Please register to participate in our discussions with 2 million other members - it's free and quick! Some forums can only be seen by registered members. After you create your account, you'll be able to customize options and access all our 15,000 new posts/day with fewer ads.
Most conventional AV programs are not worthwhile. Definitions-based scanning is a slow and relatively ineffective way to deal with the problem. I know a few programs supposedly use behavior-based scanning, which makes far more sense and might be a good value.
Most conventional AV programs are not worthwhile. Definitions-based scanning is a slow and relatively ineffective way to deal with the problem. I know a few programs supposedly use behavior-based scanning, which makes far more sense and might be a good value.
This is true regardless of OS.
Definitions have only been a part of AV software for a number of years now. Heuristic scanning is a term some companies use to indicate that their scan s not entirely dependent on a definition file. Most of the better-known AV programs are definitely worthwhile. I don't think it is a good idea to imply otherwise when so many people come here looking for trustworthy advice and may take anything they read as reliable. Besides, if you want to claim that they are not worthwhile, you should back that up with some evidence.
Last edited by mensaguy; 05-24-2011 at 01:39 PM..
Reason: added the 2nd half of the message
Most conventional AV programs are not worthwhile. Definitions-based scanning is a slow and relatively ineffective way to deal with the problem. I know a few programs supposedly use behavior-based scanning, which makes far more sense and might be a good value.
This is true regardless of OS.
In theory, it makes sense.
In practice, I've seen heuristic solutions make false positives when legitimate apps moved files around. No one wants AV software that cries "Wolf!"
A signature-based scan seems adequate to me, as long as it's backed with a team of folks updating it on a VERY regular basis. Zero-day attacks are covered pretty well in the tech media these days. Paying attention to that can provide clues about what to watch for until the signature files are updated for the latest attack.
Definitions have only been a part of AV software for a number of years now. Heuristic scanning is a term some companies use to indicate that their scan s not entirely dependent on a definition file. Most of the better-known AV programs are definitely worthwhile. I don't think it is a good idea to imply otherwise when so many people come here looking for trustworthy advice and may take anything they read as reliable. Besides, if you want to claim that they are not worthwhile, you should back that up with some evidence.
Okay, here are three major flaws with definitions scanning:
1. Your protection is only as good as your definitions. Definitions provide limited protection against zero-day exploits.
2. It is a major waste of both bandwidth (downloading new definitions) and system resources (scanning).
3. This one applies to all AV programs. An ounce of prevention is worth a pound of cure. IMO, AV software tends to give a false sense of security. The reality is that it's not easy to attack an updated system typically run with a limited account unless the user is extraordinarily stupid. If you are relying on an AV, you've already ceded too much ground.
On the other hand, I'd be very interested to hear your justification for the claim that "most of the better-known AV programs are definitely worthwhile."
Quote:
In practice, I've seen heuristic solutions make false positives when legitimate apps moved files around. No one wants AV software that cries "Wolf!"
A signature-based scan seems adequate to me, as long as it's backed with a team of folks updating it on a VERY regular basis. Zero-day attacks are covered pretty well in the tech media these days. Paying attention to that can provide clues about what to watch for until the signature files are updated for the latest attack.
Sorry, but anyone who will freak out about having to allow legitimate modifications to system files is not going to keep close track of the news about new zero-day threats.
I don't think false positives should occur all that frequently for most users.
Why does Apple's response not surprise me? That this infection is happening is no big surprise to anyone, it was only a matter of time, but their attitude and how they're handling it is true Apple form, pitiful.
Why does Apple's response not surprise me? That this infection is happening is no big surprise to anyone, it was only a matter of time, but their attitude and how they're handling it is true Apple form, pitiful.
Just put up today, seems someone at Apple finally figured out they should put something up for their users rather than ignore the problem
From a number-of-users-affected standpoint, other than the cross-platform Word/Excel macro viruses of the 90s, it's probably the biggest malware issue in the history of Apple. That would make it the biggest event like this on Steve Jobs' watch. And with so little history to use for a precedent, it's not too surprising that the company might see a need to update their rules about how to respond.
Maybe they were concerned about their support reps inventing fixes on the fly and creating a liability issue, before the best fix had been determined?
Is it as fast as some would like? Probably not, but its not hemming or hiding anything either. I'd say the delay was because Apple had to organize something. It was still less than 1 week since the phishing scam became public knowledge.
A curious thing though, rather than calling the malware a trojan, which is what it is, they use the term phishing, which it is not. Seems they still don't want to admit their OS is not as immune as they want you to believe, user intervention required or not.
Please register to post and access all features of our very popular forum. It is free and quick. Over $68,000 in prizes has already been given out to active posters on our forum. Additional giveaways are planned.
Detailed information about all U.S. cities, counties, and zip codes on our site: City-data.com.
Please register to participate in our discussions with 2 million other members - it's free and quick! Some forums can only be seen by registered members. After you create your account, you'll be able to customize options and access all our 15,000 new posts/day with fewer ads.
