Slashdot Mirror
Why is Antivirus Software Still a Thing? (vice.com)
Antivirus has been around for more than 20 years. But do you still need it to protect yourself today? From a report: In general, you probably do. But there are caveats. If you are worried about your iPhone, there's actually no real antivirus software for it, and iOS is engineered to make it extremely difficult for hackers to attack users, especially at scale. In the case of Apple's computers, which run MacOS, there are fewer antiviruses, but given that the threat of malware on Mac is increasing ever so slightly, it can't hurt to run an AV on it. If you have an Android phone, on the other hand, an antivirus does not hurt -- especially because there have been several cases of malicious apps available on the Google Play Store. So, on Android, an antivirus will help you, according to Martijn Grooten, the editor of trade magazine Virus Bulletin.
When it comes to computers running Windows, Grooten still thinks you should use an AV. "What antivirus is especially good at is making decisions for you," Grooten told Motherboard, arguing that if you open attachments, click on links, and perhaps you're not too technically savvy, it's good to have an antivirus that can prevent the mistakes you may make in those situations. For Grooten and Simon Edwards, the founder of SE Labs, a company that tests and ranks antivirus software, despite the fact that Windows' own antivirus -- called Defender -- is a good alternative, it's still worth getting a third-party one. "Even if [Defender] wasn't the best and it isn't the best, it's is still a lot better than having nothing," Edwards told Motherboard. Yet, "we do see a benefit in having paid for AV product."
When it comes to computers running Windows, Grooten still thinks you should use an AV. "What antivirus is especially good at is making decisions for you," Grooten told Motherboard, arguing that if you open attachments, click on links, and perhaps you're not too technically savvy, it's good to have an antivirus that can prevent the mistakes you may make in those situations. For Grooten and Simon Edwards, the founder of SE Labs, a company that tests and ranks antivirus software, despite the fact that Windows' own antivirus -- called Defender -- is a good alternative, it's still worth getting a third-party one. "Even if [Defender] wasn't the best and it isn't the best, it's is still a lot better than having nothing," Edwards told Motherboard. Yet, "we do see a benefit in having paid for AV product."
That's an asinine view. Defender is the only av solution needed, and all other products create more problems than the occasional viruses. Third party av apps are security theater.
Well, that and the corporate need to CYOA.
But you're kidding yourself if an antivirus is going to keep your router from being recruited for a botnet or your computer from getting pwned by a drive-by javascript zero-day.
Most of the paid antivirus packages come with more than the original file inspection. HTTP inspectors, system cleaners, identity theft insurance, etc. There are all sorts of value-added things in there which Defender doesn't do.
This posting is provided 'AS IS' without warranty of any kind, implied or otherwise.
Comment removed based on user account deletion
This article is right up his alley (butt hole)!
Don't download from porn sites or from untrusted sources or anything from email that you weren't expecting from the sender. .
You'll be fine.
What the hell are you talking about?!!! Does self proclaimed "Capitalist Tool" Forbes.com still not vet their third-party web ads for malware?! And then have the temerity to whine for you to turn off your ad-blocker? Because caveat emptor loser bitch!
Authors conclusion: yes, we still need wheels
I work in a pretty small shop with no IT staff, I inherited someone else's workstation with instructions to not reinstall or delete anything.
Of course there are all kinds of weird things happening to the computer and I have no idea what to do. Random browser redirects to Chinese websites like 2345.com, strange rootkit-like things loading at boot (driver files with names like 5sfquib.sys that show no hits in Google), MS Defender randomly panicking about threats and forcing me to reboot...
I have no idea what is going on and I could certainly never do anything about without some sort of anti-virus or anti-malware tools.
https://www.bleepingcomputer.com/news/security/iphone-x-galaxy-s9-xiaomi-mi6-fall-at-pwn2own-tokyo/
Q: Why is Antivirus Software Still a Thing? A: to make you buy "better" hardware
Install several antivirus products and MS OneDrive on a Windows box, watch them battle for who gets to access the file first.
Guys from Virus Bulletin and SE Labs that make lots of money from companies that make commercial third-party anti-virus products recommend you buy commercial third-party anti-virus products? Of course.
I just cleaned up a relative's machine. The attack was web browser plug-in related. He had up-to-date Norton Antivirus.
The last time my folks' machine got a virus was shortly after I installed Eset's NOD32 for them. I then installed ad blockers everywhere, and the problem hasn't recurred in several years.
This is a fabulously important question for us to look at.
The answer is: because we continue to operate operating systems and software which are acutely vulnerable to malware - and because we refuse to learn from the lessons of past mistakes.
