Antivirus is 'completely wasted money': Cisco CSO

[Victor V.]

How do you know that he's not infected if you don't test it with a AV?

edit: beaten by cork1958

Now this guy's got a point!

@up Err... they will start making viruses for OSX and Linux? And then break the theory hypothesis of those OSes being unvulnerable.

[simsie]

Personally i think I am secure because I am above the masses. I use Opera, router firewall etc. My sisters laptop uses Vista (with UAC / protected mode). Attackers are less likely to attack UAC on Vista or Opera when there is a much higher userbase on IE6 WinXP.

Same thing with Mac and Linux. Hackers have found exploits and in the case of Mac there have been a few virus scares, but there's not as big a market in it.

[markwolfe Veteran]

Now this guy's got a point!

@up Err... they will start making viruses for OSX and Linux? And then break the theory hypothesis of those OSes being unvulnerable.

:blink: I know of no sane person that would claim that Linux is "invulnerable" when there have been past worms, like slapper, in the wild.

[Brandon Live Veteran]

I find his remarks disturbing. Not the anti-virus ones, because he's sort of got a point there.

But the patching remark? That's nuts. The best way to protect yourself is to have your software up-to-date. 0-day attacks of significant scale are pretty rare.

[A10]

I would love to see them market a Linksys or Cisco branded home router with anti-virus built into it. Astaro does the same thing, but their hardware based appliances are more commercial based.

Get the anti-virus competitors in on the game they can colaborate with Netgear, Dlink or whomever they choose one router brand uses this database the other uses this database, etc... stop the virus before it reaches the actual machine. You have the anti-virus and the firewall all on the same piece of hardware. Additional software tools such as scanners, etc.. could be provided as well. It sounds like a dream, but it's been done before.

[WAR-DOG]

It would make more sense to teach users how to avoid getting malware and viruses...

[Windam]

One word: Linux

Too many companies use Windows for no good reason and it's sad that they don't have better advisers.

true dat.

I still use XP because I need to use my Adobe apps, but NOD32 has done great justice on my system.

[Airlink]

Just run Windows x64 and watch your infection rate drop like a stone.

Seriously.

[Shibby]

What he said is either dumb or taken out of context.

It is sounding like an AV program is masquerading as god gift. It is only one piece of the security jigsaw. I believe an AV program purpose is to minimize disruption by flagging up known threats (e.g. damage limitation). It is then up to the administrator’s policies and knowledge to monitor the system for unauthorized, and unknown processes. Installing patches is also a good idea; it just means one less potential threat to the overall system. A recovery plan must always be up-to-date and feasible in its implementation, such as backups for everything. The more automated it is, the easier it is to recover from a damage. How you stop that threat is another thing, it all depends on the way you have set up your system.

[arrrgh]

I bet their security division isn't happy..

http://www.ironport.com/technology/ironpor...ak_filters.html

I'm expecting to see some major revisions to their Ironport product pages.

[Kojio]

Complete security solution:

Unplug network cable.

Congratulations, you're 100% secure. :D

On the serious side, I would suggest actually unplugging the network cable while you install a fresh copy of Windows Vista, 64-bit preferred, and then install all of your programs and modify Vista with all of your settings. Always keep UAC and IE7 protected mode enabled. Make a DVD backup of your current installation, and change all your document folders to point to an external hard drive. Save all of your personal data on an external drive.

Use at least a basic A/V that is simple and unobtrusive(like Avast!), and then finally plug the network cable back in.

As far as user habits, it is quite simple:

- When surfing around to random sites with google, use some common sense in where you go. Top listings are usually a safe bet, unless you are looking at top listings for warez and porn sites. Then you are asking to get infected. Stay away from websites with free hosting, such as geocities(do they still exist?) and others.

- Get more familiar with using favorites links and autocomplete for going to web sites. Try to avoid any habit of typing in the address, since mis-types usually lead to spoof sites infected with malware.

