when was the last time anyone found a real live virus ?

Ok, I easily concede that wherever vendors are lurking they will promote as hard and as long as necessary to make the sales they require to render their product profitable. However read some of the posts i have written and you will realize the deep criticism I offer on this topic.

However this does not invalidate the fact that behind many web addresses is lurking an IFrame injector or some cross server script pulling code while trying to obfuscate ones perceptions of the fact. The threats are real and serious and costly.

 

The threats are real as I mentioned before, but they affect a very small percentage of users-very small. That was my original point, and the absence of a statistically significant number of users infected proves that.

The fact that your company removes malware from user's boxes, only proves that you do that-not that there is mass infection-there isn't.

 

Actually the problem really is that probably 90 % of non corporate infections are unreported or are statistically absent from most stats as users simply reformat and reload the O.S. and never report the event to anyone. I personally deal with a ridiculously small percentage of those and as such my experience is statistically irrelevant as well.

My perspective is that the corporate world is under attack yes, but suffers nothing compared to the home user and SOHO market who has no "professional" support to speak of. All the whilst it is the corporate sector who gets all the attention of the professional community.

Home users end up relying on their anti virus practically blindly having no idea what the heck else to do...

I am not so much discussing the quantity here, but rather the focus being what it is due to economic realities home and SOHO users are practically on their own. Probably one of the main reasons why so many viruses and spyware are disseminated daily on a global basis....

 

Hi,

Virus infection ? to some is more than often, to others is never. IMO, it all depends upon which group of PC users, you belong to.

Virus infection is epidemic ? no, never has been, and will never be. Is massive immunization mandatory ? you must be kidding! What AV vendors have done this far is to create an unnecessary panic rather than an educational session, hoping to rake in bloody mooney.

As an AV vendor, its holy responsibility is to raise the awareness of virus infection to general PC users, especially home users, not to cheat them out of unjustified protections. Often, users get a screw up on system rather than a needy protection.

Our government(CANADA), advises elderly, young ages and health workers(plus people in risk sectors) to get an annual flu shot-a selective immunization. IMO, AV vendors should to the same, at least, in my mind.

 

I just wished I did not get dragged into the "Infections Risk" debate. But I just see far too many unnecessary infections to ignore this fact...

This is why company like mine and others like me have a responsibility to educate on alternatives and the consequences. Most of the work I do is unpaid, I think of it as technical welfare for the intellectually disadvantaged.

Not doing it, and watching users get screwed daily would affect the quality of my sleep... I wish more would be like this.

 

very true.

then, there are two types of 'newbies': the wise ones and the others

 

"I would like to thank the Academy..."

Thanks to a thought-provoking post by Long View and the help provided by C.S.J, Solcroft and Diver, I have implemented a new security policy.
I have ditched NOD32, but not because of its supposedly poor showing in a recent rootkit test.

I had an automated backup process that ran daily at 3am to prevent data loss from hardware failure, but the backup sets were recycled every two days.
I now run a full backup every week, with sets recycled fortnightly, and differential backups performed daily.
Prior to running each full backup, I use Avira PersonalEdition Classic to perform a full on-demand scan.

Since I no longer use realtime AV scanning, NOD32 lost much of its appeal, hence the switch to Avira.

Time will tell...

 

While I can see how some security software peddlers definitely use scare tactics to sell their wares, it nice to see other vendors like SuperAntiSpyware and Online Armor use good free programs to sell their full version products. I just wish more people understood that the free versions in most cases is really all you may need. I like using different free security software programs, and although I have never been infected, I still like hearing about how some free AV,AS, or HIPS saved someone from some intrusion or found some infection and then trying it. Of course I have used some paid version in the form of some free license give away, but that is precisely the reason why I believe in using the free ones so much.

 

You're not alone, all the computer work i do is done for free. I feel its my duty to help those who have been hit by malware and teach them some computer safety.

 

Well Prevx had a stat of 16% of computers checked with their CSI program had malware. Microsoft reported that 60% of users using the malicious software removal tool had malware in their computer.

 

Can these figures be trusted though ? A number of programs will report that a machine has problems because MRU shows recent activity or a bad cookie has been found. when you throw in the false positive capability of these programs who knows what the true figures might be. I would only take these claims seriously if produced by an independent source.

 

Prevx and Microsoft's Malware Removal Tool do not detect MRUs/cookies.

 

Prevx's CSI stats are based on active executing malware only - exe's, dll's and drivers. The 16% figure was the average over several months. The daily percentage has been increasing steadily as the number of CSI installations has increased - the last 24 hours worth of CSI scans has shown 28% infected (see http://www.prevx.com/ for details).

 

Hello,

That's not an independent source.

Second, could a single computer have been scanned more than once - 5 incident reports would report 5 times. Plus, there could be a computer with 100 infected files, resulting in 100 entries. This means that for those that use the program and submitted file, X% were infected, but they could all be installed on a very small percentage of computers - or not.

Third, define infected.

Fourth, the real question is how those files got there.

Fifth, what does this tell about the effectiveness of the said programs if X% are infected?

Mrk

 

Microsoft's Malicious Software Removal Tool (MSRT) can distinguish between unique Windows installations when it reports statistics back to MS.

