topbanner_forum
  *

avatar image

Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
  • Thursday March 28, 2024, 1:43 am
  • Proudly celebrating 15+ years online.
  • Donate now to become a lifetime supporting member of the site and get a non-expiring license key for all of our programs.
  • donate

Last post Author Topic: Is Antivirus Software a Waste of Money?  (Read 41326 times)

wraith808

  • Supporting Member
  • Joined in 2006
  • **
  • default avatar
  • Posts: 11,186
    • View Profile
    • Donate to Member
Re: Is Antivirus Software a Waste of Money?
« Reply #25 on: July 27, 2014, 11:56 AM »
Not only does common sense not get updated, I've found it is also prone to being disabled very easily.  :tease:

Common sense isn't so common  :stars:

40hz

  • Supporting Member
  • Joined in 2007
  • **
  • Posts: 11,857
    • View Profile
    • Donate to Member
Re: Is Antivirus Software a Waste of Money?
« Reply #26 on: July 27, 2014, 01:06 PM »
I just got my first call from someone who had gotten dual-bitten by a password logging bot plus (to my amazement) some ransomware.

She was running a (mostly) updated copy of Win7x64 along with MS Security Essentials.

A close check of all her financial and personal logins followed by the creation of some strong new passwords fixed that worry. Fortunately, nothing was tampered with as far as she and we could tell.

The damage done by ransomware encryption was annoying, but less an issue since she had clean and very recent backups of all her critical stuff.

One HD wipe, reformat, and OS/apps/data reinstall and she was back to normal except for some personal inconvenience plus some money spent getting help and buying more powerful commercial antimalware.

Draw from this what conclusions you will. 8)
.
« Last Edit: July 27, 2014, 09:39 PM by 40hz »

wraith808

  • Supporting Member
  • Joined in 2006
  • **
  • default avatar
  • Posts: 11,186
    • View Profile
    • Donate to Member
Re: Is Antivirus Software a Waste of Money?
« Reply #27 on: July 27, 2014, 02:19 PM »
The conclusion that I think I'm drawing is that I should have long ago switched to the paid version of spybot if I want AV...

Stoic Joker

  • Honorary Member
  • Joined in 2008
  • **
  • Posts: 6,646
    • View Profile
    • Donate to Member
Re: Is Antivirus Software a Waste of Money?
« Reply #28 on: July 27, 2014, 10:39 PM »
The damage done by ransomware encryption was annoying, but less an issue since she had clean and very recent backups of all her critical stuff.

I've only ran into that one once during an accountant was checking their personal webmail at work episode. All the stuff on the server was saved using the Previous Versions feature (I really like that one), and all the stuff on the workstation was... hehehe ...Well they won't do that again.

Rule 0: No critical data is ever to be stored on a workstation.

Tuxman

  • Supporting Member
  • Joined in 2006
  • **
  • Posts: 2,466
    • View Profile
    • Donate to Member
Re: Is Antivirus Software a Waste of Money?
« Reply #29 on: July 28, 2014, 05:40 AM »
Rule 0: No critical data is ever to be stored on a workstation.

Precisely. Store it in the Cloud!

Giampy

  • Participant
  • Joined in 2009
  • *
  • Posts: 444
    • View Profile
    • Read more about this member.
    • Donate to Member
Re: Is Antivirus Software a Waste of Money?
« Reply #30 on: July 28, 2014, 08:13 AM »
Store it in the Cloud!

Generally speaking, how much do you trust Cloud? I know that even Cloud is (as expected) under attack.

"A refrigerator without beer is like a body without soul"

Tuxman

  • Supporting Member
  • Joined in 2006
  • **
  • Posts: 2,466
    • View Profile
    • Donate to Member
Re: Is Antivirus Software a Waste of Money?
« Reply #31 on: July 28, 2014, 08:23 AM »
I don't trust servers I don't operate myself.

wraith808

  • Supporting Member
  • Joined in 2006
  • **
  • default avatar
  • Posts: 11,186
    • View Profile
    • Donate to Member
Re: Is Antivirus Software a Waste of Money?
« Reply #32 on: July 28, 2014, 08:27 AM »
Store it in the Cloud!

Generally speaking, how much do you trust Cloud? I know that even Cloud is (as expected) under attack.



That wasn't a serious statement nor contribution to the thread.

Tuxman

  • Supporting Member
  • Joined in 2006
  • **
  • Posts: 2,466
    • View Profile
    • Donate to Member
Re: Is Antivirus Software a Waste of Money?
« Reply #33 on: July 28, 2014, 08:28 AM »
I hope "store your critical data on machines you don't own" wasn't serious either...

Stoic Joker

  • Honorary Member
  • Joined in 2008
  • **
  • Posts: 6,646
    • View Profile
    • Donate to Member
Re: Is Antivirus Software a Waste of Money?
« Reply #34 on: July 28, 2014, 12:30 PM »
Store it in the Cloud!

Generally speaking, how much do you trust Cloud? I know that even Cloud is (as expected) under attack.

The Cloud is about as rife with penetration options as Linda Lovelace's entourage ... But I'm guessing he's unaware that I only deal with business/commercial class networks.

wraith808

  • Supporting Member
  • Joined in 2006
  • **
  • default avatar
  • Posts: 11,186
    • View Profile
    • Donate to Member
Re: Is Antivirus Software a Waste of Money?
« Reply #35 on: July 28, 2014, 02:56 PM »
I hope "store your critical data on machines you don't own" wasn't serious either...

He didn't say that.

Rule 0: No critical data is ever to be stored on a workstation.

Precisely. Store it in the Cloud!

That's the whole of that exchange.  Which isn't what he was saying, ergo, your response was... either sarcastic or asinine.  Or maybe both.

Tuxman

  • Supporting Member
  • Joined in 2006
  • **
  • Posts: 2,466
    • View Profile
    • Donate to Member
Re: Is Antivirus Software a Waste of Money?
« Reply #36 on: July 28, 2014, 02:57 PM »
"Not on a workstation" - but ... on servers then?

tomos

  • Charter Member
  • Joined in 2006
  • ***
  • Posts: 11,959
    • View Profile
    • Donate to Member
Re: Is Antivirus Software a Waste of Money?
« Reply #37 on: July 28, 2014, 03:59 PM »
"Not on a workstation" - but ... on servers then?

did I miss something :-\
or
did you miss this post ... ?

The Cloud is about as rife with penetration options as Linda Lovelace's entourage ... But I'm guessing he's unaware that I only deal with business/commercial class networks.
Tom

Tuxman

  • Supporting Member
  • Joined in 2006
  • **
  • Posts: 2,466
    • View Profile
    • Donate to Member
Re: Is Antivirus Software a Waste of Money?
« Reply #38 on: July 28, 2014, 04:04 PM »
Where to store the "critical data" then?

wraith808

  • Supporting Member
  • Joined in 2006
  • **
  • default avatar
  • Posts: 11,186
    • View Profile
    • Donate to Member
Re: Is Antivirus Software a Waste of Money?
« Reply #39 on: July 28, 2014, 04:07 PM »
Where to store the "critical data" then?

Dumb Terminals/Thin Clients connect to your own servers.  That's been a concept for a while...

40hz

  • Supporting Member
  • Joined in 2007
  • **
  • Posts: 11,857
    • View Profile
    • Donate to Member
Re: Is Antivirus Software a Waste of Money?
« Reply #40 on: July 28, 2014, 05:33 PM »
Dumb Terminals/Thin Clients connect to your own servers.  That's been a concept for a while...

You could also run your own trusted private mesh network with some fellow travellers and keep it all off the public backbone.

It's not enough to just own the servers any more. You also need to own the actual network infrastructure. 8)

Jibz

  • Developer
  • Joined in 2005
  • ***
  • Posts: 1,187
    • View Profile
    • Donate to Member
Re: Is Antivirus Software a Waste of Money?
« Reply #41 on: July 29, 2014, 02:22 AM »
I just got my first call from someone who had gotten dual-bitten by a password logging bot plus (to my amazement) some ransomware.

She was running a (mostly) updated copy of Win7x64 along with MS Security Essentials.

...

Draw from this what conclusions you will. 8)

The problem is you can't draw any more elaborate conclusions than that MSE did not stop this threat. For all we know, a commercial protection might have been equally useless.

40hz

  • Supporting Member
  • Joined in 2007
  • **
  • Posts: 11,857
    • View Profile
    • Donate to Member
Re: Is Antivirus Software a Waste of Money?
« Reply #42 on: July 29, 2014, 06:01 AM »
I just got my first call from someone who had gotten dual-bitten by a password logging bot plus (to my amazement) some ransomware.