- When downloading programs, always go for a trusted source. If you are unsure whether the source is trustworthy, then simply don't even download it. And even if you do trust the source, scan the program with an A/V before running it. Do not run the program with admin rights, unless it is a 100% trusted source.

- When downloading torrents, go for the ones with the highest seed/leech numbers, at least 30+ seeds. Any lower and you are getting into the danger zone. Sometimes seed/leech numbers can also be spoofed, so you need to look for torrents with lot's of comments as well.

[+Elі Subscriber²]

LOL That's why I use ClamWin on Windows... That way I don't need to pay for virus scanners...

How good is ClamWin? I had never heard of it before.

[Evolution]

For those of you who don't run antiviral programs..... you should at least run an online antiviral scan of your entire computer once a month...

[anarkhy]

Big companies would be best using linux or mac, anything but windows.

[3 of 7]

Big companies would be best using linux or mac, anything but windows.

My god, if the knobs I've worked with can bung up Windows so easy, I'd hate to see them on Linux....

A few years ago we had 1000+ corporate computers comprimised by an email virus... What the heck were these idiots doing opening an attachement on a work computer that wasn't directly involved with work? And who was held to the fire over it? Management sort of shrugged and forked out a bunch of coin to "fix" the problem and there was no discussion of why all these fools opened the attachement in the first place....

People are soooo lucky I don't get to call the shots some days..

OK...I'm all better now.

[rdmiller]

"If patching and antivirus is where I spend my money, and I'm still getting infected ..."

Obviously, if you do something and it doesn't work, it's a waste. Does that mean you should stop? Or that you should double your efforts?

[zerologic]

I agree with that first part of your post, but that second part is flatout absurd!

Sould be (1)Kaspersky, (2)NOD32, (3) Avast

Said by Gary7

"Not in my opinion. There are far superior free Programs such as Avast, and AVG. A friend of mine has never used a AV program and he has never been infected. I just use Avast with the Standard Shield only."

How would your friend know if he's ever been infected or not, if he's never used an AV? Those kind of statements are also flat out absurd!

What was I thinking. Must have been asleep when I was posting that or momentary dementia.

:trout:

(1)Avira (2) Kaspersky (3) Nod32. IMHO

My rating is based on AV-Comparatives and experience.

:happy:

[asoldier]

Vista is so secure you won't even need to worry about security as Vista protects you well if you LET it and not change silly system settings.

I have not even installed an AV on permanent time since I see them as waste of time and money. I know I am not infected because I install an AV from time to time to check for viruses. At the moment I am setting up a USB stick system maintenance software that will check for viruses as well as cleaning up junk.

Vista, like everything else, has its flaws. One of them is the UAC. However, if you're prone to infection (which you know if you are, since you're reading this thread, you've probably had a bad experience) then UAC is actually a good option. User access control by Vista allows the user to see the operations and changes generated by software being executed or installed. It gives you prompts which allow you to choose what you want to install and run/change.

Assuming the user actually reads the dialogues and prompts, the average system governed by Vista should be solid and secure.

However, once again, Vista is still a work in progress; and like every work in progress, is prone to bugs and problems. There's always a back door. I remember reading in a hacker's black book somewhere that for every security measure programmed there are 10 exploits waiting to be used, whether it's a virus, trojan, or code injection, there's always a back door.

I've found that the Norton series tends to be very user-friendly, and Norton 360 is a streamlined all-round protection suite; however, during the 2 years of usage, Norton only picked up on about 1200 of a total 2351 infections. Norton was only able to recover my system from 42 of those 1200. I removed Norton 360 in order to try alternatives, and here's my results.

Kapersky: removed 102, 34 of those reinfected my system due to trojan downloaders that weren't removed.

Nod 32: removed 1000+, however I noticed no significant change in system performance and began getting crash codes and the blue screen of death repeatedly.

Avast: Removed over 200 infections, supposedly. The infections obviously instantly returned because once I re-scanned the system, over half of them were picked up again.

