Free security software 'as good as commercial brands'

Bottom line is still "How much are you willing to mess with it?"

I agree the heuristic approach and the sandbox are both the only future path
that will result in leaving valuable computer resources to the user, but...

Since installation of ESET AV, I've caught one trojan before it was
installed and had one false positive which took me an hour to overcome so I
could use the file.

McAfee and Norton continuously asked me questions that most users (meaning
my wife) would blithely answer "Deny." This eventually required my
intervention to get valid programs working again.

Spybot is only good in that it is free. It misses as much as it catches
since it looks for a particular type of file.

Sphinx was beyond the casual user.

Notice the trend...
....ease of use...

It has to do it's job without my input and be correct at doing it. When that
one comes along, let me know.


"MICHAEL" <u158627_emr2@dslr.net> wrote in message
news:eaRRgDo7HHA.5752@TK2MSFTNGP04.phx.gbl...

Quote:

>
>
> * John Whitworth:

Quote:

>
> http://www.virusbtn.com/vb100/archiv...isplay=summary
> ESET has achieved 45 Virus Bulletin VB100 Awards, more than any other
> vendor.
>
> http://www.av-comparatives.org/
> "NOD32 is the leader in Advanced+ awards, having received top honors
> in each of the last five tests. This represents the most proactive malware
> detection
> capabilities of all the products tested over the last 12 months."
>
> http://www.consumersearch.com/www/so...irus-software/
> Best antivirus software for experts. Reviews unanimously agree that NOD32
> is as good as or
> better than Kaspersky Anti-Virus in all but one area: Reviews say NOD32
> has a very hard-to-use
> interface. Although computer experts say NOD32 offers great protection, no
> system drain and no
> software conflicts, most users will be confused by its unintuitive and
> confusing interface and
> controls. That puts NOD32 out of contention for anyone but sophisticated
> computer users.
>
> http://anti-virus-software-review.to...32-review.html
> Effectiveness:
> The most important function of antivirus software is to detect and block
> viruses, and Nod32
> does an excellent job. This software received the VB100% award in June
> 2007, was certified by
> ICSA in 2007 and passed the level 1 & 2 Checkmark from West Coast Labs.
>
> http://www.pcworld.com/article/id,12...s/article.html
> When a Signature Isn't Enough
>
> The heuristics approach looks inside a potential piece of malware, but
> behavioral analysis,
> another proactive-protection technique, looks at it from the outside to
> see how it runs. If a
> file behaves suspiciously, such as by executing from a temp directory,
> antivirus programs may
> flag it as potential malware.
>
> Some newer, advanced types of behavioral methods create what's called a
> sandbox, in which part
> or all of a suspect program can be analyzed in a protected virtual
> environment. The top two
> performers in our proactive tests, which subject PCs protected by
> month-old signatures to new
> malware to simulate future unknown threats, rely on the sandbox approach.
> Eset's NOD32 program
> intercepted 79 percent of malware, and BitDefender Antivirus 10 stopped 61
> percent. On the
> other hand, Grisoft AVG finished last, at 34 percent, despite using a
> sandbox.
>
>

{...deleting a bunch of other stuff...}

Quote:

> http://www.consumersearch.com/www/so...irus-software/
> Best antivirus software for experts. Reviews unanimously agree that NOD32
> is as good as or
> better than Kaspersky Anti-Virus in all but one area: Reviews say NOD32
> has a very hard-to-use
> interface. Although computer experts say NOD32 offers great protection, no
> system drain and no
> software conflicts, most users will be confused by its unintuitive and
> confusing interface and
> controls. That puts NOD32 out of contention for anyone but sophisticated
> computer users.

"Best anti-virus software for experts." This is a really curious position to
take. I've been involved in computer security--as a practitioner, a
consultant, and an instructor/speaker--for several years. I feel fairly
confident in calling myself an expert. I don't run anti-malware on any of my
own computers. Why not? It's simple: I know what to click and what to skip,
what to visit and what to avoid. I have control over what I choose to open,
what I choose to load, and what I choose to run. And yeah, before the
question arises, every four months or so I run a scan, and I've never gotten
infected with anything.

Now don't think that I run totally naked (the other residents of my house
probably would object, and I shudder to imagine how hot the laptop would
feel *then*, haha). Because there's no way to control what someone else
might throw at my Ethernet port, I do run the Windows firewall. I also run
with UAC enabled because I want IE's protected mode, but I configure the
policy to elevate without prompting.

Am I saying that anti-malware is useless? Absolutely not. In many instances,
and for many people, it's still necessary. But we can't ignore the fact that
malware is getting more sophisticated. Nor can we ignore the fact that, as I
have this conversation with other security experts and similarly-minded
folk, I often ask this question: "When's the last time your AV or AS
detected anything?" Invariably, the answer is, "Never."


