Internet security suites fail to block exploits

Simple solution is ...

Run a UNIX based OS, like Linux or OS X and the need for an anti-virus is gone.

Cue clueless M$ fanboys and their "marketshare means viruses" myths :-D

Dunno

I can't tell if I'm in before or after a stupid post saying "DURHUR, THEY ARENT ENTIRELY EFFECTIVE, SO YOU SHOULDN'T USE THEM EVER".

Possibly both.

So Slow :(

Quite often the security software makes the computer slow down to the point that it becomes unusable. The user really shouldn't know its there unless there is a problem.

A thought...

I've had an idea.

You know all those sites which use user-agent strings to force you into using Internet Explorer, to avert the disaster that is Firefox rendering a title 3px left of where the designer wanted it?

Well, why not have a concerted action between Google, BBC online, Yahoo!, Hotmail, all the big sites... to use this kind of thing for good, evaluate user agent strings and flash up in front of appropriate users,

"Your browser is hideously insecure. Seriously, sort it out!

> Windows Update

> Firefox download page

> Opera download page

etc."

(And in tiny print down the bottom, a 'continue to site' option.)

Internet security suites = rubbish for the most part, a definite example of the, "It must work if it's so painful" placebo effect. Nowhere near as big a problem as the number of home/casual or even business users still running on versions of IE and so on that allow malicious pages to hook their tentacles into all aspects of the underlying system (including run-on-startup which still makes me wonder who the hell *ever* thought that was a sensible thing for a web browser to have access to) though.

@David Kelly:Simple solution is ...

I love Linux, hate windoze, use both. I am hardly an ms fanboy, I promote Linux and denigrate windoze where ever I can.

Linux/Unix/OSX are NOT virus free.The reason that there are so many windoze viruses and hardly any Linux/Unix/OSX viruses IS market share. If the dominance in the desktop OS space was led by Linux/Unix/OSX. Then ms users would be saying how wonderfully free of viruses windoze is.

Yes, Linux/Unix/OSX are safer even if there were as many viruses for these OS. Even in Linux I use Firefox, NoScript. Flashblock and Adblock. In Windows I use all the above p lus Zonealarm, Adware, Spybot S&D and Super Antispyware.

The best advice rather than advising a security suite would be advising users to take up a 'nix based OS. If a user insists on windoze, then they should remove Outlook, and windoze media player and opt for third party solutions. Also NEVER use IE and block at the firewall if possible.

@Inachu: Do not need any hardware protection

I keep my software on a partition mounted read only. I keep my data on a partition mounted noexec. I have tried installing root kits and so far they have failed to spot this simple layer of confusion.

@Brian Miller

>>>>>

Trying to attack a PC running AVG, Spybot S&D, and Outpost Firewall through a Firefox with no-script and adblock would make for a more realistic test platform to see if these all free defenses could successfully keep a computer secure.

<<<<<

What complete twaddle. A realistic test platform is what comes out of the box which usually means an MS OS with IE and some bundled AV / spyware stuff. You can all think yourselves cleverer than the average bear but what's on most peoples' desk is just that. All the bragging about what add-ons you have don't mean beans to the vast majority of users. I doubt if most of them schedule updates nor take up any susbcription service after a free trial has expired. If this report is a catalyst for improving the quality of the offerings of the big players then it should be welcomed.

@ adnim

If you really believe that the massive number of Windows viruses is a result of market share then I can only assume that you know very little about UNIX and security and are just a casual Linux user. If you know anything about Linux you must understand how foolish it would be to log in to your KDE desktop as root. And yet the vast majority of Windows users have been logging in to their machines with admin privileges, not out of stupidity on their part, but because that's how M$ designed it.

@admin

While market share is a big factor, vulnerabilities and demographic also play a big part.

Windows will always have more vulnerabilities as it caters to the average user who knows nothing about computers and needs every basic application installed out of the box. More programs and features = more vulnerabilities. More vulnerabilities = more exploitation attempts.

