Well, I've been saving this one for a while. Aside from the fact that I'm sure it's tantamount to throwing bloodied meat into a tank full of starving piranha, I AM asking it as a serious question, and not as something to just stir up the waters. As proof of that - or to make matters even worse, depending on your perspective - I have not used any resident AV program for the past two months, but I do regularly run Trend Micro's online House Call at least 3-5 times a week, if not more. To date, not a single virus has been detected on my system. I'm not offering this up as any sort of 'proof', or even as an example of what anyone should do; rather, just as an accurate account of the status on my system. LET THE FUN BEGIN! ;D

sk

SK,I have used online virus scan programs a few times in the past.Prior to installing NOD 32 I used Trend Micro's service to double check that I was "clean".The last time I used Symantec's service.I had a message about Code Red being blocked.(My firewall locked up).I was clean according to Symantec.I later purchased TDS-3.I personally prefer the resident a/v and a/t programs.The only negative aspect of an online scan for me is that it takes quite a bit longer to scan.I think the online scan services are dependable though.I've heard of other people that do what you do and they seem to be free of virus infections.I'm just more comfortable with the programs installed on my pc.I think it's a lot like choice of programs,it's personal preferrence.I won't knock that.

Hi Sk

I have used "HouseCall" too. AVG 6 now for the last year. But did I ever mention the best antivirus is between keyboard and chair, but - ofcourse - when there are no multiple users at your puter - it is possible.
I just wonder what kind of information does they collect from peoples puters besides they scan for viruses ;)

*Ari*

Hi,

To me it's all about trust. I will not willingly open my computer to an online file scan. I Don't Trust Anyone That Much.

Loki 8)

In short: on line scan: counter active (in case of a true positive detected, much harm can be done already..). Resident running antivirus/trojan: pro active.

Is there a choice? ;).

regards.

paul

Well, since Loki and Krusty both raised the trust issue, I'll respond to both in this post. I have thought a lot about the trust factor; but let's remember: Trend Micro of Trend Micro House Call is basically the same Trend Micro that makes a resident program to install on your computer's hard drive. And an AV program is one of the main programs you entrust to protect your computer.

It's the same whether it's Trend Micro or Norton. Interestingly, aside from the fact that I can't stand seeing/hearing about how this program or that program doesn't run or install well with NAV, I personally - rightly or wrongly - do not trust Norton products. That's just my personal feeling. I don't know why and can't really offer any explanation; I just don't. So in fact, any way you look at it, trust does factor into the picture.

It's the same with sites that nano-probe your hard drive. That's a matter of trust too. I have never personally met Steve Gibson; but for whatever reason I happen to trust him - at least enough to expose my computer's hard drive to his tests.

But like I've said in another post, unless you strictly use your computer off line, the second you log on it becomes a matter of trust. From that point, each person basically decides for him/herself who to trust and who to doubt. And there really is no right or wrong answer as far as that goes. So thanks to Loke and Krusty on raising the very fundamental issue of trust; very good point you two.

sk

Sk, you can't really compare since when you find one, it might have already been there for couple days and done god knows what at that time.
Having a resident one such as NOD means that when one does knock at your box, it will be dealt with immediately.
AS you say, you've not been hit by one yet, good for you...but if and when that happens, you might not be so happy.... ;)

After all, the same could be said for firewalls ! :D

-{ Quote: " quoting: Forum Admin link=board=19;threadid=6132;start=0#40772 date=1042161941]
In short: on line scan: counter active (in case of a true positive detected, much harm can be done already..). Resident running antivirus/trojan: pro active.

Is there a choice? ;).

regards.

paul
" }-Firstly, what Paul points out is clearly the most objective criteria on which to answer or assess the question, theoretically at least, anyway. ("Theoretically" meaning: if all AV programs caught all viruses, then in theory, it would be 100% correct. But since they don't, it's not a guarantee that even by having a resident AV you're 100% effective, or, for that matter, that running the online scan will catch 100% of the viruses after the fact.).

But in answer to Paul's question: "Is there a choice"? I believe there is. The choice boils down to balancing the real world risks/benefits, just as in anything else. And when I factor in all of the crashed installs that have so mucked up my system that I've had to do either a total reinstall or a reinstall of a backup image prior to the crash, vs. how many REAL WORLD VIRUSES I've actually gotten, the choice IS very clear to me which of the two available options is the most beneficial based upon my past experience(s). But what I'd like, if possible, is to get as clear a picture as possible factoring in more end user's real world experiences, because I believe there are definitely other people who have also had more damage done BY AV programs than by viruses. But by the same token, just because I believe it doesn't make it so; maybe I'm totally off, and I'm willing to accept that possibility too. But the most helpful input to sort this out is input which is as objective as possible, rather than loaded with emotional generalities. The more the input can be quantified (i.e. I've caught 3 (or 300) viruii over the past year running xyz AV software, etc.) the more helpful it will be.

And obviously from what I've just stated, my perception of the choice issue is clearly different than Paul's. That doesn't, IMHO, make one right and the other wrong. And there's no question that Paul's experience with internet security totally dwarfs mine without a doubt. But by the same token, that does not preclude the possibility that there is only one way to achieve a safe, secure system.

And the only way I know to ever really understand this is to try to separate out the truth from the hype. And it would be naive at best to think that there is not considerable hype when it comes to the whole matter of AV software. And the only way I can think of to begin to do that is to try to determine, as accurately as possible, how real the threat of a virus actually is? If it's imminent, that's one thing. If it's remote, then that's yet another. If it's close to nill, then that's yet another case altogether. Obviously, the more imminent the threat is, the more his position holds sway. The closer to nill it is, the less it holds sway. That's why I stated that during this two month 'test period', I have encountered no virii whatsoever. And no trojans as well. But that is anectdotal data, not scientific, and I realize that. And the fact of the matter is, it might never be possible for anyone to provide a totally accurate account of the real threat that viruses pose. But the more we can open up the dialogue and share real-world information, the clearer the picture will become.

And that's really the purpose of this type of thread: To open it up to real world users and see just what's what. I would hasten to add that regardless of one's position on this issue, the issue of backups should be unanimous: ABSOLUTELY make as many current, relevant backups as you have time and space to do. Part of the reason I can 'roll the dice' so arrogantly as far as not running a resident AV program is because I also keep a ready supply of Drive Image backups on hand, usually a day or two apart. That's my ultimatel backup/defense. Even if at some point I get a whopper of a virus, I have total restores, not just restore points, just a few clicks away. When I contrast that to the almost constant hassle caused by any number of misbehaving AV programs, for me the choice becomes that much clearer. It's just not the choice that makes sense to Paul's way of thinking and computing. But again - I don't believe it makes one right or wrong.

Now it's up to anyone who cares to contribute to this discussion or not. I think the discussion so far has pretty much defined the lines along which this post can now dissect the merits of both sides, and now it's time to see where the numbers fall. As long as people can keep focused on the technical issues and not the personal/emotional ones, this could/should be a very interesting discussion. I say that realizing ahead of time that for some people, security is almost a religion. And questioning the need for a resident AV program stabs at the very heart of a security and can be perceived - not necessarily consciously - as blasphemous - but that reaction is sometimes unavoidable, although my hope is that it can be avoided in this discussion as much as possible.

sk

-{ Quote: " quoting: MickeyTheMan link=board=19;threadid=6132;start=0#40776 date=1042163226]
Sk, you can't really compare since when you find one, it might have already been there for couple days and done god knows what at that time.
" }- Hi, MtM. Even if one runs Housecall every day?

sk

Sk

You just can surf on mines, there are alot of them on net. One mine can be found at virtualfreesites.com, I do not recommend to surf there. That one is just named as "seeker.js" but there are worse too. So good luck ;)

*Ari*

-{ Quote: " quoting: Krusty link=board=19;threadid=6132;start=0#40790 date=1042165475]
Sk

You just can surf on mines, there are alot of them on net. One mine can be found at virtualfreesites.com, I do not recommend to surf there. That one is just named as "seeker.js" but there are worse too. So good luck ;)

*Ari*
" }-What are 'mines', Krusty?

sk

I am not an expert ....for example hostile javascripts your browser suck them right away on your hard drive without you have no idea what is going on. AV is suppose to detect these "mines" in real time monitoring, before they take action. That is why I do not like surfing where ever. There are such bad "mines" on web sites they can even erase your hard drive. [ winXP atleast ]
Besides, if your firewall failures, there is another program defencing further damages.
http://www.visualizesoftware.com/visualzone/20021001.htm

*Ari*

SK

I took liberty to quote Steve Gibson=

"This vulnerability allows the files contained in any specified directory on your system to be deleted if you click on a specially formed URL. This URL could appear anywhere: sent in malicious eMail, in a chat room, in a newsgroup posting, on a malicious web page, or even executed when your computer merely visits a malicious web page. It is already being exploited on the Internet"

http://grc.com/default.htm

*Ari*

Well, Krusty...since you and MtM both mentioned firewalls, that does definitely add another dimension to the picture. I guess the best overall question that can maybe be asked - and it might be the subject for another thread; it depends how this progresses - is what are the most prevalent, imminent threats incurred while surfing, and what are the corresponding programs that best handle those threats.

There is already a great thread listing pretty much all of the categories and software people use by JayK http://www.wilderssecurity.com/showthread.php?t=5882;start=0. What might be a logical next step is to try to quantify, as best as possible, or order, the threats according to occurrence rates. That way, the real 'value' of each might be more readily definable.

Just as an example, I clearly encounter more ads, popups and cookies than just about anything else. And on the other end of the specturm, as I've stated, I've never had a virus, a trojan, or a 'mine'. Those are pretty much the poles, from one end to the other.

Since discovering MailWasher, I believe I've taken one of the most positive steps in terms of heading off the most viable threat-entrance to my system's security, particularly when incorporating it into a multi-layered approach; just an approach that replaces a resident AV program with an online variety.

Maybe if it's possible to really get to the heart of all of this, everyone would be able to benefit and focus on the real threats vs. the hyped, inflated ones. In this context, there needs to be an honest acknowledgment of the difference(s) between a corporate network, where viruses obviously promogulate, and the majority of end user systems. I would never suggest that running a corporate network without a resident AV program makes sense; but corporate systems and end users are completely different.

sk

-{ Quote: " quoting: Krusty link=board=19;threadid=6132;start=0#40816 date=1042169376]
I am not an expert ....for example hostile javascripts your browser suck them right away on your hard drive without you have no idea what is going on. AV is suppose to detect these "mines" in real time monitoring, before they take action. That is why I do not like surfing where ever. There are such bad "mines" on web sites they can even erase your hard drive. [ winXP atleast ]
Besides, if your firewall failures, there is another program defencing further damages.
http://www.visualizesoftware.com/visualzone/20021001.htm

*Ari*
" }-Thanks, Ari. While it appears this is just something that affects XP users, it's certainly good that you posted it for anyone who was not aware of this particular XP vulnerability, and the available fixes.

sk

If i can use an analogy, no one really needs Life Insurance or any type of insurance for that matter until the day before tragedy strucks !
If only one knew when that was to happen ! :D

A Good one Mickey! :)

*Ari*

That is a good one, Mickey. And the simplest way I can think of to respond is this: Suppose you had two options or two insurance plans to pick from: One where you 'pay every day for the rest of your life and carry it around your neck no matter how wearying it becomes and no matter how many side effects is causes', and one where you "Have a ball, do what you want, all you need to do is click this link once a day, and if you find that you're infected, pull out this 'magic disk', plug it in, and you're right back to exactly where you were yesterday or maybe at most two or three days ago". In a sense, MtM, that's is what I do, and while I am not suggesting that anyone follow that plan, I am saying that it is, IMHO, a legitimate alternative.

At the same time, I am more than open to any discussion that would indicate how what I am suggesting is dangerous.

sk

-{ Quote: " quoting: Forum Admin link=board=19;threadid=6132;start=0#40772 date=1042161941]
In short: on line scan: counter active (in case of a true positive detected, much harm can be done already..). Resident running antivirus/trojan: pro active.

Is there a choice? ;).
" }-
I personally agree, although I respect anyone's decision to run their PC like they wish.

Just like smoking [I hate it, but will fight for anyone's rights to do so as long as it's not in workplace/restaurant], up to the individual.

Having a resident AV/AT is much more preferable for ME. Not much point looking for an Insurance Agent after the accident. [Once again for me]

I have used on-line scanners twice.

The first time was about 3-5 years ago [Trend] when I knew nothing much about Av's, security, etc.

Then used it again about 2 weeks ago, just to see what had changed, etc. and was impressed. It's a very good BACK-UP, as if a virus had got thru and disabled your own AV, online scanners can detect and clean your system.

Cheers.

> it's my belief at least that AV programs can and do in fact cause more damage than the viruses themselves.

And your evidence is ........... ???

The two biggest-selling AVs in the world both suffered from well-publicized bugs in the past few months which arbitrarily deleted entire mailboxes. That probably would have been a lot of damage to you if you happened to be one of the unlucky users who read "Welcome to Outlook, first time user" on your screen ... but the combined damage worldwide from both of those bugs was nowhere near as great nor cost anywhere near as much in downtime, cleanup, and lost productivity as Badtrans, LoveLetter, Melissa, or any one of many other viruses.

-{ Quote: " quoting: rodzilla link=board=19;threadid=6132;start=15#40870 date=1042184615]
> it's my belief at least that AV programs can and do in fact cause more damage than the viruses themselves.

And your evidence is ........... ??? " }- Is it really necessary to interject terms like 'evidence'? This is not a trial; this is a discussion. Not to mention the fact that your portrayal neither confirms nor denies any additional collateral damage caused by AV programs - it simply does not address it. And that's clearly not to say that you do not have more than enough experience dealing with AV software. But my point is this: Based on my experience, I have come to the conclusions that I have. And I'm sure the same goes for you. But as I have at least tried to quantify that experience, limited and anecdotal as it is, I have requested that anyone who responds try to do the same. It does not appear to me that you've really done that, yet that is really the stated focus of the question here. And I believe that only answers along that line will help to clarify, vs. muddy, the waters. I don't know how to state that any clearer.

sk

In the beginning SK made a statement....the thereafter replies were all very good. An it shows a two-sided view equally...

What does interest me personally is the mention of Trust of which I have absolutely none......in all matter computer/internet related.
There is a resident virus and trojan scanners on my os...but do I trust those alone...NO! If infected I am not going to sit and nervously wonder.."did the Thingy" reallt get cleaned...no way...I'll reformat immediately. For peace of mind....no other reason.
On line virus scans may have some purpose..to each their own on the use thereof. Firewall port scans can be done from within the os...but few myself included do so an instead use online port scans....do such scan collect information....imo its very foolish to even consider that they don't...from jump street to jump-off street info is collected
Many are satisfied cleaning a virus....thus the use of such a program for that purpose.....an it does sever that particular purpose....which online scanning does not.....so a matter of personal choice....I have such a program an keep it updated....yet would reformat anyways....that is not the normal reaction...just mine.
Have enjoyed reading each person's comments. Any damage done by the use of an anti-virus program is so minute as not worth the mention compared to the good such programs perform....frankly I see nothing to compare between an online scan and a anti-virus program....using an online scan simply tells you that your computer has been infected an you can expect problem...simply a warning given sooner than if waiting for the computer to crash...either way the results are the same. That can't be compared to an anti vurus program which fixes the problem pronto.

snowy

sk,

For people attending boards like these, this might be an interesting discussion. Let's take it to a broather perspective: my calculated guess is, say 90% of all "average Joe's"/net users have no - or hardly any clue in regard to antiviruses/antitrojans and firewalls, nor about HTML based emails coming with very nasty scripts.

Thus, in practice I for one would like to see those 90% installing pro active security software, which is easy to handle and to update. It surely would save us the time and effort to handle a vast number of "help" emails coming in related to infected systems.

regards.

paul

Hi,

IMHO the first aim of an AV is to PREVENT infections BEFORE any damage has been done on your PC and before it can spread on the W3 through you infected machine.
If for instance the virus/worm installs a keyloger it's probably to late to scan online, it has already phone home...

An online AV cannot handle bootvirus.

What do you prefer : to take a medecine when you get a fiever to heal or always stay fit and well ?

Cheers,

Paul

What a super great replie...YES....in-experience uses INSTALL AN ANTI-VIRUS PROGRAM..!
Herein lies a major issue that needs addressing..in-experience users without proper computer protection or any knowledge of the dangers nor to make repair.
Option....there is no option......not even reformatting because inexperience users either don't know how to or when to.......they plod alone un-awear of having been infected.....and pass on the infection......which is then passed on and on and on............
For such people on-line scans are not an option but a worsening of an already bad situation.....they may actually learn they are infected an do nothing for lack of knowing what to do or where to find information.......an ignor the infection if their computers continue to work.
most of us here can find a flea in a hard drive then train it to jump hoops. Newbes can't afford such playful antics....an should get an anti-virus program immediately......forget having second thoughts...install the program then discuss any issues.


Snowy The Snowman

Paul and Mods

I have no idea what is causing the duplicate posts...scond time this has happened


No problem snowy. Don't let that hold you back from posting. We'll delete the duplicates untill you figured it out. Kind regards, Pieter

-{ Quote: " quoting: snowy link=board=19;threadid=6132;start=15#40918 date=1042200068]


Paul and Mods

I have no idea what is causing the duplicate posts...scond time this has happened
" }-

Snowman,

I don't see any duplicate post ???

Thanks for the compliment, btw ;).

regards.

paul

First, I guess I have been lucky, but I haven't had any major problems with my av that required reformatting. I've had the typical configuration problems, or minor problems in getting the mail program to stay installed. But to me that's part of the fun of new software. I know I can come here, one or more of these members/mods will figure it out, and I'll have learned something new about computers and software.
Second, I now have a habit of going to cracker sites to read their articles on how viruses and trojans are created (I don't understand half of what I read, but that's something else). :) I have heard that there can be what I assume are "mines", if I read Krusty's post correctly. Since I don't want to stop going to these sites, I want to be protected.
Third, I download a massive amount of software (usually deleted within 15 minutes :)). Three times my av has caught a virus/trojan - from sites I never thought would have had them.
To me, it's an ounce of prevention.
Once again, an interesting discussion. Thanks sk, for making me think through my assumptions.
I swear you guys/gals are going to make my brain collapse! ;D

Douglas

> No need to get dramatic -

No drama. You stated "it's my belief at least that AV programs can and do in fact cause more damage than the viruses themselves".

On what evidence do you base that belief ?

> My experience, as stated above, is ancecdotal.

Ah ... "anectodal" evidence ... you were told by a guy who sat next to a man in a bus whose brother once went out with a girl whose third cousin knew a guy whos sister-in-law's uncle's grandfather met a defrocked priest who told him he'd heard it in the confessional ? You have no first hand knowledge that "AV programs can and do in fact cause more damage than the viruses themselves" ?

> What is yours?

I have a little first-hand knowledge of computer viruses ... and of most major and minor antivirus programs, past and present.

> Did you experience any of the viruses you mentioned in your post personally on a non-corporate computer?

All of them.

> If not, do you attribute it to the fact that you use an AV program?

I deliberately infected computers with them. However, had I not deliberately triggered those viruses on un-protected computers, a decent antivirus program would have prevented me from doing so ... and it would have prevented me from doing so without causing more damage than the viruses themselves.

If antivirus programs really did cause more damage than viruses then the whole world would know about it ... the topic would take over the Internet ... it would make front-page headlines in your morning newspaper.

Sorry ... your belief belongs in the same basket as "Antivirus vendors write viruses to sell more programs".

PIETER..Thank you..........PAUL..must have been my double-sided night vision.....LOL an you are most welcome.



Doug

With true blue respect may I suggest that you stay away from those hacker sites. Its unlikely they would want to deliberately bring notice to themselfs nevertheless temptation does exist for every person to resist.


this too brings in yet another point......hackers...and script teasers.....that loveable bunch.....WHO CAN NOT BEGIN TO DO THE DAMAGE THAT IS CAUSED BY INNOCENT COMPUTERS OWNED BY INNOCENT PEOPLE WHO REFUSE TO PROTECT THEIR INNOCENT INVESTMENT.
Sure the virus writters and backdoor busters exist.....an will always exist........but its all those un-protected computers that do the spreading.....protect the computers an the spread of viruses drop tremendously. So why isn't people hardening their security......bet we could write volumes just on that subject.
it can't be a lack of awareness.....the daily news is full of articles on computers.....more so today than ever before....so does the majority not care?? I honestly don't think its a matter of caring as much as a matter of fear.....fear of messing up their computers because of their lack of experience.
Free firewalls and virus scanners abound....an yet I personally know highly educated people who offer the arguement that THEY WILL NEVER GET HACKED....HUH...DUD

-{ Quote: " quoting: rodzilla link=board=19;threadid=6132;start=15#40937 date=1042206647] Did you experience any of the viruses you mentioned in your post personally on a non-corporate computer? All of them. " }- In that case I really don't even know what to say.

sk

Snowy The Snowman is herewith MAKES A DARE!!!!


I challange every person who reads this topic to find at least one of their friends or associates in need of a firewall/anti-virus program AN INSTALL THE PROGRAMS FOR THEM.

an yes I have done so.....

-{ Quote: " quoting: Forum Admin link=board=19;threadid=6132;start=15#40909 date=1042196893]
sk,

For people attending boards like these, this might be an interesting discussion. Let's take it to a broather perspective: my calculated guess is, say 90% of all "average Joe's"/net users have no - or hardly any clue in regard to antiviruses/antitrojans and firewalls, nor about HTML based emails coming with very nasty scripts.

Thus, in practice I for one would like to see those 90% installing pro active security software, which is easy to handle and to update. It surely would save us the time and effort to handle a vast number of "help" emails coming in related to infected systems.

regards.

paul
" }- Again, Paul - based on what? Are we talking about the percentage of people who know about virii here, or are we talking about how many of them actually GET virii? How else can we ever get to the quantitative heart of the matter - how real is the threat vs. how damaging is the cure? So again, what's your take on how many people in a non-corporate environment get viruses or trojans that could not be completely 'fixed' using an on-line scan service. TIA.

sk

-{ Quote: " quoting: snowy link=board=19;threadid=6132;start=30#40943 date=1042209301]
With true blue respect may I suggest that you stay away from those hacker sites.
" }-

Hi snowy! :)
I totally understand, snowman. Sometimes I just can't help myself. Some of their articles are fascinating. And someone told me once, "Know your enemy." (not that I'm in the business of avs).

Love your posts, snowy. Thanks!

Douglas

Doug

oh yes I most assurely understand.....an knowing one's enemy is a good defense but just make sure your enemy never knows you..........an thats what happens when visting such sites.....in less time than it takes to blink an eye a person's address is revealed..os...broswer of those not hidden.......so if you feel the need to do the deed then hide yourself indeed.......vanish....poof...then read.



SK

Please don't think me rude or disrespectful for commenting on your post to Paul.....mine is more a question to your question........
I have no idea what the count is on infected home pc's or hacked home pc's so wont pretend otherwise......so with that in mind.......I took note of just the "hits" made on port 1443 since 5 a.m this morning........there were 163 such "hits" on that port alone......not counting Hits made on other ports......numerous trojan ports.....which could just as well be computers infected by BOTS........my question is: why are so many assorted computers hitting my lil ye ole computer with its coffee stains cpu drain..and my eye strain from watching my security blink.....infected computers just perhaps............by the ways..glad you began this topic

To Snowy - That's a good question. Why are there so many hits, and are they significant?

sk

-{ Quote: " quoting: snowy link=board=19;threadid=6132;start=15#40902 date=1042194073] Many are satisfied cleaning a virus....thus the use of such a program for that purpose.....an it does sever that particular purpose....which online scanning does not.....so a matter of personal choice....I have such a program an keep it updated....yet would reformat anyways....that is not the normal reaction...just mine. snowy " }- I'm not sure if I understood this correctly, snowy, but it seems like you're saying that on line scans can't or don't clean viruses they find. If that's what you're saying, I'd only point out that they do remove the viruses. But as MtM pointed out, depending on how often your run them, you have no idea when the virus infected your system. (Unless, of course, you run them every day. Then you would have a better idea.)
sk

http://birmingham.bizjournals.com/birmingham/stories/2002/11/04/smallb5.html



According to the above link 1 in 14 home computers were infected by klez............ouch!!!!!!


SK

To most your question could not be answered...however, in my case I can say with pure honesty that yes many of the hits bore harmful intent.....ports such as 456, 4590, 2801, 12345....these are known tojan ports........

Our friends Mr Krusty and Ms Lori made very good points...its not just infections from viruses.....websites can download without permission on computers of users unaware of such behavior or how to prevent it......download what......downloading anything without permission is hacking no matter what the contents.....it so much depends on people with experience to convey the message to less experience people....they are the defenseless...an once again I must say that I believe there is a fear factor preventing people from installing the needed protection onto their computers. These are not persons such as yourself SK..you are not inexperience an have the choice......many do not

SK

Thank you...no, I was not aware that the online scans cleaned the viruses......appreciate you advising. MTM does have a point.......I was leaning in that direction but was not fully informed....my sorry...

