Network News

X My Profile
View More Activity

Don't Depend on Anti-virus to Save You

Last week I wrote a story about how anti-virus companies are struggling to keep up with the huge volumes of viruses and other malware being released on the Internet. The story examined the various ways the anti-virus industry has responded and how those changes are affecting consumers.


Source: AV Test Labs

From the story:

Malware writers increasingly are taking steps to ensure that computers infected with their creations stay infected, according to security researchers. In years past, no matter how quickly an anti-virus product shipped updates to detect the most recent malware, most anti-virus software would eventually sound the alarm if a virus managed to slip past its initial defenses. But more of today's cyber criminals are continuously updating the malware they have managed to install on victims' computers replacing older malicious files with new ones in a bid to keep them hidden.

Frankly, the key points in the story are nothing new, and frequent readers of this blog have heard them time and again. But they bear repeating, so I'll repeat them again here:

* Anti-virus software is no substitute for common sense.

* Anti-virus software will most likely not save you from infecting your PC if you ignore the best advice out there: Do not click on links or open attachments that arrive unexpectedly in e-mail or instant message. If you doubt this claim, check out this graphic, which shows how dismally various anti-virus tools fare in detecting the very latest malware unleashed online.

* Anti-virus programs are most effective as part of a layered security approach that includes frequent software patching, using a (hardware and/or software) firewall.

That said, there are differences in the performance and detection rates among the various anti-virus products. AV Test recently posted the results of a barrage of tests involving most of the free and commercial AV tools available today. Sunbelt Software's blog includes a link to the results, and features an easy-to-read graphic that shows the letter grade that each anti-virus tool earned for each level of performance, from detection rates to system resource usage.

By Brian Krebs  |  March 25, 2008; 9:28 AM ET
Categories:  From the Bunker , Latest Warnings , Safety Tips  
Save & Share:  Send E-mail   Facebook   Twitter   Digg   Yahoo Buzz   Del.icio.us   StumbleUpon   Technorati   Google Buzz   Previous: Network Solutions Pre-Censors Anti-Islam Site
Next: U.S.-Based ISPs Count Known Terror Groups as Clients

Comments

As mentioned, "Layered" or defense in depth is the key.

One very important layer not mentioned is to use a limited user account instead of the all powerful administrator.

Another is a blocking hosts file:
http://www.mvps.org/winhelp2002/hosts.htm

And lastly, limit the amount of software installed on a system, which lowers the attack surface and reduces the amount of software to patch.

Posted by: TJ | March 25, 2008 10:31 AM | Report abuse

@TJ -- Of course, using a limited user account is something I've harped on non-stop, in this blog and in bi-weekly chats.

The Importance of Limited User -- Revisited
http://blog.washingtonpost.com/securityfix/2006/05/the_importance_of_the_limited.html

Posted by: Bk | March 25, 2008 10:33 AM | Report abuse

A quick way to check whether you're logged in as administrator is to double-click the time in the bottom right system tray. If the "Date/Time" applet opens to show a calendar and clock, you are logged in with administrator access (not good).

With a limited user account, you'll get the warning, "You do not have the proper privilege level to change the System Time".

Posted by: TJ | March 25, 2008 10:49 AM | Report abuse

I found it interesting that Norton performed better than Kaspersky in this test.

Because even though I am a very careful user and surf a pretty limited set of sites, Norton totally failed me late last year. It missed a virus that was 2+ years old that was in an attachment a client sent me (I develop web sites - occupational hazard, no matter how careful I am). Subesequent scans picked it up about two weeks later (I scanned to the maximum available *daily* and kept up with my dictionary subscription, so it's not as if I was using the tool incorrectly or infrequently).

Kaspersky - which I will admit is a resource sucker and kind of slow - has been a far more satisfactory and proactive tool as part of my defense, and was recommended by a professional on an anti-virus board that helped me clean up my machine. I have been really happy with it - combined with a regular CCleaner run, my machine appears to be doing much better now.

Posted by: Chasmosaur | March 25, 2008 12:24 PM | Report abuse

@ TJ: I work for a large Federal Agency. I was able to change the system time on my machine just now. Do I have administer rights to my machine? I don't think so.