She was running a (mostly) updated copy of Win7x64 along with MS Security Essentials.

...

Draw from this what conclusions you will. 8)

The problem is you can't draw any more elaborate conclusions than that MSE did not stop this threat. For all we know, a commercial protection might have been equally useless.


Precisely.

To wit: the one and only time I ever got bit was some years back - on a fully protected and updated machine.

I think this is one of those situations where the old adage that "One prayer and a toothbrush is better than a thousand prayers and no toothbrush" applies. It's a more a risk minimization strategy rather than a risk elimination process.

How much additional protection you get going with something other than MSE as your main AV scanner is up for debate. But that's a topic I'm not really qualified (being merely an informed user - and not a bona fide security expert) to get into. About all I have to go on is what I'm seeing on the field. And what I'm seeing is that (lately) more and more stuff seems to be slipping past MSE.

battle-300x204.gif

FWIW I'm currently using BitDefender Total Security and Malwarebytes Premium as my two main guard dogs. Weighing in around $100 for that combo, it certainly isn't cheap. But I need to plug laptops into my client's networks. So I can't risk catching an infection - or even worse - spreading one. Most people won't have that concern, or need to be able to demonstrate "a reasonable level of precaution" has been exercised in the event something goes wrong. Your degree of liability can get a little sticky (and expensive) in business situations where finger pointing and blame assignment is the norm however.

If these were just personal machines that would never leave my home, I'd most likely use the freebie versions of the above.

YMMV. :)
« Last Edit: July 29, 2014, 03:13 PM by 40hz »

tomos

  • Charter Member
  • Joined in 2006
  • ***
  • Posts: 11,959
    • View Profile
    • Donate to Member
Re: Is Antivirus Software a Waste of Money?
« Reply #43 on: July 29, 2014, 06:33 AM »
FWIW I removed ransomware from a machine last year - it had the full Avira suite installed. I'm not writing this to knock Avira which I still think is one of the best conservative** anti-virus's out there. I suspect a lot of these things would get past most, if not all anti-viruses. (Maybe 40's combo above would work.)


** by conservative, I mean it errs on the false-positives side
Tom

Stoic Joker

  • Honorary Member
  • Joined in 2008
  • **
  • Posts: 6,646
    • View Profile
    • Donate to Member
Re: Is Antivirus Software a Waste of Money?
« Reply #44 on: July 29, 2014, 07:01 AM »
It's a more a risk minimization strategy rather than a risk elimination process.

That's definitely an important distinction, as security software is like birth control. Everything is 98% effective...and the last 2% is entirely up to you.

40hz

  • Supporting Member
  • Joined in 2007
  • **
  • Posts: 11,857
    • View Profile
    • Donate to Member
Re: Is Antivirus Software a Waste of Money?
« Reply #45 on: July 29, 2014, 07:56 AM »
I suspect a lot of these things would get past most, if not all anti-viruses.

That seems to be the case of late with this new breed of malware.

Especially since it probably came in piggy-backed on a PDF attachment to an e-mail from a trusted sender. Her Acrobat Reader was two generations old. Everything else was fairly up to date except for her JRE which was also a full version back. So those two were the most likely initial attack vectors. At least as far as we could semi-determine (i.e. guess.) She gets a lot of company and client-generated PDF and document attachments with her e-mail.

This is the first time I've actually seen rather than just heard about a case of ransomware. And I hope it's my last. This puppy was a nasty piece of work. We couldn't sanitize her drive. And we used every trick in the book. Inside the machine the drive kept calmly reinfecting itself no matter what was done to it. You could see it spawning new processes in taskman even while the scanners were busily quarantining it. Since this was happening in safe mode, I suspect whatever it ultimately was also had a rooting capability.

Taken out and scrubbed using a non-Windows environment to recover what little data could be recovered rendered it unbootable. Whoever programmed this attack was one savvy and mean SOB, that's for sure.

Thank goodness (in her case) for a well-disciplined backup habit. If she didn't have that, it would have been really bad for her.
« Last Edit: July 29, 2014, 03:14 PM by 40hz »

Stoic Joker

  • Honorary Member
  • Joined in 2008
  • **
  • Posts: 6,646
    • View Profile
    • Donate to Member
Re: Is Antivirus Software a Waste of Money?
« Reply #46 on: July 29, 2014, 11:36 AM »
She gets a lot of company and client-generated PDF and document attachments with her e-mail.

