Unoffical empeg BBS

Quick Links: Empeg FAQ | RioCar.Org | Hijack | BigDisk Builder | jEmplode | emphatic
Repairs: Repairs

Page 1 of 3 1 2 3 >
Topic Options
#339878 - 29/11/2010 07:45 Internet security software
pedrohoon
enthusiast

Registered: 06/08/2002
Posts: 333
Loc: The Pilbara, Western Australia
It is that time of year again when the better half's security software suite needs renewing (she is using Trend Micro currently).

What are the recommendations from people here?

Thanks!
_________________________
Peter.

"I spent 90% of my money on women, drink and fast cars. The rest I wasted." - George Best

Top
#339886 - 29/11/2010 12:01 Re: Internet security software [Re: pedrohoon]
Dignan
carpal tunnel

Registered: 08/03/2000
Posts: 12345
Loc: Sterling, VA
Don't buy anything, just install Microsoft Security Essentials. It's the most lightweight program I've found for this sort of thing, and it gets high marks from every report I've seen on the subject.

I install MSE on all my clients' computers (in addition to my own), and if something ever sneaks through (no antivirus will catch everything), I run Malwarebytes' Antimalware (terrible name, good product). It's also free for the version that doesn't actively scan.

Now, queue the many people on this board who don't think you need antivirus. Oh, and Mark will chime in with a "install Linux." wink
_________________________
Matt

Top
#339887 - 29/11/2010 12:40 Re: Internet security software [Re: Dignan]
mlord
carpal tunnel

Registered: 29/08/2000
Posts: 14497
Loc: Canada
Okay, sure: Install Linux.
Say goodbye to the need for all of that stuff.

Seriously. smile

Cheers

Top
#339921 - 29/11/2010 23:43 Re: Internet security software [Re: Dignan]
pedrohoon
enthusiast

Registered: 06/08/2002
Posts: 333
Loc: The Pilbara, Western Australia
Originally Posted By: Dignan
Don't buy anything, just install Microsoft Security Essentials. It's the most lightweight program I've found for this sort of thing, and it gets high marks from every report I've seen on the subject.


Thank you for the reply Dignan. I have heard that MSE is supposed to be adequate on its own, the only thing that concerns me is that I found a test done by AV-test.org who are supposed to be independent (they are used by Choice Magazine in Australia for antivirus reviews) which shows that they don't rate MSE as 'certified'.
Now I don't know how independent they really are, but going by their testing methodology they seem to apply the same criteria to each product. The area in which they think MSE fails appears to be protection against 0-day attacks (heuristics based?).

While I like the idea of not paying for antivirus protection, I also like the idea of stopping more nasties before they install rather than cleaning up later.
The other side of the argument is that Microsoft should be more knowlegeable about their own OS than an outside vendor and so should be able to provide a higher level of protection.
_________________________
Peter.

"I spent 90% of my money on women, drink and fast cars. The rest I wasted." - George Best

Top
#339922 - 30/11/2010 00:00 Re: Internet security software [Re: mlord]
pedrohoon
enthusiast

Registered: 06/08/2002
Posts: 333
Loc: The Pilbara, Western Australia
Mark, I wish I could get her to use OSX like I am, but unfortunately she needs Windows for her accounting software (Quicken - the new Mac version is too feature limited and doesn't seem to be available in Australia anyway) and she is familiar and comfortable with the Windows UI so uses it for everything else too.
_________________________
Peter.

