Norton Internet Security 2011

Victek · 17 Oct 2010

Rei Tumult said:

Features like anti-phishing, anti- ...everything seem to be aimed at the first time web user. If you have ANY sort of experience you will know what a phishing website or email is. And when not to give your information out. I see no need to install hundreds of MB's for what is easily solved by common sense. For example, Keep your system up to date with the latest patches, don't visit or give information to dodgy websites or emails etc etc.

This computer of mine came with Norton 2010 suite installed by default. I immediately removed it and installed MSE.

You're correct - if the majority of users were more aware of how to minimize risk there would be less need for the extra layers of protection that suites provide, but they're not. Most users need all the automatic protection they can get, especially if they have children using computers. That's just the way it is. You have to keep in mind that what is obvious to you is only true for a very small percentage of users. You and I are among the rocket scientists of security - scary, isn't it?

Digerati · 17 Oct 2010

Victek said:

Malware cannot be stopped "at the source" any more than any other kind of criminal behavior.

I disagree. Just as with every other kind of criminal behavior, if there were no laws, enforcement of those laws, or incentives not to break those laws (getting caught, jail, fines, execution) then criminal activity would be rampant and anarchy would ensue.

Of course total, 100% criminal behavior cannot be stopped. But when there is ZERO effort to stop spam, spyware, and malicious code at the source, it becomes the free-for-all that it is.

Even in law abiding countries, most ISPs do nothing to stop anyone from uploading malware. They may stop someone from sending a thousand emails at once, but then that's why badguys use 1000s of compromised computers, so they can send just 10 infected emails at once from each computer, and fly under the RADAR. If ISPs scanned for malicious code at the source, much would be stopped.

P2P and torrent sites that condone and support illegal filesharing are a major source of malware. These sites know illegal filesharing is taking place, but turn a blind eye to it. Badguys know that no one is watching and have a heyday. These site are often the launching site for new, yet undetectable, malware.

Malware could be significantly minimized if governments would create and support international law with regard to cyber-crime, but that level of cooperation does not exist yet in the international community.

Exactly, but there are already plenty of existing laws on the books right now that all UN member countries, by being members, have agreed to enforce. But sadly, many don't. They have corrupt government officials watching over corrupt ISPs who turn a blind eye to the badguys. If those countries made even a small effort to enforce those existing laws, it would make a huge impact on what gets distributed on the Internet. And in many law abiding countries, the US for example, our elected officials have not provided law enforcement the resources ($$$) to enforce the laws. Of course, that typically requires raising taxes which most taxpayers balk at. I say, see the 2nd line in my sig.

Also note that in some cases (Iran, North Korea, China) it is the government who are the badguys and who are intentionally distributing malware, DDoS attacks, and other illegal activities. But again, this malicious code is being routed over "friendly" satellites, and transcontinental and oceanic cables owned, operated and regulated by companies in, or by UN member countries.

The big telecommunications carriers who provide the big backbone support around the world do NOTHING to stop the malware. Current estimates show in excess of 90% of the email traffic on the Internet is spam. The big carriers have no incentive to stop spam, they would much rather sell you more bandwidth.

There's plenty of incentive for anti-malware companies to try as hard as they can to minimize malware though, and that's to make money.

Oh? Then why don't they? They don't! The anti-malware companies need malware to thrive, so the threat remains ever constant so user buy their products. They are not trying to stop or even minimize the proliferation or distribution of malware. They are just trying to prevent it from infecting your machine so you don't switch to a competitor.

That's why free products like MSE and Windows Firewall are so important. MS does have an incentive to rid the world of malware.

madtownidiot · 17 Oct 2010

Victek said:

Your statement roughly translates as "if the world were a better place there wouldn't be malware". I agree, but it isn't yet. Malware could be significantly minimized if governments would create and support international law with regard to cyber-crime, but that level of cooperation does not exist yet in the international community.

My statement refers to the fact that legislation already exists that could be used to block malware at the source by taking down the offending sites but is not being enforced or used effectively.. IE the Computer Fraud and Abuse Act of 1984 could be used to prosecute malware servers in the US and block traffic from malware servers outside of the US, by warning ISPs they are aiding and abetting a felony by allowing traffic from the offending ip addresses
I'm also referring to the fact that the current administration is completely focused on protecting the profits of large corporations instead of the people who voted for them

Victek said:

Regarding NIS let's agree to talk about only the 2010/2011 products which have much more sophisticated technology. There's no point in referring to the problems and limitations of older versions, all of which have been addressed in 2010/2011. I've personally not experienced NIS detecting an infection and then not producing a warning if it can't remove it. I would be interested in seeing examples of this. More generally I don't believe that any security suite is perfect. Regardless of which product is used I recommend Prevx for a real-time second opinion. Prevx can be used for free for improved detection..

I am in fact referring to NIS 2010/2011, which is pretty useless against rogue AVs. source.
I have removed rogue av infections from several computers that had NIS 2010 installed. You are correct that no security suite is perfect, and I am a little biased against Norton, mainly because of their history and the scareware tactics they've resorted to in the past few months

Victek said:

Do you believe there are other suites that do a better job than NIS? I've had experience with the latest versions of McAfee, Trend Micro and Panda. They were much heavier on resources which made them unacceptable for older computers.

