Security

The end of antivirus software? Not so fast

The value of antivirus software is controversial. Michael P. Kassner asks an AV-testing expert why, and if it needs to be this way.

Antivirus applications rely on malware signatures, antivirus programs are not proactive, antivirus software is ineffective. Sound familiar? I've succumbed to the mantra myself, writing -- "How antivirus software works: Is it worth it?" and "Traditional antivirus software is useless against military malware."

If that's true, why do the same reports slaying antivirus applications end with the CYA -- never ever leave your digital home without AV software. Case in point, my final thoughts on the first article linked above:

Being one of those "rather be safe than sorry" types, I will continue to suggest using an antivirus program.

So what gives?

I decided to ignore the conjecture, the innuendo, even my own, and ask an expert. Preferably, one who tests antivirus applications day in and day out, maybe even the chairman of some testing organization.

It just so happens I bumped into such a person; his name is Simon Edwards. He is the Technical Director of Dennis Technology Labs, and -- current chairman of AMTSO, the AntiMalware Testing Standards Organization..

To be honest, AMTSO wasn't on my radar. Which is odd -- the member list is a veritable "who's who" in the antivirus industry. I found it interesting to see testing organizations and vendors working together.

I checked out a few of the AMTSO organizational documents -- pretty in-depth stuff. For example, I found a document that spent 19 pages debating the pros and cons of creating malware specifically for testing:

One of the most hotly-debated issues in the antimalware industry today is the question as to whether it is ever right to create a new piece of malware for the purpose of testing antimalware software.

There it is. We have the controversy, and we have an expert that knows AV software inside and out. Let's see what he has to say.

Kassner: Welcome Simon. One of the first things I'd like to clear up is whether antivirus software and antimalware are the same thing or not, and which term does the industry prefer? Edwards: That's an interesting question. All so-called "antivirus" software does far more than detect and remove viruses. Companies only use this phrase because consumers are familiar with it.

To be honest, AV software often handles more than malware -- blocking phishing attacks for instance. It's probably more realistic to describe it as "internet-security software," but that's so non-specific I can understand why firms stick with antivirus.

Kassner: Good enough for me, we'll stick with antivirus as well. Simon, you wear two different, yet related hats -- that of Technical Director of Dennis Technology Labs and Chairman of AMTSO. Could you tell us about each, starting with Technical Director? Edwards: Dennis Technology Labs specializes in internet-threat testing, having the required methodology and expertise in this challenging area. As Technical Director, my main task involves ensuring tests are conducted properly. Another focus of mine is developing new tests to address the latest challenges. I personally have been testing antivirus software for well over a decade.

Testing antivirus software is hard to do well. So, unfortunately there is a lot of poor testing going on. The result is confusion for consumers, and frustration from antivirus vendors. To try to address this situation, all of the best-known vendors and testers formed the non-profit organization AMTSO.

AMTSO's mission is to promote the best testing possible. A good test is one that is unbiased towards vendors, the methodology is transparent, and the results are both meaningful and scientific. All testers should want to achieve these goals. I was voted in as Chairman last year.

Kassner: IT professionals and security pundits are saying antivirus software is a lost cause. It's based on a reactionary model, thus destined to never meet expectations. How would you respond to those concerns? Edwards: A lot of criticism toward antivirus solutions is based on an out-of-date view of how these products work. For example, some people assume "antivirus software" is just a simple file scanner.

In the old days, malicious files were analyzed, after which a "definition" would be added to the antivirus database. This was distributed to PCs running the scanner, which would then be able to detect the new file as being malicious.

This is far from reality today. Modern antivirus products include behavioral components, file and website reputation systems, and a variety of other layered defenses. Some include exploit-code blocking, which is particularly effective.

Are these all reactive? To an extent, yes, it is impossible to predict which websites criminals will compromise next. Also, malicious files change fast. However, many attacks use the same toolkits, so products that support exploit detection and blocking should be able to stop these attacks, even after the criminals tweak their settings.

Kassner: As someone who is intimately familiar with antivirus technology what concerns you the most about the current malware versus antivirus situation? Edwards: While general attacks that affect everyone are a concern, targeted attacks are the real challenge facing providers of antivirus products.

Take these two scenarios as examples:

  • An attacker compromises a website and causes it to infect any visitor who loads the webpage. The malware that infects their PCs will steal bank details and other valuable personal information.
  • An attacker sends emails to senior managers who work in a particular area of industry. These emails contain links to an infected website that is of no or little interest to the general public. It may not even be indexed by a search engine.

In the first example, people will be infected. A few may report their experiences to a security firm, either by sending an email or by allowing their antivirus software to report back automatically.

The firm will then examine the threat and take steps to ensure that all of its customers are protected. It is common for antivirus companies to share this type of information with competitors, spreading the umbrella of protection across as many internet users as possible.

In the first example, the threat has a relatively short lifespan, because the threat affects many people, therefore quickly comes under the scrutiny of security professionals.

In contrast, the second example is a subtle threat. Only a few people are exposed to the targeted attack, and the downloaded files may never be noticed as being problematic.

Kassner: For those of us who aren't experts, yet interested in the process, could you explain what happens when a developer sends Dennis Technology Labs an antivirus program to be tested? Edwards: We take a forensic approach when testing antivirus software. We don't trust what the products claim. For example, if we visit an infected website and the product claims to have blocked it, we still check low-level details of the PC we are using to ensure that nothing has slipped by.

Sometimes a product will miss a threat to begin with. But, once the bad code is running on the system, the antivirus may kick in and remove it. We examine the extent of the impact the threat has before judging the product's effectiveness.

For example, did the threat run? If so, what changes did it make to the system? Did it steal any information? Are any important system files damaged or otherwise altered? Did it deactivate the antivirus software?

Kassner: Dennis Technology Labs belongs to AMTSO. Removing your AMTSO hat for now, what influence does AMTSO have on how you test antivirus products? Edwards: In pre-AMTSO days, when we tested antivirus software for Dennis Publishing's computer magazines there was no incentive to share any detailed information with the vendors. AMTSO changed our view on that.

By being transparent, and describing everything that our tests uncover, we not only establish that we are doing what we say we are, but we help antivirus vendors improve their products. This in turn helps consumers.

Kassner: I'd like you to put your AMTSO hat back on. When we look at any one of the myriad antivirus test reports, what should we look for? Edwards: There is a list of guidelines that AMTSO has published to answer that question. For me one of the things that jump out at me from a poor test is when the conclusions are at odds with the test data. For example, a test takes a selection of exploits and demonstrates that an antivirus product fails to detect them. It then concludes that antivirus is useless.

It may be fair to conclude the product has limited exploit detection, or that its offline file scanner is sub-standard, but to write off the whole product (and sometimes these tests are used to write off the whole industry) is disingenuous.

It's fair to say there is no such thing as the perfect test but if you want a list of things with which to judge a test, you could use the AMTSO Fundamental Principles of Testing.

Kassner: I'm betting you are asked this all the time. But, I promised to include the question. What should we look for when shopping for antivirus products? Edwards: Consistency. It is all very well choosing a product that comes out on top of one test, but look at multiple tests from the same and different organizations. If two or three products consistently perform well, and in tests conducted by different testers using different methodologies; then it's likely a strong contender.

The same goes for products to avoid. If it consistently under-performs, even if it's free, avoid it.

Final thoughts

Don't worry; I'm not going to use my CYA statement this time. We all know that AV software is not the end-all solution. It's a Band-Aid. But -- and help me out here -- what are we going to do in the mean time?

Thank you, Simon for shedding light on a complex problem, and providing insight in how to make sure our current solution is working correctly.

About

Information is my field...Writing is my passion...Coupling the two is my mission.

58 comments
enetfix
enetfix

I think this is one of the most vital information for me. And i am glad studying your article. Thank you for your such a great article.

