Re: Rant: Antivirus: Buy It. Use It. Update It!

[dwhite]

Scot's got two recommendations about using antivirus software that I've got to take issue with: autoupdates and product life span.My experience with older PCs (I use refurbs) is that autoupdate technology rapidly outgrows older platforms. Autoupdate features are pretty much guaranteed to bring my older systems to a screeching halt. The worst offenders are those that check for update at system startup. If they don't find an internet connection, and that's frequently the case - especially for dialup setups - they'll poll and poll and poll and poll until you're ready to shoot yourself your system's so slow. Scot recommends two years for an acceptable antivirus product life span. I ask, why so short? Why wouldn't you want a software utility to be adequate for the life of the PC, just like an operating system? I don't work with an IT department, but those guys would know how long a PC is typically used by its original purchaser. My guess is that it's more like three or four years.dw

[Prelude76]

i feel the same way. "dont shoot the vicitm"... well put. my dad had Norton AV loaded and i just wanted to update virus signature, but LiveUpdate insists on updating the Antivirus software too, so it wanted to download over 10mb of software update before even updated virus signatures. on dial-up, no one wants to have anti-virus update for an hour or more; thats just ridiculous.more should be done to address the two major reasons why worms and viruses spread so fast and easy: Internet Explorer and Outlook Express. in the end, i took the antivirus off my dad's computer, loaded up a firewall, and made his default browser and email Mozilla Firebird and Thunderbird. simple! no silly antivirus hogging the system down with auto-updates, and i've eliminated most threats. he still has anti-virus installed, only to do selective scans once a month when i'm over and i also showed him how to scan programs he gets off the net, though he barely gets anything new installed.Outlook Express' eagerness to run any VBScript, PIF or EXE it sees in incoming email, and Internet Explorer's many security holes and ActiveX vulnerabilities are whats wrong these days. ActiveX is a disaster, IMHO. wow, a website that can load scripts and programs automatically! who wouldve ever thought this might've been used for harm! *sarcastic tone applied* and Outlook Express, where every worm and virus seems to have no problem hacking into the address book and mass-launching emails to everyone. once again, great programming, MS. this is MS's problem so let them fix it, either by locking most options OFF by default or releasing a new improved browser/email suite.i might be wrong in my view, but thought i'd say how i feel about the issue.~~~ running no anti-virus on a Mozilla Firebird/Thunderbird box with no problems for long time ~~~~

[Martini Lover]

I agree mostly.Microsoft products are always going to be the target of virus attacks because so many use it. In the last twenty-four hours I have over a hundred emails purporting to be from Microsoft, or email rejection notices. This is not uncommon, for my inbox, when new bugs are on the loose. It just takes common sense not to open them and delete them. The only time I have ever had a problem was when I downloaded something I knew better of, but went ahead and did it. I can only blame myself. It wasn’t Microsoft’s, my AV, or anyone else. Just my own stupidity.In the mean time, I'll run my AV automatically every morning, the same way I lock my door when I leave the house. It makes me feel safer.

[Jeber]

it wanted to download over 10mb of software update before even updated virus signatures

So for the whole time you're on line downloading that update to the software, you're vulnerable to any virus or worm out there that is newer than your last definition. That seems highly irresponsible. If they were consumer-centric, they'd have you update the def's first, then you could (more) safely be on line long enough to d/l 10MB.

[Ed_P]

There are smaller updates on other AVs. I use Trend Micro's and I don't have the problem you describe. Granted some newer defs require newer programming mods to use them but I've never had to download 10MB to maintain my AV. NAV is bloatwear and has been for a long time.Going without an AV is like driving a car without a seat belt. It can be done and is done by many. And what do you think of someone who gets into a fender bender and dies after going thru the windshield?

