Overclock.net › Forums › Industry News › Software News › [Stuff.co.nz] Anti-virus can't keep up with threat onslaught
New Posts  All Forums:Forum Nav:

[Stuff.co.nz] Anti-virus can't keep up with threat onslaught - Page 8

post #71 of 366
Antivirus programs have never been able to keep up with viruses. Having an antivirus program alone has never been sufficient to protect you.
The Fortress
(15 items)
 
  
CPUMotherboardGraphicsRAM
Intel i7 930 @ 4.0 GHz 1.28V Gigabyte X58A-UD3R Sapphire Radeon HD 5850 1GB 850MHz Core, 4800MH... Kingston 6GB 1528MHz 7-7-7-20-1T 
Hard DriveOptical DriveCoolingOS
WD Caviar Black 1TB LG WH10LS30 10X Blu-ray Burner CoolerMaster Hyper 212+ Windows 7 Ultimate 64-bit 
MonitorKeyboardPowerCase
Acer X233Hbd 23" 1080p Logitech Illuminated Keyboard BFG GS-650 Silverstone FT01 
MouseMouse PadAudio
Razer Naga Molten Edition Cloth Pad Philips 2.1 
  hide details  
Reply
The Fortress
(15 items)
 
  
CPUMotherboardGraphicsRAM
Intel i7 930 @ 4.0 GHz 1.28V Gigabyte X58A-UD3R Sapphire Radeon HD 5850 1GB 850MHz Core, 4800MH... Kingston 6GB 1528MHz 7-7-7-20-1T 
Hard DriveOptical DriveCoolingOS
WD Caviar Black 1TB LG WH10LS30 10X Blu-ray Burner CoolerMaster Hyper 212+ Windows 7 Ultimate 64-bit 
MonitorKeyboardPowerCase
Acer X233Hbd 23" 1080p Logitech Illuminated Keyboard BFG GS-650 Silverstone FT01 
MouseMouse PadAudio
Razer Naga Molten Edition Cloth Pad Philips 2.1 
  hide details  
Reply
post #72 of 366
Quote:
Originally Posted by Psycho Homer View Post

You also have to realize the market that this software is geared towards. Consumers who have minimal knowledge of computers and expect everything to work right out of the box with no configuration. They don't want or know how to even configure this software. And more importantly they don;t want to be bugged by every detection that highly configured software can make. Then on top of the notifications then the user actually has to pick an action. They are going to have no idea what to pick. Hell, even Norton has simplified itself so much for installation it only has a single button that says install.
ESET has a real-time mode that's pretty much passive, as far as the user is concerned, unless a threat is actually detected. You obviously don't have the same control with the firewall as to what you want to stop from accessing the internet, but it's specifically geared towards the people that need stupid-simple setup and something that they can forget about and never have to mess with.

I would imagine the heuristics are lax or even off (I don't know really) to prevent false positives their inexperienced users would have to deal with.
Bueller
(15 items)
 
  
CPUMotherboardGraphicsRAM
i7 3770K 4.7Ghz @ 1.36v Asus Sabertooth Z77 Gigabyte Windforce 780 Ti 3GB 16GB Corsair Vengeance 1866 9-10-9-27 
Hard DriveOptical DriveCoolingOS
256GB Samsung 840 Pro + RAID1 2TB 7200 Hitachis LG 6X Blu-ray Burner Corsair H100i Windows 7 x64 
MonitorKeyboardPowerCase
Asus VG236HE XArmor U9BL-S Enermax Galaxy Evo 1250W Corsair 600T 
MouseMouse PadAudio
Logitech G500 SteelSeries 5L O2DAC -> Corsair SP2500 (or O2 amp and Beyerdyn... 
  hide details  
Reply
Bueller
(15 items)
 
  
CPUMotherboardGraphicsRAM
i7 3770K 4.7Ghz @ 1.36v Asus Sabertooth Z77 Gigabyte Windforce 780 Ti 3GB 16GB Corsair Vengeance 1866 9-10-9-27 
Hard DriveOptical DriveCoolingOS
256GB Samsung 840 Pro + RAID1 2TB 7200 Hitachis LG 6X Blu-ray Burner Corsair H100i Windows 7 x64 
MonitorKeyboardPowerCase
Asus VG236HE XArmor U9BL-S Enermax Galaxy Evo 1250W Corsair 600T 
MouseMouse PadAudio
Logitech G500 SteelSeries 5L O2DAC -> Corsair SP2500 (or O2 amp and Beyerdyn... 
  hide details  
Reply
post #73 of 366
I can honestly say I've never had a virus. Although I have been using Linux for the past 9 years ( Mandrake, Arch, Gentoo, FreeBSD ) and have them locked down tighter than Fort Knox. With little to no tools used that can cause privelage escalations. Anything in the system obviously needs root access, and any sensitive data ( stored over an offline private network for the HTPC's aswell as just being a random file server ) needs privelage escalation to even read, and root access ( from the host machine only ) to write.

