Slashdot Mirror
Antivirus Software Is 'Increasingly Useless' and May Make Your Computer Less Safe (www.cbc.ca)
Emily Chung, writing for CBC: Is your antivirus protecting your computer or making it more hackable? Internet security experts are warning that anti-malware technology is becoming less and less effective at protecting your data and devices, and there's evidence that security software can sometimes even make your computer more vulnerable to security breaches. This week, the U.S. Department of Homeland Security's Computer Emergency Readiness Team (CERT) issued a warning about popular antivirus software made by Symantec, some of it under the Norton brand, after security researchers with Google's Project Zero found critical vulnerabilities. "These vulnerabilities are as bad as it gets. They don't require any user interaction, they affect the default configuration, and the software runs at the highest privilege levels possible," wrote Google researcher Tavis Ormandy in a blog post. Symantec said it had verified and addressed the issues in updates that users are advised to install. It's not the only instance of security software potentially making your computer less safe. Concordia University professor Mohammad Mannan and his PhD student Xavier de Carne de Carnavalet recently presented research on antivirus and parental control software packages, including popular brands like AVG, Kaspersky and BitDefender, that bypass some security features built into internet browsers to verify whether sites are safe or not in order to be able to scan encrypted connections for potential threats. In theory, they should make up for it with their own content verification systems. But Mannan's research, presented at the Network and Distributed System Security Symposium in California earlier this year, found they didn't do a very good job. "We were surprised at how bad they were," he said in an interview. "Some of them, they did not even make it secure in any sense."
ilcreasingingly
Is like having a guy with peanut allergies pushing Planters products.
After a recent debacle where Symantec apparently didn't get the proof-of-concept exploit sent to them by a security researcher because the mail filter automatically opened the document and crashed, I friend of mine joked that antivirus software was actually a tool to "automatically click on attachments for you".
TCP: Why the Internet is full of SYN.
ok look, i do some malware analysis.
the thing is, 99% of the malware you run into is run-of-the-mill stuff.
to paraphrase someone who was talking about EMET:
not running AV because some researcher are doing next-level shit is like not wearing your seatbelt because a sniper might get you.
Tavis Ormandy has uncovered a shit-ton of serious vulnerabilities in some big name AV / Endpoint Protection products. Great! Those will get fixed and life goes on. There are also some AV suites that taviso has NOT found bit problems in.
keep in mind also that some other big names in "next level" endpoint protection and security services who monetarily gain from pushing the idea that "endpoint security is dead".
I think installing an adblocker in your webbrowser is probably the best antivirus available today.
The problem with AV software in my eyes is how intrusive they've become, they're worse than viruses in some cases
You install, say, Kaspersky and you immediately get 2 browser plugins installed into Firefox, 3 root certs get dropped into Windows certificate list and kasperskylabs.net scripts get injected into every page you visit, even if you turn the "web shield" off
Not to mention those garbage software "firewalls" that hardly give you any control over anything. Though for instance Avira does it differently, it just takes over Windows Firewall for you and won't even let you turn that "freature" off, so screw you if you configured it by hand.
Just use appropriate browser plugins, Windows Defender, Malwarebytes and common sense.
Antivirus software that detects apps known to be harmful is a form of blacklisting. But as a general rule, blacklisting is considered less secure than whitelisting. An antivirus using whitelisting, such as PC Matic, allows only known good apps to run.
The obvious problem with this approach is who defines the set of known good programs. In a corporate environment, an IT department has the resources to review the programs on which employees rely. But a home PC owner who isn't quite a PC expert may not feel qualified to do this, instead delegating review to a trusted party. This has led to cases of rent-seeking, where a gatekeeper demands payment from each developer to review each app.
Bruce Schneier explains further
"increasingly less useful"
Ow! My eyes! What's wrong with "decreasingly useful"?
Seriously why the hell does Antivirus software need to run its scan engine at Admin group privileges, and why is half of the scan engine running in Ring 0 kernel drivers?
Its amazing, my work laptop BSODs about once a day just because of some crappy driver included in the Antivirus software installed by IT.
Since it crashes that frequently just in normal operation it seems likely that there is at least 1 vulnerability in that driver which is exploitable from user mode.
Almost every client that I have had to deal with infected machines were looking for free movies on the web. They lie and say they have no idea, but when I show them their browsing history then they get all stuttery and defensive. I would say it is about 50/50 with porn and regular movies. I haven't seen many infections thru e-mail that actually make it to the machine.
1. Don't open e-mail you're unfamiliar with or open attachments from senders you don't know.
2. Keep your browsers and OS up-to-date
3. Don't go to sketchy web sites
4. Don't download anything from CNET.
5. Remove Java, flash and silverlight
6. Use an adblocker.
Done.
It is a huge liability to rely on virus definitions and heuristics engines. They are often too little, too late. The trend toward rapid development and advanced threats started about 15 years ago, and it has been making antimalware applications increasingly irrelevant.
Ad- and script-blocking helps, but those are targeted primarily at web browsing, and that is certainly not the only attack vector.
Whitelisting and mandatory access controls (e.g., SELinux) are the only truly effective measures, and they require a lot more work than antivirus. Antivirus is a simple 5-minute installation with automatic updates thereafter---and some even refuse to do that much. There is little hope that most home users will implement anything better.
There are adequate solutions, but they raise the bar in terms of the expertise, expense, and effort required. Even if a company addressed the "expense" issue by releasing a consumer-priced whitelisting application for Windows, there is no clear way to eliminate the other requirements.
In light of all this, I see things getting worse before they get better. It takes a lot of problems before home users pony up their time and money.
---
According to the latest ruleset, this post should be modded as Vorpal Flamebait +5.
Saying that Antivirus Software is useless and using Symantec as an example is like saying that editors are useless and using /. editors as examples.
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
I dont even bother trying to figure out how they got the virus. you know they're going to lie so why bother. clean the machine, get my money and repeat in a couple months. And its no wonder they get irked if you're going through their browsing history. first thing I do is clean all the temp files, cookies, browsing history off before I start doing anything. I dont want to know.
Which I don't understand. You can get porn risk free pretty much on all big platforms. Free porn is a solved problem. No need to go to shady websites.
Hell, it's in the interest of most porn providers to avoid infecting you because, they'd rather have you as a paying customer. Go to the big streaming porn websites, invariably there are payvideo on demand, webcam sites and dating sites behind them. They want you to pay for that. They don't want your credit card number to be lifted by some malware writing shady criminals...
Ahhh...the great dumpster continuum. Many a free computer will be found there. -- sowth (748135)
I remember that shit being so bad that at one point I had to hunt-down a third party program just to remove it since it was clearly designed as a virus itself...
Which is kind of funny, because I'm from Canada, and I realized this 20 years ago (while working as a tech support minion for a branch of the federal government, actually).
File under 'M' for 'Manic ranting'
"Smart surfing" only works in a world in which servers don't ever get breached. We don't live in such a world.
How about "more better less decreasingly not anymore useful or less"?
Enumerating badness is a lousy idea.
Blocking ads doesn't directly block breach of a publisher. But I imagine that breach of a publisher is far less likely than breach of the ad network that the publisher uses because the return on investment for breaching an ad network is greater than that for breaching a publisher. A user who blocks ads is immune to breach of an ad network.
Comment removed based on user account deletion
It's not possible to be increasingly useless.
Clearly someone wasn't around to witness eight years of George W Bush.
Linux, you magnificent bastard, I read the fucking manual!
The last three infections I had were all along the lines of "Virus detected" - "Attempting to remove virus" - [system hijacked]. Seriously, how hard is it to write a reliable and bug free quarantine -.-
Maybe antivirus companies should spend more time on that than adding fucking useless spyware features to their own products (like ssl interception)
I have been working in IT security for nearly 3 decades. Work for a mail hosting company or support large mail infrastructure if you want to find people infected by mail. I have, do, and can tell you that most business PCs are infected through email and attachments. For home PCs, you are right that most comes from malicious sites often hosting video. There is another very small set of hosts who get attacked quite differently. These are targeted service attacks generally masked by a massive DDOS. They are specific, crafted, and staffed with experts at exploiting systems.
You not having clients infected by means other than pr0n is purely due to a very shallow pool of clients.
-The wise argue that there are few absolutes, the fool argues that there are no probabilities.
After a stream of viri made it past the dictionary lookuip and a low hit rate on new viri, I made a decision to not install anti-viris software on any newly built virt boxes.