[ibe98765]

Yada, yada, yada... You can rant all you want about poor vendor code, poor program design, poor support, poor interoperability and on and on. But the fact of the matter is - it ain't going to change anytime soon. If you don't know enough to protect your PC, then you shouldn't be on the net. If you can't afford $400-500 for a basic, up-to-date PC, then you don't belong on the net. As a good netizen, it is your responsibility to ensure that your PC is up to snuff and is not capable of propagating an infection that impacts others.One day, the floodgates will open and a court subpoena is going to land in someone's mailbox charging them with contributory negligence for not operating a PC in a safe and secure manner. As always when the lawyers get involved, their defense is going to cost a lot more than a new PC.As to problems with AV software, there are many alternatives to choose from. Forget about Anything Symantec or McAfee produces. These are intrusive applications that make hundreds of changes to your system on install. Support is generally poor and you'll never get them completely out of your system if you try to remove them. Any reviews you read at the likes of CNET, for instance, where these products come out on top, are paid for via additional advertsing. Ignore them.

[Cluttermagnet]

I'm envisioning an entire galaxy of new internet sanctions once we get the internet police situated and empowered. How about designing a web page whilst intoxicated? A pretty serious offense, especially if the designer commits a web style faux pas while under the influence. How distasteful. Then we will have operating a computer with unregistered or pirated software (gasp!) And high among other offenses would be operating a computer with an obsolete browser that chokes on CSS. And of course anyone who has any pirated music or videos on their hard drives deserves to have their machines trashed destructively by remote control by the irate corporations, 'cause don't ya know, it is far more OK for them to do malicious hacking than for lone computer geeks to do so. But the absolutely greatest sanctions ought to be invoked against old grannies who are not operating a safe system with the requisite AV and firewall all thoroughly up to date. Granny should do some serious jail time to serve as a lesson to others.(Sorry, ibe, I could not resist throwing in some humor in this area, though you are basically right, and the slackers who run unprotected machines are becoming part of a very unwelcome rising din of virus beacons out on the net).I'm even starting to get annoyed myself. My ZA log maxes out at 500 hits, sometimes in little more than an hour. It is getting downright noisy out there with all the compromised machines beaconing away. I remember just a few months back where it took at least a day to count up to 500 hits. Looks like those days are gone forever. It's virus packet madness out there. And this latest email going around supposedly from MS? I have received more copies of it than of any previous virus by far.I started learning about self-protection on the net back when I was still on my first machine with Win95. Quickly got NAV and ZA and have always been very security conscious since then. I do try to keep current with all patches. But apparently the majority are not at all security conscious- heck, I suspect a large number of users are not sufficiently skilled to understand basic file management and are utterly unable to do these simple things for themselves. That is why auto-update is probably a good idea for many, though I don't like it personally. Yes, I am moving away from Symantec now, slowly, and had a bad attitude about McAffee for several years already. There are indeed better out there, many still free. My latest favorite for a Windows machine is AVG.I don't see any easy answers here, and I will watch with interest to see if 'they' ever find a test case of an irresponsible person with very deep pockets they can sue successfully to make an example of. In the wonderful world of litigation, anything is possible, and as Johnny Cochran says in his TV ads lately, "the sky's the limit'. Bah humbug!

[Prelude76]

And this latest email going around supposedly from MS? I have received more copies of it than of any previous virus by far.

what is with all of you guys on this forum that keep getting hundreds and hundreds of virus emails? dang, did you sign up for every newsletter and online contect we-need-your-email promotion you ever saw? i've had my email for 4+ years and i get one or 2 junk emails a WEEK, and got TWO worm viruses that were both blocked by AV in past 4+ years! i feel like i'm missing out on this virus party and no one invited me. dang it all, if MY email ever got flooded as what you guys say, i'd be changing my email. or change ISP. i'd go NUTZ if i had dozens of MS Tech Support emails every day. but the only way i hear about these crazy fast-spreading viruses is thru u guys, so i'm thinking its not true.

[GolfProRM]

I received tons of the SoBig emails, but have only received one of the new MS emails... I've gotten to the point now that when I hear about a new virus, I email everyone I know explaining to them the details and making sure they DON'T OPEN THEM!!!

