back to article McAfee dumps signatures and proclaims an (almost) end to botnets

Signature-based malware identification has been around since the dawn of the computer security industry, but McAfee has said it's dumping the system – or rather, adapting it – in an upgraded security suite which will (it claims) virtually eliminate susceptibility to botnets. McAfee's malware signature database has grown to …

COMMENTS

This topic is closed for new posts.
  1. Don Jefe

    Effective

    Telecoms people have been using a very similar thing for years to control revenue leakage. It works very well. I hope it works as well for this.

  2. Snake
    Facepalm

    Huh?

    But in the last review of anti-virus products by a web magazine, McAfee rated DEAD LAST with largest number of allowed intrusions. Which is disconcerting as a friend I know uses McAfee, and I must therefore get him to switch away from it. More likely, do the switch for him.

    Kaspersky got the top rating in the test results.

    1. Anonymous Custard Silver badge

      Re: Huh?

      Ah yes, but I bet McAfee didn't sponsor that review...

    2. Annihilator
      Coat

      Re: Huh?

      "But in the last review of anti-virus products by a web magazine, McAfee rated DEAD LAST with largest number of allowed intrusions"

      "Ah, but that was the last version", said the sales rep looking nervous and sweaty, "the next version will be the best ever and will stop all botnets!"

      Note though, that they're only claiming success for botnets, not every other type of virus out there.

    3. Anonymous Coward
      Anonymous Coward

      Re: Huh?

      Kaspersky is a solid consumer product and should always test well for botnets....as consumers are the intended targets.

    4. Rambler88
      Trollface

      Re: Huh?

      Let's not be judgmental, now. McAfee's doing pretty well for a bunch of junior guys in a converted warehouse in Bangalore.

      Oh. You mean that's not what they are? You say INTEL owns them??!! Odd, that. To their customers, they certainly seem like a bunch of junior guys in a converted warehouse in Bangalore.

  3. Anonymous Coward
    Anonymous Coward

    Wow

    So McAfee is trying to copy Webroot. Who'd have thought?

    1. Anonymous Coward
      Anonymous Coward

      Re: Wow

      I thought they were copying Trend Micros DEEP Security with their DEEP Defender and Trend Micros DEEP Discovery with whatever the McAfee (DEEP) sandboxing technology happens to be called...

  4. Robert Helpmann?? Silver badge
    Childcatcher

    Tight as a ... goose?

    McAfee says it has ... integrated its various modules much more tightly with each other.

    McAfee, like so many other tech companies, has made a business out of targeted acquisitions. They have a number of products that do a number of things, most of which are complementary to each other. What they do not have is good integration. See how well multiple admins can set up rules in the DCM/DLP module at one time within ePO for an example of this (hint: only one at a time, per ePO server). Heck, they don't even have internal consistency for some products. Menus and permission sets are pretty much in the same condition they were found in when when the various products were acquired. Data is sent to databases but cannot be accessed from within the application's reporting system. Not what I would call good integration.

    I look forward to seeing this promised improvement, at which point I will believe it.

  5. Hungry Sean
    Trollface

    cure still worse than the disease?

    Why should I care about "improvements" if putting mcaffee on a system still borks it harder than any virus? Whenever I see a relative's computer running butt slow, either it or Symantec are almost always to blame.

    1. BongoJoe

      Re: cure still worse than the disease?

      Or the recent release of Kaspersky...

    2. Fatman Silver badge
      Linux

      Re: cure still worse than the disease?

      OK, I'll bite.

      If, by disease, do you mean the entire malware laden WindblowZE ecosystem, then the only cure is Linux.

      1. Anonymous Coward
        Anonymous Coward

        Re: cure still worse than the disease?

        "If, by disease, do you mean the entire malware laden WindblowZE ecosystem, then the only cure is Linux."

        "WindblowZE"? Really? Are you twelve, or just another Eadon sockpuppet?

        1. Fatman Silver badge
          Linux

          Re: just another Eadon sockpuppet?

          NOPE!!!

          I just DO NOT like Windows!!!

          I consider it the scourge of the internet.

          Tux - for a reason!!!!

          1. Anonymous Coward
            Thumb Down

            Re: just another Eadon sockpuppet?

            So... Eadon sockpuppet = yes.

  6. Anonymous Coward
    Anonymous Coward

    Malwarebytes?

    Isn't this what Malwarebytes already does? And better than any other tool, including McAfee?

  7. This post has been deleted by a moderator

    1. Aitor 1 Silver badge

      Re: AV is a malicious Peril

      Not true.

      If you have important data, you need AV in MacOS, Linux, Android, Ios...

      The problem with windows is that it is the most used, easy and OPEN (for the user and simple programs), and it used to be very vulnerable. Therefore, it is the most attacked.

      As much as I despise M$, now it is as secure as others (i.e: full of not so easy to find holes).

    2. Silverburn

      Re: AV is a malicious Peril

      There's only ONE operating system that needs AV. Windows.

      If you can stick in USB media, are plugged into a network (inc the internet), then you need a layered security approach, which includes AV. The OS being used is merely a technicality.

    3. Anonymous Coward
      Windows

      Re: AV is a malicious Peril

      Oh, i cant not respond to this hogwash.

      Eadon, i see the repeat machine is firing on all 3 cyclinders.

      Give it a rest mate...

