back to article Anti-virus products are rubbish, says Imperva

A study released in December by US security outfit Imperva has tipped a bucket on the multi-billion-dollar anti-virus industry, claiming that initial detection rates are as low as five percent, and concluding that enterprise and consumer anti-virus spend “is not proportional to its effectiveness”. Working in conjunction with …

COMMENTS

This topic is closed for new posts.
  1. ed2020

    ...spend “is not proportional to its effectiveness”

    My spending on AV is very proportional to its effectiveness. I avoid using Windows unless absolutely necessary and, on the rare occasions I use Windows, it is protected by freeware AV software.

    Avoiding malware costs nothing but a little time, a little knowledge, and a little caution. Use a secure OS, adopt a cautious approach to browsing and downloading.

    1. Danny 14 Silver badge

      Re: ...spend “is not proportional to its effectiveness”

      Wow, I can see how that would work in the state secondary school I work in. With our 500 pcs and 2 staff I'm sure I could convert to Linux, harden the system, update patches and find all the software needed.

      Back in the real world this isn't always possible. AV regular patching and locking down installation rights is the best we can do

      1. This post has been deleted by a moderator

        1. Danny 14 Silver badge
          Stop

          Re: ...spend “is not proportional to its effectiveness”

          @Eadon- because it costs less to licence MS + windows + servers than it does to employ a person who is skilled in the pre-requisites of such a Linux setup. £27 per PC gets us windows, all our CALS and office. Another 3k gets us 5 servers with all the VMS we need, sql, exchange, external connector, TMG and system center. Basically less than 20k per year. We cannot get a Linux sysadmin skilled in all the prereqs for that. Not to mention it would need a FULL rollout over the 8 weeks holiday with no system fallback. Me + assistant + guru would be hard pressed. That plus the change of MIS, retraining staff, students is simply not going to happen.

          We binned open office (and libre office) due to the complexity of simple tasks such as:

          -locking down a GPO of PCs under examination logins to remove spell check and grammar check facilities.

          -universal templates based on logins (staff and pupils) with pupil templates residing on a central location edited by staff.

          -feature lockdown for pupils i.e. dictionary additions.

          -central rollout of default fallback styles

          Old open office could accomplish this with a few batch files copying items on logon (the spell check logon was a bit hit and miss for the NEXT person logging in). This also meant that the files copied over needed access by users therefore COULD have been edited manually by certain people. Newer OO and LO do not let you do this anymore. In the end we use MS and GPO with system rights instead. Oddly enough MS then released EEC so we switched back.

          I also assume you have never worked in a state school in a not-so-great area? We glue our power buttons so they cant be jammed open. We need to disable the intel hotkeys so all the screens aren't rotated 90 degrees permanently etc. Having an open Linux system would be tantamount to suicide from a tech point of view - I actually run a tech club (we play games for an hour basically) mainly so I can learn from the kids the newest driveby websites that screw up pcs or let them bypass browser lockdowns. I have also yet to see an open source system that can be rolled out and maintained by a small number of staff in the same way a GPO WSUS system can be- don't get me wrong I have 2 openfiler servers a few VMS with various FOG, apache, squid/dansguardian, moodle and "test" Linux distros (I tend to favour debian/ubuntu) and whilst i'm not technically inept MS has its uses.

          Whilst open source is great in theory, it is only great if you have either lots of money to start with or lots of skilled staff. In the real world this is not possible and I does gall me to see people thinking open source is somehow free and that everyone should be able to do it.

          1. Danny 14 Silver badge
            Thumb Down

            Re: ...spend “is not proportional to its effectiveness”

            damn I thought I had an edit?

            Anyway, I *do* know of one academy that tried to switch to Linux, they moved back to MS for the final rollout but that was for different reasons operationally (the academy went into special measures and the "rescue team" applied a model solution from a working academy - that meant MS). They had a staff of 13 (yes 13 although that included a couple apprentices) and just under 1000 pcs plus a helpdesk of 3 people producing documentation. THAT is a bigger waste of tax payers money IMHO.

            1. This post has been deleted by a moderator

          2. This post has been deleted by a moderator

            1. jason 7
              Meh

              Re: ...spend “is not proportional to its effectiveness”

              @Eadon.

              No you can't.

              You cannot leave the setup and running of a proper system that is required for any official or educational purpose to the hands of a 'Linux Enthusiast for free'.

              Will that person or persons then want to tie into a service contract? Have SLAs (will they want to be called out at 6am to help fix an issue before exams start at 9am?). Offer phone support etc. etc.

              People like that can be a great help for when you get started, everyone loves setting up folks new kit. But when it goes wrong or stuff needs sorting, folks giving their time for free, usually find they are 'busy elsewhere' when you need them.

              1. This post has been deleted by a moderator

                1. RICHTO
                  Mushroom

                  Re: ...spend “is not proportional to its effectiveness”

                  Again, not true. Try to to run varied enterprise systems on Linux and you will require far more resource than to do the same on Windows. For instance, have you tried to use the build and automation tools like Chef? It's a poor joke compared to the automation available from Microsoft...

                  1. Mahou Saru

                    Re: ...spend “is not proportional to its effectiveness”

                    That is rubbish.

                    Securing a system, any system is based on the skill of the administrator and the policies of the org. Any statistical hypist can pull numbers out of their arses, but what it comes down to is do you have the ability to secure in terms or skill and are you allowed to.

                    The following not directly aimed at you, but in general is I wish people would stop basing enterprise situations on home/soho situations, they are totally different in terms of security and costs.

            2. Lusty
              Thumb Down

              Re: ...spend “is not proportional to its effectiveness”

              All of you guys in favour of Linux in schools, out of interest, do you, or have you worked in a school environment?

              Regarding the idea of running both, there was a recent article about RaspberryPi in schools which summed it up nicely. The guy in charge of IT teaching there said they already have Windows systems on every desk, and there is very little extra that the RPi could teach which cannot already be done on the Windows desktop. The logical conclusion to this was that there was no point buying the extra devices regardless of how low cost they are. In reality, the devices would have been taken from the classrooms within a week anyway unless someone screwed them down, and even then some will go missing!

              Regarding someones comment about extra CPU cycles to run Windows with AV, this can be safely ignored since the systems must be replaced regularly to remain in hardware support. There are many studies showing that TCO is lower for in support systems so please don't anyone argue that kids should still be using original Pentium systems because you can get spares on Ebay...

              1. This post has been deleted by a moderator

                1. Lusty

                  Re: ...spend “is not proportional to its effectiveness”

                  I'm not knocking the RPi at all, I was mentioning a well reasoned article about someone who works in a school explaining why they were not planning to buy them for their computing class. The answer if you read carefully is that there is no need to because what they have does everything and more. If they had nothing the answer may have been different but for the other computing classes they need a proper PC and so they have no need of the RPi.

              2. jason 7
                Thumb Up

                Re: ...spend “is not proportional to its effectiveness”

                It appears to me that some folks seem to think you can successfully support essential systems by the will of the "Linux Goodwill Support Foundation" alone.

                If that's the case can someone setup a database listing all these wonderful Linux experts that will offer the following to support such systems -

                1. Will offer 24 hour phone support.

                2. Will offer 24 hour remote support.

                3. Offer full SLA terms to the customer at the customers discretion.

                4. Will be on-site within 2 hours of call out.

                5. Offer 24 hour on-site support.

                6. Must have a smile on their face at all times.

                7. Must do this for no charge to the customer whatsoever (tea and biscuits provided at customers discretion)

                I'm sure such a database of individuals would turn the IT world upside down. Queueing round the block to get on it I bet.

                I look forward to exploi...making use of their talents at zero cost to myself.

                1. hollymcr

                  Re: ...spend “is not proportional to its effectiveness”

                  @jason 7: It appears to me that some folks seem to think you can successfully support essential systems by the will of the "Linux Goodwill Support Foundation" alone.

                  And there are those that make pretty daft comparisons. I mean, sure if you do genuinely get all of that support completely free for Windows then you might have a point, but do you?

                  For a school install, TCO *should* also include the cost of providing all students with a home installation of all software being used in the school. A colleague was recently shopping around for the cheapest way to buy MS Publisher because that was being used in school (because, like, if you want to get into publishing you're going to need MS Publisher on your CV, right?). The current "work out for yourself where PirateBay is" solution isn't helping anyone on the Anti Virus front.

                  When I was at school, I had access to a BBC B micro (and an RM 380Z). The only reason I'm in IT now is because those two pieces of hardware - and their respective operating systems - are obviously the most common ones found in today's workplace.... No, sorry, back in the real world we were taught to use tools not brands. Did it matter that my Casio calculator had buttons in different places from my schoolmate's Texas calculator? Yeah it made things slightly harder for the teacher, but it taught us how to use the damn things not just copy someone by rote. Because all those kids who learned on XP and Office 2003 (but only in school, because they couldn't afford a home licence) are really going to find Win8 and Office 2013 so much easier in the workplace than anyone who was taught general wordprocessing and spreadsheet skills on OpenOffice (and was able to work on them at home using the free install CD they were sent home from school with).

                  </soapbox>

                  1. jason 7
                    Facepalm

                    Re: ...spend “is not proportional to its effectiveness”

                    @holymcr

                    You missed my point entirely.

