PDA

View Full Version : Anti-Virus Programs 'Useless'


Jim Ford
23rd September 2018, 09:07 AM
I've mentioned before that there's lots of 'expert opinion that anti-virus programs are useless against competent attacks. I was browsing through some Linux related sites and came across this article:

https://sites.google.com/site/easylinuxtipsproject/security#TOC-Firewall

Whilst the article is Linux related, the warnings are particularly applicable to Windows systems - because they are the most popular systems to be targeted and also are notably more vulnerable.

Here are the main points:

"b. Antivirus introduces a dangerous vulnerability
Furthermore, antivirus software sometimes even actively endangers your system: AV software itself is currently being attacked more and more. Because it has by definition high permissions on the system and because it's often inadequately protected against hacking.... This makes AV software an ideal target for hackers.

Antivirus applications have been designed to read and open as many file types as possible. Because everything can theoretically contain a virus. Unlike ordinary applications, which can only read and open certain specific file types.

For example: word processors can usually only open document related files, and no mp3 music files. For media players the reverse is true.

Because antivirus can read and open everything, and actually does precisely that during a scan, its potential vulnerability (attack surface) is much bigger. And therefore also its attraction as target for people with malicious intentions. That's not just theory; more about that later....

c. No real protection against zero day
Even the claim of antivirus companies that their products offer some protection against "zero day" attacks is misleading: the antivirus software itself is just as vulnerable to zero day attacks as the software it claims to protect.

d. False sense of security
Finally, antivirus software gives you a false sense of security, which might make you less cautious about installing software from external sources."

Jim

Zuiko
23rd September 2018, 11:30 AM
Seems we're damned if we do and damned if we don't. :(

fitheach
23rd September 2018, 03:53 PM
Long time Debian GNU/Linux user (since 2001). I've never used any anti-virus software and never had any problems. I do however only install software from reputable sources and make sure the packages have been signed.

Unless you have some Windows software that you *must* use, I would recommend using a Linux based distribution instead. Even if you have some Windows software you must use you can still use Linux as your base system and run the Windows software in a VM or emulator.

As far as photo software is concerned there is a wealth of solutions including: RawTherapee, Darktable, GIMP, Krita, Inkscape, UFRaw etc.

Try a Linux distro, it doesn't cost anything and you won't be disappointed.

pdk42
23rd September 2018, 04:08 PM
You all know my views!

Jim Ford
23rd September 2018, 04:32 PM
You all know my views!

I was thinking of you when I wrote it, Paul!

Jim

Jim Ford
23rd September 2018, 04:40 PM
Long time Debian GNU/Linux user (since 2001). I've never used any anti-virus software and never had any problems. I do however only install software from reputable sources and make sure the packages have been signed.

Unless you have some Windows software that you *must* use, I would recommend using a Linux based distribution instead. Even if you have some Windows software you must use you can still use Linux as your base system and run the Windows software in a VM or emulator.

As far as photo software is concerned there is a wealth of solutions including: RawTherapee, Darktable, GIMP, Krita, Inkscape, UFRaw etc.

Try a Linux distro, it doesn't cost anything and you won't be disappointed.

I started with Slackware in the 90s. IIRC the kernel was at 0.95. I spent several years with Slackware, recompiling the kernel each time a new one came out. I've since migrated to Xubuntu.

I only use Windows in order to run Photoshop. I find the Linux distro graphics tools still aren't up to PS. Colour management is still tricky, though I haven't delved into it much.

Jim

fitheach
23rd September 2018, 05:13 PM
I spent several years with Slackware, recompiling the kernel each time a new one came out. I've since migrated to Xubuntu.

I only use Windows in order to run Photoshop. I find the Linux distro graphics tools still aren't up to PS. Colour management is still tricky, though I haven't delved into it much.
Jim

Oh well, trying-out Linux isn't appropriate for you :)

For everyone else there are many Linux distros that are suitable for the novice computer user. I haven't had to compile a kernel for years.

When I am designing stuff for commercial print runs I use a colour managed process, all done on Linux. It used to be a problem getting Linux drivers for some calibration hardware, but even that isn't such a problem now. Working with 16-bit images and using profiles is fairly straightforward. I mostly use RawTherapee and find it an excellent raw photo editor. Others swear by Darktable, but I've never used it.

I see that support for Photoshop is quite good in Wine:
https://appdb.winehq.org/objectManager.php?iId=17&sClass=application

If I were going to run Photoshop, I would use a VM. I use Virtualbox, mainly through familiarity, and it always works well for me. Install Virtualbox, install a Windows version into that Virtualbox and finally install Photoshop. Running Photoshop is then just a couple of clicks away but you have the peace of mind having Linux as your primary operating system.

Internaut
23rd September 2018, 05:21 PM
Since Windows 10, I’ve not felt the need to purchase virus detection. I’m sure the defences are anything but perfect, but Microsoft does update them daily; often more than once in a day.

I read somewhere that Microsoft upped their own game because they regard the anti virus software makers as the biggest cowboys of all.

Gate Keeper
23rd September 2018, 06:40 PM
I have not been able to download any photos from my E1 onto the laptop, as it packed up on my arrival into the U.K. in August. It is one of the reasons I have been hanging around the out of focus area and not posting up photos. Then I went to Ireland. Cutting a long story short, the MacBook Pro in still in the repair shop in London. I am hoping to collect it tomorrow, all fixed and ready to go. It has needed replacements for a burnt out DC board, a new charger, a new battery and an upgrade to an SSD drive. There are no photos, no documents and only basic apps on the laptop, as everything has been wiped clean. The important things are in the cloud. Other stuff is on another MBP in Nairobi.

For antivirus on Macs, what do users prefer? Thank you.

wornish
23rd September 2018, 09:39 PM
I have not been able to download any photos from my E1 onto the laptop, as it packed up on my arrival into the U.K. in August. It is one of the reasons I have been hanging around the out of focus area and not posting up photos. Then I went to Ireland. Cutting a long story short, the MacBook Pro in still in the repair shop in London. I am hoping to collect it tomorrow, all fixed and ready to go. It has needed replacements for a burnt out DC board, a new charger, a new battery and an upgrade to an SSD drive. There are no photos, no documents and only basic apps on the laptop, as everything has been wiped clean. The important things are in the cloud. Other stuff is on another MBP in Nairobi.

For antivirus on Macs, what do users prefer? Thank you.

I don't use any on my iMac they are more trouble than benefit. I have been a Mac user for over 15 years and never had an issue. (There I have gone and said it now, so thats done it )

Gate Keeper
23rd September 2018, 10:26 PM
I don't use any on my iMac they are more trouble than benefit. I have been a Mac user for over 15 years and never had an issue. (There I have gone and said it now, so thats done it )

Dave, thank you. Your reply is reassuring.

TimP
24th September 2018, 05:41 AM
I use Sophos free on all my Macs, only time it’s ever found anything nasty has been when I’ve plugged in old ext HDDs or flash drives, and they’ve all been from Windows kit.

Otto
24th September 2018, 08:25 AM
As I've said before I don't use AV software at all, just a solid firewall (ZoneAlarm) and MailWasher to get rid of any e-mail nasties before they hit my computers. One machine I bought a few years ago came with MacAfee preinstalled which basically prevented it doing its job (a media centre) due to the high overhead. I uninstalled MacAfee since when the machine has worked properly and I've never had a malware issue. Occasionally I have suspected one and run Malwarebytes, but aside from the odd tracking cookie it's never found anything. The best AV strategy in my opinion is care and common sense.

Jim Ford
24th September 2018, 08:55 AM
As I've said before I don't use AV software at all, just a solid firewall (ZoneAlarm)

Google:

'zone alarm sucks'

It also goes for any other 'third party' firewall (but not the native W10 one)

Jim

Otto
24th September 2018, 09:42 AM
I tried that; most of the results are several years old and from forums, and appear to be more about the AV aspect of ZoneAlarm which I don't have. My experience with it as a firewall has always been good, and this 2016 PC Magazine review (https://uk.pcmag.com/zonealarm-free-firewall-2015/9406/review/check-point-zonealarm-free-firewall-2017) seems to be equally positive.

If you search for "Zonealarm firewall sucks" (which is more relevant) you get far fewer negative results and mostly positive reviews. YMMV of course *chr.

MJ224
24th September 2018, 10:24 AM
Kinda getting confused about AV now. Gave up with those progs several years ago, but do use Windows Defender. I have recently downloaded Malwarebytes, but have refused to pay for the subscription...….Just use the free offline version occasionally...


:confused::confused:

shotokan101
24th September 2018, 11:39 AM
Still utter nonsense and even dangerous nonsense - even in a Linux/Unix client environment

https://www.makeuseof.com/tag/linux-market-share/

https://thehackernews.com/2018/01/crossrat-malware.html?m=1

The guy doesn't even give any substantiating facts or sources for the daft statements he makes

The only reason that Linux systems are less likely to be targeted by malware authors is their pathetic market share compared to Windows clients which is a much larger pool of target users

Jim

Jim Ford
24th September 2018, 11:47 AM
If you search for "Zonealarm firewall sucks" (which is more relevant) you get far fewer negative results and mostly positive reviews. YMMV of course *chr.

