Pet hate -- Anti-Virus Software

jimbo45 · Mar 10, 2009

Hi everyone

I really have a PET HATE against pretty well ALL anti virus software (for Home networks).

First of all it rarely does what "it says on the tin" - and causes more aggravation with "False Positive" indications.

Next is slows the computer down usually hideously
Then if you need to uninstall it it is usually a pain and even if it does uninstall it often leaves rubbish all over your registry.

Finally the whole concept is WRONG. The software a) reads data from a VERY HACKABLE database for a start. b) then compares such things as lengths of files for various windows component files -- this is usually what triggers the false positives.

Finally any self respecting hacker would attack the AV software itself --can you imagine the AV program reporting that IT itself is responsible for a virus

Remember also

Quis custodiet ipsos custodes?

(Who guards the guards)

If you use the following rules then you should never get a Virus (and I've been using computers for over 35 years).

1) Use the ROUTERS's internal Logs and hardware firewall and Port blocking -- much much better than Software.

2) Don't open ANY email attachment unless you know who sent it.

3) If you download any music / games / films etc via torrents CHECK THE SOURCE. Torrents aren't actually as horrible as their reputation makes out and you soon can recognize the good ones and the fakes.

3) NEVER EVER EVER download these programs that offer to scan your computer to find drivers etc etc. At best these programs will usually refer you to some PAID FOR site even if the fee is small, or be full of ad / spy / nagware, and at worst will contain other "nasties"

Most viruses are actually distributed via corporate networks via email. A normal user taking proper precautions shouldn't have ANY virus problems .

Before installing anything know exactly what its doing and take backups before so you can restore the whole image in the event the software doesn't work.

I haven't done serious programming for many years but it's Hacking 101 can EASILY infect any AV software and this is something that AV software isn't built for -- it detects threats from "without" but not from "within".

This advice is for HOME networks -- on a corporate network other considerations apply.

Cheers

Just finishing now to watch Liverpool in the Champions League tonight.

jimbo

Joan Archer · Mar 10, 2009

We all have our pet hates but I can't agree with your assumptions about all anti virus software.

Yes there are ones that make the machine sluggish and are bad when it comes to trying to Uninstall but you can't group them all together like that.

OK so you are expert enough to not need one, sorry but not everyone is an expert and they need a good anti virus program to help them practise safe hex. The baddies are getting very sophisticated and it only takes a wrong click to cause trouble but if you have a good piece of software that will alert you to the problem it will make correcting the fault much easier, especially those not so expert as you are.

I'm no expert but I know enough to keep myself out of trouble but I wouldn't allow any of the machines on my network to work without having an anti virus and firewall in place behind a NAT Router.

Jacee · Mar 10, 2009

Unfortunately, you don't need to install anything to get infected. Unattended websites are the 'kiddies' playground. All you have to do is land on one that's been hacked.

I definitely don't agree with your advice about not using an Antivirus program. Having one installed is much better than having none at all.

jfar · Mar 10, 2009

Hi,well I definitely think you should have AV installed.

garysgold · Mar 10, 2009

Even though I have had only one alert in the past year from my AV, and it was a false pos., I still wouldn't be without it.

Gary

johngalt · Mar 11, 2009

jimbo45 said:
Hi everyone

I really have a PET HATE against pretty well ALL anti virus software (for Home networks).

First of all it rarely does what "it says on the tin" - and causes more aggravation with "False Positive" indications.

Next is slows the computer down usually hideously
Then if you need to uninstall it it is usually a pain and even if it does uninstall it often leaves rubbish all over your registry.

Finally the whole concept is WRONG. The software a) reads data from a VERY HACKABLE database for a start. b) then compares such things as lengths of files for various windows component files -- this is usually what triggers the false positives.

Finally any self respecting hacker would attack the AV software itself --can you imagine the AV program reporting that IT itself is responsible for a virus

Remember also

Quis custodiet ipsos custodes?

(Who guards the guards)

If you use the following rules then you should never get a Virus (and I've been using computers for over 35 years).

1) Use the ROUTERS's internal Logs and hardware firewall and Port blocking -- much much better than Software.

Yes, but for those without a router, the software is necessary- and even though I don't use a software based one, I really do - as Vista and Windows 7 both have native firewalls. I would highly recommend that you *not* disable those if you do not plan on using a third party software firewall because it is easy to spoof your router with a connection that seems to come *from* your machine - one way to do it is through the SQL poisoning that was prevalent last year, and another is the banner advertisement hijacking that was prevalent for the last *two* years.

jimbo45 said:
2) Don't open ANY email attachment unless you know who sent it.

Wrong again - just because you know who sent it doesn't mean *their* machine is not infected. Don't open *any* attachment unless:

You were expecting it from a person you trust
You double check with that person that they did in fact send you the attachment in said format of said size
You double scan the file (you can easily submit any file to VirusTotal - Free Online Virus and Malware Scan for analysis)

jimbo45 said:
3) If you download any music / games / films etc via torrents CHECK THE SOURCE. Torrents aren't actually as horrible as their reputation makes out and you soon can recognize the good ones and the fakes.

