ie8 fix
madison

Hardware 2.0

Adrian Kingsley-Hughes
Home / News & Blogs / Hardware 2.0

The sorry state of antivirus software

By | November 15, 2010, 5:57am PST

Summary: I’ve lost count of the number of times I’ve come across an ‘expert’ telling some poor soul who’s had their PC trashed by malware that it was all their fault and that the problem could have been easily prevented by installing an antivirus package, and keeping that package up-to-date. If only life were that simple …

I’ve lost count of the number of times I’ve come across an ‘expert’ telling some poor soul who’s had their PC trashed by malware that it was all their fault and that the problem could have been easily prevented by installing an antivirus package, and keeping that package up-to-date.

If only life were that simple …

My blogging buddy Ed Bott recently discovered a few malicious files lurking on his system despite having antivirus installed. Now Ed’s a clever guy, so if he can have nasties lurking on his system, that should act as a warning to us all.

Note: Let’s not turn this debate into a Windows vs. Mac vs Linux argument. I’m talking here specifically about security of the Windows platform.

Now, I don’t have any specifics on Ed’s setup, but I think that his story serves to demonstrate the sorry state of antivirus software. Let’s break it down:

I’ve had Microsoft Security Essentials (MSE) installed on my main working PC for most of the past year. Mostly, I use it for real-time protection. I typically disable the scheduled virus scans on my PCs and instead occasionally do a manual scan just to confirm that nothing out of the ordinary has snuck through. Last month I decided to perform a scan using the Full option. Because I have 2.5 terabytes of hard disk space, with roughly 40% of it in use, I knew the scan would take a long time. So I scheduled it to run while I was out running errands.

Poll

Is the security industry doing enough to protect users from threats?

First problem - scheduled virus scans take too long and hammer the system too heavily. Most antivirus solutions are designed with a “megabyte” mindset while many of us live in a “gigabyte” or even “terabyte” world. Part of the problem here is thinking of a system scan as a discrete thing that you run daily, weekly, monthly or whatever. This seems counter-intuitive to me and a better solution would be to have scanning done piecemeal during “screensaver” time. Priority could be given to certain file types but the goal would be to sweep the entire system on a regular basis.

I’ll come back to why this is important later.

But is relying on one antivirus solution good enough? No, it isn’t.

Only 17 of 43 antivirus products detected this as a threat. The full results page showed the identification, if any, for each product on the list. Microsoft, Symantec, Avast, and F-Secure were among the engines that flagged the file. But the majority didn’t.

Now, you can run multiple antivirus solutions on a system, but it’s not recommended because you can run into all sorts of issues. Antivirus software embeds itself pretty deep into a system, so you can end up with two programs fighting it out. Another problem is the system resources consumed by multiple security applications.

So what’s the solution? Well, we live in hard times and I’m pretty cheap, but what I’d like to see is a situation where the antivirus signatures are separate to the application itself so I could run a generic scanner and choose to subscribe to multiple signature services (a bit like how Virustotal.com works, only real-time). This way I could pick and choose the signatures used to scan my system. I like this idea of greater redundancy for two reasons:

  • First, greater protection. Effectively I’d have more eyes looking at my files for nasties.
  • Secondly, greater redundancy. Having multiple signatures scanning files would lower the risk of false-positives, or at least give me the option of investigating files that are picked up by only one set of signatures further.

Poll

Is it worth paying for consumer security software now that Microsoft is offering a free package?

Let me go back to my first point again, and the need for regular system scans of ALL files. Let’s examine the chronology of Ed’s story:

I’ve had Microsoft Security Essentials (MSE) installed on my main working PC for most of the past year.

… occasionally do a manual scan just to confirm that nothing out of the ordinary has snuck through.

Last month I decided to perform a scan using the Full option.

According to the scan results, this threat was first identified in definition 1.85.1774.0, which was released by Microsoft on July 9, 2010.

So, unless I’m missing something, Ed has had MSE installed on the system for “most of the past year.” He admits to running occasional scans, and since the threat identified was added to MSE on July 9, 2010, I assume that Ed must have acquired this nasty before this date and has not run a full scan since. Moral of the story - just because something gets past your antivirus scanner today, don’t assume that it’s clean.