                    What I'm saying is as an IT manager or someone responsible for the upkeep can you really relax and sit back and trust your important systems to either -

                    A. A proper support company with full organised 24 hour support (onsite/remote etc.) proper SLAs, disaster recovery policy and turn around times that you pay £X a year for.

                    or

                    B. Terry and Jeff (lovely blokes) who popped round one weekend (working somewhere else Mon to Fri) as a favour to install it all for a couple of pizzas and a six pack of cola.

                    Its got nothing do with the operating system or the kit. It's about peace of mind knowing that support is available when you need it and not away on a rugby weekend when you need them.

                    Please feel free to sign up to the Linux Goodwill database however.

                2. Vic

                  Re: ...spend “is not proportional to its effectiveness”

                  > 1. Will offer 24 hour phone support.

                  I can do that.

                  > 2. Will offer 24 hour remote support.

                  I can do that.

                  > 3. Offer full SLA terms to the customer at the customers discretion.

                  I can do that.,

                  > 4. Will be on-site within 2 hours of call out.

                  I can do that.,

                  > 5. Offer 24 hour on-site support.

                  I can do that.,

                  > 6. Must have a smile on their face at all times.

                  I can do that.,

                  > 7. Must do this for no charge to the customer whatsoever (tea and biscuits provided at customers discretion)

                  But not that. And nor will you get it for any proprietary software either.

                  The thing with FOSS is that you get to choose the level of support you want. You want it free? It's there. You want it with an SLA? It's also there. But expecting someone to do a full-time job for you for no money is just silly.

                  Vic.

              3. Vic

                Re: ...spend “is not proportional to its effectiveness”

                > do you, or have you worked in a school environment?

                Yes.

                All of the problems mentioned earlier in the thread are actually pretty easy to solve. Unfortunately, you need buy-in from people who frequently just don't want to rock the boat, and won't OK the change even if you can prove it to be effective.

                There is but one technical problem I could not solve - SIMS. That could not work with FOSS last time I looked (and I doubt it's changed...)

                Vic.

            3. RICHTO
              Mushroom

              Re: ...spend “is not proportional to its effectiveness”

              Windows has a significantly lower TCO than Linux for pretty much everything other than web hosting...and that's rapidly closing the gap too....

          3. Mayhem

            Re: ...spend “is not proportional to its effectiveness”

            Danny, have you looked into applications like Deep Freeze?

            A colleague back home introduced that at his school and cut his system downtime by around 80%.

            Yes, the greasy little snots still like to break the cup holders and jam pencils in the fan inlets, but having the fix being as simple as a reset makes everything clean meant most of the malware or games they would install simply vanished.

            It also meant he could push out locked down images for exam situations, or IT teachers could use the "games image" when the class had been behaving well without compromising the systems.

          4. Anonymous Coward
            FAIL

            Re: ...spend “is not proportional to its effectiveness”

            @Dany14

            "Having an open Linux system would be tantamount to suicide from a tech point of view "

            You haven't a clue what you're talking about. Like most teachers.

            "Whilst open source is great in theory, it is only great if you have either lots of money to start with or lots of skilled staff"

            Yeah, I'm always happy when I know that the Windows network I've logged into is run by unskilled staff. That never goes wrong.

            My advice to you would be to get out of teaching before you do any more damage to the kids.

          5. RICHTO
            Mushroom

            Re: ...spend “is not proportional to its effectiveness”

            Good points - but just for the record as someone who hires plenty of staff - good Linux sys admins are actually on average cheaper than good Windows ones...There are lots of people with legacy unix skills floating around looking for a job, whereas Windows is much newer....

            1. Anonymous Coward
              Anonymous Coward

              Re: ...spend “is not proportional to its effectiveness”

              "There are lots of people with legacy unix skills floating around looking for a job, whereas Windows is much newer...."

              Let's see Windows 3 ~1990 - gives 22 years for a few to be trained.

              This is so laughable ! It's nearly as funny as the idea that you are responsible for hiring staff - or do you work at McDonalds ?

              1. RICHTO
                Mushroom

                Re: ...spend “is not proportional to its effectiveness”

                You want to be looking from NT3.5 which was the achitectural version of Windows that we really have now (i.e. hybrid microkernel) - so that would be from 1994 = 18 years.

                UNIX dates pubically from 1971. So over 40 years - bit of a difference!

          6. Wayne 5

            Re: ...spend “is not proportional to its effectiveness”

            Actually, I have solved that problem with a deployment of 7000 workstations and 7 IT staff. All Linux, and the users vary from Graphic Design to accountadroid 2.0.

            Our average salary is 115K in SoCal, which isn't a lot.

            It really is a matter of hiring and training the right folks. My previous employ was as a security guy at a Fortune 5 company. They had massive issues with non-standard deployments and configuration. They tried to solve the problem with more bureaucracy. They used the industry average of 10-15 firewalls per admin. When I left, we fired all of their staff after i hired competent folks who could script and template changes. They now avg 70 firewalls per person, and have failed on zero audit points. To be good requires competence, to suck is to hide behind a vendor. That same security group reduced their operating costs by 5 million USD per year by biting the bullet and paying hardcore geeks what they were worth, and thus needing fewer geeks to get the job done.

            1. Anonymous Coward
              Anonymous Coward

              Re: ...spend “is not proportional to its effectiveness”

              So how do you deal with Microsoft Office documents? How do your 'accountadroids' run standard commercial ERP tools that use Excel addins? Or you just accept that you can't work the way that 99% of companies do and will have all sorts of issues with Google docs, Libre office or whatever else you use? How does that integrate into your unified comms, email, voicemail, etc? What about BES? What about the 99% of other desktop corporate software that is aimed at windows?

              And 70 firewalls per person with 7 It staff?! across 7000 users? Sounds like you have a big achitecture problem...

              And regardless of how good your infrastructure is, it would take more than 7 IT staff just to provide a basic helpdesk service to 7000 users - even if they only had dumb terminals, so i smell bs here....

          7. JCitizen Bronze badge
            Linux

            Plus you got no idea how long the distribution...

            you happen to pick will be supported. Although the Linux kernel has been long lived, just how long it that going to hold. Even a highly paid Linux/Unix administrator may face the horror of having to upend the whole system, if an old favorite is dropped - and the new wave considered.

        2. Lusty

          Re: ...spend “is not proportional to its effectiveness”

          "back in the real world, why the hell is our government spending our tax on a poor operating system like Windows in schools?"

          Because in the real world, those kids will want a job when they leave school, and Windows has the market share to help them with that. I've never seen a job advert asking for OpenOffice skills, but many asking for Microsoft Office, Word, Excel skills. Linux is a fine OS and does some things very well indeed, but the lack of a licence cost does not make a system cost less than one with a licence cost.

          In the example of school systems, kids are evil and will actively try to destroy the computing environment for no better reason than that they want to. Windows has solutions (SIMPLE off the shelf solutions) available to allow school admins to lock out the actions kids may take to break the system. While these things are possible with Linux, they take far longer to implement and require more skill. As he said, they have hundreds of kids and 2 underpaid IT staff so Linux is simply not a realistic option. If you genuinely believe that Linux is in some way cheaper than Windows then I feel you may not have sufficient experience to make this sort of decision.

          I don't work for a school but I did set one up with 1500 pupils and can confirm that school computing is a completely different world to any other environment. Even banks are less cautious (I've worked in banks too) because bankers are less likely to purposefully put a virus, script, malware etc on the computer. Bankers also don't push pencils through screens "just to see what would happen".

          1. Jason Togneri
            Stop

            Re: ...spend “is not proportional to its effectiveness”

            "Because in the real world, those kids will want a job when they leave school, and Windows has the market share to help them with that. I've never seen a job advert asking for OpenOffice skills, but many asking for Microsoft Office, Word, Excel skills."

            Not true, unless you're taking the ad extremely literally. Asking for skill in "Word and Excel" is just lazy shorthand, what they really mean a lot of the time (and what used to be more common in job ads) is employees with skill in "word processing and spreadsheets". It's just the same as saying "skill at Googling" when they mean using search engines, or asking for a housemaid with skill at "using a Hoover" when any vacuum cleaner would do, because most if not all of the skills and knowledge, not counting specific UI familiarity which in Office has changed between pre- and post-Ribbon anyway, is entirely transferable.

            Harder to stride is the gap between a real desktop-based spreadsheet and Google Spreadsheet...

            1. Lusty

              Re: ...spend “is not proportional to its effectiveness”

              "Not true, unless you're taking the ad extremely literally. Asking for skill in "Word and Excel" is just lazy shorthand, what they really mean a lot of the time (and what used to be more common in job ads) is employees with skill in "word processing and spreadsheets"."

              If you get the list of CVs down to two candidates who are identical in every way but one has MS Word experience and the other has OpenOffice experience, and your company uses Word 2010 - you'll choose the one with MS Word experience. I get what you're saying, and anyone with real word processing skills can transfer them, but in reality people are ticking boxes. I work in a very Word heavy environment, and all of our staff probably had "Word skills" on their CV. My experience shows that not many of them even know how to use styles, let alone numbering or change tracking but the fact remains that "Microsoft Office" on a CV gets the CV past the HR team and to the person doing the hiring.

            2. A J Stiles
              Linux

              Re: ...spend “is not proportional to its effectiveness”

              Not only that; but the number of times I've seen a word processor document laid out using spaces for formatting, or caught someone using a calculator to add up figures and enter the total into a spreadsheet , suggests that people don't even really learn how to use the software they're given.