--
Steve Riley
steve.riley@microsoft.com
http://blogs.technet.com/steriley
http://www.protectyourwindowsnetwork.com

Perhaps I'm lucky because retailers in my area routinely offer free
computer-security software (i.e., I pay the sales tax and submit a
rebate form on-line or by mail, and the purchase price returns to me
by check). I use separate systems for e-mail, financial
transactions, responding to SPAM, personal correspondence,
mathematics and tutoring, rebate processing, testing
freeware/shareware, games, etc. (Oh, that's a bit exaggerated;
there is some overlap -- except for the SPAM and financial systems.)
Using so many systems let's me evaluate a variety of security
software under different operating systems and different hardware
profiles.

Of course, commercial subscriptions eventually expire, but, even if
I had to pay for any of these products, I would still choose to use
one of them over freeware. In general, I do not believe that
developers of freeware can invest enough resources in researching
and responding to new threats to be able to surpass what is done by
many commercial developers. Also, while there are a few freeware
developers who produce good documentation and provide above-average
technical support, in my experience most do not. With the exception
of Windows Live OneCare, all the documentation and technical support
for the commercial products that I've used so far is very good.

Anyway, I'm trying out two Computer Associates products (with two
more still in the box), one Norton product (with two more still in
the box), Windows Live OneCare, one Webroot product (with one more
still in the box), Kaspersky, McAfee, and Trend Micro. So far, I
like Kaspersky the best, and I'm least impressed with Windows Live
OneCare.

Keep those rebates coming!

~ Mark


Julian wrote, in part:

Quote:

>
> The consumer watchdog Which? found that many free programs
> outperformed rivals costing up to £50.
>
> Computer owners who pay for top-of-the-range security software
> could be wasting their money, according to Which?

* Steve Riley [MSFT]:

Quote:

> {...deleting a bunch of other stuff...}
>

Quote:

>
> "Best anti-virus software for experts." This is a really curious position to
> take. I've been involved in computer security--as a practitioner, a
> consultant, and an instructor/speaker--for several years. I feel fairly
> confident in calling myself an expert. I don't run anti-malware on any of my
> own computers. Why not? It's simple: I know what to click and what to skip,
> what to visit and what to avoid. I have control over what I choose to open,
> what I choose to load, and what I choose to run. And yeah, before the
> question arises, every four months or so I run a scan, and I've never gotten
> infected with anything.
>
> Now don't think that I run totally naked (the other residents of my house
> probably would object, and I shudder to imagine how hot the laptop would
> feel *then*, haha). Because there's no way to control what someone else
> might throw at my Ethernet port, I do run the Windows firewall. I also run
> with UAC enabled because I want IE's protected mode, but I configure the
> policy to elevate without prompting.
>
> Am I saying that anti-malware is useless? Absolutely not. In many instances,
> and for many people, it's still necessary. But we can't ignore the fact that
> malware is getting more sophisticated. Nor can we ignore the fact that, as I
> have this conversation with other security experts and similarly-minded
> folk, I often ask this question: "When's the last time your AV or AS
> detected anything?" Invariably, the answer is, "Never."

Steve,

I have two friends who claim to have never used an AV in real-time
protection mode. One is still using Win2000 and the other WinXP,
neither one has ever been infected. Like you, they may run a scan
from time to time. It has been quite awhile since I have actually seen
my AV catch anything, except for my own testing when I purposely
throw critters at it.

The keys are having IE locked down, don't be stupid with email,
get behind a router. Software firewall (some will say that's not necessary
if you're behind a router). Some folks just have very bad surfing habits, too-
they go to shady sites, want to download "free" stuff that comes with
a critter payload, and click on this and that without thinking and/or
paying attention.

While an AV isn't perfect or foolproof, I'd rather have that extra bit
of security than not.


-Michael

In article <uMfqU0v7HHA.1208@TK2MSFTNGP03.phx.gbl>, u158627_emr2
@dslr.net says...

Quote:

> While an AV isn't perfect or foolproof, I'd rather have that extra bit
> of security than not.

In more than 30 years of working with computers I can honestly say that
my own computers have only alerted to malware 2 times in all those
years.

I've seen thousands of compromised machines, but, following the well
known standards on security, I've managed to keep all of my own
computers and all of our clients computers free from malware all this
time.

Yes, we always run active AV scanners, firewalls that strip attachments
from Emails, block downloads via HTTP/HTTPS, don't allow FTP or P2P
apps, etc...