Also, if only a minority of users are infected, then that particular minority must rescan and rescan their computers all the time for the statistics to arrive at the numbers they are at now.

 

For the record for those that don't know, I'm from Prevx.

In the case of the Prevx stats:

• A single computer scanned more than once is a single entry.
• A single computer with more than one infection is a single entry.

So for Prevx, x% infected means x% of the physical machines that have run Prevx CSI had one or more infections present before we ran.

That one or more file encountered during the scan had a determination of Bad in the Prevx database at the time that the scan took place.

Indeed, but out of scope for detection stats.

It says nothing about the product gathering the stats - unless you believe that they are made up of mainly false positives. However, it says a hell of a lot about the security products that were on those machines when it became infected.

Darren

 

Hi Darren

I have just gone on line and followed instructions to use v1.2.101.109 and as expected come up clean.

A thought occurred to me though. Is there no a self selection bias going on here ? Your 16% figures is based upon those who have run the test ? Is there not a danger that those who feel they might be contaminated will tend to check. Is your 16% figure saying that of those who volunteered to test 16% were contaminated ? if so then it may well be that contamination levels may be 3% ( those who are clean don't bother to check) or 25% ( those who are contaminated know they are and reformat and rebuild without bothering to get confirmation). To determine the % at any given time ALL machines need to be available for inclusion in the sample ?

 

Given that security software are hardly neither the sole nor major factor when it comes to preventing infections, I don't think that's a very fair comment to make.

 

That's stats for you. All we know is 16% of the people that chose to use Prevx CSI had an infection. You cannot draw any conclusions about the wider population from that statistic. You can't conclude it's a maximum, a minimum, an average or even representative of the % of infections in all PCs at all - all it is a finding for a sample community over a period of time. We don't even know how many were testers deliberately infecting a machine to check our CSI. We did remove the eicar.com test virus from the stats though

The interesting thing will be to see how this trend changes over time.

 

Always a subjective view this one. I think if you ask the average user on the street who buys a PC with one of the major security vendors products pre-installed they will believe they are 100% protected. They will believe the marketing hype and think that an AV product will stop 100% of all threats; and as we all know NONE OF THEM CAN. They will continue to believe this until they are infected. Even then many will blame themselves for not updating often enough But many will blame it on their security software not their own behaviour (and most infections are behavioural). They don't understand that it can take hours through to several weeks for a traditional AV vendor to receive a sample, analyze it and publish an update. Some vendors may even ignore it as its infection rate isn't high enough. If it's server-side polymorphic they might not even both trying!

Traditional AV simply can't keep up and unless you have a knowledgeable user at hand HIPS is out of the question. As we found with Prevx Home, most users didn't know how to answer the questions a HIPS gives them. They're great for we techies but home users haven't got a chance; even questions as simple as whether to allow a new program to run or not. That said, you look at some of the process names for legitimate applications these days (especially printer software suites) and even I have to think twice

We have to face facts. It doesn't matter how many security products the average home user has, they will get infected. Even if you are a security expert it is still possible to make a mistake. Knowledge, awareness and training are the only protection really worth having.

Prevx CSI is therefore pitched at what might be considered a new problem space - forget protection and cleanup after breach. It assumes that the security of whichever product or suite of products somebody is using will be breached at some point in time. When it does, our aim is to be able to identify the culpret and save your bacon (so to speak). We aren't saying it will detect 100% of infections. As I said above nothing can ever offer 100% detection. In many cases of infection, the existing security products will cope. Great. Prevx CSI is incremental to that protection.

Why is this a new problem space? Simple. The AV vendors will tell you they offer protection as their real-time monitoring picks up an infection immediately. They are correct of course - for the infections they have in their signature databases (or can be caught by heuristics). Everything else sales clean on through. Traditional AV is like going to the dentist every six months for a checkup. It can make little difference in the end! You'll still wake up one day with toothache. And it'll cost you more for those regular checkups over time than it will to have the tooth fixed when it has a problem... Of course some people will continue to pay for both and that's their choice.

At the end of the day the bad guys will always win for one simple reason. The good guys have to get it right 100% of the time to keep them out, the bad guys only have to get it right once. And our stats simply show that on 16% of the PCs that we've looked at, the bad guys won the first round. What we can't say of course is how many of the other 84% have infections that still haven't been identified...

Darren

 

Nice way of putting it

Sorry to be a pain again but bad math here. 16% of those you have looked at were infected - 84% were not - Fine. what you don't know is what % of the pop chose to check with your company.

 

Indeed. We also don't know the demographics of the population that did.
As of today we're at 1.1 million users with 28% infected.

 

LOL u guys u made me check again the topic title and guess what,it says "when was the last time anyone found a real live virus"

 

I think it'd already evident that infections have more to do with user education than with security software.

That being said, your comments so far on your company's product have been very interesting indeed. A pity you don't offer the full product for trial...

 

I dont know if the selection bias is true. What about wilders users. Most of us just use CSI to scan just to allow us to be sure that we DONT have viruses. Could go either way.

What about the microsoft figure. Sure they are vendors of one care and forefront, but would they inflate the figure, showing how bad their OS is?