      Your tiresome rheotoric, coupled with your propensity to post and give a rallying war shout to all the linux-tards on anti MS sites to up your post/comments ratio is really past its use by date....

      Besides, as i and countless others have said, you're talking tripe if you believe your own dribble about viruses not being an issue on unix, linux, iOS etc etc. Have OS, will infect.

      1. boltar Silver badge
        Holmes

        Re: AV is a malicious Peril

        "Besides, as i and countless others have said, you're talking tripe if you believe your own dribble about viruses not being an issue on unix, linux, iOS etc etc. Have OS, will infect."

        While he may be overstating his case, I'd be interested in seeing a comparison of the number of linux/unix web servers running Apache with anti virus compared with the number of windows servers running IIS with it. Given , you know, that Apache on linux is the most popular web server combination and the so old no-one-runs-linux-so-virus-writers-wont-bother argument that MS apologists always come up with doesn't hold water.

    4. Khaptain Silver badge

      Re: AV is a malicious Peril

      If you have an FTP Server, shared network resources etc then you can potentially "surrogate" the virus within the files that you host.

      Virus are generally OS specific and even though your system might not be targeted you would be helping everyone by not "sharing" the virus any further. In such a case the AV is not protecting your system but it is helping protect others, which in turn is good for you also.

      1. This post has been deleted by a moderator

        1. NumptyScrub

          Re: AV is a malicious Peril

          quote: "Windows has 85% of the desktop market (and still falling). Yet, it has 100% of the viruses out there. *think about it*."

          Absolutely. I'd even go so far as to say that of the last 100 infections on Windows I have had to deal with, none were viruses. It's very rare to see a virus these days, what with the completely staggering number of trojans and ransomware built from kits out there.

          Do you know if anyone has built a crimeware kit for OSX yet?

        2. Anonymous Coward
          Anonymous Coward

          Re: Eadon

          Eadon,

          I once was working at for a government IT department called the NHS where there was an opportunity to save a small amount of money and get *nix a foot in the door by putting in a linux server for a particular service, which it would have been uniquely well placed to deliver (better than a windows server would have been)

          It was a sensible, well through out idea that would have worked, and allowed the staff there to gain some familarity with *nix servers which one day could have resulted in there being a lot more of them on the network, further saving a lot of money.

          However, the look on the chaps face who had to sign off on it when I mentioned *nix immediately told me that there had been zealots in before who had preached the point without understanding basic professionalism. In my view those people have forever blown away any possibility of having *nix servers installed at that location through their zealotry, and worse they resulted in me being tarred with the same brush for actually mentioning it.

          Your zealotry does not help the situation. Far from the point, it's actively harmful to getting any form of *nix installed anywhere and you would really help the cause by shutting up. You make anybody using or proposing the use of any form of *nix look alike a unprofessional teenaged twit and surely you must realise that your misinformed rantings are the best dream because of the negative advertising of *nix that Microsoft could ever possibly wish for.

          1. This post has been deleted by a moderator

            1. Annihilator
              Facepalm

              Re: Eadon

              "- I didn't know the NHS was a govt dept, AC, thanks for this enlightening post. >HEADDESK<"

              NHS falls under the Department for Health, glad you're enlightened.

              You can rant on about the difference between viruses vs trojans all you like, but I challenge you to find a reference in the article to "AV", "antivirus" or even "virus". McAfee and the likes refer to themselves as Security products, which every OS needs to some extent or another.

              But don't let that stop you turning this into an opportunity for you to vent against a different company/arena that you don't like.

              1. This post has been deleted by a moderator

                1. Annihilator
                  Facepalm

                  Re: Eadon

                  "It's like trying to explain evolution to a creationist."

                  Yup, somewhat ironically you've nailed it the analogy, just not the way you intended...

                2. sisk Silver badge

                  Re: Eadon

                  @Eadon: Please, please, please for the love of Tux stop making all of us Linux geeks look bad with your ignorant prattle.

                  There are many viruses in the wild for OSX (unless you're stupid enough to believe Apple over every credible security firm in the world) and even a few in the wild for Linux (which, incidentally, can also infect BSD systems in theory). You need virus scanners on all three, and not just to protect any Windows systems that connect to them.

                  1. This post has been deleted by a moderator

                    1. Anonymous Coward
                      Anonymous Coward

                      Re: Eadon

                      A *lot* of IT professionals visit el reg because of the fact that you can often get more information about what really causes national problems with infrastructure (and the resolution times expected) from el reg than you can do from the companies involved.

                      So yes, your constant inane, unprofessional and stupid comments which are being read by those IT professionals elicit a instinctive reaction of "FFS, another moron" when FOSS is mentioned and sadly this impression is constantly reinforced.

                      This causes obvious barriers to introducing FOSS as the more moderate and knowledgable people instantly and immediately get stereotyped as moronic idiots for suggesting that FOSS can be a solution to any problem on a previously windows only network.

                      If the stereotype of FOSS advocates was professional and knowledgable instead of ignorant and stupid, this would help adoption as there would be some risk of the people being taken seriously. So if you want to help the cause please stop making us all look like idiots and prevail upon your friends to do the same.

                    2. sisk Silver badge

                      Re: Eadon

                      @Eadon: I would refute your claim of not having any influence, but I would simply be repeating what the AC has already said.

                      As for Linux viruses, I personally saw a Badbunny infection on a friend's Mint machine just a couple weeks ago. I have no idea how he got it, but the system itself isn't that old. Certainly not old enough for it to have come in through a 'long patched remote vuln'.