"I spent 90% of my money on women, drink and fast cars. The rest I wasted." - George Best

Top
#339923 - 30/11/2010 02:00 Re: Internet security software [Re: pedrohoon]
msaeger
carpal tunnel

Registered: 23/09/2000
Posts: 3608
Loc: Minnetonka, MN
I seen the most stuff fixed by Malwarebytes but that was using it after the computer was already infected. A scan with windows defender would come up ok but Malwarebytes would find stuff. I don't know what the difference is between windows defender and microsoft security essentials.
_________________________

Matt

Top
#339924 - 30/11/2010 02:05 Re: Internet security software [Re: msaeger]
msaeger
carpal tunnel

Registered: 23/09/2000
Posts: 3608
Loc: Minnetonka, MN
_________________________

Matt

Top
#339929 - 30/11/2010 06:25 Re: Internet security software [Re: pedrohoon]
StigOE
addict

Registered: 27/10/2002
Posts: 568
I use Comodo internet Security and have been fairly happy with it. I don't know how good the anti-virus part is, but the firewall part get very good characters in www.matousec.com firewall challenge.

Stig

Top
#339938 - 30/11/2010 13:18 Re: Internet security software [Re: pedrohoon]
Dignan
carpal tunnel

Registered: 08/03/2000
Posts: 12345
Loc: Sterling, VA
Originally Posted By: pedrohoon
Originally Posted By: Dignan
Don't buy anything, just install Microsoft Security Essentials. It's the most lightweight program I've found for this sort of thing, and it gets high marks from every report I've seen on the subject.


Thank you for the reply Dignan. I have heard that MSE is supposed to be adequate on its own, the only thing that concerns me is that I found a test done by AV-test.org who are supposed to be independent (they are used by Choice Magazine in Australia for antivirus reviews) which shows that they don't rate MSE as 'certified'.
Now I don't know how independent they really are, but going by their testing methodology they seem to apply the same criteria to each product. The area in which they think MSE fails appears to be protection against 0-day attacks (heuristics based?).

I really have no idea how good any of these "independent" testers are, but most of the ones I've seen have rated MSE very well, including this one (though it's a bit old now).

Also, I kind of take issue with that AV-Test chart. MSE isn't "certified," but Avast is, even though its protection score is lower? Because it's slightly better at repair and is more usable? Usability won't help my click-happy clients smile


Here's my thoughts on antivirus:

I stand by MSE for day to day protection. For computer users who are pretty good about not clicking on the wrong things, it does a great job. Most of my clients have not had viruses return after I've installed it.

As far as I've seen, a disturbing number of antivirus programs do not catch the type of virus that I see most often these days and that disturbs me greatly. I can't tell you the number of times I've removed viruses from people's computers that got onto the system pretending to be an antivirus its self. I've seen these for years now in many different variations, and they're only getting worse. What gets me is that I haven't seen a single one of the major products block this thing. Norton, McAfee, and the second tier ones including MSE and AVG, none of them even see these viruses on an infected machine let alone block it.

The only one that consistently finds this type is Malwarebytes. You can tell it's effective because in several instances, I've seen the installer targeted specifically by the virus. I'll be able to install other programs, but when I try to launch "mbam.exe" the file is deleted. Sometimes I've even seen the virus search the USB drive I insert, and delete the installer right off of it. That tells me it's effective wink

So that might be my recommendation, in fact. For my clients, I don't mind recommending a for-pay program, but usually the only way I can get them to stop using Norton or McAfee is to draw them away with the promise of dropping that yearly fee. If they don't mind paying, Malwarebytes would be the one I'd go for myself.


I do have one more tool that I use on seriously infected computers, mostly as a last resort. It's called ComboFix, and I primarily use it as a last resort. It's most certainly not a day-to-day antivirus, but I've rarely seen it fail at getting a computer clean, although occasionally at the expense of certain user settings or programs that have trouble launching again. It's the last step I take before nuking and reinstalling Windows.

Lastly, no offense Stig, but I don't use software firewall products. It might be a good idea, but I'm fine with the combination of the Windows firewall and the hardware firewall I get with my router, which is probably more effective anyway. It might be good to have one just to know if anything you've installed is making unexpected calls out to the internet, but I don't care that much.
_________________________
Matt

Top
#339942 - 30/11/2010 13:28 Re: Internet security software [Re: Dignan]
andy
carpal tunnel

Registered: 10/06/1999
Posts: 5916
Loc: Wivenhoe, Essex, UK
All the friends and family member who I've seen get infected recently have been hit by those fake anti virus products claiming that their machine was infected and tricking them into installing them. Or they've been tricked into installing a trojan that was pretending to be an update for Windows or IE (even the ones that aren't using IE).

