Facts About Antivirus Solutions: Difference between revisions

From Federal Burro of Information
Jump to navigationJump to search
(New page: * reprinted from: http://www.bit-tech.net/news/bits/2010/06/07/symantic-glitch-breaks-wow/1 * by: aussiebear http://forums.bit-tech.net/member.php?u=41106 Here's a few facts about AV solu...)
 
No edit summary
 
Line 5: Line 5:


# You are immediately on the defensive when you use it. Meaning that you will ALWAYS be reacting to (one step behind), malware writers.
# You are immediately on the defensive when you use it. Meaning that you will ALWAYS be reacting to (one step behind), malware writers.
# Malware variants outnumber AV signatures. (The time required to get a malware sample; analyse; create a signature; test it; and then push out to customers; cannot match one's ability to push out 10 to 20 malware variants in the same period of time. Thanks to scripting and automation tools!)
# Malware variants outnumber AV signatures. (The time required to get a malware sample; analyse; create a signature; test it; and then push out to customers; cannot match one's ability to push out 10 to 20 malware variants in the same period of time. Thanks to scripting and automation tools!)
# AV does NOT protect you from system or application specific exploits. (That is, they do nothing if malware specifically goes after something critical as a Windows service or something like Adobe Flash or Reader.)
# AV does NOT protect you from system or application specific exploits. (That is, they do nothing if malware specifically goes after something critical as a Windows service or something like Adobe Flash or Reader.)
# AV solutions are profitable because the whole business relies on user ignorance of what is already built-in Windows and poor computing habits. (Like using pirated software, allowing any random executable from the Internet to run, etc.)
# AV solutions are profitable because the whole business relies on user ignorance of what is already built-in Windows and poor computing habits. (Like using pirated software, allowing any random executable from the Internet to run, etc.)
# AV solutions are often poorly implemented and can be a potential security issue themselves! ie: Believe it or not, some AV solutions out there use specific hooks to the Windows Kernel such that it makes them vulnerable to certain types of attacks.
# AV solutions are often poorly implemented and can be a potential security issue themselves! ie: Believe it or not, some AV solutions out there use specific hooks to the Windows Kernel such that it makes them vulnerable to certain types of attacks.
# AV solutions can kill your system or cause you major inconvenience IF the AV developer stuffs up their quality testing process with their signature updates. ie: The McAfee Anti-Virus Update which killed Windows XP computers back in April wasn't an accident. It was an eventuality. McAfee never tested their signatures on XP systems in the first place! (Unsurprisingly, its happened with Symantec!)
# AV solutions can kill your system or cause you major inconvenience IF the AV developer stuffs up their quality testing process with their signature updates. ie: The McAfee Anti-Virus Update which killed Windows XP computers back in April wasn't an accident. It was an eventuality. McAfee never tested their signatures on XP systems in the first place! (Unsurprisingly, its happened with Symantec!)



Latest revision as of 12:36, 7 June 2010

Here's a few facts about AV solutions.

  1. You are immediately on the defensive when you use it. Meaning that you will ALWAYS be reacting to (one step behind), malware writers.
  2. Malware variants outnumber AV signatures. (The time required to get a malware sample; analyse; create a signature; test it; and then push out to customers; cannot match one's ability to push out 10 to 20 malware variants in the same period of time. Thanks to scripting and automation tools!)
  3. AV does NOT protect you from system or application specific exploits. (That is, they do nothing if malware specifically goes after something critical as a Windows service or something like Adobe Flash or Reader.)
  4. AV solutions are profitable because the whole business relies on user ignorance of what is already built-in Windows and poor computing habits. (Like using pirated software, allowing any random executable from the Internet to run, etc.)
  5. AV solutions are often poorly implemented and can be a potential security issue themselves! ie: Believe it or not, some AV solutions out there use specific hooks to the Windows Kernel such that it makes them vulnerable to certain types of attacks.
  6. AV solutions can kill your system or cause you major inconvenience IF the AV developer stuffs up their quality testing process with their signature updates. ie: The McAfee Anti-Virus Update which killed Windows XP computers back in April wasn't an accident. It was an eventuality. McAfee never tested their signatures on XP systems in the first place! (Unsurprisingly, its happened with Symantec!)

So what's the alternative? Prevention. Not reaction.

This is in the form of sound computer usage that is more security aware, and reversing the Allow-by-default concept of Windows.

To put it simply; Allow-by-default means you can run any executable from anywhere. Good or bad; regardless of where it came from! This is the fundamental issue at hand.

The reason for this approach is because of convenience to end-users. But its really flawed from a security perspective.

The prevention approach is to reverse this to Deny-by-default. This means you deny everything at first; and only allow to run things that are known to be safe or trusted. (So you restrict the running of software you actually need and nothing else.)

So for something like drive-by download attacks; they don't work on a Windows system that is set up with the Deny-by-default principle. This is because you are denying all foreign executables!

Malware is just software designed/written for a specific purpose; by denying the ability to run software that isn't from a known/trusted source; infection cannot occur!

The catch?

You must have a Windows version that supports Software Restriction Policy or AppLocker. (NONE of the Home Editions have this feature.)

ie: You'll need to have one of the following...

  • Windows XP Professional
  • Windows Vista Business/Ultimate/Enterprise
  • Windows 7 Professional/Ultimate/Enterprise

For details, see here http://www.mechbgon.com/srp/

The overall point?

Don't waste your time and money on researching, investing, installing/maintaining AV software on your system. Spend the time in gaining knowledge/understanding and instill new habits of prevention. Because it saves you time, money, and your system resources in the long term.

You don't need AV when you know and practice sound security principles in computing. This is what every experienced Linux, BSD, etc user knows. Only a minority of Windows users know this. The majority do NOT. Quote:

Originally Posted by shanky887614
its just one of those things you need to do its like going to the docter we may not like it but we have to go if we are feeling ill


And if you live your life correctly with regular exercise, healthy diet, and other proper measures that prevent sickness and injury; you wouldn't need to go to the doctor in the first place!

Is it starting to sink through? => Prevention is better than cure.