Discussion in 'other anti-virus software' started by ttomm1946, Jan 13, 2018.
I'm a anti virus fiend..Can't settle on just one product...Have to try something new all the time..
Around 6 years for me. No windows defender or 3rd party anti-virus and no intention of ever installing the software in future.
AV definitely has it's uses, for instance as an extra layer of defence on domain machines where users are either not trustworthy or not security savvy. For security conscious/paranoid users on a forum like this I'd be surprised if anyone has been saved by their anti-virus.
it doesn't matter how safe your web surfing is when you hit a site with malvertizing, you're basically playing russian roulette with your machine - do you have the patch needed to prevent the execution of malicious code or don't you. 95% of the time you will - that few percent when you don't is all it takes. AV is just another layer to protect you. If you prefer not to use it, that's your choice to deal with the consequences of unprotected surfing. Just like those that choose unprotected sex, if they STDs or that's their choice/risk/problem.
I'd rather just use Linux. There are vulnerabilities, for sure, but you won't likely encounter them unless you're targeted. If I need Windows or OS X for something, I just run a VM. And yes, Meltdown/Spectre. But again, that's less likely for malvertizing and such.
I think you've summed it up Bo. I have an AV (Panda Dome) on my Win 7 machine but it is light and I also have browser hardening. I still constantly worry if it will hose my desktop with some false positive. My other computers basically run Linux without AV. I don't worry so much about them.
The day I stopped using antiviruses, my stress level using the computer, the internet, came down from about 8 to 1. And all this years, it has stayed there. The only reason that it is a 1 is because we might at some point have a problem starting the PC or rebooting successfully after updating Windows. Other than that, 0 worries.
I stopped using MBAM (freeware) a couple of years ago after several years of having it installed. At first I thought I'd get withdrawals or something. All it ever found for me were false positives. I'm not confident enough to go without an AV on Windows yet, but I doubt I'll run Windows much longer anyway.
It has been my experience over many years, that if you keep Windows, your browsers and other vulnerable software updated, then the chance of getting infected is very slim. I believe that the only times I've ever been infected on fully patched computers, is when I've manually launched an infected executable, rather than just from browsing the web.
Just to make it clear, I'm not saying the antivirus software is useless, or shouldn't be used. I'm just pointing out my experience over many years, including visiting many potentially unsafe websites.
Since you are talking about MBAM. How about the issues users were having last week after a bad update? Worst than a virus. I completely avoid that type of issue. I read horror stories about the problem at another forum. This people got more computer stress that day than what I got this past 9 years. At that forum some months ago, I suggested the idea of learning how to protect yourself from malware by using proactive techniques that are more successful than traditional scanners, and the bullies came down on me. Some people don't want to learn and/or keeping the masses dumbed down regarding protection is part of their agenda.
Yes, they are definitely horror stories. I stopped using the MBAM forums years ago after fanboys trolled me for reporting false positives.
You know I use an antivirus, but analogies with our own health are really over the top to say the least, if my computer gets infected within 12 minutes max, I can recover a healthy image, you try to recover from an aids infection without any real anxiety... I can defenestrate my best machine and my life will continue to be exactly the same minus one computer.
I'd like to defenestrate my AV lol.
Ahh, so you can only be classed as protected if you roll with an AV?
For many people who don't know a great deal about computer/internet security AV may be their only line of defence, and so yes it's useful. For more tech savvy users AV is likely a last line of defence, and one that will never be tested.
Malvertising is a none-issue when you run an adblocker and know how to configure a script/third party blocker like uMatrix. Add in frequently updating software, sensible browsing and a sandbox/VM and you're far from unprotected with no AV in sight.
I avoid AV not just because of how resource hungry it is, and how unreliable even fully up to date AV can be when compared to other mitigation techniques; But also because adding AV can actually reduce security by increasing system/admin level processes with large attack surfaces. This is why adding more and more security software isn't always the best course of action when protecting a system.
Antivirus applications and other security software are supposed to make users more secure, but a growing body of research shows that in some cases, they can open people to hacks they otherwise wouldn't be vulnerable to.
The latest example is antivirus and security software from Kaspersky Lab.
"We have strong evidence that an active black market trade in antivirus exploits exists," he wrote, referring to recent revelations that hacked exploit seller Hacking Team sold weaponized attacks targeting antivirus software from Eset.
A vulnerability has been revealed in several major anti-virus products. The Israel-based cyber-security startup enSilo recently showed how AVG Internet Security 2015, McAfee VirusScan Enterprise version 8.8 and Kaspersky Total Security 2015 were all vulnerable to the same flaw.
