Is my AV Software not good enough?

Discussion in 'malware problems & news' started by Mr2Much, Aug 15, 2010.

Thread Status:
Not open for further replies.
  1. Mr2Much

    Mr2Much Registered Member

    Joined:
    Aug 15, 2010
    Posts:
    2
    Location:
    Orange County, CA
    1st time poster, long time lurker.

    Like many people, I am having a problem with these scam AV software programs attempting to hold my computer hostage. I had never been infected with this type of 'scareware' until a few months ago. What changed?

    Well, I was discussing AV software options with a friend at work. At this time, I was using Kaspersky Security Suite (for a couple of years) and was generally satisfied accept for the annoying fact that MS Windows did not seem to recognize it's presence and would constantly give me warnings that my computer was unprotected. My friend is pretty tech savvy and he told me that he does not pay for AV and just runs the free Microsoft Security Suite. After further probing, I figured that I would give it a try (My Kaspersky was about to expire).

    It has now been 3-months and my computer has been infected 3x with one-or-another of these scam programs. I spoke with my friend after the 2nd time and he had said that he had no problems, but that he "knew how to avoid them". When I talked about going back to Kaspersky, he mentioned that several people at work have got this (we run Kaspersky AV at work). So I chalked it up to luck.

    Last week, the Kaspersky expired on a different computer that my children use. I installed MS Security for free. Now, less than a week later it is infected with this scareware. Coincidence? Have I been lucky up to this point? Is this scam just proliferating?

    I am reasonably capable with a computer and have had no trouble getting this off, but it is a pain, as well as time consuming. I am going to ask my friend for his 'avoidance' trick. While this might be a reasonable (and cost effective) trick for me, I am not sure that I can expect my children to avoid it in this manner. I am seriously thinking about getting Kaspersky again.

    Thoughts?
     
  2. Cudni

    Cudni Global Moderator

    Joined:
    May 24, 2009
    Posts:
    6,956
    Location:
    Somethingshire
    It has nothing to do with this or that AV being run but it has everything to do with being aware of the dangers on the net, of educating yourself on what and how to navigate the web in a safe manner. Keep your OS patched, block scripting except for trusted sites and have regularly updated AV, to name some combo approaches
     
  3. Boyfriend

    Boyfriend Registered Member

    Joined:
    Jun 7, 2010
    Posts:
    1,070
    Location:
    Pakistan
    @Mr2Much: Follow Cudni advices and keep your OS and Antivirus up-to-date. If you have trust in Kaspersky, then get Kaspersky again for better protection. Also, follow safe internet practices.
     
  4. Osaban

    Osaban Registered Member

    Joined:
    Apr 11, 2005
    Posts:
    4,222
    Hi there

    I would rephrase this question "is AV software good enough?" IMO, not really. Don't get me wrong, I do run an AV because if anything is found or denied access, I'd like to know what it is, and for known malware, AVs are excellent. Unfortunately new malware goes undetected until someone is infected and reports it for analyses.

    I think most free AVs are as good as the paid ones, and what you need to add to your computers is a sandbox (Sandboxie free/paid), ideal for your computer, and a light virtualizer (Returnil free/paid, Shadow Defender <payware>, DeepFreeze <payware> to name a few that I can recommend) for your children's machine. You can password a virtualizer for your children, and whatever they do, the system will be returned to its original state on the next reboot.

    My son has been using a machine with Returnil on it for a year now, and not a single piece of malware has ever been detected. (I used to spend days cleaning his computer from literally families of malware!). In most situations one doesn't even need to run a resident AV at all, perhaps a scan on demand when downloading stuff one wants to keep.

    If you are reasonably capable with your computer, Sandboxie could be a good solution for you along with your favorite AV. You'll find at Wilders a lot of info about the applications suggested if you care to use the search engine.

    Last but not least is backing up your OS. There are some good applications free (Macrium Reflect seems very popular at Wilders). It usually takes between 5-15 minutes to restore an OS to its original state, it really works.
     
  5. subratam

    subratam Registered Member

    Joined:
    Nov 14, 2003
    Posts:
    1,310
    Location:
    Issaquah, WA
    Hi Much,
    You got very good advices, and I also agree to most things said here. AV software can only do so much, but like "charity begins at home" similarly "internet safety begins with the user".
    I am currently using Emsisoft AM myself, which like few other major vendors combines a little more tools than just being AV. And one feature I love is surf protection which lets you control what you surf, what you visit in the web.
    Again, surf safe, be safe and remain safe.

    thanks,
     
  6. atomomega

    atomomega Registered Member

    Joined:
    Jul 27, 2010
    Posts:
    1,285
    If you feel like going back to Kaspersky, then do it. MSE (Microsoft Security Essentials) is an average AV. I can't add too much to what those guys up there mentioned already. And they do know what they're talking about. So I would just recommend you to install Javacool's SpywareBlaster to immunize your browser and perhaps think about moving to Google's Chrome. It's way safer than IE.

    The virtualization also works great. I have Shadow Defender installed on the family's PC. I had to spend a few minutes explaining to them how to use it. But ever since I installed, that PC has been clean.

    It would be useful if you could tell us what you use your computer for. I mean, entertainment, research, office work, gaming, banking, shopping, file sharing (P2P apps).
     
  7. PJC

    PJC Very Frequent Poster

    Joined:
    Feb 17, 2010
    Posts:
    2,959
    Location:
    Internet
    1) Protect your Browser by buying a LifeTime License of DefenseWall.
    Another option is the FREE or Paid version of Sandboxie.

