Security vendors including CA and Symantec failed to secure Windows systems without fault in recent independent tests. Twelve of the 35 anti-virus products put through their paces by independent security certification body Virus Bulletin failed to make the grade for one reason or another and therefore failed to achieve the VB100 …
so why would anyone use PC Tools
Why? Unless they _want_ to get their systems to be happy hunting grounds for malware?
Nothing to see here ... move along
McAfee and Symantec are the worst of the big boys. That's because they spend all their money on telling you how good the product is instead of making the product good.
"in many cases seeing the whole machine shutting down"
That'll be Norton then.
I always thought the VB100 standard was a program longer than 100 lines written in VB that would compile.
Can't read the full article
Even if you register, they want 175 Quid to be able to read the full report.
...to see ESET slipping down the rankings. At one time I wouldn't have hesitated to recommend their products. Now it's in the same class as One Care (that *has* to be pronounced in a French accent for best effect).
On a brighter note, Avira's detection engine just gets better and better. Now we just need them to bring out a product which doesn't expire and I may just start recommending their paid-for versions to people. This restricted subscription business model really needs to stop, especially for home users who are usually totally ignorant as to the status of any security software on their systems.
Come on, guys, realise that it's this subscription model that almost forces home users to use free versions that loses you sales. Sure, subscription-based licensing for business class AV, but let's stop leaving the n00bs, granny and the kids' machine under the stairs, connected directly to the Internet via a Voyager 105 and no firewall high and dry every year, since these are what end up being the spam-spewing zombies.
Yeah, yeah, Loonix doesn't need anti-virus (got a mail server or Samba and Windows clients? Trust me, it does, otherwise you're a part of the problem), anti-virus is an unnecessary resource hog (so is reinstalling, even from an image or RIS and $DEITY help you if the malware exploits a CIFS - or anything else - hole on your local network), you're smarter than the n00bs and don't need AV (of course you don't until you realise that the software package you rolled out to 200+ machines is full of worms). Heard it all before and seen the results of this type of asshattery.
Definition based detection
So it's long been known that definition based detection is no longer a viable security tool.
With several thousand viruses released every day, how could you possibly hope to pool a reliable sample?
The main AV companies need to move over to behaviour monitoring as a main with definition detection only as a fall back.
Symantec bought out PC Tools if memory serves, so maybe we will see the power of ThreatFire in later releases?
Paris, because you'd never get an infection with her...
Your rant makes no sense. I presume you are pointing out that the Loonix machine might be used to store or forward infected files to Windows boxes. How is this the responsibility of a machine that is unaffected by the "infection" and is merely storing and forwarding bit patterns it receives from elsewhere? Should routers run AV? Should CAT5 cables? Where does it end?
The whole debate is academic, however. The results have been in for over a decade. AV doesn't work. The bad guys can issue new code faster than the good guys (hah! if you want to call them that, pushing FUD and extracting cash from naive users) can distribute updates. The only way to stop infections is to stop running untrusted code. Happily, whilst Linux culture is certainly way ahead of Windows on that front, there's no technical reason why Windows users can't take this approach too.
Is anti-virus even relevant for corporate use?
Of course anti-virus is going to fail. Symantec and F-Secure claim they are seeing 11,000+ new pieces of malware daily. There is no way to defend against a flood like that with a signature based solution.
Most of my clients have migrated to application control which makes malware a non-issue. I have a few write ups on my blog if anyone is interested: http://www.chrisbrenton.org/?s=malware
Where's the leader?
I'm shocked Antivirus 2009 isn't listed. Must be sitting it out like Trend Micro.
"in many cases seeing the whole machine shutting down"
That would be McAfee VirusScan running on a 64-bit Vista box then. I made the fatal mistake of installing it (it was free from the bank, I was weak!) and it immediately caused issues and then a blue screen on every start-up. Found out it was some patching service over the network driver. Disabled it. After, still get a BSOD on the first startup. 3 hard resets later and Vista would boot-up. Completely removed McAfee AND used their removal tool - still getting BSODs. Finally MS's SP2 actually fixed the BSOD issue just as I was about to re-install the machine.
Back to AVG free now, lesson learned. Still think I should re-install Vista though.
Most of this stuff is pure scareware.
I get a lot of customers asking me to remove these full internet AV suites from Norton and Kaspersky. They just scare the bejeezus out of joe average user and tie their PCs down to nothing more than warning popup machines. Get rid of them and the machine feels like you've doubled the CPU and ram.