Posted by: Pete from Arlington | March 25, 2008 12:24 PM | Report abuse

You recently did a story on noscript ( noscript.net ). Very good. But turning off Javascript is even better. Javascript is insecure. Yet to use all features of your site Javascript must be turned on. Most washingtonpost.com features are text-based and can be implemented without Javascript. You should consider switching to a professional open source content management system which does not require Javascript. But at least allow users to post and view Comments with Javascript turned off in their browser. This is easily accomplished; in fact this is the previous behavior of your site before the recent downgrade. Forcing users to turn on Javascript threatens their security and threatens the security of the United States of America.

The Department of Homeland Security has issued a Homeland Terrorist Color-coded Alert Color Code Mauve: Erase all copies of Windows from your system and install Linux immediately! The Department of Homeland Security urges washingtonpost.com to allow users to use all features of the site with javascript turned off in their browser!!

Posted by: Singing Senator | March 25, 2008 12:43 PM | Report abuse

@Pete,

You seem to be an administrator on your computer, if you can change the time of your system in Windows XP. Why is a good question.

1) Could be that no one thought about implementing users as "limited users" (hey, we trust Pete, make him an Admin, or you were just an admin by default, since that's what Windows XP defaults to).
2) Perhaps you require certain badly written software that writes directly to C:\Program Files\ or something and thus you have to be an admin to use it.

Posted by: josef | March 25, 2008 12:57 PM | Report abuse

Pete - The ability to change the date/time of the system does seem to indicate that you are an administrative user, at least on that system and possibly within the domain. You can check the local administrators group by going into the Control Panel and bringing up the User Accounts tool. Get to the Local Users & Groups and check the Administrators group to see if your login is listed. Your site may also use a Power Users group (although this group has fallen from typical usage since Windows 2000). It is also possible that you are an administrator by one of the domain groups as well. For this, you'd need to check with an administrator on the domain server.

Posted by: Jim_Maryland | March 25, 2008 1:09 PM | Report abuse

I haven't used any form of anti-virus software in two years. I've had zero problems.

I use a firewall and all my email gets routed through Yahoo or Google's email filters.

Also, my computer's performance IMPROVED! It's amazing how much performance anti-virus software sucks up if it's installed as per guidance from the so-called experts.

Plus, the whole malware chart is misleading. Virus creators, facing the litany of firewalls, filters, and anti-virus software, realize spreading viruses is a numbers game of chance. Send enough viruses out there, there will be some user who unfortunately isn't paying attention and succumbs to it.

Lastly, the economics of insuring your computer no longer make sense. If you use a firewall correctly, buy a computer from a reputable manufacturer, backup important files every now and then, why spend the $50-100 every year for anti-virus software and the extra $200-300 for extended support from computer manufacturers? You add that up, you are essentially buying a spare computer.

Posted by: shredmaster | March 25, 2008 2:04 PM | Report abuse

I haven't used any form of anti-virus software in two years. I've had zero problems.

I use a firewall and all my email gets routed through Yahoo or Google's email filters.

Also, my computer's performance IMPROVED! It's amazing how much performance anti-virus software sucks up if it's installed as per guidance from the so-called experts.

Plus, the whole malware chart is misleading. Virus creators, facing the litany of firewalls, filters, and anti-virus software, realize spreading viruses is a numbers game of chance. Send enough viruses out there, there will be some user who unfortunately isn't paying attention and succumbs to it.

Lastly, the economics of insuring your computer no longer make sense. If you use a firewall correctly, buy a computer from a reputable manufacturer, backup important files every now and then, why spend the $50-100 every year for anti-virus software and the extra $200-300 for extended support from computer manufacturers? You add that up, you are essentially buying a spare computer.

Posted by: shredmaster | March 25, 2008 2:04 PM | Report abuse

The Windows security policy functionality provides an option to give anyone the "user right" to change the system time. So being able to set your computer clock is not a perfect test of Administrator status.

Posted by: P Kalina | March 25, 2008 2:05 PM | Report abuse

Thanks for the excellent article [March 19], Brian.

