Do AV products give a net improvement in security ?

Discussion in 'other anti-virus software' started by NGRhodes, Jan 27, 2017.

  1. NGRhodes

    NGRhodes Registered Member

    Joined:
    Jun 23, 2003
    Posts:
    2,381
    Location:
    West Yorkshire, UK
    http://robert.ocallahan.org/2017/01/disable-your-antivirus-software-except.html

     
  2. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    14,881
    Location:
    Slovenia, EU
    IMO, Av products still give net improvement of security. Although I don't use real-time AV, I still think that most people are better secured by using one.
     
  3. Dermot7

    Dermot7 Registered Member

    Joined:
    Dec 20, 2009
    Posts:
    3,430
    Location:
    Surrey, England.
    Of course no software is perfect, and some is buggier than others, and may cause issues, so you've sometimes got to try a few to see which best suits your needs.

    But an experienced software engineer openly advising people to just go ahead and uninstall their AV is extremely irresponsible IMHO.

    2c
     
  4. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    8,591
    Location:
    U.S.A.
    :thumb:
     
  5. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,456
    Needless to say that operating system themselves as well as popular 3rd party applications contain security holes that can be exploited by malware. Some antivirus vendors include exploit blockers in their AVs to block malicious exploits.
     
  6. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    14,881
    Location:
    Slovenia, EU
    I agree.
    Also, some AV problems are presented out of proportion.
     
  7. Brummelchen

    Brummelchen Registered Member

    Joined:
    Jan 3, 2009
    Posts:
    5,858
    the majority of web users click on each crap which is not gone with three. maybe those need an antivirus. but concerning kaspersky which was threat of google zereo reveald some critical vulnerabilities at least. perhaps rare attack verctors but critical. av software is root software and each kernel root process not from windows lower security and offers attack vectors.
    behavior protection is not filling gaps - but i can prevent if it was coded for that. are they? i have doubt that the majority of an programs would recognize current attack routine - in fact the are all tested against those and have 100% impact. to cheap some can think that av could protect. and it is a bit nativ though that only one program can protect against all impact.

    at least i alsop dropped eset like all other solutions years ago, no dime ever again for such crappy and buggy software at all (not only eset). did you ever though about why sandboxie is asked so many times for usage or improvement? people dont trust their av programs although in most cases they have one installed. and in most cases people give a fart on messages from av programs - and install it anyway. and for sure - most av programs are that setted up not to scan for adware which sucks in most cases. daily news, daily bread to get rid of adware although...
     
  8. roger_m

    roger_m Registered Member

    Joined:
    Jan 25, 2009
    Posts:
    8,627
    Perahaps, but his opinion is that Windows Defender provides better protection, and of course, if you're running Windows 8 or later, as soon as you uninstall your third party antivirus, Windows Defender will be enabled.

    I won't be switching to Windows Defender anytime soon, as I prefer to use an antivirus which does not signiciantly slow down my computer.
     
  9. elapsed

    elapsed Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    7,076
    Defender may not provide the best protection from malware directly, but its implementation is way ahead of third party vendors. When was the last time you heard of Defender increasing your attack surface? Just an extra thing some people may want to consider, when you think about protection in a wider scope.
     
  10. elapsed

    elapsed Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    7,076
    It might be time to stop using antivirus, and just regularly update your software instead

    https://arstechnica.com/information-technology/2017/01/antivirus-is-bad/

    Didn't realize it caused this many problems for browser vendors.
     
  11. Nebulus

    Nebulus Registered Member

    Joined:
    Jan 20, 2007
    Posts:
    1,635
    Location:
    European Union
    Yes, IMO the AV products give a net improvement in security. Maybe for me an AV is not that important, but I know people who would be in big trouble if they weren't using one.
     
  12. TairikuOkami

    TairikuOkami Registered Member

    Joined:
    Oct 10, 2005
    Posts:
    3,417
    Location:
    Slovakia
    The article basically says, that you should stop using other AVs, because they are very good in what they are supposed to do. :argh:

    Hey, my AV can detect almost every malware, but I should stop using it, because it might break a system, better to use Defender, which can hardly detect anything, but it is safe.

