Gizmos Freeware Reviews  

Go Back   Gizmo's Freeware Forum > Debating Chamber > Security

Reply
 
Thread Tools Display Modes
Old 31. May 2014, 06:46 AM   #1 (permalink)
Site Manager
 
MidnightCowboy's Avatar
 
Join Date: Aug 2008
Location: South American Banana Republic, third bunch from the left
Posts: 15,390
Default Effectiveness of Antivirus Programs

Below are a series of comments moved from the Best Free Antivirus Software review page on the main site. Long and mostly off-topic (in terms of the review) comments belong here in the forum where the pros and cons can be openly debated with greater consistency.

by Wolfram on 30. May 2014 - 20:51 (116515)
"Antivirus software can't keep up with new malware, Lastline Labs analysis finds"

"Much has been said, in recent weeks, about the state of AV technology. To add facts to the debate, Lastline Labs malware researchers studied hundreds of thousands of pieces of malware they detected for 365 days, from May 2013 to May 2014, testing new malware against the 47 vendors featured in VirusTotal, to determine which caught the malware samples, and how quickly.

The focus of this test is to determine how fast the anti-virus scanners catch up with new malware.

On any given day, according to Lastline Labs’ analysis, much of the newly detected malware went undetected by as much as half of the AV vendors. Even after 2 months, one third of the AV scanners failed to detect many of the malware samples. By averaging the daily detection rates, we are able to plot the pace at which the AV scanners catch up with the malware. The least-detected malware - that is the malware in the 1-percentile “least likely to be detected” category - went undetected by the majority of AV scanners for months [!!!], and in some cases was never detected at all.

Some other interesting findings of this Lastline Labs research:

- On Day 0, only 51% of AV scanners detected new malware samples.
- When none of the AV scanners detected a malware sample on the first day, it took an average of two days for at least one AV scanner to detect it.
- After two weeks, there was a notable bump in detection rates (up to 61%), indicating a common lag time for AV vendors.
- Over the course of 365 days, no single AV scanner had a perfect day - a day in which it caught every new malware sample.
- After a year, there are samples that 10% of the scanners still do not detect.

(...)

The 1% of malware that most effectively evaded detection in this dataset is likely to represent the kind of advanced malware created and exploited by cyber-criminals who are persistently and directly targeting and infiltrating organizations, as opposed to more opportunistic malware distributors."

source: http://labs.lastline.com/lastline-la...t-cant-keep-up

Their conclusion? The AV alone is not enough! Although I knew very well that, still, the situation is alarming.

The AV is not enough. The Antispyware is not enough. The Antimalware is not enough. The Firewall is not enough. The Antikeylogger is not enough. The Antirootkit is not enough. The HIPS is not enough. The "common sense" - when you navigate on the Internet - is not enough. Having patched browsers, plugins, and Operating Systems is not enough. Sandboxing and Virtualizing is not enough...

Then, what is "enough"?

Someone - like Mr. M.C., or Mr. Anupam - would tell me that, on his Windows PCs, he uses this, or that "personalized solution X", with excellent results. But is he absolutely sure that his PC is not infected with some sort of "Malware" impossible to be detected with the current "Security Solutions"?

"My machine is perfectly clean. I scanned it with "n" AVs! (where "n" is a Natural number higher than 1). Well, I have serious doubts that, in our days, there are left any "perfectly clean" PCs - no matter what OS they use.

But, why should we worry? After all, we do not manage Data-centers, or who knows what other critical production units. We are "home users". This generic category does not deserve certitudes...

The Final Solution? Let's convince Microsoft to introduce Windows in a ROM!

In a Read Only Memory you can not write ANY data. Therefore, the efforts of all Malware producers, from all over the world, will become useless. As a consequence, we could get rid of those "Security Suites" - which consume lots of computing resources and which shorten the life of our PC components.

Other advantages: if it's in a ROM, the OS will run much faster; there will be no more pirated copies (a ROM chip is much more difficult to be reproduced, than a DVD-ROM); and we will no longer waste our time with "updates". Every two, or three years, Microsoft will release a new version of Windows. We can either replace the ROM - which contains the OS -, or the entire PC.

Is this an utopian desire? You have millions of visitors, here, at Gizmo's Freeware. Why aren't you inviting them to sign an online Petition - addressed to Microsoft; a petition in which to require the company to put their OS in a ROM?

Thus, Windows might become even safer than Linux; or the BSDs; no matter how full of Security Holes will be. If Microsoft wishes so, they can put their Internet Explorer browser too, into the same ROM.