JCitizen
JCitizen

we are close to getting rid of AV. I don't and won't - but increasingly in honeypot tests. The limited rights account and Internet Explorer 9 have kept around 85% of all attacks off my honeypot in the first place. I have to blow through a lot of UAC, DEP, or ASLR protections before I can let my AV/AM solution have a go at it. Lately junk email accounts bypass this with malware riddled spam, but as Chad said, if your email client or webmail is worth anything, they will block most of that too. I always assume the user knows not to click on fake alerts or fall for other social engineering; so for the sake of argument - I'm ignoring that factor - especially since no OS or security can withstand stupid. I keep finding new ways to improve the built in Microsoft features, and add new ones to make this defense work even better. I recently discovered invoking Parental Controls to applications, creates a whitelist of applications on a clean PC, and alerts to any new ones butting in on the limited account session. Also EMET 3.0 is another mitigation tool that can help prevent applications that may not be modern or properly hardened to modern operating environments. This can go a long way to help block zero day exploits on java and flash vulnerabilities. As long as you run as a limited user and use these tools and any new ones showing up, and were a careful about where you go on the internet - I could ALMOST say you might get away without any anti-virus. It might be more practical to use a product based on the same technology as [b]steady state[/b] to put your system back to normal on each reboot - however what about session riders? Well you really could take care of a lot of them by running CCleaner regularly - but that will not totally seal you against malware dangers. After all you can't be running the file cleaner function every time a page loads, and if you are banking, you run the risk of getting pwned. No Script is usually partially disabled on trusted sites, and, anymore, now, there is no such thing a totally trusted site - maybe not even some banks! Like Michael posted earlier, keeping the applications and operating system up do date would be a mandate for running like this. So for newbies, running File Hippo or Secunia PSI could avert some disasters. This still does not protect against session riding or other dangers in the browser during SSL sessions; but short of installing Rapport on the PC, you can always ditch Windows and use a Puppy Linux LiveCD and pretty much breath a sigh of relief. There goes the last reason to have AV on the machine at all. Even if you get hammered doing things this way, it only takes a short while to restore an image from backup, and continue on your merry way - providing no hardware was compromised in the mean time - ;)

sarahmsarah
sarahmsarah

I'm not much of a techie person so I can't really vouch as to whether this is true or not, but I always feel safer with my antivirus (Unthreat Antivirus) scanning my computer as it does seem to do a good job of finding threat and so on.

sarahmsarah
sarahmsarah

I've read quite a few articles talking about this issue but I don't know.. I always feel safer with my antivirus (Unthreat Antivirus) working even if it's doesn't block every possible threat as you say.

WKCook
WKCook

I think Craig_B is on the right track: Quoting Mr B: ...layers of security, good habits/educated safe computing, account separation, proper passwords/controls, anti-malware, update OS/apps, firewall and good backups. ...layers of protection reduces risks and offers the best protection and experience. Mr. B also mentioned "virtual machines/apps/live cds and sandbox apps" which is OK if you deal with this. Most people I know that aren't in IT have no idea what these are, let alone how to implement them. It would be nice if ISP's took a little more interest in our security (i.e. Proxy Service, configurable DNS, etc) Programs I use (My Layers): Bitdefender Antivirus Plus for malware; Subscribe to OpenDNS (OpenDNS.ORG); WOT (Web of Trust); Secunia Personal Software Inspector (PSI) at start-up to keep most of my programs up-to-date. Logon as a USER and use common sense. It would be interesting to hear what other Windows users are running. Thanks for the Article. It was good reading and generated some interesting discussion.

Finge
Finge

Am I missing something here? For Final Thoughts, a question posed ‘What do we do in the meantime?” The answer or next statement was basically “Thanks –see you later?” Almost like someone left that answer out and just closed the conversation. Must have been a typo but would’ve liked to know how he replied. Funny

emailadsspam
emailadsspam

The day I stop using an antivirus/antimalware/internet security program on my computer, you can call for a straightjacket.