To replace it, I added an execute permission restrictions policy, so that any thing a limited user downloaded or any file that resided in his/her directory/server file tree could NOT execute. 2nd, I hired a company called "spam experts" to filter incomming emails/ (primary infection path). Lastly and very important, setup a filter for any emails that remembered the old server IP address(open port 25) and bypassed spamexperts(MX reord) to be redirected into a offsite spam holding account.
Finally, added as much encryption as possible, TLS links between email clients and server, same goes for between email servers(TLS over port 25 comms)..
I dont even bother trying to figure out how they got the virus. you know they're going to lie so why bother. clean the machine, get my money and repeat in a couple months.
You could actually give them a better value for their money and offer to train them how to use their computer more wisely. Maybe they'll surprise you and seek more of your services outside of just reactionary repairs.
The Daddy casts sleep on the Baby. The Baby resists!
I remember that shit being so bad that at one point I had to hunt-down a third party program just to remove it since it was clearly designed as a virus itself...
Yeah, Norton had to write a tool just to remove their own shit.
The "Norton Removal Tool" is still available from the Norton site, which should tell people all they need to know about Norton.
Just cruising through this digital world at 33 1/3 rpm...
Yes, I use windows antivirus and have never had any problems.
love is just extroverted narcissism
Except "uselessness" is a binary state, either something is of absolutely no use (useless) or has some quantity of usefulness. There is no gradient in between to be more or less useless.
Ha haaaa. Semantics.
Let me explain this usage:
In prescriptivist theory, comparative words such as "more" or "increasingly" cannot be used with binary state words such as "unique" or "useless". But in practice, when a comparative word is used with a binary state word, the binary state word takes on the meaning of closeness to that state. So "more unique" means "closer to unique", and "increasingly useless" means "increasingly close to useless".
Defender works great for 99% of the stuff out there. For the other 1% that Defender may have problems with, I use MalwareBytes AntiMalware (free version) and Spybot Search & Destroy.
With those, I've never had a problem, nor has anyone I've recommended them to/installed for.
On the other hand, I've uninstalled Symantec from a number of machines for people. Same with Norton. And nobody has ever come back to me asking for that crapware back.
A porte-manteau of:
"ill" and "increasingly"
seems strangely fitting to the subject.
"Sufficiently advanced satire is indistinguishable from reality." - [Tips: 1DrYakQDKCQ6y52z6QbnkxHXAocMZJE61o ]
You really ought to rewrite this occasionally you know. It reads like a spam advertisement by an African prince with a mental illness. I suppose that at least the way it is written we all know what it is and skip past it without bothering to read it. You are welcome for thanking me for my advice.
Facts are history now plebs have politics for religion on social media.
For front-line Web browsing at home, I run a Windows instance in a VM and browse with that. Every so often, I roll back to a snapshot, and continue browsing from there. If the VM gets infected, since it sits behind a PFSense virtual router which is configured to block any traffic going anywhere but out the gateway, block outgoing port 25, and other sanity rules, the VM is limited of what damage it can do.
Even if malware gets your user account's context, it still can do a lot of damage. Ransomware only needs user access to do its dirty deeds, and botnets and BitCoin miners can run well without needing anything from the admin account.
I also recommend Sandboxie if one doesn't want to use a full virtual machine. If the browser gets compromised, it still is only in the sandbox. It can't get to a user context, much less one with admin rights. With the ability to redirect all writes to a separate filesystem, if malware decides to do something annoying like (mkdir foo, cd foo, repeat), you can just format that filesystem and be done with it.
Privilege separation and sandboxing are well-tested mitigation techniques that allow OpenBSD to assert "Only two remote holes in the default install, in a heck of a long time!" - this security record is far, far superior to the Windows OS and the virus scanners that run atop it.
What Microsoft still fails to grasp, even after Gates' force majeur with the XP-SP2 security redesign, is that all applications should default to a strong sandbox. When a developer pushes code outside the sandbox, it should trigger more aggressive audits prior to listing in the Windows store, and user warnings of increasing severity upon installation.
The pertinent question for developers and administrators, especially with regards to network-facing services, is "how strong can we build the cage, and how little can we let out?" Until OS-designers build from this focus, the security tsunami will continue.
doubleplusunuseful
"I don't even look for porn/movies online" = "I look for movies and porn online all the time"
Funnier is some that I know are quite the church goers and then I find traces from "girl on girl" or "young sluts" on their computers. Wouldn't believe how fast they blame someone else.
