Discussion on:

The end of antivirus software? Not so fast

anti virus is good for all security system because we don't know which virus daily going to update thats y we have to install licensed anti virus with updated other wise data loss as per hardware failure also included

regards

tech team B N G

the commercial reality is that all the big players want to run "code" on our machines for "our" benefit, and they definitely do not want to present us with a user experience where we have to vet each request to do so.
It is what it is. All we can hope for is some people polite enough to provide halfway decent free software to manage the the deliberately created vectors into our systems.

But that it was ineffective. I believe they are in the "remove vulnerability and everything will be okay" camp.

For an example of how to make antivirus software obsolete, look at what people in the BSD Unix communities do on the exceedingly rare occasion a new, dangerous virus pops up (exceedingly rare because this approach works so well): they identify the underlying vulnerability and eliminate it.

By contrast, Microsoft leaves the vulnerability where it is more often than not, and farms out the need to deal with the new virus to the people maintaining antivirus software, so that the AV software has to detect the virus and disinfect the relevant files (or delete them). The end result of this is that you get specific viruses addressed in a half-arsed manner, but not the underlying vulnerability, so that next week or month or year someone comes up with a new virus that makes use of the same vulnerability, and the treadmill continues, creating a widespread perception that AV software is an indispensable reality under all circumstances. Thus is the "security" software industry supported by incredible expenditures every year.

edit: Note that while Linux-based systems were once an excellent example of how to handle virus-exploited vulnerabilities, the direction the Linux software development community has taken in the last half-dozen years has eroded a lot of the potential for positive examples of how to handle security on Linux-based systems.

I blame Mark Shuttleworth, Lennart Poettering, and the GNU project, in reverse-alphabetical order.

say no commercial reason why it's going away.

The vectors into our systems are commercially desirable.
Running code client side is commercially desirable.
Paying to fix all the holes in the software they provide to do the above is not...

Technically achievable certainly, but there's no commercial drive to do that. Not from vendors and in the main not from consumers, most of the latter not even understanding the issues, unfortunately.

I used to try to educate the users by way of some articles here at TR, but I'm not sure I made much of an impact when all is said and done.

Most of those moved in to responding to your stuff already knew you were wrong.
Those who didn't know you were a commie and an MS fanboy, went away an thought about it, then forgot to come back and acknowledge you taught them something.
As far as I'm concerned you were one the 4.5 official posters on here worth a damn in terms of content, instead of generating traffic anyway.

Security software can never make up for the absence of good online habits and common sense. Marketing ads for antivirus products tend to lull consumers into a very dangerous false sense of security, In effect, what the consumer wants to hear is this: "Throw caution to the wind, our product will have your back." When their computer is infected, who do they blame? The antivirus application, of course, not the fact that they visited that porn site, opened that e-mail attachment, responded to that pop-up advertisement, etc. The utility was supposed to protect them!

See Britney naked screensaver can lead to one or three problems, you are just as likely if not more likely to pick up a bad guy from a reputable site. I'm keeping a close eye on this one since they started banging all these dating , anime porn and weight loss ads all over it...

Reputable websites run ads, and the ad networks are not vetting the ads close enough. Until that happens, ad blockers are the order of the day.

But I've gotten malware. I've not visited any sites that are not reputable, I don't willy nilly click on a pop-up, I block pop-up, clear my cache on exit, use 2 AV scanners, both with real time protection, and don't click on links in email or facebook, etc...

I still got a rather nasty infection with some malware. Luckily a trip over to malwarebytes, a nice cleaning in safe mode, and a few other tasks, got rid of it for me.

I tracked my infection back to a reputable news site and reported to them what happened. So, the point is that you can do everything right, and still get malware on your machine. In that case, you do need some good AV software, and a few tools to help you get rid of it.

I run MBAM constantly, and I suspect it has saved me on more than one occasion.

