Still critical of the AV industry… after all these years

[steven36]

David Harley has written an excellent paper published in Virus Bulletin: Hype heuristics, signatures and the death of AV (again). If you haven’t read it, I thoroughly recommend it: it’s a defence of the anti-virus industry.

The tragedy is that he needs to write it at all. The problem is that the anti-virus industry is low-hanging fruit for journalistic attack – easy pickings, you might say. My ears are burning because I am not entirely innocent myself. However, I hope I have never suggested that anyone can do without anti-virus.

My view is that AV is like the traffic light system in a big and busy city. Traffic lights do not prevent all accidents; but by God it would be chaos without them.

My ‘attacks’ on AV have primarily been threefold: firstly against its incestuous Anti-Malware Testing Standards Organization (AMTSO); secondly that lingering doubt that “the anti-virus industry is maybe not so clean from NSA taint as it should be”; and thirdly, against its marketing practices.

1. AMTSO – I criticised its lack of user involvement, making it look like an AV organization by the AV industry, of the AV industry, and for the AV industry. The amount of venom that ensued made me think I had poked a nest of vipers: Anti Malware Testing Standards Organization: a dissenting view
2. NSA taint – I started having concerns about AV and governments long before Snowden revealed how far the long and crooked NSA and GCHQ boney fingers actually reach:
   2011: FBI, CIPAV spyware, and the anti-virus companies;
   2013: Is Windows 8 an NSA trojan?;
   2014: AV and the NSA: is the anti-virus industry in bed with the NSA – why do CIPAV, FinFisher and DaVinci still defeat AV;
   2014: It’s time for McAfee and Symantec to state clearly that they do not collaborate with governments;
   2015: The anti-virus industry does itself no favours
3. Questionable marketing – passim; no, really passim. Consider this: if the security industry actually managed to solve the security problem, it would mean no further growth coupled with the decline of the many products that don’t actually do anything. Neither the security industry nor any government have any interest in solving the security problem. It’s similar to the pharmaceutical industry. If you think about it, the drug companies have no incentive to cure you, they want to help you manage but maintain your illness (and give you more to boot).

But back to David’s article (David is a scholar and a gentleman – I know plenty of either, but really few who are both). He is not entirely happy with my assertion that AV marketing can be misleading and leave users, especially the home user, with a dangerously false sense of security. I said, “The industry continually publishes test

results proving that it stops 99.9% (or more) of all malware…” David replied: “Certainly vendors are fond of publishing test results that favour their products, but I don’t know if anti-malware vendors are still making such sweeping claims.”



So I spent 30 minutes having a look on the internet:




and from a press release…


In fairness, David is right. There appears to be an orchestrated effort by the industry to avoid claims of 100% success. But it still does it.
So what we have is an industry I cannot do with out; an industry that does huge amounts of good in protecting users, and in helping law enforcement find and shut down malware and prosecute criminals; an industry that is full of researchers that I admire; and yet one that I still do not fully trust.


Source

[212eta]

Since 2007, I use only on-Demand Malware Removal Tools.

Imaging and Sandboxing have been, by far,

more important to me than any

Resident (i.e. Real-Time) Anti-Malware software.

;)

[steven36]

To me personalty it's best to try to prevent a virus to began with and on demand and imaging are not needed so much. Only time on demand and image backup would be needed is if you're already infected . Were real-time can stop most virus before you ever catch them. I never used sandboxie other than just play around with it very little because the fact was it use to only be for x86 and was said to not work right once they started making it for x64 machines .

Some researchers on the internet said sandboxie was never really fully fixed to work for x64 machines that they just say it does to please the end user. a false sense of security. I never needed on demand and imaging. Only time I ever needed to use a backup in years and years was technical related not security related . And when I run on demand scanners they never find anything on my computer because Ive kept a good real time one installed. Sandboxie was never ment to be and anti-virus no ways just a extra layer of security and its one you can live with or without you dont have to have it. Windows x64 users were around way before people who used it on x64 and we were less prone to infection than x86 users period.

This article says you should use a antivirus but you should not believe everything you read that antivirus test and companies try to tell you there is no antivirus that's 100% able to stop everything . if you install based on these test you're fooling yourself .

Commonsense to not catch virus to began with, a good adblocker with anti malware and anti tracking filters , a good script blocker add-on , also Keep you're computer always updated with the latest windows updates and a good real-time antivirus of you're choice is very good prevention . Only time on-demand would be really needed was if you was already infected . They dont want to cure you from computer virus completely . So on-demand is only going to remove the problem at hand and it will never be able to take the place of prevention.

ts just like if you knew someone who was sick with a virus and it maybe could be prevented by taking certain precautions that there's no 100% cure for are you going to not take them and try to cure it even though there's no real cure and it will come back as a mutated version of it? If you took precautions to begin with you would not be sick most likely. and now you need medicine for it because you didn't . :rolleyes: