Recommending Anti* qualifications

Discussion in 'other security issues & news' started by StevieO, Feb 21, 2007.

Thread Status:
Not open for further replies.
  1. StevieO

    StevieO Registered Member

    Joined:
    Feb 2, 2006
    Posts:
    1,067
    Hardly a day goes by in this forum, and all the others, when people are asked and/or offer their suggestions/opinions on which Antivirus, or Anti whatever is best/good etc.

    Leaving apart from whether it's free/paid, how it looks, how easy it might be, or not, to configure, how many resources it takes etc etc, lets concentrate on the most important aspects of having an Anti in the first place, protection and detection.

    How many people are really qualified to give and pass on, totally, or anywhere near, accurate answers ?

    How have they tested it/them, and what with, and how often ?

    The only way someone could really know how any product fares, is to test it with real live malware, and/or static malware, and often. Also by visiting websites which have exploits hidden in their code.

    Then and only then would someones opinion have any real weight and credibility. Also just saying they havn't been infected, or often, due to little or no contact with malware, doesn't prove how their product would react if subjected to all the hundreds of thousands of nasty malware that's out there right now. And increasing by the bucket load every day.

    Of course stating how much we like, or not, a product for other reasons is perfectly valid. I understand people are trying to help, or have favourites, but i've seen many people recommending products that just do not live up to the claims being made for them. Some of these products may at one time been king, but since then other products have vastly improved and overtaken them. And also some new players are on the scene which are better than the previous top dogs.

    I think a good idea would be to provide a disclaimer on each and every such post/thread, and/or as a sticky on each forums page stating that, (Personal opinions are no guarantee of malware protection) or words to that effect.


    StevieO
     
  2. JimIT

    JimIT Registered Member

    Joined:
    Jan 22, 2003
    Posts:
    1,035
    Location:
    Denton, Texas
    I think that Wilders in particular, qualifies itself as a source for exchange of ideas and experiences in many different avenues of PC security. All advice dispensed here and elsewhere in the big wide internet world should be taken with a grain of salt. Frankly, it's caveat emptor.

    But I think, in a way, your question is a valid one. To me, it's incumbent on the person asking for help to determine whether they are going to take the opinion of someone at Wilders as gospel, or whether they're going to also consider other opinions, because everyone's experience varies.

    I have been a support technician/network admin for 5 years. In a single-site network with over 200 PC's and almost 800 users--many high-risk. I also do contract work for a few other small business clients with 25-40 users on a regular basis. This has given me the opportunity to see many products 'in action.'

    Not sure I meet anyone's qualifications for recommending products, frankly, but I know best practices for securing a PC, and a LAN, and I've seen virtually every hardware failure/virus infection/software meltdown you can see.

    That doesn't mean that my opinion is any better or worse than anyone else's, because I don't know your specific situation. All any 'expert' can give you is 'best practice'. What you choose to do with that info, and how you apply it is up to you. It's not a panacea, either.

    There are others here with specialized knowledge in things such as software/hardware firewalls, VB scripting and coding, Assembly, spyware behavior, etc. Does that make them experts on what you need for your PC?

    Only you can answer that. ;)
     
  3. Escalader

    Escalader Registered Member

    Joined:
    Dec 12, 2005
    Posts:
    3,710
    Location:
    Land of the Mooses
    Yes, this is always an issue on any forum. It reminds me of these financial "experts" that come on TV to say this or that stock/company is good. Turns out when they have to declare their interests that they or their family members own it!

    But let's get real here, no one is forcing you or can to do anything at all on your PC's. It is up to each individual to verify the correctness of any approach or any product. Here we get ideas, suggestions etc, get a trial version and test for yourself! Do we read the license agreements where the disclaimer about the product are accepted before you can use it?

    As to comparing tools there are independent testing labs for many of the products where they are exposed to malware and even retro tested of older versions again newest parasites so their heuristic detection of new ones can be compared. AV Comparatives as a search here should work for you.

