F-PROT passed too. :-)
Top tier anti-virus vendors including McAfee, Trend Micro, and Sophos all failed to secure Windows Vista SP1 in recent independent tests. Virus Bulletin, the independent security certification body, said 17 of 37 anti-virus products tested failed to reach the VB100 certification standard. McAfee VirusScan, Trend Micro Internet …
Bring it on. I've been waiting for this since 1999 with Melissa.
Vista (and XP, and 2K) can protect themselves quite nicely, thank-you, without the security blanket-wielding protection racketeers of the 1990s.
These vendors didn't have any excuses nine years ago. They didn't have any excuses a year ago with VB100 2007, and they don't have any excuses today. Rest In Pieces.
Vista (and XP, and 2K) can protect themselves quite nicely, thank-you, without the security blanket-wielding protection racketeers of the 1990s.
Errrm.... I don't think so. Anyone without a third party Anti-Virus product on a 2000 or XP machine (I don't know about Vista cos I've steered a million miles clear of it) who is connected to the internet will be infected quite quickly; especially with a non-tech-savvy user. Windows does very very little to protect itself against a well-written virus - as proven by people up and down the country who have caught them.
The death of anti-virus will come when they write OSs which either detect and suppress suspicious process behaviour directly without "definition files", and which make it nigh-on impossible for a privileged process to run unless it SHOULD be running.
Even Linux gets the odd virus - and that has addressed the second point quite well.
"Anyone without a third party Anti-Virus product on a 2000 or XP machine who is connected to the internet will be infected quite quickly"
Spoken like a true member of the anti-virus industry. That's a quote from somewhere, isn't it? Ahh here it is...
It's been five years since a Win2K / 50 user client of mine made the Big Switch from 95/98 and, well, they haven't been infected with anything since 2003. And they dumped McAfee that year, too.
Another Win2K / 25 user client made the Big Switch in 2004. Ditto, four years. Dumped Symantec.
An XP / 8 user client: Ditto, three years. Dumped AVG.
Most recently, an XP / 80 user client. Ditto, eight months. Their Big Switch? Weaning them off admin access on the desktop. Dumped Symantec.
No viruses. No spyware. No worms. No botnets. No nothing unauthorized. No BS.
Tell me these systems can't protect themselves without quoting someone from the anti-virus industry, next time.
it would be crazy to do with out anti-virus, i have heard this before, until a customer calls crying because he can't get into his files, or the system is so slow because of virus/trojans. Thats like saying because you did not hear the tree fall, it did not make any noise. If you can scan for virus, you can't find the virus...
This is another good reason for domestic ISPs to block all traffic on port 25. All those unprotected systems out there, that home users have 'upgraded' to Vista SP, are now happily churning out barrowloads of spam using spoofed addresses, which get returned as NDRs to legitimate business addresses (one customer has reported about 1000 instances in the last ten days, and they're just the ones we know about). The business users lose confidence in the mail system(s) because they're getting NDRs for mail they didn't send so they think there's a security failing inside the system.
If ISPs simply blocked 25 for all domestic connections half the problem would disappear at a stroke.
I'm partly with you. My ePO server tells me that of the 4000 odd PCs I support, we get only a handful of infections, the vast majority of which are twerps who've followed links that any Nimrod should have realised were to malicious websites. And it's almost all on PCs where we haven't been able to wean users off having admin access to their PCs (for complicated political rather than technical reasons). When NetWare login scripts were our main configuration method, we found we had to let users have admin rights, and we got regular issues with viruses sweeping through the organisation. Since we got AD and SMS to manage things we've demoted end users to ordinary users and killed that stone dead. I actually think that spyware and adware, and inbetween conware like WinFixer and WinAntiVirus are a far worse issue than viruses and trojans proper these days.
That's actually not what I'd call a very big network to be honest.....
5 yrs ago the company I was working with issued a new PC build with Admin rights turned off. Good firewalling, IDS, reasonable T & A, good server patching etc etc. We still picked up viruses from time to time but we were using AV so we got by ok. Chief cause? Consultants and vendors plugging in unprotected laptops at remote offices...
