A note of interest: lost in the noise by many people in this forum is the report (in the mainstream media) that only manual (on-demand) scans resulted in any problem at all.
The vast majority of users today depend on automated scanning of files as they are used. Automated scans had no trouble.
One of those cases where what would normally be thought of as an extra-cautious approach actually caused extra-trouble.
I've got no inside knowledge, but would guess that the automated scanning path is tested far more carefully (since it has larger implications for potential harm).
Is this an argument for staying close to the mainstream, due to the higher QA bar applied to majority users? Interesting that this brings potential pressure on moving away from a slow-but-careful approach and toward a fast-automated approach. An AntiVirus version of "Real Programmers write in Assembler? Hahahahahaha!!!";)
The root cause is that Microsoft Windows has always had such a crashingly mediocre security architecture.
No argument about the mediocre security architecture.;)
The hard part is: there is no comparably popular, attackable, commercially viable computing product anywhere. So it's hard to know what the "root cause" really is.
Why did I pick those attributes? Because I sense those are important for hacker-publicity:
Popular: gives widespread visibility
Attackable: embedded firmware in an iPod isn't particularly susceptible to interruption;)
Commercially viable: economic viability brings extended investment in publicity, and get-me-where-it-hurts pain.
The latter attribute may not be necessary for my perspective...Linux is popular to some extent, but there's no comparison for this discussion: Linux PLUS Apple together have yet to hit five percent of installed desktops (http://news.com.com/Desktop+Linux+a+vehicle+for+p irating+Windows/2100-1016_3-5388863.html). Just as legitimate developers tend to aim at the 95% solution, so too with crackers.
Thus, I suggest hackers can gain notoriety going after any ubiquitous software product. And they do.
My concern about "uppity" perspectives was directed in general at the idea that some software or methodologies are immune, which many people in this thread have implead.
AVG is superior because it detects infected files and removes them, and is simple to set up, update, and remove. Have you used the latest McAfee offerings for personal computers? Serious pain in the butt, especially if you "upgrade" or start with their on-line version.
Yes, we've evaluated many, and chose (and have used worldwide for several years) McAfee's enterprise-directed "Managed" tools. It's certainly better than McAfee's free-with-PC or cheap-in-a-box versions. (In fact, we advise clients to ignore whatever comes free, and use this. We (a network of IT professional volunteers) picked this to take care of NGO leaders internationally, who are typically clueless about viruses and such. Yet, it serves very nicely for many other environments.
Actually, it's much nicer than anything else we've seen, including AVG and several others. ~Zero or one-click install (zero=push), outsourced policy-based admin (no server s/w to learn/install/maintain), auto-updates, auto-configures on LAN for efficient bandwidth use, one-click enterprisewide summary (no config needed), incorporates anti-malware, blah blah blah.
The only reason McAfee has such a large customer base is...not because they keep computers safer from viruses than their competitors.
In our experience (with the managed solution), ease of install/use/management translates in practical terms to safer computers: we've seen (real-world results) that many admins never bother to fully configure competitive AV management systems, and thus their users can be left on their own.
If we assume (BIG assumption I know) that most Good AV systems will protect from viruses when properly set up and used, then the difference comes down to how well they are implemented and maintained in the real world. That's where we see huge variation among vendors... ease of install/use/admin, support availability (guess which major vendor's "phone support" is only available if you speak Czech!), etc.
My bottom line: AV and AM (AntiMalware) are more important than many people think. If you have lots of time, and are careful, free (i.e. not updated) tools can be helpful. But most people need a paid service, that reliably stays up to date, and that (in practical terms) can and will be fully implemented and properly monitored.
Because of their blacklist model, they have to release definitions and updates very frequently. They have to release these updates as quickly as possible as well, or else their subscribers will be infected with these viruses before they get the updates.
McAfee uses both heuristics and (blacklist) signatures. Heuristics find about 40% of viruses, IIRC. But that's not good enough. So, what do you suggest?
...their software is very bloated and complicated, needing to be able to defend against a huge variety of attacks, both immidiate[sic] and obsolete.
What basis is there for saying it requires bloated, complex software to protect against a variety of attacks, or that McAfee's tools are bloatware? Unless you've seen the code, I think we can't say. I use their tools, and the footprint is pretty tiny! (Total size of all of their DLL/EXE loaded right now: 2.5MB)
This results in a very error-likely situation.
To me, the fact that there are "a huge variety of attacks, both immidiate and obsolete" is what results in an error-likely situation. Let's face it, connected, up-to-date computing is dangerous.
My SMTP server allows ~4 emails per hour through its front door. It rejects (without even looking at message body!) about 2 per second. And that's with very conservative rules designed to avoid false-rejections of all kinds. When 99.9+ percent of all messages are bogus, and when many (most?) web pages include dynamic content (advertising and more) from outside sources, it's no wonder we see ever-more prevalent widespread failures.
ALL software requires occasional updates. ALL software can contain bugs. And ALL programmers can mess up. Even with a great QA team.
To me, this whole situation is a great lesson in humility.
According to McAfee, they:
* Use both heuristics and more-specific signatures to find the bad guys. (Heuristics catch about 40%, signatures about 60%, IIRC)
* Have a worldwide team of F/T engineers that work on detection/signatures/etc
* Have a big enough customer base so the cost is spread widely.
So: in what way is AVG (or any other security software system) superior?