Better yet, don't download stuff via torrents or any other P2P networks, and don't use the NGs (there is a lot of flooding going on by idiots trying to desperately get their malware spread using legitimate subject lines) and such.

Also, if you *are* going to get such stuff, keep 2-3 anti-malware programs handy, have your AV always scanning new files upon creation, access, or modification, and double and triple check files with the other programs you have available.

jimbo45 said:
3) NEVER EVER EVER download these programs that offer to scan your computer to find drivers etc etc. At best these programs will usually refer you to some PAID FOR site even if the fee is small, or be full of ad / spy / nagware, and at worst will contain other "nasties"

I recommend online scanners that require you to download and install scanning components all the time - take a look at the post I mace over at Vistax64 forums - Slow Internet and Vistax32 after a while... - Vista Forums

jimbo45 said:
Most viruses are actually distributed via corporate networks via email. A normal user taking proper precautions shouldn't have ANY virus problems .

No offense, but I'd like to see your research and statistis on this - last I checked the home user was accounting for 75% of the makeup into all the botnets in the world....

See, corporations have much much larger budgets than we do, and keep things centralized- they don't have simple routers with built in firewalls, they have multi-level firewalls and other safeguards to protect their data as well as their users. I work at a university, and while our IT budget is far from limitless, we have a very extensive network in place - and while we get a lot of incoming viruses (we had well over 800 hits in one day when I was talking to the Dir of IT one day) we have very very few, if any, going *out*.

jimbo45 said:
Before installing anything know exactly what its doing and take backups before so you can restore the whole image in the event the software doesn't work.

I haven't done serious programming for many years but it's Hacking 101 can EASILY infect any AV software and this is something that AV software isn't built for -- it detects threats from "without" but not from "within".

So you're saying that AV software does not provide for redundant checks upon itself, does not isolate itself from other programs using sandbox techniques, and that any dummy can write code to hack and AV?

I beg to differ again - the reason many of today's AV programs are so 'bloated' is because they are running as services, since the vast majority of Windows-based PC are running some derivative of an NT-based OS. Now, one of the reasons I promoted Vista so hard was because of its locked down kernel - that Symantec successfully (unfortunately) lobbied to have opened up so it could write protection code for - and for its heightened security. If an app such as Avast! is running with System level privileges, as it does in Vista and Windows 7, then as a user level or even generic administrator level app cannot modify it - it simply does not have the rights. Add to this the fact hat nearly all of them perform integrity checks *on ever scan* and the fact that most of them are running as services, as mentioned above, and you have an AV program that is not easy to hack.

The reason there is such a problem with machines is not because AV programs are easy to hack - it is because most are definition based, and users stop updating their AV programs. Again, in the corporate world, with centralized managed servers, this is not nearly the problem that it is at the end user level in a home environment.

jimbo45 said:
This advice is for HOME networks -- on a corporate network other considerations apply.

Cheers

Just finishing now to watch Liverpool in the Champions League tonight.

jimbo

Sorry, but I pretty much disagree with most of what you said. Your advice initially seems sound, but further analysis shows that it is pretty flawed. Perhaps some reading up on the way security has changed today and its outlook for the future would be beneficial.

swarfega · Mar 12, 2009

Its just another method the illuminati have found to control us

Airbot · Mar 12, 2009

You forgot the Rosicrucian's and the Knights Templar's too.

myzr7 · Mar 12, 2009

I believe in Avast! Since my granddaughter came to live with us. Nine yrs old and loves internet games. Surfing along she was when the alarm sounds that she had hit something bad, sounded like a tornado warning. Works for me.

Sparatan117 · Mar 12, 2009

I love Viper anti virus. It did a DEEP virus scan the other night and my processer went from 5% (idle) to 8%

and speak of the devil. I got CCleaner from a what looked like trustworthy site, and the installation bar went away. viper came up saying it blocked a hijacker and a trojan from opening. Now i just gotta go find them =/

jimbo45 · Mar 13, 2009

Hi there
If you read the initial post and apply those guide lines -- then you DON'T need it. Events like 9 year old granddaughters downloading stuff from the Internet are a totally different ballgame -- as well as those people who DON'T have a router.

I'm only saying this that IF you follow certain reasonable rules and DO have the router hardware then you actually don't need AV software.

If you DON'T fall into these cataegories then other rules may apply. --If I need a computer for work I'm not sure I would let a young child any where near it -- I'd have a separate machine on a different protected network for that purpose -- an Internet capable machine doesn't cost much even in thee credit crunch days.

As for viruses being spread by corporations --just take a large corporation like SHELL OIL, IBM or whatever.

