anti virus is good for all security system because we don't know which virus daily going to update thats y we have to install licensed anti virus with updated other wise data loss as per hardware failure also included
regards
tech team B N G
Discussion on:
View:
Show:
I appreciate learning about your use of antivirus software.
the commercial reality is that all the big players want to run "code" on our machines for "our" benefit, and they definitely do not want to present us with a user experience where we have to vet each request to do so.
It is what it is. All we can hope for is some people polite enough to provide halfway decent free software to manage the the deliberately created vectors into our systems.
It is what it is. All we can hope for is some people polite enough to provide halfway decent free software to manage the the deliberately created vectors into our systems.
But that it was ineffective. I believe they are in the "remove vulnerability and everything will be okay" camp.
For an example of how to make antivirus software obsolete, look at what people in the BSD Unix communities do on the exceedingly rare occasion a new, dangerous virus pops up (exceedingly rare because this approach works so well): they identify the underlying vulnerability and eliminate it.
By contrast, Microsoft leaves the vulnerability where it is more often than not, and farms out the need to deal with the new virus to the people maintaining antivirus software, so that the AV software has to detect the virus and disinfect the relevant files (or delete them). The end result of this is that you get specific viruses addressed in a half-arsed manner, but not the underlying vulnerability, so that next week or month or year someone comes up with a new virus that makes use of the same vulnerability, and the treadmill continues, creating a widespread perception that AV software is an indispensable reality under all circumstances. Thus is the "security" software industry supported by incredible expenditures every year.
edit: Note that while Linux-based systems were once an excellent example of how to handle virus-exploited vulnerabilities, the direction the Linux software development community has taken in the last half-dozen years has eroded a lot of the potential for positive examples of how to handle security on Linux-based systems.
I blame Mark Shuttleworth, Lennart Poettering, and the GNU project, in reverse-alphabetical order.
By contrast, Microsoft leaves the vulnerability where it is more often than not, and farms out the need to deal with the new virus to the people maintaining antivirus software, so that the AV software has to detect the virus and disinfect the relevant files (or delete them). The end result of this is that you get specific viruses addressed in a half-arsed manner, but not the underlying vulnerability, so that next week or month or year someone comes up with a new virus that makes use of the same vulnerability, and the treadmill continues, creating a widespread perception that AV software is an indispensable reality under all circumstances. Thus is the "security" software industry supported by incredible expenditures every year.
edit: Note that while Linux-based systems were once an excellent example of how to handle virus-exploited vulnerabilities, the direction the Linux software development community has taken in the last half-dozen years has eroded a lot of the potential for positive examples of how to handle security on Linux-based systems.
I blame Mark Shuttleworth, Lennart Poettering, and the GNU project, in reverse-alphabetical order.
say no commercial reason why it's going away.
The vectors into our systems are commercially desirable.
Running code client side is commercially desirable.
Paying to fix all the holes in the software they provide to do the above is not...
Technically achievable certainly, but there's no commercial drive to do that. Not from vendors and in the main not from consumers, most of the latter not even understanding the issues, unfortunately.
The vectors into our systems are commercially desirable.
Running code client side is commercially desirable.
Paying to fix all the holes in the software they provide to do the above is not...
Technically achievable certainly, but there's no commercial drive to do that. Not from vendors and in the main not from consumers, most of the latter not even understanding the issues, unfortunately.
I used to try to educate the users by way of some articles here at TR, but I'm not sure I made much of an impact when all is said and done.
Most of those moved in to responding to your stuff already knew you were wrong.
Those who didn't know you were a commie and an MS fanboy, went away an thought about it, then forgot to come back and acknowledge you taught them something.
As far as I'm concerned you were one the 4.5 official posters on here worth a damn in terms of content, instead of generating traffic anyway.
Those who didn't know you were a commie and an MS fanboy, went away an thought about it, then forgot to come back and acknowledge you taught them something.
As far as I'm concerned you were one the 4.5 official posters on here worth a damn in terms of content, instead of generating traffic anyway.
Yeah, the guys who thought I was an MS fanboy (what?) or a "commie" (What?!) were a riot sometimes. Even better were those who knew I was neither and just thought I was being paid by someone who was, err, maybe in the Linux community or something, to trash MS (WHAT?!).
