back to article Anti-virus products are rubbish, says Imperva

A study released in December by US security outfit Imperva has tipped a bucket on the multi-billion-dollar anti-virus industry, claiming that initial detection rates are as low as five percent, and concluding that enterprise and consumer anti-virus spend “is not proportional to its effectiveness”. Working in conjunction with …

COMMENTS

This topic is closed for new posts.

Page:

...spend “is not proportional to its effectiveness”

My spending on AV is very proportional to its effectiveness. I avoid using Windows unless absolutely necessary and, on the rare occasions I use Windows, it is protected by freeware AV software.

Avoiding malware costs nothing but a little time, a little knowledge, and a little caution. Use a secure OS, adopt a cautious approach to browsing and downloading.

25
23
Silver badge

Re: ...spend “is not proportional to its effectiveness”

Wow, I can see how that would work in the state secondary school I work in. With our 500 pcs and 2 staff I'm sure I could convert to Linux, harden the system, update patches and find all the software needed.

Back in the real world this isn't always possible. AV regular patching and locking down installation rights is the best we can do

21
10
Bronze badge
Mushroom

Re: ...spend “is not proportional to its effectiveness”

What do you call a 'Secure OS'? For instance most Linux distributions have loads more vulnerabiities than Windows does, as does OS-X.

0
30
Anonymous Coward

IMPERVA'S PRODUCTS ARE RUBBISH

We installed Imperva's database auditing software agent on an SQL cluster and it promptly fell over. Pile of Junk. (Eventually we went for Quest Change Auditor which while not perfect, at least doesnt take out your server).

3
1

This post has been deleted by a moderator

This post has been deleted by a moderator

Silver badge
Stop

Re: ...spend “is not proportional to its effectiveness”

@Eadon- because it costs less to licence MS + windows + servers than it does to employ a person who is skilled in the pre-requisites of such a Linux setup. £27 per PC gets us windows, all our CALS and office. Another 3k gets us 5 servers with all the VMS we need, sql, exchange, external connector, TMG and system center. Basically less than 20k per year. We cannot get a Linux sysadmin skilled in all the prereqs for that. Not to mention it would need a FULL rollout over the 8 weeks holiday with no system fallback. Me + assistant + guru would be hard pressed. That plus the change of MIS, retraining staff, students is simply not going to happen.

We binned open office (and libre office) due to the complexity of simple tasks such as:

-locking down a GPO of PCs under examination logins to remove spell check and grammar check facilities.

-universal templates based on logins (staff and pupils) with pupil templates residing on a central location edited by staff.

-feature lockdown for pupils i.e. dictionary additions.

-central rollout of default fallback styles

Old open office could accomplish this with a few batch files copying items on logon (the spell check logon was a bit hit and miss for the NEXT person logging in). This also meant that the files copied over needed access by users therefore COULD have been edited manually by certain people. Newer OO and LO do not let you do this anymore. In the end we use MS and GPO with system rights instead. Oddly enough MS then released EEC so we switched back.

I also assume you have never worked in a state school in a not-so-great area? We glue our power buttons so they cant be jammed open. We need to disable the intel hotkeys so all the screens aren't rotated 90 degrees permanently etc. Having an open Linux system would be tantamount to suicide from a tech point of view - I actually run a tech club (we play games for an hour basically) mainly so I can learn from the kids the newest driveby websites that screw up pcs or let them bypass browser lockdowns. I have also yet to see an open source system that can be rolled out and maintained by a small number of staff in the same way a GPO WSUS system can be- don't get me wrong I have 2 openfiler servers a few VMS with various FOG, apache, squid/dansguardian, moodle and "test" Linux distros (I tend to favour debian/ubuntu) and whilst i'm not technically inept MS has its uses.

Whilst open source is great in theory, it is only great if you have either lots of money to start with or lots of skilled staff. In the real world this is not possible and I does gall me to see people thinking open source is somehow free and that everyone should be able to do it.

36
9
Silver badge
Meh

Re: ...spend “is not proportional to its effectiveness”

Just like in medicine, a human being can be innoculated against certain nasties because the virus is known and measures to deal with them are already in place.