In other words, instead of endlessly solving "contamination" and "PC protection" problems, I propose you TO ABOLISH these problems.-
__________________
Buy a Hoover and prove technology sucks.
MidnightCowboy is offline   Reply With Quote
Old 31. May 2014, 06:47 AM   #2 (permalink)
Site Manager
 
MidnightCowboy's Avatar
 
Join Date: Aug 2008
Location: South American Banana Republic, third bunch from the left
Posts: 15,390
Default

by Chiron on 30. May 2014 - 21:49 (116518)
I agree that a single antivirus is not enough. However, I do not agree that a default deny technology, such as a HIPS, does not get you most of the way there. Using ROM is pushing it a little too far.

As I mentioned in the beginning of my article, I have a separate article for more general advice on How to Stay Safe While Online. It can be found here:
http://www.techsupportalert.com/cont...e-online.htm-0

Most antivirus products, with the exception of Comodo Antivirus, do not take this default-deny approach. That is why I have rated Comodo Antivirus as my number one pick. However, I would still strongly suggest that users follow the advice I give in my other article as well.

Please let me know if you have any questions.

Thank you.
__________________
Buy a Hoover and prove technology sucks.
MidnightCowboy is offline   Reply With Quote
Old 31. May 2014, 06:48 AM   #3 (permalink)
Site Manager
 
MidnightCowboy's Avatar
 
Join Date: Aug 2008
Location: South American Banana Republic, third bunch from the left
Posts: 15,390
Default

by Wolfram on 30. May 2014 - 22:38 (116520)
First of all, I would like to thank you for your prompt answer.

Your article - about "How to Stay Safe While Online" - is well written; and very useful.
Any novice PC user should read it carefully. I really appreciate your work.

What is bothering me is the fact that we do not know EXACTLY what "creatures" are living, at a certain moment, in the depths of our PCs. Lastline Labs claims that there are Malware species never detected at all, by the current security solutions. This word - "never" - should worry most of us.

Beyond security: a ROM-based PC should be fast, very fast. This is not at all a negligible advantage.-
__________________
Buy a Hoover and prove technology sucks.
MidnightCowboy is offline   Reply With Quote
Old 31. May 2014, 06:48 AM   #4 (permalink)
Site Manager
 
MidnightCowboy's Avatar
 
Join Date: Aug 2008
Location: South American Banana Republic, third bunch from the left
Posts: 15,390
Default

by Chiron on 31. May 2014 - 1:34 (116523)
For investigating what may be going on inside your computer I have written an article called How to Know If Your Computer Is Infected:


I think it does a very good job of rooting out issues. Admittedly, it is of course not 100%. However, I think it's pretty close.

Let me know what you think.

Thank you.
__________________
Buy a Hoover and prove technology sucks.

Last edited by MidnightCowboy; 31. May 2014 at 06:54 AM.
MidnightCowboy is offline   Reply With Quote
Old 31. May 2014, 06:48 AM   #5 (permalink)
Site Manager
 
MidnightCowboy's Avatar
 
Join Date: Aug 2008
Location: South American Banana Republic, third bunch from the left
Posts: 15,390
Default

by bili_39 on 30. May 2014 - 21:19 (116517)
One or two quick questions:

what will I play with?
A hole in a ROM will stay a hole. And I want some place to write or save my stuff onto.

But the first question is really important.
__________________
Buy a Hoover and prove technology sucks.
MidnightCowboy is offline   Reply With Quote
Old 31. May 2014, 06:48 AM   #6 (permalink)
Site Manager
 
MidnightCowboy's Avatar
 
Join Date: Aug 2008
Location: South American Banana Republic, third bunch from the left
Posts: 15,390
Default

by Wolfram on 30. May 2014 - 22:13 (116519)
If I understand correctly, your question concerns the possibilities of customization.

Well, here is my answer - for you, and for the Redmondians: they must separate the OS from its GUI. They must also reduce "the settings" to a minimum. For example, the Windows-ROMs sold to France, should be already "factory customized" in as many respects as possible. The final user should have a minimum number of settings to play with. The final user should not be so concerned about endlessly configuring his machine. He must concentrate on being "productive"; and not on tampering "under the hood".

Microsoft: please "borrow" a good idea - belonging to the community of the Linux users:

The Graphical User Interface (GUI) is just another application to Linux; albeit a large one. (The GUI consists of the windowing system - usually XFree86 - and the window manager, of which, the most widely used today are KDE and GNOME.) Unlike Windows users, Linux users can put a variety of "faces" on top of their operating system.

