Research: 80% of Carberp infected computers had antivirus software installed

Discussion in 'other anti-virus software' started by King Grub, Jul 28, 2012.

Thread Status:
Not open for further replies.
  1. King Grub

    King Grub Registered Member

    Joined:
    Sep 12, 2006
    Posts:
    814
  2. kdcdq

    kdcdq Registered Member

    Joined:
    Apr 19, 2002
    Posts:
    657
    Location:
    Southwestern Massachusetts
    I can see it coming already; the Norton fans that post here at Wilders are NOT going to be happy when they look at the graph. :gack:

    On a positive note, Avast and Bitdefender numbers look better. ;)
     
  3. King Grub

    King Grub Registered Member

    Joined:
    Sep 12, 2006
    Posts:
    814
    Do they? Shorter bars just mean that there were fewer of the 603 studied computers that had that security product installed.

    Avast at least had about as large a percentage of "crippled" systems as Norton. And BD all "Disabled". I don't know how that is much better.
     
  4. RejZoR

    RejZoR Registered Member

    Joined:
    May 31, 2004
    Posts:
    6,426
    This report is completelly meaningless because of 2 factors:

    - no info is given on the versions
    - no info is given whether the software was actually fully updated

    Why is this important? If we take avast! for example. Current actual version is v7.0. But i know loads of ppl who are still insisting on completelly outdated v4.8.
    v4.8 has very little proactive protection, no cloud protection, rather crappy self-protection. You get the picture.

    And the second one, is the software actually updated automatically or users think they know it better and keep everything disabled and they do it themself when they feel like it (which is often equal to "nearly never").

    And the same applies to all of the listed. What good is Norton or NOD32 if you're using versions 2001 and v2? It's pointless. Antivirus software has to be dead on fully updated. The end of it. Thats why companies invest loads of money on proactive and cloud systems.

    I bet 3/4 of the compromised systems were either using outdated AV software, didn't have regularly updated definitions or the system itself wasn't properly patched. Because that usually accounts to most of the infections.
     
  5. Dark Shadow

    Dark Shadow Registered Member

    Joined:
    Oct 11, 2007
    Posts:
    4,553
    Location:
    USA
    People need to wake up and relize they need additional protection and not depend on the AV alone to keep them malware free.Safety in numbers is a good matto.
     
  6. m0unds

    m0unds Guest

    it's not that cut and dried.


    ^^^ this is precisely what i was thinking.

    if someone gets a trial of a norton product on a new computer and they allow it to lapse and don't bother renewing or getting something else, would their telemetry server differentiate between a product disabled by some component of the threat and a product disabled because the user allowed it to lapse and didn't bother renewing? i doubt that's the case, but there's no way to know because that level of detail isn't there and no case is made for that possibility either.

    if by "additional protection" you mean common sense, a modern version of windows (not xp) and keeping things patched, i agree. if you mean more security software, i don't.
     
  7. xxJackxx

    xxJackxx Registered Member

    Joined:
    Oct 23, 2008
    Posts:
    4,050
    Location:
    USA
    I don't care myself. Looks like they all failed. From there it looks like the higher numbers on the graph were jut more popular AVs.

    I have enough SRP rules in place I am not too worried about it. ;)
     
  8. Dark Shadow

    Dark Shadow Registered Member

    Joined:
    Oct 11, 2007
    Posts:
    4,553
    Location:
    USA
    Common sense is always a good thing,but common sense tells me to lock my car doors that does not mean its still cant get broken into or even stolen.Common sense is not enough as legit sites get hacked front time to time and if your AV does not stop it then neither will common sense.
     
  9. Noob

    Noob Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    6,468
    Yeah, although not bullet proof common sense can save someone most of the times. :D
    But as you said, it's still vulnerable, we are prone to make mistakes.
     
  10. Dark Shadow

    Dark Shadow Registered Member

    Joined:
    Oct 11, 2007
    Posts:
    4,553
    Location:
    USA
    sure it can but I have to wonder if many of them getting hammered are happy clickers which common sense in that case goes out the windows.My niece is one of them and when the PC is all screwed up she buys a new one.Makes me sick thinking about it.Some people same machine for years,not my niece she always has a New computer but she can afford it.
     
    Last edited: Jul 28, 2012
  11. Noob

    Noob Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    6,468
    Hahahaha, sounds like my friend.
    I used to help him fix the computer every 2 months due to virus infections, i found once over 2000 malware traces with EAM. . .
    I stopped the scan halfway through and decided to format it LOL, it would never be clean. :D
     
  12. markusg

    markusg Registered Member

    Joined:
    Jun 10, 2009
    Posts:
    248
    wow, what a surprise, infected pcs have antimalware protection.
    i would say 99 % of the pcs i have in forums for malware removal have such programs instaled.
    but useless, if you never update any of the used software and if the user klick all whats interesting...
     
  13. TheKid7

    TheKid7 Registered Member

    Joined:
    Jul 22, 2006
    Posts:
    3,469
    Wouldn't a properly configured Sandboxie and Common Sense stop Carberp?
     
  14. markusg

    markusg Registered Member

    Joined:
    Jun 10, 2009
    Posts:
    248
    Common Sense can not protect you against exploits...
    every legid page could be hacked
    sandboxie and updated software, also av software can.
     
