when was the last time anyone found a real live virus ?

We're well off topic now, but I believe this one is worth answering.

We do offer limited trials when necessary for business customers, they're just not available for individual users anymore. When we had the 30 day trial structure, very few people paid for the product; most just used the free cleanup and disappeared. Since the trial has been withdrawn, revenue and agent retention have increased substantially.

 

Great Point! ghiser1

Another issue is that most of the good guys are still having trouble cooperating together. They fight each others and the bad guys.

All the while the other team is forming up "organized crime groups" and the pay off are bigger meaning their incentives are growing with the increased profits.

As for being on topic, I picked up a key logger on a client pc with a brand new build less than 10 days old... And yes it had everything, firewall, av anti spyware and more...

I'm still trying to figure out if there might be some frigging root kit lurking in there as we have no idea how the darn thing got infected yet! For those interested it's the RedHand Keylogger and it was infecting a .dll in the ups monitoring software (and Yes it has a built in web server but it's not the infection vector).

 

I think a successful virus writer earns only the respect of his peers, while a successful rootkit writer not only earns the respect of his peers, but also stands to gain financially from criminal activity.
I am betting that as time goes on, we should see a decrease in the number of new viruses as opposed to an increase in other forms of malware.

Is it possible to have a hybrid form of malware, such as a rootkit virus?

 

Well, I'm not an accomplished software development engineer, but from my vantage point I see no difference between, spyware, root kits or Trojans, since, as I see them, they are all unwelcome hostile code infecting user environments. Whether they cause damage or simply steal information they are all fruits falling from the same three, just a different branch!

To me those accomplishments are held in about as high esteem as soiled toilet paper...

Think of who gets to suffer from most of the arm: The technically weak, and the ignorant or those who cant afford the appropriate defenses. Not exactly something to be proud of...

 

I get viruses via email multiple times a day. NOD always catches them. I would say I only get about 4-5 different viruses or variants, but I do receive them every day.

One of the 'perks' to having a publicly known email address is it gets hit pretty hard. Somedays worse than others.

I've caught 3 instances of the Netsky.Q worm this morning. lol

 

I am glad that you brought this up.

I gave me old granddad a PIII 1Ghz, 512Mb ram machine, which he uses to read the news, the weather, and social emails.
If his machine gets infected by a virus, he will ask why does it need to be removed.

Given the machine's purpose, where is the harm in leaving his machine infected?

 

Depending on the malware's payload, he won't be able to perform his regular tasks at some point.

 

If I tell him that, he will tell me to reformat the drive and reload the OS environment, thereby saving the money he could have spent on AV software.

 

got one today. My temperature is 100.2. Ugh.

 

Alas, me granddad is quite a stingy fellow.
Neither of these scenarios will be enough to convince him to shell out 30 euros a year for AV software.

 

How about the free version of Returnil ? based upon what you have said although it is possible for him to get infected it is highly unlikely. Even if he did get infected he would almost certainly be clean at reboot. It might take 20 minutes to explain turning protection on and off but it is free and won't slow him down like an AV would.

 

I'd call Avira to complain. The high temperature virus has been around forever, there's simply no excuse for missing this one.

 

Aha, this Returnil looks very interesting.
I see they are even suggesting vulnerabilities exist in using VMWare as part of a security policy.
I can't find a comparison page on their site detailing the functional differences between the home and business versions though.

 

Do you want to tell me that the billions of spam mails are delivered by only 10,000 infected PCs?

 

Perhaps the day the law gets tough on those allowing willful infections to propagate this way because users are too cheap, too lazy or plain too stupid to prevent against the arm done to others with their own pc, and lays some types of criminal negligence charge after someone got infected because of him and looses revenues, that day he may change his mind about it... Perhaps that day is coming and sooner than some might think!

