General discussion


RE: What is the best AV software?

By Thamer ·
There is no Anti-Virus software of which you can consider to have the best frontline virus dedetction ... there is NONE!

In general, Anti-virus programs are considerd the most effective means for fighting viruses, the consumers should be aware that NOT one anti-virus program will offer a perfect 100% guarantee against viruses and Any claims of their existence may be considered to be either an advertising trick or a sign of ... incompetence.

An anti-virus program which can successfully block any viruses that are trying to corrupt the computer then that program ... is doing it's job. If there is a anti-virus program installed on the computer and yet there are still viruses getting through then that program is unsuccessful.

So, what are the alternatives?

The only best protection against computer viruses is the consumer HIMSELF!

In general, most Internet virus annoyance can be kept in check by being observant, maintaining a ... healthy skepticism about what you receivevia e-mail. Whatever else you do, using a good anti-virus program with up-to-date patterns is essential. You would also be wise to install or use an ISP that has installed tools that scan e-mail for suspicious content before it arrives on your machine. (This may be the only effective defense against "true worms" that spread via e-mail without user intervention.) ... Backing up your viatl files is also ... vital, since some viruses may destroy valuable files irretrievably...

...Of course, even if you take all of these precautions, you may still fall "victim" to virsuses that would unexpectedly penetrates your defenses... But if you're on your guard, the odds of serious damage will be ... greatly ... reduced.

Appreciating your thoughts and comments.

This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Comments

Collapse -

Pet Peeve of mine

by LordInfidel In reply to RE: What is the best AV s ...

There are Plenty Of AV products that are bad, and some that are good.

There is also a specific way of deploying AV products that maximizes protection.

Reliance on the end user is a feeble and unreliable method.

There are 3 distinct areas ofprotection.
1. Desktop
2. File Server
3. E-mail gateway

The main line of defense will always be the mail gateway. Why? It is the place where 99% of viruses and trojans are sent.

How do you defend it. By using extension blocking. Not by relying on the AV scanner to detect a virus based on patterns. That is unreliable. But by blanket saying that no exe's or pif's or vbs scripts come thru. The end user will never have the ability to execute it.

Next is the desktop. If the end user does get a file that is allowed thru, then it should also be scanned against the latest patterns. Most macro based viruses will fit some sort of pattern.

Also the desktop edition should also scan any http downloads and file level access.

The last line is the file server itself. If a file happens to make it thru both the mail gateway and the desktop, the file server should also do a last scan. It should also be configured to to do a nightly full scan (before the daily backup).

Now which AV products are bad and which are good. Anything that does not allow you to do extenstion blocking at the mail gateway is bad, the ones that allow are good.

No matter how "on guard" you think you are. Nothing will save you if your defensesare not strong, in place and something you do not have to actively think about.

Collapse -

Fourth line of defense

by Oldefar In reply to Pet Peeve of mine

These three lines of defense offer excellent protection, but the long term solution calls for a fourth.

A response to receipt of a virus is also called for. When individuals, companies, and goverments take action against the source of the virus we begin to see a reduction in the frequency of these events. I don't mean retaliation, but identification of the sender and notification to criminal authorities. Civil court actions are a legitimate way of going after the perpetrators as well.

Collapse -

Part of the 1st line

by LordInfidel In reply to Fourth line of defense

When a known virus is sent to a network, a properly configured mail gateway's AV will return back a message to the sender.

If a user on a remote network is sending ton's of traffic. I will usually alert that remote user's postmaster.

If it does not cease, I then will block that e-mail address. If it is an enitre network, I may block their mail server.

It all falls in line with the 1st line though and what measures you take after the fact.

But your point is valid and well taken.

Collapse -

Haven't we learnt anything?

by Thamer In reply to Pet Peeve of mine

... Which makes me to wonder, haven’t the above three measures of defense against computer virus infections been in place when those massive-mail viruses such like Code red, Nimda (the fastest spreading worm ever1).. Sircam to run their malicious codes and make it to top of the news headlines?

In the case of Nimda for instance, Microsoft Outlook users don't need to open the attachment to become infected ... they just have open the e-mail message itself.

Basically, any device that sits on a network can run malicious code, can be made to do attacks and can do anything the hacker made them to do and with more and more sophisticated devices every day being connected to computer networks, the exposure to such threats makes such attacks inevitable one day.