If a virus has mutated or something 'new' appears research is needed to develop the drug to deal with it.

I have no idea what point the article is trying to make. Anti virus software will always be better at dealing with what is known, than what has not been discovered yet. As soon as it has been discovered Norton, Kaspersky etc get on the case and update their data bases accordingly.

This protects us from the majority of the script kiddies, unfortunately some will get through every now and again until the 'cure' has been developed.

These is nothing new in the Imperva research, sounds like it is scare mongering to further whatever they are offering to sell.

5
1
Silver badge
Thumb Down

Re: ...spend “is not proportional to its effectiveness”

damn I thought I had an edit?

Anyway, I *do* know of one academy that tried to switch to Linux, they moved back to MS for the final rollout but that was for different reasons operationally (the academy went into special measures and the "rescue team" applied a model solution from a working academy - that meant MS). They had a staff of 13 (yes 13 although that included a couple apprentices) and just under 1000 pcs plus a helpdesk of 3 people producing documentation. THAT is a bigger waste of tax payers money IMHO.

3
3
Bronze badge

Re: ...spend “is not proportional to its effectiveness”

"back in the real world, why the hell is our government spending our tax on a poor operating system like Windows in schools?"

Because in the real world, those kids will want a job when they leave school, and Windows has the market share to help them with that. I've never seen a job advert asking for OpenOffice skills, but many asking for Microsoft Office, Word, Excel skills. Linux is a fine OS and does some things very well indeed, but the lack of a licence cost does not make a system cost less than one with a licence cost.

In the example of school systems, kids are evil and will actively try to destroy the computing environment for no better reason than that they want to. Windows has solutions (SIMPLE off the shelf solutions) available to allow school admins to lock out the actions kids may take to break the system. While these things are possible with Linux, they take far longer to implement and require more skill. As he said, they have hundreds of kids and 2 underpaid IT staff so Linux is simply not a realistic option. If you genuinely believe that Linux is in some way cheaper than Windows then I feel you may not have sufficient experience to make this sort of decision.

I don't work for a school but I did set one up with 1500 pupils and can confirm that school computing is a completely different world to any other environment. Even banks are less cautious (I've worked in banks too) because bankers are less likely to purposefully put a virus, script, malware etc on the computer. Bankers also don't push pencils through screens "just to see what would happen".

13
13
Stop

Re: ...spend “is not proportional to its effectiveness”

"Because in the real world, those kids will want a job when they leave school, and Windows has the market share to help them with that. I've never seen a job advert asking for OpenOffice skills, but many asking for Microsoft Office, Word, Excel skills."

Not true, unless you're taking the ad extremely literally. Asking for skill in "Word and Excel" is just lazy shorthand, what they really mean a lot of the time (and what used to be more common in job ads) is employees with skill in "word processing and spreadsheets". It's just the same as saying "skill at Googling" when they mean using search engines, or asking for a housemaid with skill at "using a Hoover" when any vacuum cleaner would do, because most if not all of the skills and knowledge, not counting specific UI familiarity which in Office has changed between pre- and post-Ribbon anyway, is entirely transferable.

Harder to stride is the gap between a real desktop-based spreadsheet and Google Spreadsheet...

16
6
Gold badge

Re: ...spend “is not proportional to its effectiveness”

"Even then you fail, because the Windows vulnerabilities are far more critical."

If you are running as a non-administrative user, Windows vulnerabilities are no more critical than Linux ones. I've been running as a non-adminsitrative user on Windows doe almost two decades now. It really isn't as hard as Microsoft make out. UAC was never necessary. Neither was AV software. Just do it right.

1
5
Bronze badge

Re: ...spend “is not proportional to its effectiveness”

"Not true, unless you're taking the ad extremely literally. Asking for skill in "Word and Excel" is just lazy shorthand, what they really mean a lot of the time (and what used to be more common in job ads) is employees with skill in "word processing and spreadsheets"."

