Gizmos Freeware Reviews  

Go Back   Gizmo's Freeware Forum > Debating Chamber > Security

Reply
 
Thread Tools Display Modes
Old 25. May 2011, 06:45 PM   #11 (permalink)
Senior Member
 
Join Date: Jul 2009
Location: Northeast US
Posts: 476
Default

Quote:
Originally Posted by MidnightCowboy View Post
I guess all this is just a roundabout way of trying to convey that because product "A" scores 98% in a test, only a fraction of these detections might be relevant to user "B's" needs and if more reliable information was available, many Windows users might decide they don't need a resident AV at all. This point was made quite eloquently by Dedoimedo in one of his articles a while back.
Yes, I read the article and it's a good point. Mitigating the attack surface, minimizing the potential holes or exploits closes the barn door before the trojan horse has a chance to get inside. If the horse doesn't get inside, there's no reason to cleanup after him.
__________________
T
Taurus is offline   Reply With Quote
Old 25. May 2011, 08:48 PM   #12 (permalink)
Site Manager
 
MidnightCowboy's Avatar
 
Join Date: Aug 2008
Location: South American Banana Republic, third bunch from the left
Posts: 15,165
Default

OK, lets look at it another way.

In the last 12 months I haven't had a single detection that was real malware from either a resident or passive scanner except when someone was allowed access to this machine without my knowledge and stuffed an infected flash drive into it. Even so, the problem was soon resolved. Within that same period though I received maybe hundreds of alerts from DNS and browser extensions which I acted on as appropriate.

Lets try though to look at more of an average picture and say during this period I had picked up a dozen pieces of malware, even with some added protection in place, which were then dealt with by my resident AV. Let's also suggest, as is likely, that not all of these were picked up in real time, but subsequently found during a scan. Without bringing luck into this scenario, unless one or more of these happened to be a particular rootkit, the chances are that Malwarebytes, Emsisoft or one of the other free scanners would have achieved the same objective, albeit a bit later in some cases, but with no lasting damage to the system.

So, this leaves two choices. Does this user start adding more things in an attempt to cover the shortfall (missed infections) in real time, or take the resident AV out all together as being radically unnecessary? What I see happening most of the time is approach 1. Even without an infection, folks will read an article like “Bank BOT Strikes Again” and immediately start searching for an anti-keylogger. The fact they might already have this within their current setup is inconsequential compared to the need generated by the article.

I really do believe more and more that vendors grossly over exaggerate the true risks by bombarding people with stats none of us can fully understand, with the sole purpose of increasing product exposure. Although somewhat muted now, Prevx adopted a scandalous approach using this type of marketing not too long ago. In many ways that used by ThreatFire even now isn't much better. No one for instance is going to convince any Kaspersky owner they get 217% less protection because they haven't got ThreatFire as well. Why?, because in the real world of our average user, it simply isn't true.
__________________
Buy a Hoover and prove technology sucks.
MidnightCowboy is online now   Reply With Quote
Old 25. May 2011, 09:00 PM   #13 (permalink)
Bob
Senior Member
 
Join Date: Apr 2008
Posts: 600
Default

Quote:
Originally Posted by MidnightCowboy View Post
I really do believe more and more that vendors grossly over exaggerate the true risks by bombarding people with stats none of us can fully understand, with the sole purpose of increasing product exposure.
That's certainly in their interest. And one reason why truly independent critical evaluation is necessary.
Bob is offline   Reply With Quote
Old 25. May 2011, 10:20 PM   #14 (permalink)
Senior Member
 
deya's Avatar
 
Join Date: Oct 2009
Location: UK
Posts: 1,448
Default

Okay, my two pence worth.

Statistics can be, and often are manipulted for whatever reasons. You either believe them or you don't. I don't know if I can add anything really constructive to this but for what it's worth I've made a list of the various Windows machines that have given me problems over the last 12 months, there are seventeen of them. These are not in commercial use, they belong to people I know, 'average users', and they have all been infected to varying degrees in that time span, eight of them more than once and all eight with fake AV's.