Now, given the information that Ed has supplied, it’s pretty clear that his system was immune to the malware on his system because, being a smart guy, Ed updates his system. But it goes to show how malware can creep onto a system and lurk despite having security software installed.

Bottom line, antivirus software as a whole is in a sorry state and it’s failing to provide even experienced customers with the sort of security they need (and deserve). The widespread availability of free antivirus software might help reinvigorate the security industry and make them rethink how security should be done, rather than put more effort into generating hype.

Kick off your day with ZDNet's daily e-mail newsletter. It's the freshest tech news and opinion, served hot. Get it.

More from “Hardware 2.0”

Topics

Software, Antivirus, Antivirus Software, Ed, Viruses And Worms, Security, Adrian Kingsley-Hughes

Adrian Kingsley-Hughes is an internationally published technology author who has devoted over a decade to helping users get the most from technology.

Disclosure

Adrian Kingsley-Hughes

All opinions expressed on Hardware 2.0 are those of Adrian Kingsley-Hughes. Every effort is made to ensure that the information posted is accurate. If you have any comments, queries or corrections, please contact Adrian via the email link here. Any possible conflicts of interest will be posted below. [Updated: February 23, 2010] - Adrian Kingsley-Hughes has no business relationships, affiliations, investments, or other actual/potential conflicts of interest relating to the content posted so far on this blog.

Biography

Adrian Kingsley-Hughes

Adrian Kingsley-Hughes is an internationally published technology author who has devoted over a decade to helping users get the most from technology -- whether that be by learning to program, building a PC from a pile of parts, or helping them get the most from their new MP3 player or digital camera.

Adrian has authored/co-authored technical books on a variety of topics, ranging from programming to building and maintaining PCs. His most recent books include "Build the Ultimate Custom PC", "Beginning Programming" and "The PC Doctor's Fix It Yourself Guide". He has also written training manuals that have been used by a number of Fortune 500 companies.

Adrian also runs a popular blog under the name The PC Doctor, where he covers a range of computer-related topics -- from security to repairing and upgrading.

Related Discussions on TechRepublic

Did you know you can take part in these discussions with your ZDNet membership?
Ask a Question Start a Discussion
64
Comments
Add Your Opinion

Join the conversation!

Just In

Don't forget the Baby OS's
NZJester 2nd Dec 2010
@JPatrickF
You forgot to mention how temping a target those iPhones and Android phones are becoming for hackers. Some of the Malware that will target them will also target their bigger siblings. They are basically cut down version of both the Mac OS and the Linux OS!
View in thread
0 Votes
+ -
Simpler to use a good OS
itguy08 15th Nov 2010
That at this point doesn't require the use of an AV package.

2 such examples are Mac OS X and Linux.
0 Votes
+ -
RE: The sorry state of antivirus software
jefferyd3810 15th Nov 2010
@itguy08 This response is such total BS and a huge oversimplification of the problem. No OS is perfect, everything can be targeted by malware.
0 Votes
+ -
RE: The sorry state of antivirus software
itguy08 15th Nov 2010
@jefferyd3810

That's why I qualified it with "AT THIS POINT".

It may change in the future.
0 Votes
+ -
RE: This response is such total BS...
fatman65535 15th Nov 2010
@jefferyd3810

NO, he make a valid point.

I used to be a Windows (l)user. But I grew tired of all of the A/V scans killing the performance of my machine, and tying it up for close to 2 hours to perform a full scan on over 500,000 files. Let alone the fact that the machine slowly, over time `lost its edge`. Some may attribute that to `Windows rot`.

I experimented with Ubuntu 3 years ago, and after about 9 months of dual booting, decided to walk away from Windows. The same old hardware, that was running as slow as molasses in a Vermont winter, had sprung back to life.

My experience with Ubuntu has shown me that (IMHO) Windows is something to be avoided.

The last point I must make, is that with Ubuntu (and Linux in general) IF you get `pwned`, most likely, the damage will be done to your home folder. Can you say that for Windows?
0 Votes
+ -
@fatty: Simple answer
NonZealot 15th Nov 2010
IF you get 'pwned', most likely, the damage will be done to your home folder. Can you say that for Windows?

