Can this be made into an imprison able offence?
One in six Windows PCs worldwide are hooked up to the internet with no basic security software, according to a study by McAfee. The computer security firm's study, conducted across 24 countries using data from an average of 27 to 28 million personal computers each month, found 17 per cent of machines were running with either …
In terms of firewall, I would agree with you. But to be honest, the amount of machines that expose port 139 or anything remotely dangerous to an external interface is probably quite minimal, whether by virtue of Windows Firewall, basic network settings, router NAT, or ISP controls (PlusNet used to monitor port 139 / 445 and block you if they saw traffic, when I was with them).
If you honestly think that antivirus works in any other capacity than a "miner's canary" (i.e. when that AV stops reporting back to the network, you go wipe that machine out), you're sadly mistaken. I've cleaned far too many machines that supposedly had full, paid-for, up-to-date antivirus on and the viruses just walked past it and then (ironically) shut it down in a way that the user wouldn't notice.
Basic security precautions vastly outweigh any bit of automated blacklisting and heuristics, I'm afraid. In over 15 years, I haven't had a virus and I don't run antivirus. Sure, I have it. And I submit things to TotalVirus all the time to check them for other people. And I clean machines (provably successfully) that are riddled with them at least two-three times a month (nothing from MY networks, but people's personal machines, etc). But on my personal machine antivirus doesn't scan my disks and doesn't run all the time just to save against me downloading and running executable files (which, 99.9% of the time, is how viruses get into home machines). On a properly managed machine / network, there is no NEED for antivirus, whereas a firewall is pretty invaluable. It's good to have around and a good "canary" on a network if you have a central console it talks back to, but that's about it. I've yet to see an antivirus package of ANY name manage to intercept, quarantine and totally clean a virus infection that wasn't written by a 5-year-old.
And the free ones are just as good as any other. Putting a user on a decent browser and breaking their hands if they run anything without checking will make infinitely more difference to their productivity and safety concerning viruses than any antivirus package you put on there.
"In over 15 years, I haven't had a virus and I don't run antivirus"
Me too, me neither, and it's now over 19 years, and for the same reasons.
You talk sense
But most computer users are just consumers with little to no sense when it comes to computer/Internet technology. The last virus to infect any of my systems was the Saddam virus on my Amiga. I do have AV installed but it sits idle most of the time. It is like most AV solutions, next to useless at discovering new viruses. Still, not all viruses are new and it has proved useful in some instances when scanning downloaded exe's. If I do not trust the source of an exe and my AV states that it is clean, I will run the exe in a VM first and monitor it's behaviour before using proper. For most computer users/consumers this kind of practice doesn't even cross their mind. They have a... Computer doesn't say no, it must be OK then kind of attitude.
Re: You talk sense
I always tell my customers getting a virus is like having a broken windscreen. You can go years without one and then have two in as many weeks.
If you are going to get hit you'll get hit. The only things I see from my customers are the daily written card detail seeking drive-bys. The old classic virus has long gone.
All of them have AV installed some paid some free but they all get by-passed (I would say McAfee more than most in my experience).
I agree that if you are a vaguely experienced user then running AV in order to prevent all types of infection is largely a waste of time. You may as well not bother as it's often quicker to format and rebuild your PC (or re-image it) than sit and scan the HDD in another PC and run it through three different scanners to clean up the worst of it.
I do however, rarely see a PC with no AV on it. I'd put it more at 1 in 20 say.
In my early naive days I had the mother of all infections, I trusted a disk from a colleague at work, it re-wrote my bios. locking me out of my OS. Fortunately I was diligent enough to find how to flash it back.
This taught me all I could ever need, I haven't been infected since.
I'm interested in your claim that downloading and running executable file is how viruses get into home machines 99.9% of the time. I can counter that with 99.9% of the time the machines I clean are infected by browse-by installs, on both home and business machines and even in the hands of more seasoned individuals.