    2) If you don't want to buy an AV,
    use a FREE one like AVIRA AntiVir Personal or avast! Home Edition or MSE.
    In addition, use a 2nd Scanner to Double-Check your System:
    Emsisoft Free
    or Malwarebytes' Anti-Malware Free.

    3) Update your Windows and the rest software as early as possible.

    4) Protect your PC with a Recovery Solution:

    The FREE or Paid version of Returnil,
    the Paid version of Shadow Defender,
    the Paid version of Deep Freeze
    or buy an Instant System Recovery solution like
    Rollback Rx and EAZ-FIX.
     
    Last edited: Aug 17, 2010
  8. wearetheborg

    wearetheborg Registered Member

    Joined:
    Nov 14, 2009
    Posts:
    667
    I personally prefer system hardening (see my sig), with some virtualisation.
    OP: what OS do you use? What browser?
     
  9. HAN

    HAN Registered Member

    Joined:
    Feb 24, 2005
    Posts:
    2,080
    Location:
    USA
    I agree that if you feel Kaspersky gives you better protection, then go with it. But I also agree that in general, black listing programs (which is basically what most AVs are) will not give the best protection. Virtualization (like Sandboxie and others), white listing (like Prevx), host intrusion prevention (HIPS like DefenseWall and others) or behavior watching (like ThreatFire) is where (IMO) some of the best protection lies.

    This all said, KIS 2010 has some of these other components beyond the typical AV. Perhaps this is why you had better luck than just with MSE (which is mostly a typical AV.) So if you are happy with it, go for it.

    (At home, I run free Avast AV with Sandboxie and DefenseWall. At work, we run paid Avast Pro with Postini filtering for email and SonicWall firewall filtering for everything (including website content blocking) from the outside world.)
     
    Last edited: Aug 17, 2010
  10. Mr2Much

    Mr2Much Registered Member

    Joined:
    Aug 15, 2010
    Posts:
    2
    Location:
    Orange County, CA
    Sorry for the delay in getting back, I was out of pocket for a little bit.

    I want to thank you all for your responses.

    To answer some of the questions, I am running a mixed bag here. Of the 2 PC's concerned, 1 has Windows 7, the other Vista. Both are updated regularly. There are multiple users so the browser varies between Firefox and IE8. Both have been hit with the AV scam. I run scans pretty regularly. These PC's are used for a gambit of tasks, (games, work, web surfing, etc.).

    Thinking on the subject, I believe a change in user behavior is a large contributor to the issue. The kids are getting older and are venturing around the internet more. While I have some parental controls, they are getting hit from some less obvious sites that pop up on a Google search. I believe education will be a big part of any solution.

    Which brings me to the crux of the issue. There is NO solving the problem. There is MANAGING the risk. The bad guys are adapting and changing. I need to also.

    Thanks. I have some work to do.
     
  11. lotuseclat79

    lotuseclat79 Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    5,103
    Hi Mr2Much,

    No, AV sofware of any variety is not enough? Visit av-comparatives.org for comparison reports. Since my WinXP Pro SP2 bogarted on me in June 2006, I have since switched over to using Linux. My own personal preference (if I were using my Windows system) would be to go with Eset's Nod32 due to its heuristic approach in addition to the use of signatures for known malware.

    The main strategy is not only knowledge, but using a multi-layered approach. If you have a hardware router - learn how to batten down the hatches - e.g. close all ports to avoid port scanning. Change the default admin password, as all default router passwords are posted on the Internet. Learn how to configure your firewall and get one if you don't on your OS.

    As one poster mentioned above, they prefer to harden their system - which is very good advice. Keep learning and asking questions as you go along.

    -- Tom
     
  12. Page42

    Page42 Registered Member

    Joined:
    Jun 18, 2007
    Posts:
    5,829
    Location:
    Last Breath Farm
    Mr.PC, not to put too fine a point on this, but avast! Home Edition went out with v4.8. Since the upgrade to v5.0, it is now either avast! Free Antivirus, avast! Pro Antivirus or avast! Internet Security. Home Edition is no longer used to reference the free product. ;)
     
  13. Page42

    Page42 Registered Member

    Joined:
    Jun 18, 2007
    Posts:
    5,829
    Location:
    Last Breath Farm
    Mr2Much
    I didn't see if you mentioned which firewall you are running, but I'd like to suggest Online Armor and particularly, its Run Safer feature, that lets you run your browser as a limited user. You can surf the net and your browser can't install software automatically that will cause damage to your system. I use Run Safer for all internet-facing apps, like browser, email, media player. :thumb:
     
  14. chronomatic

    chronomatic Registered Member

    Joined:
    Apr 9, 2009
    Posts:
    1,343
    AV is one of the worst ideas ever in computer security. The whole AV model was designed as a business plan to make people rich and not as a utility to mitigate security threats. All it does is make these companies billions of dollars with nothing much to show for it (just look at the sorry state of Windows security, even after many years of the AV companies making billions). It obviously hasn't worked.

    Better solutions are things like:

    1) Use a 64 bit OS so that you can utilize hardware DEP and ASLR.
    2) LUA's
    3) SRP/AppLocker
    4) Browser sandboxes (or Google Chrome and IE with their sandboxing)
    5) Update the OS and third party software frequently.
    6) Download only trusted software that is digitally signed from reputable people.
     
    Last edited: Aug 22, 2010
  15. PJC

    PJC Very Frequent Poster

    Joined:
    Feb 17, 2010
    Posts:
    2,959
    Location:
    Internet
    You are right! :thumb:
    Being Without an AV since 2008, I fell behind the AV Name...evolution...:D
     
Loading...
Thread Status:
Not open for further replies.