Rick Sos
Rick Sos

I tried running two real time antivirus at once and started to get infected. Shutting one down fixed the problem. I run Avira real time and use Malwarebytes to do a second scan just to make sure. These are fine products as far i'm concerned because after many years they have kept my computer clean and fast. I'm sure the other antivirus products do a good job but every time I try them I end up going back to this system. One more trick that saved the day more than once is when I get an email I don't trust I use Linux to open it. Most of the time it was safe. It just saves a guys nerves from wondering should I have done that or should I do a scan ?

ringer1
ringer1

OS and viruses go hand in hand, if you get my drift, one industry supports the other, ya think?

Craig_B
Craig_B

I believe it is best to have layers of security, good habits/educated safe computing, account seperation, proper passwords/controls, anti-malware, update OS/apps, firewall and good backups. Additional things could be virtual machines/apps/live cds and sandbox apps. Combining layers of protection reduces risks and offers the best protection and experience.

shjacks45
shjacks45

Always like running critical software on non-consumer OS on unpopular hardware: AUX no 68K MACs, MKLinux or BeOS on Power MAC, Irix or NT on SGI MIPS, et al. Also restricted App Compat like OpenBSD or Red Hat. Aren't fertile for viruses.

Robiisan
Robiisan

As many of you do, I perform daily, weekly, and monthly maintenance on my system, no matter what else I have going on in my life. In response to Mr. Fix' comments about two AV programs running at the same time, in many respects I agree - they are resource hogs and often one will "detect" the other's signatures and such, and then it really gets hairy. The solution, I think, is to have several tools available for use, but keep only ONE running in real time. Personally, I use "Avast!" as my "always on" product. I've just found it to be more effective, for the threats I seem to encounter, than others. On a nightly basis, whenever I shut down for bed, I run the Windows bult-in "Disk Cleanup" and "Cleanup 4.5.2" to get rid of the more obvious drags on resources. On a weekly schedule, I MANUALLY run, in this sequence, "SuperAntiSpyware," "SpyBot S&D," "Malwarebytes," and then a manual scan with "Avast!" All manual scans are full system scans, not the so-called quick scans - I basically check everything I can. Before I leave "Avast!" I schedule a boot scan to check the system before anything significant can be loaded into memory. I follow this with a run through "CCleaner" - deleting the unnecessary files it looks for, cleaning the registry, and double-checking the start-up registry entries for unwanted installations. Finally, I do a defrag, using the WIndows product, since it now automatically does multiple passes. My monthly maintenance program includes all of the above except the boot scan, but run in safe mode. Then I do a backup to an external hard drive usually kept off-site. I used to run "Ad-Aware" in front of "SuperAntiSpyware," but Lavasoft changed it so that it was always trying to upgrade to the paid version, in spite of telling it "no" tens of times. It simply became too difficult to use. In spite of this regime, I have occasionally had to take the machine in to the scientists for a thorough deep cleaning and reset of things that got messed up by malware incursions. The good news is, those treatments have been rare and the regime (mostly) protects the machine. The overall point is similar to one you made in your article - none of the AV products out there can do it all. Each one looks for slightly different things in slightly different ways. So, to answer Mr. Fix' comment, run only one all the time, but perform manual scans with others on a regular cycle. And always update definitions and even applications as soon as there are new ones out there. The manufacturers are not trying to keep you occupied with new installations and patches, they are trying to keep our machines as clean as possible and provide relevant updates as the threat environment changes, which is usually on a daily basis. There, I think I'm done preaching to the choir. :-)

SabrinaS-e160e
SabrinaS-e160e

Presently am using comodo Internet Security which is enclosed with a powerfull and antivirus and firewall in it, From my opoint of view for using antivirus software alone you can go with internet security which has multiple features in it!

