Anti-malware informal survey

I should probably start a poll in VBulletin, but I’m not smart enough to
use the HTTP interface so I’ll let somebody else conjure that up.

I am of the opinion that anti-malware software basically does not work
well enough to be used. Furthermore, it costs something and therefore
decreases net worth more than it increase it (yes, even those free
products cost cycles as everybody who runs anti-virus software complaining
about performance tells me). Despite this, people use the stuff. My
opinion about it not working stems from the following bit of AB-ian logic:

Anti-malware software works if it prevents and stops all anti-malware
Anti-malware software is broken if it allows malware (same as above
basically).
Anti-malware software imposes a cost, usually monetary but always in
computer performance.
Anti-malware is required or else “Bad Things” will happen (per the
anti-malware vendors).

The problem I had is that all of these statements are, by my estimation false.

The software doesn’t stop bad things since it’s a constant battle with
software vendors behind malware-creators and the “heuristics” that are
used to detect bad things just don’t work reliably. Every study I’ve seen
on this shows that every vendor fails tests, and some miss a huge amount
of bad software. Because of this #1 and #2 above are rejected. Maybe
there’s hope though on the other points… but no.

The cost is clear whether you pay for it with your wallet directly or via
your (or your company’s) electric bill and slowness-induced frustration.

Finally, the world has come to assume that unless you have this snake oil
applied you will have a terrible life. I know many people who do not use
anti-malware software at all, though, who never catch viruses or other
“bad things”. But how do I know that I don’t have anything? Well, I’m
pretty sure because every year or two before I wipe my laptop and start
anew I download one of those free discs that scans everything and it
consistently comes up clean, so at least the things that the software can
find, I don’t get (the things the software cannot find wouldn’t have been
found in any case, so nothing lost there).

Maybe it’s because I’m a geek and use the command line a bunch, but I
doubt it. I intentionally downloaded evil software from time to time to
poke at it and figure out what it is doing. I’m not a professional
researcher, but I’m curious and it’s interesting. Still, no infection. I
wouldn’t recommend others do this with or without “protective”
anti-malware software, but since most problems fail to infect Linux (for
many reasons), I feel pretty safe with what I choose to poke/prod.

Despite this, I know many other people who do not run anti-malware stuff
and avoid infection. It’s probably no secret that the way to do so is to
be smart about where you go online and what you put in your computer. Is
that it? Some of the people I know without evil software on their boxes
are semi-trustworthy with a computer so maybe they’re just competent
online. If that’s the case then education is the key as usual, though
personally I think that is just one aspect of what should be an in-depth
defense.

Finally we get to my question:
Which anti-malware do you use or have you used in the past?
How much malware have you found on your box when using those? This
includes anything found during those big full-disk scans (shouldn’t have
been allowed to show up in the first place, so that’s a failure) and
ideally would include things that are not detected, but due to the failure
of the snake oil to detect, that’s hard to measure.

If you do not use anti-malware software, why not? What do you do (or what
do you avoid doing) to keep safe? Obvious points to keep safe would
include not clicking on anything in e-mail, not responding to anything
that flashes or pops up on your screen, blah blah blah. Any gems that can
help others?

Good luck.

Mostly what we are talking about here is Windows, but Android
is pretty malware laden as well. On Windows I use malwarebytes.
Over the years I have used it with great success when trying
to recover a PC that has taken a bath in a river of leaches.
If you have a paid license for Malwarebytes you get an active
scanning feature, but I have never seen it actively catch anything.
Normally, I get home PC’s/Laptops brought to me for disinfection.
Personally, as a guy that’s been ‘in the trenches’ for approaching 20
years, I’ve never seen a PC infected that didn’t have anti-virus
already installed on it normally expired or deactivated by the infecting
‘virus’ or both. As far as prevention goes, it’s all snake oil, but it
is handy for cleaning up. Think about it, AV/Anti-Malware can only protect
against knowns, if you happen to be a sad case that gets infected before
it’s a known exploit, well there you go. Safe computing practices help,
but anyone can get nailed by a zero day.