Yes. Even better, if it is Internet Explorer that gets 'pwned', no damage will be done to anything. Thanks Protected Mode (enabled by default)!
0 Votes
+ -
Did you not read the blog?
Cylon Centurion 15th Nov 2010
@itguy08

This isn't about Apple or Linux. And your point is moot, as Apple and Linux users still need to pay attention to security as been proved over and over again. Go troll elsewhere.
0 Votes
+ -
RE: The sorry state of antivirus software
itguy08 15th Nov 2010
@Cylon Centurion 0005

AT THIS MOMENT There is no need to run AV software on Linux or OS X. That is evidenced by the low # of malware for these platforms. Being villigent and smart about what you install is key on those platforms. It's not the same on Windows.

I've been an OS X user since 2002 and never ran an AV program and have no need to. Never been infected. How many Windows users can say the same?

Again, it's AT THIS POINT IN TIME.
0 Votes
+ -
RE: ...Apple and Linux users still need to pay attention to security ...
fatman65535 15th Nov 2010
@Cylon Centurion 0005

NO doubt there. Any user that thinks of a computer as nothing more than an appliance, deserves what they get.

BUT, you miss the point. Last week, one of the office workers at my doctor's office gave me a call. It appears that she, using IE7 on Windows XP browsed to a site in Asia (she is from that part of the world), and had this nasty called `Thinkpoint` stuffed onto her system with out ANY interaction. It would NOT let her access the internet, or shut down the computer. I told her to manually power it off. The next morning, when I got there, she had already done some Googling for `Thinkpoint`, and we had some idea of what we were dealing with. Fortunately, removing it was not that difficult.

The point I am trying to make is this:

The design of Windows that allows any program coming in from the internet to break out of the browser, and install itself is a security risk. In Linux, that is not possible. As much as I would like to get rid of their having to use `Administrator privileges`, one app will not run as a limited user, and that is a deal breaker for them.
0 Votes
+ -
Nothing to do with the design of Windows
NonZealot 15th Nov 2010
The design of Windows that allows any program coming in from the internet to break out of the browser, and install itself is a security risk.

That hasn't been the design of Windows since Windows ME 10 years ago. XP was configured poorly by default but the design, as you yourself admit in your post, allows you to reconfigure Windows using less privileged accounts. If you run with a less privileged account, programs from the Internet cannot "break out" of your browser and install themselves.

As of Vista and Windows 7, the default configuration of the browser and the user account is even better than it is in Linux because in Linux, programs can break out of the browser and delete all contents of your /home directory. In Vista and Windows 7, that is not possible.

In Linux, that is not possible.

Sure it is. It is all in the configuration. Log in as root, start browsing the Internet, and nothing prevents malware from "breaking out" of the browser and installing a rootkit. Hmmm. rootkit. I wonder where they got that name from? happy

Only stupid people mix up the design of a system with the configuration of a system.

one app will not run as a limited user

That is a problem with the design of that app and not of the OS. Oh, and if you knew anything about Windows (and you obviously don't), you can create a shortcut that will run that one app as an administrator. Right click on the shortcut, click Advanced, and check "Run with different credentials". Are you beginning to understand the difference between Configuration and Design? I hope so, for the sake of your poor Windows customers. If you really want to help them though, tell them to find someone more qualified to help them out. happy
0 Votes
+ -
Yawn..
otaddy 15th Nov 2010
@itguy08

I could see switching to Mac...maybe...but right now Windows is the best option for home use. I can run the widest array of software, I like Media Center, and Win7 is very stable so the tradeoff isnt worth it.

I havent been hit by a virus since XPsp2 so Im in no rush to ditch windows.
0 Votes
+ -
How would you know?
Richard Flude 15th Nov 2010
"I havent been hit by a virus since XPsp2 so Im in no rush to ditch windows."

You missed the part about the failure to detect.

Part of the problem is the signature method used by antivirus software. Needs to reach certain level of popularity before it's detected.

Solution has always been mounting user file systems as non-executable. Admins control all executables in a managed environment. Easy on unix.
0 Votes
+ -
RE: The sorry state of antivirus software
itguy08 15th Nov 2010
@otaddy

Actually the Mac can run the widest array of software:
Mac software
Linux Software
Windows software.
0 Votes
+ -
@Dick Flude: Also easy on Windows
NonZealot 15th Nov 2010
Admins control all executables in a managed environment. Easy on unix.