Mr. Fix
Mr. Fix

As counterintuitive as this may sound, GSG, your vulnerability to infection actually increases with the concurrent use of more than one real-time antivirus application. Understand that nothing threatens the demise of the AV industry more than the fact that real-time scanners have grown into such system resource hungry monsters that users are at the point that they would almost prefer a virus. Indeed, I had one senior client insist that I remove virus protection that I had installed for her as well as put all the viruses that I had removed BACK, as she said everything was slower now. Absurd but true! The fact remains, though, that it's quite enough to have one resource hungry monster application, adding yet another one to the equation will hardly improve matters. Remember: a virus's first order of business is to escape detection. Just think about how easy that is when your AV application lacks sufficient resources to do its job effectively and how easier still it is when 2 or more AV applications share control. It's like slipping past two burly club bouncers while they argue over control of the door.

Mr. Fix
Mr. Fix

Security software can never make up for the absence of good online habits and common sense. Marketing ads for antivirus products tend to lull consumers into a very dangerous false sense of security, In effect, what the consumer wants to hear is this: "Throw caution to the wind, our product will have your back." When their computer is infected, who do they blame? The antivirus application, of course, not the fact that they visited that porn site, opened that e-mail attachment, responded to that pop-up advertisement, etc. The utility was supposed to protect them!

Tony Hopkinson
Tony Hopkinson

the commercial reality is that all the big players want to run "code" on our machines for "our" benefit, and they definitely do not want to present us with a user experience where we have to vet each request to do so. It is what it is. All we can hope for is some people polite enough to provide halfway decent free software to manage the the deliberately created vectors into our systems.

Michael Kassner
Michael Kassner

The cost of AV financially and in computer resources is nominal if there is a chance it might prevent the stealing of anything you value.

apotheon
apotheon

I've visited some businesses (coffee shops, for instance) that I've visited who use OpenDNS for their DNS. While checking out their networks, I have observed that at times the service actually prevents me from securely connecting to some websites by intercepting the HTTPS traffic and essentially attempting a man in the middle attack on my session. The result is that certs do not agree with domains or with previously cached certs. This is not a problem if, as I generally prefer to do (apart from when I just want to see how their Internet service works or forget to start my SSH proxy), you use some kind of encrypted proxy to protect your traffic from local snooping, but much like the problem with most users not knowing about VMs, LiveCDs, and sanboxing applications, most people have no idea how to set up an SSH proxy, too. In short, I would not consider availing myself of the services of OpenDNS to be an effective security measure. Quite the opposite: I find the MITM-like operation of OpenDNS quite troubling from a privacy/security perspective. You mention "WOT". What web of trust, exactly, do you mean? Do you refer to using OpenPGP encryption for email privacy? Do you use MonkeySphere for HTTPS certificate validation (definitely a better idea than just trusting the CAs configured by default with most browser installs)? Do you refer to some other use of the web of trust model of public key or certificate authentication?

Michael Kassner
Michael Kassner

Make sure your OS and apps are up-to-date. That alone shuts the door on most exploits.

Michael Kassner
Michael Kassner

I was hoping you and other members would chime in with what you felt might be the answer. I find that some of the best potential solutions come from those in the trenches and battling this on a daily basis.

Tony Hopkinson
Tony Hopkinson

you have a list of potential suppliers available. :) Many other products of interest too. What's more it's free! My favourite was an email per week about sceptic tanks. I still have no clue why I was chosen as a target for that, but it's still slightly more relevant than increasing the size of my moobs. :(