Browser uses all the main plugins for cookies/ads/etc, like adblock, noscript, betterprivacy and a few others.

And as I use mostly everything CLI I keep a workspace dedicated to top/htop to monitor all my running programs/scripts, and there's never been anything running that I didn't know what it was.

Although I have fixed plenty of family members computesr with those nasty little fake antivirus type viruses. Until I switched most of them over to a Linux, since most of the time they just browse/IM. No problems since.

Quote:
Originally Posted by chinesekiwi View Post

Some protection is better than none.

Using a condom with a hole in it isn't going to do any good. Just saying.
Edited by Shrak - 4/5/12 at 8:25pm
post #74 of 366
Quote:
Originally Posted by Shrak View Post

I can honestly say I've never had a virus. Although I have been using Linux for the past 9 years ( Mandrake, Arch, Gentoo, FreeBSD ) and have them locked down tighter than Fort Knox. With little to no tools used that can cause privelage escalations. Anything in the system obviously needs root access, and any sensitive data ( stored over an offline private network for the HTPC's aswell as just being a random file server ) needs privelage escalation to even read, and root access ( from the host machine only ) to write.

Browser uses all the main plugins for cookies/ads/etc, like adblock, noscript, betterprivacy and a few others.

And as I use mostly everything CLI I keep a workspace dedicated to top/htop to monitor all my running programs/scripts, and there's never been anything running that I didn't know what it was.

Although I have fixed plenty of family members computesr with those nasty little fake antivirus type viruses. Until I switched most of them over to a Linux, since most of the time they just browse/IM. No problems since.

Quote:
Originally Posted by chinesekiwi View Post

Some protection is better than none.

Using a condom with a hole in it isn't going to do any good. Just saying.

270

lachen.gif
    
CPUMotherboardGraphicsRAM
INTEL ASUS XFX  SAMSUNG 
Hard DriveOptical DriveCoolingOS
WD/ST LG KUHLER WINDOWS 
MonitorKeyboardPowerCase
LG/SAMSUNG IBM MODEL M CORSAIR THERMALTAKE 
MouseMouse PadAudio
MS INTELLIMOUSE EXPLORER 3.0 REGULAR LARGE PAD ONBOARD but it USED TO BE A XONAR DG  
  hide details  
Reply
    
CPUMotherboardGraphicsRAM
INTEL ASUS XFX  SAMSUNG 
Hard DriveOptical DriveCoolingOS
WD/ST LG KUHLER WINDOWS 
MonitorKeyboardPowerCase
LG/SAMSUNG IBM MODEL M CORSAIR THERMALTAKE 
MouseMouse PadAudio
MS INTELLIMOUSE EXPLORER 3.0 REGULAR LARGE PAD ONBOARD but it USED TO BE A XONAR DG  
  hide details  
Reply
post #75 of 366
Quote:
Originally Posted by GanjaSMK View Post

Look, take MSE for example. It scans things (in real time and on schedule) at the bit level. So it may very well pass over something dormant, but the moment something is triggered, it will detect it. Here's an example -
1. You scan with MSE and find nothing.
2. You scan with MBAM and it flags something.
3. You don't remove it with MBAM for the time being.
4. You restart both scanners, but start your scan with MBAM first and then start your scan with MSE.
5. MBAM flags previous file just like before.
6. Because MBAM flagged the file, MSE is alerted because the file has been accessed through MBAM.
I've had this happen twice. I've also had MSE stop several links in Chrome, pages in IE, and otherwise too in real time.
So having no protection isn't really the logical thing to do. I mean - think logically here - would you leave yourself unstrapped/unrestrained on a rocket ship to space?

The thing is, I'm not saying go bare naked. I'm saying I don't trust anti-virus software to provide me that protection. They will always be ten steps behind. It's the very nature of anti-virus software.

I'm saying there are better preventative measures.

Using a standard user account instead of one with administrator privileges.
If not already, disable autorun on any removable drives.
Use built in tools such as software restriction policies or Applocker to prevent unauthorized executions.
Use sandboxing software like ones built into browsers like IE or Chrome or third party software like Sandboxie.

These are all much more effective, and in my opinion, renders anti-virus software essentially pointless. Sure, if you think security should layered, that's fine. I just don't bother with anti-virus as being one of those layers.
post #76 of 366
Thread Starter 
Quote:
Originally Posted by Shrak View Post

Using a condom with a hole in it isn't going to do any good. Just saying.

