Slashdot Mirror
Why is Antivirus Software Still a Thing? (vice.com)
Antivirus has been around for more than 20 years. But do you still need it to protect yourself today? From a report: In general, you probably do. But there are caveats. If you are worried about your iPhone, there's actually no real antivirus software for it, and iOS is engineered to make it extremely difficult for hackers to attack users, especially at scale. In the case of Apple's computers, which run MacOS, there are fewer antiviruses, but given that the threat of malware on Mac is increasing ever so slightly, it can't hurt to run an AV on it. If you have an Android phone, on the other hand, an antivirus does not hurt -- especially because there have been several cases of malicious apps available on the Google Play Store. So, on Android, an antivirus will help you, according to Martijn Grooten, the editor of trade magazine Virus Bulletin.
When it comes to computers running Windows, Grooten still thinks you should use an AV. "What antivirus is especially good at is making decisions for you," Grooten told Motherboard, arguing that if you open attachments, click on links, and perhaps you're not too technically savvy, it's good to have an antivirus that can prevent the mistakes you may make in those situations. For Grooten and Simon Edwards, the founder of SE Labs, a company that tests and ranks antivirus software, despite the fact that Windows' own antivirus -- called Defender -- is a good alternative, it's still worth getting a third-party one. "Even if [Defender] wasn't the best and it isn't the best, it's is still a lot better than having nothing," Edwards told Motherboard. Yet, "we do see a benefit in having paid for AV product."
When it comes to computers running Windows, Grooten still thinks you should use an AV. "What antivirus is especially good at is making decisions for you," Grooten told Motherboard, arguing that if you open attachments, click on links, and perhaps you're not too technically savvy, it's good to have an antivirus that can prevent the mistakes you may make in those situations. For Grooten and Simon Edwards, the founder of SE Labs, a company that tests and ranks antivirus software, despite the fact that Windows' own antivirus -- called Defender -- is a good alternative, it's still worth getting a third-party one. "Even if [Defender] wasn't the best and it isn't the best, it's is still a lot better than having nothing," Edwards told Motherboard. Yet, "we do see a benefit in having paid for AV product."
That's an asinine view. Defender is the only av solution needed, and all other products create more problems than the occasional viruses. Third party av apps are security theater.
Most of the paid antivirus packages come with more than the original file inspection. HTTP inspectors, system cleaners, identity theft insurance, etc. There are all sorts of value-added things in there which Defender doesn't do.
This posting is provided 'AS IS' without warranty of any kind, implied or otherwise.
Comment removed based on user account deletion
Authors conclusion: yes, we still need wheels
I work in a pretty small shop with no IT staff, I inherited someone else's workstation with instructions to not reinstall or delete anything.
Of course there are all kinds of weird things happening to the computer and I have no idea what to do. Random browser redirects to Chinese websites like 2345.com, strange rootkit-like things loading at boot (driver files with names like 5sfquib.sys that show no hits in Google), MS Defender randomly panicking about threats and forcing me to reboot...
I have no idea what is going on and I could certainly never do anything about without some sort of anti-virus or anti-malware tools.
Q: Why is Antivirus Software Still a Thing? A: to make you buy "better" hardware
Install several antivirus products and MS OneDrive on a Windows box, watch them battle for who gets to access the file first.
Don't download from porn sites or from untrusted sources or anything from email that you weren't expecting from the sender. .
You'll be fine.
And that virus that comes from a rogue ad on a news site? I know it's rare, bu tit still happens.
Guys from Virus Bulletin and SE Labs that make lots of money from companies that make commercial third-party anti-virus products recommend you buy commercial third-party anti-virus products? Of course.
I just cleaned up a relative's machine. The attack was web browser plug-in related. He had up-to-date Norton Antivirus.
The last time my folks' machine got a virus was shortly after I installed Eset's NOD32 for them. I then installed ad blockers everywhere, and the problem hasn't recurred in several years.
So, did Microsoft tinker with Windows 10 build 1809?
This is a fabulously important question for us to look at.
The answer is: because we continue to operate operating systems and software which are acutely vulnerable to malware - and because we refuse to learn from the lessons of past mistakes.
A big part of the problem is that we've now had malware present in our lives for such a long period of time that there are professional developers and system designers working today who have never known a technology community without malware. Given this context, it is not entirely surprising that we have come to collectively accept this situation as a "given".
The important thing that we need to remember is that it is entirely possible to design and produce a technology stack that is not vulnerable to malware. It's certainly not going to be easy, but it's also not impossible. So now the question becomes: how badly do we want it? The problem is, nobody is asking that question, there is not public discussion or debate.
So the most widespread software in use today (the Microsoft Windows platform, Android, iOS, etc) are not being design in a way where the designers have been given a (design) brief or have been set design objectives with respect to the ability of that software to withstand malware.