-{ Quote: " quoting: snowy link=board=19;threadid=6132;start=30#40988 date=1042223492]
http://birmingham.bizjournals.com/birmingham/stories/2002/11/04/smallb5.html
According to the above link 1 in 14 home computers were infected by klez............ouch!!!!!! " }- Yes, ouch, snowy. But there is a key element here; one I did address: The Klez virus enters systems through infected emails. As, is my understanding, do almost all viruses.

sk

Welspoken Snowy friend...

Those hits are caused of indifferent people as well those 90% of people Paul mentioned....they do not run antistuff on their puters, and furthermore they spread malware all over. I think - SK - you should change your attitude that way more friendly, that better be too cautious even paranoid than get malware and SPREAD it all over the world.
When it comes to online scanners....they are not trustworthy after your puter got infected. Many of viruses attempts to disabling antistuff, that´s why online scan won´t work either. Experts might correct me if I am totally wrong.

friendliest *Ari*

SK

yes, your point was well made and well taken. Ever try to tell a ten year old not to open e mail....or a lonely person who's only contact with the "world" is e mail..etc....an they have no programs to prevent viruses.....

An lets not forget those loveable "messengers"..AOL..YAHOO..MSN.....oh how they harvest the computers of the unaware.....an oh my all those great free program like Kazaa....those file sharers...quietly spreading everything but the flu.....try telling a hip teen not to want more music......an what their expression.......worse ouch you ever will see..lol

SK, truely I understand your point of view....its those who have no such choice that are the spreaders......you can defend yourself......many would not know where to begin.....they need that "chance" that slight "edge"

In respect to "others" I will bowout this topic so as not to crowd the board an give all others the opportunity to express themselfs.....

Have enjoy the converstation and all points of view.
My thanks for the opportunity to share

Well, Snowy...some things have at least been clarified. Email is a major component of this whole process, and I acknowledged that, and further stated that that is why I now use - and appreciate - MailWasher. No doubt about it; that is a key component of a multi-layered approach because email is the main entree for most viruses. And for the most part, unless I have specifically initiated a communication, or recognize either the name or the purpose an an email, I tend not open it, or else now might read it in MailWasher. And I have had Outlook Express's viewer turned off since I read about that vulnerability a couple of months ago.

The point about the whole array of messengers is another key element. Personally, I have always kept a very tight leash on those types of programs; I always choose the option to exclude eveyone except those who I specifically add in. That's just common sense to me.

And also Snowy, some of the issues you raised are not directly countered by AV software, but fall into Anti-Trojan, Firewall, cookie managers, etc.

And a good, clean backup is vital, without question.

And finally, while it's nothing to take lightly, 1 out of 14 translates to roughly 7%, although world wide, as the article states, that still translates to millions of computers.

So I am clearly not suggesting that simply by closing one's eyes and hoping that nothing bad will happen, one can responsibly expect to surf on line in any sort of safe way. What I am doing is questioning whether or not resident AV programs specifically are as important as they are made out to be, and suggesting that there might in fact be viable strategic alternatives, incorporating the specifics I've stated above.

sk

-{ Quote: " oh yes I most assurely understand.....an knowing one's enemy is a good defense but just make sure your enemy never knows you..........an thats what happens when visting such sites.....in less time than it takes to blink an eye a person's address is revealed..os...broswer of those not hidden.......so if you feel the need to do the deed then hide yourself indeed.......vanish....poof...then read.
" }-
Excellent warning and excellent advice. I appreciate your insights, as I'm sure all the others do. Thank you, snowy.
Regards,
Douglas

Doug

You are most welcome my friend...an my compliments on your own insight...........

***********************************************


IN-GENERAL COMMENT

Far be the case of this topic being about any one person or their specific habits in relation to computer security. In keeping with the jest of Paul's request for input on the subject at hand the topic therefore takes a meaning of security or lack thereof for all persons.
This is about girls with beautiful curls who become prey to those who would abuse...its about old men sipping on their glass of gin taking to a friend in cyberland......its about pravacy..security...and the use of common sense.....
what I do or can't do to harden the security of my computer is of no value if such knowledge is kept selfishly hidden in the shadows of my mind......that would amount to self-centerness an be of no use to the world. An we do live within a group...not isolated in a mountain cave. As such there is a need to take care of others if the world is to exist. Otherwise, the passage of time coupled with desertion from society would lead to chaos and total distruction of civil order.
does not the same apply to cyberland ? Those millions of infected computers effect us all....as a whole. That I was not infected did not degrade the effectiveness of the virus.
However, if those "millions" had used preventive measures once again as a "whole" the virus would have been something of a drop of rain.....instead it was a storm.
each member of the forum is to be highly regarded and respected for their sharing and caring with others.....as gracefully as possible I bow in respect to you.
There are those at this forum who's knowledge is astounding.......I pale in a dim light to their experience. Do these experience people use security programs...they alone can answer.
To the newbes.....you have a choice of common sense or whatever else you so desire to follow....my suggestion to each person not experienced in computer security is to add a firewall and anti-virus protect.....

wishing all a safe computing experience for many years to come

Snowy The Snowman

Again, Snowy. I don't fundamentally disagree with you. The key, however, IMO, is to determine HOW best to accomplish that. We do not disagree on the goals; at most, on the methods needed to achieve those goals.
sk