Then, I did a little research. It turns out that none of those programs provide an all-round scan and removal, and none of them really provide a way to immunize your system against any of the threats it removed, so hidden system files could instantly redownload or regenerate the virii. Here's where I found my solution....

System cache, bugs love it. It's where they hide and install themselves from. It's also a fairly easy target for injection exploits. Temporary internet files for example. So I downloaded CCleaner. It's freeware available from http://ccleaner.com. You should also use this program to remove unnecessary system startup entries from your startup registry.

Spybot S&D. Spybot Search & Destroy is also freeware and it searches for a massive database of spyware, adware, malware, trojans, and other baddies on your system, and gives you the option to remove. The option is provided because some programs that could be considered spyware may also serve a special function to the user (i.e. WildTangent and Wakoopa). http://spybot.com . Spybot also includes a magnificient Immunize function which immunizes your system from tens of thousands of possible infections. You can also use Spybot's advanced tools to remove startup entries and discover their function. Crap cleaner just shows their title name.

AVG Antivirus - Free, this program instantly detected all of the infections on my system, and stopped the ones that were trying to spread. I quarantined over 400 infections that Spybot missed, which were mostly viral malware and networms. Spybot removed over a thousand and immunized the rest out. I checked for updates one more time on Spybot and immunized against another 1200 threats. I used CCleaner to clean up the registry and rebooted. My reboot time went from 4 minutes and 21 seconds before the cleanup process, to about 45 seconds. It would have been quicker if I didn't have a disc in the DVD-ROM and USB devices plugged in. So my solution is download the following programs from http://download.com

AVG Antivirus (freeware)

Spybot Search & Destroy (freeware)

Crap Cleaner / CCleaner (freeware)

You should also look into WinMem Optimizer (freeware) It defragments your RAM based on a timer, idle time, or user initiation. It runs in the background and will not interrupt most modern games. I've been using it for over a year on Windows XP and for about 6 months with Vista Home Premium and it works great. There is a wanna-be version of this so WATCH OUT. If you install the wrong version it's shareware. And it will not work correctly.

-David

[PermaSt0ne]

Complete security solution:

Unplug network cable.

Congratulations, you're 100% secure. :D

thumb drives, floppies (yes, THOSE floppies), cd's, external hdd, etc. can still hold viruses

it doesn't matter what your browsing habits are you can still get infected. you REALLY think getting infected always requires user interaction? "big" websites get infected frequently, SQL injection, IFRAME exploits, cross-site scripting, phising, worms, rootkits, etc. all require no user interaction to work

i mean seriously, you think virus makers just sit around making a bunch of .exe's and wait for people to download and run them? :rolleyes:

[Fairlytayleree]

I would say my top tips here (and I don't have any real experience doing this for anything important tbh).

- I don't run Antivirus on my main PC and simply try and weather it when a virus gets on it, which happens very rarely when I forget some simple rule of thumb by accident - , I think...

TIPS!!

-Run some free antivirus software

-Try one or two for speed perhaps and also check on hit rates and industry standard test suite (I forget the name at the moment).

-Trying harder?

-Think about providing two browsers or using a non mass supplied browser (Safari, Firefox, IE, Whatever. Linux users tend to know about such stuff!). Opera is quite a good browser in my opinion though I haven't used it much or for very long (since it became free -- VERY occasionally.)

-Corporate level antivirus for windows consoles and "terminals" can be good stuff though check the same stats that you did for your free stuff. Don't break the licenses on the free stuff and don't bother pirating or trying to pirate corporate antivirus software that would be completely barmy :) Just buy some if you have a need to do so and it's doable. Then you'll have checked which is good!

-Those above two points I would give roughly equal weighting depending on who might be using said computer terminal.

-Keep your operating systems fairly up to date and try and keep them in a state where a service pack would work with them (or something like that - I've not much experience here myself). If that breaks you might have to reinstall some time so be ready to do that if that has happened or might happen !

