Main Area and Open Discussion > General Software Discussion

AV testing: Is your antivirus app doing its job?

<< < (4/6) > >>

app103:
I use MSE, and this graph has done nothing to change my mind about using it, since it doesn't say how these machines were compromised or what they were compromised with, how diligently certain non-antivirus software was updated, what kind of risky behaviors were simulated, or even what "compromised" means.

Does being able to visit a "malicious" website without being infected with anything, still qualify it as being compromised merely on the basis of being able to view that website?

How about e-mail attachments? Does merely receiving a malicious attachment that is downloaded to your machine when retrieving e-mail via POP3 (a perfectly normal thing to happen to one that does not use webmail or IMAP), qualify as being "compromised", even if the e-mail or attachment was never opened?

How about opening an e-mail containing a link to a malicious website, even if the link was never actually clicked? Does that qualify as "compromised"?

Was the vast majority of malware that slipped through of the type that would typically end up only on a machine of someone that routinely downloads "cracks" and "keygens"?

Does merely having a perfectly safe .ico file extracted from the executable of an old piece of spyware, without actually having the executable on the system, qualify as "compromised"?

All this graph did was cause me to add another anti-virus to the list I won't ever consider using, based on its insanely high rate of false positives [F-Secure].

That list already contained at least 6 other products mentioned on that graph, that ended up on my "don't use" list due to previous negative experiences with them, some of which had nothing to do with their ability to detect malware. Some are on that list for efficiently detecting malware, claiming it successfully removed it (when in fact it had not), and interfering with my ability to manually remove it from infected machines (they produced as many annoying popups as the malware)[Avast, AVG, Avira]. Others are on the list by successfully preventing all possibility of infection by slowing the system down to an unusable state (you can't get infected with anything if you can't use the machine) [Kaspersky, McAfee]. And another is on the list due to ethical reasons, for their policy of placing all known websites on their "malicious" list by default, until the owner of the site contacts them to complain about it (and their lost revenue, lost business, and damage to their reputation), and have their site manually evaluated and removed from the list [Trend Micro].

MSE is doing its job, as far as I am concerned, by keeping everyone I have recommended it to (IRL) from phoning me to come over and clean up their systems. And as long as my phone isn't ringing and my own systems stay clean, I will continue to use it.

Giampy:
Antivirus programs raise doubts about their efficacy. What do you think instead of anti-exploit programs?

Tuxman:
There is no such thing as "anti-exploit programs". The best you can do is use your existing anti-exploit mechanisms (-> EMET).

Stoic Joker:
It's a bit long to quote, so I'll just +1 App103's sentiments here.

Because regardless of the efficiency of the security software used, it invariably comes down to the user being presented with a dialog that basically says: "Would you like to blow your own ass off? Yes/No" ... and that in the majority of cases is where the real problem lies. This is why the drop in support incidents before and after Admin rights are stripped from users numbers are always very high..

Curt:
Thank you, April, for your thorough answer and legit questions & reservations! It was a moment of "purple pill deja-vu zen", when I realized we don't use the exact same programs! -and you even made me remember why!  :up:

---------------

I had half a year without any anti this or that -program installed. Nothing bad happened to my computer. Common sense is of course the best anti-virus and anti zero-day-exploit.

But one may try EMET https://www.microsoft.com/en-us/download/details.aspx?id=46366
or MWB Anti-Exploit 7 Premium https://www.malwarebytes.org/antiexploit/premium/ all the same.

Navigation

[0] Message Index

[#] Next page

[*] Previous page