If you get the list of CVs down to two candidates who are identical in every way but one has MS Word experience and the other has OpenOffice experience, and your company uses Word 2010 - you'll choose the one with MS Word experience. I get what you're saying, and anyone with real word processing skills can transfer them, but in reality people are ticking boxes. I work in a very Word heavy environment, and all of our staff probably had "Word skills" on their CV. My experience shows that not many of them even know how to use styles, let alone numbering or change tracking but the fact remains that "Microsoft Office" on a CV gets the CV past the HR team and to the person doing the hiring.

9
8
Anonymous Coward

Re: ...spend “is not proportional to its effectiveness”

For instance most Linux distributions have loads more vulnerabiities than Windows does, as does OS-X.

Thanks for starting this year with a laugh. Be honest, do you believe that yourself? There is a reason why AV vendors removed the "OS" tag from their database of vulnerabilities - otherwise their clients would start to leave the most vulnerable platform in droves and their business would dry up. I actually work with vulnerability and malware researchers of 2 different vendors so I'm pretty close to the fire on this one.

The sole and single reason where there is an anti-virus industry in the first place is because of Microsoft, and if you want any evidence of shoddy coding I suggest you watch what happens when you power up your Windows work machine after a week's break.

No, I'm not advocating a switch to platform X, Y or Z - the devil you don't know means you can make mistakes there too, but being unrealistic about the security of Windows is a sure recipe for trouble. Having said that, Windows 7 was actually a bit better (no idea of 8 yet, too early).

15
0

Re: ...spend “is not proportional to its effectiveness”

Well, why not have both Linux and Windows in schools? That way kids an get experience with both OSes and encourages them to draw similarities between the two, which only help their understanding of how computers work?

Crazy talk I know.

13
0
Anonymous Coward

Re: ...spend “is not proportional to its effectiveness”

Although I disagree with the "AV isn't required" statement(*), you're 100% right that running Windows as non-admin is effective - but there are two snags (which, incidentally, are not limited to the Windows platform only).

1 - users want to install something. This is the big bad hole of every OS - the trojan vector. Especially home users like to add software, and do not always take the required precautions. Give me 100 users and I'll show you 99 who just say yes to "this application wants admin rights, give it yes/no?", and 1 who thinks about it, then discovers he's late for lunch and answers "yes" too. It's only us techies who consider "hell no" as an option.

2 - a gazillion programs are developed to not only install at admin level (i.e. for a full machine instead of in user space), but also RUN that way. Typically, they are developed by companies with dev people that live at admin level, and it makes a screaming mess of permissions if you try to pry that access right away. It's less and less of an issue, but it hasn't been fully eradicated yet.

As for (*) - people that tell me they do not need anti-virus get one question from me: "how do you prove that?"..

4
0
Bronze badge

Re: ...spend “is not proportional to its effectiveness”

Does the "spend" include the extra cost in CPU requirements to get anything done with AV software running? I find that with on-access scanning enabled on an average CPU (2.4GHz Core2) doing things like installing software or windows updates takes 2-3x longer than it does without having it enabled.

The AV vendors' solution to malware proliferation seems to be to create anti-malware products that consume all resources on the machine to the point where it is made unusable, presumably in order to impede the spreading of malware.

8
0
Bronze badge

Re: ...spend “is not proportional to its effectiveness”

time is free now?

0
0

This post has been deleted by a moderator

Silver badge
Meh

Re: ...spend “is not proportional to its effectiveness”

@Eadon.

No you can't.

You cannot leave the setup and running of a proper system that is required for any official or educational purpose to the hands of a 'Linux Enthusiast for free'.

Will that person or persons then want to tie into a service contract? Have SLAs (will they want to be called out at 6am to help fix an issue before exams start at 9am?). Offer phone support etc. etc.

People like that can be a great help for when you get started, everyone loves setting up folks new kit. But when it goes wrong or stuff needs sorting, folks giving their time for free, usually find they are 'busy elsewhere' when you need them.

9
5
Bronze badge
Thumb Down

Re: ...spend “is not proportional to its effectiveness”

All of you guys in favour of Linux in schools, out of interest, do you, or have you worked in a school environment?