AV software, active, quality, does provide protection when you are
unable to remain behind your very secure network, and it helps keep you
safe if you're not able to secure your machines while doing work that
can't be locked down.

--

Leythos
- Igitur qui desiderat pacem, praeparet bellum.
- Calling an illegal alien an "undocumented worker" is like calling a
drug dealer an "unlicensed pharmacist"
spam999free@rrohio.com (remove 999 for proper email address)

Hi, Steve.

I'm certainly no expert, although I've been using personal computers since
the original TRS-80 in December 1977 and online since at least 1979. There
was no AV software in the beginning, of course, but I started using Norton
Utilities in the mid-1980s, when Peter was still writing them. At some
point I started using Norton Anti-Virus and continued until 2006, when my
subscription to NIS 2005 expired before Symantec got around to making it
work with WinXP x64 - or with the Vista beta I was testing. Since then, I
also have been "Running Bear". ;^}

The only virus I ever had in that 30 years was from a floppy disk given me
by a professor, who had received it from a student. The virus was quickly
discovered and dispatched with no ill effects. It helps that I'm just one
guy with one computer and no network but the Internet.

In my opinion, the best anti-virus - for me, at least - is simply
"practicing safe hex". In addition to the other benefits of running without
AV, I enjoy not having a drag on my system's performance, not having to
respond to false alarms, not having to constantly update the programs and
definitions, and - perhaps most of all - being able to focus on identifying
and solving the REAL cause of any computer problems, rather than saying, "It
must be the AV messing up - again!"

No, I don't advocate running bare for everybody, especially newbies and
immature users who can't recognize threats and can't - or won't - control
their curiosity. Or for anyone who must share their computer with others
who may not be as careful. But it works for me.

RC
--
R. C. White, CPA
San Marcos, TX
rc@grandecom.net
Microsoft Windows MVP
(Running Windows Live Mail beta in Vista Ultimate x64)

"Steve Riley [MSFT]" <steve.riley@microsoft.com> wrote in message
news:eaqLnXq7HHA.5980@TK2MSFTNGP04.phx.gbl...

Quote:

> {...deleting a bunch of other stuff...}
>

Quote:

>
> "Best anti-virus software for experts." This is a really curious position
> to take. I've been involved in computer security--as a practitioner, a
> consultant, and an instructor/speaker--for several years. I feel fairly
> confident in calling myself an expert. I don't run anti-malware on any of
> my own computers. Why not? It's simple: I know what to click and what to
> skip, what to visit and what to avoid. I have control over what I choose
> to open, what I choose to load, and what I choose to run. And yeah, before
> the question arises, every four months or so I run a scan, and I've never
> gotten infected with anything.
>
> Now don't think that I run totally naked (the other residents of my house
> probably would object, and I shudder to imagine how hot the laptop would
> feel *then*, haha). Because there's no way to control what someone else
> might throw at my Ethernet port, I do run the Windows firewall. I also run
> with UAC enabled because I want IE's protected mode, but I configure the
> policy to elevate without prompting.
>
> Am I saying that anti-malware is useless? Absolutely not. In many
> instances, and for many people, it's still necessary. But we can't ignore
> the fact that malware is getting more sophisticated. Nor can we ignore the
> fact that, as I have this conversation with other security experts and
> similarly-minded folk, I often ask this question: "When's the last time
> your AV or AS detected anything?" Invariably, the answer is, "Never."
>
>
> --
> Steve Riley
> steve.riley@microsoft.com
> http://blogs.technet.com/steriley
> http://www.protectyourwindowsnetwork.com

"R. C. White" <rc@grandecom.net> wrote in message news:4C0751A2-D251-4B3E-963D-D7FBF279321A@microsoft.com...

Quote:

> I'm certainly no expert, although I've been using personal computers since the original TRS-80 in December 1977 and online since
> at least 1979. There was no AV software in the beginning, of course, but I started using Norton Utilities in the mid-1980s,
> when Peter was still writing them. At some point I started using Norton Anti-Virus and continued until 2006, when my
> subscription to NIS 2005 expired before Symantec got around to making it work with WinXP x64 - or with the Vista beta I was
> testing. Since then, I also have been "Running Bear". ;^}
>
> The only virus I ever had in that 30 years was from a floppy disk given me by a professor, who had received it from a student.
> The virus was quickly discovered and dispatched with no ill effects. It helps that I'm just one guy with one computer and no
> network but the Internet.

My experience has been similar to yours. My one and only infection was
in 1980 from a boot sector virus on a floppy disk received from a friend.
I quit using Norton AV in 2003 shortly after they instituted their activation
requirement.
--
Gary VanderMolen

Ah..the good old days of Ask Beep and Verify.