I'm not talking about browsing those naughty websites, either -- those days are long past. I'm talking about simply going to a hobby website, pulling up an industry website, reading a recent report on some chemical topic, or even going to a news site. All of these scenarios have happened, and I have successfully cleaned all of them save one. Without having kept exact records of infections and vectors, I would say that of the viruses I have cleaned within the past twelve months not a single one was due to a customer-executed program but rather a Java, Flash, or Acrobat exploit executed in the context of the browser. Even, yes, within the confines of the almighty Chrome.
As for home users, in my own test bed I found that users eventually just disabled the blocking add-on, be it NoScript, Flashblock, or any of their brethren, because it made browsing annoying, difficult, or time consuming.
While it might be absolutely possible to live a virus-free life without anti-virus on a personal machine, your claim that a properly managed network has no need for antivirus has two faults: first it denigrates the hard work and efforts of skilled network admins who administer unreliable or less knowledgeable users, users who vary in browsing needs and requirements including those forced upon them who are otherwise reliable and knowledgeable, or in multiple varied environments with some combination thereof; secondly it provides a false level of security faith and encourages bad behavior in freshly-minted administrators who think they know everything already, thereby putting an entire organization at risk, home users who aren't willing to admit there's something he or she doesn't know, and PHBs and CFOs who already don't like spending money and prefer to put out fires rather than prevent them. Having the canary in the coal mine doesn't obviate the need for protection apparatus; once the canary has squawked its last with its dying breath it is possibly far too late to be reactive, and pro-activeness and readiness is the order of the day. In no way does any of this invalidate anti-virus software which can be taken out by advanced attacks against the underlying operating system
Free anti-virus products are indeed adequate for many users, but IMNSHO certainly not the majority. I have confidently put free anti-virus on some home customers (as most free products are not licensed for anything but non-commercial usage, save Security Essentials for up to 10 machines) computers with no bad results. Then there are others who absolutely need the paid versions for the extra protections and capabilities offered, either by way of their own habits or needs or those of the youngsters which have access. No, no one package is practically perfect in every way nor infallible, but then neither are condoms, "the pill," or the rhythm method as contraceptives. None the less, some protection is far better than no protection.
Common sense (or any sense at all) in users also goes a long way. Almost all of my customers ring me if something just doesn't seem right, and that alone has saved several butts in the course of the past decade. A strange email, website not functioning the way it normally does, or other odd computer behavior all make for good flags which my users detect themselves. But the combination of sense and anti-virus has saved more as the software component works to prevent what the wetware can't, and the two work in tandem
Now I have to call rubbish on this tidbit: "Web surfers who install Scan Plus are likely to have a problem with their computers that prompted them to use the technology in the first place - so they might be less well protected than the general population."
I have to remove this from customer machines with fair frequency as it gets installed as click-through crapware with various software updates (in particular I'm looking at you, Oracle, though there are others.) If McAfee wants to perform mass-target surveying it should do so without installing some kind of click-through crapware and encouraging vendors to include such. For this I would agree with Lee on the user-executed installation vector.
Paris, installation without protection may bring unwanted add-ons.
Takes me back...
I remember getting some Digital Corruption crap on my Amiga which stole my Miami* and several other purchased program keys. IIRC, it was a fake AmIRC update or something along that line. That was one of only two viruses I've ever had over the course of almost 30 years (dear God, has it been so long?) of computing. The second of which came along when I was a freshly-minted administrator and thought I knew everything already: I was requested to test out a program and the neither a trial nor free version were available... but a crack for the full version was. It happens, and the threat-scape has changed immensely since those days.
In deference to my earlier post, my active and running anti-virus software caught that crack nuisance, and has protected me from a little over a handful of web-borne threats. Including one almost 10 years ago in our very own El Reg!
Paris, there's a crack available...
* I contacted Holger Kruse of Miami fame about my situation at the time. He berated me for installing pirated software (of which I had none) and refused to assist in reissuing my Miami keys. Then a number of years later he fell off the face of the planet, going to Rebol I believe.
@adnim Re: You talk sense
Oh for god sake listen to yourself!
I run the exe in a VM first and then if it's ok, run it live.
