Pet hate -- Anti-Virus Software

Hi everyone

I really have a PET HATE against pretty well ALL anti virus software (for Home networks).

First of all it rarely does what "it says on the tin" - and causes more aggravation with "False Positive" indications.

Next is slows the computer down usually hideously
Then if you need to uninstall it it is usually a pain and even if it does uninstall it often leaves rubbish all over your registry.

Finally the whole concept is WRONG. The software a) reads data from a VERY HACKABLE database for a start. b) then compares such things as lengths of files for various windows component files -- this is usually what triggers the false positives.

Finally any self respecting hacker would attack the AV software itself --can you imagine the AV program reporting that IT itself is responsible for a virus

Remember also

Quis custodiet ipsos custodes?

(Who guards the guards)

If you use the following rules then you should never get a Virus (and I've been using computers for over 35 years).

1) Use the ROUTERS's internal Logs and hardware firewall and Port blocking -- much much better than Software.

2) Don't open ANY email attachment unless you know who sent it.

3) If you download any music / games / films etc via torrents CHECK THE SOURCE. Torrents aren't actually as horrible as their reputation makes out and you soon can recognize the good ones and the fakes.

3) NEVER EVER EVER download these programs that offer to scan your computer to find drivers etc etc. At best these programs will usually refer you to some PAID FOR site even if the fee is small, or be full of ad / spy / nagware, and at worst will contain other "nasties"

Most viruses are actually distributed via corporate networks via email. A normal user taking proper precautions shouldn't have ANY virus problems .

Before installing anything know exactly what its doing and take backups before so you can restore the whole image in the event the software doesn't work.


I haven't done serious programming for many years but it's Hacking 101 can EASILY infect any AV software and this is something that AV software isn't built for -- it detects threats from "without" but not from "within".

This advice is for HOME networks -- on a corporate network other considerations apply.

Cheers

Just finishing now to watch Liverpool in the Champions League tonight.

jimbo

We all have our pet hates but I can't agree with your assumptions about all anti virus software.

Yes there are ones that make the machine sluggish and are bad when it comes to trying to Uninstall but you can't group them all together like that.

OK so you are expert enough to not need one, sorry but not everyone is an expert and they need a good anti virus program to help them practise safe hex. The baddies are getting very sophisticated and it only takes a wrong click to cause trouble but if you have a good piece of software that will alert you to the problem it will make correcting the fault much easier, especially those not so expert as you are.

I'm no expert but I know enough to keep myself out of trouble but I wouldn't allow any of the machines on my network to work without having an anti virus and firewall in place behind a NAT Router.

Unfortunately, you don't need to install anything to get infected. Unattended websites are the 'kiddies' playground. All you have to do is land on one that's been hacked.

I definitely don't agree with your advice about not using an Antivirus program. Having one installed is much better than having none at all.

Even though I have had only one alert in the past year from my AV, and it was a false pos., I still wouldn't be without it.

Gary

jimbo45 said:

Hi everyone

I really have a PET HATE against pretty well ALL anti virus software (for Home networks).

First of all it rarely does what "it says on the tin" - and causes more aggravation with "False Positive" indications.

Next is slows the computer down usually hideously
Then if you need to uninstall it it is usually a pain and even if it does uninstall it often leaves rubbish all over your registry.

Finally the whole concept is WRONG. The software a) reads data from a VERY HACKABLE database for a start. b) then compares such things as lengths of files for various windows component files -- this is usually what triggers the false positives.

Finally any self respecting hacker would attack the AV software itself --can you imagine the AV program reporting that IT itself is responsible for a virus

Remember also

Quis custodiet ipsos custodes?

(Who guards the guards)

If you use the following rules then you should never get a Virus (and I've been using computers for over 35 years).

1) Use the ROUTERS's internal Logs and hardware firewall and Port blocking -- much much better than Software.

Yes, but for those without a router, the software is necessary- and even though I don't use a software based one, I really do - as Vista and Windows 7 both have native firewalls. I would highly recommend that you *not* disable those if you do not plan on using a third party software firewall because it is easy to spoof your router with a connection that seems to come *from* your machine - one way to do it is through the SQL poisoning that was prevalent last year, and another is the banner advertisement hijacking that was prevalent for the last *two* years.

jimbo45 said:

2) Don't open ANY email attachment unless you know who sent it.