I've mentioned before that 3rd party firewalls eg Zonealarm start up after the network is established, during which time the computer is open to the whole wide world of attacks. The Windows firewall is established as the network comes up. I guess that most users of TPFWs are probably protected, because the Windows firewall is silently giving them protection in the background, unless of course they intentionally disable it!

The Windows firewall is totally adequate. Why shouldn't it be - I'm sure MS has greater experience and development resources than a group of students programming in their bedrooms or 'one man bands'!

Jim

Jim Ford
24th September 2018, 12:25 PM
https://www.makeuseof.com/tag/linux-market-share/

The only reason that Linux systems are less likely to be targeted by malware authors is their pathetic market share compared to Windows clients which is a much larger pool of target users

The article appears to contradict the point you make!

Jim

Otto
24th September 2018, 12:29 PM
I've mentioned before that 3rd party firewalls eg Zonealarm start up after the network is established, during which time the computer is open to the whole wide world of attacks. The Windows firewall is established as the network comes up.

<snip>

The Windows firewall is totally adequate. Why shouldn't it be - I'm sure MS has greater experience and development resources than a group of students programming in their bedrooms or 'one man bands'!

Jim


Students and one man bands? I don't think so! ZoneAlarm is produced by a company with around 4000 employees - Check Point Technologies (https://en.wikipedia.org/wiki/Check_Point). Are you certain that the core vsmon.exe process is not launched prior to the network connection? Certainly the user interface comes up later but it's the core process that's important. Either way, I'm happy that the product works for me and has done for years :).

Jim Ford
24th September 2018, 01:03 PM
S
https://thehackernews.com/2018/01/crossrat-malware.html?m=1


It's a threat if you have the java run-time environment installed. In all the Linux distros I've met the JRE doensn't come as standard, and way before Crossrat, installation of the JRE was deprecated as it introduces potential vulnerabilities.

Jim

shotokan101
24th September 2018, 01:16 PM
The article appears to contradict the point you make!

Jim

In what way?

It's a threat if you have the java run-time environment installed. In all the Linux distros I've met the JRE doensn't come as standard, and way before Crossrat, installation of the JRE was deprecated as it introduces potential vulnerabilities.

Jim

That link was merely to make the point that ALL client operating systems are vulnerable to malware.......:rolleyes:

Jim Ford
24th September 2018, 01:39 PM
In what way?

"What’s the most-used operating system in the world? Easy question, right? It’s obviously Windows.

But the answer might not be quite so straightforward. Sure, Windows dominates the home computer sector, but Linux powers far more of the world’s technology than you probably realize.

In fact, if it were possible to analyze every single piece of technology out there, Linux would almost certainly come out on top."

(Even a Transcend SD wireless card that I have uses Linux.)

OK - a lot of the Linux is embedded in firmware, but the associated config files are generally in RAM, and theoretically are able to be 'manipulated' by malware.

Jim

shotokan101
24th September 2018, 01:46 PM
"What’s the most-used operating system in the world? Easy question, right? It’s obviously Windows.

But the answer might not be quite so straightforward. Sure, Windows dominates the home computer sector, but Linux powers far more of the world’s technology than you probably realize.

In fact, if it were possible to analyze every single piece of technology out there, Linux would almost certainly come out on top."

(Even a Transcend SD wireless card that I have uses Linux.)

OK - a lot of the Linux is embedded in firmware, but the associated config files are generally in RAM, and theoretically are able to be 'manipulated' by malware.

Jim

Surely in the context of this discussion we are mainly talking about client pc's at home or work?

But if you want to look at the higher incidence of the use of Unix based web servers over windows then I don't really see why that negates my argument TBH

Jim

Harold Gough
6th October 2018, 07:06 AM
Symantec blasted:

https://techtalk.pcpitstop.com/2018/09/27/symantec-faces-claims/?symanteclegal=&utm_source=newsletter&utm_medium=email&utm_campaign=october_newsletter_1&ad_id=505712&share-ad-id=1

Harold

TimP
6th October 2018, 07:46 AM
Interestingly I was moving some music files from a Windows10 VM across to my Mac when Sophos popped up saying there was a malicious file detected, quarantined/ deleted OK, but it must be the first time I’ve ever had it happen.