Also easy on Windows. Of course, I wouldn't expect someone like you who knows nothing about Windows to know this. happy
0 Votes
+ -
RE: The sorry state of antivirus software
JPatrickF 15th Nov 2010
@itguy08 Actually, at this point, you DO need to run AV for Mac and Linux/Unix. Virus/Malware authors are increasingly targeting applications (Adobe Flash, Java, etc.) and "drive-by" downloading and social engineering attacks. This means that they are becomming platform independent.

Check Sophos, they have some good, easy to watch videos that explain the need.

http://www.sophos.com/products/free-tools/free-mac-anti-virus/features.html

And, yes, they have Linux/Unix antivirus too:

http://www.sophos.com/products/enterprise/endpoint/security-and-control/linux/

Face it, you need it. Security through obscurity is not an option. Virus makers want exposure, the more they can infect the better, and in that past that meant targeting the most used OS. PCs (Windows) are targeted mainly because they have the vast majority of the market share. But the virus makers have figured out that you can infect more machines by targeting security vulnerabilities in platform independent applications. The time IS now, it is "at this point".
0 Votes
+ -
RE: The sorry state of antivirus software
itguy08 Updated - 15th Nov 2010
@JPatrickF

Funny, a company selling AV software telling me I need to buy AV software...... Conflict of Interest much? If they told you that you didn't need it they would go out of business. So it's easier to make stuff up to get you to buy into the notion you must have AV software all the time.

Again, there are so few cross platform viruses in the wild you can safely ignore them if you are not on Windows.

The threats for Linux and Mac users are pretty small at this time and something that many users can combat against without software.

Get out of the thinking you need this stuff. For now you only need AV on Windows.

Look at it this way. I can buy Bob's car that can easily be broken into with a pebble and easily hotwired with a paperclip. Or I can buy Joe's car that can only be broken into with a cinder block and can be hotwired only with a 500 ft spool of wire. Which would you buy? Sure both can be broken into and hotwired but you have a better chance of not having your car stolen with Joe's car. Bob = Windows, Joe = OS X and Linux.
  • Flagged
0 Votes
+ -
Don't forget the Baby OS's
NZJester 2nd Dec 2010
@JPatrickF
You forgot to mention how temping a target those iPhones and Android phones are becoming for hackers. Some of the Malware that will target them will also target their bigger siblings. They are basically cut down version of both the Mac OS and the Linux OS!
0 Votes
+ -
Problems reading???
Coogol 15th Nov 2010
@itguy08

Huh. Dude! What part of the following did you not understand:

Note: Let?s not turn this debate into a Windows vs. Mac vs Linux argument. I?m talking here specifically about security of the Windows platform.

Jerk!
0 Votes
+ -
amazing how many missed that
pfyearwood 15th Nov 2010
@Coogol I saw that too. I use Linux for my main system but also dual boot Windows on an older system and have it as a Virtual Box machine on my newest system. Both have AVG Free edition, though the VBox can be restored via snapshot. I just reinstalled Linux. Forgot to install clam. Thanks for reminding me.

Paul
0 Votes
+ -
RE: The sorry state of antivirus software
Pete "athynz" Athens 15th Nov 2010
@itguy08 Well then please explain to me why they make an antivirus for Macs? Norton has had a Mac product for years - I in fact ran it when I had my old PPC mac running OS 7 - OS 9.

As for Linux... no thanks, tried it, didn't like it, got very little support but a lot of jackasses on the Linux forums so why bother dealing with it?

Besides you obviously didn't read the part of the article that said: Note: Let?s not turn this debate into a Windows vs. Mac vs Linux argument. I?m talking here specifically about security of the Windows platform. Emphasis added.
0 Votes
+ -
RE: The sorry state of antivirus software
Jimster480 15th Nov 2010
@itguy08 So the writer says to not turn it into a Mac vs Linux vs Windows debate and you reply with the first comment turning it into just that. Yea your a failure. And there are viruses on both of those platforms, which you can get in the same method as you can on windows, downloading, installing and okaying them.
0 Votes
+ -
N O T
mikroland 15th Nov 2010
@itguy08