Also you have to consider the fact that Windows targets the average user who knows nothing about computers and makes uneducated decisions security wise (well, technically speaking, don't even consider the security aspect). On the other hand, anything UNIX based is almost garenteed to be run/administrated by an expert who will have more knowledge of security. Add to that the fact that alot of UNIX systems are servers, meaning that any malicous code will probably have to make its way onto the computer without the user visting any dodgy websites. Additionally servers will typically have much better security. Of course if you can manage to get into a server then it can be a goldmine, but there are a hell of a lot of windows servers out there.

If you wanted to get rich quick or cause as much destruction as possible, would you rob fort knox, or the man who keeps 10000x as much gold in a tent?

@David Kelly:Simple solution is ...

"Run a UNIX based OS, like Linux or OS X and the need for an anti-virus is gone."

Problem with that is there are many software packages that are used in the industrial and educational fields that are simply not available on Linux (or even Mac for that matter.) So it doesn't do you much good if the OS you use is less vulnerable to viruses/malware/adware if the software you need to run won't work with it. Some examples? AutoCAD, SolidWorks, Rhinoceros NURBS, MasterCAM, Chief Architect X1 (there is a Mac version for this) and just about every software package that now comes with school textbooks, to name a few (as well as drivers for laser engravers, CNC machines, dimensional printers, etc.) And again the reasons for this are market share and also the number of Linux/UNIX variants out there... so until the Linux/UNIX (or Mac) market matures enough to the point that developers are willing to port or write software for it, we are for the most part stuck with Windows and the problems associated with it.

P.S. Yes, I realize that you could probably use WINE to get some of the Windows software to work under Linux, but graphically intensive applications are tricky enough sometimes to troubleshoot under the native OS, not to mention possible performance and hardware issues and you would be SOL for support solutions...

unix etc...

is not the solution, you need to look at *why* windows suffers the most, and I don't mean cus its the only one people dumb enough to fall for the scams use either (joke).

unix is more secure (as is OS X etc) because _you don't need super user access for day to day tasks_ read that again. the day windows can be run by mr average as a limited user is the day half this crap stops.

specifically the ability to install programs (for a single user) but not to effect the core system. e.g. program 'x' _cannot_ alter network settings or other system wide settings.

personally I like a feature KDE has, where the root account looks horrible to use as a way of making the point don't use it.

the problem isn't so much windows as the way it gets used.

MS *need* to make it a requirement for the next version of windows, you want the logo or sticker you work in limited user mode. this applies to games as well.

there is no need for a user space program to require root access, unless the user wants to install it for everyone.

How to secure Windows

You *can* secure Windows without AV software...

1) Don't run as administrator.

2) Don't run stuff from untrusted sources, like email or random websites.

3) Do keep your system patched.

Funnily enough, if you stick to these three steps then AV products offer no further protection, so you might as well ditch them and enjoy a faster and more reliable machine. Also funnily enough, this is the same advice I'd give to a user of any other OS. Omit any of these three steps and not even Linux users are safe.

Windows has a peculiar problem in that MS *still* encourage you to run as an Administrator. (The only change in Fista is that you have to get used to entering your password every time the screen dims.) It has also inherited a complete lack of separation between readable, writeable and executable data, so an earlier poster's remarks about mounting his programs readonly and his data noexec just isn't possible. The closed source nature of the MS ecosystem leaves MS largely unable to rectify this fundamental design flaw, although their flailing about with UAC suggests they don't actually take it seriously anyway. Lastly, that fraction of the user population who can't resist clicking on the link to free porn that some kind stranger has just sent them will never be able to use a non-MS system, so the figures are a bit skewed.

Another kind of Windows?

Cars have windows. Windows are made of glass. Glass can be smashed. This is a HUGE SECURITY HOLE and anyone who drives a car is an idiot, and all the idiot car-drivers are responsible for the EPIDEMIC of car thievery. The only proper response is to plate over all your windows with sheet steel welded to the frame of the car, and install a suite of armored cameras to show what's happening outside.