These giants of the enterprise antivirus software game were all subject to the same coding issue. The softwares would allocate memory for read and write, as well as execute permissions with an address that an attacker could easily predict and then proceed to inject code into the target system.
When Bitton spoke to SCMagazineUK.com, he described what he saw as the essential problem: “The anti-virus companies adopted a coding malpractice which essentially defeats Windows' mitigations against application exploitation.” This meant that the anti-virus products could conceivably become an “attacker's vehicle into taking complete control of the underlying Windows system”.
This week, Google security researcher Tavis Ormandy announced that he’d found numerous critical vulnerabilities in Symantec’s entire suite of anti-virus products. That’s 17 Symantec enterprise products in all, and eight Norton consumer and small-business products. The worst thing about Symantec’s woes? They’re just the latest in a long string of serious vulnerabilities uncovered in security software.
Some of Symantec’s flaws are basic, and should have been caught by the company during code development and review. But others are far more serious, and would allow an attacker to gain remote-code execution on a machine, a hacker’s dream. One particularly devastating flaw could be exploited with a worm. Just by “emailing a file to a victim or sending them a link to an exploit ... the victim does not need to open the file or interact with it in anyway,” Ormandy wrote in a blog post Tuesday, further noting that such an attack could "easily compromise an entire enterprise fleet."
By design, antivirus products introduce a vast attack surface to a hostile environment.
The attacks described below allow complete remote compromise of these devices without authentication or interaction.
Unfortunately, analysis of ESET emulation reveals that is not the case and it can be trivially compromised. This report discusses the development of a remote root exploit for an ESET vulnerability and demonstrates how attackers could compromise ESET users. This is not a theoretical risk, recent evidence suggests a growing interest in anti-virus products from advanced attackers.
I could go on... And that's not to mention the privacy issues around software that scans and has the ability to upload any file on your system.
look I get that AV is not the best solution for many of us uber-geeks who virtualize, run monster machines with SSDs and can roll back within a few minutes - i totally get it. And yes, I can find flaws in AVs like Tavis's disclosure of the ESET exploit back in June of 2015 (that's 2 1/2 years ago and was fixed in a couple of weeks remember) - I can find flaws in any system and use that to 'discredit' almost any system. It doesn't matter to me one bit.
As a business owner I know that safe computing is the best practice - safe surfing, running adblockers (which people disable because they MUST see this article on the 5 miracle foods to boost their IQ - irony alert). I totally get it.
What I also get is people are the weakest link - they're REALLY bad a filtering for bad stuff - they get 99% of it - and miss 1% at least. How do I know this? We run phish threat analysis on many, many, MANY customers. At *LEAST* 1% of every campaign gets clicks - as high as 15% in recent months. Yes, these are real figures and these are the people that benefit from many, many, MANY layers of protection.
Here in our office - we have multiple firewalls, we scan http/s, email and we examine traffic at the packet level and based on source/destination. We also block traffic to and from certain countries, not because we don't believe that we're never going to value some piece of traffic there, or because we believe that every machine, server or person there is bad, but because we generally see floods of probes from these countries and the logfiles full of such traffic are just annoying. I'd rather live with one user complaint that they can't access a site in say, the Ukraine, in a year, than deal with thousands of pointless port 22 scans per hour. These are security choices we make - we all make them. You might not care and filter these, I prefer to know where the scans are coming from and make a judgement call, even when port 22 is closed.
Companies we work with expect a best foot forward - and they don't expect me to setup that protection based on what will keep their BEST team member safe - they pay for, and expect, a solution that uses tools which will keep them safe from the one in a hundred, or one in a thousand click that even the best of us can make once in a blue moon. We *try* to cover those bases, and that means firewall, backup, updates and anti-malware in that order. If we can do adblock and cyber-training/testing, pen-testing and more, that's great, but really - most companies are NOT interested in those extra costs (and yes, even us managing their adblock - even a free one - costs them money - time= money people).
You choose your layers and I'll choose mine - that's how it works.
Okay so we seem to agree? I said myself (in the first post you shot down) that AV can be useful as "an extra layer of defence where users are either not trustworthy or not security savvy". My point was that it wasn't a necessity for security savvy users.
My issue was with the faulty analogy.. that browsing the web with any security setup that doesn't involve AV is the equivalent of having unprotected sex. I didn't mention having an issue with other people using AV.
Edit: Removed bottom paragraph.
you people aren't using seat belts in your cars cause you're driving carefully, right?
i would love to see a scan result from any on demand scanner on those crispy clean virus free computers.
