What do you think about on-line virus scans vs. resident AV programs?

Okay, Snowy. Glad it's 16 degrees. Since you've mentioned several times about newbies not knowing about this stuff, why not use this then as an opportunity to teach them? Why assume that because they 'don't know', that they 'can't know'? What I continue to advocate for is the notion that simply re-stating old suggestions - regardless of whether or not they work, or whether or not they apply - is really a form of mindless robotism; knee-jerk reactions. And I personally feel that this forum is capable of a more dynamic response. Just my 2 cents worth; your mileage may vary.

So in one sense I am not really satisfied with the way this discussion panned out. On the other hand, I am satisfied that this thread does manage to reveal more than might be readily apparent on the surface, both in terms of what what has been included, as well as what has not.

There's actually a fascinating post here - I read it - or tried my best to read it - earlier. It's a very long post by Technodrome that appears to be written by a hacker/virus writer, if I'm not mistaken. It goes through the history of both virus writing and the AV industry that developed in a sort of symbiotic dance relative to virus writing. It stated, amongst other things, that McAffee scammed the world through a falsely puffed up 'Michaelangelo' virus threat, and from that point forward the die had been cast in terms of making people afraid of virii. The article then goes on to describe, in great detail, how virus writing as well as AV defenses developed from there to the present. Aside from the technical education that post provides, it also nails one aspect very early on: AV is BIG BUSINESS. I think that's something to keep very much in the forefront of any discussion of AV. AV IS big business.

(Below is a direct cut/paste from that post):

"Antiviruses are bussiness. A big bussiness if one have a look at NAI. Beginigs were quite different, as many independent (free) antiviruses were available just to help people. But one can't stay competition with big money - look at Microsoft to see why. Today, to keep track of a big number of new viruses a many peoples are needed to work on antivirus for a full-time, and everyone needs money. And people have to buy (or support) antiviruses as they affraid of virus. Many people around the world things that viruses have to destroy something - thats why they don't like viruses. But noone cares that Windows crashes caused much more destruction than viruses. Because it is normal. Weird, isn't it?
Well, this fear of viruses was started with biggest computer virus hoax ever, initiated by McAffee - in order to make money, of course. It was Michelangello couple years ago, may be some of you remember it: McAffee informed about upcomming big computer dissaster caused by extremly dangerouse virus Michelangello. They estimated 20 milions of destroyed computers at activation date. 20 milions were too big number even in those days as there weren't as many computers around the world as today. This hoax comes from publisher to publisher and it grew bigger and bigger - and information about this computer apocalypse appears in many countries. I remember dady of my schoolfellow forbid him to turn on his computer (Sinclair ZX Spectrum with 8 bit Z80 cpu!) because a virus can came to is through network (power network of 220V!) and it can be destructed. Wow! Unbelieveable, isn't it? Even more that repair disc destroyed by Michelangello tooks few seconds with diskedit. But noone mentioned it in this hoax, of course. As activation day passed, everyone understoods I hope, too few computers were destructed (comparing to 20M) but this hoax succeed: people starts really affraid of viruses, and antiviruses are sold worldwide - they become a big bussiness."


Thanks for your honest input, Snowy. Happy Snow Balls. (Ooooh. Wonder how Ms. Snowy feels about that.)



sk

 

By SK: "What I continue to present - regardless of how many negative karma cookies it incurs - is the notion that simply re-stating old suggestions - regardless of whether or not they work, or whether or not they apply - is mindless robotism. That's not indicative of a cutting edge forum; it's indicative of 'status quo' if ever I saw it. "



So, are you suggesting that we send the newbes over to <hackwacker-going-to get-you.bot> would be more cutting edge? imho that would be highly irresponsible.
A review did not locate any mention of a newbe not being able to learn but yes several times it was mention that they should be given the opportunity.
"Robots"........I have personally witness members of this forum place their computers at risk in search of solutions. Such independent thinking is not concise with the term "Robot" An indicative of under-estimation of the forum/members/guests.

discussion in its true sense is not one person saying "my way or the highway" To disagree or agree is individual thought being express.......once again a far cry from "Robots"
but nevertheless the topic has been well covered an can be left as a learning experience for those who desire.
Thank you SK for sharing your thoughts...its been appreciated. Yet, there is little left for me to say that would be a contribution so I'll exit.

Snowy

 

To Snowy:
No doubt.
sk

 

This is one cool thread,

 

Well, azeuch, maybe so. But it seems to have meandered a bit off course, so if possible, I'd like to try to take this opportunity to [briefly] recap. [that's 'briefly' for me, not necessarily for someone else's notion of 'brief' ]

1. The real focus of this thread was intended to raise the thorny issue of whether or not any [or all] of us have been affected by the hype surrounding AV software. It was NOT to suggest that there is no threat of AV; rather, it was attempting to question/challenge our current approach to 'hardening our security', as the snow man so aptly points out.

2. Based on my [unexpected and unplanned] experience of actually NOT getting any virii despite not having run a resident AV on my system for over two months, I began to question, simply, HOW COME?

[Just to maybe help put this in perspective: I uninstalled XP in favor of W2K, both for technical reasons, as well as philosophical ones. Technically, I didn't like the way XP ran. Philosophically, it was my personal protest against MS and the whole notion of waste - I find it wasteful when you have a perfectly good program that's being backburnered when it still works perfectly well. (I could almost say the same about my venerable 98SE, which I still run on an older machine, but the benchmarks clearly show W2K blows away 98SE. But the tests are about dead even between W2K and XP.)

So that's the background. And after having installed W2K initially, without a full disk image made with all my proggies on it, since it was the very first time I'd used W2K, I held off loading my E-trust AV program, initially until after all the 'problem' programs (EZ CD Creator, Sound Forge, Adobe Photo, etc.) were loaded. In the meantime, I used the TrendMicro online scanner as some sort of 'well, it's better than nothing'.

Then I kept loading programs, and making drive image backups, and running the online scanner, until lo and behold, one day I looked at the calendar, and it had been two months that I'd been running with no resident AV program. (Although I was doing near-daily online scans). That's when the question first bubbled up in my mind, and after having seen such good interactions here at Wilder's, I thought: "What better place to toss this question out to get really looked at from all angles." And maybe it did. I'm not sure. But to finish up the real focus, vs. the background, in order to even consider not running a resident AV program, I think the following elements are clearly required/mandatory prequisites:

A. Daily on-line scans, to contain the damage of possibly having gotten a virus. (My system takes 7 minutes to scan approximately 29k files spanning 3 partitions and 2 hard drives. That's 'quick' in my time frame, but might seem like a slow drag for someone else. I play Freecell on my 98SE machine while it's running.)

B. Mail Washer or some equivalent to read/screen/delete email ON THE ISP'S SERVER, before it ever has a chance to get onto my hard drive. And, optionally, a 'better' email program like Poco, BeckyMail, TheBat, Calypso, etc.

C. Spybot, run regularly/daily and updated the same.

D. Spywareblaster, MRU Blaster, and any other blaster that our esteemed Javacool dude can whip up in his lab.

E. AdShield. (Cause I like it a lot!) (Is it required? For my taste it is. lol) Actually, I never thought about whether or not AdShield mainly cuts down on annoyances, or threats as well. I think that since it keeps some of the popups from popping up that would enable some creepy browser hijackers or anything like them to get onto my HD, I'd have to put AdShield into a category as part of the protective layering, not just more pleasant surfing. But this is just a thought, and the first time I've really thought about it. But that's the way it strikes me at this moment.

F. Cookie Wall or something comparable. (Again, Cookie Wall is not necessarily security oriented, but it sure makes managing cookies a LOT more user controllable, IMO).

G. And last but certainly not least, a FULL SYSTEM BACKUP AT LEAST 3-5 x's a week, either with Drive Image or Norto Ghost or SOMETHING that gets the system files that otherwise get locked. This aspect can't be stressed enough. This IS the insurance policy for the above suggested plan.

So that's pretty much it for how it stands now. The background, in terms of how this all came about; what my intent was in terms of the post; and what I've gleaned so far in terms of what MIGHT be workable in terms of yanking a resident AV program, and a possible - hopefully responsible - alternative plan of defense.

If this has been helpful, I'm glad. If it hasn't, then I apologize.

sk