I love the ones too that wont actually allow you to uninstall it unless you download another tool from their website (Norton).
Unless folks are looking for porn they only need a basic AV program that sits quietly in the background.
Still they keep me in jobs...
@Dave 129 and EJ
I would if I were you :) Been happily running Vista 64 for 2.5 years now without AV and loving it....and no I havent gotten a virus.
That because its too busy finding infected files on your system and telling you that you need to pay for it :)
Someone failed to secure Fista? But the told me it *was* secure!
"Linux culture is certainly way ahead of Windows"
If that is so, why does my network admin have two FTP services, two VPN's, two Browsers, two...etc. on the server? That is, the Open Source FTP server and the native FTP server. The native VPN and the Open Source VPN. The native Browser and the Open Source Browser. The native scripting languages and Python and Perl. The Open Source Remote Control service and the native Remote Control service. The native etc and the Open Source etc. In my workplace, the Linux culture is always to install more unneeded code and more redundant services, on the servers as well as on the workstations..
Anyway, I'm using AVAST(Awil) & AVG & Aviria & MS & Threatfire (Not all at on same machine!). AVAST because it also has a boot-time scanner. For whatever reason, the boot-time scanner (signature based) finds malware that MS and AVG and Avira don't find when Windows is running. Our experience puts AVG behind the others and AWIL in front, so I have sympathy with Trend Micro: there may be considerable variation in the results.
I'm somewhat disappointed that Avast didn't opt to be in the trials.
Not really new news...
We all know that Windows boxes get more malware/virus attacks/variants, we also all know the reasons why.
But Linux users shouldn't sit too comfy, as their market slowly grows so will the attacks -- just look at Apple of late. A large percentage of the holes are in third-party code/apps, and no OS is 100% safe from this.
MS just needs to educate their end-users into not using an administrator level account for everyday and interweb surfing use.
Personally I don't run AV/AS on most of my systems, Linux or Windows, simply because I don't allow surfing the net or email retrieval on them, and I've never had a problem in decades with my so-called unprotected computers. Most AV is too expensive and their [false sense of] "security" is always "too late" since their def updates are always way behind the threat releases.
I've met a few folks that dont run AV...
....because they state they dont need to due to their expert IT experience and their machines are squeaky clean blah blah.
I've then challenged a few to run their HDDs through a AV scan.
Oh look...34 trojans.......etc.etc.
"I'm somewhat disappointed that Avast didn't opt to be in the trials."
Maybe I'm missing something here, but...
Alwil is on the chart at <http://www.virusbtn.com/vb100/RAP/RAP-quadrant-Feb-Aug09.jpg> occupying nearly the same spot as Sophos, hmm...
Although I didn't play the virusbtn.com annoying registration game <http://www.virusbtn.com/vb100/archive/2009/08> so I don't know what's on that other page.
@jason 7 -- FAIL
If a PC is configured and then closed to any additional software installs, and is never used for Internet access, then how is it going to get trojans? They magically get passed through the air like the flu?
You don't know what you are talking about.
For one example I have an HTPC sitting in my living room that does nothing but play TV and movies, and a closed development computer that only has three high-end applications installed and is never used for anything else.
Tell me how those will get viruses?
I'm confident enough to wager you a $million bucks on your challenge.
If you want to put your money where your mouth is, I'll send you my address so you know where to send the cheque...
You know and I know that just being near an internet means that hackers can WirelessFi into your computer's hard drive and risk smashing its windows.
It's absolutely nothing to do with the user going to disreputable sites and being curious about these emails he keeps receiving about breast augmentation. It's all about the hackers implanting trojan virusses and flash Javas on your system.
@James O'Brien -logic?
"James O'Brien Posted Thursday 6th August 2009 21:40 GMT
I would if I were you :) Been happily running Vista 64 for 2.5 years now without AV and loving it....and no I havent gotten a virus."
Errm, if you haven't used any form of AV how do you know you've never gotten a virus? to the best of my knowledge they don't pop up and tell you they have arrived.
I do appreciate where you're comming from in that I dont doubt many of the bloody things trigger false postives etc but unless you've never connected it to any form of network and never inserted any usb/cd into it i'd probably want to do a scan once in a while, probably with that free version of avira that appears to have kicked the big boys to the curb. I never heard of them before, might check 'em out.
Just to check, Virus Bulletin isn't linked in any shape or form to any AV vendor right? totally independent and verified so?