Hey ab,
[color=blue]

Finally we get to my question:[/color]

It’s about time…sheesh. Long winded…
[color=blue]

Which anti-malware do you use or have you used in the past?[/color]

It’s part of the Symantec Endpoint Protection suite I have installed on
my Windows machine.
[color=blue]

How much malware have you found on your box when using those?[/color]

Zero…zilch. I’ve only gotten malware once in my life that I can
remember (because it was PAINFUL to remove! Thank goodness for Dave
Parkes who helped me kill it) but that was a long time ago before virus
protection checked for malware I think. I don’t remember Symantec ever
telling me it found malware.


Kim - 5/29/2013 12:50:05 PM

On Wed, 29 May 2013 17:31:59 GMT, ab ab@no-mx.forums.novell.com
wrote:
[color=blue]

Finally we get to my question:
Which anti-malware do you use or have you used in the past?
How much malware have you found on your box when using those?[/color]

Sophos AV on the desktop. And if we weren’t running it, we would have
problems. It has stopped users from visiting infected sites and it
has stopped things that slipped through my email gateway filter. In
the past 10 years, only once has something got past Sophos and I ended
up just re-imaging the PC to get rid of it. IMO, any Windows PC that
surfs the web should have some type of AV protection installed on it.

Ken

Hi AB,

Personally I use Eset Nod32 - they have a local presence here in South
Africa and their product is not only brilliant, but very reasonably
priced for our currency. Check them out: ‘ESET | Antivirus, Internet
Security Software & Virus Protection’ (http://www.eset.com)

Cheers,


Laura Buckley
Technical Consultant
IT Dynamics, South Africa
http://www.itdynamics.co.za

laurabuckley’s Profile: http://forums.novell.com/member.php?userid=122
View this thread: http://forums.novell.com/showthread.php?t=467108

Didn’t you get infected when you started herd grasshoppers and such?
Just askin’


Sewermonger

Sewermonger’s Profile: http://forums.novell.com/member.php?userid=63
View this thread: http://forums.novell.com/showthread.php?t=467108

That’s an infection I’ve not been able to cure.


Kim - 2013-05-31 10:53:15 AM

kgroneman wrote:
[color=blue]

I don’t remember Symantec ever
telling me it found malware.[/color]

That’s one of it’s problems. :wink:


Kevin Boyle - Knowledge Partner
If you find this post helpful and are logged into the web interface,
show your appreciation and click on the star below…

ab wrote:

[color=blue]

Finally we get to my question:
Which anti-malware do you use or have you used in the past?[/color]

I used to use CA’s eTrust → Threat Manager → Total Defence. I
liked/used it for quite a long time. It used to be one of the best
until CA stopped putting in the effort needed to keep it up to date.

I now use Kaspersky and have been very happy with it.

There are a few good sites that test the various products:

http://www.av-comparatives.org/

http://www.av-test.org/en/test-procedures/award/2012/

I’ve always preferred the corporate/business products over the home
products - even at home.

[color=blue]

How much malware have you found on your box when using those?[/color]

I generally schedule full scans at times when the system is unused.
When I switched to Kaspersky, it found a couple of Trojans on my laptop
despite my having kept my previous AV app up to date, and having done
full scans on a regular basis.

The moral of this story is that you can’t be too careful.


Kevin Boyle - Knowledge Partner
If you find this post helpful and are logged into the web interface,
show your appreciation and click on the star below…

IMHO opinion you are correct. For very long time (more than 10 years) I
did not use any AV/AntiMalware product on the computers I personally
used and did not get infected at all.

Now since app. 2 years I used different products and the only
infections the AV software detected were false positives. Ok here in
the office we are running a Virus detection at the firewall itself
(from Sonicwall now Dell) and that stopped 2 mails, which were really
infected out of thousands.