So we have logical partitioning and "containerisation" as third-party add-ons (which have to be paid for). We have come to accept this as "the norm". But just think for a moment about that situation in, say, motor vehicles. Imagine that cars and trucks were sold without brakes. Or without locks on the doors. Imagine that you had to buy your car and then somehow get it to a brake system specialist and pick and choose a reasonable set of brakes for your vehicle. Oh, and if you chose wrong and your car didn't stop and you rolled into someone - well, that's just your fault... Would that be acceptable to motorists today?
Somehow I don't think so.
So why should we be willing to accept and pay for incomplete, vulnerable and defective software - and then, having made a purchase (and if you want a copy of, say Windows 10 Pro for a new-build PC, then you are looking at hundreds of dollars), you need to go and spend a bunch more cash making that product secure.
It's really easy to discuss this and fall in to the trap of bashing Microsoft, Apple or Google for shipping vulnerable or incomplete software. But the truth is that we're responsible for this, not them. We're responsible, because enough of us are willing to just roll over and accept this situation. If we collectively pushed back hard enough, maybe used the law, maybe worked to overturn those horrible EULA "this software comes without any warranty, expressed or implied" schtick and had lawmakers push for tighter and more stringent controls, then maybe we'd get better software.
Sadly, I can't see the market fixing this. If it were possible, it would have happened by now.
The latest version of Windows Defender has an option to run it in sandbox mode, so even if it gets infected it can't spread.
Other AV are becoming the targets of attacks and they do not have the deep links into the OS like Defender has, so their days are numbered.
no
There are antivirus packages with expensive subscription agreements installed in thousands of Linux VMs precisely because of: CYA
I cannot imagine the need for an antivirus on Linux. Either the code breaks into supervisor mode or it does not. Adding more and more hooks into it can only possibly increase your surface area. And antivirus companies aren't exactly the most trustworthy of vendors (their motivation is for you to get infected... a little bit).
I hate fear-based architectures.
"Give orange me give eat orange me eat orange give me eat orange give me you." -Nim Chimpsky
...you wont understand.
Any modern browser should easily protect you from that kind of attack. That said, any code that is clever enough to skip through your browser's protections is probably also going to be missed by your Anti-Virus software.
I really don't understand this mindset... "Don't run AV software, it's a scam! Just make sure you're on Google Chrome Nightly and ex-filtrate all your browsing data to Alphabet for every HTTP connection" is not a viable strategy.
If you're being spear-phished or hit by a 0-day attack, there's little that a heuristic AV approach will be able to do and you'll need to hope some other part of your defense catches it. But for any other type of threat, AV is a critical part of that security layering for *any* user, not just novice ones. There are plenty of attacks that my AV of choice has caught that native Windows Defender didn't, not to mention other types of unusual behavior it's been able to suppress.
Security isn't about being l33t and trying to prove how long you can last at pwn2own, it's about responsible interfacing with the outside world and with inside threats -- and AV is pretty critical for consumers and desktop enterprises.
Hire a Linux system administrator, systems engineer,
..instead you need Behavior-Based Anti-Malware software.
Traditional Anti-Virus relies on virus definitions which are static and rely on virus hunters to find these malicious programs, create definitions from, and then disseminate them to AV endpoints. Behavior Malware Detection software instead uses the heuristic approach and determines what the file is trying to do on your system to determine whether to block, notify, and/or quarantine the files. Because of this, Behavior-based Anti-Malware can protect systems WITHOUT network access or centralized control like traditional AV.
While there are many more methods of protecting your operating system with regular system patching, as compute systems become more and more complex, exploits can be much more dangerous than before. And for systems running healthcare systems that cannot be easily updated due to their sensitive nature, Behavior based detection works very well here.
Antivirus companies are the leading cause of viruses and spam. I worked at a company which used Symantec Spam Protector for about 5 years. ~$3,000/yr for the server application with updates. It registered a grand total of 2-3 spams (across all email addresses in the company) per day - it "worked" in that it prevented them from going through, but was still set to log them. Decide it's not worth 3k/yr to prevent an approximate 2% (for the size of the company) chance of a person getting a single spam email per day. The week after the subscription was canceled suddenly every email address in the company was inundated with spam - about 1 every 2-5 minutes for every address. The culprit was obvious so people decided to try to wait them out, a year later they gave up and renewed the subscription, the new spam protection server shows the steady flow of spam (and only blocks ~90% of it.)
Antivirus and anti-spam are the most obvious rackets in modern computing.
Ublock origin
I find it annoying how many AV products identify key-generators, cracks and other actually useful non-malicious stuff as malicious and bad.
I also find it a complete waste of cpu time to run real-time protections. I'm particularly offended there is no way to remove Windows Defender from Windows 10. I should be allowed to make that choice, and I cannot.
