PDA

View Full Version : How Many Anti-Virus Packages Does It Take?


Harold Gough
24th August 2018, 10:49 AM
https://techtalk.pcpitstop.com/2018/08/22/mcafee-symantec-malwarebytes-failed/?foiainformation=&utm_source=newsletter&utm_medium=email&utm_campaign=august_newsletter_4%20&ad_id=505659&share-ad-id=1

Harold

DerekW
24th August 2018, 10:51 AM
Wow a mentiion of Farmington NM. I have stayed there on three occasions.

Naughty Nigel
24th August 2018, 11:21 AM
Like many people I used Norton for years until it slowed my computer to a crawl. I then switched to Kaspersky.

Interestingly Norton used to pop up with notifications of viruses that it had found, especially when renewal was due, but Kaspersky found more than 200 infected files that Norton had been ignoring for years.

TimP
24th August 2018, 11:22 AM
I use Sophos free on my Macs.

MJ224
24th August 2018, 04:56 PM
At the mo, I just use Windows Defender. I dallied with Malwarebytes, which said that it had founder several trackers, but it seemed to cook my cookies. So don't use it at the mo...…….FWIW..:confused:

Ian
24th August 2018, 05:41 PM
I am just in the middle of updating my daughter's PC as she needs some real CPU muscle for her animation degree course (installed a new motherboard with an AMD Ryzen 7 2700 X - it has 8 cores, each of which can run two threads, so that's 16 threads!).

I did initially install Bitdefender but that interfered with Firefox and I am now trying Sophos Home, which seems OK. I am also trying the free version of Zone Alarm to replace the Microsoft Windows firewall. All of these come highly recommended by reviewers at the moment.

I also use Malwarebytes simply as an extra though only run it manually from time to time.

Ian

Graham_of_Rainham
24th August 2018, 09:04 PM
I used to get Kaspersky free with Barclays Banking, but they dropped them after all the alleged hacking by Russia.

I now use Sophos, which was what we used at work.

Naughty Nigel
24th August 2018, 09:17 PM
I used Sophos for a while and quite liked it. However, the (paid) version that I had did not intercept incoming infected email attachments, (these are supposed to be dealt with on the main server before they reach client machines). The result was that infected files were downloaded and remained undetected on the email client until they were executed. Only then did Sophos act to block them.

pdk42
24th August 2018, 09:45 PM
I never use A/V. It's a virus in its own right!

Jim Ford
24th August 2018, 09:57 PM
I used to subscribe to a security newsgroup some years ago. The consensus there was that if a virus is detected on your system, your system is essentially toast and it's a flatten and rebuild job!

The argument went like - the virus is in your system and a sophisticated virus will alter and hide itself to avoid detection.

I also ask myself 'In whose interest is it that computer viruses exist and new ones pop up now and again? Who's making a lot of money out of computer viruses?' The conclusion I always come to is that it's the anti-virus companies, and it wouldn't surprise me if they are also the source of many viruses.

Jim

Graham_of_Rainham
24th August 2018, 10:00 PM
I used Sophos for a while and quite liked it. However, the (paid) version that I had did not intercept incoming infected email attachments, (these are supposed to be dealt with on the main server before they reach client machines). The result was that infected files were downloaded and remained undetected on the email client until they were executed. Only then did Sophos act to block them.

That very problem was one reason I had a very old XP laptop that I used for e-mail and would open “suspect” files on that. With only a 20GB hard drive, which I could easily swap for a clean one, I effectively had a “dirty” system for the internet, completely separate from the work place systems.

File content was only ever transferred by ascii text files, once the system had been fully Sophos swept. In all the time we used that system only two files were flagged as “suspect”.

MJ224
24th August 2018, 10:16 PM
I never use A/V. It's a virus in its own right!

Go on Paul, tell us more...………….*chr

pdk42
24th August 2018, 10:41 PM
Go on Paul, tell us more...………….*chr

Well, here's my train of thought...

1) A/V always lags the viruses. They are not a guarantee of immunity. The worst of recent viruses have caused havoc before AV caught up - e.g. the Wannacry attack that brought down a lot of the NHS computers.

2) If you're writing a virus, there are tools (and web-sites) that will help you work around all the common AV packages out there. In a word - if you're determined then AV won't stop you.

3) They hook themselves into all sorts of places within your OS. They can cause performance issues, apps to fail, annoying pop-up to appear etc.

4) AV programs themselves can be targeted by virus writers; and because they hook into the OS as privileged programs they present a nasty backdoor mechanism for viruses to exploit.

5) On occasion they will flag harmless programs as containing viruses.

6) Most viruses don't get onto people's computers via complicated means - they are installed by users failing to apply common sense precautions. I'm talking about things like running EXE or similar files from e-mail attachments, downloading software from dubious sites - that sort of thing. A good sense of scepticism is better than AV in my view.

7) Many AV companies are Russian ;)

If you run your PC behind a router with known PCs and users on its local network then I think the risks of infection are very low so long as you exercise basic common-sense caution.

If you connect to public, open networks (coffee shops, airports) then a good inbound firewall is the best protection you can have. This will stop potential hackers/infected computers getting access to resources on your machine via open network ports.

This is an interesting article:

https://arstechnica.com/information-technology/2017/01/antivirus-is-bad/

MJ224
24th August 2018, 10:51 PM
Thanks for that info Paul. Do routers have firewalls etc? What about your provider, I use PlusNet. Do they have any system to reduce the risk?

Couple of years ago I did get one of those Ransom notes, but I reckon it was a scam, as I got out of it just by switching off the computer. It came with a dubious site were I was downloading "Free" software. After that I now am prepared to pay a reasonable price for software...

I can see that the A/V companies really stoke the virus threat, but if I did get one...…………

A recent problem with CCleaner was that some one had managed to attach a virus or whatever to the download site. Alas I got that one on the wife's computer. She has yet to forgive me...………..:(

Ian
24th August 2018, 11:23 PM
Thanks for that info Paul. Do routers have firewalls etc? What about your provider, I use PlusNet. Do they have any system to reduce the risk?

Couple of years ago I did get one of those Ransom notes, but I reckon it was a scam, as I got out of it just by switching off the computer. It came with a dubious site were I was downloading "Free" software. After that I now am prepared to pay a reasonable price for software...

I can see that the A/V companies really stoke the virus threat, but if I did get one...…………

A recent problem with CCleaner was that some one had managed to attach a virus or whatever to the download site. Alas I got that one on the wife's computer. She has yet to forgive me...………..:(

Routers do have firewalls but you still need one installed on your PC because the PC firewall works differently, managing accessibility to and from programs on your PC. In turn, thos programs will need to work with the router firewall if they send and receive data outside the local network.

Viruses and other malware can get through firewalls by being packaged as attachments or within other programs. This is why you need real-time defence and that is what ant-virus software does.

Above all, be sensible with file attachments and don't install and run untrustworthy software.

Finally, keep regular backups in case something goes wrong! :)

Ian

shotokan101
25th August 2018, 01:28 AM
Sorry folks but there's a lot of dangerous nonsense being talked on this thread - anyone who advocates that you don't need to have reliable AV/AM product installed is kidding themselves and dangerously misleading others.....

MJ224
25th August 2018, 07:15 AM
OK.....Back-ups….

My back-ups consist of copies of my Documents and Pictures irregularly made to a external HD. I also store the installation software for my favoured programmes.

I get very confused on how to make a "mirror" image of my working computer. I would like to be able to reinstall a back-up onto a new computer I the needs be. Bit like the iPhone back up with iTunes. How easy or otherwise can this be done?

*chr

Harold Gough
25th August 2018, 07:27 AM
OK.....Back-ups….

My back-ups consist of copies of my Documents and Pictures irregularly made to a external HD. I also store the installation software for my favoured programmes.

I get very confused on how to make a "mirror" image of my working computer. I would like to be able to reinstall a back-up onto a new computer I the needs be. Bit like the iPhone back up with iTunes. How easy or otherwise can this be done?

*chr

https://www.windowscentral.com/how-make-full-backup-windows-10

Harold

TimP
25th August 2018, 07:40 AM
Time Machine on the Mac is an excellent form of backup, certainly worth using for anyone who runs a Mac. External HDDs do fail and so it’s always best to keep multiple copies of backups, and ideally off-site somewhere too if possible.
Digital is all very well but at some point in the future the whole lot is going to fall on its **** and we’ll lose a whole chunk of history. Cloud provision is all very well (anyone ever read the SLA they offer? No, thought not) but it won’t take much for ‘them’ to say sorry, we lost your stuff!

pdk42
25th August 2018, 08:22 AM
Sorry folks but there's a lot of dangerous nonsense being talked on this thread - anyone who advocates that you don't need to have reliable AV/AM product installed is kidding themselves and dangerously misleadibg others.....

That's just an opinion. Did you read the linked article in my post?

I've used Windows on my main PC for 20+ years and have never used AV and never had a virus.

Harold Gough
25th August 2018, 08:44 AM
Sorry folks but there's a lot of dangerous nonsense being talked on this thread - anyone who advocates that you don't need to have reliable AV/AM product installed is kidding themselves and dangerously misleadibg others.....

I now have Trend Micro Security Agent (Online)

I cleared out all the others except SUPER AntiSpyware (Pro). That regularly clears out unwanted tracking cookies. It used to find Trojans, and was the only AV which did, but not since I installed TMSA.

I also have installed Cybereason Ransom Free

https://ransomfree.cybereason.com/

and CryptoPrevent

https://www.majorgeeks.com/files/details/cryptoprevent.html

Harold

DerekW
25th August 2018, 09:02 AM
The most important item in the ArseTechnica article is the last paragraph where it indicates that the user is the weakest link.

There is a lot in common between computer viruses and STDs, transmission of virusses is very dependant on user behaviour.

pdk42
25th August 2018, 09:05 AM
The most important item in the ArseTechnica article is the last paragraph where it indicates that the user is the weakest link.

Yes, that's exactly my point too. A healthy sense of scepticism and basic computer common sense is better than AV.

shenstone
25th August 2018, 11:45 AM
That's just an opinion. Did you read the linked article in my post?

I've used Windows on my main PC for 20+ years and have never used AV and never had a virus.

I read it and there are some points in it that I agree with, but personally not the overall recommendation

re your last point - I would ask you how you know that? With no AV etc you could have a keylogger sending your personal banking information to someone this very moment

Vigilance will only get you so far I would say that I also am very careful, but I have had things sent to me that the virus scanner picked up - these included JPG image files with embedded malware so not a .exe file which I would not click, but a picture that had I looked at it would have done damage

Regards
Andy

shotokan101
25th August 2018, 12:20 PM
That's just an opinion. Did you read the linked article in my post?

I've used Windows on my main PC for 20+ years and have never used AV and never had a virus.

Yes Paul I did read that article and I thought that the sources quoted all had their own specific and varying personal readons for wanting AV removed to make their professional/commercial lives better and not necessarily the best interests of the end user at heart.

Maybe they should rename the website "ArseTechnica" :D

I've been involved with Corporate IT in a variety Technical roles for many years including being responsible for corporate server and endpoint/security so I am not just a "keyboard guru" spouting off

While some of the points mentioned either are or were relevant historically modern anti-malware solutions have ways of addressing or minimising them now and of course the performance of pc hardware these days alone minimises the performance impact issues and allows ever more sophisticated protection features including proactive as well as the more common reactive detiction technologies.

As an IT professional I agree that the end user is normally the "weakest link " but modern malware is increasingly sophisticated to the extent that the need for user interaction is continually reducing

The fact that you have survived for so long without using AV is admirable but I have never been burgled in over forty years but I still insure my home every year - lock all doors and windows and set the alarm when not at home.......

The only option for a as near completely safe pc without AV is to not have it connected to any network which renders it pretty much useless of course....

Jim

Ian
25th August 2018, 01:50 PM
If you are scrupulously careful and know what you are doing, you can do with out anti-virus. But we're all, ultimately, fallible. AV is a fall-back to reduce the negative consequences of not being infallible.

A laptop is more vulnerable than a desktop machine on a local network that is protected by a decent firewall, though email and web browsing remain significant risk factors.

My laptop has an upgraded firewall, antivirus, malware scanner and a VPN. That means I can relax a bit more though you still need to be careful about the quality and trustworthiness of public WiFi networks you connect to, along with continuing to be wary of email attachments and dodgy websites.

And backup frequently!!! :D

Ian

Jim Ford
25th August 2018, 04:27 PM
Thanks for that info Paul. Do routers have firewalls etc?

All the routers I've met have had firewalls based on a version of the Linux netfilter/iptables system to monitor connections. In addition to the router firewall I use a system that blocks known blacklisted sites - you can even block whole countries. (P2Partisan).

Iptables is complicated and I wish I knew more about it! AFAIK you block everything - both outgoing and incoming connections, and then allows connections based on certain criteria. It never allows unsolicited incoming connections.

These are some of the sort of entries you see in iptables:
iptables -I INPUT -p tcp -i br1 -m state --state NEW -j REJECT --reject-with tcp-reset
iptables -I INPUT -i br1 -m state --state NEW -j DROP
iptables -I INPUT -i br1 -p udp -m multiport --dports 53,67 -j ACCEPT

I use the above to limit useage of a 'guest' network (it's not my recipe!).

Jim

Naughty Nigel
26th August 2018, 07:19 PM
I never use A/V. It's a virus in its own right!

Are you being serious Paul? :confused:

If you know what you are doing you can practice safe hex up to a point, but for most PC users security software is a no brainer. Cost is also minimal nowadays as is the impact on performance.

I think you will also find that some online banking apps will refuse to work without working security software. If you were unlucky enough to fall victim to cybercrime the bank would wash their hands of any responsibility.

AV software does not contain live viruses any more than a Smallpox jab contains live Smallpox virus, but selected patterns of virus structures. Security apps also detect 'virus-like' behaviour and shut down offending apps before any major damage is done.

Jim Ford
26th August 2018, 08:53 PM
Are you being serious Paul? :confused:


I've seen it said many times before on a security newsgroup. IIRC it was with reference to Norton, which I understand can be notoriously difficult to remove.

Jim

Naughty Nigel
26th August 2018, 10:39 PM
I've seen it said many times before on a security newsgroup. IIRC it was with reference to Norton, which I understand can be notoriously difficult to remove.

Jim

IIRC Kaspersky provided a utility to remove Norton. I suspect other vendors do the same.

I would probably agree that if we are talking about Norton AV then it wouldn't be missed. It usually comes with other crapware on machines from PC World and suchlike.

pdk42
26th August 2018, 10:49 PM
Are you being serious Paul? :confused:

If you know what you are doing you can practice safe hex up to a point, but for most PC users security software is a no brainer. Cost is also minimal nowadays as is the impact on performance.

I think you will also find that some online banking apps will refuse to work without working security software. If you were unlucky enough to fall victim to cybercrime the bank would wash their hands of any responsibility.

AV software does not contain live viruses any more than a Smallpox jab contains live Smallpox virus, but selected patterns of virus structures. Security apps also detect 'virus-like' behaviour and shut down offending apps before any major damage is done.

I wasn't being serious that AV software packages are themselves viruses - that was just a bit of hyperbole - but I am deadly serious that AV is a totally unnecessary piece of software that does more harm than good. What is true is that AV software can itself be a target for viruses. AV hooks itself into all sorts of OS-level capabilities which can be exploited. In effect it's increasing the attack surface that a virus writer can go after.

pdk42
26th August 2018, 10:53 PM
I have had things sent to me that the virus scanner picked up - these included JPG image files with embedded malware so not a .exe file which I would not click, but a picture that had I looked at it would have done damage


No - displaying a JPEG image cannot cause you to be infected with a virus. I accept that a virus writer could easily hide code in a JPEG file, but you'd need some way to get the code out and into something that was executed to be able to do that. Displaying the image with an image viewer will not cause it to execute any of the data it finds in a JPEG.

Also - are you sure that the AV scanner found malware? Scanners work by looking for suspicious patterns in files - give them enough random data and they'll find false positives. JPEG files have a lot of random data in them ;)

pdk42
26th August 2018, 11:06 PM
I think you will also find that some online banking apps will refuse to work without working security software. If you were unlucky enough to fall victim to cybercrime the bank would wash their hands of any responsibility.

I think that banks might well try to pull that stunt. Just like they try to wriggle out of PIN fraud, leaving the poor victim customer with the job of proving that they didn't give their PIN to someone else. It's a perfect example of how ideas get established in the collective mindset (a "meme" as Dawkins would call it) even if the evidence for its belief is thin. It wasn't long ago that everyone believed that going out in the rain caused the common cold.


AV software does not contain live viruses any more than a Smallpox jab contains live Smallpox virus, but selected patterns of virus structures. Security apps also detect 'virus-like' behaviour and shut down offending apps before any major damage is done.
I wasn't trying to say that - I was using hyperbole. Of course I understand what AV is doing - it's not like AV is some sort vaccine!

pdk42
26th August 2018, 11:10 PM
I know that I'm in a minority of one on this thread, but there is a lot of evidence to show that AV is really quite ineffective at stopping viruses. This article (https://www.pentestpartners.com/security-blog/defeating-corporate-anti-virus/), by a specialist IT security company who make their living by trying to break corporate networks on their customer's behalf, concludes with this:


We found that by packing malware with a free tool like Veil-Evasion we could bypass all mainstream anti-virus products, including some very big name vendors.

Now that the signatures are on Virus Total you’d really think that detection would have improved wouldn’t you?
But it hasn’t.

Jim Ford
27th August 2018, 08:19 AM
I know that I'm in a minority of one on this thread

You're not, Paul! I'm pretty much with you - though I would add that I use Linux 99% of the time.

Jim

Jim Ford
27th August 2018, 08:57 AM
I know that I'm in a minority of one on this thread, but there is a lot of evidence to show that AV is really quite ineffective at stopping viruses. This article (https://www.pentestpartners.com/security-blog/defeating-corporate-anti-virus/), by a specialist IT security company who make their living by trying to break corporate networks on their customer's behalf, concludes with this:

Veil Evasion (now just Veil) looks interesting. I'm installing it on my laptop to see what it can do.

Jim

Harold Gough
27th August 2018, 09:49 AM
I think you will also find that some online banking apps will refuse to work without working security software. If you were unlucky enough to fall victim to cybercrime the bank would wash their hands of any responsibility.

Nigel, Surely you mean the apps would refuse to work with software not marketed and supplied by the bank?

Harold

shotokan101
28th August 2018, 01:00 AM
No - displaying a JPEG image cannot cause you to be infected with a virus. I accept that a virus writer could easily hide code in a JPEG file, but you'd need some way to get the code out and into something that was executed to be able to do that. Displaying the image with an image viewer will not cause it to execute any of the data it finds in a JPEG.

Also - are you sure that the AV scanner found malware? Scanners work by looking for suspicious patterns in files - give them enough random data and they'll find false positives. JPEG files have a lot of random data in them ;)

Paul sorry but you are wrong it has been proved that simply opening an image thst has an embedded malware can in fect the pc


https://www.opswat.com/blog/image-borne-malware-how-viewing-image-can-infect-device

shotokan101
28th August 2018, 01:05 AM
I know that I'm in a minority of one on this thread, but there is a lot of evidence to show that AV is really quite ineffective at stopping viruses. This article (https://www.pentestpartners.com/security-blog/defeating-corporate-anti-virus/), by a specialist IT security company who make their living by trying to break corporate networks on their customer's behalf, concludes with this:

Paul you carefully didn't choose to post the conclusions from that article or notice the fact that they specifically tell you not to upload any of the exploits these packages generate to the online scanners as this wioul enablevthe various AV vendors to recognise the intrustion........

Naughty Nigel
28th August 2018, 08:24 AM
Nigel, Surely you mean the apps would refuse to work with software not marketed and supplied by the bank?

Harold

I actually had an issue with the Barclays online banking website which refused to work on a PC which it 'thought' did not have AV installed.

Jim Ford
28th August 2018, 09:47 AM
While on the subject of computer security, how many people rely on a third party firewall.

The 'received wisdom' is that third party firewalls are 'snake oil', because they come up long after the network is established, leaving window of opportunity for an intrusion. The native Windows system firewall is considered to be perfectly adequate (why wouldn't it be?).

Jim

Jim Ford
28th August 2018, 09:48 AM
While on the subject of computer security, how many people rely on a third party firewall?

The 'received wisdom' is that third party firewalls are 'snake oil', because they come up long after the network is established, leaving window of opportunity for an intrusion. The native Windows system firewall is considered to be perfectly adequate (why wouldn't it be?).

Jim

Naughty Nigel
28th August 2018, 11:22 AM
Your firewall obviously has an issue Jim as it is making double posts. Or is this some kind of Unix backup system? :D

Jim Ford
28th August 2018, 11:54 AM
Your firewall obviously has an issue Jim as it is making double posts. Or is this some kind of Unix backup system? :D

Finger trouble!

;)

Jim

shotokan101
28th August 2018, 02:06 PM
While on the subject of computer security, how many people rely on a third party firewall?

The 'received wisdom' is that third party firewalls are 'snake oil', because they come up long after the network is established, leaving window of opportunity for an intrusion. The native Windows system firewall is considered to be perfectly adequate (why wouldn't it be?).

Jim

I have always used a third party firewall since the earlier windows firewall versions - before xp sp2 - were pretty much useless

Later versions are better and offer good basic protection - what you get from using a good third psrty firewall is more features and flexibility but most importantly you usually get a much more user friendly interface which greatly improves the ease of configuring your personal access requirements

You also usually get better logging of network activity and event analysis tools

Your broadband router will also normally have a firewall but that will often not be that eady to custimise - especially if you have several pc's on your home network

Jim

Jim Ford
28th August 2018, 02:58 PM
Your broadband router will also normally have a firewall but that will often not be that eady to custimise - especially if you have several pc's on your home network

If you have the knowledge (of which I have only a little!) you can tailor iptables to whatever your requirement are to any degree of sophistication. You can restrict or block individual machines from accessing certain parts of your network if you want, based on any criteria. I have a 'guest' network with an easily remembered password but users can't access my router or NAS. As I stated earlier, iptables are a bit 'hairy', but there are a lot of experts out there willing to help. Also, IIRC there are sites where you can test a 'recipe'.

Jim

shotokan101
28th August 2018, 03:47 PM
Yeah - IPTABLES is about as user friendly as asmack in the face with a hedgehog.....

MJ224
28th August 2018, 04:52 PM
Yeah - IPTABLES is about as user friendly as asmack in the face with a hedgehog.....

From experience??? *chr:D

Jim Ford
28th August 2018, 04:58 PM
Yeah - IPTABLES is about as user friendly as asmack in the face with a hedgehog.....

Yes, but there is 'Shorewall' that makes it very much easier:

http://shorewall.org/shorewall_features.htm


Jim

shotokan101
28th August 2018, 05:39 PM
Yes, but there is 'Shorewall' that makes it very much easier:

http://shorewall.org/shorewall_features.htm


Jim

I had been assuming that you had been talking about iptables on the router firewall not setting up an iptables firewall on the pc..... :eek:

shotokan101
28th August 2018, 05:41 PM
From experience??? *chr:D

Well yes actually - both iptables and being smacked by a hedgehog *eyebrows*devil

Keith-369
28th August 2018, 07:38 PM
Well yes actually - both iptables and being smacked by a hedgehog *eyebrows*devil

Please tell .... about the hedgehog experience I mean *please

shotokan101
28th August 2018, 07:57 PM
Please tell .... about the hedgehog experience I mean *please


https://en.m.wikipedia.org/wiki/Furry_fandom

'Nuff said......;)