I belatedly came across this blog post by Andrew Clover:

http://www.doxdesk.com/updates/2008.html#u20080129

Hugely amusing and tongue in cheek of course, but definitely with serious undertones...

{QUOTE-> Today's AV is a dead loss. But you can't simply not install any, or everyone will complain. That's where PlaceboAV comes in! It's the fantasic anti-virus solution that's super-fast and absolutely reliable... because it does nothing at all.

Yes, new from DOXdesk, PlaceboAV is just as effective as leading anti-virus software—that is, completely ineffective—whilst having no negative impact on system performance, and never bugging you with extraneous errors.

Get the full performance out of your computer, in total peace of mind because there's a little icon in your system tray so you must be safe. And if you're worried that your protection isn't up to date, open the program window, and simply click the Update button for all the latest definitions!

(NB. Since there are no definitions, the Update function does not actually bother to contact the definitions server, and just pretends to load updates. This is more efficient on network bandwidth. And also there is no definitions server.)

Download PlaceboAV now! An unbelievable feature-set packed into just 56KB of executable*! Lordy, it's a miracle! And it's free!

And! As Well! Purchase PlaceboAV Plus Pro now! It's got all the great features of PlaceboAV Free edition, plus you can pay $30 a year for it! Awesome!


DOXdesk is not responsible for any viruses you get whilst using PlaceboAV under the impression it is actually doing something. Well, we probably are responsible, but we're not going to do anything about it and you'll not get a penny out of us. Go away now. <-QUOTE}

Awesome product. Have to test :D

Sweet! Now where's my credit card...? ;D

Finally the best AntiVirus. And some where saying it will never come. ;D

I lol'd ;D

{QUOTE-> Hugely amusing and tongue in cheek of course, but definitely with serious undertones... <-QUOTE}Perhaps - but like most strident statements on either side of this debate (must have an AV vs. AV is rubbish), he really misses the point and renders what could have been a productive statement pure caricature that simply adds noise to an existing cacophony.

Blue

{QUOTE-> Finally the best AntiVirus. And some where saying it will never come. ;D <-QUOTE}

Why is this the best antivirus?

{QUOTE-> Why is this the best antivirus? <-QUOTE}
Are you serious?

{QUOTE-> Perhaps - but like most strident statements on either side of this debate (must have an AV vs. AV is rubbish), he really misses the point and renders what could have been a productive statement pure caricature that simply adds noise to an existing cacophony. <-QUOTE}

Well, it is certainly way over the top, but I simply found it too funny not to share.

That said, although admittedly he doesn't provide a 'solution' he certainly touches on a very real issue.

Considering the amount of complaining I have seen around here about some recent version updates of popular AV products, plus the growing feeling that signature based AV's are no longer good protection, this is not so much of a joke.

Just installed! Works great with my current setup! 8)

{QUOTE-> Well, it is certainly way over the top, but I simply found it too funny not to share.

That said, although admittedly he doesn't provide a 'solution' he certainly touches on a very real issue. <-QUOTE}Yes, Mr. Clover does touch on real issues, but the implication that current AV technology provides only a placebo comfort is very misguided at best.

Yes, given the current situation (rapidly evolving, very quickly disseminated malware with economic objectives (and therefore the resources and reason to recruit "professional" programmers)), AV's are certainly a much less complete solution than they were even in the recent past. The underlying issue has not changed - they deal most effectively with material that they've already seen - but the time dependency and volume of material available has changed dramatically.

Some of what we see here - constant changing of approaches, layering on of multiple products to plug the leaking boat, paranoid worry of what could be - are really all symptoms of a situation in which a decent solution has not been fully articulated.

I believe that Mr Clover is quite correct in emphasizing that {QUOTE-> "One day, per-program permissions will be the norm at an OS level, and we'll have the benefits of proper sandboxing without the usability and stability problems of today's primitive behaviour-blocking AVs. <-QUOTE}However, one needs to ask whether that will resolve all the issues or if it simply shifts the playing field?

I think that it's a very worthwhile approach, but ultimately people download executables/active content from the internet. Those sites may or may not be well controlled. Content they host may or may not be well controlled. The hosts themselves can reside virtually anywhere. How does a user even start to attempt to validate that content?

One way - despite the acknowledged limitations - is to treat an AV as an expert advisory system. Like any expert system or even live expert, the answer obtained may not be correct all of the time. However, it does provide some measure of informed feedback. For most users that feedback is much more informed than anything that they will develop on their own, at least at the current time and given that many people are routinely swindled everyday in the course of normal live commerce, I don't see this changing a whole lot even if each and every user gets educated until their heads are ready to explode. Education does not make one a subject matter expert, and that's really what is required - the detail is whether that is practiced at an end user level or at a higher point in the food chain.

We've already seen some of this migration occur as ISP's have found it to their benefit to implement mail server level filtering of email. But again, as already mentioned above, that's only shifted the playing field from delivered content to a delivered link to the content and so on. It's a beginning, but certainly not an end solution.

In an environment in which user capabilities span complete novice who know nothing of the inner workings of a computer (it's a very useful appliance) to genuine expert (can readily disassemble software/hardware at will), the one-size-fits-all answer is a pure delusion. It will always be a pure delusion. Many users will always need the crutch of an expert advisor to appeal to. Right now, that's an AV. At some point in the future it may be called something different, but that a difference in descriptive language only. The essential function will really be the same.