The bulk of infections, spam and bot network problems are directly attributable to infected home pc's allowed on the net spending all unused processing cycles propagating nasties globally. Add to this powerful multi core processors, huge hard drive and large memory with practically unlimitedly bandwidth (Minus some upload throttling @ some ISP's) to power the whole thing, and you start to get the picture... Not a pretty sight!

Now when this issue is compounded by users who know they are infected and chose to do nothing... to me this is not only stupid, it's plain point blank criminal...

 

What, on the average home user's PC is so valuable that it needs to have so much security software as many seem to use?
A router, an outgoing control firewall and a decent anti-virus, plus an on demand spyware scanner and perhaps Comodo Boclean surely should be enough, even if one banks on-line?

 

I still get this from customers all the time: "I'm only using my pc for browsing the web and read emails... why should I spend time and money to put security on it?" This is an incredibly Selfish proposition that doesn't take all the facts under careful consideration:

It is not the content of the pc either, that should motivate you to keep it protected it is the fact that if you don't you will be directly responsible when someone else gets infected because something transmitted from your computer infected them. Perhaps not legally yet but certainly there is a moral imperative here.

Besides from my perspective it is not so much the quantity of security software that is important, but to have an appropriately layered defense approach dictated by the actual threats one faces daily.

If for example a user doesn't use e-mail at all, then an antivirus is not really required to scan inbound messages, but if he is browsing the internet heavily he should consider a sandbox like sandboxie to operate Firefox configured with the NoScript Add on, together with Link scanner Pro or Free and McAfee site advisor. (The focus being on Web browser security)

In both cases he should have a HIPS, either PREVX or Threatfire installed and perhaps BOCLEAN although not necessary in this case since the similar functionality is included in threatfire or PREVX but a good firewall such as Comodo Firewall PRO 3.0. is a must.

Please do note that the only "Cost" incurred here would be for Prevx for a home user if chosen over Threatfire, and PREVX & Sandboxie for a business user. Not exactly expensive or complicated. Yet this configuration would prove most powerful against every attack vectors confronting that user.

Either way, some user learning is required in context as a few of these tools require some user intelligence to be effective...

 

Getting other people to learn about security is the hardest part. People are just ignorant and don't want to spend time to learn and maintain security.

A friend of mine who keeps getting spyware on his computer asked me to help. The best I could do was install AV and told him to sandbox his browser. Anything more intrusive and he wouldn't have bothered.

 

I haven't had a thing for a good few years now!

 

At least install SiteAdvisor and linkscanner on his pc... These are not enough by themselves usually but they require minimal user intervention and will block a lot of the risks. Also get him to read my article on Cyber Self Defense (you can find it on my site). I wrote it to wake up users like him...

 

Just curious, with one

 

How about the law getting tough on billionaires running corporations that sell insecure OS to unsuspecting consumers?

Oy, if I tell me granddad's this I might hurt his feelings, but he won't let go of his 30 euros!

IMO the criminal activity today, and as far as I can remember, starts with M$.

 

Pretty pointless, since there's nobody to charge.

 

I think this is significant.
Many threads start with someone listing several security software and then asking if they are enough, or if one or another is unnecessary.
Then a few members reply with opinions such as these:
"You don't need X because you have Y"
"That's good enough"
"Maybe you should think about adding Z"

I have come to the conclusion that this approach is flawed.

I think several questions need to be asked before any recommendation can be made, such as:
"What are you trying to protect?"
"How important is it to you to have this protected?"
"How do you work with your PC?"
"How much control do you want to have over the protection process?"

Being forced to have answers to questions like these before making recommedations will make you realize that there is a very subjective, personal element to security for the home user.
This means that there cannot be one solution which is perfect in all situations; all options need to remain on the table.
So while you may recommend an AV suite to one, the best recommendation for someone else may be no AV, but firewall and HIPS, and for another it may be virtualization.

So now, whenever I see a question asking, "What is the best" or "What is the top", the only answer I can give without more information is:

"It depends."