As counterintuitive as this may sound, GSG, your vulnerability to infection actually increases with the concurrent use of more than one real-time antivirus application. Understand that nothing threatens the demise of the AV industry more than the fact that real-time scanners have grown into such system resource hungry monsters that users are at the point that they would almost prefer a virus. Indeed, I had one senior client insist that I remove virus protection that I had installed for her as well as put all the viruses that I had removed BACK, as she said everything was slower now. Absurd but true! The fact remains, though, that it's quite enough to have one resource hungry monster application, adding yet another one to the equation will hardly improve matters. Remember: a virus's first order of business is to escape detection. Just think about how easy that is when your AV application lacks sufficient resources to do its job effectively and how easier still it is when 2 or more AV applications share control. It's like slipping past two burly club bouncers while they argue over control of the door.

I have MBAM Pro and Security Essentials working at the same time.

It's my understanding that MBAM + AV is OK as they use different methods to scan files and don't cause problems with each other. If you use say MSE and McAfee then you most likely will run into issues.

I would be hard pressed to decide which to keep if it didn't. I have written about MBAM often enough to know it does the lion's share of keeping me safe.

Presently am using comodo Internet Security which is enclosed with a powerfull and antivirus and firewall in it, From my opoint of view for using antivirus software alone you can go with internet security which has multiple features in it!

As many of you do, I perform daily, weekly, and monthly maintenance on my system, no matter what else I have going on in my life. In response to Mr. Fix' comments about two AV programs running at the same time, in many respects I agree - they are resource hogs and often one will "detect" the other's signatures and such, and then it really gets hairy. The solution, I think, is to have several tools available for use, but keep only ONE running in real time.

Personally, I use "Avast!" as my "always on" product. I've just found it to be more effective, for the threats I seem to encounter, than others.

On a nightly basis, whenever I shut down for bed, I run the Windows bult-in "Disk Cleanup" and "Cleanup 4.5.2" to get rid of the more obvious drags on resources. On a weekly schedule, I MANUALLY run, in this sequence, "SuperAntiSpyware," "SpyBot S&D," "Malwarebytes," and then a manual scan with "Avast!" All manual scans are full system scans, not the so-called quick scans - I basically check everything I can. Before I leave "Avast!" I schedule a boot scan to check the system before anything significant can be loaded into memory. I follow this with a run through "CCleaner" - deleting the unnecessary files it looks for, cleaning the registry, and double-checking the start-up registry entries for unwanted installations. Finally, I do a defrag, using the WIndows product, since it now automatically does multiple passes.

My monthly maintenance program includes all of the above except the boot scan, but run in safe mode. Then I do a backup to an external hard drive usually kept off-site.

I used to run "Ad-Aware" in front of "SuperAntiSpyware," but Lavasoft changed it so that it was always trying to upgrade to the paid version, in spite of telling it "no" tens of times. It simply became too difficult to use.

In spite of this regime, I have occasionally had to take the machine in to the scientists for a thorough deep cleaning and reset of things that got messed up by malware incursions. The good news is, those treatments have been rare and the regime (mostly) protects the machine.

The overall point is similar to one you made in your article - none of the AV products out there can do it all. Each one looks for slightly different things in slightly different ways. So, to answer Mr. Fix' comment, run only one all the time, but perform manual scans with others on a regular cycle. And always update definitions and even applications as soon as there are new ones out there. The manufacturers are not trying to keep you occupied with new installations and patches, they are trying to keep our machines as clean as possible and provide relevant updates as the threat environment changes, which is usually on a daily basis.

There, I think I'm done preaching to the choir.

I still feel that the single most important task it to make sure your OS and all applications are up-to-date.

Always like running critical software on non-consumer OS on unpopular hardware: AUX no 68K MACs, MKLinux or BeOS on Power MAC, Irix or NT on SGI MIPS, et al. Also restricted App Compat like OpenBSD or Red Hat. Aren't fertile for viruses.