[nlinecomputers]

I haven't seen any sobig or swen but then my web/email host filters for this stuff like any good ISP should do. Makes for a quiet inbox.

[ibe98765]

And this latest email going around supposedly from MS? I have received more copies of it than of any previous virus by far.

what is with all of you guys on this forum that keep getting hundreds and hundreds of virus emails? dang, did you sign up for every newsletter and online contect we-need-your-email promotion you ever saw? i've had my email for 4+ years and i get one or 2 junk emails a WEEK, and got TWO worm viruses that were both blocked by AV in past 4+ years! i feel like i'm missing out on this virus party and no one invited me. dang it all, if MY email ever got flooded as what you guys say, i'd be changing my email. or change ISP. i'd go NUTZ if i had dozens of MS Tech Support emails every day. but the only way i hear about these crazy fast-spreading viruses is thru u guys, so i'm thinking its not true.

There's many ways to get on the spam lists. If you are in someone's contact list and they get hit by one of the viruses that rob the address book, then your email address will get exposed. This happened to me in the past when a recruiter I was communicating with, who didn't have a firewall or AV protection, got hit. There are also documented instances when a trusted inside employee steals and sells the company database. For instance, if you've brought something from a cheesy outlet. Then there are the jokes and comics that many pass around. Since few people copy and paste the content into a new mail to eliminate past email addresses before they forward something along, eventually, your email address may wind up in the hands of someone who is a spammer or sells email addresses to one. And of course, if you have a domain name (this is where the majority of my spam comes from), the buld mailers buy access to the domain name owners information. Once your info gets in the hands of a spammer, it will eventually get sold to others. Creating a new domain name or a new email address is a pain in the rear. That's why I'd like someone to add disposable address functionality directly into Outlook. Then you would never have to reveal your true address to anyone.According to my spam filter:I've received 9,494 emails since July 4, 2003. 7,896 of those were spam. That's 83% spam!Average number of daily emails is 117.If you don't count the spam mail, that means I get about 20 good emails daily and 40-50% of these are Scot's list notifications.

[volunteer]

dwhite, welcome to the forum. I use old computers, too. I find that running Linux is a better option for them since they are less a target of malicious code. I do have two 1GHz PCs and they run Windows so they are stationary targets so to speak, so large updates isn't a problem. :rolleyes:A good option for slower computers that run windows is to use an open source browser and email program. VCatch has a free AV that uses the small virus download strategy.A better option is to hang out in the Linux forum for a little while. It's very user friendly. Ken

[Prelude76]

that's what i dont understand, ibe. i've given out my email here and there, many people have it in their address book, and i've had it for over 4 years, yet i get 1 or 2 junk per week. honestly, if you were to look at my particular computer, you'd think that junk mail is not a problem, but then i hear horror stories from you guys about 100+ junk per day and i'm flabberghasted. in either case, i think (a) you guys slipped up somewhere along the way and the junk started flooding in, or ( your ISP has really weak or non-existant filtering. in either case, i'd suggest changing your ISP and/or email to fix this, as its NOT normal to get 100+ junk a day. i mean, i get a lot more flyers and junk mail in my real-life mailbox than i do in my virtual-inbox.

[Cluttermagnet]

And this latest email going around supposedly from MS? I have received more copies of it than of any previous virus by far.

what is with all of you guys on this forum that keep getting hundreds and hundreds of virus emails? dang, did you sign up for every newsletter and online contect we-need-your-email promotion you ever saw? i've had my email for 4+ years and i get one or 2 junk emails a WEEK, and got TWO worm viruses that were both blocked by AV in past 4+ years! i feel like i'm missing out on this virus party and no one invited me. dang it all, if MY email ever got flooded as what you guys say, i'd be changing my email. or change ISP. i'd go NUTZ if i had dozens of MS Tech Support emails every day. but the only way i hear about these crazy fast-spreading viruses is thru u guys, so i'm thinking its not true.