All of them had either MSE or AVG installed, it is extremely annoying that they make no effort to target this malware.

This whole area is a pain in the arse. My Mum is a new computer user. When she Skypes me and asks if a particular message saying an update is available for something it basically impossible for me to tell her whether it is legit or not without viewing her screen.
_________________________
Remind me to change my signature to something more interesting someday

Top
#339944 - 30/11/2010 13:29 Re: Internet security software [Re: Dignan]
mlord
carpal tunnel

Registered: 29/08/2000
Posts: 14497
Loc: Canada
What are you doing inserting a USB stick into a live infected system?
Trying to help the virus spread?

Curious.

Top
#339946 - 30/11/2010 13:32 Re: Internet security software [Re: andy]
wfaulk
carpal tunnel

Registered: 25/12/2000
Posts: 16706
Loc: Raleigh, NC US
At least she asks.

I'd just tell her to never install any offered updates. Then set her computer to automatically apply Microsoft updates and log in remotely every once in a while to check for other stuff.
_________________________
Bitt Faulk

Top
#339949 - 30/11/2010 13:36 Re: Internet security software [Re: wfaulk]
andy
carpal tunnel

Registered: 10/06/1999
Posts: 5916
Loc: Wivenhoe, Essex, UK
That is sort of what I do, but it doesn't stop her getting stressed out by any messages that popup. I wish I could tell her to just close them and not worry, but that won't make any difference to her stress level about it.
_________________________
Remind me to change my signature to something more interesting someday

Top
#339950 - 30/11/2010 13:38 Re: Internet security software [Re: mlord]
Dignan
carpal tunnel

Registered: 08/03/2000
Posts: 12345
Loc: Sterling, VA
Originally Posted By: mlord
What are you doing inserting a USB stick into a live infected system?
Trying to help the virus spread?

Hey hey hey now! Give me some credit! I use protection! smile

After using a thumb drive for a client, I take the drive back home to my computer (which has auto-run disabled), and format it. Then it's just a drag and drop to put my usual arsenal of applications on. This way I'm safe and I have the latest versions of the programs, which I download on a regular basis.
_________________________
Matt

Top
#339952 - 30/11/2010 13:44 Re: Internet security software [Re: Dignan]
Dignan
carpal tunnel

Registered: 08/03/2000
Posts: 12345
Loc: Sterling, VA
Andy, I know exactly what you mean. Usually my mom just waits for me to come over, which fortunately is easy because we live close by. She's very cautious so that's good, but sometimes I worry she'll miss an important Windows Update. She doesn't do a lot of wild clicking though, and at least I was able to move her off of IE smile

I will admit, I'll be a little happier when she's on the Mac one day. She already brings one home from work when she works from home, and wants to get one for herself when she retires. She called me one day, sounding worried. She said "I just got a message saying that I have all these viruses! What should I do?" After a little worrying myself and telling her to just click the X, I thought to ask "which computer are you using?" When she said the MacBook, I admit I chuckled a little (not to her amusement).
_________________________
Matt

Top
#339957 - 30/11/2010 14:25 Re: Internet security software [Re: Dignan]
wfaulk
carpal tunnel

Registered: 25/12/2000
Posts: 16706
Loc: Raleigh, NC US
Some thumb drives have switches to put them in read-only mode. Maybe you should just get one of those.
_________________________
Bitt Faulk

Top
#339960 - 30/11/2010 14:46 Re: Internet security software [Re: wfaulk]
Dignan
carpal tunnel

Registered: 08/03/2000
Posts: 12345
Loc: Sterling, VA
Originally Posted By: wfaulk
Some thumb drives have switches to put them in read-only mode. Maybe you should just get one of those.

An excellent idea, it would eliminate a step or two. I'll look around.
_________________________
Matt

Top
#339991 - 30/11/2010 20:50 Re: Internet security software [Re: Dignan]
frog51
pooh-bah

Registered: 09/08/2000
Posts: 2091
Loc: Edinburgh, Scotland
Just following up on your comment - why would you not run a firewall as well as an AV product on a windows box? Firewalls should be low enough load not to impact your CPU adversely in any significant way, and anyone on a broadband link is a target for any number of scans followed up by attacks. My advice, as a security professional for the last 15 years, is just to get the basics in there before the decision comes back to bite you...
_________________________
Rory
MkIIa, blue lit buttons, memory upgrade, 1Tb in Subaru Forester STi
MkII, 240Gb in Mark Lord dock
MkII, 80Gb SSD in dock

Top
#339994 - 30/11/2010 21:02 Re: Internet security software [Re: frog51]
Dignan
carpal tunnel

Registered: 08/03/2000
Posts: 12345
Loc: Sterling, VA
Originally Posted By: frog51
My advice, as a security professional for the last 15 years, is just to get the basics in there before the decision comes back to bite you...

If you're just talking about "the basics," wouldn't the Windows firewall and your standard router be considered the basics? Isn't the router better at staving off much of that stuff anyway?

My complaint about software firewalls is that all the ones I've seen are far too in your face. It's one of the reasons I try to get Norton off my clients' computers, because the built in firewall tells them about every single little occurrence, and it gets to the point where the user is just so fed up with it, they either start approving everything (making the firewall useless) or denying everything to be safe (which breaks a lot of good programs, including AV updates).
_________________________
Matt

Top
#340007 - 01/12/2010 01:17 Re: Internet security software [Re: Dignan]
gbeer
carpal tunnel

Registered: 17/12/2000
Posts: 2665
Loc: Manteca, California
Originally Posted By: Dignan
Originally Posted By: wfaulk
Some thumb drives have switches to put them in read-only mode. Maybe you should just get one of those.

An excellent idea, it would eliminate a step or two. I'll look around.


I guess write once cd's are passe.
_________________________
Glenn

Top
#340010 - 01/12/2010 02:29 Re: Internet security software [Re: gbeer]
mlord
carpal tunnel

Registered: 29/08/2000
Posts: 14497
Loc: Canada
Just like floppy discs now.

Top
#340012 - 01/12/2010 03:28 Re: Internet security software [Re: gbeer]
Dignan
carpal tunnel

Registered: 08/03/2000
Posts: 12345
Loc: Sterling, VA
Originally Posted By: gbeer
Originally Posted By: Dignan
Originally Posted By: wfaulk
Some thumb drives have switches to put them in read-only mode. Maybe you should just get one of those.

An excellent idea, it would eliminate a step or two. I'll look around.

I guess write once cd's are passe.

Not sure if you're kidding around or not, but CDRs also can't be overwritten, so I could never update the applications I put on there, which is essential. And I'd rather carry around a thumb drive than a CD.
_________________________
Matt

Top
#340020 - 01/12/2010 11:52 Re: Internet security software [Re: andy]
pedrohoon
enthusiast

Registered: 06/08/2002
Posts: 333
Loc: The Pilbara, Western Australia
Originally Posted By: andy


This whole area is a pain in the arse.


[rant]
For sure, and I am certain I am not the only one who wishes that the miserable little turds that write malware would apply their time to writing more useful software or improving open source projects. Perhaps penalties for this sort of thing should be more draconian and more effort should be put into catching and prosecuting these pricks. However that is a separate topic.
[/rant]

Anyway, I would have been happy enough with MSE, but swmbo decided that she wanted Kaspersky after checking various reviews, so I went with that.

Download and installation was quite painless, the only issue I have with it is the size of the updates (hundreds of megabytes for 2 PCs which is significant when our quota is only 1GB per month), particularly as I downloaded the most up to date version initially.
_________________________
Peter.