To challenge the effectiveness of some of the leading AV suppliers is right and proper (and I'm feeling quite smug at the minute for buying a Vista machine at home and choosing Kasperski.
To say that you can get by without AV is irresponsible. If you're not measuring it, how on Earth can you manage it?
DON'T block port 25, how will anyone send any legitimate email?
I have to ask my customers to change there home broadband provider so that they can reach our mail server because some ISP's already do this.
Also It would drive me mad to think that I couldn't run my own Mail server at home on my home broadband, Thats how I got into the game while at Uni? how can you learn if you cant use tools for home users to prepare for the real world.
In my opinion the problem is that not enough people are educated in using anti virus software and windows updates.
As for Gordon Fecyk, if you have a pc receiving email your will receive viruses, our mail server updates its definitions every hour and we still get the odd new virus through (about once a quarter) which then gets onto a customers machine and before you know it they have opened it up in outlook and become infected, I wouldn't know about these rouge viruses unless they had anti virus software that caught the sods on the next update cycle (again once an hour). Oh and as a tip use different anti virus manufactures in different places as then if one doesn't catch it the other software might. IE use Kaspersky for your email server and Symantec for client desktop systems.
ps Gordon If you think that by not running a virus checker you as safe then be my guest but I think your mad.
Yes, I did mean block by default, with a measure of competence to be ascertained before it's switched back on, I was specifically thinking about dynamic IPs which are not too useful if you're running your own mail or web server.
As for those blocked by default, what i meant was that the vast majority of domestic users should be constrained to using either their public webmail (eg, hotmail, yahoo) provider's or their ISP's SMTP servers.
I may well have used the same words as another person; but I wrote those words myself and did not "quote" anyone. I likely said the same thing because it's the right thing to say - I stand by every word. If you don't run AV software and you have dumb users connected to the internet, you will get a virus, full stop. The only difference is, as someone above points out, that without AV software you won't KNOW you have a virus.
I think that as a computer professional you have to avoid using your own soapbox beliefs to drive your policy at work; and you have a responsibility to your business customers to give them the best protection possible. Your professional responsibility should outway your desire to take unnecessary risks every time; and I think that your attitude is the worst possible kind of complacency and irresponsibility with your customer's business.
It is, but if a user really wants to install something malicious how can the OS prevent them? If you double click on a file called "hot-pics-of-paris-I_AM_A_TROJAN_AND_WILL_RAPE_YOUR_SYSTEM.exe" that they've received from "Robert" from Hotmail and then click through the UAC, why should the OS not do what the program tells it to? The big difference between XP and Vista as I see it is, run the installer on a net connected XP box and you'll end up compromised within minutes. Run the Vista installer while connected to the net and you can go about your business quite happily without worry unless you do something stupid. As to the performance difference. If you get a PC that has a halfway decent spec (and that doesn't mean "shop at Dell for their latest special offer") Vista OUTPERFORMS XP. @Ash, Flash exploit, learn more about computers before posting random tripe. If I write a program that opens up a port and lets people connect to that port and execute code on the system via a few simple telnet commands, and I actually use a few ugly hacks because the OS doesn't want me to do it, but my program has a legitimate function, is it the fault of the OS when a user installs my software and then gets attacked by random twats? If the exploit is in 3rd party software then it isn't an MS mistake. You can try to prevent it as much as possible, but if someone is determined that they know best (as is typical with legacy solutions) they'll find a way to do it, even if it means making it easier to compromise the system. Scenario is the same, complexity is increased.
Personally, right now, I don't think it's necessary for someone who is experienced to use an AV product, but it's highly advisable. Everyone makes mistakes and if you can increase your chances of keeping your system clean, you might as well do it, especially when the free solutions are pretty good. I use AVG at home, but I want to try out Nod32. I do a scan every few days and I scan anything I download from a less than reliable source. It's like the gun analogy, I'd rather have one and not need it than need it and not have one (I'm not advocating guns, that's another debate).