Posted by: t_joe | March 25, 2008 2:16 PM | Report abuse

"being able to set your computer clock is not a perfect test of Administrator status."

No, but it's a quick test. The default policy to change the system time is set for only "administrators" and "power users". So by default, a limited user is not allowed to change the system time. (Note: for all practical purposes, a power user is an administrator)

Also Aaron Margosis has blogged about the Antivirus vs. non-admin back in 2006:

http://blogs.msdn.com/aaron_margosis/archive/2006/06/02/614226.aspx

"With today's threat landscape and the way malware works today, you are better off running as non-admin WITHOUT anti-virus than you are running as admin WITH anti-virus."

Bottom line: don't put all your eggs in one basket (Antivirus). Layered defense is key!

Posted by: TJ | March 25, 2008 4:06 PM | Report abuse

Not to sound overly judgemental, but shredmasters overall knowledge of security as a whole seems to be lacking. A defense in depth approach is the only way to defend yourself in a web 2.0 world. No longer are viruses and spyware created to take down your network in a way that is detectable by you the end user. The largest attack vector of coice is now the web hands down. Spreading malware via email can still effective, however it is pase and threats can be mitigated by several effective vendors. However with the web, malware is spread via many different methods, and in places that may seem quite innocuous and reputable websites. You need not even click on anything on a page to become infected with malware. Simply visiting the page is enough.

The reason you may not see any infection is simply due to the fact that the malicious code that I guarantee has infected your machine is working as planned. It is contrary to everything that we know in thought and practice to have no desktop AV in place. With the myriad of free versions on the market I would sacrifice your "perceived" increase in performance for at least the minimal security that some offer.

Beyond desktop AV one should consider a solution that stops malware before it even gets to your gateway such as an in the cloud solution. One that actively scans for known and zero day threats in real time. That's my two cents.

Posted by: WebSecurity | March 25, 2008 4:22 PM | Report abuse

Some people don't use current antivirus software, don't install security patches, and do multiple "dumb things" online:

and then blame Windows when they get infected.

Between common sense and Norton/Symantec software, I have never had a successful virus/worm attack against any of my systems, back to the pre-Windows days of DOS.

Posted by: JohnJ | March 25, 2008 4:48 PM | Report abuse

Good general advice in the article,
I agree with TJ in the comment since 2 to 3 years, one can see a new trend attacking the AV itself and being successful.
How many people are running AV with a privileged account ?
How many AV soft required to run with privileged account ?
Just having your AV scanning a piece of malware can compromise your system.

A good paper on this:
http://www.nruns.com/ps/The_Death_of_AV_Defense_in_Depth-Revisiting_Anti-Virus_Software.pdf

Rating a AV software by the number of detected virus seems to be an obsolete method, how about ranking the software itself ? the vendor response ? how about testing a malformed file ?

Posted by: SecHELL | March 25, 2008 5:09 PM | Report abuse

This is great! I've always wanted to debate whether the need for AV software is real or just some marketing schtick.

First, the financial side of this:
Between user protection plans and 3 years of AV protection, you run costs somewhere around $400-$600. This is essentially a backup computer. If the total cost of insuring or mitigating against risk is the same of dealing with the risk after it has occurred, the proposed system of defense is not cost effective.

Second, the AV piece. I DO use a firewall. I DO install security patches. I DO route all my email through providers with AV protection. What is the remaining specific threat that AV protects against?

The whole point of web 2.0, which WebSecurity has already pointed out, is to prevent the threat from hitting your gateway. In this regard, Firewall configuration is far more reliable than AV software.

AV manufacturers make their money off people who don't know how to configure a firewall. The typical out-of-the-box AV config scans everything with very emphatic fear mongering messages. (It's been a while, maybe the AV makers give tips on how to config a firewall to cut down on how many things they have to scan for - but they didn't have much valuable info when I last used them).

To pay for AV software? The financial numbers just don't justify it. You can start throwing in some other factors as cost of restoring a new computer, but once you adjust for how often it happens, I'm not sure if it really has an impact.