Linux and viruses

It is due to market share and user base.

Virus writers are often unix users, so hey why piss in your own pond, that might have a bit of truth as well.

Ooh security via obscurity hmm, well that is the cherry, but unix does have a lot more and a lot better security tools than the windows platform, so I know which I want to be on. And even with 100% market share I don't think I would jump to windows just because there were no viruses.

See people extrapolate too far when they find out Linux has no silver bullet, it still is more secure in most instance.

@Keith T

@Keith T

"Linux (and I'd add, Max OS) depends on security by obscurity"

Excuse me? Linux is OPEN SOURCE, perhaps you might want to find out what that is before you make such a monumentally stupid statement. And BTW it's "MacOS" or "OS X".

In terms of OS X, obscurity plays a part in in its security, but a large part is down to its UNIX foundation.

"Security will begin to arrive when journalists realize respectable computer professionals disown those who and and abet breaking into and vandalizing other people's computers without permission."

ROFL! That was possibly the most absurd comment I've ever read on here. Crackers will stop writing malware when journos start to report about how IT pros don't like what they do? Really?

Now Now, play nice

I think Keith T meant obscurity as in lack of prevalence. Constructive criticism and the sharing of ideas/information will always play a valid role in advancing the knowledge and abilities of those involved in the administration and use of computer systems. Insults rarely help and usually just serve to alienate. Are we not professionals, or at least strive to be such?

There are many times I have responded to the views of others without first thinking through what I have read and in turn not thinking how others will perceive what I have written. There was also a time I didn't know how much data would fit onto a floppy.

But back to the topic... Chris W hit the nail on the head with respect to the validity of this research. Most users do employ out of the box security or insecurity if we think windoze, they don't add third party security tools and use all the default apps and settings of their new PC without a thought nor awareness of what nastiness lies in wait.

I got a credit card statement via email this morning. I was informed that suspicious transactions had been performed on my account. The zipped attachment "statement.doc.exe" ( I have windoze set to show file extentions of known file types) was reported clean by all my security tools. Now the chances are the average user would have windoze set to hide the .exe extension and would have perhaps run this exe expecting it to open in word. I would have infected a VM with this for fun had a Jotti scan not reveal it was a trojan downloader. There's not much fun in running known malware, at least from my point of view.

Prevx

I remember running a trial of this a while back, it seemed like a great AV/Protection system.

Now I use a Mac and whatever anyone says about Marketshare etc etc, for your average end user the extra buffer of having to enter your admin password to run anything and plenty of warnings usually sorts most things out... Vista is better than XP for your average user, but god the implementation is shite.

Dave you are deluded

Linux doesn't offer any silver bullet to stop malware.

I don't care if you want to weasel out by trying to make a distinction between a trojan and a virus, as most viruses use trojan mechanisms, they can be combined you moron.

It is like me wandering onto a car designer's news site and stating that brakes aren't need in a particular model of car.

Dave if you think that Linux systems require no security process, and are 100% bullet proof you are a complete imbecile, but hey it is your funeral.

@David Kelly

Why so acerbic and pedantic? Virus or Trojan is it not malware.

A computer virus is any program that can copy itself and infect a host without the permission or knowledge of the user. A computer trojan is malware that appears to be that what it is not. A computer worm or virus can in fact be a trojan.

"People have been able to do that for decades Hell, you could package that up yourself right now and email it to me. But what do you think your chances are of getting that to spread?"

Have you never sent an email with attachment from the command line in Linux, Like I have mentioned I am no expert as you appear to profess to be, but could this not be done without opening a terminal window? And if so is this not a spreading mechanism?

"If Apple has 5% of the desktop market, why aren't there at least 1000 OS X viruses in the wild?"

Precisely because it has a 5% market share and thus not worth the effort. It is also inherently more secure than windoze.

"Anyone who thinks that there would be the same number of viruses for Linux as there are for Windows, were the market share numbers reversed, needs to go on an "Basic IT Security" course."