I have my own opinions about which writers are worth anything at TR, of course -- and I suspect there's some overlap with your list.
I didn't think I was anything spectacular, myself. I thought I was maybe the second best contributor for TR, but only because the competition was so tough -- and TR's contributors were even better than most sites' writers.
I have my own opinions about which writers are worth anything at TR, of course -- and I suspect there's some overlap with your list.
I didn't think I was anything spectacular, myself. I thought I was maybe the second best contributor for TR, but only because the competition was so tough -- and TR's contributors were even better than most sites' writers.
Security software can never make up for the absence of good online habits and common sense. Marketing ads for antivirus products tend to lull consumers into a very dangerous false sense of security, In effect, what the consumer wants to hear is this: "Throw caution to the wind, our product will have your back." When their computer is infected, who do they blame? The antivirus application, of course, not the fact that they visited that porn site, opened that e-mail attachment, responded to that pop-up advertisement, etc. The utility was supposed to protect them!
See Britney naked screensaver can lead to one or three problems, you are just as likely if not more likely to pick up a bad guy from a reputable site. I'm keeping a close eye on this one since they started banging all these dating , anime porn and weight loss ads all over it...
Reputable websites run ads, and the ad networks are not vetting the ads close enough. Until that happens, ad blockers are the order of the day.
But I've gotten malware. I've not visited any sites that are not reputable, I don't willy nilly click on a pop-up, I block pop-up, clear my cache on exit, use 2 AV scanners, both with real time protection, and don't click on links in email or facebook, etc...
I still got a rather nasty infection with some malware. Luckily a trip over to malwarebytes, a nice cleaning in safe mode, and a few other tasks, got rid of it for me.
I tracked my infection back to a reputable news site and reported to them what happened. So, the point is that you can do everything right, and still get malware on your machine. In that case, you do need some good AV software, and a few tools to help you get rid of it.
I still got a rather nasty infection with some malware. Luckily a trip over to malwarebytes, a nice cleaning in safe mode, and a few other tasks, got rid of it for me.
I tracked my infection back to a reputable news site and reported to them what happened. So, the point is that you can do everything right, and still get malware on your machine. In that case, you do need some good AV software, and a few tools to help you get rid of it.
I run MBAM constantly, and I suspect it has saved me on more than one occasion.
If there is a Zero-Day vulnerability on your computer and you went to the New York Times website recently, you could have gotten infected by a malicious ad network link.
As counterintuitive as this may sound, GSG, your vulnerability to infection actually increases with the concurrent use of more than one real-time antivirus application. Understand that nothing threatens the demise of the AV industry more than the fact that real-time scanners have grown into such system resource hungry monsters that users are at the point that they would almost prefer a virus. Indeed, I had one senior client insist that I remove virus protection that I had installed for her as well as put all the viruses that I had removed BACK, as she said everything was slower now. Absurd but true! The fact remains, though, that it's quite enough to have one resource hungry monster application, adding yet another one to the equation will hardly improve matters. Remember: a virus's first order of business is to escape detection. Just think about how easy that is when your AV application lacks sufficient resources to do its job effectively and how easier still it is when 2 or more AV applications share control. It's like slipping past two burly club bouncers while they argue over control of the door.
I have MBAM Pro and Security Essentials working at the same time.
It's my understanding that MBAM + AV is OK as they use different methods to scan files and don't cause problems with each other. If you use say MSE and McAfee then you most likely will run into issues.
I would be hard pressed to decide which to keep if it didn't. I have written about MBAM often enough to know it does the lion's share of keeping me safe.
Yes, I used to know people who use 2 scanners, but they turned one off to run the other. Maybe GSG goes into one of them and excludes the other. Then again, if the program itself is excluded, it may not exclude other files it tries to alter or quarentine!
A mess, for sure...
Edited for speeling
A mess, for sure...
Edited for speeling
Presently am using comodo Internet Security which is enclosed with a powerfull and antivirus and firewall in it, From my opoint of view for using antivirus software alone you can go with internet security which has multiple features in it!
As many of you do, I perform daily, weekly, and monthly maintenance on my system, no matter what else I have going on in my life. In response to Mr. Fix' comments about two AV programs running at the same time, in many respects I agree - they are resource hogs and often one will "detect" the other's signatures and such, and then it really gets hairy. The solution, I think, is to have several tools available for use, but keep only ONE running in real time.
Personally, I use "Avast!" as my "always on" product. I've just found it to be more effective, for the threats I seem to encounter, than others.
On a nightly basis, whenever I shut down for bed, I run the Windows bult-in "Disk Cleanup" and "Cleanup 4.5.2" to get rid of the more obvious drags on resources. On a weekly schedule, I MANUALLY run, in this sequence, "SuperAntiSpyware," "SpyBot S&D," "Malwarebytes," and then a manual scan with "Avast!" All manual scans are full system scans, not the so-called quick scans - I basically check everything I can. Before I leave "Avast!" I schedule a boot scan to check the system before anything significant can be loaded into memory. I follow this with a run through "CCleaner" - deleting the unnecessary files it looks for, cleaning the registry, and double-checking the start-up registry entries for unwanted installations. Finally, I do a defrag, using the WIndows product, since it now automatically does multiple passes.
My monthly maintenance program includes all of the above except the boot scan, but run in safe mode. Then I do a backup to an external hard drive usually kept off-site.
I used to run "Ad-Aware" in front of "SuperAntiSpyware," but Lavasoft changed it so that it was always trying to upgrade to the paid version, in spite of telling it "no" tens of times. It simply became too difficult to use.
In spite of this regime, I have occasionally had to take the machine in to the scientists for a thorough deep cleaning and reset of things that got messed up by malware incursions. The good news is, those treatments have been rare and the regime (mostly) protects the machine.
The overall point is similar to one you made in your article - none of the AV products out there can do it all. Each one looks for slightly different things in slightly different ways. So, to answer Mr. Fix' comment, run only one all the time, but perform manual scans with others on a regular cycle. And always update definitions and even applications as soon as there are new ones out there. The manufacturers are not trying to keep you occupied with new installations and patches, they are trying to keep our machines as clean as possible and provide relevant updates as the threat environment changes, which is usually on a daily basis.
There, I think I'm done preaching to the choir.
Personally, I use "Avast!" as my "always on" product. I've just found it to be more effective, for the threats I seem to encounter, than others.
On a nightly basis, whenever I shut down for bed, I run the Windows bult-in "Disk Cleanup" and "Cleanup 4.5.2" to get rid of the more obvious drags on resources. On a weekly schedule, I MANUALLY run, in this sequence, "SuperAntiSpyware," "SpyBot S&D," "Malwarebytes," and then a manual scan with "Avast!" All manual scans are full system scans, not the so-called quick scans - I basically check everything I can. Before I leave "Avast!" I schedule a boot scan to check the system before anything significant can be loaded into memory. I follow this with a run through "CCleaner" - deleting the unnecessary files it looks for, cleaning the registry, and double-checking the start-up registry entries for unwanted installations. Finally, I do a defrag, using the WIndows product, since it now automatically does multiple passes.
My monthly maintenance program includes all of the above except the boot scan, but run in safe mode. Then I do a backup to an external hard drive usually kept off-site.
I used to run "Ad-Aware" in front of "SuperAntiSpyware," but Lavasoft changed it so that it was always trying to upgrade to the paid version, in spite of telling it "no" tens of times. It simply became too difficult to use.
In spite of this regime, I have occasionally had to take the machine in to the scientists for a thorough deep cleaning and reset of things that got messed up by malware incursions. The good news is, those treatments have been rare and the regime (mostly) protects the machine.
The overall point is similar to one you made in your article - none of the AV products out there can do it all. Each one looks for slightly different things in slightly different ways. So, to answer Mr. Fix' comment, run only one all the time, but perform manual scans with others on a regular cycle. And always update definitions and even applications as soon as there are new ones out there. The manufacturers are not trying to keep you occupied with new installations and patches, they are trying to keep our machines as clean as possible and provide relevant updates as the threat environment changes, which is usually on a daily basis.
There, I think I'm done preaching to the choir.
I still feel that the single most important task it to make sure your OS and all applications are up-to-date.
and you can no longer shut it off; so you have to go all in, with Lavasoft as your AV solution. The sad thing is - it was really the anti-malware component that made it worth buying, after Adaware 10, I had to drop it because of severe system instability.
Always like running critical software on non-consumer OS on unpopular hardware: AUX no 68K MACs, MKLinux or BeOS on Power MAC, Irix or NT on SGI MIPS, et al. Also restricted App Compat like OpenBSD or Red Hat. Aren't fertile for viruses.
I believe it is best to have layers of security, good habits/educated safe computing, account seperation, proper passwords/controls, anti-malware, update OS/apps, firewall and good backups. Additional things could be virtual machines/apps/live cds and sandbox apps. Combining layers of protection reduces risks and offers the best protection and experience.
I was going to mention the onion metaphor, but it fell to the wayside.
Might be a step up from the traditional signature-based anti-malware tools.
invincea.com and the start-up bromium.com are using what they call micro-virtualization to encapsulate every process and program on your machine; you can allow any program to run but its running in an isolated container; they use (I'm not sure) something called 'write-cache copy' or whatever they call it; The malware will run unhindered but the software client (and it also has a hardware component) can analyze the code (even zero-day code) for them to see how it behaves, all the while the user can surf, open attachments, and documents with no degradation in user experience. I don't see that Bromium has a product out yet but Invincea does. My only concern is how do they keep malware from jumping out of the microVM.
invincea.com and the start-up bromium.com are using what they call micro-virtualization to encapsulate every process and program on your machine; you can allow any program to run but its running in an isolated container; they use (I'm not sure) something called 'write-cache copy' or whatever they call it; The malware will run unhindered but the software client (and it also has a hardware component) can analyze the code (even zero-day code) for them to see how it behaves, all the while the user can surf, open attachments, and documents with no degradation in user experience. I don't see that Bromium has a product out yet but Invincea does. My only concern is how do they keep malware from jumping out of the microVM.
OS and viruses go hand in hand, if you get my drift, one industry supports the other, ya think?
During my ten years of tech journalism, I have curiously asked those involved about your suggestion. I will say all the AV engineers I have met are dedicated to one end, eliminate malware.
Engineers aren't the decision-makers (they're the people who want to get things done), so I'm not sure that answers the question.
Some OSes focus on fixing the vulnerabilities that make various viruses possible. Others just let the AV handle it.
I tried running two real time antivirus at once and started to get infected. Shutting one down fixed the problem. I run Avira real time and use Malwarebytes to do a second scan just to make sure. These are fine products as far i'm concerned because after many years they have kept my computer clean and fast. I'm sure the other antivirus products do a good job but every time I try them I end up going back to this system.
One more trick that saved the day more than once is when I get an email I don't trust I use Linux to open it. Most of the time it was safe. It just saves a guys nerves from wondering should I have done that or should I do a scan ?
One more trick that saved the day more than once is when I get an email I don't trust I use Linux to open it. Most of the time it was safe. It just saves a guys nerves from wondering should I have done that or should I do a scan ?
If your email client renders HTML and runs JavaScript (or, worse, VBScript), you're doing it wrong. On top of that (as you seem to have discovered), running your email client in an environment that doesn't autorun everything it encounters offers additional protection. Unfortunately, the way the Linux developer community is going, you can probably expect autorun problems to become increasingly prevalent even on Linux-based systems in the future; you might consider switching to something like FreeBSD.
I'd recommend avoiding the "solution" of only using webmail. It's not nearly the solution it appears to be. First, it renders in your browser, and malicious code in emails will increasingly assume the presence of a browser (or at least account for it) as a new target for malicious code in an email. Second, it doesn't solve the problem of malicious attachments at all. Third, it now introduces another party to the chain of trust in one way or another.
Sure, the operator of a mail server could conceivably "eavesdrop" on plaintext emails that pass through it as easily as a webmail provider. If you're dealing with something sensitive enough that you can convince those with whom you're communicating to use encryption, though, you'll run into two problems with webmail: first, webmail often offers no way to deal with encryption, and second, even if it does offer such a thing, the email ends up getting decrypted on the server side so that the webmail service provider still gets to read all your emails -- and, on top of that, now knows which emails are particularly interesting (those that were encrypted, of course). Even without the encryption problem, though, webmail providers' business models are typically tied up in webs of data aggregation and sales to "partners", whereas those who simply provide mail servers for POP3 or IMAP access are generally operating solely on a service subscription model (though there are exceptions).
I stick to local mail clients that can handle OpenPGP encryption and don't render HTML emails, running on FreeBSD. Most HTML emails come with a text-only version as well; those that don't are typically spam. This system serves me well.
I'd recommend avoiding the "solution" of only using webmail. It's not nearly the solution it appears to be. First, it renders in your browser, and malicious code in emails will increasingly assume the presence of a browser (or at least account for it) as a new target for malicious code in an email. Second, it doesn't solve the problem of malicious attachments at all. Third, it now introduces another party to the chain of trust in one way or another.
Sure, the operator of a mail server could conceivably "eavesdrop" on plaintext emails that pass through it as easily as a webmail provider. If you're dealing with something sensitive enough that you can convince those with whom you're communicating to use encryption, though, you'll run into two problems with webmail: first, webmail often offers no way to deal with encryption, and second, even if it does offer such a thing, the email ends up getting decrypted on the server side so that the webmail service provider still gets to read all your emails -- and, on top of that, now knows which emails are particularly interesting (those that were encrypted, of course). Even without the encryption problem, though, webmail providers' business models are typically tied up in webs of data aggregation and sales to "partners", whereas those who simply provide mail servers for POP3 or IMAP access are generally operating solely on a service subscription model (though there are exceptions).
I stick to local mail clients that can handle OpenPGP encryption and don't render HTML emails, running on FreeBSD. Most HTML emails come with a text-only version as well; those that don't are typically spam. This system serves me well.
The day I stop using an antivirus/antimalware/internet security program on my computer, you can call for a straightjacket.
you have a list of potential suppliers available.
Many other products of interest too. What's more it's free!
My favourite was an email per week about sceptic tanks. I still have no clue why I was chosen as a target for that, but it's still slightly more relevant than increasing the size of my moobs.
Many other products of interest too. What's more it's free!
My favourite was an email per week about sceptic tanks. I still have no clue why I was chosen as a target for that, but it's still slightly more relevant than increasing the size of my moobs.
Am I missing something here? For Final Thoughts, a question posed What do we do in the meantime? The answer or next statement was basically Thanks see you later? Almost like someone left that answer out and just closed the conversation. Must have been a typo but wouldve liked to know how he replied. Funny
I was hoping you and other members would chime in with what you felt might be the answer. I find that some of the best potential solutions come from those in the trenches and battling this on a daily basis.
For sure I was a sideline literal. My Apologies for my blank read. I lost 60 IQ points on that one. Now Im down to 10. I thought rhetoric didnt require an answer. I just do what I always do being retired from the corporate hardware/software boogie and still having many old wounds from assuming so chiming in off the cuff wasnt in my lineup of choices. I find it fun just doing a daily dive hard to give up, a habit shared with Scotty when he wasnt working on the Enterprise, reading technical journals. Your coax was clever. I'm still laughing. As for the subject matter? As long as a dollar is possible, therell always be those who want to see how bad, bad can get, and those reversing the technology looking for the preventive if not an actual cure/eliminator. Both will be around until judgment day.
I appreciate your comments. I pay attention to them as they make me a better writer.
Interesting that many of you pros use the same thing Ive been using for some time; a combination of Malwarebytes and AVG, but I never use the free versions of either although Ive tried it many times. As to the conflicts, yes they can and do conflict somewhat depending on the browsing habits of the user, types of software on the system, and just general update and scan scheduling. I use the pro version of MWB in concert with AVG Internet Security Paid (to get the firewall). MBW is told not to check files, rather just monitor the browser and perform quick Scans. In the same token, AVG is told not to use its toolbar nor its PC Tuneup. I have other programs for that. So far, that combination along with setting their updating and scanning schedules so they dont conflict with each other has proven to be a satisfactory combination, which Ive chosen out of different combinations of AV monitors with Malwarebytes being the constant. So why not use Malwarebytes alone? Simple. No one program does the entire job at reasonable consumer price point. Only some enterprise programs are a single act but for the user, they are a technical nightmare, sometimes even for the techs. I a combination of friends and family machines, all part of a LogMeIn list of non profits which includes many who cant either afford such luxuries, or are somehow prevented from helping with the physical upkeep because of a medical condition, age, eyesight, etc. I also do some special vets, being a vet myself. I turn 65 this year and Im still peckin keys for the underdog. I do have some out there using Viper, Kaspersky, and of course Microsoft Essentials among others. Malwarebytes with Viper or Kaspersky dont get along and although you can force some settings, its not a good idea. Ive tried AVG free against Malwarebytes Paid and although it does fair, the Paid version provides the Firewall which is major player in this combination. Other firewall programs? Well, it all boils down to training users what all the prompts mean. Depending on the users habits dictates the settings for all the security. As for corporate, if price is a problem, pay for Malwarebytes and get the lifetime updates, and use the paid version of AVG Internet Security with logical options selected during install. Just dont just give it its head on the install and hope for the best; and dont forget to tell AVG and MWB to leave each other alone. Here are a couple notes. AVG's firewall will not block LMI during a remote AVG install. Thats a major. Its also a major that if theres a situation where the user unknowingly gave permissions via viral trickery which infected the computer disabling AVG and MWB, Malwarebytes Chameleon process might help in that area if you can get at it, as many rogues are able to shut down MWB and AVG in the past, but leave LMI remote available. If Chameleon cant help, LMIs Advanced Option to force a restart into SafeMode with Networking offers the tech a viable recourse to go after the villain with MBW in safe mode. But Ive seen this fail (remember Im fighting via LMI remote). I always have an ace in the hole. The majority of machines I service, Ive installed an auto cloner and a separate partition holding the clone(s) that I can call from safe mode or within Windows if I can get remote to the machine. Ive had to use last resort option. Most of the machines I work on I pay for the security and other system tools, install and maintain via remote and/or onsite. I test the stuff on my machines, educate the users when I can, create some videos in some cases and thats fixing to increase. Thank goodness for LMI, best free remote on the planet and always worthy of my recommendation to corporates that need it. Oh, and not to forget the TR crew and members for their valuable input. (2 cents from a grey hair).
The success of the malware industry has not escaped the attention of entities with vast resources that could care less about its profitability. Cyber-terrorism, for example, is a clear and present threat to international security and our global economy and its sophistication indeed renders current remedies absolutely useless, as Michael Kassner rightly noted in his introduction. As for Finge's closing remark, "Both will be around until judgment day" - that, too, is the very objective of some, lest we forget.
I think Craig_B is on the right track: Quoting Mr B:
...layers of security, good habits/educated safe computing, account separation, proper passwords/controls, anti-malware, update OS/apps, firewall and good backups.
...layers of protection reduces risks and offers the best protection and experience.
Mr. B also mentioned "virtual machines/apps/live cds and sandbox apps" which is OK if you deal with this. Most people I know that aren't in IT have no idea what these are, let alone how to implement them.
It would be nice if ISP's took a little more interest in our security (i.e. Proxy Service, configurable DNS, etc)
Programs I use (My Layers):
Bitdefender Antivirus Plus for malware; Subscribe to OpenDNS (OpenDNS.ORG); WOT (Web of Trust); Secunia Personal Software Inspector (PSI) at start-up to keep most of my programs up-to-date.
Logon as a USER and use common sense.
It would be interesting to hear what other Windows users are running.
Thanks for the Article. It was good reading and generated some interesting discussion.
...layers of security, good habits/educated safe computing, account separation, proper passwords/controls, anti-malware, update OS/apps, firewall and good backups.
...layers of protection reduces risks and offers the best protection and experience.
Mr. B also mentioned "virtual machines/apps/live cds and sandbox apps" which is OK if you deal with this. Most people I know that aren't in IT have no idea what these are, let alone how to implement them.
It would be nice if ISP's took a little more interest in our security (i.e. Proxy Service, configurable DNS, etc)
Programs I use (My Layers):
Bitdefender Antivirus Plus for malware; Subscribe to OpenDNS (OpenDNS.ORG); WOT (Web of Trust); Secunia Personal Software Inspector (PSI) at start-up to keep most of my programs up-to-date.
Logon as a USER and use common sense.
It would be interesting to hear what other Windows users are running.
Thanks for the Article. It was good reading and generated some interesting discussion.
Make sure your OS and apps are up-to-date. That alone shuts the door on most exploits.
- Keyboard Shortcuts:
- Prev
- Next
- Toggle