So, these are my two questions:
1. What is the specific threat that AV protects against in 2.0 world where most setups already include firewalls and most email providers already provide virus scanning protection?
2. Why does it make sense to pay for package of protection that's marketed with new computers? (AV+warranty protection)

Seriously, I just bought a new computer and will happily install AV if someone tells me the specific threat that's left after firewall and email configs are taken into account.

Posted by: shredsmaster | March 25, 2008 5:18 PM | Report abuse

@Bk: That last link's totally broken! The text says an "easy-to-read graphic", but the link points to an utterly unreadable two-dimensional table, composed entirely of letters A through F. The link to the actual graphic is... Oh, I see. There isn't one. [That's not your fault, of course; it's Sunbelt's.]

@shredmaster: Here's what gets through your Web 2.0 setup:

1. Defense in depth. Let's say your mail provider runs ClamAV. You run Norton. Norton catches some things that ClamAV misses, and vice versa.

2. Seconds count. Let's say there's a virus that both ClamAV and Norton will catch. Your mail provider delivered the e-mail at 3:01 a.m. Their antivirus database fetches the signatures from ClamAV every hour; maybe they didn't get the update till 4 a.m. Maybe neither ClamAV nor Symantec knew about it till 5 a.m. Either way, the only thing that will catch this is your copy of Norton, because it got updated at 8 a.m., and you're reading the e-mail at 9.

3. Disguises. Maybe the virus came through your e-mail in a form that ClamAV doesn't know about; maybe it tags onto a JPEG somehow, and then exploits your JPEG reader to overwrite CMD.EXE. ClamAV can only look for signatures it knows about; Symantec can look for "anything trying to mess with CMD.EXE".

4. Web exploits themselves. If there's a web site that uses a hole in Firefox to create that bad JPEG in the first place, which gateway do you think is going to detect it? If you said "none", you are correct.

Signatures are less and less useful; software behavior is going to be the key to preventing infections. And a gateway can only see behavior that hits the Internet. A local AV engine can see behavior of the machine itself.

As for the financial side: If you assume that your time is worthless, *and* if you have a working, well-tested, frequent backup system, *and* if you assume that your personal information is not the actual target of the virus (what's the cost of a new SSN?), *and* if you assume that the virus doesn't add you to a botnet which gets your IP address added to various blacklists, *then* the cost of buying a new machine may be less than the cost of AV software.

That's a lot of assumptions for 30 bucks. Me, I use Avast.

Posted by: Jay Levitt | March 25, 2008 6:30 PM | Report abuse

The comparison mentions specifically that the free versions of AntiVir and AVG have very bad detection rates, but remember this is for -mal/adware-, not viruses. I really dislike this bloating of specialised security software that is expanding to try and do everything. I have Free AntiVir. For AV. I have Zonealarm Pro. For a Firewall. I have Spybot SD, Spywareblaster, and until recently, AdAware. For adware/malware. I like to control what I'm using for what function myself. I had to disable zonealarm pro's spyware scanner because it does nothing the others don't do, and yet it uses up more resources and doesn't like it if you don't update every 3 seconds.

Posted by: Stern | March 25, 2008 6:33 PM | Report abuse

One of the biggest disappointments in my computer career (I've been using the internet since about 1993) was realizing that traditional anti-virus software such as Norton completely failed when the malware threat arose.

I have hardware and software firewall, anti-virus and updates but still get malware.

I had ad-aware and spybot and still got it.

I finally added noscript (a tremendous piece of software) and SUPERAntiSpyware and finally started to get the upper hand.

The most disconcerting part of the current malware war is that simply visiting web sites can get you infected. As someone else noted, you don;t necessarily know you are infected, but eventually the system bogs down.

Posted by: Bill | March 25, 2008 7:12 PM | Report abuse

First - I think Jay's comments were pretty good. I concede the points about disguises.

I'm much less willing to concede the point on costs.

The reason I stopped using AV was that about two years ago, my computer was slowing down considerably. I consistently setup my anti-virus scan, downloaded the latest fixes, you name it, if it was recommended AV practice, I did it.

So, before coughing up the money for a new computer, I went through every single config (there are tons of them) on the AV. It is amazing how much performance they extract as they track almost every action without regard to true risk impact on the machine.

I setup a firewall. Set up my backup system. Moved my email to providers with better AV protection. And, finally, removed the AV software. My computer's performance improved dramatically and lasted for another 2 years (5years total).

Not using AV software for those two years was worth about $2000 to me in cost avoidance for a new laptop and software.

For me, AV produces more systemic problems than it solves. As Jay points out, you must be constantly updating and scanning. As a result, you must have a computer that can multi-task. How much of the demand for new performance in machines comes simply from people needing to run AV scans the same time they use Outlook?

(I finally bought a new machine (a mac) because I wanted to do more work the pictures/video and the pcs weren't as smooth in UI for those tools.)

Even if my time is zero, AV should still be cost effective. When you factor the total cost of ownership for a new computer, AV and protection plans can equal up to 50% of the original sales price ($1000 for a computer, $~500 over three years for AV and warranty protection.)

Does this make sense? Would we accept an insurance solution for new cars at that percentage? A house?

Jay had a lot of value in his answer, and I do need to consider it. At the same time, I simply believe that many security columns, even good ones like this one, don't take the industry to task for making customers overpay for underperforming solutions. Not enough experts on home computer protection seem to be open to alternative options that marry appropriate costs to appropriate levels of protection.

Posted by: shredmaster | March 25, 2008 8:02 PM | Report abuse

I run OS X on several machines and Linux on several others. Although the University where I work insists on installing anti-virus on the Macs, as soon as possible I turn it off. And my Linux machines are entirely unprotected. Across the last ten years I have had zero viruses.

What surprises me is that articles extolling the dangers of infected computers ignore the simplest solution to malware --- get permanently off the Windows bandwagon.

Posted by: Linus | March 25, 2008 8:05 PM | Report abuse

Go to snoopfree.com if you think AV or Firewall protection is the greatest threat. Keyboard hooks and screenshots are, and this free program protects against them even if a virus launches undetected.

Posted by: expat2MEX | March 25, 2008 8:15 PM | Report abuse

Go to snoopfree.com if you think AV or Firewall protection can parry off the greatest threat. Keyboard hooks and screenshots are your real enemy, and this free program protects against them even if a virus launches a hook or shot otherwise undetected.

Posted by: expat2MEX | March 25, 2008 8:18 PM | Report abuse

I have had Internet-connected PCs since 1992, and the only viruses I've ever seen on a computer that I control have been received via email (from untrusted senders, so of course, I didn't open any attachments) or were lurking on the boot sector of a floppy disk (Anti-CMOS B -- I still have a copy of it in my office just for kicks).

I got my Linux box hacked back in college by a script kiddie. That taught me to run firewalls and disable unnecessary services, but that was the worst

Maybe I just don't look at enough nudity online or something.

Non-MSIE browser + firewall - stupidity = safe computer.

It's almost that simple. Anything you want to run on top of that will only reduce your risk even further. As for the economic arguments... you can get quality, free implementations of all of these products. So there's really no excuse.

Posted by: Chris | March 25, 2008 10:50 PM | Report abuse

@Chris: "Maybe I don't look at enough nudity online"... We talk about this in security circles all the time, but I can't emphasize it strongly enough: You can NEVER look at enough nudity online.

Now, that said...

@shredmaster: As Chris points out, there are free antivirus solutions, so your annual cost drops to zero. (I'm using Avast, which is free, and which I thought was pretty good, till I read the easy-to-read chart.)

And you're absolutely right: The performance hit from AV scanning is driving new hardware purchases. (Strange that no hardware company has purchased an AV company, then.) Some AVs are worse than others; I think the "performance" metric on that chart represents "how long X takes to scan", not "how does X affect daily usage". I uninstalled Norton last week, and, as you pointed out, it has its tendrils in every single subsystem, from disk to network. My machine (Athlon dual-core, 2GB RAM, XP) seems subjectively faster on Avast, but I've run no benchmarks, and that's purely anecdotal.

If you're thinking of AV as insurance, the costs don't add up. So don't. It's more like a third-party car alarm - which, in the days before cars came with good factory alarms and immobilizers, could run you a good percentage of the cost of the car if you went with the kill switch, the motion detector, the pin switches on the hood, the fuel cutoff.. etc.