    It would be good to have some sort of way to identify level of experience.
    A risk though would be that an elitist group may arise (as did in another forum which will remain nameless) and that can be and was unhealthy.

    Comments welcome!
     
  4. herbalist

    herbalist Guest

    Making real comparisons between AVs based on detections is almost impossible. The amount of time it would take to test multiple AVs with a large enough malware sampling to be meaningful would result in the tests being outdated by the time they were finished. Assuming you had a sufficient number of people to handle the testing and had access to an extensive malicious code collection that included very new viruses/malware, you could compile a lot of detection data. Then you have the problem of translating that data into something meaningful. Even with limiting the product comparisons to their detection performance, what criteria decides which is best? Highest detection percentage? Fastest to add new detections? Most effective heuristics? Fewest false positives? Of which type of malware, as defined by who? There's no agreement on definitions for categories.
    By the time you finished sorting and determining how to weight the different factors, your data is getting obsolete. Even if you could finish the testing and data sorting in good time, all it will tell you is which ones did better than others at that specific moment in time. The results, percentages, and probably the comparative ratings would be changing constantly. When none of the products catch everything, just how useful would this comparison even be? Does a 95% detection rate tell you that there's a 1 in 20 chance that this product will not detect the next malicious file you encounter? With more malicious code using rootkit methods all the time, a 95% success rate isn't very encouraging, not when you factor in how difficult a rootkit can be to find and remove should your real time protection miss it.
    A disclaimer like that should appear right at the top of the appropriate sections of the forum. It would get old seeing something like that in every post discussing AVs, ATs, etc. Since I'm not an expert and don't have the resources available to adequately test and compare anti-whatever software, I'll add my disclaimer.
    In my opinion, AVs and other signature based security apps are obsolete and incapable of providing an acceptable level of protection for many reasons, including:
    1. Malware's ability to evade detection via rootkits, encryption, etc.
    2. The rate malicious code can be distributed,
    3. The speed that new vulnerabilities are exploited,
    4. The fact that definition files, reference files, etc are outdated at the moment they're released,
    5. The fact that none of them come close to catching even the known threats,
    6. Their low effectiveness against new and unknown malicious code
    7. The sheer number of virus, malware, etc makes signature based detections an unnecessarily heavy load on a system.
    8. The extreme difficulty of detecting and removing modern malware if it's missed by the signature based software.
    In my opinion, a security strategy based on a whitelist of allowed applications and behaviors, implemented by system policy, application firewalling, or both, will provide much more effective protection. Signature based detection software should fill a supporting role to the above strategy, as it is not reliable enough to be the core of a security system.
    Rick
     
  5. Ice_Czar

    Ice_Czar Registered Member

    Joined:
    May 21, 2002
    Posts:
    696
    Location:
    Boulder Colorado
    couldnt agree more, which is why I try to address categories and technologies of security that compromise a layered defense rather than a specific brand of aps within those categories

    at least these days
    when I do make recommendations its generally to buy a well respect core application and employ alot of freeware and behavior modification around it to add to the layers\failover
     
  6. Pedro

    Pedro Registered Member

    Joined:
    Nov 2, 2006
    Posts:
    3,502
    I've been thinking about some things i say... i'm no expert, so naturally i wonder if i should say anything about certain subjects. Sometimes i review my posts, and they don't sound so bad as i was thinking. Still, i refrain myself more and more. Because the more i learn, the more i look back at my foolishness.

    But, this is not government, and i can't force anybody, that's how i relax afterwards. I try to be honest, but this is a public forum, and people should think for themselves.

    I think Audi provides better cars than Volvo. Did i test them against a wall, or racing side by side? No. Volvo could be better in some cases, and Audi in others.
    Still, for me, Audi rules. If you have money to buy either... that's another issue:'(

    I give once more this link about a simple concept: Bounded Rationality. Even if i were an expert, i couldn't possibly know exactly what's better.
    I can only anticipate and think as my imagination and intelligence provide. Or the time i have.
     