                      As for OSX, not even Apple makes the claim that it's immune anymore (which I didn't realize until last night - early this morning in Britain - when I stumbled across an article about it). I could name some examples, but why don't you just go look at F-Secure's or Sophos' list?

                      You're splitting hairs on the difference between Trojans and viruses. They are equally dangerous and you need some sort of anti-malware, which most people still call antivirus, for either. If you're too dense to realize that then you truly should not be talking about security on any platform. If you do realize it and are just trying to make your systems of choice look better, then you should realize it's not going to work. No real IT professional is going to fall for that idiocy.

            2. Fatman Silver badge

              Re: "moving forward to leverage our core competencies"

              The best "leverage" is that used to keep damagement in line ("no internet for you").

          2. Arctic fox

            Re: "negative advertising of *nix that Microsoft could ever possibly wish for."

            We all been there, tried to tell him, he won't listen - large mouth very small etc. ect. It is a waste of time trying to persuade him to think for one moment.

            1. Anonymous Coward
              Anonymous Coward

              Re: large mouth very small etc. ect.

              Sort of makes you wonder if he isn't on Balmer's payroll, doesn't it?

              1. Anonymous Coward
                Anonymous Coward

                Re: large mouth very small etc. ect.

                If he is then it's certainly a cheaper (and more effective!) strategy than legal threats.

          3. Anonymous Coward
            Windows

            Re: Eadon

            Yep, if switching to Linux (whatever flavour) means i end up talking and thinking like Eadon then i'll make damn sure that it never makes it past my cd tray/usb port.

        3. richard 7
          Trollface

          Re: AV is a malicious Peril

          Can we have an Icon for Eadon posts?

        4. Anonymous Coward
          Anonymous Coward

          Re: AV is a malicious Peril

          "COMMENTARDS FAIL"

          Choking on your own vomit fail, too, Eadon, Please try harder, for all our sakes :)

        5. Tom 13

          Re: Lean some basic security concepts,

          Learn some basic security chowder brains!

          I know the difference between a virus, a worm, and a trojan. When it comes to protecting the network if you're only protecting against viruses and everybody in the org gets an email with a trojan, it doesn't make a rat's ass worth of difference, the network is still down. That's why somewhere back in the early 1990s we stopped worrying about what minutely specific type of compromise was occurring and just wrapped it all up in a nice bow and called it 'malware'.

    5. Xamol
      Devil

      Re: AV is a malicious Peril

      When will I be able to block posters on The Reg?

      1. Anonymous Coward
        Anonymous Coward

        Re: AV is a malicious Peril

        I would be jolly nice if people with, say, more than twice as many downvotes as upvotes were greyed out or hidden by default.

        1. Anonymous Coward
          Anonymous Coward

          Re: AV is a malicious Peril

          I disagree, because some of the massively downvoted posts are quite funny.

        2. Anonymous Coward
          Anonymous Coward

          Re: AV is a malicious Peril

          "I would be jolly nice if people with, say, more than twice as many downvotes as upvotes were greyed out or hidden by default."

          You mean instead of bizarrely awarding them, say, a silver badge?

          Eadon - trolling the el Reg comments since 2009.

          1. Anonymous Coward
            Anonymous Coward

            Re: AV is a malicious Peril

            "I would be jolly nice if people with, say, more than twice as many downvotes as upvotes were greyed out or hidden by default."

            Well, that would certainly take care of Eadon and Obviously! at a stroke (and be less tiring than individually moderating the latter's posts for all the homophobia and generally abusive ranting that they contain).

            The idea isn't terrible, actually.. hmm.

      2. Anonymous Coward
        Anonymous Coward

        Re: AV is a malicious Peril

        > When will I be able to block posters on The Reg?

        El Reg needs a "sin bin" forum into which the floating truds can be banished. That'd be basically Eadon and RICHTO... they can have it all to themselves.

    6. TeeCee Gold badge
      Facepalm

      Re: AV is a malicious Peril

      That blue icon is supposed to mean "boffin", not "twat".

      1. Anonymous Coward
        Anonymous Coward

        Re: AV is a malicious Peril

        Careful TeeCee, when he's not got anything else to go with he starts making up abusive shite, such as claiming to have shagged my mum and her asking for more.

        I don't think Eadon knows the rules of how to behave in a polite society.

        1. Arctic fox
          Childcatcher

          @ AC Tues 26th Feb 13.34 GMT "such as claiming to have shagged my mum............

          ..............and her asking for more."

          I say old chap, steady on. I am sure that your good lady mother would not have touched him with the thin end of very long bargepole. I mean, who would? It is bad enough have to debate with him never mind - oh god no, the image in my mind it too horrible. I can't go there, not even in the most theoretical sense.

    7. Anonymous Coward
      Anonymous Coward

      Re: AV is a malicious Peril

      I thought those little silver icons were because these people were special in some way and knew what there were talking about. Now I realise they are just post count awards handed out to trolls.

      I do hope you don't have any customer computers to look after with that blinkered attitude.

      1. Arctic fox
        Trollface

        Re: "I thought those little silver icons were because........."

        Had the award been based on the net number of upvotes after downvotes were taken into account he would have to pay El Reg in order to be able to post here let alone get any icons.

