topbanner_forum
  *

avatar image

Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
  • Thursday October 3, 2024, 6:20 pm
  • Proudly celebrating 15+ years online.
  • Donate now to become a lifetime supporting member of the site and get a non-expiring license key for all of our programs.
  • donate

Last post Author Topic: AV testing: Is your antivirus app doing its job?  (Read 17327 times)

Curt

  • Supporting Member
  • Joined in 2006
  • **
  • Posts: 7,566
    • View Profile
    • Donate to Member
AV testing: Is your antivirus app doing its job?
« on: July 23, 2015, 03:06 AM »
Regarding AntiVirus for various computer systems:
go to http://windowssecret...s-app-doing-its-job/ and start reading.  :up:

Protection test - March to July 2015:

2015-07-23_093508.png


Quite a surprise: The bests in this particular test were BitDefender, Kaspersky and Panda!  :o
Microsoft Security Essential was just as bad as TT_Vipre and Lavasoft.

However:
Once again Agnitum’s Outpost Security Suite, winner of several VB100 awards, was not part of the test.


AV testing: Is your antivirus app doing its job?
By Lincoln Spector on July 22, 2015 in Top Story   

Using savvy security software is an important part of staying safe online. But just how effective is it? You can’t depend on your experience — or mine.

The best source for information on the competency of anti-malware apps comes from a handful of independent, virus-testing organizations. Here’s one example.

If asked, I can tell you the qualities of a word processor, photo editor, backup program, or other app; all I need to judge them is time, experience, and some hands-on testing. I can tell you whether a program is easy to use and discuss features both cool and pointless. But evaluating anti-malware apps is an entirely different game.

Sure, I could truthfully tell you that I’ve used Avira for five years without a single infection. But when it comes to security software, one person’s experience is meaningless. It’s like saying that smoking is safe because George Burns lived to be 99 — it’s an anecdote, not a statistic. It’s akin to trying to prove a negative; i.e., I haven’t been infected so it must be working (up until the day some hacker takes over your system).

Malware testing is not only difficult, it’s potentially dangerous. After all, it requires keeping and safely applying a massive collection of nasty viruses, Trojans, and so forth. That type of testing is beyond all but highly experienced security researchers.

Fortunately, there are organizations that are up to the task — and who are willing to publish their testing results to the public:
http://windowssecret...s-app-doing-its-job/
-WindowsSecrets.com

This read made me worry about my use of MSE => 90% is not much. When the upgrade to Win 10 is done, I really should reinstall Outpost!

Now go and read, and then come back and tell:

What AV-system do you use?   :tellme:  Did these test results made you reconsider?
« Last Edit: July 23, 2015, 03:25 AM by Curt, Reason: go&read »

Tuxman

  • Supporting Member
  • Joined in 2006
  • **
  • Posts: 2,504
    • View Profile
    • Donate to Member
Re: AV testing: Is your antivirus app doing its job?
« Reply #1 on: July 23, 2015, 03:29 AM »
Is your antivirus app doing its job?

Hint: No.

And there's close to no reason to reconsider not using snake-oil malware.

tomos

  • Charter Member
  • Joined in 2006
  • ***
  • Posts: 11,963
    • View Profile
    • Donate to Member
Re: AV testing: Is your antivirus app doing its job?
« Reply #2 on: July 23, 2015, 04:20 AM »
Is your antivirus app doing its job?

Hint: No.

And there's close to no reason to reconsider not using snake-oil malware.

trying to tease out that last sentence -
Is it:
Anti-virus = Malware
and you dont use it

You dont use anything? (ich mach's ohne ? :p)
Curious:
Is that because you're expert enough to cope with anything that happens?
or you think they wont stop anything?
or your system is really secure anyway?
or... ?
Tom

Tuxman

  • Supporting Member
  • Joined in 2006
  • **
  • Posts: 2,504
    • View Profile
    • Donate to Member
Re: AV testing: Is your antivirus app doing its job?
« Reply #3 on: July 23, 2015, 04:31 AM »
Is it:
Anti-virus = Malware

True.

Is that because you're expert enough to cope with anything that happens?
or you think they wont stop anything?
or your system is really secure anyway?

Depending on my machine, all of that.

I'm "expert enough" to avoid lame malware by not clicking on suspicious links, also I use NoScript to block the vast majority of current malware infections.

Also, AV software does not stop anything. According to a 2012 Symantec paper, malware is around for about one year before it's actually found. I guess this has not changed much by now.