All seventeen had various AV installed, but once they had been cleaned of infection I offered to install MSE on them. Nine agreed to that, along with having the latest Firefox browser installed along with WOT. They agreed to stick to the WOT ratings, keep the system, the AV and the browser updated. None of them have been infected since and at various times I've scanned them myself with the usual stand alone scanners, MBAM, HMPro etc.

The other eight wanted to stick with their various AV's and surfing habits and at varying times they all became infected again. Again, the machines were cleaned but MSE was installed, along with the latest FF and WOT. None have been infected since, and again, I've scanned them all myself. No infections. None of the seventeen use third party firewalls, all use Windows firewall and they all use their own various ISP DNS servers. None of them use NoScript.

This (my) statistic is not meant, in any way, shape or form, to insinuate that MSE is better than A, B or C anti virus. It was installed for it's simplicity and general ease of use for day to day interent use, but I also believe that WOT and a secure browser play a big part in keeping those machines clean now. None of them used WOT before I installed it for them and showed them how to use it, and every one of them has continued to use it.

But all seventeen feel more comfortable using MSE as far as understanding what it's doing and how the alerts work, and they feel more confident in letting it deal with alerts if they get them. I think that's the important part..

I know that all seventeen of those people would now say that;
System + Windows firewall + MSE (for ease of use) + secure browser + WOT = very low stress level, unlike before. Risk level? - I don't know.

And that's not to say it will last forever, nothing is guaranteed but it's an accurate, if only a very small statistic - and definately not manipulated.

Last edited by deya; 25. May 2011 at 10:25 PM.
deya is online now   Reply With Quote
Old 25. May 2011, 10:26 PM   #15 (permalink)
Senior Member
 
blues's Avatar
 
Join Date: Jan 2011
Location: Blue Ridge Mtns
Posts: 101
Default

Some excellent real world info, deya. Thanks for sharing that. Makes me feel quite clever for moving myself and the missus to MSE.

(So far...)
__________________
Emsisoft Internet Security / Sandboxie
blues is offline   Reply With Quote
Old 25. May 2011, 10:53 PM   #16 (permalink)
Bob
Senior Member
 
Join Date: Apr 2008
Posts: 600
Default

Quote:
Originally Posted by deya View Post
Statistics can be, and often are manipulted for whatever reasons. You either believe them or you don't.
Well, sort of... Manipulation of statistics gives the discipline a bad reputation with the general public who generally are not in a position to arrive at a critical appraisal of what they're being told. That requires specialized knowledge which most people simply don't have. It also presupposes openness on the part of the people providing the statistics, which is rare -- often due to conflicts of interest. And even then, reporting all the salient points of your methods completely is actually remarkably difficult anyway. So in practice, it often does end up as being at least to some extent a question of belief. Nevertheless, I would strongly defend genuinely independent attempts to provide valid independent testing with some transparency, as at Gizmo's.

However, as I understand it, MC's real criticism is not so much that statistics are irrelevant per se (although he did rather start off in that key), but to question the relevance and applicability of the sort of testing that is commonly reported on security sites to the "real world" of many users. I think that really is an interesting question.

[EDIT: Whether or not I'd be prepared to go without the umbrella of Avira (or something similar), I'm not so sure as yet.]

Last edited by Bob; 25. May 2011 at 11:24 PM.
Bob is offline   Reply With Quote
Old 26. May 2011, 02:23 AM   #17 (permalink)
Senior Member
 
Join Date: Jul 2010
Location: New Zealand
Posts: 1,741
Thumbs up

Quote:
Originally Posted by deya View Post
... the various Windows machines that have given me problems over the last 12 months, there are seventeen of them. These are not in commercial use, they belong to people I know, 'average users', and they have all been infected to varying degrees in that time span, eight of them more than once and all eight with fake AV's.