SK

certainly I see your point.....its not a matter of agreement or disagreement. Perhaps whats being over-looked is the very simple fact which has been referred to several times....that even the most minor adjustments such as disabling the things you mentioned are completely unknown to many inexperience users......they may as well be asked to built an entire computer........
these days there are millions of computers but just a rare few users aware of even minor security hexs. Such people find it difficult installing a printer....much less monitoring for viruses.
nor do we know that those computers did have anti virus programs so thats a moot question. As for probability thats like a roll of the dice..the outcome unperdictable
I can jay walk an risk being run over by a car...or use good sense an cross the street properly......a personal choice.......but more perdictable results.
Surely I would not presume to advise you how to run your computer....nor would I do so with anyone....
My feelings of a certain responsiblity to suggest that newbes harden their security is not presumption but caution .
the fact that I can prevent all viruses from entering through e mail is of no use to an inexperience person....if in fact I could do so. E mail is just one avenue not all avenues......one friend infects another friend because that friend knew the e mail was from a friend.....huh......
if as you stated you were curious........would it be wise for a working person who saved all year to buy a computer for his child to be as curious as you....if that man knows nothing about computers??/ All the man wanted was to give his child a learning device to perhaps use for school work........an may well end up with a cracked device that brings disappointment to a child. This is not an emotion being stated but a fact that happens every day to countless peoples around the globe......
one computer prevented from being infected is one less computer to spread the infection....if using an anti virus program prevents even one computer from being infected..is that not a success???
please excuse me......I by no intent am trying to change any outlook you may have......I do however realize that there are many inexperience people visiting this forum an I would not want to be a party to convicing them not to protect their computers by whatever means.....

SK

forgot to mention that its snowing in my area..temp 16 degrees......snowy all confortable....

SK

one final comment so as you realize that I am not taking personal issue here. No, I do not rely solely on anti virus programs to protect the computer.....nor a firewall alone..........but instead a layered approach.....

secondly......can I do without an anti virus program.....I can't but ask myself why would I ? Do I trust ani virus programs.....nothing on the computer I trust....myself included LOL....cause I do make mistakes..

Okay, Snowy. Glad it's 16 degrees. :D Since you've mentioned several times about newbies not knowing about this stuff, why not use this then as an opportunity to teach them? Why assume that because they 'don't know', that they 'can't know'? What I continue to advocate for is the notion that simply re-stating old suggestions - regardless of whether or not they work, or whether or not they apply - is really a form of mindless robotism; knee-jerk reactions. And I personally feel that this forum is capable of a more dynamic response. Just my 2 cents worth; your mileage may vary.

So in one sense I am not really satisfied with the way this discussion panned out. On the other hand, I am satisfied that this thread does manage to reveal more than might be readily apparent on the surface, both in terms of what what has been included, as well as what has not.

There's actually a fascinating post here - I read it - or tried my best to read it - earlier. It's a very long post by Technodrome that appears to be written by a hacker/virus writer, if I'm not mistaken. It goes through the history of both virus writing and the AV industry that developed in a sort of symbiotic dance relative to virus writing. It stated, amongst other things, that McAffee scammed the world through a falsely puffed up 'Michaelangelo' virus threat, and from that point forward the die had been cast in terms of making people afraid of virii. The article then goes on to describe, in great detail, how virus writing as well as AV defenses developed from there to the present. Aside from the technical education that post provides, it also nails one aspect very early on: AV is BIG BUSINESS. I think that's something to keep very much in the forefront of any discussion of AV. AV IS big business.

(Below is a direct cut/paste from that post):

"Antiviruses are bussiness. A big bussiness if one have a look at NAI. Beginigs were quite different, as many independent (free) antiviruses were available just to help people. But one can't stay competition with big money - look at Microsoft to see why. Today, to keep track of a big number of new viruses a many peoples are needed to work on antivirus for a full-time, and everyone needs money. And people have to buy (or support) antiviruses as they affraid of virus. Many people around the world things that viruses have to destroy something - thats why they don't like viruses. But noone cares that Windows crashes caused much more destruction than viruses. Because it is normal. Weird, isn't it?
Well, this fear of viruses was started with biggest computer virus hoax ever, initiated by McAffee - in order to make money, of course. It was Michelangello couple years ago, may be some of you remember it: McAffee informed about upcomming big computer dissaster caused by extremly dangerouse virus Michelangello. They estimated 20 milions of destroyed computers at activation date. 20 milions were too big number even in those days as there weren't as many computers around the world as today. This hoax comes from publisher to publisher and it grew bigger and bigger - and information about this computer apocalypse appears in many countries. I remember dady of my schoolfellow forbid him to turn on his computer (Sinclair ZX Spectrum with 8 bit Z80 cpu!) because a virus can came to is through network (power network of 220V!) and it can be destructed. Wow! Unbelieveable, isn't it? Even more that repair disc destroyed by Michelangello tooks few seconds with diskedit. But noone mentioned it in this hoax, of course. As activation day passed, everyone understoods I hope, too few computers were destructed (comparing to 20M) but this hoax succeed: people starts really affraid of viruses, and antiviruses are sold worldwide - they become a big bussiness."


Thanks for your honest input, Snowy. Happy Snow Balls. (Ooooh. Wonder how Ms. Snowy feels about that.) :o

;D

sk

By SK: "What I continue to present - regardless of how many negative karma cookies it incurs - is the notion that simply re-stating old suggestions - regardless of whether or not they work, or whether or not they apply - is mindless robotism. That's not indicative of a cutting edge forum; it's indicative of 'status quo' if ever I saw it. "



So, are you suggesting that we send the newbes over to <hackwacker-going-to get-you.bot> would be more cutting edge? imho that would be highly irresponsible.
A review did not locate any mention of a newbe not being able to learn but yes several times it was mention that they should be given the opportunity.
"Robots"........I have personally witness members of this forum place their computers at risk in search of solutions. Such independent thinking is not concise with the term "Robot" An indicative of under-estimation of the forum/members/guests.

discussion in its true sense is not one person saying "my way or the highway" To disagree or agree is individual thought being express.......once again a far cry from "Robots"
but nevertheless the topic has been well covered an can be left as a learning experience for those who desire.
Thank you SK for sharing your thoughts...its been appreciated. Yet, there is little left for me to say that would be a contribution so I'll exit.

Snowy

To Snowy:
No doubt.
sk

This is one cool thread,

Well, azeuch, maybe so. 8) But it seems to have meandered a bit off course, so if possible, I'd like to try to take this opportunity to [briefly] recap. [that's 'briefly' for me, not necessarily for someone else's notion of 'brief' ;D]

1. The real focus of this thread was intended to raise the thorny issue of whether or not any [or all] of us have been affected by the hype surrounding AV software. It was NOT to suggest that there is no threat of AV; rather, it was attempting to question/challenge our current approach to 'hardening our security', as the snow man so aptly points out.

2. Based on my [unexpected and unplanned] experience of actually NOT getting any virii despite not having run a resident AV on my system for over two months, I began to question, simply, HOW COME?

[Just to maybe help put this in perspective: I uninstalled XP in favor of W2K, both for technical reasons, as well as philosophical ones. Technically, I didn't like the way XP ran. Philosophically, it was my personal protest against MS and the whole notion of waste - I find it wasteful when you have a perfectly good program that's being backburnered when it still works perfectly well. (I could almost say the same about my venerable 98SE, which I still run on an older machine, but the benchmarks clearly show W2K blows away 98SE. But the tests are about dead even between W2K and XP.)

So that's the background. And after having installed W2K initially, without a full disk image made with all my proggies on it, since it was the very first time I'd used W2K, I held off loading my E-trust AV program, initially until after all the 'problem' programs (EZ CD Creator, Sound Forge, Adobe Photo, etc.) were loaded. In the meantime, I used the TrendMicro online scanner as some sort of 'well, it's better than nothing'.

Then I kept loading programs, and making drive image backups, and running the online scanner, until lo and behold, one day I looked at the calendar, and it had been two months that I'd been running with no resident AV program. (Although I was doing near-daily online scans). That's when the question first bubbled up in my mind, and after having seen such good interactions here at Wilder's, I thought: "What better place to toss this question out to get really looked at from all angles." And maybe it did. I'm not sure. But to finish up the real focus, vs. the background, in order to even consider not running a resident AV program, I think the following elements are clearly required/mandatory prequisites:

A. Daily on-line scans, to contain the damage of possibly having gotten a virus. (My system takes 7 minutes to scan approximately 29k files spanning 3 partitions and 2 hard drives. That's 'quick' in my time frame, but might seem like a slow drag for someone else. I play Freecell on my 98SE machine while it's running.)

B. Mail Washer or some equivalent to read/screen/delete email ON THE ISP'S SERVER, before it ever has a chance to get onto my hard drive. And, optionally, a 'better' email program like Poco, BeckyMail, TheBat, Calypso, etc.

C. Spybot, run regularly/daily and updated the same.

D. Spywareblaster, MRU Blaster, and any other blaster that our esteemed Javacool dude can whip up in his lab.

E. AdShield. (Cause I like it a lot!) (Is it required? For my taste it is. lol) Actually, I never thought about whether or not AdShield mainly cuts down on annoyances, or threats as well. I think that since it keeps some of the popups from popping up that would enable some creepy browser hijackers or anything like them to get onto my HD, I'd have to put AdShield into a category as part of the protective layering, not just more pleasant surfing. But this is just a thought, and the first time I've really thought about it. But that's the way it strikes me at this moment.

F. Cookie Wall or something comparable. (Again, Cookie Wall is not necessarily security oriented, but it sure makes managing cookies a LOT more user controllable, IMO).

G. And last but certainly not least, a FULL SYSTEM BACKUP AT LEAST 3-5 x's a week, either with Drive Image or Norto Ghost or SOMETHING that gets the system files that otherwise get locked. This aspect can't be stressed enough. This IS the insurance policy for the above suggested plan.

So that's pretty much it for how it stands now. The background, in terms of how this all came about; what my intent was in terms of the post; and what I've gleaned so far in terms of what MIGHT be workable in terms of yanking a resident AV program, and a possible - hopefully responsible - alternative plan of defense.

If this has been helpful, I'm glad. If it hasn't, then I apologize.

sk