Regarding the idea of running both, there was a recent article about RaspberryPi in schools which summed it up nicely. The guy in charge of IT teaching there said they already have Windows systems on every desk, and there is very little extra that the RPi could teach which cannot already be done on the Windows desktop. The logical conclusion to this was that there was no point buying the extra devices regardless of how low cost they are. In reality, the devices would have been taken from the classrooms within a week anyway unless someone screwed them down, and even then some will go missing!

Regarding someones comment about extra CPU cycles to run Windows with AV, this can be safely ignored since the systems must be replaced regularly to remain in hardware support. There are many studies showing that TCO is lower for in support systems so please don't anyone argue that kids should still be using original Pentium systems because you can get spares on Ebay...

3
7

Re: ...spend “is not proportional to its effectiveness”

Danny, have you looked into applications like Deep Freeze?

A colleague back home introduced that at his school and cut his system downtime by around 80%.

Yes, the greasy little snots still like to break the cup holders and jam pencils in the fan inlets, but having the fix being as simple as a reset makes everything clean meant most of the malware or games they would install simply vanished.

It also meant he could push out locked down images for exam situations, or IT teachers could use the "games image" when the class had been behaving well without compromising the systems.

1
0

This post has been deleted by a moderator

This post has been deleted by a moderator

This post has been deleted by a moderator

This post has been deleted by a moderator

Bronze badge

Re: ...spend “is not proportional to its effectiveness”

Eadon: Oh dear.. you don't seem to understand.. the term 'Linux distribution' is correct, AFAICS.. quite often shortened to just Linux..

http://en.wikipedia.org/wiki/Linux <<- go on look at the link!!

and do see the note there... :p

"This article is about the operating system. For the kernel, see Linux kernel."

Just like you can say 'MS OSes' to mean anything from DOS (yes, it IS still used.. ) through PC OSes and Mobile OSes...

The problem is it is often installed to run as administrator, so the newbs who install it dont have a panic attack, and phone MS continuously because their stuff wont work properly in user mode!!

this is how it is *sold* at most places.. If they at least load the PC with a good user account, it would be far safer, and devs would *have* to make sure their stuff works!!

That is how Linux is normally installed at first, with big warnings if you venture toward the admin account..

and unlike windows, there are many apps supplied as part of the install..

4
2
Silver badge

Re: 2 - a gazillion programs

Prime evidence exhibits:

1. MS Visual Studio (any suite after VB6).

2. Adobe CS Suite - which is actually worse than MS Visual Studio. Not only does it require an account that must be administrative level, then you have to Run As Administrative account on the damn thing.

Yeah, I worked in a shop where we TRIED to lock it down to industry standards and abandoned it as a Sisyphean nightmare after we had to make changes for those applications.

1
0
FAIL

Re: ...spend “is not proportional to its effectiveness”

@Dany14

"Having an open Linux system would be tantamount to suicide from a tech point of view "

You haven't a clue what you're talking about. Like most teachers.

"Whilst open source is great in theory, it is only great if you have either lots of money to start with or lots of skilled staff"

Yeah, I'm always happy when I know that the Windows network I've logged into is run by unskilled staff. That never goes wrong.

My advice to you would be to get out of teaching before you do any more damage to the kids.

6
9
Silver badge

Re: ...spend “is not proportional to its effectiveness”

"and if you want any evidence of shoddy coding I suggest you watch what happens when you power up your Windows work machine after a week's break."

Go on, tell me, what happens. Because I'm pretty sure I went in, pushed the power button, and waited for the usual startup stuff to complete... nothing extraordinary, nothing blew up, the time was even correct. Wow.

I've had my old XP machine come out of hiberate after EIGHT MONTHS with no unexpected effects. The only quirk was it fiddled the time zone for summer time, and a tooltip popped up to tell me of this.

So, your point is?

6
0
Silver badge
Thumb Up

Re: ...spend “is not proportional to its effectiveness”

It appears to me that some folks seem to think you can successfully support essential systems by the will of the "Linux Goodwill Support Foundation" alone.