  7. Escalader

    Escalader Registered Member

    Joined:
    Dec 12, 2005
    Posts:
    3,710
    Location:
    Land of the Mooses
    Someone:

    The link on rationality was interesting! When I graduated many years ago I thought that organizations I worked for must be driven by rational information based processes and models.

    It was a shock to me in my 20's to find out that managers made many decisions based only partly on information and rationality. Other factors were more important, "gut instinct", who brought the message to them, if they liked them they tended to listen more to them, they were driven by time pressures real or imagined and rarely waited for 100% information before making a "call".

    This is not a complaint just an observation.

    Take a look at the world today... is it becoming more rationale? Does the speed of delivery of "opinions" help make better decisions?

    Over time on this forum you sort of get an idea of who to listen to don't you?

    The posts from Ice and Herb are just 2 examples of posters I listen too!
     
  8. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    8,695
    Hello,

    As someone who does not really recommend security applications to others I think I'm qualified to do that.

    Seriously, it really does not matter. In any field of life. We can only offer what we think is the best advice at a given time based on given knowledge and circumstances.

    We should be ready to admit mistakes and change trends when they prove to be contrary to our beliefs.

    And finally, it is up to the user being recommended to make the right choice. For example, if a person X whose advice I find useful for the last 2 years recommended yet another application Y, the chances are fair that this advice is sound.

    But when you see someone touting a different product every three weeks, then you should probably heed his/her advice with a bit of reservation.

    I also read the best, recommended anti* threads. Does it mean I follow the advice? No. I sift through 90% of stuff, concentrate on 10%, test heavily on different machines, using virtualization and whatnot, before considering moving to a production machine.

    Mrk
     
  9. TairikuOkami

    TairikuOkami Registered Member

    Joined:
    Oct 10, 2005
    Posts:
    2,508
    Location:
    Slovakia
    I do understand, especially since I recommend products, which I have never used.
    But that is the purpopse of forums like this, to learn from others and spread the word.
    I create my opinion based on opinions of other people, but it depends on their credibility.
    When skilled users like Mrkvonic or WSFuser say something, I take that info for guaranteed.
    But so far it works, I allways managed to clean up victims PCs based on info gathered here.
     
  10. Escalader

    Escalader Registered Member

    Joined:
    Dec 12, 2005
    Posts:
    3,710
    Location:
    Land of the Mooses
    I for one like to read all opinions.

    For myself I feel compelled to comment only on products/approaches to problem solving that I have used or am using.

    This need not apply to others.

    For example, if member x doesn't think systems utilities such as say Systems Mechanic are a good approach and that their rationale is that it better to do it on their own or through specific free tools that is fine.

    But say up front "I don't use this tool myself but........"
     
  11. Pedro

    Pedro Registered Member

    Joined:
    Nov 2, 2006
    Posts:
    3,502
    Thanks. If you're interested, there's a follow-up on that.

    One of the things i learned is exactly what you just said: managers and people in general can't get all the facts, statistics, and relevant information. They have to adjust to what they have, and decide based on the info and experience, "gut instinct", and basically expectations.
    There was an author that explained this very well, can't remember who (maybe Peter Drucker or Michael Porter, probably all the gurus say this if they're really smart). I always forget basics when trying to explain...

    Incidentaly, that's related to the reasons for an enterprise exist, to reduce "transaction costs".
    If this sounds boring, remember: economics is everywhere, even if dollars aren't envolved, and economic theories relate to many other topics.
     
