U.S. CitiesCity-Data Forum Index
Go Back   City-Data Forum > General Forums > Science and Technology > Computers
 [Register]
Please register to participate in our discussions with 2 million other members - it's free and quick! Some forums can only be seen by registered members. After you create your account, you'll be able to customize options and access all our 15,000 new posts/day with fewer ads.
View detailed profile (Advanced) or search
site with Google Custom Search

Search Forums  (Advanced)
Reply Start New Thread
 
Old 05-24-2011, 02:25 PM
 
333 posts, read 735,348 times
Reputation: 267

Advertisements

Most conventional AV programs are not worthwhile. Definitions-based scanning is a slow and relatively ineffective way to deal with the problem. I know a few programs supposedly use behavior-based scanning, which makes far more sense and might be a good value.

This is true regardless of OS.
Reply With Quote Quick reply to this message

 
Old 05-24-2011, 02:36 PM
 
Location: WV and Eastport, ME
11,707 posts, read 11,301,056 times
Reputation: 7686
Quote:
Originally Posted by barney_rubble View Post
Most conventional AV programs are not worthwhile. Definitions-based scanning is a slow and relatively ineffective way to deal with the problem. I know a few programs supposedly use behavior-based scanning, which makes far more sense and might be a good value.

This is true regardless of OS.
Definitions have only been a part of AV software for a number of years now. Heuristic scanning is a term some companies use to indicate that their scan s not entirely dependent on a definition file. Most of the better-known AV programs are definitely worthwhile. I don't think it is a good idea to imply otherwise when so many people come here looking for trustworthy advice and may take anything they read as reliable. Besides, if you want to claim that they are not worthwhile, you should back that up with some evidence.

Last edited by mensaguy; 05-24-2011 at 02:39 PM.. Reason: added the 2nd half of the message
Reply With Quote Quick reply to this message
 
Old 05-24-2011, 02:43 PM
Bo Bo started this thread Bo won $500 in our forum's Most Engaging Poster Contest - Tenth Edition (Apr-May 2014). 

Over $104,000 in prizes has already been given out to active posters on our forum and additional contests are planned
 
Location: Ohio
16,896 posts, read 33,628,448 times
Reputation: 13840
Quote:
Originally Posted by barney_rubble View Post
Most conventional AV programs are not worthwhile. Definitions-based scanning is a slow and relatively ineffective way to deal with the problem. I know a few programs supposedly use behavior-based scanning, which makes far more sense and might be a good value.

This is true regardless of OS.
In theory, it makes sense.

In practice, I've seen heuristic solutions make false positives when legitimate apps moved files around. No one wants AV software that cries "Wolf!"

A signature-based scan seems adequate to me, as long as it's backed with a team of folks updating it on a VERY regular basis. Zero-day attacks are covered pretty well in the tech media these days. Paying attention to that can provide clues about what to watch for until the signature files are updated for the latest attack.
Reply With Quote Quick reply to this message
 
Old 05-24-2011, 03:57 PM
 
333 posts, read 735,348 times
Reputation: 267
Quote:
Definitions have only been a part of AV software for a number of years now. Heuristic scanning is a term some companies use to indicate that their scan s not entirely dependent on a definition file. Most of the better-known AV programs are definitely worthwhile. I don't think it is a good idea to imply otherwise when so many people come here looking for trustworthy advice and may take anything they read as reliable. Besides, if you want to claim that they are not worthwhile, you should back that up with some evidence.
Okay, here are three major flaws with definitions scanning:

1. Your protection is only as good as your definitions. Definitions provide limited protection against zero-day exploits.

2. It is a major waste of both bandwidth (downloading new definitions) and system resources (scanning).

3. This one applies to all AV programs. An ounce of prevention is worth a pound of cure. IMO, AV software tends to give a false sense of security. The reality is that it's not easy to attack an updated system typically run with a limited account unless the user is extraordinarily stupid. If you are relying on an AV, you've already ceded too much ground.

On the other hand, I'd be very interested to hear your justification for the claim that "most of the better-known AV programs are definitely worthwhile."
Quote:
In practice, I've seen heuristic solutions make false positives when legitimate apps moved files around. No one wants AV software that cries "Wolf!"

A signature-based scan seems adequate to me, as long as it's backed with a team of folks updating it on a VERY regular basis. Zero-day attacks are covered pretty well in the tech media these days. Paying attention to that can provide clues about what to watch for until the signature files are updated for the latest attack.
Sorry, but anyone who will freak out about having to allow legitimate modifications to system files is not going to keep close track of the news about new zero-day threats.