Bottom-line,... there is a “war” between AV systems and Virus developers ...
... where each side is not willing to …yield!

Collapse -

No, Code Red and Nimda

by LordInfidel In reply to Haven't we learnt anythin ...

Were due to improperly configured IIS boxes.

They exploited the .htr vulnerabilites. Which is not scanned by AV products. In fact, most production web servers do not have AV software installed on them. Nor should they.

The first 3 lines of defense are for viruses not exploits due to improperly configured web servers.

While viruses and trojans do contain exploits. If they arrive via e-mail or are transmitted via good old-fashioned sneaker net, the first three lines should catch it.
My networks (both corporate and consultant based) all had the proper configurations prior to code red and nimda and were not affected. Even though my networks were slammed with infected e-mail and .htr requests levied against my webservers, no exploits.

Was I alone, by no means no. I would say that out of all the SysAdmins I know, only 1 of them got hit. But he had just inherited the network ans was still getting everything up to snuff.

I do not understand the statement at the end though. Why would virus developers want to work with AV vendors?

Collapse -

NO AV for Slammers!

by Thamer In reply to Haven't we learnt anythin ...

And here we go again,...

The smallest native, network worms ever, if not the smallest ... is attacking unpatched systems (attacks only Windows 2000 systems), and the worst part is that a patch has been available from Microsoft for close to half a year...

Reports have anywhere from two to five of the Internet's 13 root Domain Name System (DNS) servers were overloaded with traffic and ... shut down.

...It was the same story with Code Red where a patch was available and many were not taking advantage of it.

The diffrence, ... It spreads without the assistance of an e-mail attachment, ... no human interface is required (The vehicle of choice for most worms these days.) Instead, it uses Internet port 1434 (the SQL monitor port) to spread to other vulnerable systems.

Asking.... what is the best AV system?

Collapse -

First Time For Everything!

by JackOfAllTech In reply to Pet Peeve of mine

This is the first time I've ever disagreed with anything you've ever said, Lordinfidel! It is, however a minor point.

I've been using computers since the mid 70's (yes I'm that old) and have owned one of my own since 1980. I did my share of hacking back then - even wrote my own virus (never released) - and belonged to a fair number of 'underground' BBSs.

I have NEVER been infected! Why - because I ALWAYS take precautions: I don't use Outlook (my email client is text-only), I NEVER openan attachment; I save it to disk and scan it first, I disabled ALL scripting, etc., etc..

While I agree that we can't depend on our users to practice safe computing, I say YOU can be secure.


Collapse -

Admins are different then lusers

by LordInfidel In reply to First Time For Everything ...

I wish that I can say that I have never been infected. But it was due to my own carelessness when I was submitting a viral sample.

Text only e-mail readers and web based e-mail are really the only ways not to become infected.

But still, my whole theory on this is. If you take away the end users ability to ever see the file, then they can not execute it and infect themselves.

I wish all of my users took precautions. But they *will* open anything they get their hands on. Even right after I send out a virus bulletin saying don't follow x instructions in bogus e-mail.

But even though I can take away from them receiving harmful files (vbs, exe, pif etc) Nothing will stop them from going to a malicious website and downloading something. That is where you have to have AV on the desktop.

Short and sweet, you can't trust users to police themselves.

Collapse -

No Hope

by jkaras In reply to RE: What is the best AV s ...

I know what you mean about the frustration you experience due to the virus issue. The problem is that virus protection software doesnt prevent viruses from your computer, only if it is a "known virus" that it gets from the updates like a most wantedlist.If it doesnt know what to look for it wont find it anyways. That is just the nature of the net that we are forced to deal with. I personally dont use virus protection on my personal computer and choose to roll the dice. If I suspect infiltration I merly go to symantac. site and download the free tool to handle issue or read the documentation to for removal that they post. I know no matter how hard I try there will be one that would or will slip through any defense I could muster. With the growing knowledge that the younger generation posseses at such an early age exposure to computers and tricks are as common to them as swear words.Most virus software are resource hogs that tend to have issues with various other programs and dont feelit's worth the headache. I just know sooner or later the bullit finds me, then the headache begins.

Collapse -

Kind of Irressponsible

by madroxxx In reply to No Hope

It is people like you that cause my mail server to still be deluged with the Klez Virus even though the fix/pattern has been available for like 6 months or so.

Related Discussions

Related Forums