For gods sake, get a grip on reality. Most and by most, I mean 99.99999999% of the world neither have the time, the skills nor the inclination to even do this, for them life kind of gets in the way of uber geekness
When you go to a resturaunt, do you order a tiny sample of the food. Wait a few hours to check it doesn't make you ill then buy the whole meal? When you put petrol in the car, do you add 1 litre, drive few miles then go back to carry on filling up?
No? Why? Surely that's the most sensible thing to do.
It's a simply case of risk vs achievement. We do it hundreds of time without knowing, it's what makes us human and have the ability to develop.
And we wonder why IT has such a f'ing bad rep of being full of nerds.
Re: @adnim You talk sense
"Most and by most, I mean 99.99999999% of the world neither have the time, the skills nor the inclination to even do this, for them life kind of gets in the way of uber geekness"
Read my post again. I think you will find this is paraphrasing what I actually said.... Most users are consumers and unless something on their system tells them they are about to install malware they will blindly trust whatever they download.
For god sake please read and understand what people actually write before jumping in feet first.
I've had one, in about 25 years. My ISDN was down, and I had to get some email from the ISP. I got out my laptop (Win2K, possibly), and connected it directly to a phone socket. Within literally 2 or 3 minutes I got an IM popup and the laptop was trashed.
Re: NoScript in corporate environments
Once you set up the exceptions on your test machine, there are a number of options to easily roll this out to your estate as the settings are simply stored in a bookmark. No need to worry about users getting confused.
Re: "When you go to a resturaunt"
No I don't because if I eat the food and get sick from it, then there will be a tidal wave of sanitary officials picking the place apart and maybe even shutting it down.
Same for gas - I don't need to worry about the quality of the gas because if my engine dies within a mile from a station, there will be inspections and reports (after I file a complaint, of course) and the place will probably be shut down for the time it takes federal officials to discover what went wrong, how it happened and how to prevent it from happening again.
You see, the very basic mistake you made in your comparisons is that you forget that the things you compare with getting a virus are things that have already been extensively examined and legislated, and the long arm of the law is on your side, with the means to back it up. It has nothing to do with "risk vs achievement" because other people have risked it before you came into this world and the society you live in has decided that such risks were not tolerable, period. Yes, I know that that means you have to realize that the world has had an existence before yours. Check out the History aisle, you'll find that it's not just cardboard boxes with words on it.
Getting a virus, on the other hand, has no legal repercussions and there is absolutely no Bureau of Illegal Penetrations Office to file a complaint with - not that they'd have the police power to do anything about it either.
So please, the next time you decide to go all high and mighty spluttering out scathing comparisons, please take a moment to examine whether or not they are applicable to the subject matter and not just something tailor-made for you to feel smug about.
Re: @adnim You talk sense
no adnim, I think "lost all faith" was pretty spot on.
you made sense until when you mentioned the VM you see.
I quote: "......and my AV states that it is clean, I will run the exe in a VM first ......"
You run it in a VM even if its reported CLEAN???
How many people even knmopw what a VM is for christs sake?
never mind where to get one , how to set it up , how to set up the actual virtual machine ....
AND THEN to tell if said exe has done any damage on the virtual machine???
The example with the petrol station - I wouldnt have said "do you drive a few miles to make sure its ok?" a better analogy for nerdyness on that scale would be "Do you take a gallon home, and subject it to a range of experiments in you purpose build laboratory?"
>>getting a virus is like having a broken windscreen.
It is good that you don't use the "getting killed by the lightning" analogy. This would be equally inadequate though. The probabilities might be several magnitudes apart.
Pretty much every Windows user I personally know had a virus, while very few of those that drive have cracked windshields.
If it weren't for your (IMO lousy) pre-installed "Virus protection" which of course will only run for 3 months then many computer illiterates wouldn't start off with a feeling of security and then ignoring the possible warnings because: "Nah, my friend told me virus protection is free. I don't have to worry.".
Because THAT is what happens in many of occasions. If virus companies /really/ - cared - for security they wouldn't be pushing free trial-licensed products which expire in a few months but they'd put free versions onto those new PC's and try to convince the new buyer why it would be a better idea to upgrade to a paid version (which, in all honesty, can sometimes provided advantages for the specific user IMO).
Quite frankly; studies like these annoy me. Because the company which performed the study is IMO also largely responsible for the end result.
Re: Dear McAffee
Isn't that what Avira do, provide free anitvirus protection but with occasional nags.
Re: Dear McAffee
Daily nags, but yes.
Re: Dear McAffee
Just as good to use a continuously free AV with zero nags, such as MSE. Avira's nags are really tiresome. Avast gets the right balance, and superb all round protection for freee.
One in six Windows PCs worldwide are hooked up to the internet with no basic security software, according to a study by McAfee.
An additional 1 in 6 is even worse off, relying on a McAfee product for protection.
beat me to it ;-)
True words in jest...
In a lot of cases you have a choice between a well-sucky machine running AV all of the time that gets hosed occasionally, or a responsive one without McAfee/Norton (or other better AV) that gets hosed a little more often but is cheaper.
Which is better?
Personally the bigger worry for me is the lack of back-ups, as its not just viruses (mostly for Windows) to corrupt things, but hardware failures and "user's gross administrative error" to be recovered from.
Why does security software get turned off?
Because it gets in the way!
Firewalls block programs that people want to let through - and it's much easier to turn it off entirely than figure out how to selectively let things through.
Antivirus programs occasionally periodically send out bogus updates that flag legit programs as viruses. When the bad definition is fixed, the anti-virus program does not undo the damage it did wrongfully quarantining a file, leaving the user to reinstall their software.
The "background" system scans bog down the system such that the user can't get anything done while it's running.
The free versions of commercial anti-malware software bug the user to upgrade (or stop working, demanding the user upgrade - what do you think the user is going to do? buy the paid version, or uninstall the annoying piece of software that keeps asking them to buy something?)
When firewall and antivirus software get in the way of the use of the computer, people will disable them. It's not really reasonable to place all the blame with the user, when they have a task to accomplish using the computer, and security software interferes with it...
On a somewhat different topic, it's also worth noting that not running a firewall on most home machines isn't as terrible a sin as one might think - because almost everyone nowadays has a router between their computer and the rest of the internet that refuses all incoming connections unless told otherwise....
The ones to avoid are the full 'Security Suites'
I've seen Norton totally lock down a whole network after it had a brain fart and 'untrusted' all the PCs with it installed on the network.
A couple of other such Network apps have done that.
Kaspersky just shouts at you all the time. "Explorer.exe. wants to run! Which arbitrary and totally made up security group do you want to run this in, you mere mortal untechnical user!"
McAfee just bends over and pulls its cheeks apart at the slightest hint.
I remember getting sales calls from a Bulldog rep. He kept sending me free versions of the suites to try on customers PCs and I'd get a cut of the renewal each year.
I didn't use them. In the end I told him in all honesty that I actually made a living uninstalling AV/Security suites like his and installing the simpler free versions such as MSE. I must point out I don't charge for MSE just the cleaning off of the virus/trojans and failed paid for AV.
Re: The ones to avoid are the full 'Security Suites'
Good point jason 7 there, if you have to ask the user you have failed already, as most users know nothing, after all, they are not pro system administrators.
As for firewalls, in the modern "IPv4 + NAT router in the home" world they count for little (but it is nice to know when something is calling home if you tend to tin-foil headgear as I do), and MS has been good at turning off some infrequently needed stuff in recent years.
In the NAT-free would of IPv6 that may change...
Given they are running WIndows, why
would anyone be surprised by their next mistake?
Re: Given they are running WIndows, why
Because people make mistakes, like me having to work on MACOS9 machine at work and buying a PC with Windows ME (Yuk I need a shower).
Re: Given they are running WIndows, why
"why would anyone be surprised by their next mistake?"
"Because people make mistakes"
That's a reason why anyone would not be surprised.
From another (non-computer but technical) forum
"I received my Pi last week (on my 60th birthday as it happens) but so far I am
more than a little unimpressed considering the " it will make all Britain's kids whirlwind programmers" hype.
