I purchased my first pc in 1999, at that time it came with McAfee antivirus as a bonus. Well the virus def at the time were free you did not have to pay a cent. As time went on that changed they started to charge......and charge....others followed. I understand they have to make a buck, time and research cost money.......but at what cost???? Software today on a average costs 30 to 40 dollars a pop??? You get what you pay for I guess....but its really sad to see how far we have come, and the almighty dollar rules :(

I agree, It is a shame but unfortunatly a sign of the times. But at least there are still three free av's that work pretty well :thumb:

Generally there's opensource or freeware counterpart available for almost every software. Much of the time the opensource offerings are better than the commercial counter part - while this may differ slightly for security products ;). There isn't a need to spend a penny. 8) :)

I'd argue that anti-virus software has become cheaper - not only have prices remained at $30/40 per year (effectively declining in real terms, and that is if you don't bother shopping round), but you now typically get daily updates whereas back in 1999, most vendors were offering monthly ones.

There are FREE AV proggies today, but not by the big AV vendors. The best security tool is the gray matter between your ears. I don't run a full-time AV scanner, and I've never been hit by any PC bug...+10 years and going strong!

There are FREE AV proggies today, but not by the big AV vendors.

You serious i could name 2?
AVG and Avast are big companys.........

Also 10+yrs no virus like to hear ur set up?

Excellent reponses by everyone on my post:thumb: Just to add on .... it amazes me how much software vendors are willing to pay and advertise their product to bring in the consumer!!! The antivirus industry for example....McAfee and Norton the big boys have a lot of hype about thier product and I am sure spend a bundle to advertise. Their product is tested by independent labs which if score high....improves the market for their product. Have you ever wondered if the big boys (along with others) may be using and designing virus codes to keep things moving??? Just a observation??? Lets be realistic.....money talks...at what lenght would they go...... what's your thoughts on this????

It has been said many times. There is no need for companies to write malware as there is already enough of it anyway.

-{ Quote: "It has been said many times. There is no need for companies to write malware as there is already enough of it anyway." }-Then again, nowadays there are "companies" that DO write malware, although they are not the AV/security companies (unless of course you consider "AV companies" the fakes like AntivirusGold, Winantivirus, Spysheriff, etc... which of course are only interested in creating scams, not products).

Well said TNT!!!!! It doe not have to be the AV companies....it may very well be the outsiders doing this......which I am sure they have a hidden agenda.

-{ Quote: "Well said TNT!!!!! It doe not have to be the AV companies....it may very well be the outsiders doing this......which I am sure they have a hidden agenda." }-Well, I'm not implying that the "respectable" AV companies have any part in this. Not at all. In fact, I believe they have no part in this at all.

I do not expect vendors to provide free programs. It cost money to develop and market them, and who is going to pay for that if not consumers.

Of course the three free versions do a good job, and perfectly adequate for many users.

In addition, at times some do give some excellent offers of free applications, and F-Secure is the latest example. There is a 6 months trial for Windows users, and one thread here give information on a 1 year free trial.

I realize that if one or a family has several computers the security programs can be expensive for some. But F-Protect has I think permitted 5 users on one license.

This is just a fact of life, and times have changed.

Best,
Jerry

bitdefender can be used on two pcs one lincense

AGV and AVAST are toys compared to McAfee and NAV.

As for my rig...just a hardware and software firewall (ZA Pro 4.5.594.000). Have a Mc Afee 8.0i corporate, but the scanner is OFF. I only update the virus definition and run a full system scan twice a year.

Used Avast Home or a free online AV scanner prior to 8.0i.

You have to remember the growth rate of viral infections has risen considerably since 1999 so there is more work to be done now than then.

In answer to your original question... "Where does it stop?", well for me it stopped with ditching Windows completely. I use Linux exclusively for all web browsing and email in the knowledge that I don't need an AV. In fact, it's so darn good I now use it for pretty much everything.

I understand Linux isn't for everyone, and that's fine, but if you're totally fed up with viruses and the price of AV software, then you have a very stong incentive to at least consider making the switch. If you survive the first month, you won't look back.

Ned

-{ Quote: "I'd argue that anti-virus software has become cheaper - not only have prices remained at $30/40 per year (effectively declining in real terms, and that is if you don't bother shopping round), but you now typically get daily updates whereas back in 1999, most vendors were offering monthly ones." }-
I agree. I'm a late comer to the world of computers but it costs me less now for an AV then it did say 5 years ago.




snowbound

The av and antispyware I have were complimentary so they cost me 0, so personally I cant complain about the cost to me, but there are some good offers around and cost is no excuse for not having an antivirus.
I have DrWeb av which is now sold at two years at the price of one. There is also a 50% discount migration offer.

I much prefer to go looking for malware myself (which is free) as the truth is I dislike scanning/scanners and then I dont have to rely on their analysis which may not detect (X). Saying that I dont mind DrWeb, I like the authors stance on malware and the programs none intrusiveness although it is not usually running here. I use it when needed or go to Kaspers on-line scan also free.