Also, I think you significantly underestimate the cost of an infection. Here's what you have to do:

1. Find the most recent backup that isn't infected. That's pretty much impossible without AV software to TELL you what's infected. So you just paid anyway. Oh, and if you don't keep archival, point-in-time backups, you're toast.

2. Find out what the virus did. They don't just infect you for fun anymore; they infect you to (a) get your data or (b) add you to a botnet.

3. If your data was compromised, start calling your credit card companies, banks, etc.

4. If your computer was on a botnet, find out if your static IP address was used for fraud. You may need a new one.

5. Reinstall all your software from scratch on the new machine, because realistically, Windows isn't partitioned well enough to let you "just restore from backup" on different hardware.

6. Manually reintegrate the files you got from the backup.

Again, seems worth $30/year to me, but there are free solutions, too.

Posted by: Jay Levitt | March 26, 2008 9:41 AM | Report abuse

The trouble with anti virus vendors is that they are playing with politics or morals... Suppose you are lurking around a porno site and your anti virus program happens to be sold by buttoned up straight asses like Symantec or whatever, they probably choose to turn cheeks and let the porno prima donna ruin your computer with certain viruses that the AV vendor chose not to update because they feel that you are supposed to be shamed on.... Oh , sheesh!! Some AV vendors are like that just selective protection based on your moral compass, oh shucks!!

Posted by: Gumby | March 26, 2008 1:16 PM | Report abuse

The trouble with anti virus vendors is that they are playing with politics or morals... Suppose you are lurking around a porno site and your anti virus program happens to be sold by buttoned up straight asses like Symantec or whatever, they probably choose to turn cheeks and let the porno prima donna ruin your computer with certain viruses that the AV vendor chose not to update because they feel that you are supposed to be shamed on.... Oh , sheesh!! Some AV vendors are like that just selective protection based on your moral compass, oh shucks!!

Posted by: Gumby | March 26, 2008 1:16 PM | Report abuse

The trouble with anti virus vendors is that they are playing with politics or morals... Suppose you are lurking around a porno site and your anti virus program happens to be sold by buttoned up straight asses like Symantec or whatever, they probably choose to turn cheeks and let the porno prima donna ruin your computer with certain viruses that the AV vendor chose not to update because they feel that you are supposed to be shamed on.... Oh , sheesh!! Some AV vendors are like that just selective protection based on your moral compass, oh shucks!!

Posted by: Gumby | March 26, 2008 1:16 PM | Report abuse

The trouble with anti virus vendors is that they are playing with politics or morals... Suppose you are lurking around a porno site and your anti virus program happens to be sold by buttoned up straight asses like Symantec or whatever, they probably choose to turn cheeks and let the porno prima donna ruin your computer with certain viruses that the AV vendor chose not to update because they feel that you are supposed to be shamed on.... Oh , sheesh!! Some AV vendors are like that just selective protection based on your moral compass, oh shucks!!

Posted by: Gumby | March 26, 2008 1:16 PM | Report abuse

Or if you are making loud remarks at certain websites and , by gosh, some website operators have a few viruses or malwares up their sleeves to attack you for being a bit too loud. Your AV vendor probalby need to be replaced with another one with no favoritism toward anybody be it a far right wing flapping nut or a mold licking liberal...

Posted by: Gumby | March 26, 2008 1:20 PM | Report abuse

Or if you are making loud remarks at certain websites and , by gosh, some website operators have a few viruses or malwares up their sleeves to attack you for being a bit too loud. Your AV vendor probalby need to be replaced with another one with no favoritism toward anybody be it a far right wing flapping nut or a mold licking liberal...

Posted by: Gumby Koontz | March 26, 2008 1:21 PM | Report abuse

Or if you are making loud remarks at certain websites and , by gosh, some website operators have a few viruses or malwares up their sleeves to attack you for being a bit too loud. Your AV vendor probalby need to be replaced with another one with no favoritism toward anybody be it a far right wing flapping nut or a mold licking liberal...

Posted by: Gumby Koontz | March 26, 2008 1:21 PM | Report abuse

I posted loud and ssensible comments at Al Gore's website aobut Inconvenient Truth. I am permanently barred from it... See what I mean... Why are we allowing website masters to play God ??