A big part of the problem is that we've now had malware present in our lives for such a long period of time that there are professional developers and system designers working today who have never known a technology community without malware. Given this context, it is not entirely surprising that we have come to collectively accept this situation as a "given".
The important thing that we need to remember is that it is entirely possible to design and produce a technology stack that is not vulnerable to malware. It's certainly not going to be easy, but it's also not impossible. So now the question becomes: how badly do we want it? The problem is, nobody is asking that question, there is not public discussion or debate.
So the most widespread software in use today (the Microsoft Windows platform, Android, iOS, etc) are not being design in a way where the designers have been given a (design) brief or have been set design objectives with respect to the ability of that software to withstand malware.
So we have logical partitioning and "containerisation" as third-party add-ons (which have to be paid for). We have come to accept this as "the norm". But just think for a moment about that situation in, say, motor vehicles. Imagine that cars and trucks were sold without brakes. Or without locks on the doors. Imagine that you had to buy your car and then somehow get it to a brake system specialist and pick and choose a reasonable set of brakes for your vehicle. Oh, and if you chose wrong and your car didn't stop and you rolled into someone - well, that's just your fault... Would that be acceptable to motorists today?
Somehow I don't think so.
So why should we be willing to accept and pay for incomplete, vulnerable and defective software - and then, having made a purchase (and if you want a copy of, say Windows 10 Pro for a new-build PC, then you are looking at hundreds of dollars), you need to go and spend a bunch more cash making that product secure.
It's really easy to discuss this and fall in to the trap of bashing Microsoft, Apple or Google for shipping vulnerable or incomplete software. But the truth is that we're responsible for this, not them. We're responsible, because enough of us are willing to just roll over and accept this situation. If we collectively pushed back hard enough, maybe used the law, maybe worked to overturn those horrible EULA "this software comes without any warranty, expressed or implied" schtick and had lawmakers push for tighter and more stringent controls, then maybe we'd get better software.
Sadly, I can't see the market fixing this. If it were possible, it would have happened by now.
The latest version of Windows Defender has an option to run it in sandbox mode, so even if it gets infected it can't spread.
Other AV are becoming the targets of attacks and they do not have the deep links into the OS like Defender has, so their days are numbered.
no
There are antivirus packages with expensive subscription agreements installed in thousands of Linux VMs precisely because of: CYA
I cannot imagine the need for an antivirus on Linux. Either the code breaks into supervisor mode or it does not. Adding more and more hooks into it can only possibly increase your surface area. And antivirus companies aren't exactly the most trustworthy of vendors (their motivation is for you to get infected... a little bit).
I hate fear-based architectures.
"Give orange me give eat orange me eat orange give me eat orange give me you." -Nim Chimpsky
believes that we should use AV software?
Amazing reporting.
This anecdotal post brought to you by our sponsor: NOD32. Because when you are dealing with old folks, you need NOD32.
...you wont understand.
..instead you need Behavior-Based Anti-Malware software.
Traditional Anti-Virus relies on virus definitions which are static and rely on virus hunters to find these malicious programs, create definitions from, and then disseminate them to AV endpoints. Behavior Malware Detection software instead uses the heuristic approach and determines what the file is trying to do on your system to determine whether to block, notify, and/or quarantine the files. Because of this, Behavior-based Anti-Malware can protect systems WITHOUT network access or centralized control like traditional AV.
While there are many more methods of protecting your operating system with regular system patching, as compute systems become more and more complex, exploits can be much more dangerous than before. And for systems running healthcare systems that cannot be easily updated due to their sensitive nature, Behavior based detection works very well here.
Antivirus hurts a lot. It slows down your system and uses resources like mad. You wouldn't want to ever use it unless you have to. It sucks.
I'll just leave this here:
https://www.cvedetails.com/product/15556/Apple-Iphone-Os.html?vendor_id=49
Antivirus companies are the leading cause of viruses and spam. I worked at a company which used Symantec Spam Protector for about 5 years. ~$3,000/yr for the server application with updates. It registered a grand total of 2-3 spams (across all email addresses in the company) per day - it "worked" in that it prevented them from going through, but was still set to log them. Decide it's not worth 3k/yr to prevent an approximate 2% (for the size of the company) chance of a person getting a single spam email per day. The week after the subscription was canceled suddenly every email address in the company was inundated with spam - about 1 every 2-5 minutes for every address. The culprit was obvious so people decided to try to wait them out, a year later they gave up and renewed the subscription, the new spam protection server shows the steady flow of spam (and only blocks ~90% of it.)