  12. Ice_Czar

    Ice_Czar Registered Member

    Joined:
    May 21, 2002
    Posts:
    696
    Location:
    Boulder Colorado
    all phenomena shade from one discipline to adjacent disciplines and sometimes far afield to areas few anticipate, the "blind spot" of the specialist model. Leading to the resurgence of the previously under appreciated role "generalists"

    supposedly what a "manager" is
     
  13. Pedro

    Pedro Registered Member

    Joined:
    Nov 2, 2006
    Posts:
    3,502
    Well put Ice. It shouldn't be a surprise of course, pretty much everything is connected with something else. Economics in particular can't rely on itself. When we talk about consumer choice, it's much more complicated than the classical assumption of rational choice, even if it makes it easier to model and think.
     
  14. Ice_Czar

    Ice_Czar Registered Member

    Joined:
    May 21, 2002
    Posts:
    696
    Location:
    Boulder Colorado
    its postulated that in science these days, where the scope of a particular practitioners knowledge is generally limited solely by the sheer volume of information (which is exponentially growing), the role of "generalists" is ever more important to spot those "far afield" correlations which often provide the greatest opportunities. These correlations reignite debate and reinvigorate investigation. But there are really few multidisciplinary generalists. Most graduate and rush off to their chosen frontier of knowledge in an attempt to "discover\uncover" the new for fame, fortune or patents, but rarely try to keep up with the "big picture".

    In 1770 it was arguably possible to be well informed in all disciplines, (arts, sciences, humanities) now the best most approach are say biology > microbiology > organic chemistry or a partial "arc" of the knowledge frontier, at least the disciplines have now realized knowledge shades from one to the other. But its very rare to see someone shading from say the sciences to the humanities with any great depth.

    a few notable exceptions would be Issac Asimov (who taught me many of the physical sciences and is one of my heroes) James Burke, Stephen Jay Gould, Jared Diamond, Clive Ponting, Luigi & Francesco Cavalli-Sforza, Noam Chomsky, Steven Pinker

    just to keep this on topic :p the same can be said about security, which requires information as far afield as basic computer sciences (hardware) networking\communications, programming, sociology, psychology, ergonomics, risk management, threat assessment, and economics
     
    Last edited: Feb 22, 2007
  15. Pedro

    Pedro Registered Member

    Joined:
    Nov 2, 2006
    Posts:
    3,502
    Yes, it tends to be real tricky understanding the big picture. Ford i think said that we need to see the little things to see what lies ahead. In some other words of course.:p But this is getting more and more complicated to do. What you just said is related to THE guy, Adam Smith, about the division of labour and specialization, leading to productivity. Marx picks up his works and does his own analysis. Two of my favourite authors. Not a contradiction note.

    On topic :D , this is why "Recommending Anti* qualifications" from me is not so bad. It's dificult all around. I just state my preferences, and if i stay like that, i'm just posting my opinion, and whoever reads it must think for themselves on what applies to them, because reality is complex, and i don't hold the key to the universe:D

    This forum offers a lot of perspectives, and that's how valuable it is.
     
  16. Ice_Czar

    Ice_Czar Registered Member

    Joined:
    May 21, 2002
    Posts:
    696
    Location:
    Boulder Colorado
    as you (and Adam Smith et al) point out specialization is the reason human knowledge is expanding exponentially, however its application, consequences and relevance are often stunted by a lack of comprehension. The consequences of a hydrocarbon economy for instance, an unbridled consumer society, or widespread adoption of hundreds of thousands of manmade chemical structures with little to no interactive studies, or playing with the building blocks of life itself RNA\DNA Biotechnology, Vista :p

    or to steal the tagline from oldversion.com
    becausenewerisnotalwaysbetter
     
  17. Pedro

    Pedro Registered Member

    Joined:
    Nov 2, 2006
    Posts:
    3,502
    That alone would be a dificult topic, and would last a decade. More even...
    Are we loosing control on some things, or are we afraid of the unknown? For another day...