Hi, Prelude-I believe my medium-ish amount of spam emails, perhaps 15-30 per day, is mostly the result of posting my real pop email on my web page. It has been that way for years. I assume I have mostly been harvested by spam spiders. My web page is of interest to my fellow hobbyists and generates a lot of email comments and especially questions. I see this as a public service and as a way of 'giving back' for all the ways I have been helped by others.If I had it to do over again, I would use stealth email address techniques, maybe one of the javascript ones. That may well happen at year's end when I change dialup ISP's. In the meantime, the level of spamming I am seeing here is still in the 'acceptable' range. 100 per day would not be acceptable. I'm really not sure where I draw the line. Soon enough, it all becomes academic anyway, as changes are coming.

[Cluttermagnet]

I received tons of the SoBig emails, but have only received one of the new MS emails...  I've gotten to the point now that when I hear about a new virus, I email everyone I know explaining to them the details and making sure they DON'T OPEN THEM!!!

I have emailed with fellow hobbyists all over the US and sometimes in other countries as well. I'm sure my email address must be in a lot of address books. Those guys are more lax about security than I am. They get hit with a trojan, I get emailed. No doubt there have even been a few virus emails sent out with my address forged as the sender, though nobody has ever contacted me and claimed that I have a virus (I don't).Receiving some 10-15 MS spoof virus emails is a new record for me, but its just not worth getting upset over. I delete them on the ISP server and life goes on. I accept them as inevitable. I have resisted using any type of filtering myself, as I just don't see my current volume of email as being a problem. I would welcome my ISP becoming a bit more proactive in filtering at their level, but I'm not sore at them just because they do not do that. After all, filters are often quite imperfect, and end up trashing legitimate emails. I prefer to run in completely manual mode and do my own screening.

[ibe98765]

Prelude - Don't you guys have a law in Canada that doesn't allow spam to cross the border?

[FuzzButt]

If you don't know enough to protect your PC, then you shouldn't be on the net.  If you can't afford $400-500 for a basic, up-to-date PC, then you don't belong on the net.  As a good netizen, it is your responsibility to ensure that your PC is up to snuff and is not capable of propagating an infection that impacts others.One day, the floodgates will open and a court subpoena is going to land in someone's mailbox charging them with contributory negligence for not operating a PC in a safe and secure manner.  As always when the lawyers get involved, their defense is going to cost a lot more than a new PC.

I am going to have to agree with Ibe here.I think it is the sole responsibility of the Net user to make sure his/her PC is browsing safely. Problem is you have 3 varieties of users.Idiot users who just plug it in and go and don't have the slightest idea of their actions. These are the ones who answer Spam, forward all those stupid emails with all the ">>>>"is in them. THe ones who just turn it on and wonder why after a year of no maintence their PC is running so slowly.Power Users. Probably like those here. We are careful. Deliberate in our actions online. We run as much protection as possible against the bad guy's. We actually maintain our PC's.Hackers. Or what ever you want to call the teenage/thirty somethings living in their Mothers basement. The guy's who write all these Virii, Worms and Trojans just for sport. Those who make off with other peoples data and sell it to the highest bidder. The Anti-Idiot. I guess the problem is there are too many Idiot's. We need more people to move into the center of this example. We need to get a handle on this now. Idealy it should have been 5 years ago. Having ISP's and expecting Microsoft to save us from the nasties of the world is not the answer. Protect yourself. Only you can stop Forrest Fires (well not exactly Forrest Fires. I could not think of something as catchy)Chris

[Scot]