  15. Dark Shadow

    Dark Shadow Registered Member

    Joined:
    Oct 11, 2007
    Posts:
    4,553
    Location:
    USA
    Wow 2000 thats a lot of malware.:eek:
     
  16. TheKid7

    TheKid7 Registered Member

    Joined:
    Jul 22, 2006
    Posts:
    3,469
    In the Year 2005 I made the mistake of actually "trying" to clean Malware from a PC that two un-supervised teenagers had been using for several months. The PC was at a "crawl". There was somewhere around 1,500 Malware items found, but I was unable to properly clean them. I "wasted" around 6 hours trying before I gave up and did a format/re-install.
     
  17. trjam

    trjam Registered Member

    Joined:
    Aug 18, 2006
    Posts:
    9,057
    Location:
    North Carolina
    2 DA questions, so I apologize.

    How would WSA hold up against something like this and would EMET make a difference.

    thanks
     
  18. Noob

    Noob Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    6,468
    Yeah, EAM showed around 2000 traces, remember traces can be a lot of things such as registry entries from programs like Ares (PUP) so it's not necessarily malware but still a very very high number. :D
     
  19. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    Allthough I am not using an AntiVirus real time, I really have a problem with this type of studies. When no Antivirus has a 100% coverage, prooving that they are bypassed is prooving that water is wet. Big deal.

    An AntiVirus is like the word says an anti-dote against virri spreading wide out in the open world. Sure a few unlucky ones get infected, but on average the chances of getting infected for the average Joe or Jane are near to zero.

    Imagine a politician around 1918 telling people during the world wide influenza padamic, hey because people are killed by the spanish flu, let's skip research and vaccination programs in the world. Because the counter measure is not a 100% percent or because it takes some time find an anti-dote. Imagine a politician telling the same in 1981 when Aids was first discovered. Water is wet studies or waisted money IMO.

    When I use public transport or my own means of transport, there is a chance I will get an accident. So until that chance drops to zero I should be staying at home forever. Oh wait, at home I still have a chance of being struck by thunder and lightning. So where should I stay next. Oh yes, dig a bunker deep in the ground. Wait there is still the odd chance of an earth quake.

    Unplug you computer from the internet, use alternative means of security, but don't tell the average Joe/Jane to uninstall their AntiVirus. AV is the anti-dote against digital virii pandemics. Stop bashing AV-companies for providing counter measures which work well for the majority of the pc-users.

    When OS-ses harden (Windows gradually following best practises of Linux and Mac-world) and browsers provide sandboxes (Chrome as champion, IE second with its protected mode), the impact of traditional virri will lower. According to my friend (a security expert working for banks) the financial impact of virri, is lower than e-mail fraud, e-mail fraud is bypassed by man in the browser malware in 2012, skimming of pay terminals allready accounts for the largest (financial) damage.

    Regards

    P.S. When 'security' experts advise people on Vista or Windows7 to use Firefox in stead of IE or Chrome, I have the same "please don't tell this kind #^%$*!" response: Firefox does not have the protected mode of IE9 or the full featured sandbox of Chrome. So FF by design is less secure than IE9 and IE9 is by design less secure than Chrome, like Windows by design is less secure than Linux and the average Linux distro is less secure than Mac (unix like benefits combined with windows like features as Apple signing only policy).
     
    Last edited: Jul 29, 2012
  20. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    It's not meaningless at all. Who cares whether they were up to date or not? This shows that real world usage is not effective.
     
  21. The Hammer

    The Hammer Registered Member

    Joined:
    May 12, 2005
    Posts:
    5,619
    Location:
    Toronto Canada
    Being up to date is very valid and your comments about real world usage might carry some weight if the products were shown to be.
     
  22. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    The point is that, outside of lab conditions, antiviruses don't protect people. Whether that's because they're not up to date or not is irrelevant.
     
  23. Cudni

    Cudni Global Moderator

    Joined:
    May 24, 2009
    Posts:
    6,956
    Location:
    Somethingshire
    There is no point, there just your opinion. Most people benefit from current and regularly updated AV protection.
     
  24. The Hammer

    The Hammer Registered Member

    Joined:
    May 12, 2005
    Posts:
    5,619
    Location:
    Toronto Canada
    Actually most of the time they do protect people. So up to date or not is relevant. The reason people load up on security programs is because Av's are not 100% effective.
     
  25. TheWindBringeth

    TheWindBringeth Registered Member

    Joined:
    Feb 29, 2012
    Posts:
    2,087
    I think the "what was the configuration of the machine when it was compromised and how was it compromised" question is highly relevant because that could shed light on vulnerabilities that could be closed. However, that requires some means of reconstructing things and looking back in time. For example, if there is a case where an infected machine is running an older version of AV software... is that because the user disabled updates or because the malware disabled updates? If there is a case where an infected machine is running the latest version of AV software... did the user take some step to help the malware establish a foothold or did the malware bypass the proper configuration/administration via some software vulnerability?

    Infected, AV protected machines is not necessarily a bad thing. In order to be 100% effective against malware, AV software would have to have comprehensive control over the platform and make it impossible for the user (administrator) to perform an action that *the AV software manufacturer* considers to be a threat. AV software of that nature would simply be another form of malware.
     
    Last edited: Jul 29, 2012
Loading...
Thread Status:
Not open for further replies.