OSX AND LINUX both suck, they are both LIMITED. Both of them have terrible interfaces and most of all lack compatibility with most programs.Windows gets it done, why do you think its STILL ON OVER 90% of computers, despite all of the B.S. people like you constantly spew????
Windows vista sp2 or Windows 7 if configured with non admin account and MSE is VERY secure unless you are a TOTAL moron.
You guys always mention osx or linux but FAIL to mention that you also run windows in a virual machine (probably with 1 cpu, ie slow) or use some type of buggy a s s, insecure emulator like wine. Why do all of that, why not get a real computer with win7 64bit and run all of the programs natively? BTW, XP mode works great for those of you that STILL have ancient programs (even 16bit).
The onlything i will say about microsoft insecurity is IE 7 OR below. Simply terrible (non issue in win7). That is why I use google chrome as my primary browser and IE 9 beta as a secondary browser and MSE as the antivirus. I have never had malware issues with this config, EVER. BTW, My pc FLIES and I do NOT have an SSD drive. I have core i7 with 8gb ram, 300gb velociraptor hd for os and couple terrebyte drives as data storage all running on win7 64bit.

Now put that in your pipe and smoke it.
0 Votes
+ -
Changing OS is not a "point of time" thing
cquirke 16th Nov 2010
@itguy08

It's a bit silly telling folks to "just" change their OS because "at this point in time" something else is less often attacked.

How long will you get back up to speed after "just" changing OS?

At *that* point in time, how safe will you still be?

I see MacOS and Linux malware safety benefits as similar to those of a cabin in the woods. Put the same cabin back in the inner city, and see how well it fares against burglary...
0 Votes
+ -
RE: The sorry state of antivirus software
bbarnes@... 17th Nov 2010
@itguy08

Read the note above. I'll repeat it for you.

Note: Let?s not turn this debate into a Windows vs. Mac vs Linux argument. I?m talking here specifically about security of the Windows platform.

And while we're on that subject there is antivirus software for Macs because they get viruses too. There were Linux security flaws discovered just last week. Grow up already!
0 Votes
+ -
RE: The sorry state of antivirus software
jefferyd3810 15th Nov 2010
I think that the chief concern of the security vendors is convincing people that their product is somehow "better" and then locking people into their particular revenue model. I don't think they have any real interest in truly protecting people. Their business models are dependent on the opposite actually. I was hostage to Symantec for many years and recently escaped my captor by adopting the free Microsoft solution. Microsoft Security Essentials, together with a "defense in depth" strategy, has kept me and my family out of trouble for the most part.

Like the person who posted above me, many people out there a desperate to have the world change to whatever their "favoured" operating system is, assuming that the world will somehow be better when everyone uses OS X, Linux, or whatever. It's a nice little dreamworld.

The vast majority of users barely know how to turn on their computer let alone secure it. People are ultimately stupid, selfish, and rarely see the consequences coming before it's too late. The security companies have become little profit machines because of this.

Unless we all abandon the internet, or heck, go even further and not use computers at all, I don't see a silver bullet answer.
0 Votes
+ -
Eset is better
amasys 15th Nov 2010
As a consulant I install MSE on "not for profit" computers due to budgets; in most cases MSE is a decent product. But some "power" users visit so many sites including social ones; MSE is not good enought to trap some malware. When this happens I install Eset trialware then before the trial runs out I will format their hard drive. Sad but that's the best I can do. MSE needs to beef up it AV product; I agree where it is going. If nothing else; AV vendors need to be price sensitive and MSE is the only one that can do it! Eset is good product but overpriced!
0 Votes
+ -
RE: The sorry state of antivirus software
steve.rentageek@... 15th Nov 2010
@amasys
For a multi year, multi computer purchase, Eset is about $25/yr/computer. That's expensive?
0 Votes
+ -
Agreed.
Cylon Centurion 15th Nov 2010
But honestly, is it an obtainable goal? They're more interested in spreading FUD and adding hype that you "absolutely need" their product, and seeing how they come pre-installed on off the shelf systems, they don't really care as by default people will be using them.

It also doesn't help that most people think AV packages are to be used as frontline protection; It's not meant to be for this very reason alone. They don't take the active precautions they should be and these AV companies do nothing about it.
0 Votes
+ -
RE: The sorry state of antivirus software
Vesicant Updated - 15th Nov 2010
Interesting conclusion that it's not the user's fault, given that the user in this case admits to disbling the automatic scan and only "occasionally" doing a full scan of his computer. His AV software did in fact find the problem as soon as it was properly used.
0 Votes
+ -
RE: The sorry state of antivirus software
MLHACK 15th Nov 2010
@Vesicant

I agree this happens far too often. i do repair work as a side job and i see this far too often outdated av sigs, expired av software last scan never or is like a 1 year ago. I do think that the av makers could do a lot better with there products instead of piling new versions and code then need to redesign there products to meet current malware trends not from 10 years ago. I think MS has done this with their MSE product as long as they keep moving it in the right direction.
0 Votes
+ -
Contributr
My choice
Ed Bott 15th Nov 2010
@Vesicant

I don't do full automatic scans. I do regular manual scans. What counts most for me is real-time protection. If this Java class file had tried to execute (it couldn't, because the vulnerable version of Java wasn't installed) I would have been notified.

You also might like to check the update at the end of the post, which I just added.
0 Votes
+ -
Was Ed's computer infected?
NonZealot 15th Nov 2010
From reading his blog, it sounded that what was found were files on the hard drive but no infection. Heck, if all that counts is the file on the hard drive, I can copy the file onto a Linux machine and poof that Linux machine is now infected!

Like I said, it sounds like Windows did its job and protected the user and the system from infection.
0 Votes
+ -
RE: The sorry state of antivirus software
Michael Kelly 15th Nov 2010
@NonZealot

Windows did not do its job. MSE did its job. That's a small but relevant point. Windows still cannot fully protect a user from himself, an AV scanner can.

And my personal belief is that even if I do run Linux I should be a good citizen and scan anyway, because I can still inadvertently spread a virus or TH the manual way. Not the least because I run Windows also and the person I may spread it to may be myself. But it goes both ways, because there certainly are THs (at the very least) that can infect a Linux system as well.
0 Votes
+ -
No, MSE just found a file on the hard drive
NonZealot 15th Nov 2010
@Michael Kelly
If I'm wrong then I would ask Ed to correct me but from what I read, it looked like Ed's machine had not been infected by any of the malware that MSE found on the hard drive. Like I said, if I copied those same files onto a Linux system and ran ClamAV and it detected those files, would you claim that Linux didn't protect the user and that it was ClamAV that protected the user? Of course not.

There is a huge difference between getting malware onto a file system and then getting that malware executed with enough permissions to infect the system. Since the malware was not able to execute with enough permissions to infect the system, Windows did its job. It so happens that some time later, a manual AV scan found the dormant file on the file system but that isn't what kept the system safe.
0 Votes
+ -
RE: The sorry state of antivirus software
PedroRa 15th Nov 2010
"Most antivirus solutions are designed with a ?megabyte? mindset while many of us live in a ?gigabyte? or even ?terabyte? world"

it would be interesting to see a comprison of how antiviruses deal with this reality.

For example Symantec Endpoint Protection (the corporate version) uses some kernel counters to determine the size of the queue of commands for the HD and throtles itself based on that.
This does improve the usability of the computer when it's being used and it's scanning at the same time and it's a better approach than basing it on CPU load but it's not perfect.
0 Votes
+ -
Obviously, Ed wasn't doing full daily scans
wolf_z 15th Nov 2010
Duh.

When he ran a full scan he got it. Quick scan is fairly worthless, on every system I run MSE on it's set for daily full scans.

Even on modest systems MSE doing a full scan isn't all that noticeable, especially if you leave the system up all night and set it for 2 AM or whatever.

Since a full scan caught it, MSE isn't the problem--Ed was. Even smart folks do dumb things on occasion...
0 Votes
+ -
Try running as a non-admin
JeffLS 15th Nov 2010
I have run my windows computers at home as non-admin since something like Windows NT4 Workstation days.

Even with kids using my computer, I haven't gotten anything infected other than stuff in the Temp Internet Files folder.

I read an article recently that stated that some really high percentage of virus infections can be prevented by running this way.

Regardless of the OS involved, running under an admin account all the time is just asking for trouble.
0 Votes
+ -
RE: The sorry state of antivirus software
putty.master 15th Nov 2010
A regular automated scheduled scan that runs when you're not around can solve Ed's issue.

My beef with the AV industry is these companies that charge money for anti-virus protection, but don't even attempt to do anything about other types of malware like browser hijacks and rootkits. What a scam! If I'm going to pay for a security solution then I expect it to catch evrything. I'm not interested in your classification of viruses and malware. If it's not supposed to be there and doing evil things on my computer then you need to detect and remove it. Honestly, until they address all forms of malware, all AV solutions that charge for their services are a complete ripoff.
0 Votes
+ -
Get KIS
Tommy S. 15th Nov 2010
I have Kaspersky and it is far superior to anything else. If you have a good software setup and a brain you can lurk in the worst corners of the interweb in total impunity.
0 Votes
+ -
Based off the past few years
bobiroc 15th Nov 2010
I think that security companies need to step it up a notch on other forms malware as much of what I see today revolves around those fake security solutions preying on those who do not know any better. That being said I still have to say that the vast majority of the computers I see that get infected still fall into either or both of these categories:

1. Running with expired or no security solution at all
2. Signs of unsafe browsing/computing habits that include turning off security like UAC, Firewall, Security Center, All users have full admin rights, no passwords/weak passwords, or running questionable software like P2P software to download their media files and programs.

Still no one solution is perfect so I use on my current system a few solutions that do not seem to use a whole lot of overhead. I also find that sometimes the exploits that get on people's computers are taking advantage of out of date computer/web plugins like java, flash, acrobat reader, and quicktime. I was recently turned on to Secunia Personal Software Inspector and I find that does a very good job in finding these out of date plug ins and notifying the user to update them and providing a direct link where they can be downloaded and installed safely and securely. The notifications in the task bar can confuse many users and my mother is one to call or instant message me asking if it is OK to download those types of updates.
0 Votes
+ -
RE: The sorry state of antivirus software
JeffLS 15th Nov 2010
@bobiroc

My problem with all of this is that I did not buy the system to run AV software, and these constantly-scanning tools suck 10-20% of my performance away.

By running with all non-administrator accounts, I ran for over 2 years without any anti-virus software, running and only doing manual scans on occasion. I never ran into a virus infection of my system, even with teens using my computer to visit all sorts of bad sites.

Running as a non-administrator can prevent most of the infections that are out there. Sure, it won't fix all of them, and that is why I perform the occasional manual scan.
0 Votes
+ -
Running as non-admin
bobiroc 15th Nov 2010
@JeffLS

That is a big step in preventing your machine from being compromised. It is one area that Microsoft "dropped the ball" IMO with XP and previous versions of Windows by defaulting accounts to full admin status. It is also one of the strengths of MacOS and Linux by having a separate full admin/root account. Unfortunately it took Microsoft to Vista to make this a standard and even more unfortunately many users ignore the information and still make all users admin even though it is not needed. I set up my family's computers this way for at least the past 8 - 10 years and made an Admin account and told them to only use this when they have to like to install a program. A bit more inconvenient but they have been well protected for the most part. Well except for my Dad which thinks he knows better and constantly messes up his computer and blames the computer or me, but that is another story all together.
0 Votes
+ -
The sorry state of antivirus thinking
Notas Badoff 15th Nov 2010
"My blogging buddy Ed Bott ..." "Now Ed?s a clever guy, ..." "I?ve had Microsoft Security Essentials (MSE) installed on my main working PC for most of the past year."

Crazy. Are you like the war photographers that throw themselves out there in the hopes of getting a "great shot"?

Playing in medical waste while wearing a condom on each finger does not equal 'protected'. MSE is better than nothing, and just that.

"... while many of us live in a ?gigabyte? or even ?terabyte? world." Apparently not, or not in the sense of having any sense of what that means. Your backup solution takes how long to read all that? And you want an AV to, what, use a crystal ball? It has to actually read the data, and check against other data. On your less-than-supercomputer budget, you expect miracles?

"... just because something gets past your antivirus scanner today, don?t assume that it?s clean." Oooo, STUXNET anyone?

You wrote a whole blag on the fact that checking takes time, takes information, and is sometimes misinformed?

