Don't offer me advice, give me money - Spanish proverb
|
|
|
Anti-virus software is losing the battle, and the war
ANTI-VIRUS SOFTWARE is fighting a losing battle against malware, and there's nothing that can be done to turn the tide, according to a security testing firm.
NSS Labs, an independent security product and certification test lab, looked at 10 anti-virus products on the market. It found that the effectiveness of the software was variable, to say the least, with some products more effective at protecting against malware on USB keys than in email, and vice versa.
"It tells us that the anti-virus engine is not applied uniformly across all the attack vectors," said Rick Moy, president of NSS Labs. "That's generally a flaw in the product architecture. There's not one product which gets malware the same across different vectors. Anti-virus is losing the battle. It's losing the war."
He added, "I know the bad guys are doing their own testing on anti-virus products. Every AV product can be circumvented. Hackers can get in easily, because you can download them for free for 30 days, and create your own test lab."
"You keep making the viruses and the malware, until one gets through. Once it gets through, you put it on the Internet. You can write software, until that gets automatic. The bad guys, in some cases, are doing better testing than the good guys."
'Secure' USB keys that are advertised by vendors to offer mobile protection were also shown to be pretty ineffective. Moy said that NSS Labs did work with banks on the products using the technology, and broke into everything that it tested.
"Some of that is private testing we haven't published yet. In some cases we're trying to work with the vendors. But secure USBs are not as secure as you think." µ
Share this:
Share
The 'logic' in the article that viruswriters can download test versions is flawed in many ways, first by that getting past a virus-killer will not have you on the computer yet, and secondly and more importantly that virus-killers are updated daily with new definition files and every so many days with scan-engine changes, and that is done precisely because that makes it impossible to have a working bypass for very long if you manage to do it in the first place.
Not that viruskillers don't fail often enough, but that's to the shame of the makers of the killers and not the effort of the virus creators beating them.
In fact if the virus-killer is beaten it's most often because the virus piggybacks on flawed software like adobe's stuff (flashplayer/pdf reader/etc.) that keeps the virus-killers at bay for the virus, so friendly and handy..
And incidentally, not too long ago adobe's flash had a flaw that even enabled viruses on so-called secure OS's I fear, and you can reject all such propriety tricky software, but then your web/computer experience is greatly affected.
I have run OS/2 for the last 18 years and never had a virus. Sure, nobody's writing viruses for OS/2 but I'd like to see them try.
I continue to run win-98 at home and in the workplace. With KernelEx API enhancements, I can run a lot of win-XP software. But it's immune to the vast majority of NT attack vectors and vulnerabilities. FAT32 and true DOS access to the hard drive means nothing can hide on the system - not even root kits.
The Windows NT line of OS's is like the Emperor's New Clothes - it was supposed to be better than win-9x/me, but here we are 10 years later still trying to lock down and patch the holes.
I scanned my computer after the period with a boot disk antivirus program and then installed an antivirus program in windows just to be sure. no viruses.
and what do you think is going to happen if everyone started using linux tomorrow? Loads of Linux viruses and zero windows viruses. Code is just code and it can be circumvented no matter. Its all just zeroes and ones.
My God. So your Linux TOLD YOU that the VIDEO that you downloaded is MALWARE by calling it a CORRUPTION. Sorry I couldn't read past this part.
I'm not religious but I'd pray to one God to make the rest of Linux users not be like you. I don't see such stupidity in an INQ comment for a long time - and I like to read fanboy's comments on Apple-bashing articles!
If someone wants to make a virus for Linux, for MacOS, even for you TV, it will work just fine and will do whatever it wants with your private data as nice as it does on Windows machines.
Non-Windows OSes are safer than Windows only because virus-writers don't write viruses for them! (mostly)
OMG I think I'm saying that to people for like 20 years (MS-DOS x OS/2) and people still say crap like this.
Well stupidity is a human thing I guess.
Seriously dude, You are an idiot if you think just "being safe" will protect you from the malicious viruses out there.
You are infected and you probably don't even know. That is, unless your running linux that is.
I'll be glad when microsoft eventually kills themselves.
I ran my computer for 6 months without any antivirus. I like the web and the pron but I was sensible about where i got it from.
At the end of the six months? Not a single virus. The best antivirus is not clicking every banner ad on the net.
"I simply need to spend an hour or two researching sandboxing"
Which is an hour or two longer than the average idiot will ponder before double clicking it anyway and hitting "yes" to the permissions dialog because they don't really give a damn. And if it takes an hour or two, how is this different to VMing? I could set up a VM in 20 minutes.
Gaming is not the only thing Windows has going for it. Such a thing is a horrendously ignorant comment. Video editing is still crude compared to Win/Mac. The Autodesk ports to Mac are atrociously unreliable from my two years' at college experience, and there's no Linux port. Blender's awesome but exporting to games engines is a huge issue.
When the problem exists between keyboard and chair, there is no solution. Code is always going to be flawed, the constant flow of updates every time I turn my netbook on is a testament to that. Oh, and the billion things that don't work properly. I STILL cannot install Code::Blocks on it a year after installing Linux, the install scripts have been broken on some machines (seems utterly random) this entire time and every forum post about it just trails off without solution.
Exactly, ditch Windows and stop being a moron. As Linux IS safe!
Always has been.
Windows is not, and nothing is safe against morons that put in their password everywhere where asked.
However, as admin you can stop a moron by denying root-access. Something that Windows say it has, but it hasn't.
Time the world wake-up and see how crappy Windows really is.
And no Mac OSX isn't as good as Linux, but it's close.
Tell the gaming companies that we want them to start programming for Linux. Gaming is the only thing that is truly worthwhile on Windows, everything else is hype and marketing. In the case of Apple, EVERYTHING is hype and marketing.
Linux is secure as long as you're not a moron. I can't count the number of times I've downloaded a um, sexually creative movie and had the computer tell me it's "corrupt." I'm fairly certain that the "corruption" involves malware. But since I don't allow videos to execute code, just play the video, I'm safe. And if I ever decide to install software from an untrusted source, I simply need to spend an hour or two researching sandboxing to 100% guarantee that I'm safe from any nasty stuff it's carrying.
As an example, I'm involved in a project called BOINC. BOINC is a program that allows researchers to use my computer's cpu and RAM to do research on various projects. ANYONE can use my computer by convincing me to attach BOINC to their project. Sounds way dangerous, doesn't it? But when BOINC installs itself(I trust the BOINC people, so that's technically an avenue for a virus, admittedly) BOINC gets it's own user account with highly limited permissions. So the programs can do anything the boinc user is allowed to do, which isn't a whole lot. If I don't like what boinc user is doing, I can just uninstall BOINC, problem solved. Or, if it's just one project that's making me mad, I can detach and delete the information from that project.
Easy, peasy, and no money trades hands either, even more fun.