Avast alert finds WHOLE WEB malign Major freebie anti-virus scanner Avast has apologised for a cock-up defining the vast majority of the web as malign. Rather than a Howard Beale-style insight into the state of the modern interwebs, the finding of any sites with scripts or frames - including Avast's own support forums - as malign was the result of a rogue virus …
Scanning every website you visit for every possible (known) virus is silly.
If you surf the web with any regularity, you need an OS/browser combination that is hardened against infections, and designed to contain them (relatively) safely if they do take hold.
You don't want some gun-slinging wideboy OS walking around shouting "If you shoot first you better not miss because I won't". When in fact said OS misses every time, and drops the keys to the castle behind him as he runs away crying. Jesus.
The only surefire way to not get infected by the web is to not get on it. In any other circumstance, there WILL be a way. No system is hardened enough against exploits that you can't get owned in some way. A combination of user hacks, privilege escalations, and so on could knock down just about anything: including a "secured" OS.
because AV doesn't catch *everything*, you are going to turn it off so it might as well not catch *anything*? That is exactly the kind of attitude that will get your computer pwned. New exploits come out for modern, "hardened" browsers every week. Some are disclosed, and some aren't.
Not really, I regularly check what executables are running on my box and dialing into which IP addresses. I haven't spotted any strange activity yet (at least nothing that couldn't be satisfactorily explained as benign with a bit of careful research). And of course I am generally careful about what I do on the computer in the first place.
I could have a rootkit, but so could anyone, because that is exactly the kind of thing that slips through the Antivirus net, regardless of how much it comforts you to believe that you are protected.
Instead of wasting time and/or money on Antivirus software, buy a nice pot plant and put it somewhere near your monitor. It will enrich your life more than any security software.
(that's after you install that secure OS I was talking about earlier, of course)
PS. Obviously I recognise that if you don't know how to use a computer properly, you should use Antivirus software (I make sure my family do), but think of it only as the training wheels on your bike. If you never want to take them off, fine by me, but don't expect me to feel as though my two-wheeled bike is somehow inadequate.
just because AV doesn't catch everything doesn't mean you should shun it. Yes, I realise that Linux malware is rare, which is, I suppose, how you justify your not using AV. But for the 87% of all computer users whose computers run Windows, it is important. Eight years of experience programming (I assume that counts as using a computer properly, but you appear to be the expert on that), and AV has saved my ass several times.
The best example of this I can give you: Firefox allows prefetching of search results, which is on by default. I once googled for something inconspicuous, and my firewall/AV combo caught an intrusion attempt. As it turned out, Firefox prefetched the first result which just so happened to be malicious. The website attempted to attack my computer. No regular monitoring of executables or open connections could have caught that, my friend.
And, FYI: I've seen AV catch rootkits before. Just because it doesn't always doesn't mean you shouldn't try.
I always thought prefetching was a bad idea (or at least, a relatively pointless one). Hopefully in the future software will be designed with these considerations in mind, but you have highlighted our sometimes misplaced trust in the software vendors and their products. Bear in mind of course that placing too much trust in your AV can be as dangerous as placing too much trust in your browser.
It was wrong of me to discount AV completely, or to come across that way. (I LOVE hyperbole).
I just see it as a losing battle, if your AV catches 80% of malware now (just a guess), how much will it catch next month? Next year? In 5 years? At some point the percentage will level off at a relatively useless level, given the exponential growth of malware. I think it would pay to start coming up with alternatives now.
Your argument applied to a different problem:
Did you know that new mutations of bacteria and viruses are discovered constantly? Eventually medicine as we know it will be useless. Therefore, we should stop using medicine and find other ways of protecting ourselves. I propose living in a bubble.
No.
Because medicine relies on a DIAGNOSIS from a trained professional, in other words a doctor.
Medicine is not an attempt to have the population hopped on drugs 24/7 "just in case" they catch something. In fact medicine fails when applied in this way, you cannot put everyone on antibiotics because then they will stop working.
You may be thinking about vaccination, in which case the closest computing metaphor for a vaccine would be a software patch, (which I am all in favour of, obviously), and not Antivirus software.
Furthermore, do you know what the medical world lacks? Good antivirals.
I saw the web alerts yesterday, and assumed that they related to some dodgy ads loaded as part of the page (or which would have been loaded).
This morning on a freshly booted PC and with Avast! updated it started complaining that DVD menu authoring software I run regularly should only be run in the Avast! sandbox.
Related?
Every IT manager pays lip-service to the demand of installing resident antivirus software, but in reality it isn't that effective as a protection. Mainly because the dangerous malware is the new stuff which hasn't yet been examined and catalogued by the AV people. That, and feature-bloat is a major problem with AV software. I guess this is because to the uninitiated, the package with the most 'shields' seems -on paper- like the better one, so to win the sales-war every vendor has to bloat their offerings to the max.
What users don't realise, of course, is that most of these 'shields' are just pointlessly duplicating the action of the core product. If a webpage is scanned before you're allowed to open it, if any file-download from that site is filtered as a data stream, if the downloaded file is then scanned as it is saved to disk, and then scanned yet again as it's launched, how does that achieve anything that scanning the file once doesn't?
The best protection is achieved by a combination of (some or all) of:
Using a more-secure browser
Removing unneeded plugins
Running the browser with limited priveleges
Using a virtual machine
Setting a software-restriction policy which prevents users from launching downloaded .exes
A simple AV product which scans all executable files as they arrive.
I sort of agree with what you are saying but:
"mainly because the dangerous malware is the new stuff which hasn't yet been examined and catalogued by the AV people."
Yes, this is the most dangerous sort of malware - but only for people who are running machines with up-to-date AV software on. If you dont have any antivirus then every virus (even ancient ones) is going to be a risk. The old malware is still out there - its not like Smallpox :-)
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