I presume this sentence is aimed at me under the guise of being aimed at "anyone"? If so it would appear your are putting words into my mouth and not actually reading what I have written. Nowhere have I stated that there would be the same number of viruses for Linux as windoze, should Linux have the majority market share.

I originally said that Linux/Unix/OSX are not virus free in respose to your statement:

"Run a UNIX based OS, like Linux or OS X and the need for an anti-virus is gone.", a statement which is misleading and potentially dangerous. A statement that highlights your expertise and insight as a revelation, I can only guess you are a security professional of the highest regard.

Perhaps I should recommend an anger management course for those who feel the need to defend themselves with pedantry and vitriol when backed into a corner.

I don't wish to argue further, it seems pointless, for as an advocate of open source systems you seem remarkably close minded, not to mention a little arrogant. Are you American by any chance? Rhetorical question please don't respond. Apologies to open minded and humble Americans everywhere should they exist ;-)

virus vs trojan

Pendantic? There's a world of difference between someone breaking into your house without you knowing and a thief knocking on the door pretending to be the meter man and you letting him in.

LIkewise there's a huge difference between being sent a trojan in a mail, having to save it to disk, change the permissions to execute, clicking "yes" on a security prompt and then entering your password to give the program admin privileges and receiving a virus which your poorly programmed email client downloads and the virus replicates, changes your boot partition, registry etc. without you even having to open the email.

"Precisely because it has a 5% market share and thus not worth the effort. It is also inherently more secure than windoze."

You think the possibility of infecting tens of millions of machines is "not worth the effort"? With Linux and Mac boxes connected to the internet it is potentially far easier to spread viruses (if they were as insecure as 'doze) than it was in the days of viruses spreading over floppy disks. And yet there are still not even a fraction of the number of viruses on Macs as there were in the bad old days of DOS.

You call me closed minded but you must be pretty closed minded yourself to think that not ONE person has made the "effort" to make an OS X virus that spreads in the wild, especially with Apple's "Macs don't get viruses" adverts on TV.

@AC:

I have never called Linux "bullet proof", why do you jump to such a conclusion? I still maintain that you don't need an anti-virus on a Linux box or Mac. All you need is some common sense.

@David Kelly

Oh right I guess if Apple say macs don't get viruses it must be true.

http://www.theregister.co.uk/2003/10/06/linux_vs_windows_viruses/

That was from two years ago

Use scroogle, read what proper security professionals have to say about mac/nix and viruses, and what they attribute the prevalence of windows viruses to.

"You call me closed minded but you must be pretty closed minded yourself to think that not ONE person has made the "effort" to make an OS X virus that spreads in the wild" I know that people have written viruses for the mac and Linux. It was my whole reason for questioning your statement about not needing AV on these platforms. read my posts again, only this time don't let your anger/frustration/dumb loyalty to OSX/Linux or what ever it is that has blinded your logic hold sway.

I leave it to you to have the last word for this is my last on the matter.

@adnim

Ahem, I did say OS X viruses *in the wild*. If you can find proof of such a virus then please share it, it will be news to me.

Funny that you should post a Reg article which echos my sentiments on viruses and marketshare, and the divide between poor architecture and social engineering.

BTW the article is obviously from 2003, not two years ago, in which case it would have been written soon after the first release of OS X. The Mac viruses mentioned would most likely then be OS9 viruses. There have been a handful of trojans for OS X which AV companies trumpeted as viruses in the hopes that their FUD will sell more OS X anti-virus software.

And FYI I don't make these statements out of "dumb loyalty" to Apple / Linux but rather from 15 years of UNIX sysadmin experience in a range of environments from national ISPs to high street banks.

@David

The userbase has changed, and the market share is expanding, expect to see unix based viruses (actually expect to see more cross platform viruses).

The equation goes something like this:

( (N - 2P ) / C ) * M = T

Where T is Virus Threat Level.