With the popularity of Multi Function Printers these days, many companies are going paperless-er. And it seems like a lot of the people that set these things up always leave the default subject line in the scan to email configuration. Se people being used to accepting 'Xerox/HP/Lexmark/whatever model X created document' for a subject line while dealing with 50-100 of these a day can make it easy as hell to miss a bad one. Especially if the attacker matches up the default naming convention of the manufacturer with their name ... Or picks something inconspicuous and relevant like Invoice, Receipt, or Purchase Order.
This happens mainly because nobody wants to have to stand there in front of the damn thing and type a bunch of anything in on one of those tiny assed touch screens. So default, default, default, and send it is. Every friggin time.

Anytime I have to setup scan to Email on one of these devices - which happens a lot given the business we're in - I change the subject line to something that is relevant to the sending company to avoid having their Emailed scans adding to the problem.

Given the popularity of the technology, and ease of blending in...those things can be a real bitch to spot. And as a card carrying BOFH, it truly pains me to say it ... But it's damn hard to blame the user for missing one of these.

wraith808

  • Supporting Member
  • Joined in 2006
  • **
  • default avatar
  • Posts: 11,186
    • View Profile
    • Donate to Member
Re: Is Antivirus Software a Waste of Money?
« Reply #47 on: July 29, 2014, 01:32 PM »
Given the popularity of the technology, and ease of blending in...those things can be a real bitch to spot. And as a card carrying BOFH, it truly pains me to say it ... But it's damn hard to blame the user for missing one of these.

That's the sad thing.  My wife was apologizing about falling for it, and I was saying that they're getting smarter, and it's harder and harder to tell the difference.

40hz

  • Supporting Member
  • Joined in 2007
  • **
  • Posts: 11,857
    • View Profile
    • Donate to Member
Re: Is Antivirus Software a Waste of Money?
« Reply #48 on: July 29, 2014, 01:39 PM »
Given the popularity of the technology, and ease of blending in...those things can be a real bitch to spot. And as a card carrying BOFH, it truly pains me to say it ... But it's damn hard to blame the user for missing one of these.

Agree. This particular client isn't a fool. I've worked with her for about 10 years now. She's actually one of those responsible types who made sure she was tech-saavy above and beyond the requirements of her job. And she was devastated when this thing hit. Especially once she realized just how serious it was. Being a remote-located employee made her especially vulnerable. And being a non-dork, the very first thing she did was assume she herself had done something stupid. (She didn't btw.)

To make it even more interesting, the odds are pretty good that if it actually did come in via an infected attachment (as I suspect it did), the person who sent it to her didn't know it was loaded. Her company passes a lot of attachments back and forth for follow-up work, processing, client contact, etc. Some of it originates in-house. But the rest (60-70%) is generated by their clients. So it could have come from anywhere.

What's disturbing is that their e-mail provider's security didn't twig on it either. Can hardly blame the desktop when it's not showing a blip on the server's scanners, right? Her only warnings were that (a) her machine seemed ever so slightly slower starting up roughly three mornings before everything went south (she manually reboots each morning just to make sure it's "tidy" as she puts it) - and (b) that her scheduled Windows Update check (running daily at midnight and 6:00am) failed to complete two times in a row the day it happened.

This ain't script-kiddie stuff she got hit with. This is definitely the work of pros.

Scary! And just the tip of the iceberg I'm afraid. :tellme:

« Last Edit: July 29, 2014, 03:10 PM by 40hz »

tomos

  • Charter Member
  • Joined in 2006
  • ***
  • Posts: 11,959
    • View Profile
    • Donate to Member
Re: Is Antivirus Software a Waste of Money?
« Reply #49 on: July 29, 2014, 05:03 PM »
Well, the last 'thing' I got here, I dont honestly know what it was - nothing too serious, and I got rid of it fairly quickly and didnt keep a record; (anti-virus missed it; I've installed mbam since).
But what I wanted to say was that it came from an ad. I didnt even have to click anything. And that has happened me before - load a webpage and that's it: wham bam thank you ma'am...

FWIW, after getting rid of the ransomware from a friend's machine (it was the porn/police/blackmail one, not the one that encrypted all data), I removed Java completely from my main machine.

... maybe a more productive approach would be to look at what our anti-virus has stopped ???
In my experience, Avira stopped a couple of things; MSE nothing yet - but I think I've only had one attack since I started using it (probably a couple of years ago now).
Tom