    8. Arctic fox
      Thumb Down

      Re: "SECURITY MS FAIL" If I ever need to employ a sysadmin who understands.......

      ...............how to protect Linux based systems do remind me not to call you.

    9. RyokuMas Silver badge
      Childcatcher

      Re: AV is a malicious Peril

      Read the article, idiot. It's about malware of all kinds, not just viruses. In fact, the word "virus" is not even mentioned in the text.

      El Reg, please can we have a "report irrelevance" (or better yet "report idiocy" or "report biggotry") link next to the "report abuse" one please for these sort of rantings?

      1. Flatpackhamster

        Re: AV is a malicious Peril

        It'd be more efficient to just have a 'Report Eadon's Latest Ill-informed bigotry' button.

    10. Scott Pedigo
      Facepalm

      Re: AV is a malicious Peril

      So what is your point, even if your assertion were correct, which I'm pretty sure it isn't. That a Linux box is simply "safe"? Yeah right. I run an Ubuntu Linux server and it is being hit by port scans and attempted logins by script kiddies 24x7. It was fairly secure "out of the box", but it wasn't locked down as tight as I wanted it. I had to go to some extra trouble to research and install some monitoring software to detect intrusion attempts and block the offending IP addresses. I replaced the mail server with a professional product, and I still had to give up on using my original e-mail address @ my domain name because it was just too much work to deal with the spam (and why bother when you get free e-mail from Google, Hotmail, Yahoo, etc.). I had to just take down my forums, and remove the registration module from my Wiki completely, in order to stop spammers from registering fake accounts in order to post ads (or worse, links to websites with exploits), wasting my time removing said accounts. If Linux were so safe, then I wouldn't be suffering incessant attempts by hackers to get any foothold on the system in the hope of escalating that to root privilege and adding my box to a bot army. As things stand, in spite of my attempts, I wouldn't bet a nickel that a real hacker couldn't find a hole and hi-jack the server.

      Since I use the server as a server and not as a desktop machine, it might not need a typical AV software.

      But, again, so what? The only reason most botnets consist of Windows boxes is that 90% or so of the PCs in the world are running Windows. Most of the *servers* getting rooted ARE Linux boxes. If your grannie could figure out how to install Ubuntu, she'd doubtless have no more clue how to avoid getting her PC rooted than she does when using Windows.

      1. boltar Silver badge
        FAIL

        Re: AV is a malicious Peril

        "If Linux were so safe, then I wouldn't be suffering incessant attempts by hackers to get any foothold on the system"

        So hackers constantly attempting to get on your system - but not apparently managing it - means Linux isn't secure? Uh , what? So if a burglar tries the lock on my front door but can't open it the lock still somehow isn't good enough. What do you want it to do - scare the burglar off first? Wtf are you talking about man?

        Oh , and FYI - spam isn't hacking. HTH.

        "Most of the *servers* getting rooted ARE Linux boxes. "

        Cite.

        1. Anonymous Coward
          Anonymous Coward

          Re: AV is a malicious Peril

          There's no 'root' account on Windows, therefore only Unix, Linux and similar systems can be rooted.

      2. Fatman Silver badge
        FAIL

        Re: AV is a malicious Peril ... ERROR: INVALID ARGUMENT

        This portion of your comment:

        I replaced the mail server with a professional product, and I still had to give up on using my original e-mail address @ my domain name because it was just too much work to deal with the spam (and why bother when you get free e-mail from Google, Hotmail, Yahoo, etc.). I had to just take down my forums, and remove the registration module from my Wiki completely, in order to stop spammers from registering fake accounts in order to post ads (or worse, links to websites with exploits), wasting my time removing said accounts.

        contains an argument that is not platform (Linux) specific. Spammers can create fake accounts on forums hosted by Windows also. Also the argument concerns application software, not O/S software. Therefore it is REJECTED.

    11. Amorous Cowherder
      Facepalm

      Re: AV is a malicious Peril

      I run 4 Macs and 2 Linux desktops at home for my family, after 25 years in IT I still don't believe all that utter bollocks you're spouting! 15 years of DOS and Windows taught me to be utterly paranoid as I know there are enough shitbags out there who would kill for my personal info and trash my machines for shits'n'giggles!

    12. Wize

      Re: AV is a malicious Peril

      The computers that need AV are the ones poorly secured by the user.

      Put Linux on as many machines as there are Windows machines. Let the average user configure security them-self. See how many Linux viruses there will be. The average user won't lock their machine down very tightly and will install any old crap a website tells them to. "You want my root password to install the pink pony screen saver? Lucky I set it to something simple to make it easy to remember"

    13. Anonymous Coward
      Anonymous Coward

      Re: AV is a malicious Peril

      My friends at Apple, some of whom have worked at Apple for over 30 years, tell me that as long as they've worked there all computers there have been required to have Norton/Symantec AV.

      1. JeffyPooh Silver badge
        Pint

        Re: AV is a malicious Peril

        Apple + Symantec for 30 years?? Ignoring the discontinuity in the temporal axis...

        So how did Apple get any work done at all during 2007/2008? Were they using slide rules?

        Next you're going tell us they've implemented SAP, and still managed to put a box on a truck.

    14. BongoJoe
      WTF?

      Re: AV is a malicious Peril

      Well, in my world, which appears to be a different version of reality to yours, when someone has an infected machine here they don't care too hoots about the semantics as to whether it's a trojan, a virus or whatever.

