The corporate versions are only as good as the IT person who sets them up. At my previous job, the local IT people configured Norton well, protecting the systems while also not impacting performance of work related tasks. Then someone up the chain at another location decided to take over and the systems slowed to a crawl.

McAfee at my current place of employment works ok for the most part, but I have had to disable it a few times when it silently would do something to a new program install and cause it to fail.

That one looks legitimate. There are plenty of viruses that try and infect SVCHOST, due to it being a required OS file. It's responsible for running many services on a Windows machine, both Microsoft and 3rd party ones.


It all depends on what is being done on the system. Processors have generally been fast enough for a while to mask the CPU performance impact of on access scanning. Hard drives however haven't kept up speed wise, and multi core processors can just make the situation worse with many more processes trying to perform IO running in parallel. Generally, on access scanning of a machine that is compiling code will add a very noticeable amount of overhead to the task, especially if the link step consumes most of the memory on the machine leaving none for the windows cache.

True. I meant, more precisely, standard office usage(Internet browsing, Word Processing, average Excel usage, sometimes advanced, rarely very advanced, Power point usage, of all levels, Email)

I got off pretty easy on this. While my employer does use McAfee (about 80K installs), and I know several of our sites around the world were hit with this, I didn't hear a single reported case at my site (~500 installs).

We switched from Norton to McAfee last year, and before I never would have thought I would miss Norton. The performance we see "on the front lines" for McAfee is horrible. We have had far more outbreaks that required manual cleaning. But since we're not the ones signing the checks we just do what we're told. :S

For the records, I am 15 years virus free on my Windows based machines without an antivirus, using IE daily since IE4 as my main browser, and using Outlook as a mail client for the last 10 years.

And, never seen any BSOD on Windows Server boxes since Windows NT4, in the last 10 years.

And, an uptime of more than 2 years on a Windows Server machine not connected to the internet and not needing any update-> reboot.

It's quite easy to disprove popular believes with single examples. Neither the former nor the latter are relevant, IMO, to prove anything, if not apparently support the arguments of this or that system's fan.

I am not saying that this is the case. I am instead saying that IMO the best way to protect oneself from viruses Is to keep ones machines as updated as possible, and yesterday's McAfee issues, statistically, does not change that. Of course, if such a disaster happened again one may decide do drop McAfee and opt for some other product.

Otherwise, as to my personal experiences above with IE, OL, AV Software, DSOD, Uptime, etc... I must have been extremely, extremely lucky so far.

For a minute there I thought you were still using IE4 and was about to ask if you were crazy


BSODs are generally caused by bad drivers or bad hardware but Windows takes the blame for it.


If it is a standalone machine that nothing else connects to then sure, leave it unpatched but if other machines do connect to it even if it isn't on the internet then you should patch it.

Some people would agree I am, but for other reasons


Ditto.


It was little irresponsible, but not so much. It was a file server shared by four people for non critical content. I'had meant to put it down for years and never did, to the point that its uptime became object of fun; eventually we relocated and transportation would last longer than any UPS available around would. So, I had to power ir down.

Windows shouldn't blue screen because of a bad call in a printer driver. Thankfully Microsoft felt the same way, and moved printer drivers out of ring 0 in 2000. Slowly, they are moving more and more out of ring 0. I've seen a number of times my machine would have BSODed in XP, but not in 7 due to video drivers moving what they can down into user space.

Yeah. Back in the old NT 3 days, most of the subsystems were actually outside of the kernel and in userspace. NT 4 moved a bunch of subsystems into the kernel to improve performance.

The Intel graphics driver for my laptop is really flakey and does crash quite often. I see the little balloon popup to say that something went wrong but it recovered. It must leave the hardware in an odd state however as its not quite right afterwards.

It all depends on how paranoid and or caring corporate is. Some just turn on all the features in an "I can't be blamed for being too safe." mode of thinking.

As long as we're wagging dicks, I'm 15 years Windows-free, and because I'm a Linux user, I don't even have to provide technical (or virus cleaning) support for friends or family!

... and without a tool to inform you, how would you know you were virus free?

Just kidding of course. I think it's completely normal to go 15 years on Windows without encountering a virus: If you never install any software from strange sources, never surf to any strange web sites, and never open HTML emails or emails with attachments, then there'd be no way to catch any viruses.

There have been a large number of remote Windows exploits. If you add "behind a firewall" to that list, then maybe.

Right.

And keep your Windows up-to-date. The last major remote exploit was years ago when Blaster got out. Most exploits since then have not really been exploited in the wild to a significant extent. Probably because big business and education learned to actually update there Windows installation, most were not doing it back then.

Indeed. I mean really, who goes to http://wellsfargo.com anyhow? Just thinking back to the rash of IIS exploits that lead to malware being sent from very legitimate sites to their visitors that happened a number of years ago.

One of the Windows machines I mention is actually a web server open to the internet, and it actually offers more services and therefore open ports than just the 80. Of course it is also behind a firewall that only allows access to designated ports.
In any case, it is not a maybe, it's a fact.

I am not - and was not - showing off . I think it is perfectly normal, as others said. My point was instead that saying that Windows/OSX/Linux machines are "unsafe" or "unrealiable", or that IE/Firefox/Safari is, or that Outlook is, are simply extremely generic statements, generic to the point that they have very little meaning in reality. The ones above are all mature products, and they are all beyond the stage where you can simply say "that's bad, this is good".

One may point out weaknesses and stregths of the above software; one may discuss on versions, updates, speed to release updates, user behavior, plug-ins, popularity, amount of known bugs and hypotetical unknown ones, methods to estimates them, the good and the bad of open and closed source, and what not. Similarly, the fact that I or Bruno were virus-free for 15 years without an antivirus also does not prove anything accurate in terms of "safety", as one may argue that this or that piece of software is or is not properly designed to remain safe in the hands of the average user rather than the enthusiast or the professional, discuss ad infinitum on who "average" users actually are, and what not...
To simply find out that all those elements create a more complex reality that the one depicted by the "This is bad, that is good" approach. On the contrary, those elements will make this or that product change its safety/security position versus competitors depending on time, type of user base, version, design features, etc. I think the rest is just "religion war".

As a side note, guys, to me no matter how perfect a logo is, how credible and clever the wording is, an email asking me to reply with my password(s) is just phishing. I delete it without even thinking; I have just no doubt. But, I know extremely well educated and brilliant academic professionals who simply plainly believe what they read and give out their personal data and credit card number! While I find it more and more shocking as the internet becomes part of the popular culture and everyone's daily life, it still just happens, _regularly_. This alone tells a lot in terms of psychology or human beings, where they put their trust; it also makes NO software really "safe" unless you stop allowing software to run on it, just like no car really is unless you stop driving it; and of course this will always penalize the most popular software versus the most elithist for the simple reason that the most popular will be used by the brilliant professionals who really believe their bank needs their passwords and PINs and CC# in an email message.

No Disturbance in the Force I sense, of course.

This really says it all:



Good article, Ed Bott.

Ouch. Leaving out XP SP3 in their testing??

Ahh, here we go, a more modern example of a "strange" site not to visit to avoid malware.

US Treasury site hacked to distribute malware