But for IT ignorant people or careless people they help reduce
infections quite a lot. My children all got hit by viruses in the past
despite of AV software, but they would have been infected by much more
viruses without that software. Since I told them the best thing to get
rid of those viruses, is to reinstall from scratch, infections didn’t
occur anymore. That’s the educational part of it. And if anybody in the
office gets hit by a virus one can mostly detect, that those came from
visiting sites, which were not used for business purposes or from mail
from private contacts. If you confront people with those findings they
get much more cautious in using their office PCs.

The only real use I see are the USB/Flash drive scans, because with
those you can get infected easily and you cannot really escape the use
of those devices for data transfer.

On Windows I now use MS Security Essentials (/MS Defender on Win8),
which seems to use far less resources than all other AV products and is
free. Especially the other free solutions seem to be quite resource
hungry.


W. Prindl

ab wrote:
[color=blue]

I should probably start a poll in VBulletin, but I’m not smart enough
to use the HTTP interface so I’ll let somebody else conjure that up.

I am of the opinion that anti-malware software basically does not work
well enough to be used. Furthermore, it costs something and therefore
decreases net worth more than it increase it (yes, even those free
products cost cycles as everybody who runs anti-virus software
complaining about performance tells me). Despite this, people use
the stuff. My opinion about it not working stems from the following
bit of AB-ian logic:

Anti-malware software works if it prevents and stops all anti-malware
Anti-malware software is broken if it allows malware (same as above
basically).
Anti-malware software imposes a cost, usually monetary but always in
computer performance.
Anti-malware is required or else “Bad Things” will happen (per the
anti-malware vendors).

The problem I had is that all of these statements are, by my
estimation false.

The software doesn’t stop bad things since it’s a constant battle with
software vendors behind malware-creators and the “heuristics” that are
used to detect bad things just don’t work reliably. Every study I’ve
seen on this shows that every vendor fails tests, and some miss a
huge amount of bad software. Because of this #1 and #2 above are
rejected. Maybe there’s hope though on the other points… but no.

The cost is clear whether you pay for it with your wallet directly or
via your (or your company’s) electric bill and slowness-induced
frustration.

Finally, the world has come to assume that unless you have this snake
oil applied you will have a terrible life. I know many people who do
not use anti-malware software at all, though, who never catch viruses
or other “bad things”. But how do I know that I don’t have anything?
Well, I’m pretty sure because every year or two before I wipe my
laptop and start anew I download one of those free discs that scans
everything and it consistently comes up clean, so at least the things
that the software can find, I don’t get (the things the software
cannot find wouldn’t have been found in any case, so nothing lost
there).

Maybe it’s because I’m a geek and use the command line a bunch, but I
doubt it. I intentionally downloaded evil software from time to time
to poke at it and figure out what it is doing. I’m not a professional
researcher, but I’m curious and it’s interesting. Still, no
infection. I wouldn’t recommend others do this with or without
“protective” anti-malware software, but since most problems fail to
infect Linux (for many reasons), I feel pretty safe with what I
choose to poke/prod.

Despite this, I know many other people who do not run anti-malware
stuff and avoid infection. It’s probably no secret that the way to
do so is to be smart about where you go online and what you put in
your computer. Is that it? Some of the people I know without evil
software on their boxes are semi-trustworthy with a computer so maybe
they’re just competent online. If that’s the case then education is
the key as usual, though personally I think that is just one aspect
of what should be an in-depth defense.

Finally we get to my question:
Which anti-malware do you use or have you used in the past?
How much malware have you found on your box when using those? This
includes anything found during those big full-disk scans (shouldn’t
have been allowed to show up in the first place, so that’s a failure)
and ideally would include things that are not detected, but due to
the failure of the snake oil to detect, that’s hard to measure.

If you do not use anti-malware software, why not? What do you do (or
what do you avoid doing) to keep safe? Obvious points to keep safe
would include not clicking on anything in e-mail, not responding to
anything that flashes or pops up on your screen, blah blah blah. Any
gems that can help others?

Good luck.[/color]