apotheon
apotheon

If your email client renders HTML and runs JavaScript (or, worse, VBScript), you're doing it wrong. On top of that (as you seem to have discovered), running your email client in an environment that doesn't autorun everything it encounters offers additional protection. Unfortunately, the way the Linux developer community is going, you can probably expect autorun problems to become increasingly prevalent even on Linux-based systems in the future; you might consider switching to something like FreeBSD. I'd recommend avoiding the "solution" of only using webmail. It's not nearly the solution it appears to be. First, it renders in your browser, and malicious code in emails will increasingly assume the presence of a browser (or at least account for it) as a new target for malicious code in an email. Second, it doesn't solve the problem of malicious attachments at all. Third, it now introduces another party to the chain of trust in one way or another. Sure, the operator of a mail server could conceivably "eavesdrop" on plaintext emails that pass through it as easily as a webmail provider. If you're dealing with something sensitive enough that you can convince those with whom you're communicating to use encryption, though, you'll run into two problems with webmail: first, webmail often offers no way to deal with encryption, and second, even if it does offer such a thing, the email ends up getting decrypted on the server side so that the webmail service provider still gets to read all your emails -- and, on top of that, now knows which emails are particularly interesting (those that were encrypted, of course). Even without the encryption problem, though, webmail providers' business models are typically tied up in webs of data aggregation and sales to "partners", whereas those who simply provide mail servers for POP3 or IMAP access are generally operating solely on a service subscription model (though there are exceptions). I stick to local mail clients that can handle OpenPGP encryption and don't render HTML emails, running on FreeBSD. Most HTML emails come with a text-only version as well; those that don't are typically spam. This system serves me well.

Michael Kassner
Michael Kassner

That is one reason, why I use web-based email exclusively.

apotheon
apotheon

Some OSes focus on fixing the vulnerabilities that make various viruses possible. Others just let the AV handle it.

Michael Kassner
Michael Kassner

During my ten years of tech journalism, I have curiously asked those involved about your suggestion. I will say all the AV engineers I have met are dedicated to one end, eliminate malware.

Michael Kassner
Michael Kassner

I was going to mention the onion metaphor, but it fell to the wayside.

JCitizen
JCitizen

and you can no longer shut it off; so you have to go all in, with Lavasoft as your AV solution. The sad thing is - it was really the anti-malware component that made it worth buying, after Adaware 10, I had to drop it because of severe system instability.

Michael Kassner
Michael Kassner

I still feel that the single most important task it to make sure your OS and all applications are up-to-date.

Michael Kassner
Michael Kassner

I have MBAM Pro and Security Essentials working at the same time.

Michael Kassner
Michael Kassner

If there is a Zero-Day vulnerability on your computer and you went to the New York Times website recently, you could have gotten infected by a malicious ad network link.

GSG
GSG

But I've gotten malware. I've not visited any sites that are not reputable, I don't willy nilly click on a pop-up, I block pop-up, clear my cache on exit, use 2 AV scanners, both with real time protection, and don't click on links in email or facebook, etc... I still got a rather nasty infection with some malware. Luckily a trip over to malwarebytes, a nice cleaning in safe mode, and a few other tasks, got rid of it for me. I tracked my infection back to a reputable news site and reported to them what happened. So, the point is that you can do everything right, and still get malware on your machine. In that case, you do need some good AV software, and a few tools to help you get rid of it.

Tony Hopkinson
Tony Hopkinson

See Britney naked screensaver can lead to one or three problems, you are just as likely if not more likely to pick up a bad guy from a reputable site. I'm keeping a close eye on this one since they started banging all these dating , anime porn and weight loss ads all over it...

apotheon
apotheon

For an example of how to make antivirus software obsolete, look at what people in the BSD Unix communities do on the exceedingly rare occasion a new, dangerous virus pops up (exceedingly rare because this approach works so well): they identify the underlying vulnerability and eliminate it. By contrast, Microsoft leaves the vulnerability where it is more often than not, and farms out the need to deal with the new virus to the people maintaining antivirus software, so that the AV software has to detect the virus and disinfect the relevant files (or delete them). The end result of this is that you get specific viruses addressed in a half-arsed manner, but not the underlying vulnerability, so that next week or month or year someone comes up with a new virus that makes use of the same vulnerability, and the treadmill continues, creating a widespread perception that AV software is an indispensable reality under all circumstances. Thus is the "security" software industry supported by incredible expenditures every year. edit: Note that while Linux-based systems were once an excellent example of how to handle virus-exploited vulnerabilities, the direction the Linux software development community has taken in the last half-dozen years has eroded a lot of the potential for positive examples of how to handle security on Linux-based systems. I blame Mark Shuttleworth, Lennart Poettering, and the GNU project, in reverse-alphabetical order.