Posted by: Gumby Koontz | March 26, 2008 1:24 PM | Report abuse

I posted loud and ssensible comments at Al Gore's website aobut Inconvenient Truth. I am permanently barred from it... See what I mean... Why are we allowing website masters to play God ??

Posted by: Gumby Koontz | March 26, 2008 1:24 PM | Report abuse

I see Jay's point on the car alarm analogy. I'll also reconsider my total cost argument.

One thing, and I hope Jay would agree on this, is that performance has to be defined on it's impact to normal usage - not how fast an AV can scan. If your protection is so built up that it impedes the original usage of the machine, you've simply lost the entire value of your investment. (The 2AM virus scan only works if your computer is on at 2AM, otherwise it kicks off as soon as you need to go online and check your email in the morning, which then gets bogged down as your AV downloads the latest fixes.)

For me, too many columns, like this one, don't do enough to point how the AV industry is the cause of many performance issues. There has to be balance. AV proponents, like Norton, have much more to gain by having everyone over-use AV instead of providing better information on how to properly configure home computers against viruses.

Posted by: shredmaster | March 26, 2008 1:30 PM | Report abuse

@gumby -- "Why are we allowing website masters to play God ??"

maybe b/c of idiots like you who post the same comment 20x

Posted by: uh | March 26, 2008 1:39 PM | Report abuse

@ TJ and Jim_Maryland: By golly, I AM an Administrator, plus I belong to a Debuggers Group as well. Who knew? Thanks, guys!

Posted by: Pete from Arlington | March 26, 2008 3:30 PM | Report abuse

Hi Brian,

I agree with you, AV vendors can't possible reverse engineer all the new threats that are constantly coming out. Even if the vendors were to divide up all the threats between them selves (which would never happen because they are competing against each other) they couldn't cover them all. I think the important thing these days is layered protection and more importantly behavioral based protection. Solutions such as ThreatFire (www.threatfire.com) and Norton Antibot don't rely on signitures, instead they rely on behaviors to find malware on your PC. I have been running ThreatFire on my PC along with my current suite and I would recommend it to anyone. It is a free application and has a relatively small footprint.

Posted by: Mark | March 26, 2008 3:52 PM | Report abuse

Currencies in financial markets USA dollar
http://cinige.disi.unige.it/elearning/moodle/user/view.php?id=29&course=1#usa-dollar
[URL=http://cinige.disi.unige.it/elearning/moodle/user/view.php?id=29&course=1#usa-dollar]USA dollar[/URL]

Posted by: usa dollar | March 27, 2008 10:55 AM | Report abuse

@Mark - Thanks for those consumer anti-bot products. Novashield is in beta and another research technology trying to go commercial. On the enterprise end, there are SaaS like Trend Micro's ICSS or for local protection the FireEye Botwall appliance.

@Br - AV really is useless since malware is moving mostly through the Web (port 80, etc.) Google's stats:

http://googleonlinesecurity.blogspot.com/2008/02/all-your-iframe-are-point-to-us.html

- An even more troubling finding is that approximately 1.3% of the incoming search queries to Google's search engine returned at least one URL labeled as malicious in the results page.

- We have investigated billions of URLs and found more than three million unique URLs on over 180,000 web sites automatically installing malware.

- In our analysis, we found that on average 2% of malicious web sites were delivering malware via advertising.

- Some malware distribution sites had as many as 21,000 regular web sites pointing to them.

The Internet is breaking down. Online ads are dangerous and that model (without modifications) will continue to break down. Click fraud is at 15%-24% depending on who you ask.

Posted by: Jones | April 4, 2008 7:35 PM | Report abuse

Regarding the last comments by Jones,

As I mentioned in my first comment, all the more reason to use another layer of defense via a blocking hosts file. It has saved me numerous times.

http://www.mvps.org/winhelp2002/hosts.htm

Posted by: TJ | April 16, 2008 5:06 PM | Report abuse

The comments to this entry are closed.

 
 
RSS Feed
Subscribe to The Post

© 2010 The Washington Post Company