6 Gallium

Anti-virus is a Poor Substitute for Common Sense

"A new study about the (in)efficacy of anti-virus software in detecting the latest malware threats is a much-needed reminder that staying safe online is more about using your head than finding the right mix or brand of security software.

Last week, security software testing firm NSS Labs completed another controversial test of how the major anti-virus products fared in detecting malware pushed by malicious Web sites: Most of the products took an average of more than 45 hours — nearly two days — to detect the latest threats."

Full read: http://krebsonsecurity.com/2010/06/anti-virus-is-a-poor-substitute-for-common-sense/

Comment:
Although Krebs does not mention it, you will have to shell out $495 (USD) to read the report, although NSS did reveal that Panda and AVG finished at the bottom of the pack in this particular test. Also covered in the report are Eset, F-Secure, Kaspersky, McAfee, Norman, Sophos, Symantec, Trend Micro.

But by any standard, it seems no AV shines brightly here. Very depressing ...

_________________________________________


Dell Forum Member since 2,000


 Use OpenDNS   MalwareBytes' Anti-Malware Free


Windows 10 Pro (64- Bit): Malwarebytes 4.x Premium, Windows Defender AV, Windows Firewall, WinPatrol PLUS, Emsisoft Emergency Kit Free and HitmanPro Free (on-demand scanners), OpenDNS, MVPS Hosts file, SpywareBlaster, Pale Moon web browser, Sandboxie, CCleaner Free.


"In the future, everyone will be anonymous for 15 minutes" - Banksy

0 Kudos
9 Replies
4 Beryllium

Re: Anti-virus is a Poor Substitute for Common Sense

I take this to mean that I should no longer spend hours on the porno and get rich quick sites?? Now I am depressed.

Jeff    emoticon.Crying.title

XPS 8100 i7-860(8MB Cache, 2.8GHz), 8GB Dual Channel DDR3 SDRAM @ 1333MHz, 750GB SATA 3.0GB/s 16MB Cache, nVidia GeForce GTS2401GB GDDR3, Dell ST2310 Full HD Widescreen Monitor, AverMedia G2 Combo hybrid TV Tuner, dual 16x DVD+/- RW dbl layer, Microsoft LifeCam Cinema HD, Running Windows 7 Home Premium, 64 bit. 

If your question is answered here on the forums; PLEASE post back! It may help another user.              

0 Kudos
6 Gallium

Re: Anti-virus is a Poor Substitute for Common Sense

Jeff:

I appreciate your humor. But this study has the ring of truth to it, even if I haven't shelled out the big bucks to read it.

My belief that a good AV is the cornerstone of layered security might well be in error. I have used many AVs over the years (both free, and commercial) and none have ever alerted me to proven infections, or even attempts at infection.

Which leaves me to conclude that perhaps safe surfing, and possibly other layers of security I employ might well be more important than my AV.

_________________________________________


Dell Forum Member since 2,000


 Use OpenDNS   MalwareBytes' Anti-Malware Free


Windows 10 Pro (64- Bit): Malwarebytes 4.x Premium, Windows Defender AV, Windows Firewall, WinPatrol PLUS, Emsisoft Emergency Kit Free and HitmanPro Free (on-demand scanners), OpenDNS, MVPS Hosts file, SpywareBlaster, Pale Moon web browser, Sandboxie, CCleaner Free.


"In the future, everyone will be anonymous for 15 minutes" - Banksy

0 Kudos
4 Beryllium

Re: Anti-virus is a Poor Substitute for Common Sense

I know you are right. Sorry. This probably isn't the place to be silly. It just seemed like a slow day on the forum. I will try to control myself.

But it does seem to me that some folks bring problems on themselves. And in turn whine when they run into trouble. Then the great people on this forum and others bail them out. That's a good thing! I may run into trouble someday and I will make a beeline here in hopes that someone will be willing to help me.

Jeff

XPS 8100 i7-860(8MB Cache, 2.8GHz), 8GB Dual Channel DDR3 SDRAM @ 1333MHz, 750GB SATA 3.0GB/s 16MB Cache, nVidia GeForce GTS2401GB GDDR3, Dell ST2310 Full HD Widescreen Monitor, AverMedia G2 Combo hybrid TV Tuner, dual 16x DVD+/- RW dbl layer, Microsoft LifeCam Cinema HD, Running Windows 7 Home Premium, 64 bit. 