Antivirus and anti-spam are the most obvious rackets in modern computing.
Our E&O Professional Insurance requires that we have A/V on all computing devices.
We don't run Windows.
The insurance company is full of idiots.
What does your hatred for ZIP have to do with the need for antivirus software?
Or are you just going to spam this in every article, even though it has nothing to do with the topics of those articles?
I challenge you to show that your post is relevant to the continued need for antivirus software.
Ublock origin
I find it annoying how many AV products identify key-generators, cracks and other actually useful non-malicious stuff as malicious and bad.
I also find it a complete waste of cpu time to run real-time protections. I'm particularly offended there is no way to remove Windows Defender from Windows 10. I should be allowed to make that choice, and I cannot.
As to the others, most AV products are snake-oil at best, their own type of malware at worst. Millions of dollars sucked out of clueless consumers for nothing.
antivirus software has been redundant since windows 7 and everybody knows that but i'm posting for the few who don't. don't be misled. i now suspect slashdot of ulterior motives... (ad revenue?)
we're talking about APK here. the better thing to do is to ignore him and hopes he goes away after taking his meds
Being familiar with how to be safe is better then any expensive paid security suite. Just read up on how to be safe and stop depending on security software. All operating systems have features in place for security protection. Windows is no exception anymore with Defender. All the others by design are protecting you with no outside security needed. There absolutely not perfect, but neither is any expensive third party solution.
In the enterprise, AV is there because FERPA, HIPAA, and other regulations mandate it. Does it actually stop viruses? At best, maybe an older Trojan horse. However, the best front-line thing is a good ad-blocker, second best is separating your stuff into VMs. QubesOS is definitely the best way of doing things, to ensure stuff cannot touch each other.
Why are condoms still a thing?
And [ in Jerry Seinfeld voice ] "What is the deal with not wanting to get infected?"
TL;DR: Summary: Questions need for AV then lists many reasons why you should (probably) still use it.
TL;DR: Article: Dumb.
It must have been something you assimilated. . . .
and there aren't many of those left. Most of the Abandonware sites I used to frequent have shut down (a lot of them started trading warez and it wasn't long until they got popped). The less, shall we say, NFSW sites are such big business these days that they police their malware pretty well. You're more likely to get popped with a virus on CNN. I used to get hit every now and then by a video and Windows Media Player but I started using Youtube + Media Player Classic and I don't pull videos from untrusted sources and that stopped.
Knock on wood and all but if you're tech savvy viruses have a damn hard time getting to you these days.
Hi! I make Firefox Plug-ins. Check 'em out @ https://addons.mozilla.org/en-US/firefox/addon/youtube-mp3-podcaster/
the folks I know working at computer shops agree. They're seeing a _lot_ less calls to remove viruses. It's more than a bit of a problem actually. Virus removals were the Bread and Butter of a lot of these little computer shops. If you've noticed a lot of them going tits up, that's why.
Hi! I make Firefox Plug-ins. Check 'em out @ https://addons.mozilla.org/en-US/firefox/addon/youtube-mp3-podcaster/
You said it ZIP: So where's your work everyone can see/use? It's not. It's HOTAIRWARE/NOTWARE (lol) "I'm a much better programmer than APK" - by Anonymous Coward ZIP on Monday October 08, 2018 @11:27PM (#57449082) FROM https://yro.slashdot.org/comme... ?
The BETTER PROGRAMMER w/ no programs, lol - @ least you can say your "code" has NO BUGS - of course, it also does ZERO (like you) since it does nothing @ all, lol!
You hotair BLOWHARD talker, lol!
You f'd up ZIP https://tech.slashdot.org/comm...
Yet 100,000++ users of my ware & dozens of even REGISTERED /.ers like/use/praise MY work https://news.slashdot.org/comm... vs. your HOTAIR talk punk!
* LMAO!
(Let's see how YOU take it when I publicly SHIT ALL OVER YOU by letting FACTS of YOUR FUCKUPS vs. ME https://science.slashdot.org/c... do the job for me)
APK
P.S.=> You STUPID & LAZY all talk chimpanzee... apk
Most ,if not all, AV software start as just that. Then they have to add new features and it becomes bloatware. I do not need a firewall-email scanner-files scanner-personal information tool-disk scrubbing-new browser-... monstrosity that takes half my system and leaks out my info to the vendor of that suite. Just an AV.
But companies have to keep producing new stuff to sell to stay alive and grow so you end up with monsters. They often cause more issues than they solve.
