comp/net virus protection

[tw]

Quote:

Originally Posted by mbpark

I don't see this situation changing any time soon. There's no good way to look at a live system considering how complex Windows is, and how it presents hundreds of hiding spots for any piece of malware. You have to find where they load from, not where they live afterwards.

I am not discussing 'fixing the problem'. Windows is what it is. Now, which anti-virus software does its job best given that Windows is what it is?

I have spent time trying to remove malware without any anti-virus software. Some were simple - an entry in the registry. (AOL belongs in that category as far as I am concerned.) Others were almost amusing - new tasks with random names appear as other pieces of the malware were removed. I could not remove all the pieces fast enough. I once manually removed a virus on a Windows that would not even boot. That was particularly fun.

Interesting is how 'System Internals' detected the virus installed by Sony from numerous music CD-Roms. I have also done that. But that is not relevant to the question.

Given that Windows is what it is, what benchmarks does the OP have to identify the better anti-virus software? Not even a good benchmark. We still don't provide a bad benchmark to answer the OP's question.

A bad benchmark might have been Nirvana's post IF it listed which 50 malware was removed or quarantined by what program. Currently, we don't even have a list of viruses categorized by the program that detected and removed it. Currently we have others claiming their anti-virus software works good without any indication that the anti-virus software even detected or removed anything.

Without a list of current malware X removed by anti-virus software Y, then the OP only has blind recommendations. Recommendations provided without the always necessary reasons 'why'. Currently the OP has few useful answers. Even the best answers are only subjective.

Symantec once was recommended for having detected and removed most known malware. Today, Symantec does not appear to have the same reputation. Why? Why is AVG better?

Consumer Reports once tested maybe 15 different anti-virus softwares using malware. Don't remember when. I recall that Trend Micro was highly recommended. That could be a benchmark to answer the OP's question because it also says why each was rated.

Microsoft only recently changed attitude. The resulting meeting with anti-virus manufacturers was reported to have gone on all day, all night, and up to lunch the next day. So yes, we should expect some improvements from Windows in the future. But that is not relevant to the OP's question. Given what we have is what we have, what benchmarks exist to rate anti-virus software?

[glatt]

Quote:

Originally Posted by tw

I once manually removed a virus on a Windows that would not even boot. That was particularly fun.

*Pictures tw hunched over a motherboard with a pair of tweezers, cursing softly, as he pulls a worm out of its hole in the processor.*

[mbpark]

Tom,

On the data sets provided (see the links I sent), someone did a subjective test against a known data set, which proved that AVG and multiple other programs (including Avast!) were much more effective than Symantec's product. This test is repeated periodically with different data sets.

This is one site: http://www.checkvir.com/
This is another (Virus Bulletin): http://www.virusbtn.com/vb100/archiv...isplay=summary

The registration for Virus Bulletin is free. Their methodology is posted there. What I found interesting is that Avast! failed on Vista Business but passed on XP Pro. Same with McAfee.

Why is AVG better? I'll give you a simple reason: because Symantec's product managers, in an attempt to shoehorn as many features as possible into the product to get people to buy the product from year to year, have concentrated more on extraneous features than actual Anti-Virus. This leads to the epic fail we call Symantec Endpoint Security 11, which has IPS protection that would block all connections to Active Directory servers after about 20 minutes, thereby effectively shutting down networks.

And yes, I used to work with a former Symantec product manager who has confirmed their marketing strategy to me. I also ripped them a new one over what happened with SEP at a customer before I moved into my current job.

Surprisingly, their Linux Mail Server solution for Antivirus isn't half bad. It needed some work (aka a fix to the XML file that generates the Postfix configuration files on service restart that Symantec forgot to do) to work in a multi-homed environment, but it screams on the 2 8-core HP Proliant servers I have it running on (hey, that's the lowest-spec I can get for SMP servers these days!).

[lumberjim]

I bet that's (the symantec v11)what fucked my HP laptop 2 months ago.

[classicman]

wow - thanks guys - now I'm afraid my computer may have problems that don't exist. I turn it on, it works. Guess that'll have to do for now.

Something I'm curious about - Why don't macs have these issues?

[dar512]

Quote:

Originally Posted by classicman

wow - thanks guys - now I'm afraid my computer may have problems that don't exist. I turn it on, it works. Guess that'll have to do for now.

Something I'm curious about - Why don't macs have these issues?

While I'm sure that Apple works hard to make sure that OS X is secure, the real reason that Macs don't have this problem is that people aren't writing viruses for OS X. Virii are platform specific. As Microsoft continues to step on its own whatever, and OS X gains a larger market share, you'll start to see virii for Macs.

On the other hand, OS X is built on top of BSD (a well worn Unix variant). So it could be that virus writers will have a tough time making headway there.

[classicman]

uh ok - thanks for that. I think i got some of what you said. I am rather illiterate when it comes to computers though.

[Nirvana]

TW you just like to lord your "imagined" superiority over people, good for you, you have a purpose in your life. I listed the programs that would work for S123. She does not care how they work or what viri they trap or what exact mal ware they prevent.
None of your posts are helpful at all. You are the very definition of bloviate.

[Nirvana]

Bloviate;"to speak pompously and excessively," or "to expound ridiculously."
noun; bloviator, someone who holds forth on subjects in an arrogant, tiresome way.

[mbpark]

Dar,

There are viruses and trojans for OS X, and a lot of working exploits for OS X Server and applications that run on top of it (Wordpress, anyone? ) due to the nature of PHP and Perl-based exploits that affect all UNIX-based web servers.

Apple ships OS X with a set of default system services, which are ports of their Unix brethren (PHP, OpenSSH, OpenSSL, BIND, mySQL, ClamAV, Sendmail, Apache, Perl, etc.). Some of these are enabled by default on OS X Server.

Apple's had a history of not patching their ports of Open Source software as quickly as vendors such as Red Hat, Novell/SuSE, or Sun do. Apple was way behind patching the "Kaminsky" DNS bug. They also have been behind in patching the other ports of Open Source/GPL software they ship as part of OS X.

There's been working exploit code for OS X circulated. The last major exploit for OS X was a trojan within a pirated copy of iWork '09 that was circulated on BitTorrent.

Their kernel and part of the userland is Open Source. Their display technology is closed-source, and from what I understand, has some issues. Apple also allows regular users to write to locations on the hard drive that they shouldn't on a standard UNIX platform.

Some viruses are not platform-specific (such as the Wordpress bugs that can turn your machine into a bot given perl, wget, and a few other tools), and have already affected OS X Server.

OS X on the desktop isn't far behind. It's been done, but the real reason why you don't see the viruses for that platform is that it takes more time to craft for OS X or Linux than Windows.

Microsoft just makes it too damn easy, and the other software packages out there that have exploits (Adobe Reader, Adobe Flash, Java Runtime Environment, Firefox, AIM (yes, I have seen working AIM exploit code), Yahoo! Messenger, Skype, and even some AV programs) make it even easier to target tons of Windows PCs and turn them into unwitting zombies.

No OS is perfect. OS X is slightly better than Windows, but not as secure as Ubuntu Linux or FreeBSD. When Apple starts patching their ports of Open Source software as quickly as Red Hat, Ubuntu, SuSE, or Solaris, and fixes their directory permission issues (which while they are better than Windows, are not as good as many Linux variants), then I'll believe it's because they've made it really hard to write viruses for.

The trojans are already there because some OS X users don't want to pay for iWork '09. There are probably trojans within the pirated versions of Adobe CS4 and Final Cut Studio making their way around the various BitTorrent trackers.

Quote:

Originally Posted by dar512

While I'm sure that Apple works hard to make sure that OS X is secure, the real reason that Macs don't have this problem is that people aren't writing viruses for OS X. Virii are platform specific. As Microsoft continues to step on its own whatever, and OS X gains a larger market share, you'll start to see virii for Macs.

On the other hand, OS X is built on top of BSD (a well worn Unix variant). So it could be that virus writers will have a tough time making headway there.

[mbpark]

Lumberjim,

They installed network drivers at such a low level that did not work and were ridiculously (i.e. Blue Screen of Death) unstable. Did I mention the uninstaller did not work?

A little bit of fishing with the Ultimate Boot CD took care of it for me on XP and Server 2003 by removing the driver references from the registry, but one of my admins had to reinstall a server due to their ineptitude. Thankfully it was not at my current place of work.

The problem was that even their uninstaller wouldn't remove the drivers, and that it would leave the system in an unstable state. For a server, that is unacceptable. I do not need to be removing low-level device references to uninstall an AV program, and 99.9% of users who get that type of error will rebuild the whole system due to that.

What a waste.

Quote:

Originally Posted by lumberjim

I bet that's (the symantec v11)what fucked my HP laptop 2 months ago.

[morethanpretty]

Personally I looked at Avast and AVG, free versions. Ended up goin with Avast because it has more protection. Altho I don't doubt mbpark's conclusion the AVG is better at getting the especially nasty stuff, thats the version that costs, and I don't feel like paying for things. So if you want freeware, I would go with Avast over AVG just b/c Avast gives you more types of protection. AVG free just gives you anti-virus and anti-spyware.

http://www.avast.com/eng/download-avast-home.html

http://free.avg.com/download-avg-ant...s-free-edition

[mbpark]

morethanpretty,

I used the free version to find what I found

[tw]

Quote:

Originally Posted by mbpark

http://www.checkvir.com
http://www.virusbtn.com/vb100/archiv...isplay=summary

For the most part, brand name anti-virus software all tend to work consistently.

However I have also seen some bad behavior from Symantec. One recent Symantec release literally destroyed a Windows 2000 OS. For example, it destroyed any log on abilities except at the administrator level. And Symantec would not uninstall.

Symantec's reply: that newer Symantec version should not be installed on Windows 2000. So why did it let that user do it?

Other than that Symantec experience, apparently minor differences exists between the major anti-virus names as both www.checkvir.com/ and www.virusbtn.com demonstrate. Best anyone can do use what those recommendations suggest - and hope later versions do not do, for example, what Symantec did to that user.

[morethanpretty]

Quote:

Originally Posted by mbpark

morethanpretty,

I used the free version to find what I found

Ok well what I was trying to say is that you get more features with the Avast. With it you get anti-rootkit, daily updates, network/web shield, ect. AVG ONLY gave you anti-virus and anti-spyware. Their anti-virus might be better, but you don't get any of the other protections that you do with the free Avast.