If your question is answered here on the forums; PLEASE post back! It may help another user.              

0 Kudos
7 Gold

Re: Anti-virus is a Poor Substitute for Common Sense

Joe wrote:  "My belief that a good AV is the cornerstone of layered security might well be in error".

I don't know that I'd express things so strongly/bluntly.   But yes, it's critical that people realize that anti-virus programs do have their limitations.

First and foremost, the "crux" of most anti-virus programs --- their signature-based detections --- is of necessity a slow, "REactionary"-based process.   Here, the malware writers are ALWAYS one-step ahead:   they create the new garbage, and start circulating it.   It isn't until 1) some victims start reporting the problem, and 2) the anti-virus companies can get their hands on a copy of the infecting files for analysis, and 3) the anti-virus company can isolate/produce a unambiguous signature criterion for that malware, and 4) they beta-test the proposed signature, as quickly as possible, for any problems before releasing it to the general public, and 5) the [tested/debugged] signature is finally released to the general public... only then is the public finally protected.   So can anyone really be surprised to learn that all this can typically take 24 to 48 hours?   Personally, I'm amazed that they can do anything that fast!

[Of course, we may be  partially  protected in the interim by virtue of "generic" / heuristic / "behavior-based" detections... but such detection/protection is highly UNreliable.   But that's another story.]

Secondly, but just as important, malware often makes it way into computers via "holes" in popular programs --- most notably, Adobe's Flash and Reader, and Sun/Oracle Java... and (to a lesser extent) QuickTimePlayer & RealPlayer.    I've often asserted that I have yet to ""meet" an anti-virus program that can successfully protect against the likes of Vundo infections and Zlob trojans.    It doesn't matter whether you're using a paid "big name" product like Symantec/Norton or McAffee, or a freebie like Avast, Avira, or MSE --- Vundo and Zlob exploit the holes in Java (&etc) to bypass the anti-virus protection.    That's why it's so critical/important for people to keep these other "utility" programs up to date.

In summary, we must always be cognizant that anti-virus programs have their limitations.   they are not perfect:  one cannot rely solely on their anti-virus program as if it offered "impenetrable armored" protection.

Safe-Surfing is very important.   Avoiding pornography, file-sharing, and other high-risk-category sites can be very helpful in avoiding problems.

Finally, the use of layered protection... preferably dynamic (i.e., it's automatically/continually updated centrally by the "vendor") rather than static [lists of bad sites you manually download, e.g., in the form of a HOSTS file, or IE-restricted sites] is still the best way to go.   Here, I strongly advocate the use of OpenDNS and WOT (and for those who use IE8, be sure to enable its SmartScreen Filter).    And just to clarify, static protection [e.g., a good HOSTS file, and a program like SpywareBlaster] is reasonable, when used in conjunction with dynamic protection... just saying that no one should be relying exclusively on static protection nowadays.

Free Internet Security - WOT Web of Trust       Use OpenDNS       MalwareBytes Anti-Malware


Windows 10 Pro (64-bit), Panda DOME 18.7.4, MBAM4 Pro, Windows Firewall, OpenDNS Family Shield, SpywareBlaster, MVPS HOSTS file, MBAE Premium, MCShield, WinPatrol PLUS, SAS (on-demand scanner), Zemana AntiLogger Free, Microsoft EDGE, Firefox, Pale Moon, uBlock Origin, CryptoPrevent.


[I believe computer-users who sandbox (Sandboxie) are acting prudently.]

0 Kudos
4 Ruthenium

Re: Anti-virus is a Poor Substitute for Common Sense

David sums up a lot of excellent points. About all we can do is to use the multi-layered approach, even to the point of overkill, and keep it all strictly up to date. I don't, but probably should, use Open DNS and WOT. I will check them out. I have not had troubles to this point, but at least know to come here to these forums...where I have learned a lot of what to do, and what not to do, in the interest of keeping my computers clean.

0 Kudos
7 Gold

Re: Anti-virus is a Poor Substitute for Common Sense

Dale,

if you're using IE or Firefox, then definitely get WOT immediately... there's no reason not to have it.   It will automatically warn you anytime you attempt to access what it believes to be a bad site... preventing infection if that site is really bad... yet allowing you the option to bypass its recommendation, should you definitively know better.