      It's infected and that's all that matters to them.

    15. PyLETS
      Boffin

      Re: AV is a malicious Peril

      "There's only ONE operating system that needs AV. Windows."

      Not true. My Linux server hosting email lists for various community and charitable groups needs AV for good reason. Not because the digital diseases of end users who subscribe to these (all confirmed opt in) lists are likely to infect my Linux host. They aren't. My server needs AV to detect viruses present in email attachments which end users send each other through my server. My server is designed to replicate these messages but not emails attached to them.

      From the end user point of view, the distinction between the viruses replicating because my server is infected, and the viruses replicating because my server is designed to replicate email is academic and moot.

      1. Tom 13
        Thumb Up

        Re: My Linux server hosting email lists for various community and charitable groups

        And a hearty thanks to you for doing so.

        If we saw more responsibility like that from ISP and email vendors, the internet would be a safer place.

    16. David Glasgow

      Re: AV is a malicious Peril

      Ah! That hit the spot. My daily Eadon.

      All's well in the world.

      1. bigphil9009

        Re: AV is a malicious Peril

        Indeed, it is very entertaining reading his posts.

        Mind you, I'm glad that I don't employ him (or contract his services for that matter), 18 Register comments today and counting...

  8. taxman

    AV vs Persil

    "We can catch things that no one else can in the industry."

    Yeah, well just make sure you don't pass it on!

  9. Silverburn

    McAfee has said it's dumping the system – or rather, adapting it – in an upgraded security suite which will (it claims) virtually eliminate susceptibility to botnets.

    Just like you said in the last big release then. Ho hum.

  10. Anonymous Coward
    Anonymous Coward

    False positives?

    I can't wait to see what entirely innocent programs just happen to meet McAfee's half-tested heuristics and get sidelined. Probably on someone's main cloud server framework.

    It would almost be funny, except that our corporate IT policy is to run McAfee, and I can't connect to the company network if I dont :(

  11. Anonymous Coward
    Anonymous Coward

    What do they mean, susceptibility to botnets?

    I'm not even sure I understand their marketing message.

    A botnet is a collection of computers carrying out tasks (such as spam, DDOS, web proxying and sometimes even hosting) on behalf of the bad guy. It isn't something a computer can be susceptible to. Perhaps they mean that it prevents them from being infected with an item of Malware which turns the computer into a Bot. Interesting... bots can be installed by mass mailers, targeted trojans, malware hosted on compromised websites, malware on USB sticks and even by idiot users who decide to become part of a hacking collective and voluntarily install a bot onto their machine.

    So perhaps what they are trying to say is that their new improved protection NOW prevents computers from being infected with malware (unlike before)? Or, perhaps what they are saying is that they have realised that reactive, signature based, malware detection is no longer sufficient to protect computers in the modern era now malware has the ability to spread globally before the AV companies have a chance to create and distribute a signature and if this is the case then WTF do they think that they have been doing since Bubbleboy was released in 1999???

    No, No, I think I've got it... What they are really trying to say is "BUY OUR STUFF, It's less bad than it use to be"

    Please note, I am not specifically anti-macafee, I am anti-marketing bull.

    AC as the views of the voices in my head may not be acceptable to my employer.

  12. TeeCee Gold badge
    Meh

    "..all our systems now work on behavior and reputation,"

    Oddly enough, my decision making processes for purchasing have worked on behaviour and reputation for some time now.

    Which is one of the main reasons why I won't be buying any McAfee products.

  13. oldcoder

    Interesting...

    "they have done this over the next three years"...

    So they also have time travel...

    That would make it easy to cure bots - Identify them now, then tell the AV about it yesterday....

  14. Richard Tobin

    Suspicious figures

    "100 per cent rating at killing rootkits, compared to 83 per cent for Microsoft and 67 per cent for Symantec". Did they by any chance test exactly 6 rootkits?

    1. Fatman Silver badge
      FAIL

      Re: Suspicious figures

      Read that part very carefully, I have quoted it below:

      As for rootkits – a particular Intel bugbear – McAfee touted a recent test by AVLabs that it sponsored that highlighted the effectiveness of part of its suite at cutting this attack vector short (although it did not specify testing criteria). The tests give McAfee a 100 per cent rating at killing rootkits, compared to 83 per cent for Microsoft and 67 per cent for Symantec.

      Did you note the emphasized words?

      So, I agree, Suspicious figures or paid for lies? You decide.

      1. Michael Wojcik Silver badge

        Re: Suspicious figures

        Read that part very carefully, I [am foaming at the mouth] below...

        Yes, thanks, no one else reading the article noticed that McAfee sponsored that study, or has ever considered the possibility that research might be affected by its funding source, sometimes to the point of being completely compromised. Had you not pointed that out, we all would have taken the McAfee statement as gospel.

        But, hey, you wouldn't want to miss yet another opportunity to accuse someone of shilling.

        Really, please, grow up. Even if a single reader here is likely to base their opinion of that "test" - about which we have so little information as to render it meaningless - on the question of whether the outcome was influenced by McAfee sponsorship, your pointing that question out will come as a surprise to exactly no one. Boldfacing some words in the quote, then pointing out to your readers that you'd boldfaced them, is childish and inane.

  15. John Smith 19 Gold badge
    Black Helicopters

    Has anyone considered what it *really* takes to go completely malware free?

    Obtain multiple Linux distributions.