              As for spreadsheets used as databases; well, I lost count of the number of times I've seen that a long time ago. For crying out loud, people, you can't do a SELECT on a spreadsheet! (Well, you can use awk or grep -- or whatever the equivalent commands are called in Windows -- on a CSV file; but it's hardly the same thing.)

              It's rather like not putting petrol in a chainsaw, and then struggling to use it as a handsaw -- but nonetheless thinking that that is the proper way to do forestry management.

              1. I think so I am?
                Thumb Up

                Re: ...spend “is not proportional to its effectiveness”

                would can use both awk and grep on windows - UnxUtils

          2. This post has been deleted by a moderator

            1. Lusty

              Re: ...spend “is not proportional to its effectiveness”

              What do you have against Americans? And for that matter, which software would you have them run which is not American? Linus is a Finnish American so Linux is out. SuSe was German I believe, RedHat is American, Apple is Canadian I think (I've not looked these up so appologies for innacuracies). Ubuntu started by a South African.

              Outside of your bedroom, people require supported software so even when using Linux in business or schools the OS will still be paid for and money will "leave the country". That said, Microsoft have tens of thousands of staff in the UK and their partners have even more (I work for a partner and we bring more money IN to the country via MS deals than we see leave). I'm unaware of any major Linux company bringing any cash into the UK, although RedHat has a small partnership program here so I'm sure they bring some in (we are a RedHat partner but don't make much extra from it beyond licensing).

              1. Vic

                Re: ...spend “is not proportional to its effectiveness”

                > when using Linux in business or schools the OS will still be paid for and money will "leave the country".

                This is incorrect.

                The OS is available at zero cost. The charge in such an environment is for the support contract - and that can easily be provided by UK companies.

                > I'm unaware of any major Linux company bringing any cash into the UK

                Well, I don't know about "major", but I bring in cash from abroad. Almost all my work at the moment is for one of two large foreign players.

                Vic.

        3. This post has been deleted by its author

        4. Anonymous Coward
          Anonymous Coward

          Re: ...spend “is not proportional to its effectiveness”

          "It's a disgrace that our tax is being used to pay Microsoft to get our kids hooked on MS software. Even if you get discounts (first hit is free) it's still unforgivable."

          Primarily a BSD user @ work commenting here Eadon...

          Not that I disagree with the opinion that open source should be a strong consideration, but personally I think it's a disgrace that you believe that you have the right to dictate what my tax money should be spent on.

          But in retort, schools should not be using any single OS (Windows, Linux or whatever) - They should be preparing kids for the real world by teaching them from multiple OS's - as that's how the real world functions.

          Sorry, but I can never bring myself to trust evangelists and zealots - of any flavour.

        5. Anonymous Coward
          Anonymous Coward

          Re: ...spend “is not proportional to its effectiveness”

          It's a top down approach. The majority of the kids being taught are all too stupid to actually learn something from using LINUX and in fact they will just find it confusing when they get into the real world and their bosses - assuming they don't just end up working McJobs - want them to use MS Office, which incidentally rightly or wrongly is what the majority of the world uses.

          You have to appreciate that even the well educated, go out an buy Apple products ... hence it's safe to assume that the majority of people have no interest in learning about 'computers'.

          So if you want the schools to teach Linux and LIbre office, you've got to get it on the desktops of big business first.

    2. RICHTO
      Mushroom

      Re: ...spend “is not proportional to its effectiveness”

      What do you call a 'Secure OS'? For instance most Linux distributions have loads more vulnerabiities than Windows does, as does OS-X.

      1. This post has been deleted by a moderator

        1. Ken Hagan Gold badge

          Re: ...spend “is not proportional to its effectiveness”

          "Even then you fail, because the Windows vulnerabilities are far more critical."

          If you are running as a non-administrative user, Windows vulnerabilities are no more critical than Linux ones. I've been running as a non-adminsitrative user on Windows doe almost two decades now. It really isn't as hard as Microsoft make out. UAC was never necessary. Neither was AV software. Just do it right.

          1. Anonymous Coward
            Anonymous Coward

            Re: ...spend “is not proportional to its effectiveness”

            Although I disagree with the "AV isn't required" statement(*), you're 100% right that running Windows as non-admin is effective - but there are two snags (which, incidentally, are not limited to the Windows platform only).

            1 - users want to install something. This is the big bad hole of every OS - the trojan vector. Especially home users like to add software, and do not always take the required precautions. Give me 100 users and I'll show you 99 who just say yes to "this application wants admin rights, give it yes/no?", and 1 who thinks about it, then discovers he's late for lunch and answers "yes" too. It's only us techies who consider "hell no" as an option.

            2 - a gazillion programs are developed to not only install at admin level (i.e. for a full machine instead of in user space), but also RUN that way. Typically, they are developed by companies with dev people that live at admin level, and it makes a screaming mess of permissions if you try to pry that access right away. It's less and less of an issue, but it hasn't been fully eradicated yet.

            As for (*) - people that tell me they do not need anti-virus get one question from me: "how do you prove that?"..

            1. Tom 13

              Re: 2 - a gazillion programs

              Prime evidence exhibits:

              1. MS Visual Studio (any suite after VB6).

              2. Adobe CS Suite - which is actually worse than MS Visual Studio. Not only does it require an account that must be administrative level, then you have to Run As Administrative account on the damn thing.

              Yeah, I worked in a shop where we TRIED to lock it down to industry standards and abandoned it as a Sisyphean nightmare after we had to make changes for those applications.

              1. Field Marshal Von Krakenfart

                Re: 2 - a gazillion programs

                Prime evidence exhibits:

                1. MS Visual Studio (any suite after VB6).

                I had to read this twice, the first time I read it as 1. MS Visual Studio (any shite after VB6).

            2. RICHTO
              Mushroom

              Re: ...spend “is not proportional to its effectiveness”

              I remind you that the first and worst internet worm ever was on UNIX based systems....

              1. Chemist

                Re: ...spend “is not proportional to its effectiveness”

                "I remind you that the first and worst internet worm ever was on UNIX based systems.."

                I remind you that that was 1988 ( that's NINETEEN EIGHTY-EIGHT ) and probably the majority of connected computers were running UNIX

            3. Ken Hagan Gold badge

              Re: ...spend “is not proportional to its effectiveness”

              "people that tell me they do not need anti-virus get one question from me: "how do you prove that?""

              The same way that you prove that your anti-virus actually works.

          2. This post has been deleted by a moderator

            1. RICHTO
              Mushroom

              Re: ...spend “is not proportional to its effectiveness”

              Complete rubbish. There have been plenty of exploits in the Linux kernel. This is one of the reasons why you are so much more likely to be hacked if you run a Linux based internet facing server compared to a Windows one:

              http://www.zone-h.org/news/id/4737

        2. illiad

          Re: ...spend “is not proportional to its effectiveness”

          Eadon: Oh dear.. you don't seem to understand.. the term 'Linux distribution' is correct, AFAICS.. quite often shortened to just Linux..

          http://en.wikipedia.org/wiki/Linux <<- go on look at the link!!

          and do see the note there... :p

          "This article is about the operating system. For the kernel, see Linux kernel."

          Just like you can say 'MS OSes' to mean anything from DOS (yes, it IS still used.. ) through PC OSes and Mobile OSes...

          The problem is it is often installed to run as administrator, so the newbs who install it dont have a panic attack, and phone MS continuously because their stuff wont work properly in user mode!!

          this is how it is *sold* at most places.. If they at least load the PC with a good user account, it would be far safer, and devs would *have* to make sure their stuff works!!

          That is how Linux is normally installed at first, with big warnings if you venture toward the admin account..

          and unlike windows, there are many apps supplied as part of the install..

          1. This post has been deleted by a moderator

            1. Anonymous Coward
              Anonymous Coward

              Re: ...spend “is not proportional to its effectiveness”@Eadon 13:33

              I'm inclined to think you're lying about the kernel compilation thing, Eadon. Frankly you don't come across as someone who's used Linux for more than a year.

        3. RICHTO
          Mushroom

          Re: ...spend “is not proportional to its effectiveness”

          See the work by Jeff Jones. Even if you adjust a commercial enterprise Linux install to match the content of Windows, it will still have far more vulnerabilities that are on average more critical and on average take longer to get patched (more days at risk)....

      2. Anonymous Coward
        Anonymous Coward

        Re: ...spend “is not proportional to its effectiveness”

        For instance most Linux distributions have loads more vulnerabiities than Windows does, as does OS-X.

        Thanks for starting this year with a laugh. Be honest, do you believe that yourself? There is a reason why AV vendors removed the "OS" tag from their database of vulnerabilities - otherwise their clients would start to leave the most vulnerable platform in droves and their business would dry up. I actually work with vulnerability and malware researchers of 2 different vendors so I'm pretty close to the fire on this one.

        The sole and single reason where there is an anti-virus industry in the first place is because of Microsoft, and if you want any evidence of shoddy coding I suggest you watch what happens when you power up your Windows work machine after a week's break.

        No, I'm not advocating a switch to platform X, Y or Z - the devil you don't know means you can make mistakes there too, but being unrealistic about the security of Windows is a sure recipe for trouble. Having said that, Windows 7 was actually a bit better (no idea of 8 yet, too early).