(Unfortunately, the WOT "toobar"/extension is not available for Opera users.)

the protection offered by OpenDNS is not as obvious... nonetheless, I believe it to be beneficial.

for more information/details, including links to these features, see items 4 and 5 in my "short guide", here:   http://en.community.dell.com/support-forums/virus-spyware/f/3522/p/19334094/19703248.aspx#19703248

Note:   OpenDNS now offers a "Family Shield" version, which automatically filters/blocks "Adult Content" [The "basic" version of OpenDNS doesn't do this (by default), unless you go through a few extra steps to customize things.]

 

Free Internet Security - WOT Web of Trust       Use OpenDNS       MalwareBytes Anti-Malware


Windows 10 Pro (64-bit), Panda DOME 18.7.4, MBAM4 Pro, Windows Firewall, OpenDNS Family Shield, SpywareBlaster, MVPS HOSTS file, MBAE Premium, MCShield, WinPatrol PLUS, SAS (on-demand scanner), Zemana AntiLogger Free, Microsoft EDGE, Firefox, Pale Moon, uBlock Origin, CryptoPrevent.


[I believe computer-users who sandbox (Sandboxie) are acting prudently.]

0 Kudos
6 Gallium

Re: Anti-virus is a Poor Substitute for Common Sense

Nice summary, ky.

But I did use the qualifier "might" in my reply, and I'm not sure I'm wrong. I was not suggesting that an AV compatible with one's needs and system is irrelevent or unnecessary. But to be honest, none of the AVs I've used has ever blocked anything (unless they did it silently, which I doubt).

I've been more impressed with the alerts from Windows Defender, WinPatrol, and my OutPost firewall HIPS whenever I've installed new software which makes changes to critical areas. To be sure, they were all alerts about legit software, but I like the "second guessing". Perhaps MSE/avast!/Avira does the same now also, but I've not used them for some time, and can't comment.

When I see the variety of AVs (all the major vendors, both free and paid) listed in the Malware Removal forum HJT posts, I have to question why. Clearly an AV, no matter how good, is not a panacea.

Necessary, no doubt, but not sufficient.

_________________________________________


Dell Forum Member since 2,000


 Use OpenDNS   MalwareBytes' Anti-Malware Free


Windows 10 Pro (64- Bit): Malwarebytes 4.x Premium, Windows Defender AV, Windows Firewall, WinPatrol PLUS, Emsisoft Emergency Kit Free and HitmanPro Free (on-demand scanners), OpenDNS, MVPS Hosts file, SpywareBlaster, Pale Moon web browser, Sandboxie, CCleaner Free.


"In the future, everyone will be anonymous for 15 minutes" - Banksy

0 Kudos
4 Ruthenium

Re: Anti-virus is a Poor Substitute for Common Sense

Most important of all AV's need to up to date and reliable. When MSE recently went almost three whole days without updating it made me leery of using it again. It just sat there too quietly for my tastes. For the time being I am going to stick with Avast 5 and Windows Defender. I figure there are only so many ways and means to distribute malware and perhaps the bad guys are going to run out ideas while the good guys discover new and improved ways to detect and remove the junk. Perhaps I am just dreaming about this, but maybe they can keep reducing the time delay between detection and getting the fixes out.  

0 Kudos
7 Gold

Re: Anti-virus is a Poor Substitute for Common Sense

One thing that I really like about avast5 is its relatively frequent (at least, for a FREE anti-virus) updating capability:   it will automatically search for new updates

1) EVERY time you boot-up your PC, and

2) EVERY four hours thereafter.

Free Internet Security - WOT Web of Trust       Use OpenDNS       MalwareBytes Anti-Malware


Windows 10 Pro (64-bit), Panda DOME 18.7.4, MBAM4 Pro, Windows Firewall, OpenDNS Family Shield, SpywareBlaster, MVPS HOSTS file, MBAE Premium, MCShield, WinPatrol PLUS, SAS (on-demand scanner), Zemana AntiLogger Free, Microsoft EDGE, Firefox, Pale Moon, uBlock Origin, CryptoPrevent.


[I believe computer-users who sandbox (Sandboxie) are acting prudently.]

0 Kudos