    Select apps and kernel source code you want to run. Avoid ones that require a virtual machine running on top of the hardware.

    Cross reference across versions to locate any changes between them IE potential trap doors. Do this with 2 different comparison tools to avoid one that's fixed to ignore trapdoor code if it receives a specific marker, or code your own. You'll do this for any future apps you load.

    Define new processor architecture with opcode bit patterns chosen at random (to prevent guessing if samples of your object code fall into the wrong hands) and implement it. For extra obfuscation make it a stack architecture running an unusual bit length.

    Hack code generators for the apps and kernel languages you're going to compile.

    Re-build kernel & apps to new architecture & install on system.

    Change delete any default accounts/passwords. Set up low privilege working account(s) where you do most of your work, view your p0rn etc.

    Change default router password and set router to ignore all calls from the internet to your address (so you're invisible except to your ISP). Disable universal plug and play (and most other things).

    Congratulations. You should be malware free and anything that gets into your system (infected email attachment?) will have no way to execute. Like a border post backed by a 1000 Km of desert. Anything that gets in will die.

    Now how many of you are paranoid enough to actually implement this strategy?

    1. Rob Carriere

      Re: Has anyone considered what it *really* takes to go completely malware free?

      Actually, the probability that your v1.0 of all that will be bug free is low enough that it would be safe to bet the rent there's a vulnerability there somewhere. Your actual protection stems not from all the mucking about, but from the fact that you created a one-off configuration and nobody can be bothered to crack it.

      1. FrankAlphaXII

        Re: Has anyone considered what it *really* takes to go completely malware free?

        >the fact that you created a one-off configuration and nobody can be bothered to crack it.

        Which would also completely embody the discredited idea of security through obscurity.

        As there is going to be a vulnerability somewhere in your configuration, given the right motivation someone will eventually crack it. There is nothing which is completely secure, you just have to figure out a way to make the amount of time, money and work it would take to breach your configuration large enough to deter an aggressor.

    2. volsano

      Re: Has anyone considered what it *really* takes to go completely malware free?

      Having done all that, of course, I'd run my target OS inside a VM which itself is inside a VM which itself etc to maybe a depth of 12.

      Each VM (different implementations of course) is running separate virus detection / fire walls / etc, so only incoming data that passes all of one VM's sniff tests makes it to the next level.

      For an infecting virus that is trying to reach my app in the target OS, the effect would be like running the gauntlet in a very-hard-to-win first-person shooter with no ability to save at crucial points.

      With a 12-core processor, my nicely snuggled app would not even notice the latency in handling incoming data.

    3. Christian Berger Silver badge

      Can be done simpler

      There is some research going on into assisted proof of software.

      Essentially whenever you write a piece of code you need to proof that it works correctly. This proof will be checked by the compiler. (just like some compilers can already check for array boundaries, etc) The current research is about how to make a language which integrates code and proof in a good fashion so it's not to much overhead.

      In the end you can for example proof that data marked "private" will never reach the network card driver. And that you will never overwrite your stack. Some people even go further and add types to the memory so your CPU can check for types. Those types can include features like "private" or "local" or whatever you want to.

      This is of course a long term goal, but it's being worked on. And ideally you don't loose any/much speed.

    4. Gordon Fecyk
      Go

      I have. Right here.

      Has anyone considered what it *really* takes to go completely malware free?

      Part 1. More parts are following, along with using Software Restriction Policies in coming parts.

  16. dajames Silver badge
    Windows

    There's only one thing I miss in McAfee's security products ...

    ... the ability to deinstall them, quickly, easily, completely, and cleanly.

    Seriously, this crap comes preinstalled on many big-name Windows boxes, and getting rid of it takes most of a day -- it's quicker to wipe the drive and reinstall.

    1. John Smith 19 Gold badge
      Unhappy

      Re: There's only one thing I miss in McAfee's security products ...

      "... the ability to deinstall them, quickly, easily, completely, and cleanly."

      A "feature " they seem to share with Norton.

      Less an installation, more an infection.

      1. Anonymous Coward
        Anonymous Coward

        Re: "feature " they seem to share

        If more than one vendor exhibits this behavior, perhaps the issue is in the OS and not the app.

        Not that the app maker should be excused mind you. I find this more annoying with Java than the two mentioned pieces. At least those will partially uninstall whereas Java on Windows is just completely buggered if something gets corrupted with the install.

    2. Fatman Silver badge
      Linux

      Re: There's only one thing I miss in McAfee's security products ...

      I suggest a slight change to this:

      Seriously, this crap comes preinstalled on many big-name Windows boxes, and getting rid of it takes most of a day -- it's quicker to wipe the drive and reinstall install Linux.

  17. MrWibble
    Facepalm

    "Customers no longer have to worry about botnets; we will take care of that for them."

    Taking bets on how long that will take to bite him in the ass. I reckon less than 6 months.

    1. John Smith 19 Gold badge
      Facepalm

      "Taking bets on how long that will take to bite him in the ass. I reckon less than 6 months."

      I bid 6 weeks, but I think that's generous, but when it's discovered is another matter

      For the successful cracker (who keeps it secret) this is the perfect target.

      The sense of smug complacency that will set in could allow them to establish the biggest botnet the internet has ever seen. OK that's a bit of hype but certainly quite large.

      I've heard this "It's uncrackable" spiel a few times. A classic was the SKy digital TV encryption system.