Finally, I avoid using insecure operating systems (Linux, OSX) wherever I can.

tomos

  • Charter Member
  • Joined in 2006
  • ***
  • Posts: 11,963
    • View Profile
    • Donate to Member
Re: AV testing: Is your antivirus app doing its job?
« Reply #4 on: July 23, 2015, 03:05 PM »
^thanks for the answer :up:
Tom

mwb1100

  • Supporting Member
  • Joined in 2006
  • **
  • Posts: 1,645
    • View Profile
    • Donate to Member
Re: AV testing: Is your antivirus app doing its job?
« Reply #5 on: July 23, 2015, 10:31 PM »
I have/use Webroot and I like it.  It hasn't caused many as many problems as other AVs I've used in the past.  I wish it were part of the survey, but it's not. Webroot has blocked some "potentially unwanted programs" from being stealth-installed. And that makes me happy.

Webroot also claims that it can rollback changes that malware might have made; I haven't had a chance or reason to use this feature so I'm not sure how well it works.  They claim it can bail you out of a Cryptolocker-style ransomware attack. I hope I never have reason to need that.

I also use MBAM.  Now that MBAM has fixed their upgrade method so it doesn't require me to do it manually, it's essentially invisible except when I click on a link to a webpage it doesn't think is safe (which happens once every few months - not too often).  Or maybe it's Webroot that nicely blocks potentially malicious websites.

I also have AdGuard installed, and while it's not technically anti-malware, I believe that ads have become a significant attack vector for malware. So I think AdGuard is doubly nice: fewer annoying ads and probably helping avoid some malware.

All of these are lifetime licenses except Webroot, which I re-up every year by finding a coupon that lets me get a 1 year license for 5 machines for $30.

I have a lifetime license for Outpost Security Suite, and I believe that it's a very competent bit of software, but it seems geared to people who want fine-grained control and want to know everything that's coming in and out of the network.  I've grown to want my anti-malware to be more hands-off, so I don't have Outpost installed right now. But I'm not sorry I bought it; I got a lot of use out of the license already, and  I'll periodically check back with Outpost when I hear about major upgrades that might impact the user interface.

Giampy

  • Participant
  • Joined in 2009
  • *
  • Posts: 444
    • View Profile
    • Read more about this member.
    • Donate to Member
Re: AV testing: Is your antivirus app doing its job?
« Reply #6 on: July 24, 2015, 08:06 AM »
I use an antivirus. It's not the best but it's surely better than nothing.

I trust more HIPS and behavioral analysis than antivirus itself. What do you think about this phrase?
"A refrigerator without beer is like a body without soul"

Tuxman

  • Supporting Member
  • Joined in 2006
  • **
  • Posts: 2,504
    • View Profile
    • Donate to Member
Re: AV testing: Is your antivirus app doing its job?
« Reply #7 on: July 24, 2015, 09:20 AM »
it's surely better than nothing.

By opening more potential holes at the cost of no additional security? Nice.

Giampy

  • Participant
  • Joined in 2009
  • *
  • Posts: 444
    • View Profile
    • Read more about this member.
    • Donate to Member
Re: AV testing: Is your antivirus app doing its job?
« Reply #8 on: July 24, 2015, 09:46 AM »
malware is around for about one year before it's actually found. I guess this has not changed much by now

Yes, but an antivirus should help at least against old malware. People can even avoid antivirus as it doesn't protect against new malware, but it must be then sad to be infected by a three years old virus...

IMHO, of course.
"A refrigerator without beer is like a body without soul"

Tuxman

  • Supporting Member
  • Joined in 2006
  • **
  • Posts: 2,504
    • View Profile
    • Donate to Member
Re: AV testing: Is your antivirus app doing its job?
« Reply #9 on: July 24, 2015, 09:52 AM »
"My computer is more secure now, only malware newer than three years can hijack it."

Wow.

Giampy

  • Participant
  • Joined in 2009
  • *
  • Posts: 444
    • View Profile
    • Read more about this member.
    • Donate to Member
Re: AV testing: Is your antivirus app doing its job?
« Reply #10 on: July 24, 2015, 09:57 AM »
Your self-confidence is enviable.
"A refrigerator without beer is like a body without soul"

Tuxman

  • Supporting Member
  • Joined in 2006
  • **
  • Posts: 2,504
    • View Profile
    • Donate to Member
Re: AV testing: Is your antivirus app doing its job?
« Reply #11 on: July 24, 2015, 09:59 AM »
Thank you!

MilesAhead

  • Supporting Member
  • Joined in 2009
  • **
  • Posts: 7,736
    • View Profile
    • Donate to Member
Re: AV testing: Is your antivirus app doing its job?
« Reply #12 on: July 24, 2015, 10:12 AM »
As I read the subject line again I think if the funds transfered successfully the software publisher would answer "yes."  I suspect that is the only job most of them are designed for.


Renegade

  • Charter Member
  • Joined in 2005
  • ***
  • Posts: 13,291
  • Tell me something you don't know...
    • View Profile
    • Renegade Minds
    • Donate to Member
Re: AV testing: Is your antivirus app doing its job?
« Reply #13 on: July 25, 2015, 09:36 PM »
Finally, I avoid using insecure operating systems (Linux, OSX) wherever I can.