Michael Kassner
Michael Kassner

But that it was ineffective. I believe they are in the "remove vulnerability and everything will be okay" camp.

WKCook
WKCook

Secunia Personal Software Inspector (PSI) is my go-to app for software and OS updates. I still run Windows Update and subscribe to several security related newsletters to stay up-to-date but Secunia usually has my back. Check it out. Might make another good article! :)

Finge
Finge

For sure I was a sideline literal. My Apologies for my blank read. I lost 60 IQ points on that one. Now Im down to 10. I thought rhetoric didnt require an answer. I just do what I always do being retired from the corporate hardware/software boogie and still having many old wounds from assuming so chiming in off the cuff wasnt in my lineup of choices. I find it fun just doing a daily dive hard to give up, a habit shared with Scotty when he wasnt working on the Enterprise, reading technical journals. Your coax was clever. I'm still laughing. As for the subject matter? As long as a dollar is possible, therell always be those who want to see how bad, bad can get, and those reversing the technology looking for the preventive if not an actual cure/eliminator. Both will be around until judgment day.

apotheon
apotheon

Engineers aren't the decision-makers (they're the people who want to get things done), so I'm not sure that answers the question.

SkyNET32
SkyNET32

Might be a step up from the traditional signature-based anti-malware tools. invincea.com and the start-up bromium.com are using what they call micro-virtualization to encapsulate every process and program on your machine; you can allow any program to run but its running in an isolated container; they use (I'm not sure) something called 'write-cache copy' or whatever they call it; The malware will run unhindered but the software client (and it also has a hardware component) can analyze the code (even zero-day code) for them to see how it behaves, all the while the user can surf, open attachments, and documents with no degradation in user experience. I don't see that Bromium has a product out yet but Invincea does. My only concern is how do they keep malware from jumping out of the microVM.

Craig_B
Craig_B

It's my understanding that MBAM + AV is OK as they use different methods to scan files and don't cause problems with each other. If you use say MSE and McAfee then you most likely will run into issues.

Michael Kassner
Michael Kassner

I run MBAM constantly, and I suspect it has saved me on more than one occasion.

Michael Kassner
Michael Kassner

Reputable websites run ads, and the ad networks are not vetting the ads close enough. Until that happens, ad blockers are the order of the day.

Tony Hopkinson
Tony Hopkinson

say no commercial reason why it's going away. The vectors into our systems are commercially desirable. Running code client side is commercially desirable. Paying to fix all the holes in the software they provide to do the above is not... Technically achievable certainly, but there's no commercial drive to do that. Not from vendors and in the main not from consumers, most of the latter not even understanding the issues, unfortunately.

Finge
Finge

Interesting that many of you pros use the same thing I’ve been using for some time; a combination of Malwarebytes and AVG, but I never use the free versions of either although I’ve tried it many times. As to the conflicts, yes they can and do conflict somewhat depending on the browsing habits of the user, types of software on the system, and just general update and scan scheduling. I use the pro version of MWB in concert with AVG Internet Security Paid (to get the firewall). MBW is told not to check files, rather just monitor the browser and perform quick Scans. In the same token, AVG is told not to use its toolbar nor it’s PC Tuneup. I have other programs for that. So far, that combination along with setting their updating and scanning schedules so they don’t conflict with each other has proven to be a satisfactory combination, which I’ve chosen out of different combinations of AV monitors with Malwarebytes being the constant. So why not use Malwarebytes alone? Simple. No one program does the entire job at reasonable consumer price point. Only some enterprise programs are a single act but for the user, they are a technical nightmare, sometimes even for the techs. I a combination of friends and family machines, all part of a LogMeIn list of non profits which includes many who can’t either afford such luxuries, or are somehow prevented from helping with the physical upkeep because of a medical condition, age, eyesight, etc. I also do some special vets, being a vet myself. I turn 65 this year and I’m still peckin keys for the underdog. I do have some out there using Viper, Kaspersky, and of course Microsoft Essentials among others. Malwarebytes with Viper or Kaspersky don’t get along and although you can force some settings, it’s not a good idea. I’ve tried AVG free against Malwarebytes Paid and although it does fair, the Paid version provides the Firewall which is major player in this combination. Other firewall programs? Well, it all boils down to training users what all the prompts mean. Depending on the user’s habits dictates the settings for all the security. As for corporate, if price is a problem, pay for Malwarebytes and get the lifetime updates, and use the paid version of AVG Internet Security with logical options selected during install. Just don’t just give it it’s head on the install and hope for the best; and don’t forget to tell AVG and MWB to leave each other alone. Here are a couple notes. AVG's firewall will not block LMI during a remote AVG install. That’s a major. It’s also a major that if there’s a situation where the user unknowingly gave permissions via viral trickery which infected the computer disabling AVG and MWB, Malwarebytes Chameleon process might help in that area if you can get at it, as many rogues are able to shut down MWB and AVG in the past, but leave LMI remote available. If Chameleon can’t help, LMI’s Advanced Option to force a restart into SafeMode with Networking offers the tech a viable recourse to go after the villain with MBW in safe mode. But I’ve seen this fail (remember I’m fighting via LMI remote). I always have an ace in the hole. The majority of machines I service, I’ve installed an auto cloner and a separate partition holding the clone(s) that I can call from safe mode or within Windows if I can get remote to the machine. I’ve had to use last resort option. Most of the machines I work on I pay for the security and other system tools, install and maintain via remote and/or onsite. I test the stuff on my machines, educate the users when I can, create some videos in some cases and that’s fixing to increase. Thank goodness for LMI, best free remote on the planet and always worthy of my recommendation to corporates that need it. Oh, and not to forget the TR crew and members for their valuable input. (2 cents from a grey hair).

Mr. Fix
Mr. Fix

The success of the malware industry has not escaped the attention of entities with vast resources that could care less about its profitability. Cyber-terrorism, for example, is a clear and present threat to international security and our global economy and its sophistication indeed renders current remedies absolutely useless, as Michael Kassner rightly noted in his introduction. As for Finge's closing remark, "Both will be around until judgment day" - that, too, is the very objective of some, lest we forget.

Michael Kassner
Michael Kassner

I appreciate your comments. I pay attention to them as they make me a better writer.

RipVan
RipVan

Yes, I used to know people who use 2 scanners, but they turned one off to run the other. Maybe GSG goes into one of them and excludes the other. Then again, if the program itself is excluded, it may not exclude other files it tries to alter or quarentine! A mess, for sure... Edited for speeling

Michael Kassner
Michael Kassner

I would be hard pressed to decide which to keep if it didn't. I have written about MBAM often enough to know it does the lion's share of keeping me safe.

apotheon
apotheon

Yeah, the guys who thought I was an MS fanboy (what?) or a "commie" (What?!) were a riot sometimes. Even better were those who knew I was neither and just thought I was being paid by someone who was, err, maybe in the Linux community or something, to trash MS (WHAT?!). I have my own opinions about which writers are worth anything at TR, of course -- and I suspect there's some overlap with your list. I didn't think I was anything spectacular, myself. I thought I was maybe the second best contributor for TR, but only because the competition was so tough -- and TR's contributors were even better than most sites' writers.

Tony Hopkinson
Tony Hopkinson

Most of those moved in to responding to your stuff already knew you were wrong. Those who didn't know you were a commie and an MS fanboy, went away an thought about it, then forgot to come back and acknowledge you taught them something. As far as I'm concerned you were one the 4.5 official posters on here worth a damn in terms of content, instead of generating traffic anyway.

apotheon
apotheon

I used to try to educate the users by way of some articles here at TR, but I'm not sure I made much of an impact when all is said and done.