      The channel coding remains (AFAIK) unbroken with a 2048bit PKA key.

      The cards were not. Giving free TV channels to those in the know.

  18. Mayhem

    The problem with Heuristics analysis

    is that if you get it really right ... you don't get to sell regular updates to the software.

    I know of several different AV providers who went out of business for that reason back in the day. The technology was quietly bought up by Symantec and allegedly merged in with Nortons.

    To be fair, the change to 64bit windows would have killed their product anyway without some significant rewrites, but it worked brilliantly for 7-8 years without an update.

    1. Ilgaz

      Re: The problem with Heuristics analysis

      Another thing is operating system itself may behave like a virus. It is in nature of operating systems.

      Unlike mcafee who seems to have "invented" heuristics after decades of use, that is the main reason why companies do crazy things like virtual machines, cloud based white listing, machines left open to internet on purpose etc.

      Poor Intel wasted their billions.

  19. Ilgaz

    Genius

    In a world which companies and even end users expect a common security suite which will work similar on all their devices from a cheap Huawei to top of the line i7 workstation, they ship software which will work fine only on Intel cpu.

    If someone at Kaspersky or Sophos came up with such an idea,he would be fired.

    Also, heuristics and behaviour analysis are old news in real security scene. Signatures are only a first line in defense. It has been same since IBM&F-Prot.

  20. Gordon Fecyk
    Stop

    McAfee rewrites history?

    Signature-based malware identification has been around since the dawn of the computer security industry

    Bollocks.

    Stiller's Integrity Master, a profile-based virus detector, existed before John McAfee sold a cheap and lazy media on Virusscan:

    I love it! I have been a fan of integrity checking (IC) ever since my first big software conflict trashed small parts of a few files of the 2,000 + files on my disk in … 1986

    (Sadly, that article is only on Google's cache now.)

    CERT formed before McAfee did, in 1988, to combat the Morris Internet Worm. McAfee opened his doors in 1989.

    1. Ilgaz

      Re: McAfee rewrites history?

      Don't forget Thunderbird (originally hardware based, converted to software) or A-Tool for Amiga which didn't need signatures at all.

      1. Ilgaz

        Thunderbyte, not Thunderbird

        I confused the brand with email app. It was thunderbyte antivirus from Netherlands.

    2. Michael Wojcik Silver badge

      Re: McAfee rewrites history?

      Signature-based malware identification has been around since the dawn of the computer security industry

      Bollocks.

      I am baffled how anything you posted is a refutation of the statement you quoted. In fact, your evidence appears to support it: if "the computer security industry" is defined as software companies selling security tools for PCs (a dubious definition, but we'll get to that in a moment), then the statement is clearly true, since signature-based identification in fact clearly predates that "industry", and thus "has been around since" (and indeed before) it began.

      If we define "the computer security industry" in the rather more useful sense of organized work to improve security in IT, then Integrity Master and its predecessors would be a part of that "industry" (in the sense of "work", not necessarily "commercial product'), so they wouldn't be counterexamples to the statement either.

      However, IM isn't relevant to the statement at all, because it's not a signature detection system. Signature detection systems scan data for sequences that may indicate malicious code. IM is a change detection system; it computes hashes of existing files (at least originally CRCs; the article doesn't indicate if it later used stronger hashes) to see if they match the hashes from the previous pass.

      So a complete miss then. But really I can't see what you're all worked up about. Thomson isn't claiming McAfee (or anyone else) invented signature detection, just that it's been around for a long time.

  21. ADJB

    As the argument rages about this OS being safer than that OS with respect to nasties does anybody have any figures on how many viruses actually use windows as the directly attacked platform as opposed to using some third party program (Adobe & Java - looking at you) as the attack vector which then goes on to compromise the OS.

    I suspect that 'modern' windows, say Versions 7 & 8, are actually very robust and the vast majority of the infections are due to third party applications.

    I can see this as being a major flaw in 'phone and tablet OS'es where they request, and are inevitably given, permissions far in excess of those required for purely operational needs in the same manner as many windows programs have "needed" administrative permissions in the past and thus provided an easy foothold into the OS.

  22. Wardy01
    FAIL

    Eadon

    You're a douchebag ... deal with it !

    Go flame some other forum.

    The most epically failed statement ever:

    100% of all viruses are for windows

    ... riiiiight ... I know of at least 3 for mac and i've read somewhere on here recently that some hackers are chucking together android viruses ...

    http://www.bbc.co.uk/news/science-environment-17623422

    http://www.bbc.co.uk/news/technology-20768996

    And those are just in the top 2 results for some basic google searching ...

    What a total tard!

    Anyone else fancy confirming what a tool Eadon is ... upvote this comment!

    As for McAfee ...

    I generally hear good things about them, but me personally, I wipe my machine clean and restore from an image (network stored) every few weeks so I don't bother with AV.

    I'm also very careful about where I download and run executable code from.

    Have I ever had a virus?

    yeh once ... when I used to use AV, and it's solution was to destroy my OS install.

    1. This post has been deleted by a moderator

  23. Anonymous Coward
    Flame

    "We can catch things that no one else can in the industry"

    "We can catch things that no one else can in the industry."

    Well that's certainly my experience - our PCs running McAfee catch things that users of other vendors don't seem to get. Whenever I submit a sample to virustotal.com McAfee consistently does not detect anything but 90% of the other vendors do.