Blue

From a theoretical point of view whitelisting is the safest method. HOWEVER. There is a huge difference between theory and praxis. Look around Vista Users and spend attention how many have disabled UAC (User Access Control) because it's "annoying". There we go. Whitelisting expects a lot of user interaction (and no, you can't whitelist all software even if you think that's possible!) There will be always a "not in database shall we start it or not?" question. More than 25 percent of users will just click "Run at own risk" and start a malware as long as the program doesn't explicitly states "IT IS MALWARE". Because nobody is willing to wait for a vendor reply on every file.

Similar Situation with a behavior blocker. And a behavior blocker is not suitable to detect all kinds of malware!

So it all boils down to one thing: The user wants to know FOR SURE that something is malicious. That helps him much more than just a statement that something tries to access the internet! There are so many things that do that . HOWEVER. For the more experienced user the behavior blocker is a nice addition ASSUMING THAT HE KNOWS HIS OWN SYSTEM! And that doesn't apply (sorry to say that) for most of the ordinary home/office users that just start the computer to do their work.

I have not heard of a behavior blocker/sandbox/etc. similar software that is capable of cleaning already infected computers. I also believe it's not possible to get any assistance from these, unlike with your av-vendor that would probably at least try to give you the tools or manual instructions how to remove the malware. Something people always forget when praising their new, free, trendy, sandboxing, behavior blocking, virtualizing, "no-av needed approaches."

{QUOTE-> From a theoretical point of view whitelisting is the safest method. <-QUOTE}
How about a virustotal-listing? To always practice this safe manner as long as your files are less than 10mb. ;D I agree and computer education is vital in this era. I see more young people using computers and the more knowledge they have, the better they are protected. This is not to discourage the older generation like Sr. Bellgamin. ;D

I downloaded it and ran it. Never have I seen an AV install so smoothly on my system! It's like it's not even there, what can I say? Lighter than NOD32, Avira, or Win OneCare! It's a keeper!

Jim;)

{QUOTE-> I have not heard of a behavior blocker/sandbox/etc. similar software that is capable of cleaning already infected computers. I also believe it's not possible to get any assistance from these, unlike with your av-vendor that would probably at least try to give you the tools or manual instructions how to remove the malware. Something people always forget when praising their new, free, trendy, sandboxing, behavior blocking, virtualizing, "no-av needed approaches." <-QUOTE}

This is true. On the other hand there is no need for removal if it never gets on the system in the first place.

I really liked this part:

...in total peace of mind because there's a little icon in your system tray so you must be safe....

:D :D :D

Installed and running now, this is security at it's finest!

I suggest all of you at least try it ;D

I think this little program certainly has a future - the gui is very easy to understand but I don't like the icon - could they not come up with something snappier?;)

Switched from NOD32 to Placebo.

:thumb:

{QUOTE-> Switched from NOD32 to Placebo.

:thumb: <-QUOTE}Did you get a migration discount on that?

{QUOTE-> Did you get a migration discount on that? <-QUOTE}

Yes! :lurking:

{QUOTE-> Yes! :lurking: <-QUOTE}
Great value for its money. The updates also seem to work extremely fast. I can barely catch the update bar loading when clicking on "Check for updates".

And to think it can even update with my internet connection off :thumb:
Try beating that Dr.Web!

The best thread ever :wacko: can't wait to test this av program out! ::)

this has been one funny thread... but I have a serious question... does windows Security Centre recognize this as an AV?

Funny thing is I agree with the Placebo article.;D

Any screen-shots??? Do they have a suite???

How long until someone complains about false positives or missed infected files? ;D

Are there any tweaks to reduce resource usage ???

While this is one good laugh, I can think of one real use for this (if it works...)

MSN messenger won't allow me to send exe's because I don't have a resident AV, so I must rar them. This is a pain for me and the receiver. If it is recognized as an AV, I could avoid that. I'll give it a try...

{QUOTE-> How long until someone complains about false positives or missed infected files? ;D <-QUOTE}

I tested this against our whitelist. We did not detect any false positives. Very impressive.

I wonder if they have an OEM program. ;D

{QUOTE-> I tested this against our whitelist. We did not detect any false positives. Very impressive.

I wonder if they have an OEM program. ;D <-QUOTE}


Amazing!. I'm completly convinced. I'll uninstall Kaspersky right now::)

It has to be re-installed after every re-boot??? :doubt: But no f/p's is a plus!!! :argh:

Everyone is talking about how great is PlaceboAV it can detect all viruses in the world so i wonder if it is a fact.If so there is will be no need for Anti-Virus products at all.Let uninstall all Anti-Virus products and use this see how long it will take to get your PC infected.

@oleg
ok! ;D
No virus or other bad thing since 5 years here.......

Has AV-Comparatives done a review on this one? It would probably come up on top at 100% detection rate :D.

dja2k

{QUOTE-> Has AV-Comparatives done a review on this one? It would probably come up on top at 100% detection rate :D.

dja2k <-QUOTE}


Nope but I know some AV testers that it honestly probably would.

But would it rank up there with Dr. Web. who knows =P

a screenshot for any detection of placeboav !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

Wow! I can't believe I came across this thread. I just downloaded PlaceboAV and its 56 KB footprint is simply amazing! Written in 100% pure Assembly language, it sure does a wonderful job, at 0% CPU load, with the fastest scanning time of any AV out there today! :thumb:

To those who have been screaming for a screenshot, here it is:

But does it really find some test malware?

{QUOTE-> But does it really find some test malware? <-QUOTE}

Of course not, that'd be a bug (http://en.wikipedia.org/wiki/Placebo)! ;D

{QUOTE-> Of course not, that'd be a bug (http://en.wikipedia.org/wiki/Placebo)! ;D <-QUOTE}
No..
You just buy the pro version.. it pops up from time to time saying it found something and did nothing about it. :lurking: just as advertised.