I've still a build of NSW2006 on an XP sp2 machine without any Windows
or OE issues.
- all email, office, and messenger scanning is disabled.

The sole issue was transferring large files(2GB+) from a different
networked pc to a slave drive partition connected to the XP/NSW machine.
Doing so lit up the Internet Worm Protection(IWP) blocking. A rule based
on ip address corrected it, though IWP interface is about as archane as
manually configuring Windows Firewall, thus turning off IWP may work
better for most)

The only other issue was self-induced...forgetting to disable Recycle
Bin protection and/or hide a slave drive partition with a dual boot
Vista RC2. The Norton Recycle Bin and true to its recommended
compatibilty couldn't/wouldn't empty Vista's files.

...winston
MS-MVP Windows Live Mail


"R. C. White" <rc@grandecom.net> wrote in message
news:4C0751A2-D251-4B3E-963D-D7FBF279321A@microsoft.com...

Quote:

> Hi, Steve.
>
> I'm certainly no expert, although I've been using personal computers
> since the original TRS-80 in December 1977 and online since at least
> 1979. There was no AV software in the beginning, of course, but I
> started using Norton Utilities in the mid-1980s, when Peter was still
> writing them. At some point I started using Norton Anti-Virus and
> continued until 2006, when my subscription to NIS 2005 expired before
> Symantec got around to making it work with WinXP x64 - or with the
> Vista beta I was testing. Since then, I also have been "Running
> Bear". ;^}
>
> The only virus I ever had in that 30 years was from a floppy disk
> given me by a professor, who had received it from a student. The
> virus was quickly discovered and dispatched with no ill effects. It
> helps that I'm just one guy with one computer and no network but the
> Internet.
>
> In my opinion, the best anti-virus - for me, at least - is simply
> "practicing safe hex". In addition to the other benefits of running
> without AV, I enjoy not having a drag on my system's performance, not
> having to respond to false alarms, not having to constantly update the
> programs and definitions, and - perhaps most of all - being able to
> focus on identifying and solving the REAL cause of any computer
> problems, rather than saying, "It must be the AV messing up - again!"
>
> No, I don't advocate running bare for everybody, especially newbies
> and immature users who can't recognize threats and can't - or won't -
> control their curiosity. Or for anyone who must share their computer
> with others who may not be as careful. But it works for me.
>
> RC
> --
> R. C. White, CPA
> San Marcos, TX
> rc@grandecom.net
> Microsoft Windows MVP
> (Running Windows Live Mail beta in Vista Ultimate x64)
>
> "Steve Riley [MSFT]" <steve.riley@microsoft.com> wrote in message
> news:eaqLnXq7HHA.5980@TK2MSFTNGP04.phx.gbl...

Quote:

>

Hi RC:

If any of my various security software caused those issues on the
system it monitors, then I would probably spread my computer usage
over even more systems so that I, too, could uninstall that source
of irritation.

What are the other benefits of running without AV that you enjoy?

Cheers,

~ Mark


R. C. White wrote, in part:

Quote:

>
> In addition to the other benefits of running without AV, I enjoy
> not having a drag on my system's performance, not having to
> respond to false alarms, not having to constantly update the
> programs and definitions, and - perhaps most of all - being able
> to focus on identifying and solving the REAL cause of any computer
> problems

Hi, Mark.

Other? The ones I've listed pretty well cover it. Except for the sense of
freedom - but remember, freedom and security are the opposite ends of the
seesaw: The more of one, the less of the other. I have to accept the fact
that, at any moment, I could learn that my system has been compromised by
some malware that a good AV could have stopped. So far, so good, after 30
years, but it could happen today.

I've left my classic 1957 TBird with the top off parked in downtown LA, too,
but I sure don't recommend it to others. The only time I've suffered a
theft loss was when someone opened my garage door at night (the only night I
forgot to lock it!) and took the hardtop and fender skirts off the car. :>(

RC
--
R. C. White, CPA
San Marcos, TX
rc@grandecom.net
Microsoft Windows MVP
(Running Windows Live Mail beta in Vista Ultimate x64)

"Mark M Morse" <mmm4444bot@hotmail.com> wrote in message
news:#vypJk47HHA.1164@TK2MSFTNGP02.phx.gbl...

Quote:

> Hi RC:
>
> If any of my various security software caused those issues on the system
> it monitors, then I would probably spread my computer usage over even more
> systems so that I, too, could uninstall that source of irritation.
>
> What are the other benefits of running without AV that you enjoy?
>
> Cheers,
>
> ~ Mark
>
>
> R. C. White wrote, in part:

Quote: