What do you REALLY expect from security software?

It occurs to me that many people may have different expectations of their security software.

1. Some people expect AVs to protect them from themselves, to free them 100% from the fear of unwittingly running say a trojan dropper hidden in some interesting software they chose to install.

This means a heavy reliance on their AV to catch everything, the more a user gets into his head that because he has an AV he can do anything he wants, the greater pressure placed on the AV.

The classical example is of a user opening an unexpected email attachment that his email scanner vouches as clean.

2. Another group of people, believe in being prudent , they understand that no security software is 100% so they are always careful so they don't do warez, they only use reputable well known software, download from official sources etc.

On the flip side, they aren't beneath doing software configurations to include security. E.g Instead of using OA to block ActiveX, they turn it off manuallly for example.

Still, they recognise it is human to err (for example misclicking, lazyness, not keeping up with patches etc). For them security software is a safety net, a last resort that can save them.

Alternatively, they rely on their security software to filter out the obvious threats, but they don't assume that all threats are filtered.

In this case, the user tends to rely on both his knowledge and security software to stay safe. In generally most members of this group are obviously more savy then those in the first group.

I could also venture and say that people in this group tend to be fairly comfortable, unafraid , they don't feel threatened by much. Depending on how large a factor they think user error/ unforseen circumstances are some can even happily do without too many security aids.


3. In my view however there is an interesting third group of people who are at least as knowledgeable as some in the second group but who are still afraid.

They dell too much on the fact that security software is not 100%, a point reinforced everyday in security forums thanks to threads talking about how AV misses sample X, rootkits in bios, leak tests can bypass firewalls, etc.

I submit, these people might be expecting too much of their security software. You know the type, some guy posts some theoritical wild stuff, and immediately you gets posts like will "security product X block it?" Or they expect their security products to block all zero day exploit.

Of course many ask out of intellectual curiosity, but for those who are not, I submit, they have almost regressed to attitudes similar to that of the first group by hoping that their security product can safe them from everything.

That's the problem with forums like Wilders , you pick up stuff that can be useful in everyday life ( Paranoid2k explaining about Tor and what it can do , how to use it for instance, Mrkvonic explaining about secure deletion and what programs do it, etc) and on the other hand you get 'facts' and 'information' that you cannot do anything about.

E.g " Researcher says rootkits in Bios is a possibility!" , "Experts all agree, Spyware will be coming to opera in 2006!" or "Hackdefender brillant can fool all Antiviruses even when the AV companies have a sample!"

What can one say in these threads really? What information value does it add? Security products are not perfect and AVs can't catch all malware?
Does it really matter if it is some variant of Hackdefender brillant with antidetection modules , or just good
old Bagle variant, or a completely new worm that the AV fails to catch without new signatures?

Is that really news that AVs are not perfect??

Moreover I mean most of us are not AV researchers, so what else can we do but to keep that in mind and continue doing what we have being doing, this is To practice safe hex?

Also, does anyone of us really have the ability to estimate how likely these things are if we are not directly involved in the field? If you are somewhat knowledgable you can make an informed guess, but what about the rest of us?

Of course the line between threads that arm you with information that you can do something about and threads that provide scary 'information' that doesn't really help is pretty grey (largely depending on your technical skill too) but I believe beyond a certain point, reading Wilders can actually be counterproductive making you overestimate dangers , unless you are able to put things in perceptive.

 

There is a sub group of the first group that goes actively looking for things to test their Av against on the net and then complain when it doesn't. This is the stupid group.

 

Then there's a group that tries to be a smart aleck like Peter2150 And the group that likes to count groups....

 

i never expect 100% detection rates from any security products, but i do expect protection of my computer from the more destructive and widespreading malware. i also want my security to be somewhat easy to use, very configurable, and run lightly on my system. my basis for security is what works well for me and my computer.

 

DA

Well you've already said today that you think that i have no skills, in the other thread ! So as i obviously no know nothing about absolutely anything, in your opinion, i won't comment.


StevieO

 

Security, just like Peter. What else can you expect from security software.
It's crucial that this type of software offers security.

Having the hardworking and less-knowlegdeable users in mind, I would add :
- alot lesser than 30+ security softwares
- as quiet as possible, hardworking people don't like to be disturbed
- as easy as possible, absolutely necessary for this type of users
- as safe as possible without too many false positives
- as close to 100% as possible
- as ...... as possible, just in case I forgot something.

What I don't want, I find everywhere and what I want, I can't find anywhere.