No defence for outdated defenders as consumer AV nears RIP Game knows game. Thus it came as little surprise that Norton's consumer security software not only sprouted a cryptominer that slurps your computer's life essence and skims a cut, but that it's hard to turn it off. A marriage not made in heaven but the other place: consumer-grade antivirus software has always had an uneven …
Microsoft Anti-Virus (MSAV) - created by Central Point Software, which was later subsumed into Symantic - was introduced in DOS 6.
There was a Windows 3 front end to it (Microsoft Anti-Virus for Windows (MWAV)). I don't think it was standalone, though - you still needed the MSDOS bit.
Indeed - Windows was separate and ran on top of DOS up to and including Windows 3.11.
Windows 95 was the first DOS-derived version where the two came as one package (although it was possible to run Windows 95 DOS on its own on a machine not capable of W95 - the things we tried when we were teenagers...)
The NT product line was always integrated as one package - and the consumer, DOS-derived versions were effectively abandoned after the fairly dire Windows ME: the NT architecture was used for business and consumer versions from XP onwards.
The NT product line was always integrated as one package - and the consumer, DOS-derived versions were effectively abandoned after the fairly dire Windows ME: the NT architecture was used for business and consumer versions from XP onwards.
I was about to correct you with 2K, but that officially and unfortunately wasn't a consumer version. I only switched to XP with SP2
I didn't remember it either, until AC posted that it was MSAV. Then I remembered. Easy to forget about it, though. Back then, most all you had to worry about was "where has this floppy been" and ejecting the floppy before you reboot the computer. Oh, and make sure your shareware came from a reputable source. So for the most part, there wasn't much need for AV software unless you thought you had an infected floppy or file, and certainly no need for always-running AV that chews-up 1 GB+ of RAM.
Much simpler times back then.
Know the size of the population and the resources required to satisfy their needs.
Automate every job it is possible to automate.
Give everyone food and shelter in return for their share of the residual labour.
Everyone ends up working a 16-hour week and retiring in their thirties.
Unregulated pure capitalism does not work. People will act in their own interests, which will be to pollute the environment, make their workers work in horrible conditions with no regards for safety, sell defective products if they can get away with it, etc. This is all well known.
Regarding the antivirus market, the incentive is to scare consumers into spending lots of money, to have lots of tickbox features so you can "win" product comparisons, and to provide software that defends against most viruses. Making that software fast and compatible is not so important. Making that software unobtrusive so it "just works" actually works against the goals.
There is weak regulation and no way for a consumer to sensibly compare products, so that is what you get.
Now, Microsoft has different incentives. They want Windows to be fast and safe and easy to use, so they can sell Windows and Office and all their other software. Hence they give away a free, fast, relatively unobtrusive antivirus, to everyone who has bought Windows.
So while capitalism caused a mess in the "separate antivirus" market, in the overall "Windows antivirus" market it has worked. We ended up with a single free solution being the clear winner, which is good for consumers.
Add Avast to this.
Some years ago the sold the browsing history of user they collected to protect the user from bad sites.
They have tidied the act up on that but they still hit you over the head with their announcements/ads for upgrading hence my move to McAcfee these days, much better.
They have tidied the act up on that
NB: The people who now claim to have stopped selling user browsing data are the same people who did it in the first place -- data which went well beyond URL lists, including "an 'all clicks feed' that was apparently able to track user behavior such as clicks and movements between websites" (source).
But sure, let's take them at their word when they claim that their proprietary closed-source code doesn't do that any more. It's all clearly explained in their 30,500-word* Privacy section.
* Includes General Privacy Policy, Application Policy, VPN Policy, and Cookie Policy.
I remember many years ago trying to find out how Avast had leaked the email address I'd used to register. I use a DEA based system so I knew that only they ought to know that address yet I was getting spam sent to it. They refused to acknowledge that there was a problem (they claimed the address had been farmed from my address book) then the forum community joined in and I gave up.
I doubt any of them will remember that little spat but part of me has long thought 'I told you..'.
...and on the users who think their business computer is a home computer that don't have to pay for: shopping online, bringing in docs and even photos to print on USB sticks (or email), posting to SocMed and so on. And don't forget the torrenters who like(d) to use corporate bandwidth.
Now most, if not all, of that is typically utterly banned on modern business machines but the "need for A/V" remains. And VPN profiling that insists any non-company PC connecting to a corporate network with a VPN has a certain level of a/v protection pretty much guarantees that this requirement for home A/V will persist - even on Mac and Linux, neither of which arguably really need it either.
The way I see it, it's the "Stupid Tax" we all have to pay.
> Endpoint protection managed in the cloud, whether explicit anti-malware services or OS-led protection as seamless as Chrome OS or through aggressive online patching, is as good as it's going to get. Keep up to date, and third-party security software you have to manage has no right to your system at all.
Without wanting to defend desktop AV, I don't entirely agree with this, especially when suggested as a solution for consumers.
It's true that AV can do very little against novel attacks, but in the consumer space I'm not sure that's actually it's real function (even if sold as such). What desktop AV exists to prevent, in the consumer space is Auntie Mavis downloading AwesomePictures.exe and running it. Known signatures are still reasonably useful for the lower sophistication trojans.
Cloud based endpoint protection still isn't really an accessible solution for the average consumer - it's overkill and overpriced (compared to what consumers want to spend). Depending on the mode used (cloud managed, or a cloud based gateway) you're either sticking a 3rd party MITM in your traffic flow, or enabling remote management of your system.
The concerns about the level of system access an AV needs applies doubly to the agents used in many cloud-based endpoint management solutions (I can't be the only one to have found certain suppliers to be hideously lacking in security...)
I agree with the general thrust of the article, but the beginning of this para just doesn't sit right.
Probably the built-in Windows AV is enough in such case without the need to install a third party solution.
The issue with AV today is really that writing software able to install it at the kernel level and work well and fast without causing noticeable slow downs or worse, would require highly skilled developers and related costs. Developers who today can probably earn much more working in some cyber-something sector.
> Probably the built-in Windows AV is enough in such case without the need to install a third party solution.
Yep, in my mind that was being castigated too as AV, but on reflection I guess it also fits into the "os-led protection" category.
MCafee and Norton as companies paid for and created some of the worst viruses over the past few decades.
The aim was to say "only OUR product handles XYZ", but thats because they created it so knew exactly what signatures to add.
There have been cases where BOTH of them "somehow" had anti-virus signatures added before particular viruses/malware was even released onto the public.
A bit like answering the door to the police and saying "I haven't hacked my wife up and fed her to the pigs officer. " <pause> "what do you mean my wifes missing?" <shocked look>
Sounds more likely to be heuristic or behavioural monitoring. Both have been around in AV for many years now.
Most AV matches I've seen in recent years have been against GENERIC signatures, rather than a specific match. i.e. "This file looks a bit like this other virus I know about". or with behavioural, "This application is doing things that look suspiciously like a virus".
Quite a few PC games, especially when they have DRM built in, get hit by this quite often. The Steam forums are full of "My somegame.exe file disappeared! Please help", and you find their AV archived it due to a false positive.
A lot of the comments here suggest the some of reasons why so many users end up getting infected. Let's face it, the malware programmers are working much harder at infecting systems than the AV programmers are able to work to defend the environment from the attacks. We can talk about this all we like but while we're chatting about AV issues, there are a whole bunch of very highly talented people working at infecting us, not just talking about it. The issue is that the entire computing environment is vulnerable, mostly at a result of companies working to improve performance and sell user data, not safety.
"The true mystery of the world is the visible, not the invisible." - Oscar Wilde
When I look through AV logs of my clients I find they are still being hit by junk websites. It is too easy for a 1D-10T user to walk down a back alley of the Internet and get jumped. Too many trust that Google search result. A decent AV at least stands in the way of that.
And that is not McAfee\Norton\Avast. The mess they make of a PC is so bad you might as well let the virus take over as it would keep the PC in a healthier state.
Honestly, when someone asks, I recommend to just use the Windows built-in AV. In my anecdotal experience, it's usually good enough to save you if you double-click somewhere you shouldn't, and it's considerably less prone to breaking your system when compared to the rest of the crowd.
Usually, however, people don't trust my recommendation, probably reasoning that if it's free then it can't be any good. Oh well.
Well....
Yandex did buy Agnitum so that they could embed an 'AV' in the browser (Yandex security system),
I however, recommend Kaspersky security suite (*), but some might take exception to having software from Russia installed on their PC...
(*) However, even this benefits from various ad and script blocking browser add=ins...
> So, what protection would you recommend for the average home user or small business?
I didn't want to sound like a salesman. I use ESET AV, also with my small business clients. It is still relatively low resource, but there is something weird going on with them and Salesforce lately that makes me worry a bit about the future.
Kaspersky would also be one I look towards. A good rule of thumb I have had over the years is the further East the owners, the better the quality seems to be.
Upvoted your reference to Eset.
I've been using it for A VERY LONG TIME.
There is definitely something weird going on with them though.
A year or more ago I was sure they were trying to move to direct selling and cut out their long established reseller network.
There is definitely more targetted hard sell coming from them now.
I wonder if they've been taken over by venture capital types.
During all the years that I have chosen, and then been obliged ,to use DOS and Windows (which is about 35 now), I have only once been infected with a virus. A boot sector nasty which was infiltrated (I don't know how) on to disk 5 of 7 of the copy of PC Tools that I bought from (pre-Dixons) PC World. Well, "nasty" is an overstatement. It bounced a diamond shape around the screen. And propagated. And that's it. (I know because I disassembled it.)
There is only one sure protection against malware, which I call "not being a muppet". I am often a muppet, but never, since that PC Tools lesson, in circumstances which could result in infecting a Microsoft operating system.
Don't run executables off the internet unless you are absolutely certain of their provenance. Even then be cautious. How hard is that? (OK, it's much easier since the demise of Internet Exploiter.)
-A.
I have been using Sophos products since before I graduate at Oxford Brookes in 2006. Sophos has always produced a Home User product which is free and has over the years stopped pleanty of unwanted applications from ruining my computing experience.
Today I shell out a paltry sum to the same company as their Home User product now provides protection for up 10 different computing devices owned by my family menbers. It also provides end point security for all of our mobile phones. It works on all major OSes. They also produce a stand alone Firewall.
I am very grateful for the level of protection that I believe that I and my family are getting via Sophos products. I recommend the company's products to my clients and friends.
I know that this isn't the Final Solution but please don't burst my bubble...........
ALF
The argument appears to be of the form "brand X locks are crap, and in any case, a talented thief can pick the lock anyway".
That's a good argument for not relying solely on locking your door. It's a terrible argument for not having a lock in the first place.
search youtube for 'the lockpicking lawyer', then watch one or two of his videos to see about how much time he spending just talking, compared to the time he spends picking locks, and the look at the length of ALL of his videos. He could probably walk up to the door of any vehicle or building on the planet and be inside (or at least have tripped the alarm system) in 3 minutes. Think about this: does your neighbor's house have vinyl siding? If so, you can cut your way in to their house with a boxcutter in under two minutes by going straight through the wall...
Vinyl siding is cladding that looks like either grooved asbestos shingles, or clapboards that snaps over the wood.
The benefits are, it can come pre-colored so no more painting and of course doesn't get eaten by termites or rot (older brands do get the UV breakdown, but the newer stuff is pretty good resisting that now..)
Really cheap housing tracts built by fly-by-night builders often go with vinyl right over the strandboard siding and of course that shit is utter crap.
Anecdotally, my sister is an architect and was on a renovation project in a neighborhood outside of Washington DC a few decades ago, the ENTIRE neighborhood was built with strandboard exterior walls with spray-on vinyl 'brickface' that was scored and tinted to look like the real thing.. only the vinyl was applied directly to the strandboard w/o it being properly primed/treated (fly-by-nighters, man, get you EVERY time..) and the vinyl delaminated and let water in. Lo and behold the cement used to bind the strandboard (basically it's pressed wood chips) was corn-based and became mold bombs as the wood rotted under the vinyl brickface. THOSE houses you literally could cut through the vinyl with a box cutter and into them between the wall studs. HUGE lawsuits against the builder IIRC.
You'll see lots of vinyl cladding in the Northeast US on older homes because it does a bang up job protecting the clapboards already on..
What is behind my vinyl siding?
3/4" Strand board mounted to
2 x 6 studs 16" on center
6" of insulation
Between each stud are 2 1/2" steel cables mounted to the wall cap and the concrete slab pulled tight! (Hurricane protection)
Try getting through that with a box cutter!
The problem with that is, surely you still have to get through a layer of brick (cutting which is very noisy) followed by a layer of insulation (which may be loose-filled, and won't do your brick-cutting tool any favours) and then another layer of brick or breeze block?
I long ago got disgusted by AV software, and started going entirely without. I download the occasional file or two from Pirate Bay, and do a reasonable amount of web surfing, but the last time my computer got infected was years ago. A quick reformat and reinstall of Windows, and I was back in business in almost no time. I also keep all data on separate drives, as well as backups. I feel I'm far more likely to lose data through a hardware failure, like a disk crash, than from a virus.
Experience with virus are limited to 2
1 was contained in an email from a trusted friend..... sadly outlook excess used internet exploiter to render the preview pane..... and thats my system pwned (format c: cured it)
the second was picked up from some random website and was rather clever
The actual virus payload was a string of data, each byte rotated right 1 bit, and some javascript.
First thing the script did was reserve memory, then rotated left 1 bit each byte of the payload.
Then linked to syshost to deploy said payload
I cant see any anti virus program stopping the first part, but the thing that gets me is that a user level application can run random scripts that can make changes to the system. this is down to m$'s bad design of the OS nothing else.
It is that that makes such a good market for all these 'anti-virus' programs even though they can only alert you to the fact your computer has justed been pwned
And its no good saying 'linux is better' because if Linux (or OS/2 or Amiga OS or whatever) achieved the market share that windows has, then they'd be under attack by the malware boys
Perhaps a simpler solution would be to give computers to the people that actually need them, and typewriters with a document scanner/displayer to the other 95% of staff.
And the solution is simple :
1) don't use Outlook. Every malware writer is on the lookout for that.
2) Use NoScript. 99.9% of all malware on the web needs JavaScript to install. Stop that and the virus is killed dead in its tracks.
Of course, point 2 requires you to not be a noob of the web, but hey, this is El Reg forums. You should know how to handle yourself in a browser.
But with Linux, you have to jump through several hoops to have your *system* owned by malware downloaded from the Internet.
I'm not saying Linux is invulnerable, but just think. It's quite unusual for any out-of-the-box Linux system to have their primary user running as an admin (root) account. You can do it, but it's a decision you have to make. And without root access, your files may be at risk, but the system files are not.
There have been ways of jumping the privilege barrier, but that requires code downloaded that can then try to take advantage of other issues on the system, so it has to be a multi-stage attack.
Historical versions of Windows (MS-DOS based ones) did not have that level of protection. WinNT versions did have the protection, but it was quite normal for the main user to use an admin account which side-stepped this protection, at least until Windows 7. Modern Windows does a much better job, but there still seem to be many vulnerabilities known.
> ts no good saying 'linux is better' because if Linux (or OS/2 or Amiga OS or whatever) achieved the market share that windows has, then they'd be under attack by the malware boys
Possibly. But they wouldn't just roll over and wave their legs in the air in the same way. For years Microsoft software was insecure by design. I see little evidence that it isn't now.
-A.
In the early or mid 90s reading a copy of the 2600 magazine about AV software. The thought was back then, as mentioned in the article, that either they were releasing viruses themselves or the amount of signatures they claimed to detect they didn't actually get close to what they claimed they had.
I also remember messing around with a virus creation toolkit (as I was crap at assembly). At college we got hit with the Form virus, so I took it open to play with and accidentally infected my HDD bootsector. But ended up just booting from floppy instead.
I gave up on most AV programs after the AVG days, when it became bloated and unusable and after going through many up to that point.
When people ask me (which isn't as often as it used to be, thanks to tablets etc), I now just say to use the built in Windows AV. Then every so often, run a scan using the Free version of Malwarebytes. This for me is enough but I rarely go off the beaten track!
I used to run an adblocker on Firefox, but now just use Brave (script and ad-blocking seems good). I also run a Pi-hole as my DHCP/DNS, loaded with several block lists, which is helpful for home. My daughters tablet has some 'extra' blocklists assigned to keep her a bit safer. I can't actually remember the last time I had a virus... maybe 15 years ago!
Hello,
Mr. McAfee certainly did not write any computer viruses or other malware. He had not programmed a computer for years before starting McAfee Associates, and those were minicomputers, not personal computers. He certainly understood programming and programming concepts, but the most complex thing he wrote were WordPerfect macros.
The idea that, some three decades later, he at some point infected a bunch of netbooks with malware is farcical. At the time he made this statement, he was dealing with the Belizean authorities and simply wanted to scare them by making them think he had something on them. Mr. McAfee regularly made many statements to the media during his ordeal because he felt it helped keep pressure on Belize to leave him alone. The fact that The Register still brings it up today shows that Mr. McAfee's strategy for using the media worked rather well, it would seem.
Regards,
Aryeh Goretsky
Smart people stayed away from Norton or McAfee. McAfee has been garbage for at least 2 decades, and Norton has been hit and miss for as long as I can remember. Personally, I've used NOD32 by Eset for around 17 years, and I stand by it. I don't rely on it as my primary protection (that's my job), but rather as a backup in case something slips past me.
"It became commonplace to ship PCs with "try before you buy" AV packages that encouraged the new user to activate the software for free, only to receive truly terrifying warnings a month or so later about shelling out for continued protection"
A practice that continues, expanded, to this day. If you remove the McAfee that ships with your PC, instead opting for the "free" adware from say AVG/Avast, you get daily scareware advisories that are in fact total BS.
I work with DICOM Medical Images and most AV systems don't know how to handle them. Most AV systems detect a suspect string in the file (DICOM files are Images with embedded metadata, so structured data mixed with pseudo-random characters) and mark the file for a deep scan. Unfortunately the deep scan takes a few seconds and by then the app that was trying to open the file has errored or timed-out. After speaking to several of the AV companies, there is no will there to resolve the problem. This wouldn't be a problem except for the blanket approach used by most incompetent IT departments who push their crappy AV system to every single PC without any consideration of the effect it may have on the end user systems. Most high-end medical imaging systems are firewalled up the wazoo and have other protection, but the IT dept. insists it MUST have AV installed.
The death of antivirus has been predicted for 25 plus years now. The bigger problem is the continued lack of patching/updates for vulnerabilities/bugs that allows viruses and ransomware to persist. Nearly 5 years (May 2017) after the Wannacry outbreak it still infects because systems remain unpatched, old O/S versions and SMBv1 lingers on. Most infections are because of lax security practices (incl. weak passwords) and lack of regular patching for vulnerabilities.
You seem to forget that many systems have legacy software and/or hardware that makes some things, like SMBv1 a sad necessity if you don't have $$$$ budgets for major system overhauls.
Having said that, a sensible system design would segregate systems so email/web is not on the same network as $OddSMVv1System, etc.
Must be seven or eight years ago that my wife browsed Amazon UK and purchased Mawarebytes Pro or Premium (can't rmemeber the exact date or the exact name), She purchased it as a gifyt for me because she didn't think there was any such thing as a free lunch, that is, she had no faith in ANY "free"AV being up to stuff.
Not long after that discounted Amazon purchase, M\alwarebytes changed to the Adobe model of a recurring monthly subscription. However, it emailed me (as a registered user) to say that it would never bill me for any update or version change in future, seeing as how I had already purchased its product.
Malwarebytes has stuck to its promise. And I've never had any kind of infection on any Windows PC of mine over the years.Sheesh, I'm still on Windows 7.
* Just thought I'd provide an honourable mention for at least one anti malware specialist amidst the welter of justifiable criticism El Reg has levelled at scumbag outfits like Norton and McAfee.
BT offer subscriber free AV software, Amusingly the recent changed from teh much maligned McAffe to the even more maligned Norton.
You do wonder if the people that make these decission get some kind of benefit ofor annoying your customers. I assume Norton supply for free as long as the Cryptominer is turned on....
The real problem is, Windows relied for too long on locks that were screwed on from the outside and gave away keys that opened far too many of them compared to what was needed. A lot of "legitimate" software, written by self-taught coders with pirate copies of programming languages and incomplete documentation, relied for its operation on techniques also used by malware -- and also became indispensable. Making the underlying OS more robust against malware would have had the side-effect of killing off a lot of business-critical software.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