Wrong again - just because you know who sent it doesn't mean *their* machine is not infected. Don't open *any* attachment unless:

1. You were expecting it from a person you trust
2. You double check with that person that they did in fact send you the attachment in said format of said size
3. You double scan the file (you can easily submit any file to VirusTotal - Free Online Virus and Malware Scan for analysis)

jimbo45 said:

3) If you download any music / games / films etc via torrents CHECK THE SOURCE. Torrents aren't actually as horrible as their reputation makes out and you soon can recognize the good ones and the fakes.

Better yet, don't download stuff via torrents or any other P2P networks, and don't use the NGs (there is a lot of flooding going on by idiots trying to desperately get their malware spread using legitimate subject lines) and such.

Also, if you *are* going to get such stuff, keep 2-3 anti-malware programs handy, have your AV always scanning new files upon creation, access, or modification, and double and triple check files with the other programs you have available.

jimbo45 said:

3) NEVER EVER EVER download these programs that offer to scan your computer to find drivers etc etc. At best these programs will usually refer you to some PAID FOR site even if the fee is small, or be full of ad / spy / nagware, and at worst will contain other "nasties"

I recommend online scanners that require you to download and install scanning components all the time - take a look at the post I mace over at Vistax64 forums - Slow Internet and Vistax32 after a while... - Vista Forums

jimbo45 said:

Most viruses are actually distributed via corporate networks via email. A normal user taking proper precautions shouldn't have ANY virus problems .

No offense, but I'd like to see your research and statistis on this - last I checked the home user was accounting for 75% of the makeup into all the botnets in the world....

See, corporations have much much larger budgets than we do, and keep things centralized- they don't have simple routers with built in firewalls, they have multi-level firewalls and other safeguards to protect their data as well as their users. I work at a university, and while our IT budget is far from limitless, we have a very extensive network in place - and while we get a lot of incoming viruses (we had well over 800 hits in one day when I was talking to the Dir of IT one day) we have very very few, if any, going *out*.

jimbo45 said:

Before installing anything know exactly what its doing and take backups before so you can restore the whole image in the event the software doesn't work.


I haven't done serious programming for many years but it's Hacking 101 can EASILY infect any AV software and this is something that AV software isn't built for -- it detects threats from "without" but not from "within".

So you're saying that AV software does not provide for redundant checks upon itself, does not isolate itself from other programs using sandbox techniques, and that any dummy can write code to hack and AV?

I beg to differ again - the reason many of today's AV programs are so 'bloated' is because they are running as services, since the vast majority of Windows-based PC are running some derivative of an NT-based OS. Now, one of the reasons I promoted Vista so hard was because of its locked down kernel - that Symantec successfully (unfortunately) lobbied to have opened up so it could write protection code for - and for its heightened security. If an app such as Avast! is running with System level privileges, as it does in Vista and Windows 7, then as a user level or even generic administrator level app cannot modify it - it simply does not have the rights. Add to this the fact hat nearly all of them perform integrity checks *on ever scan* and the fact that most of them are running as services, as mentioned above, and you have an AV program that is not easy to hack.

The reason there is such a problem with machines is not because AV programs are easy to hack - it is because most are definition based, and users stop updating their AV programs. Again, in the corporate world, with centralized managed servers, this is not nearly the problem that it is at the end user level in a home environment.

jimbo45 said:

This advice is for HOME networks -- on a corporate network other considerations apply.

Cheers

Just finishing now to watch Liverpool in the Champions League tonight.

jimbo

Sorry, but I pretty much disagree with most of what you said. Your advice initially seems sound, but further analysis shows that it is pretty flawed. Perhaps some reading up on the way security has changed today and its outlook for the future would be beneficial.

You forgot the Rosicrucian's and the Knights Templar's too.

I believe in Avast! Since my granddaughter came to live with us. Nine yrs old and loves internet games. Surfing along she was when the alarm sounds that she had hit something bad, sounded like a tornado warning. Works for me.

I love Viper anti virus. It did a DEEP virus scan the other night and my processer went from 5% (idle) to 8%

and speak of the devil. I got CCleaner from a what looked like trustworthy site, and the installation bar went away. viper came up saying it blocked a hijacker and a trojan from opening. Now i just gotta go find them =/