-Don't try and get around Systems such as "Microsoft Windows Update" with 3rd party software as you would or might simply end up not knowing what instruction your processor is running at any given moment. Which would be technically a waste of power and time ! You should buy what you can or must by law and keep everything manageable. That would tend to apply especially to any company or companies (past or present !!! !_!) however your operating system will by now possibly be similar to that which a company is using or has used.

-Don't necessarily run the automated scanners on virus software which scan everything daily and all of that. You might like to use your PC in a more disciplined or perhaps momentally productive way in order to get the best from it and that would be something that an automated scan might interfere with for some people. If you have a good virus checker any automated scheduled scan would normally not be necessary at all I would suppose. That would depend on the circumstances and who might use or be using such a terminal.

-Antivirus is not foolproof nor is it a waste of time. I don't agree with the man in the news posting myself, while I don't have much experience. I would say it would be wrong to throw power and resources at this kind of thing simply to manage risk though, you'd want to have a fairly strong certainty of risk level and then a fallback plan and you would be pretty much ok there.

-Don't forget about EMAIL CDS FLOPPYS PEN DRIVE MOBILE PHONE all that and all other ways to communicate. Look at a TCP Port level if you have to and perhaps try a stateful firewall as well. Try not to do so by vendor.

Ok that's about it. Hopefully this should help most of you out moving forward... I do hope so. Viruses and malware are simply not as interesting as some of the other creative programmed stuff out there on the net any more in any case, just try and stay aware of what a threat might come like and how best to generally not be exposed and that would do it. That's my opinion!

[Guest ID2]

thumb drives, floppies (yes, THOSE floppies), cd's, external hdd, etc. can still hold viruses

it doesn't matter what your browsing habits are you can still get infected. you REALLY think getting infected always requires user interaction? "big" websites get infected frequently, SQL injection, IFRAME exploits, cross-site scripting, phising, worms, rootkits, etc. all require no user interaction to work

i mean seriously, you think virus makers just sit around making a bunch of .exe's and wait for people to download and run them? :rolleyes:

Don't take chances.

Always use a condom.

And whenever possible, use FULL body armour.

[Fairlytayleree]

I'm going to reply to add a literal LOL this time :whistle: :yes: :blink:

LOLLL

Thanks you for reading :) Great second picture that one. Dunno about your noun mwahahaaaa.

[+Majesticmerc MVC]

Just run Windows x64 and watch your infection rate drop like a stone.

Seriously.

Yeah, no viruses will install in your system that's for sure, nor will any device drivers, or programs.

[ajua]

Thinking about it, it could be a total waste of money for very large companies.

But small ones is a safe investment, as long a you have at least someone to take care of computers.

I also think that from time to time, companies should provide courses on secure practices for its employeed to avoid misuse of internet.

[shinji257]

Heh. I'll have to disagree although I don't actually pay for Antivirus. The best protection is yourself but in alot of cases that is virtually nil when you know what kind of people use the majority of computers out there. I use Avast for antivirus and the built-in firewall in Windows XP as my combination. Nothing more that is needed. Now then Norton is about the same as no protection so anyone that thinks that their $50 for Norton Internet Security 2008 is doing them any good needs to check again. Norton screws up so much it isn't even funny. Mcafee doesn't do it as much but is getting there. Their script blocker can still keep working even when you tell it to shut off for example. I had to disable the "script proxy" plugin to get it to shutoff for websites.

For anyone that opts to remove spyware by hand you need to know that anymore the spyware is removed via some seeming benign download program running in the system. That program is the culprit and seems to slip by most anti-spyware applications. The anti-spyware program will continue to remove the spyware and the anti-virus programs will continue to remove the viruses but until the downloader is removed they will pop back up.

I have been getting more of those cases lately too it seems on other people's computers. Mine however remains unaffected at all. In 12 years I have had only two virus infection (my first computer and a floppy that was caught before it hit my computer) and one spyware infection (vundo and my fault). My parents last computer however got infected weekly with spyware and I never did determine why. I removed all traces and any programs that shouldn't of been there and they kept coming back like clockwork. Each time worse than the last and in higher numbers.