There's no comparison to be drawn between driving a car safely and browsing the web safely . They're simply not comparable. But I guess if you want to stretch to that then you could say I do wear a seatbelt, a few infact, they're just not AV seatbelts. AV seatbelts only work when they recognise the car, or the behaviour of the car that's crashing into you. Mine assumes all cars are crashing into me and work all the time.
I think you'd be disappointed, I've ran them in the past.
I spend way too much time every month cleaning malware off of other peoples PC's.. The majority have AV installed. AV isn't a magic pill. As webyourbusiness pointed out, people are the weakest link.
Thanks, Bo, for a confirmation of sorts. I am about to purchase a new system, my first experience with Win10 ever, and that was the direction that I was leaning toward. With the combination of Sandboxie and ShadowDefender, the very good if not perfect (but what AV is perfect) built-in Windows Defender should be about good enough, in my inexperienced opinion.
using SRP or anti-exe just doesn't work for some people, and having an AV installed, a good one ofcourse, is way better than running unprotected. you only need to view one malicious ad and you're done.
you obviously don't fall into the category that i was describing.
Hi Acadia, yes, using Sandboxie along Windows defender for security in W10, is more than plenty. And on top of that, Shadow defender for testing programs, you ll be fine. By the way, I read plenty horror stories before purchasing my W10, and was ready for a fight with the system, but my experience using the new system has been pleasant. Thankfully, it took me only 3 or 4 days to realize that playing along the new system instead of fighting it, is healthier for the computer and my peace of mind, the result has been 0 issues.
Almost any security software is better than running unprotected yeah
Hi Mekelek, I dont see antiviruses as seat belts.. Myself, I used antiviruses till December 2009. Till late 2008, I was getting infected once or twice a year....every year. To stop that cycle, I had to look for something better. In fact, up to late 2008, I thought antiviruses was the only technology available for protection. I thought there was nothing better and getting infected was just part of using the computer.
But then one day (while cleaning my last infection), I discovered that there were other technologies. Discovering that there were other and possibly better technologies for protecting yourself and the computer was like discovering America. I felt like C Columbus when he discovered Guananini and called it San Salvador. In late 2008, I already knew antiviruses were bad, thats the honest truth, and decided to try something else. Trying something new was a good idea.
And never looked back. Quickly, I discovered Sandboxie and NoScript, and all the sudden, infections went away. I haven't been infected since the day I stopped depending on antiviruses. At first, my intention was to use this programs along the AV but eventually dropped using the real time AV a year later. The programs I mentioned have proven over a long period of time that unlike antiviruses, they can be considered as seatbelts. You talk about scans, I kept doing scans for a while, but as time went on, I did them less often and eventually stopped doing them. I dont even have on demand scanners. In my W10, I have never ran an scan.
Let me tell you something else. My browsing today, is more dangerous than what it was when I used antiviruses and was getting infected all the time. I still do exactly same kind of browsing I did 10 years ago, I havent changed none of that, but today in addition, I do activities that were not available in 2009, that are dangerous, activities that if done by people who depend on antiviruses get infected. I told a friend the other day, using NoScript and Sandboxie, turns the sharks in the waters of the internet into sardines. Thats how it feels when you are protected for sure. Those programs really are seat belts. Safe browsing? I dont prequalify sites or programs. I treat all sites and programs that I visit or run with same respect, you can say I trust none or I trust them all the same, so, whatever I do, I do it with NoScript and Sandboxie. No exceptions. This are my seat belts.
I’ve had an AV on my machines for the best part of 13 years, in the beginning I was diligently and systematically scanning them weekly, occasionally finding something, mostly spyware. Since 2007 I started running all computers with Shadow Defender first and then added Sandboxie which I use for normal browsing.
It’s been now almost 5 years that I use extra scanners (MBAM, HitmanPro) once or twice a year to check on the security provided by SD and Sandboxie, and they have never ever flagged anything… I do have Avira as a ‘whistle-blower’ for bad websites and to check downloads…
I think imaging and virtualization are very safe indeed, but given the abundant power that we have in modern machines running an AV will ensure some kind of protection towards personal information theft, without slowing down the machine performance. I tend to agree with others that Windows Defender is fast becoming the natural choice for an AV on Windows 10.
I do wear seat belts all the time (Sandboxie), my car has front and side airbags (imaging, SD), and a dashboard camera always on (Avira)
@bo elam does sandboxie still allow you to install an application in the sandbox and allow you to view the virtual file system and registry it built around the install to see what exactly was installed and where?
As long as it doesn't need drivers and /or services yes. But VM machines are much better for that purpose
Separate names with a comma.