If that's the case can someone setup a database listing all these wonderful Linux experts that will offer the following to support such systems -

1. Will offer 24 hour phone support.

2. Will offer 24 hour remote support.

3. Offer full SLA terms to the customer at the customers discretion.

4. Will be on-site within 2 hours of call out.

5. Offer 24 hour on-site support.

6. Must have a smile on their face at all times.

7. Must do this for no charge to the customer whatsoever (tea and biscuits provided at customers discretion)

I'm sure such a database of individuals would turn the IT world upside down. Queueing round the block to get on it I bet.

I look forward to exploi...making use of their talents at zero cost to myself.

9
1
Bronze badge

Re: ...spend “is not proportional to its effectiveness”

I'm not knocking the RPi at all, I was mentioning a well reasoned article about someone who works in a school explaining why they were not planning to buy them for their computing class. The answer if you read carefully is that there is no need to because what they have does everything and more. If they had nothing the answer may have been different but for the other computing classes they need a proper PC and so they have no need of the RPi.

0
0
Bronze badge

Re: ...spend “is not proportional to its effectiveness”

What do you have against Americans? And for that matter, which software would you have them run which is not American? Linus is a Finnish American so Linux is out. SuSe was German I believe, RedHat is American, Apple is Canadian I think (I've not looked these up so appologies for innacuracies). Ubuntu started by a South African.

Outside of your bedroom, people require supported software so even when using Linux in business or schools the OS will still be paid for and money will "leave the country". That said, Microsoft have tens of thousands of staff in the UK and their partners have even more (I work for a partner and we bring more money IN to the country via MS deals than we see leave). I'm unaware of any major Linux company bringing any cash into the UK, although RedHat has a small partnership program here so I'm sure they bring some in (we are a RedHat partner but don't make much extra from it beyond licensing).

2
4

This post has been deleted by a moderator

This post has been deleted by a moderator

Re: ...spend “is not proportional to its effectiveness”

@jason 7: It appears to me that some folks seem to think you can successfully support essential systems by the will of the "Linux Goodwill Support Foundation" alone.

And there are those that make pretty daft comparisons. I mean, sure if you do genuinely get all of that support completely free for Windows then you might have a point, but do you?

For a school install, TCO *should* also include the cost of providing all students with a home installation of all software being used in the school. A colleague was recently shopping around for the cheapest way to buy MS Publisher because that was being used in school (because, like, if you want to get into publishing you're going to need MS Publisher on your CV, right?). The current "work out for yourself where PirateBay is" solution isn't helping anyone on the Anti Virus front.

When I was at school, I had access to a BBC B micro (and an RM 380Z). The only reason I'm in IT now is because those two pieces of hardware - and their respective operating systems - are obviously the most common ones found in today's workplace.... No, sorry, back in the real world we were taught to use tools not brands. Did it matter that my Casio calculator had buttons in different places from my schoolmate's Texas calculator? Yeah it made things slightly harder for the teacher, but it taught us how to use the damn things not just copy someone by rote. Because all those kids who learned on XP and Office 2003 (but only in school, because they couldn't afford a home licence) are really going to find Win8 and Office 2013 so much easier in the workplace than anyone who was taught general wordprocessing and spreadsheet skills on OpenOffice (and was able to work on them at home using the free install CD they were sent home from school with).

</soapbox>

6
2

This post has been deleted by its author

Anonymous Coward

Re: ...spend “is not proportional to its effectiveness”

"It's a disgrace that our tax is being used to pay Microsoft to get our kids hooked on MS software. Even if you get discounts (first hit is free) it's still unforgivable."

Primarily a BSD user @ work commenting here Eadon...

Not that I disagree with the opinion that open source should be a strong consideration, but personally I think it's a disgrace that you believe that you have the right to dictate what my tax money should be spent on.

But in retort, schools should not be using any single OS (Windows, Linux or whatever) - They should be preparing kids for the real world by teaching them from multiple OS's - as that's how the real world functions.