I remember that shit being so bad that at one point I had to hunt-down a third party program just to remove it since it was clearly designed as a virus itself...
Yeah, Norton had to write a tool just to remove their own shit.
The "Norton Removal Tool" is still available from the Norton site, which should tell people all they need to know about Norton.
Why is that a bad thing? I'd prefer a separate tool to fully remove, rather than the normal Windows Uninstall being programatically accessible. Hell, if I install my AV, I'd love for a specific YubiKey being needed by some authoritative process to remove it.
We shouldn't be trying to get the computer to do things for us, because that makes things more vulnerable to malicious cyberspace actors. Pumping that back into meatspace (hey, how about we bring DIP switches back and require them to be flipped to write to BIOS again) forces humans back into the loop. Physical security and intrusion detection is a hell of a lot more of a solved problem than IoT security.
Hire a Linux system administrator, systems engineer,
You can't be "increasingly less useful" when comparing to yourself.
You can be "increasingly less useful" when comparing to something else, but it doesn't mean what they intended.
If A is increasingly less useful than B, then:
A is less useful than B.
A's usefulness is increasing.
If A is increasingly less useful (than A), then:
A is less useful than A (at some prior point in time).
A's usefulness is increasing (compared to A at that same prior point in time).
That's a contradiction. It makes no sense.
If you don't want increasingly to modify useful, you really need to use that hyphen and write "increasingly-less".
On the other hand, you would do well to write "increasingly and less useful" or "increasingly, less useful" to be more clear for the upward trend.
The best bet, however, is to write "decreasingly useful". The word "decreasing" contains the direction in it, so you don't need to try to negate "increasingly" with "less" and make a mess of things.
I should have added that the porn wasn't the usual porn that they were looking for. Usually animal and scat. Sometimes other things which I wont even speak of. I have had several clients call the police on their significant other also after seeing the list of filth right in front of their eyes.
It's not funny to mock stutterers. I see what u did there.
Antivirus is useless ? News at eleven.
aaaaaaa
AV software should meet the standards for medical treatments, following the virus analogy. First, they should be clearly shown to be 'safe' - to not cause problems on the machine or introduce new vulnerabilities. Second, they should be shown to actually stop known viruses, be able to react to new infections, and in general do a better job than the OS vendor in rapidly adapting to threats.
Frankly, on Mac OS, I don't think any product meets these standards.
Yet if we saw all those people at school we would think someone is trying to steal some kids. The point being that eventually you graduate and leave school. These fuckers keep going for 20+ years!!! How much church schooling do you need???!!! There is only ONE FUCKING BOOK to read.
1st: It doesn't take advantage of speedup & security by hardcoded favorites (where you spend most time online) vs. DNS hijacks or being downed...
2nd: It has dependencies on others' libs - mine doesn't & is self-contained single .exe file code... if those libs like sqlite develop a bug, they have to wait out the fix - I don't.
3rd: It's 'stuck' in 32-bit, whereas by comparison, my program has a native true 64-bit version...
APK
P.S.=> Still a decent program, but it falls short of MINE in those 3 areas (adding it would be imitation @ this point of MY work)... apk
Here's what I wrote in Avast Acquiring AVG thread. It's even more relevant in here.
First off, all virus come from the internet nowadays. Yeah there's USB stick, but, in most case, you plug them between stuff at your house.
Add a good browser paired with ad-block kinda remove all threat from your usual website. Now even Chrome block you from entering website with reported attack. Even sending virus through email seems like a challenge with build-in antivirus check scanning the crap out of every byte in your attached file.
And, as a final layer of security, there's the new Microsoft antivirus (Defender, ex. Microsoft Security defender) that seem to give a decent security. And it's got the most importing feature that all others antivirus seem to lack, it's not a virus itself.
How many time I have checked a slow laptop only to uninstall Norton and see it running fine again? And what about the other free antivirus? When they don't put adware and trick you into giving them money, they just simply sell your data : http://www.pcmag.com/article2/...
So, back to my initial question, are antiviruses still relevant today?
Elok
Why is that a bad thing?
Found the Norton user. Lol, just kidding. If you had Norton running you'd be unable to browse the web, let alone post on slashdot.
-
I'd prefer a separate tool to fully remove, rather than the normal Windows Uninstall being programatically accessible.
That just means the malware would have to find a way to spoof that. It's not a solution, it's a minor impediment as long as the system has write privileges.