Here's a test that proves comodo internet security is more effective at blocking infections than than the paid verson of NIS
Attachment 105437

Victek · 17 Oct 2010

Digerati said:

Also note that in some cases (Iran, North Korea, China) it is the government who are the badguys and who are intentionally distributing malware, DDoS attacks, and other illegal activities. But again, this malicious code is being routed over "friendly" satellites, and transcontinental and oceanic cables owned, operated and regulated by companies in, or by UN member countries.

The anti-malware companies need malware to thrive, so the threat remains ever constant so user buy their products. They are not trying to stop or even minimize the proliferation or distribution of malware. They are just trying to prevent it from infecting your machine so you don't switch to a competitor.

That's why free products like MSE and Windows Firewall are so important. MS does have an incentive to rid the world of malware.

Well, I agree with most everything you've said. Regarding governments being bad guys, I would add that it seems unlikely the western democracies are blame-free. Everyone is exploring cyber-warfare.

Of course the anti-malware companies need malware to thrive, but is it really their responsibility to try and stop the distribution? It seems to me this has to happen at the level of government and law-enforcement. What could the anti-malware companies do (assuming they were motivated)...?

Victek · 17 Oct 2010

madtownidiot said:

My statement refers to the fact that legislation already exists that could be used to block malware at the source by taking down the offending sites but is not being enforced or used effectively.. IE the Computer Fraud and Abuse Act of 1984 could be used to prosecute malware servers in the US and block traffic from malware servers outside of the US, by warning ISPs they are aiding and abetting a felony by allowing traffic from the offending ip addresses.

I am in fact referring to NIS 2010/2011, which is pretty useless against rogue AVs. source.

I have removed rogue av infections from several computers that had NIS 2010 installed. You are correct that no security suite is perfect, and I am a little biased against Norton, mainly because of their history and the scareware tactics they've resorted to in the past few months

Here's a test that proves comodo internet security is more effective at blocking infections than than the paid verson of NIS
Attachment 105437

I don't doubt what you say about the existing law. I don't know why the government can't do a better job of enforcement. I don't see how it benefits corporations to allow malware to proliferate.

Regarding rogue AVs, all the major suites seem to have trouble detecting and removing them. I don't know why that is. Since vendors with considerably less resouces, for instance MBAM and SuperAntiSpyware, can remove them it doesn't make sense that the suites cannot.

You may be correct that CIS is more effective than NIS at blocking infections, but does it require users to respond to pop-ups to be successful? If so then on the computers of average users it will fail.

Digerati · 17 Oct 2010

I would add that it seems unlikely the western democracies are blame-free.

I was not implying that. In fact, I singled out my country, the US, for not doing enough. WE THE PEOPLE, need to force our elected officials to fund enforcement of existing laws, and push our representatives in the UN to do the same. At the same time, we have to be ready to pay for it.

Victek · 17 Oct 2010

Digerati said:

I would add that it seems unlikely the western democracies are blame-free.

I was not implying that. In fact, I singled out my country, the US, for not doing enough. WE THE PEOPLE, need to force our elected officials to fund enforcement of existing laws, and push our representatives in the UN to do the same. At the same time, we have to be ready to pay for it.

Amen to that. Now if we could just figure out how to make it happen...

By the way, what was the topic of this thread...?

madtownidiot · 17 Oct 2010

Victek said:

I don't doubt what you say about the existing law. I don't know why the government can't do a better job of enforcement. I don't see how it benefits corporations to allow malware to proliferate.

Regarding rogue AVs, all the major suites seem to have trouble detecting and removing them. I don't know why that is. Since vendors with considerably less resouces, for instance MBAM and SuperAntiSpyware, can remove them it doesn't make sense that the suites cannot.

You may be correct that CIS is more effective than NIS at blocking infections, but does it require users to respond to pop-ups to be successful? If so then on the computers of average users it will fail.

I could think of one possible reason computer manfacturers and security software companies benefit by allowing malware to proliferate...
As to the rogue AV question.. I don't really know why .. CIS and Malwarebytes' full version block them pretty effectively
CIS doesn't require any response to pop ups once it's configured. In fact, once it's installed, updates and set to safe mode after a full scan is completed, it almost never pops up. If you set it up correctly, it will allow whitelisted applications to be installed and run but automatically block anything it doesn't recognize until the cloud scanner determines whether it is safe, with no user actions required.
My problem with most other AV suites (besides the fact they don't work very well against new types of threats) is that the UIs have generally been moron-proofed to the point where it's impossible to shut them off completely when needed, or to make exceptions to stop the AV from attacking one-off drivers and applications.. or to make them work well with programs like malwarebytes with RT scanning and website blocking enabled.. which would be an extremely effective combination if you could get the AV suite to cooperate.

Digerati · 17 Oct 2010

I could think of one possible reason computer manfacturers and security software companies benefit by allowing malware to proliferate...

Computer manufacturers? Ummm, I don't see them benefiting much, unless they sell big routers and other hardware used by the big telecommunications carriers. As noted earlier, they would rather sell bigger pipes (more bandwidth) instead of freeing up bandwidth by preventing it in the first place.

madtownidiot · 17 Oct 2010

Computer manufacturers & Microsoft... some version of "I'm a PC and windows 7 was my idea".. in reference to how much more secure windows 7 is compared to previous version