Ohhh, I understand. "... it?s pretty clear that his system was immune to the malware on his system ..." This was humor at Ed's expense! I'm not sure he'd appreciate where you've stuck your tongue.
0 Votes
+ -
RE: The sorry state of antivirus software
Alchemist001 15th Nov 2010
Try running Microsoft anti-virus along with Threatfire and ZenOK at the same time. No conflicts and your system won't slow down. Also, throw in super anti-spyware and you should be ok.
0 Votes
+ -
RE: The sorry state of antivirus software
charles1957b 15th Nov 2010
I would have liked to see a list of the programs that detected the malicious software.
I have held good confidence in my AV software, but I may be wrong to have such confidence.
By the way I agree the opsys trolls are a pain. I don't wish for a major mac attack or a linux liquidation, but some people make it difficult not to think that. They sell very little and annoy very much.
0 Votes
+ -
RE: The sorry state of antivirus software
d_j_owen2002@... 15th Nov 2010
I use Eset paid (You can get good deals) on the PC I carry out financial stuff and MSE on other PC's / laptops.
AV on its own is not good enough to protect you - you need to patch. I support a variety of PC's with different AV installed and have seen viruses on all when I first look at them.
I install Secunia PSI and patch them up - others use File Hippo.
I compare it to a dam, when you first build it it is watertight, if you carry out maintenance by cleaning and patching it remains watertight. If you only do automatic updates in Windows and the AV then cracks begin to appear. The more time goes by the more leaks are possible.
This is true of any OS - if you do not patch you leak and leave an opportunity for these people to infect your PC.
I have worked on 3 infected Linux boxes but have not touched Mac for many years.
Complacency and ignorance is your worst enemy.
I hate trolling and nothing makes me stop reading a thread quicker.
0 Votes
+ -
RE: The sorry state of antivirus software
SHNZ 15th Nov 2010
"but what I?d like to see is a situation where the antivirus signatures are separate to the application itself"
This is a very interesting statement, and one that has a lot of merit. A standard schema for definitions would allow the myriad of vendors to contribute to the sig database that can be used by any of the AV products. They could then concentrate on delivering a quality product, and not have to spend so much time/effort/$$$ maintaining their own version of the defs. There are a huge number of hurdles to overcome by going down this path, but it's certainly food for thought. I have submitted malware for testing, and (like in a previous post), only a handful of the 40+ virus engines detected the code. If a mashed-together def database was used by all vendors, each contributing their sigs, then wouldn't all 40+ products have detected the malware?...IMHO
0 Votes
+ -
Some redundancy is possible
drm2g 15th Nov 2010
I've been running Immunet Protect (cloud-based) alongside Avast - no issues. Seems that running 2 AVs simultaneously increases protection. I believe that Immunet is compatible with a wide range of standard AV programs.
0 Votes
+ -
The fact is that
Jimster480 15th Nov 2010
There are no remote exploits for Windows 7. So if you are running Windows 7, you should not get malware unless you are running other unpatched software, or download and install random software, or click ok on those fake antivirus popups and download their malware to your computer and then ok it to run.
0 Votes
+ -
RE: The sorry state of antivirus software
scott2010au 15th Nov 2010
@Jimster480 Actually there are almost 100 well documented remote exploits for Windows 7. If you do not believe me check your Windows Update logs via your Start Menu.

Whomever told you this was outright lying to you!

Every Network Operating System has remote exploits.

Single-user DOS without a NIC (physical or virtual) does not as it can not be remotely exploited, although it has other issues that NT Kernel (or Linux, Mac OS X / BSD, UNIX, etc) Operating Systems do not have.

It comes down to your requirements for the task at hand.
0 Votes
+ -
We're Not Worthy...
markholliwell@... 15th Nov 2010
After reading this, I just have one question. Why do Mac users have a "king of the world attitude"?
...lighten up !!!

Join the conversation!

Formatting +
BB Codes - Note: HTML is not supported in forums
  • [b] Bold [/b]
  • [i] Italic [/i]
  • [u] Underline [/u]
  • [s] Strikethrough [/s]
  • [q] "Quote" [/q]
  • [ol][*] 1. Ordered List [/ol]
  • [ul][*] · Unordered List [/ul]
  • [pre] Preformat [/pre]
  • [quote] "Blockquote" [/quote]
ie8 fix
Click Here
ie8 fix

The best of ZDNet, delivered

ZDNet Newsletters

Get the best of ZDNet delivered straight to your inbox

Facebook Activity

Blog Roll

Blog Archive

White Papers, Webcasts, & Resources
ie8 fix
ie8 fix