The point Gordon making about not needing AV should be taking in context with his position that users are users, not administrators. I run my customers networks this way too, and incidents of "issues" (whether virus, trojan, malware, whatever) with workstations are much lower on the networks where users != administrators than those where they are. Like Gordon, I've had networks run without AV for years without infection, and problems only arising from specific users being elevated to administrators (usually without our involvement). Detection of viral presence does _not_ need anti-virus software (only for identification and removal of specific viruses) - their existence is always revealed by their activity (usually in attempts to send out large quantities of email through non-authorised means). Even the numptiest users notice if their workstations are not behaving "normally" (which did surprise me).
With regard to ISPs blocking port 25, that I would support. Home broadband users do _not_ need to be able to transmit anonymous SMTP all over the internet.
For those who complain that "home users need to get to our corporate SMTP server", there are approved methods for dealing with this (Outlook Anywhere [RPC over HTTPS] for those using Exchange, Authenticated SMTP [TCP/587], and VPN) - use 'em!
users != administrators is the vital point here. Nothing made more difference to the issue here than that one thing. The amount of successfully installed Malware I'm finding on our Windows domain with users as just users is minimal to non-existent.
This is why UAC is a selling point to me on Vista; it makes it a lot easier for *no-one* to have to *run* as an administrator, and even if someone decides they will anyway, they still get prompted before that administrator token is used.
Now if some of the developers out there who have never moved on from NT4* could get their head around the fact that their software has to run for standard users...
*I've lost count of the number of stupid apps which try to write into the Program Files directory when they run...
To those running no anti-virus software, I wonder if your boss will see things the same way if you actually get a destructive virus loose in the company? Yes, they've fallen out of fashion these days, but are you really comfortable gambling your job on nobody creating one again? There are plenty of 0-day privilage escallation vulnerabilities on both 2000 and XP, assuming you're being hit by none of them is brave to say the least. I wonder how many tracking / keylogging programs you have on those computers right now.
Oh, and Steve, if you think Anti-virus software can remove a virus once installed you have some serious waking up to do.
I've experienced modern viruses: I've found and removed three in the last 12 months that weren't spotted by either Sophos, Norton or Avast. Good viruses nowdays are small, discrete, and will run quite happily in safe mode. They take a good amount of skill and a fair bit of luck to remove but the only way to be sure a compromised computer is safe is to wipe it completely and start again.
First off thanks for responding. It wasn't as uncivil as I expected, and I'm consistently surprised at the non-flame content I'm seeing.
Steve Foster is right in that it's possible to detect and stop malware without conventional anti-virus software. I manage security SYSTEMS, not security PRODUCTS. These systems consist of more than one product, more than one measure (ie: blocking port 25) and a lot of common sense. I do more than JUST remove admin access from the desktop. But it achieves the intended goal of No Unauthorized Software.
And so what if something comes along and runs as some user? I've mitigated that threat. Even if it somehow gets past every step along the way that I've put up (and there are a few!), it then has to somehow run. And then I've stopped that, too:
Add to that package roaming profiles, and you have nothing that can stay on the local computer, or needs to be on the local computer. Everything that IS on the local computer is authorized.
The only things left that can run from the net are Java and Flash. Java's so stupidly paranoid about security, that if something goes horribly wrong the OS will stop it (Java runs as the user that runs it) and then I can blame the applet's developer -- that's a good use for code signing. Ditto with Flash, though not quite as paranoid, and IE7 stops misbehaving Flash. Yes, I read the pwn2own results, but couldn't help but wonder if the perp was running as Admin.
No metrics, eh? How do I know how many viruses are running rampant? I should ask you the same question, if you're running an enterprise AV product that collects data and then turns around and DELETES it:
All you have are anecdotes and what-ifs. I at least have uptime statistics.
Who is more irresponsible? The flaming idiot with five years of virus-proofing to back him up, or the "comparably sane" folks running their security blankets expecting the AV industry alone to save them?