There is no supplied documentation and the on-line stuff is very minimal for people like myself who are beginning to use Linux.
Getting any of the Linux OS onto the thing is a convoluted process (I've opted for the Debian SQUEEZE OS) and it took me a couple of days before I found, after much online browsing that by typing "startx" after boot and two different lots of logins (why do that?) the Pi sprang into something like a normal desktop environment."
So why aren't i surprised about the Windows survey?
You get an upvote from me
It's an uncased development board! Issues are being discovered even at this stage! It's meant to be hacked!
I'm not a builder, but instead of waiting for "House Kit 1.0" to be released, I just went and got some bricks and some wood. How do I put them together?
(For the record, my Pi arrived on Friday and it is tasty.)
In part I blame the AV companies
Microsoft have a reasonable free security package. It really should be installed as a default, then every system would have some protection unless it was explicitly uninstalled. Except then McAfeee and the rest would cry foul and complain about anticompetitive practices like the browser makers did.
Re: In part I blame the AV companies
Agreed, ironic that while it would be in the best interests of users, and by extension the internet at large to do it, corporations' interests would take priority. Most of the domestic machines I look at are full of the bad stuff because the user's 30 day McAfee trial has expired and they didn't want to pay, and didn't know they could get free tools.
Re: In part I blame the AV companies
They are just exploiting the situation to earn themselves some cash
(in a paranoid tinfoil hat mode, I'd quite easily believe most viruses come from the AV labs...)
I blame microsoft and their 'lets tie the browser so deeply into the OS that any flaw in the browser f**ks your system over" idea, coupled with the lack of root and user permissions in files "Hey luser... no writing to /Sys " for example.
And then dragging out and shooting any programmer who sticks 'must run as root' on their software installers so much so that regular users go "f**k it" I'll log in as root and leave it there.
Perhaps a letter like this would work
Dear m$, if your browser lets a rogue script link to a key system file then run an attatched data file, it means your software is shit and we dont want to use it.
Yours typing Format C: -y AGAIN!
RE "Microsoft have a reasonable free security package."
I agree, Defender/Essentials has a very low resource footprint in comparison to the shite that McAfee and the rest of the AV scareware industry punt out and it appears to be at least as effective as most of the paid for packages. I have to admit though that if it really is the case that one in six effectively take no interest in the security of their pc (how that security should be organised and whether an AV package contributes much is of course the subject of some debate) I am almost inclined to feel some sympathy for Microsoft on the issue. They at least appear to have learnt something since Gate's memo on the subject of computer security whereas something like 17% of customers (apparently) continue to rejoice in their own ignorance.
Re: In part I blame the AV companies
The truth in this is shitty software vendors. Around 10 years ago Microsoft pushed out the requirements that software packages not be written in a way which require elevated privileges, then broke its own missive with Office 2003. Ever try to run Outlook 2003 for the first time as a non-admin user? But products like QuickBooks are just as bad, amongst others with which I've had to tangle over the years. It's virtually impossible to enforce a least-privileged-user scenario when the software requires local administrator access. FFS, I support a vet practice management software which does this, so users have to be local administrators on a terminal server just to run the program. Truly, truly aggravating.
Paris, least privileged user.
McAfee Security Scan Plus
Is that the 'free McAfee security scan' that is the latest crapware to get bundled with everything that you download and install?
Re: McAfee Security Scan Plus
Most machines I get in for cleaning have this 'useful' app installed.
Probably just phones home user data all day.
Re: McAfee Security Scan Plus
McAfeee Security Scam Plus as installed by Adobe products
Yes the same one
The same one that Spots AVG/Avast/Bullguard/Esset and goes int o meltdown telling you the world is about to end and you MUST install a McAffee product to prevent global let down.
The same one that acasionally installs their bastard toolbar/scanner app
So what we have here is in fact....