And thereâ(TM)s the close to criminal attempts to get you to get the paid version through confusion (upgrade vs update trick).
AV software needs to be lean and better before I trust them (which I did before I lost confidence in recent years).
I wonder whether the reason why we rarely see smartphone viruses is because they're used for political activism. Can anyone explain why we never hear about rightwing hacker groups?
Why is msmash still a thing?
(Besides posting stupid article like this)
I may be wrong, but I regard AV software as extremely hazardous.
AV software is like the facehugger in Aliens - tendrils deep in the brain, which is to say, the kernel.
If AV has a problem, your Windows installation has a problem.
I could imagine for vulnerable users, AV might be better than no AV - but one vulnerable user I know had AV and was infected, because he clicked "yes" on the warning dialog, because he didn't understand it.
The other problem with AV software, like a lot of software these days, is that it is personally intrusive, in ways which are not controllable, and collects information for marketing.
It is clear there is an agenda to increase sales of Anti-Virus with this post. But where is the mention of Application Whitelisting (e.g. https://www.shellprotect.com/)?
Applications Whitelisting is recommended above AntiVirus by the NSA, FBI and ASD based on their experience dealing with real world cyber attacks?
I'm fucking sick and tired of all the major AVs detecting things like MS Toolkit and AutoKMS as a "severe threat." There is literally zero risk to the user with AutoKMS. The risk is to Microsoft's bottom line. Malwarebytes is also EXTREMELY zealous in their anti-piracy crusade, going so far as to undo a Windows Loader boot patch that activates Windows. I can't run an antivirus because of this stuff. I'm not giving up my pirated copies. I paid for legit copies of several things, but I choose to run pirated versions to avoid things like the great Win10 Pro activation murder event that recently went down and that several people have yet to recover from. I have a massive hate for product activation and copy protection and take an extreme moral stance against them both. If all AVs get in the way of that then I shall run none. And that's exactly what I do.
To force disable Windows Defender on Win10, it's a DWORD called DisableAntiSpyware. Look it up.
Only if the os is stuppid enough to allow executables to be downloaded that way - AND - run it in administrator mode too.
Most operating systems are "stupid enough to allow executables to be downloaded", except Apple iOS and those on game consoles. On any PC operating system, an application that you choose to download and execute will have read/write access to your entire home directory or user profile, without even elevating. This is how ransomware encrypts your files.
I've been running with just Windows Defender for years. As part of my work, I visit several hundred unique new internet sites every week. I haven't gotten a virus since the 90s. On the other hand, I have seen many serious system performance problems solved by removing antivirus software. I'd say that removing AV software is the second biggest performance increase you can have on a modern PC after switching to an SSD. Upgrading to a lower latency internet connection might beat it, but often isn't available (though I have found that using a VPN multiplied my internet throughput in many applications).
you shouldn't run windows. Period.
Temerity ... thanks for my Word for teh Day
Antivirus software are programs that help protect your computer against most viruses, worms, Trojan horses, and other unwanted invaders that can make your computer "sick." help keep your computer healthy, install F-PROT Antivirus. If any problem to Kaspersky HTTP Error 501, just Contact our experts immediately for Kaspersky Error. Visit: https://kasperskysupportnumber.co.uk/blog/fix-kaspersky-http-error-501/
"my already GREAT PHYSIQUE" - You are starting to sound like Donald Trump.
My postcard featured a photo of Drottningholm in Stockholm and bore the message: "Greetings from Stockholm! Behave yourself! Regards, Zontar." If you claim it said anything else at all, then you and I both know you're lying.
Any feeling of being threatened came from inside your own head, at about the time you realised that (a) unlike you, I don't make shit up, and when I say I know where you live, I mean exactly that; (b) a less ethical person than I could have sent you something much less pleasant, or even showed up in person.
I really hoped you would learn something from the experience, but you've chosen not to, and I for one will be completely and utterly unsurprised at what happens to you when you piss off the wrong people, which, sooner or later, you will do if you persist in your classic and current behaviour.
And when it does, I'll be sure to send flowers.
Il n'y a pas de Planet B.
Because dickheads write security policies.
"Let's have a piece of software, written by a third party, which runs as an elevated user and is capable of intercepting every file access, replacing content, scanning and modifying all memory for every user, even root/SYSTEM-owned processes, which inserts itself into every file, I/O and process hook, which starts as one of the first things on boot, and tells us whether or not other processes should be blindly trusted, by checking against a list of hashes of 'known-bad' things, which constantly updates automatically from an Internet server with proprietary-format instructions (that we can't dig into) from a third-party probably in Russia or the US, and do this to 'improve security'. Oh, and maybe even let it intercept and decide the veracity of every network packet on all network interfaces. Yeah, right. No problem there."
