Antivirus Software:evolve or die

Discussion in 'other anti-virus software' started by phasechange, Sep 10, 2006.

Thread Status:
Not open for further replies.
  1. phasechange

    phasechange Registered Member

    Joined:
    Aug 10, 2004
    Posts:
    359
    Location:
    Edinburgh
  2. BlueZannetti

    BlueZannetti Administrator

    Joined:
    Oct 19, 2003
    Posts:
    6,590
    fairyliquidizer,

    This is the best location for this discussion. I'd certainly agree that some level of significant adaptation is needed. However, the following paragraph struck me:
    Spoken like an IT pro who seemingly can't step into the shoes of a casual user. Realistically, most users will read that as
    This is where an even marginally appropriate AV or related package steps in. The blah blah... is preconfigured and automatically handled. There will always be a market for that, whether it is a pure defensive scanning/sieving approach or something a tad more sophisticated. The current problem is that most packages that strive to proactively address these newer level of threats simply provide a cascade of user alert windows that, again, are blah blah... to most casual users. There are currently a couple of exceptions to this (Prevx and AntiExecutable spring to mind, but there are probably others I can't recall at the moment), but they are not the norm at the moment.

    Blue
     
  3. phasechange

    phasechange Registered Member

    Joined:
    Aug 10, 2004
    Posts:
    359
    Location:
    Edinburgh
    I agree with you 100%! I also agree with the author who hints that behaviour can reduce risk of infection (as much as if not more than antivirus software). However "Joe Public" doesn't know how to "harden configurations" moreover his article sends a message that almost says "you don't need antivirus" and that message is dangerous as if you don't have the knowledge then you need the tools to protect you.

    He also points out that he managed to spread an infection from a machine that is off-net onto his LAN. That goes to prove that we all make mistakes and therefore need AV software.

    One interesting angle is that he highlights the need for firewalling by describing his own set up and I would argue that a firewall is more important than AV but the layered approach that the author uses is the best approach and without that layered approach his AV software would have been a lot busier.

    It is this last point that he misses and those "not very tech literate" family members are all being protected by his "pro" setup. Joe Public typically isn't.

    Fairy
     
  4. steve1955

    steve1955 Registered Member

    Joined:
    Feb 7, 2004
    Posts:
    1,384
    Location:
    Sunny(in my dreams)Manchester,England
    He refers that most of the malware nowadays is going undetected,or is only detected by a few scanners at jotti or virustotal,on initial release of new malware this as always been the case due to the fact that AV vendors have to react and this takes time,in fact it is slightly better now due to better heuristics than it was in the past!
     
  5. Straight Shooter

    Straight Shooter Registered Member

    Joined:
    Jun 13, 2006
    Posts:
    108
    I started another thread on this subject (BY MISTAKE) at the NOD32 Forum, and for that I apoligize.. But since I'm here, the only conclusion I can come up with is the guy who wrote the article in question is either touting heuristics (which is fine by me...) or is killing time.. He does make a point about how virus writers may be using online scanners against the public. Wouldn't be the first time someone used something meant for good instead for evil...
    On the other hand, if a 100% correct heuristics only Av is ever created, that probably WOULD be the end of the antivirus.. LOL..

    BTW, I am not implying any AV is better than the other.. Many Av's have their strong points..
     
  6. Mele20

    Mele20 Former Poster

    Joined:
    Apr 29, 2002
    Posts:
    2,495
    Location:
    Hilo, Hawaii
    Hi Jim..long time no see.

    Seems to me the author was just touting Safe Computing. Note that he reads (and his teenagers also) all email in plain text and doesn't open attachments. That is part of Safe Computing. The other things he mentioned are also a part of safe computing.

    I don't quite understand Blue's comment about users reading blah..blah..blah?
     
  7. TairikuOkami

    TairikuOkami Registered Member

    Joined:
    Oct 10, 2005
    Posts:
    2,508
    Location:
    Slovakia
    Goog point, as long as "Joe" will exists, the anti-software will be allways needed.
    Recommending no AV is a bad idea, a user will find out himself, when it is useless.

    Although prevention is better protection than using AV, which can fail to stop infection.
     
  8. Stefan Kurtzhals

    Stefan Kurtzhals AV Expert

    Joined:
    Sep 30, 2003
    Posts:
    701
    There is no 100% detection of unknown, new malware. This is simply impossible. If you can do that, you could write an algorithm to calculate the next lottery jackpot numbers too. ;-)

    Let the malware authors use those online scanners to test their viruses - the samples will end up in the vlabs of the antivirus companies very fast. ;)
     
  9. NAMOR

    NAMOR Registered Member

    Joined:
    May 19, 2004
    Posts:
    1,526
    Location:
    Arkham Asylum

    I think I do, take a look at all the security forums with HiJackThis logs posted. I think Blue is referring to these types of individuals which seem to be large in number.
     
  10. BlueZannetti

    BlueZannetti Administrator

    Joined:
    Oct 19, 2003
    Posts:
    6,590
    Mele20,

    What's not to understand (ahh, there's irony there)....

    My point is a simple one. The vast majority of users, i.e. the mass market which drives this industry, would have no idea of what to do after finishing reading that article.

    Admonishing people to use safe computing? It's like telling someone to take care of themselves. It's not explicit, there's no explicit action to follow. It's not translated to a level that is accessible if you don't already hold the same view or possess the same experience base.

    I use perimeter and host-based firewalls. Please...., am I the only one who believes (based on experience by the way) that this is speaking a foriegn language to the only audience the piece should be directed to?

    Security applications (AV/AT/AS/and the rest) exist to assist users in dealing with malware. For the most part, a PC is a black box to these users. We all have black boxes in our lives, be they PC's, internal combustion engines, and so on. We don't want to deal with their inner workings, we want them to function in the context that we use them. Security applications take an unsafe black box and inject it with a modicum of security. They are not a panacea, a user can overdo it, but in the meantime a user can be safe without coming to grips with the inner workings of a device that they generally don't want, or need, to know. These security applications are another level of black box. It would be nice if everyone could understand the inner workings of PC's since their lack of understanding can often spill over the borders of their existence and impact the rest of us, but that's not about to happen.

    PC's need to be safe and secure delivered as a turnkey device. Currently, that is nothing more than a pipedream.

    Blue
     
Loading...
Thread Status:
Not open for further replies.