I don't think false positives should occur all that frequently for most users.
Reply With Quote Quick reply to this message
 
Old 05-24-2011, 07:06 PM
Bo Bo started this thread Bo won $500 in our forum's Most Engaging Poster Contest - Tenth Edition (Apr-May 2014). 

Over $104,000 in prizes has already been given out to active posters on our forum and additional contests are planned
 
Location: Ohio
16,896 posts, read 33,628,448 times
Reputation: 13840
Quote:
Originally Posted by NHDave View Post
Why does Apple's response not surprise me? That this infection is happening is no big surprise to anyone, it was only a matter of time, but their attitude and how they're handling it is true Apple form, pitiful.

Apple support to infected Mac users: “You cannot show the customer how to stop the process” | Naked Security
Now there's a new Apple knowledgebase article that explains how to remove Mac Defender.

How to avoid or remove Mac Defender malware
Reply With Quote Quick reply to this message
 
Old 05-24-2011, 07:36 PM
 
10,752 posts, read 18,001,409 times
Reputation: 10244
Quote:
Originally Posted by Bo View Post
Now there's a new Apple knowledgebase article that explains how to remove Mac Defender.

How to avoid or remove Mac Defender malware
Just put up today, seems someone at Apple finally figured out they should put something up for their users rather than ignore the problem
Reply With Quote Quick reply to this message
 
Old 05-24-2011, 10:26 PM
 
Location: MO Ozarkian in NE Hoosierana
4,679 posts, read 10,950,591 times
Reputation: 6903
Quote:
Originally Posted by NHDave View Post
Why does Apple's response not surprise me? That this infection is happening is no big surprise to anyone, it was only a matter of time, but their attitude and how they're handling it is true Apple form, pitiful.

Apple support to infected Mac users: “You cannot show the customer how to stop the process” | Naked Security
What Apple response? A post to a vendor's site that is offering a product related to this subject matter is NOT an authentic Apple response.

Quote:
Originally Posted by NHDave View Post
Just put up today, seems someone at Apple finally figured out they should put something up for their users rather than ignore the problem
Oh bother...
Reply With Quote Quick reply to this message
 
Old 05-25-2011, 09:59 AM
Bo Bo started this thread Bo won $500 in our forum's Most Engaging Poster Contest - Tenth Edition (Apr-May 2014). 

Over $104,000 in prizes has already been given out to active posters on our forum and additional contests are planned
 
Location: Ohio
16,896 posts, read 33,628,448 times
Reputation: 13840
Quote:
Originally Posted by NHDave View Post
Just put up today, seems someone at Apple finally figured out they should put something up for their users rather than ignore the problem
From a number-of-users-affected standpoint, other than the cross-platform Word/Excel macro viruses of the 90s, it's probably the biggest malware issue in the history of Apple. That would make it the biggest event like this on Steve Jobs' watch. And with so little history to use for a precedent, it's not too surprising that the company might see a need to update their rules about how to respond.

Maybe they were concerned about their support reps inventing fixes on the fly and creating a liability issue, before the best fix had been determined?
Reply With Quote Quick reply to this message
 
Old 05-25-2011, 10:02 AM
 
3,743 posts, read 11,462,773 times
Reputation: 2754
Here is Apple's response: How to avoid or remove Mac Defender malware

Is it as fast as some would like? Probably not, but its not hemming or hiding anything either. I'd say the delay was because Apple had to organize something. It was still less than 1 week since the phishing scam became public knowledge.
Reply With Quote Quick reply to this message
 
Old 05-25-2011, 10:04 AM
 
10,752 posts, read 18,001,409 times
Reputation: 10244
A curious thing though, rather than calling the malware a trojan, which is what it is, they use the term phishing, which it is not. Seems they still don't want to admit their OS is not as immune as they want you to believe, user intervention required or not.
Reply With Quote Quick reply to this message
Please register to post and access all features of our very popular forum. It is free and quick. Over $68,000 in prizes has already been given out to active posters on our forum. Additional giveaways are planned.

Detailed information about all U.S. cities, counties, and zip codes on our site: City-data.com.


Reply
Please update this thread with any new information or opinions. This open thread is still read by thousands of people, so we encourage all additional points of view.

Quick Reply
Message:

Over $104,000 in prizes was already given out to active posters on our forum and additional giveaways are planned!

Go Back   City-Data Forum > General Forums > Science and Technology > Computers
Similar Threads
Follow City-Data.com founder on our Forum or

All times are GMT -6. The time now is 02:36 AM.

© 2005-2019, Advameg, Inc. · Please obey Forum Rules · Terms of Use and Privacy Policy · Bug Bounty

City-Data.com - Archive 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35 - Top