Only that's an inaccurate analogy, particularly if you look at independent tests. A better analogy is the off chance of the condom breaking.
post #77 of 366
Quote:
Originally Posted by Shrak View Post

Using a condom with a whole in it isn't going to do any good. Just saying.

Let's revamp that analogy...

People saying AV isn't necessary because they haven't been infected is like saying condoms are useless because they've never gotten an STD. You would sound rather idiotic saying safe sex is only for dumb people who can't judge character. Pride comes before the fall...
    
CPUMotherboardGraphicsRAM
AMD Phenom X6 1090T ASUS M5A97 EVO Sapphire HD 6970 G-Skill Ripjaws DDR3 1600 
Hard DriveHard DriveOptical DriveCooling
SanDisk Extreme SDSSDX-240G-G25 Seagate Barracuda 7200.11 LITE-ON Black 12X BD-ROM Corsair H80 
OSMonitorKeyboardPower
Windows 7 Ultimate 64-Bit ASUS VS228H-P 21.5-Inch LED Monitor Logitech Wave Corsair TX750 V2 
CaseMouseMouse Pad
Corsair Carbide 500R Logitech MX-518 XTRAC PADS Ripper 
  hide details  
Reply
    
CPUMotherboardGraphicsRAM
AMD Phenom X6 1090T ASUS M5A97 EVO Sapphire HD 6970 G-Skill Ripjaws DDR3 1600 
Hard DriveHard DriveOptical DriveCooling
SanDisk Extreme SDSSDX-240G-G25 Seagate Barracuda 7200.11 LITE-ON Black 12X BD-ROM Corsair H80 
OSMonitorKeyboardPower
Windows 7 Ultimate 64-Bit ASUS VS228H-P 21.5-Inch LED Monitor Logitech Wave Corsair TX750 V2 
CaseMouseMouse Pad
Corsair Carbide 500R Logitech MX-518 XTRAC PADS Ripper 
  hide details  
Reply
post #78 of 366
Quote:
Originally Posted by NotUrAverageJoe View Post

I agree, and to further your analogy...

People saying AV isn't necessary because they haven't been infected is like saying condoms are useless because they've never gotten an STD. You would sound rather idiotic saying safe sex is only for dumb people who can't judge character. Pride comes before the fall...

Well said.
    
CPUMotherboardGraphicsRAM
INTEL ASUS XFX  SAMSUNG 
Hard DriveOptical DriveCoolingOS
WD/ST LG KUHLER WINDOWS 
MonitorKeyboardPowerCase
LG/SAMSUNG IBM MODEL M CORSAIR THERMALTAKE 
MouseMouse PadAudio
MS INTELLIMOUSE EXPLORER 3.0 REGULAR LARGE PAD ONBOARD but it USED TO BE A XONAR DG  
  hide details  
Reply
    
CPUMotherboardGraphicsRAM
INTEL ASUS XFX  SAMSUNG 
Hard DriveOptical DriveCoolingOS
WD/ST LG KUHLER WINDOWS 
MonitorKeyboardPowerCase
LG/SAMSUNG IBM MODEL M CORSAIR THERMALTAKE 
MouseMouse PadAudio
MS INTELLIMOUSE EXPLORER 3.0 REGULAR LARGE PAD ONBOARD but it USED TO BE A XONAR DG  
  hide details  
Reply
post #79 of 366
Quote:
Originally Posted by GanjaSMK View Post

lachen.gif

375

lachen.gif

rig builder means nothing to me and if you'd like a full partition layout from all 40 of my drivers I can provide that for you. Not one single NTFS drive/partition in this household aside from a 30GB partition for my GF's netbook.
post #80 of 366
Thread Starter 
Quote:
Originally Posted by marknotk View Post

I used to be one of the 'never get infected and don't need AV' guys. Then one day my webcam turned on! So after an AV check I find out it was a virus that takes webcam pics then uploads them, among other nasty stuff.
So now I run Zone Alarm, Malwarebytes Anti-Malware, SUPERAntiSpyware and Hitman Pro (Cloud AV).
Every few months viruses appear out of nowhere, but much less often than when I didn't have a decent Firewall.

'HitmanPro is a second opinion malware scanner, designed to run alongside existing real-time antivirus programs. Its purpose is to find and remove malware that your existing antivirus program is currently unable to find and/or remove.'

- https://hitmanpro.wordpress.com/

i.e. It's a malware scanner, provides no real-time protection (because that's not it's purpose) and is meant to be complementary to an existing AV, not as a primary one.
None of the programs you use use real-time protection nor are true AVs.

And ZoneAlarm sucks as a firewall.
New Posts  All Forums:Forum Nav:
  Return Home
  Back to Forum: Software News
Overclock.net › Forums › Industry News › Software News › [Stuff.co.nz] Anti-virus can't keep up with threat onslaught