        1. Thomas 4

          Re: ...spend “is not proportional to its effectiveness”

          Well, why not have both Linux and Windows in schools? That way kids an get experience with both OSes and encourages them to draw similarities between the two, which only help their understanding of how computers work?

          Crazy talk I know.

        2. heyrick Silver badge

          Re: ...spend “is not proportional to its effectiveness”

          "and if you want any evidence of shoddy coding I suggest you watch what happens when you power up your Windows work machine after a week's break."

          Go on, tell me, what happens. Because I'm pretty sure I went in, pushed the power button, and waited for the usual startup stuff to complete... nothing extraordinary, nothing blew up, the time was even correct. Wow.

          I've had my old XP machine come out of hiberate after EIGHT MONTHS with no unexpected effects. The only quirk was it fiddled the time zone for summer time, and a tooltip popped up to tell me of this.

          So, your point is?

          1. Anonymous Coward
            Anonymous Coward

            Re: ...spend “is not proportional to its effectiveness”

            I've had my old XP machine come out of hiberate after EIGHT MONTHS with no unexpected effects.

            Depending on your network link you may need to wait about 10 minutes or so before the first patch warnings start to appear. You will probably have set them to automatic so you're simply used to a beefy machine running a ZX Spectrum, but I monitor everything that flows through my network because of my work and boy oh boy, a cold started Windows box sure does a lot of catching up.

            Incidentally, you're right in that there are no UNexpected effects because the above is well known - and you know it..

      3. Anonymous Coward
        Anonymous Coward

        Re: ...spend “is not proportional to its effectiveness”

        RICHTO's question: "What do you call a 'Secure OS'?"

        Answer guidance:

        Windows: 0.25 points

        GNU/Linux: 0.5 points

        OpenBSD: 1 point

        Best general answer: OpenBSD ;)

        1. RICHTO
          Mushroom

          Re: ...spend “is not proportional to its effectiveness”

          Open BSD is a reasonable answer - it has a relatively low vulnerabiitiy count

          Linux isnt - it is much worse for vulnerabiities than Windows - and is a hackers dream on the internet...

    3. Anonymous Coward
      Anonymous Coward

      IMPERVA'S PRODUCTS ARE RUBBISH

      We installed Imperva's database auditing software agent on an SQL cluster and it promptly fell over. Pile of Junk. (Eventually we went for Quest Change Auditor which while not perfect, at least doesnt take out your server).

      1. David Cox
        Thumb Down

        Re: IMPERVA'S PRODUCTS ARE RUBBISH

        If you're going to slag someones product, then you should at least have the courage of your convictions and not go under "anonymous coward", if not actually citing some proof (!). Downvoted.

        1. Anonymous Coward
          Anonymous Coward

          Re: IMPERVA'S PRODUCTS ARE RUBBISH

          How would someone prove a server crashed? Sounds too believeable and specific to be made up imo....

    4. LarsG
      Meh

      Re: ...spend “is not proportional to its effectiveness”

      Just like in medicine, a human being can be innoculated against certain nasties because the virus is known and measures to deal with them are already in place.

      If a virus has mutated or something 'new' appears research is needed to develop the drug to deal with it.

      I have no idea what point the article is trying to make. Anti virus software will always be better at dealing with what is known, than what has not been discovered yet. As soon as it has been discovered Norton, Kaspersky etc get on the case and update their data bases accordingly.

      This protects us from the majority of the script kiddies, unfortunately some will get through every now and again until the 'cure' has been developed.

      These is nothing new in the Imperva research, sounds like it is scare mongering to further whatever they are offering to sell.

    5. Gordan

      Re: ...spend “is not proportional to its effectiveness”

      Does the "spend" include the extra cost in CPU requirements to get anything done with AV software running? I find that with on-access scanning enabled on an average CPU (2.4GHz Core2) doing things like installing software or windows updates takes 2-3x longer than it does without having it enabled.

      The AV vendors' solution to malware proliferation seems to be to create anti-malware products that consume all resources on the machine to the point where it is made unusable, presumably in order to impede the spreading of malware.

      1. Fred Flintstone Gold badge

        Re: ...spend “is not proportional to its effectiveness”

        The AV vendors' solution to malware proliferation seems to be to create anti-malware products that consume all resources on the machine to the point where it is made unusable, presumably in order to impede the spreading of malware.

        No, no, that's on smartphones. Do pay attention :)

    6. teebie

      Re: ...spend “is not proportional to its effectiveness”

      time is free now?

    7. gromm

      Re: ...spend “is not proportional to its effectiveness”

      Oh yeah. I took this approach for a while, and it worked too.

      Up until about 2006, that is. Around that time, viruses started getting spread by images in websites and other novel routes. You'll also notice that this was about the time when dual-core CPUs basically became *necessary* so that one CPU could do near-constant virus scanning, while the other did useful stuff.

      We live in a world now where "avoid scummy e-mail and websites" isn't enough protection. And I say this from my Linux workstation.

    8. Snake Silver badge
      Alert

      Re: ...spend “is not proportional to its effectiveness”

      If your "freeware AV software" is AVG Free, you got EXACTLY what you paid for. I'm SICK and TIRED of removing viruses from infected computers that are running AVG Free...

  2. djstardust

    The whole thing is a vast money making scam.

    I wouldn't be surprised if these large companies covertly pay people in Outer Mongolia to create viruses and malware to keep the gravy train going.

    I have never paid for AV and follow simple rules.

    1 - Avoid warez, porn and dodgy gaming sites

    2- Look for free alternatives. I have been running MSE and Spybot S&D for ages and only the odd bit of malware is ever found.

    3 - NEVER open an attachment you do not trust or know where it's come from.

    If you browse dodgy sites then by all means pay to block shit out, but if you are avoiding all the usual places then there's no need to pay at all.

    1. Oliver Mayes

      I've had warnings from avast about malware embedded in advertising links on reputable sites many times. It's not only 'bad' places that can become infected.

    2. Anonymous Coward
      Anonymous Coward

      @DJ

      Agreed.

      Even worse; sometimes the virus scanner can be an even bigger problem than the threat its supposed to stop. When I started doing more company stuff on my PC (self employed) I decided that since I liked Avast up to that point that I should simply show some support and apply for a one year subscription.

      And then it started; they introduced their "Internet security suite" and I got a free upgrade. It could scan my e-mail, web traffic, the system itself and all through separate engines. So far, so good. Since I don't use torrents / peer to peer stuff on this PC I could turn that down, messenger and such; same deal.

      However; I soon started noticing that whenever I did a global update on some in-house software (which basically opens 20 - 30 simultaneous network connections for a moment and passes a few kB's of data) then my PC would freeze. Completely. Only after a while it would become responsive again.

      You never guess what it was; Avast. And not even because it thought that I had some sort of virus; because their firewall was plain out crapware: it simply couldn't cope with a simultaneous 30 peer data stream, instead it sucked up all the resources it needed to cope.

      Right now I use MS security essentials, the PC gets a full scan every once in a week and that's the end of it.

      1. Anonymous Coward
        Anonymous Coward

        Re: @DJ

        Time and time again it's proven that any anti virus software is better than non at all, but paid for security outperforms free in every case. Strangely a recent anti-virus software test in a leading UK PC magazine found Microsoft essentials at the bottom of the pack. Other tests in other magazines confirm this.

        1. Mike 125

          Re: @DJ

          Ok, wow, so it seems the evidence is overwhelming. And you present it so well. Thank you.

        2. jason 7
          Holmes

          Re: @DJ

          @AC Re. recent AV tests and MSE

          I've found it quite interesting that for quite some time MSE always tested really well and was always recommended.

          However, now that it's been reconfigured into Windows 8 as Defender as standard (which basically means you dont have to buy Kaspersky/Norton/McAfee etc. etc. anymore). We are getting a raft of 'independent' reports stating its not very good.

          Coincidence?

    3. Anonymous Coward
      Anonymous Coward

      Hmmmmm....

      Although I admire your common sense stardust (yes, a thumbs up will be on its way), unfortunately lots of people choose not to follow it. The amount of student laptops I saw whilst working at a school in my first proper IT job came in with a whole host of viruses, malware and spyware. The other issue was netbooks being too slow to even host Windows XP/7 and caused AV that was planted on there by recommendation of "PC World" to make it extreme sluggish. We're also still at a stage where parents of primary/secondary school kids are still out of touch with computers and cannot education their children on how to use the internet properly. Just pure carelessness because there's a lack of understand of what's out there on the web. And the kids in the know always encouraged torrent's and illegal downloads with other students who weren't in know.

      This comes back to the education system in the UK being clueless and will refuse to update the sylabus to teach these sort of common sense skills (along with word processing, spreadsheets and other stuff businesses want). So how on earth will our future generations know what a good site and bad site is? AV vendors will keep winning easy money until people are properly educated about common sense IT skills and the web in general.

  3. nuked
    Holmes

    Wait, so AV doesn't work?

    1. Anonymous Coward
      Anonymous Coward

      It works if the virus is known about, if it's new then it's not going to get detected. The virus scanners look for specific patterns in files, not recognise bad behaviour.

      1. nuked

        Set sarcasm receptors to 'on' would you

    2. This post has been deleted by a moderator

  4. koolholio
    Stop

    The reality is all too real

    However there are some, such as boot sector infections which stem from simple injections, which were made for linux and mac OSX and also android etc?