Microsoft: make Windows similar to Linux, in this respect. Change (a little) its architecture. If someone wishes a GUI similar to XP, or similar to Windows 95, then let him have it! If someone wishes a Star-Trek GUI, or a Metro-style GUI, let him have it! Windows should remain only an Operating System.

Microsoft should also remove the so-called "Registry", from Windows.
Every installed program should have its settings stored in a... ".txt" file.

In what concerns the second question: Windows always had security holes. No matter what version it was. It will always have vulnerabilities. But, as long as you can not exploit them - at least, not like now -, as long as the Malware can not write not even a single byte of data in the OS, as long as the OS remains "unalterable", I think we can ignore the security holes.

After all, there are PCs - like those used in factories (the so-called "industrial PCs") - which never get "Security Updates". They are still running Windows XP SP1, for example. And they are working fine.-
__________________
Buy a Hoover and prove technology sucks.
MidnightCowboy is offline   Reply With Quote
Old 31. May 2014, 11:53 AM   #7 (permalink)
Member
 
Join Date: Dec 2009
Posts: 1
Default

Small industrial PCs are coming (or are they already here) in every house as smart appliances. And there are possible exploits in their software already (ROM or or no ROM version of firmware).

But I agree, Windows is no longer human manageable (is linux? - heartbleed comes to mind).

You are aware, of course, that ROM is not really ROM. You just have to have appropriate resources to change it.
bili_39 is offline   Reply With Quote
Old 31. May 2014, 02:18 PM   #8 (permalink)
Member
 
Join Date: Jan 2013
Posts: 15
Default

I read your article ("How to Know If Your Computer Is Infected") and I rated is as Very Good.
It contains useful informations - especially for those who are not "experts" in the disinfection of computers.

I would like to add that there are other tools, similar to those provided by Comodo, which can be used.

I would like to mention "Runscanner" (a Freeware startup and hijack analyzer); a tool that I sometimes use when I disinfect the Wintel machines of my friends. (I have to specify that I am a Linux user.) Runscanner is available here:

http://runscanner.net/

It is a portable program. No installation is required.

Of course, before using any such tools, you must know very well what you are doing. And you have to take some precautionary measures. There are "specialized tools" and "general tools". Their use depends on the type of infection (diagnosis). I think that on Gizmo's website almost all of these tools were listed.

Also, I must confess you that I am "allergic" to programs - "closed source" type - designed in countries like China and Russia. I do not have enough trust in Comodo. Their Security Suite, for example, although it has a reduced consumption of computing resources, and is very effective, it can't be stopped using the Services provided by MS in Windows (from what I recall). You have to use other, more powerful, specialized, means, to this end. The Malware can not stop Comodo. But neither the end user can do it. This is somehow frightening. Comodo takes your computer under complete control. The only way to get rid of this control is to uninstall the Suite.
Wolfram is offline   Reply With Quote
Old 31. May 2014, 02:59 PM   #9 (permalink)
Member
 
Join Date: Jan 2013
Posts: 15
Default

@Mr. bili_39

Microsoft, together with Intel, should start designing a new model of PC - with the OS introduced in a ROM. This requires some (minimal) changes to the motherboard of the PC. Intel should add on the MB a socket for the ROM-OS chipset. That's all.

Beyond the required architectural changes in its OS, Microsoft have to invest some money into an assembly line specialized in the production of high-capacity (P)ROMs: around 16 GB (for the 32-bit versions of W8.1) or 20 GB (for the 64-bit versions), per chip. They have the required (financial) resources, I have no doubts...

When I said ROM I really meant a ROM. And not EPROM, or EEPROM, or Flash / SSD.
A ROM chip is much simpler than a Flash chip. Simpler and cheaper - if it is produced in industrial quantities.

I think that, from time to time, the PC manufacturing industry needs some "corrections".
Beyond interfaces with increased speed, and processors with more "cores", since Vista was launched I have not seen any "revolution" in this domain. We deal with generalized stagnation - camouflaged under the guise of a so-called "progress". This progress is only a "quantitative" one.

This might be the only way to re-vitalize the sales of PCs - no matter how "big" they are (Desktops, Workstations, Servers, or Tablets).
Wolfram is offline   Reply With Quote
Old 31. May 2014, 07:30 PM   #10 (permalink)
J_L
Co-Author, Best Free Security List
 
J_L's Avatar
 
Join Date: Dec 2008
Posts: 2,003
Default

The problem is, what is the alternative for determining the safety of an unknown file? Especially for newbies. I don't think AV's are going anywhere.
J_L is offline   Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off



All times are GMT +1. The time now is 12:42 PM.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2021, vBulletin Solutions, Inc.