Keeping computers safe from increasingly smart malware is an ongoing battle. It's unwise to get uppity about how "MY system can't possibly have that problem!"
I still think McAfee has a Really Good Methodology. But as long as we live on this planet, Murphy rules.
Slashdot Mirror
A note of interest: lost in the noise by many people in this forum is the report (in the mainstream media) that only manual (on-demand) scans resulted in any problem at all.
;)
The vast majority of users today depend on automated scanning of files as they are used. Automated scans had no trouble.
One of those cases where what would normally be thought of as an extra-cautious approach actually caused extra-trouble.
I've got no inside knowledge, but would guess that the automated scanning path is tested far more carefully (since it has larger implications for potential harm).
Is this an argument for staying close to the mainstream, due to the higher QA bar applied to majority users? Interesting that this brings potential pressure on moving away from a slow-but-careful approach and toward a fast-automated approach. An AntiVirus version of "Real Programmers write in Assembler? Hahahahahaha!!!"
No argument about the mediocre security architecture. ;)
The hard part is: there is no comparably popular, attackable, commercially viable computing product anywhere. So it's hard to know what the "root cause" really is.
Why did I pick those attributes? Because I sense those are important for hacker-publicity:
Popular: gives widespread visibility
Attackable: embedded firmware in an iPod isn't particularly susceptible to interruption ;)
Commercially viable: economic viability brings extended investment in publicity, and get-me-where-it-hurts pain.
The latter attribute may not be necessary for my perspective...Linux is popular to some extent, but there's no comparison for this discussion: Linux PLUS Apple together have yet to hit five percent of installed desktops (http://news.com.com/Desktop+Linux+a+vehicle+for+p irating+Windows/2100-1016_3-5388863.html). Just as legitimate developers tend to aim at the 95% solution, so too with crackers.
Thus, I suggest hackers can gain notoriety going after any ubiquitous software product. And they do.
My concern about "uppity" perspectives was directed in general at the idea that some software or methodologies are immune, which many people in this thread have implead.
AVG is superior because it detects infected files and removes them, and is simple to set up, update, and remove. Have you used the latest McAfee offerings for personal computers? Serious pain in the butt, especially if you "upgrade" or start with their on-line version.
Yes, we've evaluated many, and chose (and have used worldwide for several years) McAfee's enterprise-directed "Managed" tools. It's certainly better than McAfee's free-with-PC or cheap-in-a-box versions. (In fact, we advise clients to ignore whatever comes free, and use this. We (a network of IT professional volunteers) picked this to take care of NGO leaders internationally, who are typically clueless about viruses and such. Yet, it serves very nicely for many other environments.
Actually, it's much nicer than anything else we've seen, including AVG and several others. ~Zero or one-click install (zero=push), outsourced policy-based admin (no server s/w to learn/install/maintain), auto-updates, auto-configures on LAN for efficient bandwidth use, one-click enterprisewide summary (no config needed), incorporates anti-malware, blah blah blah.
The only reason McAfee has such a large customer base is...not because they keep computers safer from viruses than their competitors.
In our experience (with the managed solution), ease of install/use/management translates in practical terms to safer computers: we've seen (real-world results) that many admins never bother to fully configure competitive AV management systems, and thus their users can be left on their own.
If we assume (BIG assumption I know) that most Good AV systems will protect from viruses when properly set up and used, then the difference comes down to how well they are implemented and maintained in the real world. That's where we see huge variation among vendors... ease of install/use/admin, support availability (guess which major vendor's "phone support" is only available if you speak Czech!), etc.
My bottom line: AV and AM (AntiMalware) are more important than many people think. If you have lots of time, and are careful, free (i.e. not updated) tools can be helpful. But most people need a paid service, that reliably stays up to date, and that (in practical terms) can and will be fully implemented and properly monitored.
McAfee uses both heuristics and (blacklist) signatures. Heuristics find about 40% of viruses, IIRC. But that's not good enough. So, what do you suggest?
What basis is there for saying it requires bloated, complex software to protect against a variety of attacks, or that McAfee's tools are bloatware? Unless you've seen the code, I think we can't say. I use their tools, and the footprint is pretty tiny! (Total size of all of their DLL/EXE loaded right now: 2.5MB)
This results in a very error-likely situation.
To me, the fact that there are "a huge variety of attacks, both immidiate and obsolete" is what results in an error-likely situation. Let's face it, connected, up-to-date computing is dangerous.
My SMTP server allows ~4 emails per hour through its front door. It rejects (without even looking at message body!) about 2 per second. And that's with very conservative rules designed to avoid false-rejections of all kinds. When 99.9+ percent of all messages are bogus, and when many (most?) web pages include dynamic content (advertising and more) from outside sources, it's no wonder we see ever-more prevalent widespread failures.
ALL software requires occasional updates. ALL software can contain bugs. And ALL programmers can mess up. Even with a great QA team.
To me, this whole situation is a great lesson in humility.
According to McAfee, they:
* Use both heuristics and more-specific signatures to find the bad guys. (Heuristics catch about 40%, signatures about 60%, IIRC)
* Have a worldwide team of F/T engineers that work on detection/signatures/etc
* Have a big enough customer base so the cost is spread widely.
So: in what way is AVG (or any other security software system) superior?
Keeping computers safe from increasingly smart malware is an ongoing battle. It's unwise to get uppity about how "MY system can't possibly have that problem!"
I still think McAfee has a Really Good Methodology. But as long as we live on this planet, Murphy rules.