As to the others, most AV products are snake-oil at best, their own type of malware at worst. Millions of dollars sucked out of clueless consumers for nothing.
In the enterprise, AV is there because FERPA, HIPAA, and other regulations mandate it. Does it actually stop viruses? At best, maybe an older Trojan horse. However, the best front-line thing is a good ad-blocker, second best is separating your stuff into VMs. QubesOS is definitely the best way of doing things, to ensure stuff cannot touch each other.
Why are condoms still a thing?
And [ in Jerry Seinfeld voice ] "What is the deal with not wanting to get infected?"
TL;DR: Summary: Questions need for AV then lists many reasons why you should (probably) still use it.
TL;DR: Article: Dumb.
It must have been something you assimilated. . . .
Don't download from porn sites
pffft. you'll have better luck telling folks to not have actual sex with dirty people. Viri are going to spread via sexual desires - always.
Politics; n. : A religion whereby man is god.
and there aren't many of those left. Most of the Abandonware sites I used to frequent have shut down (a lot of them started trading warez and it wasn't long until they got popped). The less, shall we say, NFSW sites are such big business these days that they police their malware pretty well. You're more likely to get popped with a virus on CNN. I used to get hit every now and then by a video and Windows Media Player but I started using Youtube + Media Player Classic and I don't pull videos from untrusted sources and that stopped.
Knock on wood and all but if you're tech savvy viruses have a damn hard time getting to you these days.
Hi! I make Firefox Plug-ins. Check 'em out @ https://addons.mozilla.org/en-US/firefox/addon/youtube-mp3-podcaster/
the folks I know working at computer shops agree. They're seeing a _lot_ less calls to remove viruses. It's more than a bit of a problem actually. Virus removals were the Bread and Butter of a lot of these little computer shops. If you've noticed a lot of them going tits up, that's why.
Hi! I make Firefox Plug-ins. Check 'em out @ https://addons.mozilla.org/en-US/firefox/addon/youtube-mp3-podcaster/
Eh, you kinda missed my point. It seems one ONLY needs ad blockers these days. I stopped updating (paying for) my AV a few years ago.
I think the resource consumption has actually been a lot less of an issue now as CPU speed and multi-threaded systems have advanced.
AV got a bad rap in the 90s because it was resource intensive, however the scanning operations haven't increased drastically in terms of cpu time in the past 20 years.
Could it be an issue on the slowest systems and those who are unwilling to upgrade after using a system for more than 5 years? Probably. If you're using a middle of the way i5 with sufficient memory and resources, you really shouldn't notice. However, if your system is a nest of adware, middleware, search toolbars, and other random junk because you frequent illicit streaming sites, your AV might be having a field day.
Practicing good Cyber Hygiene and using a dedicated system or Virtual Machine to screw around is imperative in keeping your system healthy.
I can legally mess with anything on my system.
It is mine.
Now selling/stealing your most glorious code is not.
http://progressquest.com/spoltog.php?name=Son+Of+Son+Of+DarkRookie
Only if the os is stuppid enough to allow executables to be downloaded that way - AND - run it in administrator mode too.
Most operating systems are "stupid enough to allow executables to be downloaded", except Apple iOS and those on game consoles. On any PC operating system, an application that you choose to download and execute will have read/write access to your entire home directory or user profile, without even elevating. This is how ransomware encrypts your files.
Don't download from porn sites or from untrusted sources
How can the median user tell which sources are trustworthy?
I've been running with just Windows Defender for years. As part of my work, I visit several hundred unique new internet sites every week. I haven't gotten a virus since the 90s. On the other hand, I have seen many serious system performance problems solved by removing antivirus software. I'd say that removing AV software is the second biggest performance increase you can have on a modern PC after switching to an SSD. Upgrading to a lower latency internet connection might beat it, but often isn't available (though I have found that using a VPN multiplied my internet throughput in many applications).
you shouldn't run windows. Period.
Blocking ads drives down short-term profits a bit. This drives up long-term interest in developing new economic models. We had a number of alternatives, but they got drowned out by corporations pouring advertising dollars into this new intertubes thingy. Old people trying too hard to prove they were cool. Brick and mortar not knowing how to curate digital product lines. Hopefully only a problem for one or two generations.
I take the long view. Beat back the scourge of advertising -- win. Take Facebook and Google down a notch -- win. Apologies to the small players who get hurt a bit in the process, but these ends justify much harsher means.
If this really bothers you, please help find ways to cultivate non-commercial, unbiased places on the Internet. If you disagree, please get off my lawn. And why are you even on /.? ;)
Temerity ... thanks for my Word for teh Day
If [cessation of service of ad-supported websites in response to widespread ad blocking] really bothers you, please help find ways to cultivate non-commercial, unbiased places on the Internet. If you disagree, please get off my lawn. And why are you even on /.? ;)
Slashdot is in theory ad-supported.