So yeah its stopped here.


edit : grammar

-{ Quote: "In answer to your original question... "Where does it stop?", well for me it stopped with ditching Windows completely. I use Linux exclusively for all web browsing and email in the knowledge that I don't need an AV. In fact, it's so darn good I now use it for pretty much everything." }-I wonder what the situation would be if Linux was the dominant OS in the market, and Windows was second fiddle. Would Linux be more targeted, and be in the same situation as we are now with Windows?

-{ Quote: "I wonder what the situation would be if Linux was the dominant OS in the market, and Windows was second fiddle. Would Linux be more targeted, and be in the same situation as we are now with Windows?" }-

Of course it's all about economies of scale so the malware writers will always target the OS that has 95% market share. All OSes have their vulnerabilities, and Linux is absolutely no exception, just that some have more than others ;)

-{ Quote: "All OSes have their vulnerabilities, and Linux is absolutely no exception, just that some have more than others ;)" }-I agree, but I would add the problem of getting infected with a virus with any OS, especially Windows, is also down to one's own surfing habits and how emails are dealt with. I use Windows, and I have yet to get infected with a virus so I personally wouldn't ditch Windows to go to Linux for that reason.

If one is constantly getting infected, with or without an AV, (altho I'd question why that was happening) I'd completely understand possibly making the choice to switch as you said in an earlier post. :)

-{ Quote: "I agree, but I would add the problem of getting infected with a virus with any OS, especially Windows, is also down to one's own surfing habits and how emails are dealt with. I use Windows, and I have yet to get infected with a virus so I personally wouldn't ditch Windows to go to Linux for that reason.

If one is constantly getting infected, with or without an AV, (altho I'd question why that was happening) I'd completely understand possibly making the choice to switch as you said in an earlier post. :)" }-

Absolutely Tony. What concerns me most is when you combine a zero-day exploit on a perfectly legitimate, but hacked website - then combine that with a highly malicious payload like Polipos or Nyxem that were initially poorly detected and you have a situation that's virtually impossible to defend against, even with good layered defenses and users with the very safest surfing habits. That's a nightmare situation for any system admin but unfortunately it's becoming all too common. What do you do - well, after you've assessed the risks you either 1) diversify to further minimize the risk (use alternative browsers, alternative OSes etc), or 2) pull the plug on your entire organisation's internet connection, or 3) you sit back and hope you don't get hit. Options 1 and 2 are going to be unpopular with users whilst option 3 could get you fired if it all goes horribly wrong. Remember the WMF exploit earlier this year?

Diversification (http://isc.sans.org/diary.php?storyid=1550) is good in security terms as it spreads the risk. Using Firefox or Thunderbird is a good example of this in the Windows world. Linux offers even more diversity, both in the OS itself and the huge choice of applications it presents to end users.

Ned

-{ Quote: "Absolutely Tony. What concerns me most is when you combine a zero-day exploit on a perfectly legitimate, but hacked website - then combine that with a highly malicious payload like Polipos or Nyxem that were initially poorly detected and you have a situation that's virtually impossible to defend against, even with good layered defenses and users with the very safest surfing habits." }-While this is possible, if a mainstream site was targeted, the malware would become widespread quickly and this would result in anti-virus companies discovering it sooner and developing better detection and removal tools. Malware needs to keep a low profile to avoid being added to signature databases and there are signs that authors have recognised this and are being more cautious in their targeting.

Even with zero-day exploits, a system firewall (Process Guard, System Safety Monitor and AppDefend being good examples) can provide protection and greatly limit the damage that malware can do (e.g. stop it from disabling other security software) and it may be that such software will become as necessary as network firewalls are now.

To my mind though, the worst situation would be an attacker compromising the order tracking systems offered by sites like Nextag or Shopzilla (see Privacy concern - Scan orders being reported to 3rd parties (http://forums.hexus.net/showthread.php?t=75949) for a real example) since these involve encrypted (https) connections made without the purchasers' knowledge, preventing anti-virus webscanners from identifying any malware present. The Wilders Dangers of HTTPS (http://www.wilderssecurity.com/showthread.php?t=31087) thread provides more details on this and how to prevent it.

I agree with Paranoid 2000...if anything...antivirus has become cheaper. And it works a LOT harder than it did many years ago. Going back to early Windows 95 days..it was all "on demand" manual scanning with "updates" being a rare thing. Now we have real time protection, POP/SMTP scanning, web traffic scanning, etc etc..not to mention the better ones update at least once a day. So we have a product that works 10 times harder, has at least 10 times as hard of work by a larger crew in development and definition updates...yet it's daily cost of operation has dropped quite a bit...dare I say almost 1/2 of what it used to cost. Antivirus programs from the "big 2" back in those days was about 50 - 60 bucks. Now...many of them are down below 50...45...even below 40 bucks. And...many of them offer "family packs" for home users...so the cost goes down even more..down towards 15-ish bucks.