-
(hey, how about we bring DIP switches back and require them to be flipped to write to BIOS again)
Actually I'd be all in favor of this, and I'm dead serious. For something like BIOS updates and changes, I'd very much like to have a physical switch that can't be manipulated by software no matter what it wants.
Just cruising through this digital world at 33 1/3 rpm...
Pain medication may also induces paranoia. There was no "sly underhanded comment" at all, it was a very detailed response with a factually verifiable view of the world outside of your personal anecdote.
As a person who has had a full shoulder reconstruction (18 Mitek anchors collar bone, shoulder blade, ball joint), 3 knee surgeries (ACL and Kneecap once, MCL and meniscus twice), and 4 damaged disks (L1-4) I speak from experience in that category too. The Army was fun, but may also cause permanent injury.
-The wise argue that there are few absolutes, the fool argues that there are no probabilities.
It's not possible to be increasingly useless. They could be increasingly less useful, but useless already means that they are no longer useful in any way.
Unfortunately for us readers, they became useless years ago.
It was already useless. What has happened is that it has become more robustly useless. There are multiple ways in which is it useless and any one of those ways is sufficient. Making it partially useful required fixing all the problems that make it useless. By adding more problems that ensure it is useless, its uselessness is rendered more robust against attempt to fix or justify it.
I should use this sig to advertise my book ISBN-13 : 978-1501515132.
Ever since I started carrying this rock, I have not been attacked by a single tiger.
Gamingmuseum.com: Give your 3D accelerator a rest.
nice way to justify your voyeurism. Or is it a desire to look down on and belittle them?
Trawling through someone's browsing history and attributing an infection to "trying to download a movie" is about as robust as any other "pulled it out of my ass" explanation. People with the knowledge of how to track down a root infection cost more than a "rebuild my computer" effort is worth. And, frankly, the time spent is rarely worth it. If all you have is a dead file system (no RAM dumps, no packet captures, not even netflow traffic, no meaningful logging enabled on the end point, no DNS logging, etc.) then there will be a lot of dead ends.
At one time home infections were primarily caused by malicious links spread through instant messaging clients. You could ask about links being clicked on or just save your breath over the argument as to whether or not it was "something they had done" and just remind them to be cautious about links (was it expected? who sent it? hover before click; best practice is to type it in manually to avoid look-a-like domains). And that same advice then serves them well when the delivery method shifts to email.
I've never had a virus on windows 7 and I suspect that's true about most competent users. What are you saying?
love is just extroverted narcissism
Ahhh isn't that true about any religion?? Unless I missed something.......
Not only blocking viruses, but even ads and windows 10?
I thought the term 'Church' covered all the bases. Don't really feel like typing synagogue and temple and mosque and cowfield and morgue and all the other places man sits down with satan and breaks bread.
You folks are just using too many syllables. How about "less useful" as in "less useful by the day".
He must have accidentally added slashdot and it's subdomains to the hosts file on accident and just thought they closed up shop.
"I've never had a virus on windows 7" ...that you knew about
BTW, for all intents and purposes, Macs are consoles. They're not even worthy of PC status.
I disagree. Macs are personal computers because the person who owns it controls what computing is done on it, even down to compiling apps from source code. What game console runs Xcode or even anything remotely like Xcode?
But back to topic: arth1 meant "politically correct", not "personal computer". He perceived "publisher" as a politically correct synonym for "server", unaware of its adtech sense "operator of a site on which an advertisement is placed". If ad networks are breached more often than publishers, measures to protect yourself from breached ad networks have a better payoff than measures to protect yourself from breached publishers.
Continuous integration is in addition to local testing of local incremental builds of a local branch, not a replacement for it. Just because Netscape and Mozilla pioneered CI with the "Tinderbox" system doesn't mean engineers weren't also building Gecko on their own machines.
Well I didn't need to read this to know Norton is garbage. Don't tell me McAfee is as well.
Ain't that the truth. The closest I have seen to a virus transmitted by email was one idiot that got a browser hijacker off of a link he followed from a spam letter. On a related note he also had Norton installed on his pc.
How far does one have to go to get a funny mod around here?
I should use this sig to advertise my book ISBN-13 : 978-1501515132.
I've never had any strange behavior or unknown processes running on my machine and none of my online accounts have been hacked. What exactly should I be worried about?
love is just extroverted narcissism