded from the Internet, this assumption is absurd and dangerous.
Rather than the program inheriting the user's permissions by default, a decent modern security model would instead restrict it to a sandbox unless it was explicitly given permission to get out – and even then the user should be given veto power over specific sandbox breaches. (Android used to work like this, but Google dumbed it down for reasons that are not clear.)
By default, a program should only be able to do the following:
Anything else – Internet access, ability to freely read and write to files/folders, ability to get keyboard input when not in focus – should require explicit user permission. And the user should have the option of unchecking any or all of these authorizations and continuing to run the app without it being able to do those things. These permissions should be as fine-grained as possible, so an application could have permission to only read certain specific folders, or could be allowed to access the Internet only through a particular API (say, for handling registration or online high scores) and only for certain domains.
As it gives them an easy way to check to see if their creations are detected or not.
I was actually easier that mucking with AV software. At least my PC ran fast for a while.
Sadly, MS has made that too difficult these days.
It was seen as a "feature" and designed in.
There were even articles about it here so I'm somewhat astonished that so many are deciding that I must be wrong and making up their own ideas of what they think I mean.
http://en.wikipedia.org/wiki/W...
MS should be praised for getting rid of it.
I was using it as an example of the worst stupidity at the peak of the "just left everything run" mindset that we are thankfully getting away from.
You will see above that I mentioned Java. You even referred to it yourself. How can you with a straight face scold me about "petty attempts at laying this at the door of MS"? I suggest less cheerleading and more learning from past mistakes.
How's about choice in the service that advices whether an .apk is safe or not? At the moment we generally have to choose Apple or Google. Apple abused their position by blocking Bitcoin apps and others already. If there was a free market in this choice then the market could correct the problem.
A blog I run for the wealth
So all your web browsing is under webuser, how do you refer to web manuals while using an application as user?
How would this whitelisting be made practical for high school students doing programming homework while remaining effective?
There is also the fact that much of the commercial AV software is barely less worse than the viruses they purport to protect you from. From consuming resources in a bloated way, to advertising, to constantly trying to extort money from you, to conflicting with other programs, etc...
Personally I have taken a light approach and the only ones I touch are MSE and Spybot Search and Destroy on specific issues that might come up. Much of the malware you get (and most of it is adware now) take over other applications such as browsers and the like and are not easily removed by AV packages.
As many have probably mentioned, the best AV is the education of the person sitting in the chair, and until that is addressed, no amount of AV is going to be effective and there are so many ways around it by simply getting the user to allow it anyway.
Enough said.
Antivirus has never been viable as a defense against unknown threats. The only correct way to do security is to build it in at the lower levels and prevent applications from exploiting the system in the first place. Unfortunately this means tradeoffs - such as apps not being able to see each other and communicate with each other. Sandboxing. Even then we can exploit communications to get around this by opening tunnels and proxies.
Nope, we're going to have to airgap things. There's no reason your fart app should be able to read the filesystem and GPS.
The question is not "what does it miss" but "what does it catch". Full protection is impossible, the ecology of the network is too dynamic.
We use Anti-virus because it is better than not.
Whether it should be a user choice or built into the OS, is again another question. But having a choice is a good thing.
I'd considered this, but these days it isn't just juvenile prank software that ends up running. If you just accept viruses on your network you get issues like:
1. You're part of the spam problem. I prefer not to be a leach on society.
2. They're stealing your personal info, including stuff like banking credentials. I like having money, and would prefer to hang onto it.
3. Somebody could use your PC to attack something else, perhaps something important. I don't like guys kicking down my doors in the middle of the night.
4. Somebody could use your PC to host warez/music/etc. I don't like getting sued and having to prove my innocence, and heaven forbid any of my PCs actually contain warez/music/etc in the first place when this happens.
I could see regular wipes as an inconvenient ADDITIONAL layer of security on top of keeping garbage out. I just don't see it as a substitute.
A bulletproof vest can't stop every and all bullets, but would you step into a gunfight without one?