As I've read through this thread I just made notes in a file that are my responses. Sorry for not providing quoted references, but I've got limited time at the moment. Here are my thoughts:1.Dwhite, you misunderstood my discussion about two years. What I'm calling for is a minimum two-year subscription period for AV signatures. In other words, everyone must buy this in two-year increments. One year is just too short. I'm also asking vendors to halve the cost for them, so you would get two-years for what Symantec charges now for one year. I am NOT saying you couldn't renew in perpetuity. In fact, I think Symantec and others should support each AV version for at least eight years.2. Dwhite, we just disagree on the AutoUpdate. Bottom line: AutoUpdate should work properly. I think we can agree on that. I'm not a big fan of automatic things either, and have written against over-automation in the name of convenience before. But when it comes to antivirus definitions, automatic is a very, very good thing. And I think it should be mandatory for all computers. Now, for dial-up computers, it should just work when you first dial up (but there should be controls to allow it to delay for 5 minutes or whatever).Symantec's Automatic LiveUpdate feature has a bug in it that I've reproduced many times. It does not work reliably on machines that are left on all the time. It is supposed to check for new updates once daily, but sometimes it "forgets." But it is reliable about checking every time the machine is restarted. Many other AV programs are only beginning to add this feature. But think about it, if everyone had AV and their AV signatures were updated at least daily, automatically -- something like SoBig would have been SoSmall. That's what I'm driving at.One thing I would like to ammend from what I wrote about in the newsletter is that I implied that the AV companies should just be able to charge your credit card every two years for the subscription update. I should have explained this better. There should be an option for them to have your CC on file, for you to say, go ahead and just renew it automatically, but the default should be that they should ask you for permission to do that beginning 30 days before your sub is set to expire.3. Prelude, I don't know what version of NAV your dad is running, but Symantec's Automatic LiveUpdate does NOT automatically update programs -- it only does AV signatures (and other signatures). A manual update will bring back a list of program updates, but you do not need to accept them. My guess is that your dad is running NAV2000 or NAV2001, both of which had severe LiveUpdate problems. In this case, he should pay for a major upgrade of his AV software. Outlook Express is the worst email program on the market; and it's insidious because it has the best user interface. So a lot of people use it. Get your Dad to try Eudora or Netscape Mail or The Bat! or something.4. EdP, I agree that Trend Micro's product is very worthy. I've been trying to get the company to send me an evaluation version for over a year. I can't afford to pay for all the software I review, but I'm about ready to bust down and pay for this one. I have, of course, looked at it in the past.5. Ibe98765 (and later FuzzButt): You clearly got what I was driving at. We disagree about the Symantec products (but agree on the McAfee ones).6. Prelude76, consider yourself lucky on the spam/viruses. More than likely, they'll be visiting you in larger numbers some day soon. And the key is not newsletter or forum sign-ups, it's usenet newsgroup posts with your real address, publication of your email address on the web anywhere (this is the worst), and stuff like idiot friends who send out Ha-Ha emails to 400 of their closest frienids, and that winds up getting passed around the Net for the next six months. Stuff like that. Two other things: Some ISPs are unscrupulous. That's become obvious to me. The other is that if you have a guess-able email address, the biggest tool these days is email address generation tools that literally make-up emails addresses and then mail to them, trying to get stupid owners to reply "take me off the list," which only confirms that your email address is good.7. Was Swen a hoax? I've received only a handful of those, and I'm not 100% sure they were Swen because NAV just killed the messages entirely.-- Scot

[nlinecomputers]

7. Was Swen a hoax? I've received only a handful of those, and I'm not 100% sure they were Swen because NAV just killed the messages entirely.

No it is NOT a hoax. I've got a computer (Win2000) on my bench RIGHT NOW that was infected with this. The client was able to install NAV 2003 but it botched the cleaning of it. It removed the virus but it failed to make the needed changes in the registry. Swen adds itself to the registry call ups for all exe, com, bat, scr, and other programs. It also blocks your registry edit tools. Fixswen.exe couldn't run because of that, even in safe mode. I was unable to run any repair tools that any AV vendor provides. I finally tried to run safe mode command prompt only. THAT allowed me to run Symantec's removal tool and kill this %&$#*&@ virus.