The sheer volume of "Fun". "Joke or "Non Work related" Emails sent from these organisations adds up to THOUSANDS if not 100,000's per hour. Any malicious attachment can be propagated around the planet in seconds.

Individual propagations of Viruses pale into insignificance compared with this volume --even torrent downloaders.

And torrents aren't always "Illegal or Pirate" - Loads of LEGAL LINUX distros such as Novel for SUSE use a Torrent mechanism for distribution in addition to "conventional" downloads".

Also note that even if corporations block .'EXE' attachments it's easy to change them into XML so it looks like an Office 2007 format or other non-detectable formats -- and you can even use the old "Usenet" method of attaching Binary files by using embedded source that the Virus scanner won't detect anyway.

Some of the Old Dinosaur Technology actually defeats the Virus scanning mechanisms better than the new stuff BTW but you have to be old or crazy enough to remember it.

Cheers
jimbo

Jac · Mar 13, 2009

I never use AV software.

My computer works fine. I might have a virus - but then there's no way for me to know!

jfar · Mar 13, 2009

As long as your happy.

johngalt · Mar 14, 2009

jimbo45 said:
Hi there
If you read the initial post and apply those guide lines -- then you DON'T need it. Events like 9 year old granddaughters downloading stuff from the Internet are a totally different ballgame -- as well as those people who DON'T have a router.

I'm only saying this that IF you follow certain reasonable rules and DO have the router hardware then you actually don't need AV software.

If you DON'T fall into these cataegories then other rules may apply. --If I need a computer for work I'm not sure I would let a young child any where near it -- I'd have a separate machine on a different protected network for that purpose -- an Internet capable machine doesn't cost much even in thee credit crunch days.

Again, you fail to address drive by installations that a router ***will not catch*** of sites that have been caught in the SQL poisoning scheme - because the initiating request to view the web page comes from your machine, a trusted link on the network. Furthermore, this also applies to Banner Advertisement hijacking, and even the email schemes you speak of below.

jimbo45 said:
As for viruses being spread by corporations --just take a large corporation like SHELL OIL, IBM or whatever.

The sheer volume of "Fun". "Joke or "Non Work related" Emails sent from these organisations adds up to THOUSANDS if not 100,000's per hour. Any malicious attachment can be propagated around the planet in seconds.

Individual propagations of Viruses pale into insignificance compared with this volume --even torrent downloaders.

Yah, those are being sent directly by those companies. Again, I'd like to see stats of those messages - as opposed to those being sent through Yahoo Mail, Rediff Mail, etc. And, furthermore, additional stats showing how many of those from corporate sites are *spoofed* and cannot actually be traced back to corporate servers.

jimbo45 said:
And torrents aren't always "Illegal or Pirate" - Loads of LEGAL LINUX distros such as Novel for SUSE use a Torrent mechanism for distribution in addition to "conventional" downloads".

Also note that even if corporations block .'EXE' attachments it's easy to change them into XML so it looks like an Office 2007 format or other non-detectable formats -- and you can even use the old "Usenet" method of attaching Binary files by using embedded source that the Virus scanner won't detect anyway.

Some of the Old Dinosaur Technology actually defeats the Virus scanning mechanisms better than the new stuff BTW but you have to be old or crazy enough to remember it.

Cheers
jimbo

Right- so if it is in .XML format, how is it executed? Oh, wait, you need something to rename it back on your machine when it is there and stable - so that means, what, another executable? Manual instructions to the person to change the name of the file?

Guess what? My system scans all files upon creation, modification, or access. Therefore, as soon as the file is written, even if .XML may not get scanned, as soon as it gets changed to .exe, it gets scanned (and on my machines, *every* file gets scanned - regardless of location or of file type).

Without said AV program, I would truly be lost - but perhaps you don't realize just how far they have come - they make redundant backups of their definitions, and with Vista and now Windows 7, you have additional things like permissions playing into the factor.

I'm sorry, but I still disagree with you - in 14+ years of using an AV software, I have had a grand total of 7 FPs. that's 1 for every 2 years of operation.

And, for the average user, with little to no expertise in security, an AV is a *must* have.

Your points about separating machines for purposes is a good one - I use a machine at home for multiple purposes because I know how to keep my priorities and work flows separated, but not everyone does - hence you'll see some folks coming in to work with laptops that a child has obviously been playing on - but if you think it is easy as cake to hack modern AV programs and suites, I suggest you do a POC writeup and show us - and the world - how easy it is.

Pet hate -- Anti-Virus Software

New member

My Computer

RIP 26/3/2023 Gadget Mad Granny

My Computer

Consumer Security

My Computer

Senior Member 777

My Computer

MIA

My Computer

Antidisestablishmenta

My Computers

da Cleaner

My Computer

----------------------

My Computer

MIA

My Computer

New member

Attachments

My Computer

New member

My Computer

Banned

My Computer

Senior Member 777

My Computer

Antidisestablishmenta

My Computers