Sorry, but I can never bring myself to trust evangelists and zealots - of any flavour.

4
1
Anonymous Coward

Re: ...spend “is not proportional to its effectiveness”

RICHTO's question: "What do you call a 'Secure OS'?"

Answer guidance:

Windows: 0.25 points

GNU/Linux: 0.5 points

OpenBSD: 1 point

Best general answer: OpenBSD ;)

0
0
Silver badge
Facepalm

Re: ...spend “is not proportional to its effectiveness”

@holymcr

You missed my point entirely.

What I'm saying is as an IT manager or someone responsible for the upkeep can you really relax and sit back and trust your important systems to either -

A. A proper support company with full organised 24 hour support (onsite/remote etc.) proper SLAs, disaster recovery policy and turn around times that you pay £X a year for.

or

B. Terry and Jeff (lovely blokes) who popped round one weekend (working somewhere else Mon to Fri) as a favour to install it all for a couple of pizzas and a six pack of cola.

Its got nothing do with the operating system or the kit. It's about peace of mind knowing that support is available when you need it and not away on a rugby weekend when you need them.

Please feel free to sign up to the Linux Goodwill database however.

2
1
Thumb Down

Re: IMPERVA'S PRODUCTS ARE RUBBISH

If you're going to slag someones product, then you should at least have the courage of your convictions and not go under "anonymous coward", if not actually citing some proof (!). Downvoted.

0
2

Re: 2 - a gazillion programs

Prime evidence exhibits:

1. MS Visual Studio (any suite after VB6).

I had to read this twice, the first time I read it as 1. MS Visual Studio (any shite after VB6).

0
0
Gold badge

Re: ...spend “is not proportional to its effectiveness”

The AV vendors' solution to malware proliferation seems to be to create anti-malware products that consume all resources on the machine to the point where it is made unusable, presumably in order to impede the spreading of malware.

No, no, that's on smartphones. Do pay attention :)

0
0
Anonymous Coward

Re: ...spend “is not proportional to its effectiveness”

I've had my old XP machine come out of hiberate after EIGHT MONTHS with no unexpected effects.

Depending on your network link you may need to wait about 10 minutes or so before the first patch warnings start to appear. You will probably have set them to automatic so you're simply used to a beefy machine running a ZX Spectrum, but I monitor everything that flows through my network because of my work and boy oh boy, a cold started Windows box sure does a lot of catching up.

Incidentally, you're right in that there are no UNexpected effects because the above is well known - and you know it..

0
0
Anonymous Coward

Re: ...spend “is not proportional to its effectiveness”@Eadon 13:33

I'm inclined to think you're lying about the kernel compilation thing, Eadon. Frankly you don't come across as someone who's used Linux for more than a year.

2
1
Bronze badge
Mushroom

Re: ...spend “is not proportional to its effectiveness”

See the work by Jeff Jones. Even if you adjust a commercial enterprise Linux install to match the content of Windows, it will still have far more vulnerabilities that are on average more critical and on average take longer to get patched (more days at risk)....

0
3
Bronze badge
Mushroom

Re: ...spend “is not proportional to its effectiveness”

Good points - but just for the record as someone who hires plenty of staff - good Linux sys admins are actually on average cheaper than good Windows ones...There are lots of people with legacy unix skills floating around looking for a job, whereas Windows is much newer....

0
3
Bronze badge
Mushroom

Re: ...spend “is not proportional to its effectiveness”

I remind you that the first and worst internet worm ever was on UNIX based systems....

0
4
Bronze badge
Mushroom

Re: ...spend “is not proportional to its effectiveness”

Windows has a significantly lower TCO than Linux for pretty much everything other than web hosting...and that's rapidly closing the gap too....

0
3
Bronze badge
Mushroom

Re: ...spend “is not proportional to its effectiveness”

Complete rubbish. There have been plenty of exploits in the Linux kernel. This is one of the reasons why you are so much more likely to be hacked if you run a Linux based internet facing server compared to a Windows one:

http://www.zone-h.org/news/id/4737

0
3

Page:

This topic is closed for new posts.

Forums