We think one in 6 PCs isnt running our software so you should install it (so we can then delete system files whenever we feel like it and brick your PC/ Disable GINA)
No News here:
A) This info was gathered by nefarious means without most users permission
B) The software in question picks and chooses what it accepts as valid AV eg <>McAfee means no AV
C) In the real world out of just under 1000 machines through our door I've seen maybe ten with no AV
Quote: "The Windows-only software checks the user's computer for threats, antivirus software and firewall protection"
Should the continuation of the sentence be "and then offers to install antivirus software which you will then end up having to pay for"?
The perfect definition of scareware if ever I've seen one :)
study by McAfee
Finds more people should buy their stuff.
Re: study by McAfee
And everyone points that out. Again. And again. And every time it happens. Bit sad watching a bunch of standups parroting the warmup ...
2 be fair
Not run antivirus properley over 20 years of computing,
Most of it is common sense to be fair when it comes to dodgy excutables etc.
Buy all too many times i clean a machine that had has the annoying bug ridden norton or Mcaffe on there
Re: 2 be fair
Spelling not important for you is it?
or punctuation marks
* Why isn't every network modem (cable, DSL or whatever) equipped with a built-in firewall with reasonable defaults for the technically clueless (might be a genius in some other area) but changeable for the techie expert?
* Why doesn't every PC come with an SoC firewall/filter between the network connector and the main system?
* Why don't ISPs include filtering in their own routers between "the internet" and the local addresses?
* Why isn't the OS on the PC more immune against malware?
Oh, wait. We're talking about steps that might add a few dollars to the price of a PC or network service, prevent the "sponsor's" spyware from feeding back behavioral-tracking information and might require the dominant software supplier to put security high in the requirements list as they develop the "next" OS version.
What a Crappy Article
Typical NOISE from MCAFEE IDIOTS. So let me get this straight, your product prevented the spread of malware like FLAME?! I dont think so!! But yet you say every Windows user needs AV? Your crappy spying Antivirus software using 120MB (! or more!) of ram just to actively scan every single file I open and report back on a daily basis new type of heuristics that are supposed to be ANONYMOUS!? Get the F$%$ out of here. Stupid AV companies.....CONTINUING to due what they do BEST. Make money off media attention (i hope you hear me Symantec! You rich dirtbags!!)
Rant over. I never had AV installed, only way I got infected is my own fault.
Re: What a Crappy Article
Yeah, YOU fools. Your PRODUCT didn't prevent one particular AND highly sophisticated example OF malware, therefore AV IS (! clearly!) useless IN all cases?!!
Just like crash helmets are pointless for motorcyclists because some motorcyclists wearing helmets are still injured or killed in horrific crashes, and locks are pointless for doors because... blah... etc... etc...
PS Just because The Register has decided to capitalise some words at random doesn't mean you need to follow suit.
Re: What a Crappy Article
Actually, whenever I do come across a virus infection on someone else's PC, the first thing I do is upload it to VirusTotal. It's quite hilarious how many big-name AV scanners totally fail to detect things you can upload from your granny's PC, and even fewer can actually do anything to FIX them without the user having to do it themselves.
AV is, basically, a waste of time when it comes to preventing or cleaning viral infections. Simple as that. Your one might work against the thing you caught this time but I guarantee you that it missed other things just as prevalent and well-known. Do it as an experiment next time you get something in your email that wants you to open it or whatever. Download the file (in a fecking mail client that doesn't execute by default!), upload it to VirusTotal, see what sees it and what doesn't. Be amazed that almost anything (even if it's from your mail archives from years ago) will be missed by at least one and probably several scanners even today, and that "new" things may not flag on ANY scanner whatsoever.
A random one I just tried that arrived in my email claiming to be from DHL with a zip attachment that contained a single exe file was only spotted by 75% of scanners they run. Strangely, an identical email with a slightly different attachment (but even the same zip and executable name) that arrived seconds after scored differently!
Anti-Virus/Malware, there's a difference?
If the actions of the Security software, adware and malware are virtually indistinguishable to the point of view of the casual user i.e; pop-ups nag screens, system hangs and unresponsive programs. What precisely is the point?
Slow news day?
Once more El Reg presents a press release as news. Yes, I know this is SOP for journalists these days, but if El Reg report it., I expect them to ridicule it for what it is.