  24. Anonymous Coward
    Anonymous Coward

    100% effective... at press time, for our test cases

    I've run keygens in a VM for obvious reasons. More often these days, they detect that they're in a VM and refuse to run. Appearing innocuous.

    Sandboxing doesn't always work

  25. teebie

    Now

    Shouldn't they have done this 5 or 10 years ago?

  26. Herby Silver badge
    Trollface

    One of these days, they will recognize that...

    Windows itself is the virus, and needs to be eliminated. It just keeps morphing every few years and changing a number (3.1, 95, 98, 98SE, Me, NT, 2000, XP, Vista, 7, and 8 to name a few) and re-infecting systems.

    Of course, they need a platform to run on, and they chose the absolute worse processor (the X86 family) to do the job, also counting the viral effect.

    (*SIGH*) One of these days.....

    1. Miek
      Coat

      Re: One of these days, they will recognize that...

      Sorry, I guess the guys are running low on downvotes after all the Eadon posts earlier

  27. Tom 13

    Re: The end result could crush botnets

    but that's nothing compared with what it will do to crush your Windows software!

    I know. The last time we had major down because of malware where I work, it was McAfee whacking the login dlls from the system directory.

    1. seansaysthis
      FAIL

      Re: The end result could crush botnets

      sometimes the cure is worse than the disease.

  28. Anonymous Coward
    Anonymous Coward

    I do wish the moderators here would stop all this personalised bashing of individual posters that is being targetted against specific individuals who post here.

    Seriously. If you don't like what he says, the prove him wrong. If you can't do that, then don't bother commenting, about what he says. Your personal thoughts about him are irrelevant. All this ridiculous name calling just makes you all look like children.

    1. diodesign (Written by Reg staff) Silver badge

      "I do wish the moderators here would stop all this personalised bashing of individual posters"

      The trouble with deleting comments that bash individuals is that it spirals into a "he started it!" nightmare. The general rule I like to see people follow is "play the ball, not the man". So if people stick to that then things work out.

      C.

    2. Galidron
      Unhappy

      You can try, but people who reject all evidence or utilize irrelevant technicalities to make themselves fell right will never change their mind. When you combine that with a strong desire to evangelize everywhere people will naturally get tired of constantly bring forth the same evidence proving them wrong over and over again. Ignoring them doesn't really work because then they could possibly convince someone new that they are correct. Over time the will eventually piss someone off enough to respond to them with an attack of some kind and with the number of readers hear there will always be someone new being pushed over the edge.

      1. This post has been deleted by a moderator

        1. Miek
          Linux

          Eadon, your arguments are well-trodden and I guess most people are bored of hearing it.

    3. RyokuMas Silver badge
      Thumb Up

      "Personalised bashing"

      @Dave Dowell - imagine, if you will, a fly buzzing round your head. You try to shoo it away, but it keeps coming back. You can either keep trying to just brush it aside, or become increasingly more annoyed trying to swat it.

      This is what has happened here.

      You're absolutely right about trying to counter-argue posts you don't agree with - however, I can understand some posters getting frustrated when faced with a continual barrage of provocative posts that usually lack any form of evidence or back-up, especially when the poster in question (I think we all know who we mean here) refuses to acknowledge any counter-argument that does not fit in with his own philosophy and just continues to "buzz around our heads" - to use the earlier analogy.

      It's why I think a "report complaint" facility - similar to "report abuse", but for more general use - would be a good idea.

  29. Boris the Cockroach Silver badge
    Windows

    I suppose

    a few rules to avoid the malware would be better than AV software that bungs up your system/network/entire internet

    1. Phone chargers for all staff : stops them plugging their phones into those handy usb ports on the front of the PC

    2. remove Java and flash from the browsers

    3. Anyone caught with a USB stick is fired.

    4. Anyone opening an e.mail attatchment is set on fire.

    And lastly for those really serious about stopping malware from seizing vital data

    Install Linux

    1. seczine.com
      Devil

      Re: I suppose

      "4. Anyone opening an e.mail attatchment is set on fire."

      Surely you fire the email admins for letting the attachment through with out running through a sandbox first?

      1. Boris the Cockroach Silver badge
        Flame

        Re: I suppose

        Who cares.... after the first few examples, everyone will remember

        Flames...... and why not

    2. Hungry Sean
      Happy

      Re: I suppose

      I've visited companies where to enter the campus, everyone sends their belongings through a metal detector, phones are checked to make sure cameras are taped over, sd cards or flash drives are banned, etc. etc. In the government sector too, there are some pretty extreme measures taken for security (e.g. supercomputers that are physically partitioned so that confidential simulations can't possibly be spied on by other code).

      Generally though, I assume the powers that be look at the relative cost of preventing malware via draconian measures (quality of employee, worker happiness, inefficiency in working with clients who want to use e-mail attachments) and decide that it's much better to employ a handful of smart people to setup firewalls, IDSes, monitor developments in the security field, etc. and basically hope that the risk is reduced sufficiently.

      Similar considerations apply to safety from muggers-- if you wanted to make sure you'd never get mugged, you could hole up in an underground bunker with 80 years worth of non-perishable food, cases of ammunition and high powered weapons, hopped up on methamphetamines monitoring your CCTV, and you'd have a pretty high confidence in your personal safety. On the other hand, it might not be a very happy existence.

This topic is closed for new posts.

Biting the hand that feeds IT © 1998–2019