N is number of numpties using the operating system.

P is number of IT professionals (those who can code assembly :) )

C is choice weighting ( what level of choice of software is there on the system and the actual variety used )

M is market share

I call this the Alpha Numpty Equation for Determining Virus Threat Level.

Now let's add some figures:

Assume a population of 100M.

Windows:

( ( 79M - 3 ) / 0.5 ) * 0.80 = 126,400,000

Linux

( ( 10M - 1M ) / 4 ) * 0.20 = 450, 000

So you can see it is not just not worthwhile at the moment to write viruses for the Linux platform. But the numpties are on the rise in Linux, and more pros are lost to Plan9 everyday now.

The point is Dave, Linux distros are vulnerable, proof of concept viruses are good enough to prove that, but the reason it doesn't get hit is mainly market share and user base.

If you happen to live in a nice neighbourhood, full of builders, architects, gardeners, internal designers, then your chance of being shot is quite low, but it doesn't mean bullets bounce of you. And if the neighbourhood changes; starts to host rock concerts, opens a lap dancing club or two, a few fast food joints turn up, then the chance of being shot increases. Thanks Ubuntu :)

@AC

I disagree with your equation and analogy. As I said before, you have more opportunity to make a Linux virus spread via the internet then there ever was when people were writing DOS viruses. And you must be very naive to think that tens of millions of potential infections is an unattractive target. If Linux really was not "worth" writing malware for then there would be no rootkits.

I think it's more accurate to equate malware to driving fatalities. There are more numpties than ever behind the wheel but fatalities have dropped significantly as cars become safer. Likewise as OSes improve their design they become safer.

@David

Going round in circles with you Dave.

But just so you don't think your points are valid:

Rootkits are often created for Linux, because those getting into Kernel development often cut their teeth on it. The rootkit checkers also build their own as well to test out their rootkit detection capability. If anything it points to what will happen when people do target Linux.

But rootkits are payloads after the intrusion, so they are benign. A virus is not benign, and you have to be quite careful to keep them in the LAN you control, and then you cannot be sure they would work until you release them, so most don't tinker as often there.

You might think tens of millions of potential infections is an attractive target, but it ain't when compared to the opportunity costs of 100s of millions, that is the whole point you seem to not be able to understand.

If you are going to write a virus you will target the large over the small, if you think about it you will target the weak over the strong as well, and whilst the system plays a part in the strong or weak, really the userbase plays a much larger part.

Your points are all over the place and filled with logical fallacy and weasley semantics; I notice you used the word fatality not accident, I am guessing accident figures rather disproved your point.

And even then, viruses are not accidents, they are deliberate attacks on systems, someone codes the virus they don't just happen. And don't think for one moment people wouldn't be able to write viruses for unix platforms, there are lots of ways in, and lots of ways to make code execute.

Think like a virus writer, they want to maximise the number of compromises and be in an environment where the user can do little about their existence, at the moment that is windows.

Why go after something with a smaller market share, when you can go after the big one, duh.

Screw you all

I said... "Face it. There is no way to keep a non-technical (read that idiot) person secure online. And those that have even a semblance of a clue about keeping their PC's secure wouldn't trust a single program or suite to keep them secure. The USER keeps themselves secure."

In my previous post. Now some people may think they have got magic beans that can stop an idiot user from stumbling into trouble. I bet most those who have poo-pooed my comment work in the "security" business.

Just to show how quickly they judge, AVG has scheduled updates and ALL of the software I mentioned has at least 1 COMPLETELY free version NOT TRIALS. I have been running my work PC for over 2 years and have not had any infections. Others in my work have, quite a few others actually. The browser you choose and the layers of defences you have DO matter.

Take my "twaddle and shove it up your arse" as a great man once said.

@AC

I think the prevalence of Windows viruses is more due to weakness than userbase so I guess we will just have to agree to disagree.

People have been predicting a rapid rise in Linux / OS X viruses as market share grows for at least 10 years. So far time has proven them wrong.