Or we could make an OS where such things aren't even possible for antivirus, let alone normal processes, and thus secure ourselves that way.
I os can somewhat side load now. It's annoying as all hell and not at all practical for normal use, but all you need is that "okay" from the user and a bug
Is someone seriously posting this rubbish that the iPhone is secure?> This is just Apple propaganda. The iPhone is usually the first to go down in hacking conventions and besides there is nothing in the software which is any different from any other operating system. We have to stop misleading Apple fanboys (who are not the brightest of bulbs) by publishing Apple advertising in mainstream news articles.
it can't hurt to run an AV on it
Sure it can...
All AV software consumes resources and reduces performance to varying degrees, this could potentially be crippling in some circumstances.
AV software has to run with high privileges in order to intercept network traffic and file accesses etc... Because of this, exploitation of any bugs in the av software are likely to result in root access. AV software is also extremely complex, and designed to parse hostile data - there have been many vulnerabilities and more will be found for sure.
There are also false positives to contend with, AV software has been known to trigger on legitimate files if they contain strings similar to known malware, this could result in programs breaking or loss of data etc.
AV software also typically hooks into the system at a low level, often doing things the os developers never intended, which can often result in instability.
http://spamdecoy.net - free throwaway anonymous email - avoid spam!
1. Don't fall for phishing attacks.
2. Don't login as Administrator/root user.
3. Don't run unsafe operating systems (Windows!)
Nope missing the point:
We still need antivirus because computers still allow the user to do what they want despite it not being in their best interest, and criminals continue to exploit this problem.
We will continue to need anti-virus until computers no longer allow users to do what they want, but rather only what is permitted.
... Martijn Grooten, the editor of trade magazine Virus Bulletin. No vested interest there then. LOL
F-PROT
Sure it can. AV churns your disk and slows down your system.
Try 35, maybe 40 years. The concept, probably 45-50 years.
AV programs interfere with the other programs you are using to do things.
For the majority of professional developers who are forced to use Windows, we can't have AV running while we make fixes and features.
Have Windows, Linux, and Mac and all have an ad-blocker and nothing more. Even neutered Win10 telemetry and updates and everything still works.
AV acts more like the thing it is preventing. AV programs should not be able to suddenly block ports or to interfere with applications you run every day.
See how STUPID "ZIP" (Zach Patterson) the CHIMP is (tried to take credit for what I solved before him) https://tech.slashdot.org/comm... (he needs to LEARN TO READ)!
I even SHOW ways to do it YOURSELF https://tech.slashdot.org/comm... (he couldn't).
Delphi/FreePascal/ObjectPascal HAS no issue w/ null-term'd string bufferoverflows - C does, C++ can UNLESS you do what I said 1st loser.
Tell us about CODE SIGNING (which has been STOLEN & ABUSED) https://www.helpnetsecurity.co... MY METHOD CAN'T BE (upmodded +2 INTERESTING in CODING FOR DEFCON no less) https://it.slashdot.org/commen...
"I'm a much better programmer than APK" - by Anonymous Coward ZIP on Monday October 08, 2018 @11:27PM (#57449082) FROM https://yro.slashdot.org/comme...
BIG TALK - Yet ZIP has nothing to show in programs. I can https://news.slashdot.org/comm... from registered /.ers liking/using/praising my work (& 100k users worldwide too). He can't.
LIAR ZIP says he has no account "I don't have an account, so I don't have mod points" https://news.slashdot.org/comm...
Yet LIAR ZIP says he downmods my posts (IMPOSSIBLE MINUS AN ACCOUNT on /.): "I down-modded a few of your post on other threads" - by Anonymous Coward "ZIP" on Thursday October 11, 2018 @11:31AM (#57461058) FROM https://yro.slashdot.org/comme...
APK
P.S.=> KEEP IMPERSONATING ME CHIMP - this comes out every time, lol!... apk
That process must have read and/or write permission to access the files, and it only gets that if the user which owns the process has that permission.
If you run an executable under your user account, then you are "the user which owns the process", and therefore the process has "read and/or write permission" to all files in your home directory. Is there a standard way to contain such a process?
Because people still make malware & as long as there is something to be gained from infecting someones computer system. People will continue to write it. I am yet to come across a computer that does not have antivirus installed that is not infested with the stuff.
The fact Windows has a descent one built in & switched on by default these days is fantastic. As much as I love Windows XP, from a security standpoint it was a mess.