    The biggest problem is, that disabling it is almost childishly easy, literally one reg entry, other AVs are way more self-protected, one of the reasons they recommend to stop using them.
     
  13. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    8,591
    Location:
    U.S.A.
    I keep bringing up the same point; if your security solution can be easily bypassed, it doesn't matter what protections it provides. Seems to be "falling on deaf ears" here on Wilders.
     
  14. elapsed

    elapsed Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    7,076
    Good luck getting past Windows 10 smartscreen.

    I don't view this as a problem whatsoever. To disable the AV it means it wasn't detected, at that point what does it matter, it's already over.
     
  15. Martin_C

    Martin_C Registered Member

    Joined:
    Dec 4, 2014
    Posts:
    525
    Looking through the posted reactions to this article on several forums, I can only say that the majority of visitors on security forums are apparently living in a bubble.

    These security forum visitors seem to be extremely misinformed, because they apparently believe that third-party AV developers know more about OS core then the teams that are actually building the OS core.

    Furthermore these security forum visitors seem to have been brainwashed through years of third-party AV propaganda, because one can read that these users actually believe that it is good when third-party AVs are causing countless central security implementations in the OS to malfunction.

    One feel like knocking ones head into the wall when seeing that users on some forums can get themselves to post that it is more important to have a pop-up from a third-party AV that basically says "please send us more money to finance our daily fear mongering campaigns", than to have a OS that are fully functional day in and day out with ALL security implementations FULLY functional so the applications that are the all time number one target - our browsers - can ACTUALLY use these security implementations WITHOUT being broken by clueless third-party AVs.

    For years and years a steady flow of reports from the worlds three biggest browser teams has stated that there are nothing in the world that are causing more malfunctions, crashes and breakages in browsers than third-party AVs.

    Every single time a user boots their PC with third-party AVs installed, parts of the OS malfunctions and browsers malfunctions.

    THIS is the EXACT reason why the worlds three biggest browser teams all face the same problems. Their development of browser security are being held back and they can't activate new mitigrations due to ONE reason and one reason only - that third-party AVs breaks everything due to their lousy coding practices.

    It's not exactly rocket science to stay informed about these matters.
    All the browser teams has been saying this for years. Microsoft and Mozilla both honest but diplomatic. Google honest, brutally honest, with no filter on their wordings.

    It's time that users wake up and understand that third-party AVs and their lousy coding practice are the sole reason why development of even stronger mitigrations in OS core and in everybody's browsers are being held back.

    Third-party AVs are not the solution to anything - they ARE the problem.

    That is exactly why all three browser teams tells users to uninstall their third-party AVs and use Windows Defender instead.
    Because all three browser teams can constantly see from testing and from telemetry from all three teams browser installations around the world in use every single day, that Windows Defender are built following correct coding practice and does NOT make OS or browsers malfunction.

    Third-party AVs are on the other hand responsible for extreme amount of telemetry reports about all the malfunctions they cause daily in OS and browsers.

    When leading developers from Google and Mozilla publicly state that Microsoft's AV team are the only AV team that are competent, that are following best coding practice, that are making sure that every implementation they do are making their product stronger WITHOUT breaking anything anywhere in OS, browsers or any other applications, then end users better start listening.

    These browser teams aren't just anybody.
    They are the teams that builds the worlds three most targeted applications.
    And ALL three browser teams has the telemetry to prove that everything they say are true.
     
  16. TairikuOkami

    TairikuOkami Registered Member

    Joined:
    Oct 10, 2005
    Posts:
    3,417
    Location:
    Slovakia
    Once signatures are updated, it might get detected, if AV is still on, not to mention, that some parts will get detected and it will alert at least some users, that something is going on.

    Actually it looks, like they live in a bubble. They say, what is wrong, but they do not offer any solution, like greenpeace.
    Yes, AVs are not perfect, but currently it is the best common users have got, better than using nothing, that is for sure.