All seventeen had various AV installed, but once they had been cleaned of infection I offered to install MSE on them. Nine agreed to that, along with having the latest Firefox browser installed along with WOT. They agreed to stick to the WOT ratings, keep the system, the AV and the browser updated. None of them have been infected since and at various times I've scanned them myself with the usual stand alone scanners, MBAM, HMPro etc.

The other eight wanted to stick with their various AV's and surfing habits and at varying times they all became infected again. Again, the machines were cleaned but MSE was installed, along with the latest FF and WOT. None have been infected since, and again, I've scanned them all myself. No infections. None of the seventeen use third party firewalls, all use Windows firewall and they all use their own various ISP DNS servers. None of them use NoScript.

This (my) statistic is not meant, in any way, shape or form, to insinuate that MSE is better than A, B or C anti virus. It was installed for it's simplicity and general ease of use for day to day interent use, but I also believe that WOT and a secure browser play a big part in keeping those machines clean now. ...
Good comment. I can echo many of your comments.

Almost all of the infections that I have had to deal on friends' PCs have been introduced by fake AV products. My friends wanted AV protection so they clicked the first ad for free AV. I install MSSE for them not because it is the best but because it is simple.

I've used Avira, MSSE and AVG as my primary AV and would recommend them in that order but I prefer MSSE because it is so simple. I don't run scans. I've only had 2 identifiable online problems in 10 years: AVG and Avira picked them up. I use Windows Firewall now but I used to use Jetico which would regularly warn me of problems from the net. It doesn't seem to make much difference to my security.

A very intelligent friend of mine deliberately uses minimal security. He develops commercial software and online and installable games. He works on several computers and regularly works for 18 hours a day with heavy downloading and visiting lots of sites that I wouldn't go near. He has no security except the default OS and browser features. No AV, no firewall, nothing else. He has not had any problems at all. While he may have been infected with something he has never had any noticeable negative impact even if he has been infected.
Remah is offline   Reply With Quote
Old 26. May 2011, 03:18 AM   #18 (permalink)
J_L
Co-Author, Best Free Security List
 
J_L's Avatar
 
Join Date: Dec 2008
Posts: 2,003
Default

How in the world is NoScript no maintenance? Without rigorous maintenance of its whitelist, you'll have a broken internet.

Quote:
Originally Posted by Taurus View Post
Can IE9 go into a "virtual" mode with Win 7?
There's protected mode using UAC, which works similarly.

As for my own levels:
Stress - 5, Risk - 0.01, Protection - 9.99
J_L is offline   Reply With Quote
Old 26. May 2011, 03:37 AM   #19 (permalink)
Senior Member
 
blues's Avatar
 
Join Date: Jan 2011
Location: Blue Ridge Mtns
Posts: 101
Default

I can't remember the last time I actually made any kind of change to NoScript.
I just keep installing the latest version over the last and haven't experienced any issues.

When I need to temporarily provide permissions I don't worry too much as it's being opened in a sandboxed browser anyway.
__________________
Emsisoft Internet Security / Sandboxie
blues is offline   Reply With Quote
Old 26. May 2011, 04:14 AM   #20 (permalink)
Senior Member
 
bo.elam's Avatar
 
Join Date: Nov 2009
Posts: 1,714
Default

Quote:
Originally Posted by blues View Post
I can't remember the last time I actually made any kind of change to NoScript.
I just keep installing the latest version over the last and haven't experienced any issues.

When I need to temporarily provide permissions I don't worry too much as it's being opened in a sandboxed browser anyway.
My own experience with NoScript is exactly as yours. My settings and whitelist
is basically the same it was when I first started using it 2 years ago.
All changes that I make to it get reversed when I close my sandboxed Firefox.
I feel I get a lot of protection from NoScript with 0 stress.



Bo
bo.elam is offline   Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off



All times are GMT +1. The time now is 07:36 PM.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2019, vBulletin Solutions, Inc.