What are you using? OpenBSD or another BSD variant?
Slow Down Music - Where I commit thought crimes...

Freedom is the right to be wrong, not the right to do wrong. - John Diefenbaker

Tuxman

  • Supporting Member
  • Joined in 2006
  • **
  • Posts: 2,504
    • View Profile
    • Donate to Member
Re: AV testing: Is your antivirus app doing its job?
« Reply #14 on: July 26, 2015, 07:15 AM »
Depends on what I'm trying to do. I have one Windows laptop, one OpenBSD laptop, one OpenBSD server and one FreeBSD server.
I might give NetBSD a run on the laptop though, just for the sake of it.

app103

  • That scary taskbar girl
  • Global Moderator
  • Joined in 2006
  • *****
  • Posts: 5,885
    • View Profile
    • Donate to Member
Re: AV testing: Is your antivirus app doing its job?
« Reply #15 on: July 26, 2015, 10:07 PM »
I use MSE, and this graph has done nothing to change my mind about using it, since it doesn't say how these machines were compromised or what they were compromised with, how diligently certain non-antivirus software was updated, what kind of risky behaviors were simulated, or even what "compromised" means.

Does being able to visit a "malicious" website without being infected with anything, still qualify it as being compromised merely on the basis of being able to view that website?

How about e-mail attachments? Does merely receiving a malicious attachment that is downloaded to your machine when retrieving e-mail via POP3 (a perfectly normal thing to happen to one that does not use webmail or IMAP), qualify as being "compromised", even if the e-mail or attachment was never opened?

How about opening an e-mail containing a link to a malicious website, even if the link was never actually clicked? Does that qualify as "compromised"?

Was the vast majority of malware that slipped through of the type that would typically end up only on a machine of someone that routinely downloads "cracks" and "keygens"?

Does merely having a perfectly safe .ico file extracted from the executable of an old piece of spyware, without actually having the executable on the system, qualify as "compromised"?

All this graph did was cause me to add another anti-virus to the list I won't ever consider using, based on its insanely high rate of false positives [F-Secure].

That list already contained at least 6 other products mentioned on that graph, that ended up on my "don't use" list due to previous negative experiences with them, some of which had nothing to do with their ability to detect malware. Some are on that list for efficiently detecting malware, claiming it successfully removed it (when in fact it had not), and interfering with my ability to manually remove it from infected machines (they produced as many annoying popups as the malware)[Avast, AVG, Avira]. Others are on the list by successfully preventing all possibility of infection by slowing the system down to an unusable state (you can't get infected with anything if you can't use the machine) [Kaspersky, McAfee]. And another is on the list due to ethical reasons, for their policy of placing all known websites on their "malicious" list by default, until the owner of the site contacts them to complain about it (and their lost revenue, lost business, and damage to their reputation), and have their site manually evaluated and removed from the list [Trend Micro].

MSE is doing its job, as far as I am concerned, by keeping everyone I have recommended it to (IRL) from phoning me to come over and clean up their systems. And as long as my phone isn't ringing and my own systems stay clean, I will continue to use it.

Giampy

  • Participant
  • Joined in 2009
  • *
  • Posts: 444
    • View Profile
    • Read more about this member.
    • Donate to Member
Re: AV testing: Is your antivirus app doing its job?
« Reply #16 on: July 27, 2015, 05:02 AM »
Antivirus programs raise doubts about their efficacy. What do you think instead of anti-exploit programs?
"A refrigerator without beer is like a body without soul"

Tuxman

  • Supporting Member
  • Joined in 2006
  • **
  • Posts: 2,504
    • View Profile
    • Donate to Member
Re: AV testing: Is your antivirus app doing its job?
« Reply #17 on: July 27, 2015, 05:05 AM »
There is no such thing as "anti-exploit programs". The best you can do is use your existing anti-exploit mechanisms (-> EMET).

Stoic Joker

  • Honorary Member
  • Joined in 2008
  • **
  • Posts: 6,646
    • View Profile
    • Donate to Member
Re: AV testing: Is your antivirus app doing its job?
« Reply #18 on: July 27, 2015, 06:58 AM »
It's a bit long to quote, so I'll just +1 App103's sentiments here.

Because regardless of the efficiency of the security software used, it invariably comes down to the user being presented with a dialog that basically says: "Would you like to blow your own ass off? Yes/No" ... and that in the majority of cases is where the real problem lies. This is why the drop in support incidents before and after Admin rights are stripped from users numbers are always very high..