    Checking it out:thumb:
     
  18. Pedro

    Pedro Registered Member

    Joined:
    Nov 2, 2006
    Posts:
    3,502
    Given this topic, i've updated my signature. For clarity or honesty.:p
     
  19. Ice_Czar

    Ice_Czar Registered Member

    Joined:
    May 21, 2002
    Posts:
    696
    Location:
    Boulder Colorado
    <looks around> we are here :p <ducks>

    excuse me I need to go change into a less wrinkled set of tinfoil underwear
     
  20. Escalader

    Escalader Registered Member

    Joined:
    Dec 12, 2005
    Posts:
    3,710
    Location:
    Land of the Mooses
    HI Guys et al:

    Quote from Ice with due credits...

    "just to keep this on topic the same can be said about security, which requires information as far afield as basic computer sciences (hardware) networking\communications, programming, sociology, psychology, ergonomics, risk management, threat assessment, and economics"

    Your point on risk/threat assessment got me thinking (always a bad sign)

    In determining what a PC user needs security wise, would it be possible to create a knowledge based model that posed questions to users and then produced suggested methods/tools for him/her? It could use just freebies as desired or paid tools as well. The data base of tools it used would be based on if it was certified, was in the AV comparatives etc etc. It would do a risk assessment based on type of PC work done and provide recommendations for the users.

    You get the idea. Everyone should critique!

    Has this (should this) been done?

    We could call it the WSDM.
     
  21. StevieO

    StevieO Registered Member

    Joined:
    Feb 2, 2006
    Posts:
    1,067
    I notice the threads veered off into phylosophy etc, but i don't mind a bit as it's not often people get to see some of the topics and links that have been posted. If it helps to broaden anyones perspective on life etc, then that's good.

    Back to the future.

    My main concern was users who aren't very experienced, and others too, who may rely on recommendations based on someones enthusiasm, and/or just saying it was the best, without any real qualifying statements to back it up.

    The best should mean, best at detection and prevention. Everything else is secondary. Other things might be important to some, like scan times, resource usage etc, but the number one modus operandi for any Anti* must be providing protection. And all are not equal, and just stating something is the best, doesn't mean it is, in Fact. This is how people can, and do, get misled frequently. Maybe unintentially, but the end result is they do. I often see people saying they will install this or that, due to several posters stating it's the best, even when it is not. And i'm judging best, by real world tests done by reputable people.

    Nice to see some good discussions on this.


    StevieO
     
  22. Ice_Czar

    Ice_Czar Registered Member

    Joined:
    May 21, 2002
    Posts:
    696
    Location:
    Boulder Colorado
    we may have strayed into the more "abstract" levels of "ontopicignous"
    (I love inventing words :p)
    but if you reduce the original proposition to the basis for belief and the nature of knowledge we didnt stray too far :p

    its been said there are three flavors of belief

    1. authoritative belief
    (the parental unit, officer, professor, Pope or Mrkvonic said it was so)

    2. personal belief
    (and then God said unto me \ everyone else is an idiot I figured it out myself)

    3. scientific belief
    (scientific methodology, elimination of assumptions and proof through experimentation)


    at first glance it appears that 3 is the winner, until you consider that the history of science is largely one apple cart being upset by another and that many arrived at the (currently) correct answers without it. Observation and deduction still count, they are just best proven with three. And if you choose the right figures to listen to, one is just as viable. What really counts is the ability to differentiate the three and see if they are in accordance or not for a given topic.
     
  23. herbalist

    herbalist Guest

    This is as far off topic as a thread can get.
     
  24. LowWaterMark

    LowWaterMark Administrator

    Joined:
    Aug 10, 2002
    Posts:
    17,875
    Location:
    New England
    My golf handicap is....

    Oh wait, that's more off topic. ;)

    Hey, it happens here on the good old Internet. :D
     
  25. AintGeo

    AintGeo Registered Member

    Joined:
    Feb 22, 2007
    Posts:
    8
    Location:
    Home
    Microsoft said this "quote" is a anti-'spyware' loop. Then, said to download Symantec software "quote-Windows Defender support-team". Thanks, I needed that---no needto: copy-write:ninja:
     
Loading...
Thread Status:
Not open for further replies.