    Once they make an un-infectable browser, they can go around posting this, but that will never happen, they are just people and hackers are always a step ahead of them.
    By the way, if this were true, than Edge with Windows Defender should be virtually unbeatable and it was hacked within 18 seconds. So much for advanced security. :isay:
     
    Last edited: Jan 28, 2017
  17. Martin_C

    Martin_C Registered Member

    Joined:
    Dec 4, 2014
    Posts:
    525
    They tell what the problem is - all third-party AVs with their lousy coding practice.

    They tell the solution - use Windows Defender that are built by a competent team following best coding practice.

    As said before, these teams aren't just anybody.
    They are the teams that builds the worlds three most targeted application.
    And they have the telemetry to prove that their words are true.

    That is FAR more important than any security forum users opinion.
     
  18. TairikuOkami

    TairikuOkami Registered Member

    Joined:
    Oct 10, 2005
    Posts:
    3,417
    Location:
    Slovakia
    I always go for facts rather than just opinions, usually "experts" provide the worst kind, because they think, they are always right. Not to mention, there are experts, who claim otherwise. ;)

    Just go to malware cleaning forums and look, how many people use only Windows Defender, it is no brainer.
     
  19. Martin_C

    Martin_C Registered Member

    Joined:
    Dec 4, 2014
    Posts:
    525
    Yes, of course.

    Hard cold facts in the form of billions and billions of telemetry reports, that all three browser teams has and this are the cold hard facts that proves they are right.

    versus

    Forum users that kind of read something in tech medias or kind of heard something once from someone.

    I place my trust on the billions of telemetry reports.
     
  20. TairikuOkami

    TairikuOkami Registered Member

    Joined:
    Oct 10, 2005
    Posts:
    3,417
    Location:
    Slovakia
    Yes, because browser telemetry provides info about how much the computer is infected?! Last time I checked, I did not use my browser to scan for malware. :)
     
  21. Martin_C

    Martin_C Registered Member

    Joined:
    Dec 4, 2014
    Posts:
    525
    Apparently you have no clue about how well informed these teams are about EXACTLY what is impacting their browser installations.

    That is why telemetry are implemented.
    To improve development.

    May I suggest you to start following the constant flow of informations coming from a lot of these developers.

    They are not exactly hiding themselves.
    In fact they are VERY open about the constant massive flod of malfunctions and breakage that third-party AVs are responsible for.

    There's a whole world outside Wilders.
     
  22. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    8,591
    Location:
    U.S.A.
    o_O
     
  23. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    8,591
    Location:
    U.S.A.
    Below are a few public examples of Windows Defender bypasses. These also can bypass a number of third party security solutions. I am sure they are dozens more of like bypasses on the Dark Web.

    A targeted APT can bypass almost all conventional security solutions. Lucky for end users, these are directed at high value targets.

    http://null-byte.wonderhowto.com/fo...ws-backdoor-paylaod-bypass-antivirus-0166949/
    https://vvalien1.wordpress.com/2016/05/22/sharpmeter-and-bypassing-windows-defender/
    http://www.winmatrix.com/forums/ind...ommon-malware-can-bypass-windows-8s-defender/
     
  24. Martin_C

    Martin_C Registered Member

    Joined:
    Dec 4, 2014
    Posts:
    525
    I would like to make it perfectly clear to anyone reading this thread ,that the examples that @itman has shown are EXACTLY the same bypass attempts that @itman and I discussed in another thread only a few days ago.

    That thread was about a fresh report that shows that obfuscated samples like these are NOT ABLE to bypass the native security in Windows 8.1 and Windows 10.

    The combination of Windows Defender and SmartScreen meant that all these attempts at bypassing the native security was blocked.

    Anything that Windows Defender didn't block was blocked by SmartScreen.
    Anything that SmartScreen didn't block was blocked by Windows Defender.
    They complemented each other perfectly.

    The fact that the native security succeed made @itman very upset, and he followed up with several attempts at confusing anyone reading along through links to tests that has parts of the native security disabled during testing.

    So anyone reading along - be VERY careful NOT to fall victim of the smoke and mirrors attempts that @itman constantly post.
     
  25. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    8,591
    Location:
    U.S.A.
    Last edited: Jan 28, 2017
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.