Curt

  • Supporting Member
  • Joined in 2006
  • **
  • Posts: 7,566
    • View Profile
    • Donate to Member
Re: AV testing: Is your antivirus app doing its job?
« Reply #19 on: July 27, 2015, 07:17 AM »
Thank you, April, for your thorough answer and legit questions & reservations! It was a moment of "purple pill deja-vu zen", when I realized we don't use the exact same programs! -and you even made me remember why!  :up:

---------------

I had half a year without any anti this or that -program installed. Nothing bad happened to my computer. Common sense is of course the best anti-virus and anti zero-day-exploit.

But one may try EMET https://www.microsof...etails.aspx?id=46366
or MWB Anti-Exploit 7 Premium https://www.malwareb...antiexploit/premium/ all the same.
« Last Edit: July 27, 2015, 10:32 AM by Curt, Reason: MWB »

CWuestefeld

  • Supporting Member
  • Joined in 2006
  • **
  • Posts: 1,009
    • View Profile
    • Donate to Member
Re: AV testing: Is your antivirus app doing its job?
« Reply #20 on: July 27, 2015, 01:21 PM »
regardless of the efficiency of the security software used, it invariably comes down to the user being presented with a dialog

Read the referenced article. They specifically address this, and the test results shows what portion of the results are dependent on the user making the right/wrong decision, and which ones are the result of the software making the correct choice automatically. Hint: the top AV programs were handling it correctly on their own, in almost all cases.

f0dder

  • Charter Honorary Member
  • Joined in 2005
  • ***
  • Posts: 9,153
  • [Well, THAT escalated quickly!]
    • View Profile
    • f0dder's place
    • Read more about this member.
    • Donate to Member
Re: AV testing: Is your antivirus app doing its job?
« Reply #21 on: July 27, 2015, 02:14 PM »
You have to ask yourself what you're trying to protect against, and choose product accordingly.

Nothing whatsoever is going to be a 100% guarantee against 0days, not even behavioral monitoring. But most people aren't 0day targets, anyway; the biggest risk for ordinary people is accidentally surfing by one of the automated exploit kits, and those normally use relatively old exploits - but a whole bunch of them.

I personally can't be arsed with anything beyond MSE. I'm not arrogant enough to think I'd discover it if I were explicitly targeted with an APT, and while one might argue that my browser panzering + "don't run unknown shit outside of VMs" would probably be fine, I still keep MSE around in case I poke around on an external harddrive or the like.

For normal people, MSE would also be my suggestion. You just can't expect regular non-technical John Does to run NoScript, and even legit sites that you'd keep whitelisted might be compromised. MSE tends to suit those needs, it's less resource intensive than many competitors, it's gratis, and the people that manage to get infected anyway are basically helpless :)
- carpe noctem

Tuxman

  • Supporting Member
  • Joined in 2006
  • **
  • Posts: 2,504
    • View Profile
    • Donate to Member
Re: AV testing: Is your antivirus app doing its job?
« Reply #22 on: July 27, 2015, 02:23 PM »
           +------------------------------------+
           | Which Operating System do you use? |
           +------------------------------------+
            /         |             |          \
           /          |             |           \
        Mac OS      Linux         Windows      another
         /            |             |             \
        /             |             |             |
       / +-----------------------------------------+
      /  | Do you use any security software to     |
     /   | protect you from malware?               |
    /    +-----------------------------------------+
   /     |                   |                     |
  /      |                   |                     |
 /  yes, exclusively   yes, in combination         no
 |       |             with careful usage of       |
 |       |             any internet service I      |
 |       |             use   |                     |
 |       |                   |            +-----------------------------+
 |      / \                  |            | Did you disable JavaScript  |
 |     /   \                 |            | in your browsers & mail     |
 |    /     \                |            | clients?                    |
 |   /       \               |            +-----------------------------+
 |  / YOUR    \              |                     |            |
 | / SYSTEM IS \             |                     |            |
 |/   ALREADY   \            |                    yes           no
 / COMPROMISED!  \           |                     |            /
 \               /        +--------------------------+         /
  \             /         | YOU ARE SAFE! <3         |        /
   \           /          +--------------------------+       /
    \         /<--------------------------------------------+
     \______ /
                                               

f0dder

  • Charter Honorary Member
  • Joined in 2005
  • ***
  • Posts: 9,153
  • [Well, THAT escalated quickly!]
    • View Profile
    • f0dder's place
    • Read more about this member.
    • Donate to Member
Re: AV testing: Is your antivirus app doing its job?
« Reply #23 on: July 27, 2015, 02:30 PM »
Tuxman, that flowchart is not only elitist, it's also not very correct :)
- carpe noctem

Tuxman

  • Supporting Member
  • Joined in 2006
  • **
  • Posts: 2,504
    • View Profile
    • Donate to Member
Re: AV testing: Is your antivirus app doing its job?
« Reply #24 on: July 27, 2015, 02:34 PM »
I'm open for suggestions. In general, it's not too wrong.