    So usually knowing how to configure the antivirus/security package (given theres a difference) and also how to configure / deploy the network and application infrastructures with it, usually works best, given that not even unix is 'invincible'?

    To think that windows is the only vulnerable system is naive, in this Univeral Plug and Play world!

    It's clear to see the "report" heavily promotes mcafee as 'the most robust' --- pfft, okay! whatever you say lol

    1. Ole Juul

      Re: The reality is all too real

      To think that windows is the only vulnerable system is naive, in this Univeral Plug and Play world!

      You might well be totally correct. I'm always into learning. Since I have a box here where it wouldn't matter, would you be so kind as to post a link that I could click on with a NIX system and get a virus? That would really help me learn about this situation and I'd really appreciate it. Thanks.

      1. RICHTO
        Mushroom

        Re: The reality is all too real

        Web site to root a UNIX based system just by visiting a URL - here you go:

        http://www.jailbreakme.com/

        Here is another:

        http://unrevoked.com/

        1. This post has been deleted by a moderator

          1. Danny 14 Silver badge
            Stop

            Re: The reality is all too real

            http://www.theregister.co.uk/2012/11/21/powerful_linux_rootkit/

            That doesn't look too friendly.

            1. Anonymous Coward
              Anonymous Coward

              Re: That doesn't look too friendly.

              If you actually read the comments of that link you would see that it is not something that would touch 99.9% of users, and to get affected by it you'd have to be incredibly stupid. Not on a par with the standard Windows vulns

            2. Peter Gathercole Silver badge

              Re: The reality is all too real @Danny 14

              Read and comprehend the article you point to.

              It is talking about what the rootkit does once it is installed, and you are right, it does look quite sophisticated, and unpleasant.

              But there is nothing in the article about how the rootkit gets onto the server, and this is where the strength of the OS security model comes into play.

              As long as an OS has some privileged mode that allows the OS to be changed, it can be compromised. This is true about all currently deployed OSs around at the moment, and is necessary in order to be able to install patches. If you look at it from another angle, there is little difference between a rootkit and an OS patch, apart from the fact that one is supposed to improve the system, and the other is not.

              If you were to look at compromised Linux systems, and work out how they were compromised, I'm certain that most of them will have been initially infected as a result of a human error rather than a deficiency in OS security. You know, something like an administrator using the same password or SSH key for multiple accounts, or having trusts set up from untrusted to trusted systems. And I also think that I am on safe ground in saying that it you were to look at the ratio of compromised systems to total number of systems of a certain type, Windows would show as having a higher rate of infection than Linux.

              It is true that Windows AV solutions are able to detect rootkits and other persistent infections once they are present, but this article is talking about zero day detection rates. I would much prefer to use a system that is less vulnerable but which had poorer detection tools, than one that let malware in but detected most of it sometime after the infection.

              It should be seen as axiomatic that AV software is a market that only exists because of poor OS security in the past. There is no market for Linux or OSX AV because there is no history of significant infections on those platforms. If there were, there would be creditable AV solutions for them.

              What the AV software vendors have to accept is that in an ideal world, their comfortable little niche should disappear as OS security gets tighter. This is currently why they need to spread FUD in order to protect their income stream, and the tone of some of the comments here add to this.

              1. RICHTO
                Mushroom

                Re: The reality is all too real @Danny 14

                Well you are wrong then, most Linux exploits are via OS vulnerabilities: http://www.zone-h.org/news/id/4737

                1. Peter Gathercole Silver badge

                  Re: The reality is all too real @Danny 14 @RICHTO

                  I say again, this time to RICHTO. Read the article you link to.

                  This statistic is for defaced websites, not OS vulnerabilities. If you don't know the difference, then you should probably not be taking part in these discussions.

                  I'm also not sure about the data from Zone-H. The stats you point to are for 2010, and looking at the dates on the news pages (latest, September 2012, total news items posted in 2012, 2, total posted in 2011, 5), it looks like it is a site in decline.

                  1. RICHTO
                    Mushroom

                    Re: The reality is all too real @Danny 14 @RICHTO

                    Try reading the page that i linked to - and you will note that the exploit methods are discussed in some detail.

                    Everything i have found indicates that the gap is only widening in the last 2 years and that exploits of Windows servers are becoming ever rarer, whereas Linux is staying pretty much the same...

                    Link to more recent data then if you have any? I would be interested in any material with actual analysis of attacks.

                    1. RICHTO
                      Mushroom

                      Re: The reality is all too real @Danny 14 @RICHTO

                      Oh, and if you want some actual per OS exploit counts, try

                      http://secunia.com/advisories/product/12192/

                      and

                      http://secunia.com/advisories/product/18255/

                      (similar aged 'mature' server products)

            3. This post has been deleted by its author

            4. Anonymous Coward
              Anonymous Coward

              Thanks all the same, but you can keep yer penguins ;)

              "That doesn't look too friendly."

              Nothing is perfect.

              Linux | Windows | BSD

              Oh, look BSD trumps... yet again. Happy days!

              Every time someone says 'Linux' I'm gonna say, "Pah! BSD" ;p

          2. Anonymous Coward
            Anonymous Coward

            Re: The reality is all too real

            Please point me at a Jailbreak for Windows Phone 8? Or Windows RT?

        2. Anonymous Coward
          Anonymous Coward

          Re: Web site to root a UNIX based system just by visiting a URL

          Well they didn't "root" my system just by visiting those URLs. Back under your bridge TROLL

          1. Anonymous Coward
            Anonymous Coward

            Re: Web site to root a UNIX based system just by visiting a URL

            Well they didn't "root" my system just by visiting those URLs. Back under your bridge TROLL

            And you would know this how? :)

            1. Anonymous Coward
              Anonymous Coward

              Re: And you would know this how

              Errmm by looking at the source of the webpage, by viewing portmap info, by viewing my router log. I could go on but then it must be over your head. So no, those pages don't "root any *nix operating system". They simply provide tools to do so when you choose to employ them.

        3. Chemist

          Re: The reality is all too real

          @RICHTO

          "Web site to root a UNIX based system just by visiting a URL - here you go:"

          I see the usual abysmal quality of your 'information' hasn't improved with the new year - what a load of FUD

          1. RICHTO
            Mushroom

            Re: The reality is all too real

            Im not clear how that is FUD - the first link will root unpatched IOS based systems - which is based on BSD UNIX - and and the second will root unpatched Android systems - which is based on Linux.

            1. Chemist

              Re: The reality is all too real

              @RICHTO

              "Im not clear how that is FUD"

              Gosh, I thought you'd know !

              Just visiting the link doesn't root the phone - you have to get involved -there's even a link for donations for goodness sake.

              This no more roots an OS than me deciding to put a different Linux distro on a computer as far as I'm concerned.

            2. Peter Gathercole Silver badge

              Re: The reality is all too real @RICHTO

              WRT the FUD claim and the links to URLs that you claim will affect iOS and Android.

              Question. Do you understand the application deployment model in either iOS or Android?

              In both cases, the way applications run is handled by a layer ABOVE the OS. So when you talk about it 'rooting' the OS, that is almost certainly not the correct terminology. Rooting by definition means getting access to the root account on UNIX-like OSs.

              What has been compromised here is the application framework, *NOT* the underlying OS. In both cases, the underlying OS will be untouched. In terms of what a user sees, the result may appear to be superficially the same, but if you are going to make such claims, it is vitally important that you understand what you are talking about. Anything else is FUD, especially if you are spreading fear as a result of your uncertainty and doubt.

              These specific issues are rather analogous to a Facebook application or account being hacked or a vulnerability in IE or other browser, while the underlying OS, whatever that is, remains untouched (unless, you run the browser from an admin account of course, in which case all bets are off).

              This one of the historical differences between UNIX based OSs and Windows. Unless you take specific actions, you will *NOT* be running applications as a privileged user on UNIX, BSD or Linux. This was not the case on Windows before Vista, where many people's normal accounts had full Administrator privilege. This has changed, for which I say Hurray! but it took a long time for MS to recognise this (although NT was designed with a good security model from the ground up, even though it was rarely used to full potential).

  5. Anonymous Coward
    Anonymous Coward

    It's about time OS defence techniques were tightly integrated into the OS.

    1. The Vociferous Time Waster
      Trollface

      Oh go on, I'll feed em...

      Hard to resist the idiocy of the comments here.

      1) Viruses for Linux are fewer in number because linux users are fewer in number, where's the incentive.

      2) Tightly integrating malware protection into the OS is something MS are trying to do but there is massive resistance from the software devs. A trusted platform methodology would never fly with the FOSS brigade because they want to run what they want when they want with no protection.

      1. Destroy All Monsters Silver badge

        Re: Oh go on, I'll feed em...

        > Hard to resist the idiocy of the comments here.

        Well, thank you for really adding to it.

      2. snarf
        Holmes

        Re: Oh go on, I'll feed em...

        Yeah, because the FOSS brigade are exactly who dictate the direction of Microsoft's security policy...

        I've misappropriated the Sherlock icon, as I'll have some of what you're smoking, cheers.

      3. Jason Togneri
        FAIL

        Re: Oh go on, I'll feed em...

        "2) Tightly integrating malware protection into the OS is something MS are trying to do but there is massive resistance from the software devs"

        No, it's not the software devs and certainly not the FOSS lunatic fringe. It's the core userbase, who are used to having it easy (at the expense of security). MS made a botched attempt at locking down root with Vista's invasive UAC, and finally got it right in Windows 7's more subtle UAC. Remember, this is a feature that *nix users take for granted, not running with superuser rights without specific necessity to do so. But suddenly it's an annoyance that Windows users, installing from day 1 with Administrator accounts, never had to get used to. It's as much in the end-users' resistance to change as anything else. I'm by no means a Microsoft fanboi, but you can't say they aren't at least trying, and it isn't all their fault.

        Additionally, I do use Microsoft Security Essentials on many of my Windows machines - it's lightweight, relatively effective, and does pretty well when partnered with a competent hardware firewall. However, although I agree with other posters that making security more an integral part of the OS is an essential goal, how many anti-trust suits do you think the AV market and the anti-MS brigade will bring if Microsoft started bundling their AV solution with their OS? It would be the IE browser wars all over again, but this time in a bad way. Choice is fine, but not at the expense of security.

        1. Fuzz

          Re: Oh go on, I'll feed em...

          "...how many anti-trust suits do you think the AV market and the anti-MS brigade will bring if Microsoft started bundling their AV solution with their OS?"

          Don't tell anyone else but they're doing this already and so far no one is kicking up a fuss. Windows 8 has a new version of Windows defender that includes the functionality from MSE.

      4. This post has been deleted by a moderator

        1. This post has been deleted by its author

        2. RICHTO
          Mushroom

          Re: Oh go on, I'll feed em...

          Since when does linux not let externally sourced code execute - I have no problems runing downloaded binaries on a Linux box.

          Actually in terms of identifying downoaded files and the appication security model such as ap signing ands app locker, Windows is a long way ahead of the Linux model.

          Remote exploits are actually more common on Linux than windows - you have a higer number of critical vulnerabilities that take on average lobnger ot be patched (more days at risk).

          Linux is far less safe than Windows as a webserver - the hacking figures prove it: http://www.zone-h.org/news/id/4737

          There have been plenty of worms that exploit the 'most of the web' that runs on Linux.

          1. Chemist

            Re: Oh go on, I'll feed em...

            @RICHTO

            "Since when does linux not let externally sourced code execute"

            Let's see - browse to a page with link to a Linux executable - click on link - need to download then make executable and then run

            Let's try a shell script link -oh, it still doesn't let it run automatically.

            Mind your browser may be set-up in a less-secure manner.

          2. Anonymous Coward
            Anonymous Coward

            Re: Oh go on, I'll feed em...

            @RICHTO

            Why do I start to get the impression that your Linux opinion is based on a serious lack of expertise? You can bork any OS if you're incompetent and don't patch properly..

            1. RICHTO
              Mushroom

              Re: Oh go on, I'll feed em...

              Just look at the Linux based wesite exploit statistics above. Its 3-4 times as great as Windows based servers even allowing for market share. And those are all systems where the exploit is unlikely to be due to user interaction (i.e. the exploit used must have been a true remote exploit).

              And if you look at the security vulnerabilities for comercial Linux distributions (even when package adjusted to match Windows Server) they have much higher vulnerability counts than Windows. I suspect that these two facts are not unrelated. (Microsoft OSs have had fewer vulnerabilities than the major commercial Linux distributions every year since 2003 - which is a year after Bill Gates set security as the #1 priority)

              imo there are likely just as many set it and forget it Windows users as Linux users - if not more - so whilst agreeing that you can bork any OS - i dont see the point you are making?. Or are you claiming Linux is less secure than Windows by default and expert knowledge is required to make it not so?

              I have a good basic knowledge of Linux and can certainly use it, but if I had to take the risk of deploying Linux in an internet facing environment, I would get a reduce feature set build deployed, have it locked down by an expert admin and make sure it was protected by an IDS and use tripwire, etc.. I make it a priority to retire such systems where possible as the basis that they are far more likely to be attacked and compromised all other things being equal.

      5. jonathanb Silver badge

        Re: Oh go on, I'll feed em...

        On internet facing servers, the number of linux machines is around the same or a bit higher than the number of windows machines. If you are a botnet operator, those sorts of machines are much more valuable than desktops.

    2. This post has been deleted by a moderator

  6. Magani
    Alert

    Let's face it...

    ...it's hardly surprising that AV publishers want to sew a little FUD around the place from time to time.

    The balance lies in knowing what's a real threat and what's just smoke and mirrors. I suspect most El Registas know the difference and can make up their own minds about the right course of action for themselves.

    The real problem arises when Joe Public/Auntie Myrtle/Your brother-in-law clicks on a dodgy web page or opens the You've-won-a-squillion-dollars email and wonders why their PC has turned into an IT version of Typhoid Mary.

    The AV industry probably protects at least some of them from themselves. The rest are a profit centre for home visit, fix-your-PC types.

  7. Mage Silver badge

    Educate the User

    occasional use of Silent Runners (Windows) and Root Kit Detection etc to check the education.

    Almost all infections in my experience of cleaning others messes are self inflicted. Mindless opening of mindless attachments or stupid installs. Mindless clinking on "OK".

    1. Anonymous Coward
      Anonymous Coward

      Re: Educate the User

      That's not always the case though, which is why it winds me up when people say "just don't visit dodgy websites'. Non-dodgy websites can still be compromised, for example Lenovo's website has infected visitors with trojans in the past, a couple of days ago it was the Council on Foreign Relations, I've even seen a live ebay listing in the motors and vehicles section compromised by overlaying on top of the original listing.

      I know a lot of people don't help themselves, but others shouldn't be under any illusions that they're above it all just because they don't open email attachments or visit 'dodgy' sites (whichever ones they are).

    2. Tom 35

      Re: Educate the User

      Not all are self inflected, but when you see a user with 3 or more toolbars on IE there is a good chance that running Malwarebytes will find something nasty as well.

      1. Dave Bell

        Re: Educate the User

        That's apart from IE?

        It doesn't help anyone that some corporate applications depend on notoriously old and insecure versions of IE.

        Thing is, a single defence method is never going to be reliable. Avoiding the dodgy sites doesn't avoid infected sites. An AV scanner will never detect everything. There are ways to subvert firewalls. No OS is free of exploitable bugs, even if it is designed to be secure. But using several of these techniques makes it much harder for the virus/malware writer.

        So the average Resgistard may not be as safe as he thinks. And the UI of Windows 7 does rather tend to encourage people to click on "OK", because you get the same dire warning for so many different things. I have not used a modern Mac, but I would be unsurprised if it had the same problem. My AV software does go for a spectacularly different pop-up warning box. Multiple layers of defence, again.

        Remember, moats don't stop alligators.

        1. Danny 14 Silver badge

          Re: Educate the User

          poisoned adverts have appeared on many "normal" sites before now. Granted these tend to use "less than zero day exploits" or toolkits so should be detected with AV

  8. Anonymous Coward
    Anonymous Coward

    Google: Symantec Sucks (top hit)

    So-called cure is *literally* worse than the disease.

    MS-SE seems tolerable.

  9. Benjamin 4

    I'll stick with using an AV suite ta very much. I've used unprotected machines, admittedly back in the dark days of XP / IE6 so maybe things have moved on, but they were riddled with viri very quickly. (I use viri as a generic term for viruses, worms , trojans, adwere, spyware, whatever else the latest term de joure is)

    I use Eset Small Business Security, cost something Like £15-20 per machine per year which seems a worthwhile investment and I've never had a virus slip past it. Maybe I'm lucky, maybe I'm not the target of this report, but for the money it costs me I'll stick with it.

    1. jake Silver badge

      @Benjamin 4: "viri" is incorrect Latin.

      In English, it translates more properly to "viruses".

      The correct term for what you describe as "viri" is "malware", short for "malevolent software".

  10. Steve Crook

    Better than nothing at all...

    So, what they're really talking about is the so-called Heuristic scanning that's supposed to nip infection in the bud, and the responsiveness of the vendors to update signatures when a virus is found. Everything else works pretty well by the sound of it...

    Given some of the problems we've seen with rouge scanner updates trashing legitimate OS components, I'd rather they took a little time to do the testing to make sure it's not going to brick my OS. I try to be careful in what and where I visit, so I hope there's not too large a window of opportunity.

    As for the heuristic rubbish, did anyone really believe that worked in anything but the simplest cases?

  11. Gary F

    Blame staff for infections more than poor value AV software

    If you're going to get a virus infection then it's most likely to be one of the more common viruses. Therefore any anti-virus program is going to be reasonably effective on average in terms of protecting you. Any brand new virus can take time for AV software to receive an update to detect and resolve the infection; there will always be casualties to begin with, much like any human viral outbreak. Sad but true.

    I have used AVG Free for well over a decade on many personal PCs and it's been fantastic, and certainly lets machines run smoother than the more bloaty and costly products. I pay for AVG for use on servers and it's very cheap so the value is excellent. (No infections in 6 years)

    In my view enterprises should spend less on AV licences and more on implementing and policing better IT security policies for staff. Most infections are down to the ignorance or risk taking of staff - which can be avoided if staff were better trained on the subject and IT was better policed (physical and network). That sounds a bit draconian but what do you expect if staff bring in files on a USB stick to print off on the office printer, or download executable files at work, or open emails that most of us would find suspecious, or access Facebook (clicking on links), etc. This stuff should be done on computers at home or personal smartphones.

    When I was younger I hated these sort of rules and I was a risk taker. But 15 years on I'm more experienced and have bigger responsibilities so this "draconian" approach helps safeguard the business, jobs and reputation. Damn, I sound l like my old boss. I'll be wearing the same sort of clothes as my dad soon too probably.

    1. RICHTO
      Mushroom

      Re: Blame staff for infections more than poor value AV software

      In an enterprise, you need more than just 'Free AV' - you need to be sure that your devices have up to date AV software and definiation - and you need to be able to report on exceptions. You also need central control of AV policies and exceptions. If there is a free product that does this well, then I havnt found it yet.

      Also many vendor enterprise AV solutions are part of a suite that includes full endpoint control (e.g. access control to CDs, USB, etc, and control of encryption on portable media, configurable IPS and firewall, etc, etc.)

      1. Danny 14 Silver badge
        Go

        Re: Blame staff for infections more than poor value AV software

        indeed. Lockdown of installation rights to stop drive by installers (rather than injection) also helps. Central web filtering to minimise exposure to known naughty websites etc. Fairly common sense stuff for enterprise.

  12. This post has been deleted by its author

  13. MrT

    "Interestingly

    ... the study revealed that virus writers** improve their chance of evading detection by keeping a low profile."

    **Also works for spies, tax evaders, love cheats, burglars, Santa, stealth bombers, the Higgs boson, etc, etc, etc.

    The DotBO is sponsoring some cracking studies lately...

  14. Allan George Dyer Silver badge

    Flawed study?

    Full disclosure: I sell anti-virus software and do a little research on viruses and related security areas.

    I was surprised at the small sample set Imperva used - just 82 samples, collected from honey pots, google and hacker forums. Can this really reflect on effectiveness against the millions of malware samples known to exist?

    In comparison, AV-Test uses two test sets in its Protection tests:

    * All malicious files they discovered in the last 6 - 8 weeks: around 100,000 – 150,000 files.

    * Extremely widespread malicious files they discovered in the last 6 – 8 weeks: around 2,000 – 2,500 files.

    Looking at the full study, there is another surprise - Imperva do not do their own testing, they threw the samples at VirusTotal. VirusTotal is a useful website, but they are quite explicit that it is unsuitable for product testing. Imperva takes the short form of VirusTotal's advice, "not designed as a tool to perform antivirus comparative analyses", and counter it in their 'Limitations' section saying that they are not doing a comparison. They ignore the longer advice, that details why VirusTotal is unsuitable for both comparative and effectiveness testing.

    Anti-virus testing is notoriously difficult, and competent researchers put a lot of work into making sure they use methodologies that will produce relevant, reliable results. Did Imperva?

    1. Dr. Vesselin Bontchev
      Boffin

      Re: Flawed study?

      Excellent points, Alan! (Hi there, BTW. Long time, no see. Yes, I'm still alive.) Here are a few more:

      1) If Imperva are selling a security product, then it is highly unethical for them to test (or even comment on the quality of) other people's security products. They are obviously biased. As the following points demonstrate, they are incompetent, as well.

      2) They don't seem to distinguish between viruses and malware in general. Most of what they have used in the tests were not viruses but various kinds of Trojans. Trojans don't "spread"; only viruses are able to replicate themselves. It is because of this lack of self-replication that the spread is low and the AV vendors haven't got samples or got around to implementing detection of them. With thousands of new malware variants appearing every day, the AV vendors are forced to concentrate on handling the more widespread threats first.

      3) They don't seem to understand how AV works. There are two main kinds of AV solutions - malware-specific ones and generic ones. The malware-specific ones (commonly known as "scanners") is what most people think of when they talk about AV products. As their name suggests, such products detect KNOWN malware - known to their producers, that is. If it is not known to them, they won't detect it. Revealing the "troubling" fact that such products are not very good at detecting unknown malware is like saying that a screwdriver isn't a very efficient tool for nailing nails. It's true, but it is a completely pointless statement and only reveals the incompetence of the person saying it.

      The generic AV products (of which there various kinds - heuristic analyzers, behavior blockers, integrity checkers, etc.) try to detect malware not known to them by using some generic knowledge about its structure or behavior (like "if an executable file tries to modify another executable file, this is suspicious" or "if a set of executable files have one and the same code at the end and this code receives control when the file is executed, then they might be infected"). Unfortunately, it is mathematically provable that it is impossible to detect all possible viruses without causing false positives. (The proof is constructive - i.e., if you claim to have an algorithm that does it, the proof shows how to construct a virus for which the algorithm will fail.) In the above examples, the "executable modifying other executables" could be a compiler or a linker, and the files having common executable code at the end might be compressed and executing the decompressor at runtime. So, most AV products of the generic kind try to strike some kind of balance between detection and false positives.

      Most AV packages nowadays try to combine products of both kinds. However, VirusTotal uses only the known-malware scanner part of them. Testing it with unknown malware is simply wrong.

      Finally, even if Imperva's claim were true (which, I contend, it is not), would you rather use something that gives you a 5% chance of protection or nothing at all?

  15. Anonymous Coward
    Stop

    You can get working hueristics-based IT security products

    Yes, a strict AV product is not going to work against a zero-day virus attack, because there is no signature. However, most AV products now have embedded features like heuristics to help steer you away from phishing sites and identify processes that are trying to perform suspicious changes or unauthorized traffic within your system.

    Chucking AV (which protects you from known-viruses/worms/etc.) is pretty irresponsible, considering the "installed base" of malware that can infect your systems. And AV firms do make a major investment in honey-pot and sensor-based detection networks to make sure that unknown malware doesn't stay unknown for very long.

    And who wants to put their job on the line by going in front of company management and saying "Yeah, really sorry about the worm that infected our storage, but Imperva notified me that we didn't need to spend on AV anymore".

    1. jake Silver badge

      ::heh:: memories ... Re: You can get working hueristics-based IT security products

      "And who wants to put their job on the line by going in front of company management and saying "Yeah, really sorry about the worm that infected our storage, but Imperva notified me that we didn't need to spend on AV anymore"."

      In 1988, the Morris Worm affected the Sun3 systems at work. It did NOT affect my personal DEC system under Bryant Street in Palo Alto. Why not? Because I didn't really trust remotely available software being made available to all and sundry, and had all that stuff turned off on the internet-facing gear. In modern terminology, I was using the DEC kit as an early version of what we now would call a "stateful firewall" (behind it was an AT&T PC7300 "UNIX PC", running the actual server code).

      I had warned my company of the potential vulnerability. TCP/IP wasn't perfect, was still a research platform, and those of us in the trenches knew it (the same applies today, BTW!). I got to say "I told you so!" to the Board. It was fun to see the red faces of the VPs, & watch 'em wriggle ... the big grins from my Boss (the Senior Member of the Technical Staff), and from the CEO (who was the tech who started the company) were just gravy ...

      I got a largish raise and larger packet of stock options for proving to management that I really did know what I was doing, a good reputation in my chosen field ... and was allowed to keep the pilot-build Dual-Pedestal Sun 3/470 "Pegasus" that I was testing, complete with source, from a grateful Sun Microsystems for cleaning up their Internet facing gear.

      The Sun replaced the DEC kit under Bryant Street two years later. She's still there, happily supervising the friends&family private network in what is probably the world's oldest colo :-)

      1. This post has been deleted by its author

        1. jake Silver badge

          Re: ::heh:: memories ... You can get working hueristics-based IT security products

          Uh, no, AC. The Morris Worm exploited holes in the network code itself. It had no need of 1d10t wetware to assist in propagation.

  16. This post has been deleted by a moderator

    1. RyokuMas Silver badge
      Facepalm

      Re: Use a non-windows system and be completely safe from viruses

      Oh my god. This is probably the most stupid thing I've ever read, I mean seriously? Did a Microsoft employee run over your cat or something?

      First off - there is only one way to completely secure your system, and that's unplug it from your network and never install anything on it.

      Second - greed is a motivator. The larger audience share a system has, the more appealing it is as a target, and the more effort will be put into finding an exploit to work round whatever security it has. I'll agree that Windows has lousy security, but the fact remains it has the lion's share of the desktop market, and thus is the biggest target. Same with Android in the mobile market.

      The attitude of "I don't use Windows, therefore I'm okay" like a child sitting in a corner with their eyes shut, their ears covered and screaming "I don't wanna!" Personally, I'd like to see non-Windows systems starting to get a bigger slice of the desktop action, but it's obvious that if this happens, they are going to be targetted.

      And for the record, the only machine I've ever had a virus on on was my Atari ST, circa 1992, spread by bootsector from a dodgy PD disk. A sense of caution about what I install/download/open and maintaining AV software has yet to let me down on my Windows box.

      1. This post has been deleted by a moderator

  17. SoulSherpa

    Shocking.

    A company that sells non-"anti-virus" computer security kit performs a study that concludes "anti-virus" products are rubbish.

    So, so shocking.

  18. Anonymous Coward
    Anonymous Coward

    I think it's a bit like driving: act reckless for long enough and you will crash, it's just a matter of time. With that said being as careful as you like doesn't mean you won't crash.

    Also, I thought a fair few of these guys now do this 'keep you safe while shopping or banking' lark as well as firewalling, anti-spam etc. Do we know how good any of that stuff is? I see the AV side get talked and bashed and all that but I rarely see those bits mentioned.

    And why the hell am I posting comments at 2am...

  19. jason 7
    Thumb Up

    Folks, give EMET3.0 a try.

    It's designed to mitigate the unknowns by forcing all apps (or those that you choose) to run with DEP/ASLR and SEHOP. It acts as an extra defence along side your current AV.

    Anything nasty or unknown just gets stopped dead in its tracks and you get informed as to why.

    Been using it with MSE for several months now and I install it on all new machines I rollout with the 'All' apps profile (stored in the EMET file in Program Files) at maximum settings. I then add in any other .EXE files that may go near the web.

    http://blogs.technet.com/b/srd/archive/2012/05/15/introducing-emet-v3.aspx

    http://www.microsoft.com/en-us/download/details.aspx?id=29851

    http://www.rationallyparanoid.com/articles/microsoft-emet-3.html

  20. crayon

    'Bankers also don't push pencils through screens "just to see what would happen".'

    Of course, they are too busy crashing the economy and see who'll pick up the pieces.

    "Tightly integrating malware protection into the OS is something MS are trying to do"

    I read that as "Tightly integrating malware into the OS", which is something MS has been doing since forever.

  21. Andrew Moore

    Where's Sophos???

    Oh, that's right Sophos probably don't qualify because they now do 'Endpoint Security' rather than 'Anti Virus' products.

  22. John Robson Silver badge

    Whitelist...

    Why do we still try to blacklist?

    Surely we can use some ditributed system (DNSSEC maybe) to allow for companies (large and small) to distribute md5 checksums for "approved" releases.

    1. Jerren
      Thumb Up

      Re: Whitelist...

      @ John Beat me to it... ;-)

      Black list and Heuristic Algorithms are great for catching stuff you already know about and they will catch what they know and a few things they shouldn't based on the patterns that have already been established. As a pen tester I can say none of the exploits I have used (ahem only with signed authorization or on my own boxes that is..) have ever tripped off an AV client, there are plenty of repackagers that are way too easy to use out there not to mention toolkits like SET that will do it for you from a menu option.

      It dosn't mean they are worthless or you can safely surf naked (e.g. running with no AV/firewall) it just is what it is, a filter to catch know bad stuff. Think of it as getting a flu shot, it works against the bugs you predict you'll be exposed to but not everything that makes you sick.

      White listing is a great solution, and I personally think it IS the best one, basically it only allows you to run what the system admins have "pre-blessed" is ok to run on your system. It works, it works very well when implemented properly....

      Which is the problem. Most companies who sell white listing applications out there do not tell you the effort involved in maintaining that white-list. One security researcher I know once commented a corporation will need to hire 4 times the number of staff needed to run a proper AV and patch management implementation in the same environment. I mention patch management since that now has to be tied into the process since the patches themselves need to pass though the white-listing process as well, which can add delays in implementing patches which may cause friction for management who have been pushing for ever shortening patch cycles, of course white listing actually prevents the risks driving these demands in the first place it typically comes up in the discussion.

      The other issue I see most commonly is delays or frustration due to over-complex white listing processes for new applications can cause users to rebel against corporate systems and you will see a surge in BYOD (Bring Your Own Device) or copying data to portable storage to use on personal laptops outside of the company's control. USB sticks get lost, personal laptops get hacked or stolen, it can be a nightmare if you do not have controls in place to enforce policies against it.

      When all's said and done, a properly funded, managed, and implemented white-listing program offers the best defense against all exploits. Sadly, it's just too damn expensive for most organizations to do properly. :-(

      1. John Robson Silver badge

        Re: Whitelist...

        Hence my comment about vendor provision of md5 via something like dnssec.

        Most people would trust MS not to be virus (jokes aside), so they would simply sign/hash their patches/versions and provide the requisite authentication via dnssec-alike...

        Smaller organisations need to sign fewer releases, that's OK.

        Then you start explicitly trusting organisations, not testing all software you run. Revocation would be important.

        Thought would be needed for offline devices (although they are typically easier to secure via "normal" means...)

        1. Anonymous Coward
          Anonymous Coward

          Re: Whitelist...

          Well done. You just re-invented code signing.

          I wouldn't bother trying to patent it, though.

          1. Jerren

            Re: Whitelist...

            @AC - Actually no it's not code signing, it's basically hash enforcement at the os level - if the app and hash you have stored on PC when you try to save/execute dosn't match the version on the white-list on the server it is blocked. It's been a feature of windows server for years as well as several 3rd party tools.

            This goes well beyond malware protection to address what users can and cannot load on their systems, if your group dosn't have permission to say run firefox you cannot install or run it period, weather it's a "trusted" source and code signed or not dosn't make a difference. if it's not on the list it's not going to run on your PC period.

            I stand by my comments before, it's highly effective when done right, but it can take a lot more effort and money to implement properly than AV amd IPS devices like Imperva.

  23. Hubert Thrunge Jr.
    Paris Hilton

    Wibble?

    Other than the state generated virii for "their" purposes, does anyone wonder if many of the anti-virus companies actually write the bloody things to self perpetuate their income?

    Thankfully my PDP8 isn't affected by these Windows/XML/HMTL/FLASH/etc.. critters. Though it did all go horribly wrong when some numpty used an A4 Hole Punch on one of my paper tapes the other week by mistake.

  24. Alan Brown Silver badge

    peanuts and monkeys

    You may be paid 115k in SoCal, but the pay offered in UK schools is a long way short of that - and they get the calibre of staff that you'd expect as a result.

    Not to mention that because the people holding the purse strings only know desktop systems, they think that everything is a desktop system and networking can be achieved using cheap hubs - which promptly melt down when 30 PCs in a classroom simultaneously try to access the same fileserver. There are far more effective ways of locking down systems, as have already been mentioned (fixed images which restore on reboot so it doesn't matter what the little scrotes try to install, thin clients, etc etc etc)

    The stanard model in education systems is to go for the cheapest possible option, then maybe rip it out and pay for another half-baked cheap solution when it doesn't work, instead of actually doing the job right the first time.

    Raspberry PIs are cheap enough that they can be a required consumable for the course - just like calculators.

    As for pencils through monitors, the classroom CCTV will finger the real culprit fairly quickly, for shagging round with networks and power switches, it's easy enough to make things get very loud when Dennis the Klepto puts his hands around the back of a machine - and if you use a thin client it's a lot easier to deal with. For starters, the box doesn't need to be on the desktop.

    None of this matters when you realise that UK "Computing" in schools is about teaching kids how to use Excel or Word by rote to the point that an unfamiliar revision of the software often results in handwaving and tantrums from those with various pieces of paper which claim that the holder is computer-literate.

    (Cynical? Me? Not really. I have to deal with what comes out the other end and quite frankly most secondary-level "computing" qualifications are fit for wiping your arse with, but usually the paper's too shiny even for that simple task.)

    1. Anonymous Coward
      Anonymous Coward

      Re: peanuts and monkeys

      actually while i agree with almost all of what you've said, from a personal point of view, there's a bigger problem with what passes for "IT" in UK schools. A friend's children were recently told that homework had to be handed in electronically, in MS Word or MS Excel formats.

      Did the school pay for the software licences? (Not the stupidly restrictive education ones, the full licences?) Yeah right. Reason given? Oh, that's what the teachers use. Well then, tell the teachers to learn more than one application suite. On their own time, like the rest of us do - and if they need a training course they are free to pay for it.

      "(Cynical? Me? Not really. I have to deal with what comes out the other end and quite frankly most secondary-level "computing" qualifications are fit for wiping your arse with, but usually the paper's too shiny even for that simple task.)"

      I disagree, sorry. I don't think you're being cynical enough :-)

    2. RICHTO
      Mushroom

      Re: peanuts and monkeys

      Micorosft have a neat solution for this type of school environment. You can have have 1 PC in the classroom shared by the pupils on thin clients. See http://channel9.msdn.com/Events/TechEd/Europe/2012/WSV202

      Good for training rooms, etc. too.

  25. Dr. Vesselin Bontchev
    Boffin

    Excellent criticism of Imperva's so-called study

    http://anti-virus-rants.blogspot.com/2013/01/impervas-anti-virus-study-is-garbage.html

    Some of the juiciest quotes:

    "imperva keeps shopping this quackery out to more and more media outlets where it gets gobbled up and regurgitated uncritically by writers/editors (who really ought to know better if reporting on this sort of topic is part of their actual job)"

    "imperva has behaved like a dung beetle, persistently rolling this turd around, but somehow it keeps getting bigger like some katamari damacy of bullshit"

    1. diodesign (Written by Reg staff) Silver badge

      Re: Excellent criticism of Imperva's so-called study

      Although, TBF, we've taken Imperva's study with a pinch of salt and reported it as mere claims.

      C.

    2. jake Silver badge

      Re: Excellent criticism of Imperva's so-called study

      I run no AV snake-oil. No need, with a properly put together system.

      Dr. V.B. sells snake oil, as do all the other anti-malware marketards.

      If you know how to run good code, snake oil is not necessary.

      If you don't know how to run good code, you're screwed right from the git-go. Might as well pay somebody to make yourself feel better about being vulnerable, whilst still being vulnerable through your own ignorance ... or perhaps you'd be better off off-line entirely?

      Whatever. It's your money/privacy, not mine.

This topic is closed for new posts.

Biting the hand that feeds IT © 1998–2021