There are a few 1/2 decent freebies out there also.

Just like computers in general...you get waaaaaaaaaay more horsepower these days..for a fraction of the cost....of what you got 10 years ago. We used to pay over 3 grand..4 grand...for decent gaming computers back then...heck..even upwards of 10 grand for higher end gaming computers back then with Quantum Obsidian graphics cards.

Upgrading components is dirt cheap these days...

24/7 full time high bandwidth is dirt cheap...

If anything...overall cost of PCs is far less costly than it was 10 years ago.

I don't subscribe to the tin foil hat conspiracies that antivirus companies seed their market. The major virus outbreaks..those who release them are usually known...and the ad/malware that has become the big issue these days..those sources are also known.

-{ Quote: "

I don't subscribe to the tin foil hat conspiracies that antivirus companies seed their market. The major virus outbreaks..those who release them are usually known...and the ad/malware that has become the big issue these days..those sources are also known." }-

Still, considering the staggering number of malware that is produced daily, it's conceivable to suspect some kind of symbiosis between the good guys and the baddies. It's happening all the time at all levels - weapon lobbies and warlords- and by all means I don't want to make it a political issue.

How come people writing malware can get away with it so easily? How could you stop a famous (famous as having the money to be able to do it) AV company from anonymously feeding a whole gang of dedicated malware programmers?

Everyone seems to have a vested interest in maintaining the status quo, and no matter what the truth is, it costs an individual a loss of 30 $ a year. Not an alarming price to pay after all.

-{ Quote: "Still, considering the staggering number of malware that is produced daily, it's conceivable to suspect some kind of symbiosis between the good guys and the baddies. It's happening all the time at all levels - weapon lobbies and warlords- and by all means I don't want to make it a political issue.

How come people writing malware can get away with it so easily? How could you stop a famous (famous as having the money to be able to do it) AV company from anonymously feeding a whole gang of dedicated malware programmers?

Everyone seems to have a vested interest in maintaining the status quo, and no matter what the truth is, it costs an individual a loss of 30 $ a year. Not an alarming price to pay after all." }-
-- Why is there still street crime? Could there be a conspiracy between the police / justice system and the criminals? Both would be out of a job if they stop, right? --

Why above analogy? The similarities between street crime and cyber crime are that criminals can get away with the crime without being punished. It's rewards are greater then the costs. Due to the slow response by governments, cyber crime can be very lucrative. Nothing sinister there.

We can never exclude the possibility that something is going one, but for me this idea falls in the same category as the scientific notion that something can never be proven for 100%.

I'd agree SSK --- Definitely no conspiracy here. ;)

-{ Quote: "While this is possible, if a mainstream site was targeted, the malware would become widespread quickly and this would result in anti-virus companies discovering it sooner and developing better detection and removal tools. Malware needs to keep a low profile to avoid being added to signature databases and there are signs that authors have recognised this and are being more cautious in their targeting.

Even with zero-day exploits, a system firewall (Process Guard, System Safety Monitor and AppDefend being good examples) can provide protection and greatly limit the damage that malware can do (e.g. stop it from disabling other security software) and it may be that such software will become as necessary as network firewalls are now.
" }-

I disagree with a lot of this. Take a rather well known malware distribution network (at least to the AVs) like dollar revenue - these guys are constantly updating their malware, and quite often it takes weeks to get the new samples added, by which time they've often updated them again.. Same with the Zlob trojan downloaders (many are updated on a daily basis), same with the Smitfraud junk. These are not low profile malwares flying under anyone's radar, yet try getting them added in a timely fashion. IMO, I'd say it's not an unreasonable estimate that 80% of AV products don't detect 80% of viruses within the first few days of release, but it's always the other 20% of high profile cases that make the headlines that we hear about. If you don't believe me, just take a look at one of the common Zlob trojan downloaders and run it through VirusTotal or Jotti's and try and tell me that every AV isn't aware of these.

WRT websites getting hacked and hosting zero-day (or other, JavaScript, for example) exploits - it's not the high profile websites that concerm me so much (like google, msn etc) as they probably have good security, but the small guys who maybe only get a few thousand hits per day - in a week they can easily infect 10,000 machines. And it's often the same type of sites getting hacked - travel agents, estate agents, small groups/organisations etc that pay for basic web design/hosting but have no technical knowledge about how to secure their sites. These are the examples it's almost impossible to defend against.

There may have been basis for a conspiricy theory in the beginning, to hype the market (even talk of a conspiricy would have given a fledgling AV industry exposure), but today I think it's more a case of AVs being overwhelmed with the sheer volume of new samples - I'm betting there must be 100's of new samples every week (and growing exponentially) and I really don't know how the smaller vendors with fewer analysts expect to keep up. Hence why we are starting to see a shift away from purely signiture detection based methods towards heuristic and behavioural detections.