<tt> and <code> are for indicating source code, not for random decoration. Knock that shit off.
My postcard featured a photo of Drottningholm in Stockholm and bore the message: "Greetings from Stockholm! Behave yourself! Regards, Zontar." If you claim it said anything else at all, then you and I both know you're lying.
Any feeling of being threatened came from inside your own head, at about the time you realised that (a) unlike you, I don't make shit up, and when I say I know where you live, I mean exactly that; (b) a less ethical person than I could have sent you something much less pleasant, or even showed up in person.
I really hoped you would learn something from the experience, but you've chosen not to, and I for one will be completely and utterly unsurprised at what happens to you when you piss off the wrong people, which, sooner or later, you will do if you persist in your classic and current behaviour.
And when it does, I'll be sure to send flowers.
Il n'y a pas de Planet B.
Because dickheads write security policies.
"Let's have a piece of software, written by a third party, which runs as an elevated user and is capable of intercepting every file access, replacing content, scanning and modifying all memory for every user, even root/SYSTEM-owned processes, which inserts itself into every file, I/O and process hook, which starts as one of the first things on boot, and tells us whether or not other processes should be blindly trusted, by checking against a list of hashes of 'known-bad' things, which constantly updates automatically from an Internet server with proprietary-format instructions (that we can't dig into) from a third-party probably in Russia or the US, and do this to 'improve security'. Oh, and maybe even let it intercept and decide the veracity of every network packet on all network interfaces. Yeah, right. No problem there."
Or we could make an OS where such things aren't even possible for antivirus, let alone normal processes, and thus secure ourselves that way.
it can't hurt to run an AV on it
Sure it can...
All AV software consumes resources and reduces performance to varying degrees, this could potentially be crippling in some circumstances.
AV software has to run with high privileges in order to intercept network traffic and file accesses etc... Because of this, exploitation of any bugs in the av software are likely to result in root access. AV software is also extremely complex, and designed to parse hostile data - there have been many vulnerabilities and more will be found for sure.
There are also false positives to contend with, AV software has been known to trigger on legitimate files if they contain strings similar to known malware, this could result in programs breaking or loss of data etc.
AV software also typically hooks into the system at a low level, often doing things the os developers never intended, which can often result in instability.
http://spamdecoy.net - free throwaway anonymous email - avoid spam!
Nope missing the point:
We still need antivirus because computers still allow the user to do what they want despite it not being in their best interest, and criminals continue to exploit this problem.
We will continue to need anti-virus until computers no longer allow users to do what they want, but rather only what is permitted.
... Martijn Grooten, the editor of trade magazine Virus Bulletin. No vested interest there then. LOL
F-PROT
A median user should have their driver's license revoked.
Sure it can. AV churns your disk and slows down your system.
Please stop with this stupid trope that information will disappear if there is no advertising dollars to support it! if the information available is that important then there is a business model that doesn't require ads to support it, because if someone really needs it then there is a market to be selling it. please give one example of the situation you claim to be a problem: Absolutely required information that is dependent on advertising dollars to stay on the internet.
Every single piece of information that I require to do any sort of job is supported online by a business that makes money off of it through a related venture (git hub is a grand example) or directly from the consumers of the information (wikipedia, academic journals, etc).
Not only do i block ads, i also have fine control over the scripts that run in my browser and religiously block cross site scripts. The transfer of information is about trust, if i cannot trust a source to provide that information without verifying that their site will not try to compromise my computer then how could i logically trust the information that i require, their motivation is not to provide the information but to make money off of the advertising.
The other side of it is that if a company requires their product to be advertised to stay afloat then they have a shitty product and deserve to shut down because all they are doing is consuming resources that could be better allocated.
In conclusion, any actually useful information will always be available because it is easy to make money off of useful information with out advertising, the same idea works for useful products.
If they haven't figured it by now, their fault
http://progressquest.com/spoltog.php?name=Son+Of+Son+Of+DarkRookie
That process must have read and/or write permission to access the files, and it only gets that if the user which owns the process has that permission.
If you run an executable under your user account, then you are "the user which owns the process", and therefore the process has "read and/or write permission" to all files in your home directory. Is there a standard way to contain such a process?
if the information available is that important then there is a business model that doesn't require ads to support it, because if someone really needs it then there is a market to be selling it.
Enjoy your paywalls.
The other side of it is that if a company requires their product to be advertised to stay afloat then they have a shitty product
How else should the public learn that a product exists in the first place?
ok, so I've learned something today. Despite my having to use "viri" as the plural form of "virus" throughout my entire school career, it's now wrong (showing my age?). This is due to there being no form of the word being plural in Latin. Evidently, "viruses" is now the correct way. Thanks for the heads-up!
Politics; n. : A religion whereby man is god.