"I spent 90% of my money on women, drink and fast cars. The rest I wasted." - George Best

Top
#340037 - 01/12/2010 19:17 Re: Internet security software [Re: pedrohoon]
tfabris
carpal tunnel

Registered: 20/12/1999
Posts: 31604
Loc: Seattle, WA
Quote:
For sure, and I am certain I am not the only one who wishes that the miserable little turds that write malware would apply their time to writing more useful software or improving open source projects.


As much as I hate those little turds too, they fill an interesting niche: If the little turds didn't write their mild-annoyance malware, then we'd only discover the security holes in our software long after the seriously dangerous folk (spies, thieves, superpowers) had already compromised our systems, stealing our money and our secrets.

Not that that sort of thing doesn't already happen anyway, it's just nice to know that most of our front line security battles are being fought over malware that's merely an annoyance as opposed to something truly frightening.
_________________________
Tony Fabris

Top
#340038 - 01/12/2010 20:37 Re: Internet security software [Re: tfabris]
andy
carpal tunnel

Registered: 10/06/1999
Posts: 5916
Loc: Wivenhoe, Essex, UK
The malware I am talking about exploits no security holes on the client machines what so ever. I am talking about the sort that you go to a website, a popup is shown that pretends to be a Windows dialog doing a virus scan. It then says that you have X viruses and prompts you to download and exe. The victim clicks on "yes please download and run the exe". The victim the says "yes please run it with admin perms" to the Windows dialog designed to protect them.

Those are the annoying ones. The ones that don't break in. The ones that to you and I are instantly recognisable as a scam. The ones that to a normal human being appear to be just as valid as the Windows update dialog.

Without disallowing the user from ever downloading and running an exe from the web, I don't see any way round it for the sorts of users who are taken in by it. The same users would end up downloading and running the Trojan whichever desktop os they were on.

That is why I think restricted systems like iOS are the future for normal users. Androids approach of telling you what perms the app wants does nothing to help these users.
_________________________
Remind me to change my signature to something more interesting someday

Top
#340040 - 01/12/2010 21:29 Re: Internet security software [Re: andy]
tfabris
carpal tunnel

Registered: 20/12/1999
Posts: 31604
Loc: Seattle, WA
Social engineering is still an exploit. Just an exploit of a different kind. smile

I know that kind of thing is hard to fix, but there are a lot of steps being taken with security software right now that are trying to address those issues. A computer can never fix the basic social engineering exploit of "some people are gullible", but I think there are still gains to be made in the area of protecting the gullible people from themselves while they use the computer.
_________________________
Tony Fabris

Top
#340041 - 01/12/2010 21:35 Re: Internet security software [Re: tfabris]
andy
carpal tunnel

Registered: 10/06/1999
Posts: 5916
Loc: Wivenhoe, Essex, UK
Which takes us back to where we started, the mainstream security tools dont seem to target these attacks and I dont understand why.
_________________________
Remind me to change my signature to something more interesting someday

Top
#340042 - 01/12/2010 22:33 Re: Internet security software [Re: andy]
hybrid8
carpal tunnel

Registered: 12/11/2001
Posts: 7738
Loc: Toronto, CANADA
I bet these guys in Iran wish they had been running better virus scanning software...

http://www.foxnews.com/scitech/2010/11/26/secret-agent-crippled-irans-nuclear-ambitions/
_________________________
Bruno
Twisted Melon : Fine Mac OS Software

Top
#340046 - 02/12/2010 04:26 Re: Internet security software [Re: hybrid8]
gbeer
carpal tunnel

Registered: 17/12/2000
Posts: 2665
Loc: Manteca, California
The virii that was used against Iran is a fascinating story in it's self.

Designed to attack programmable controllers used in industrial settings. It had to propagate across both, different platforms and an airgap. It used multiple never seen before vulnerabilities.
_________________________
Glenn

Top
#340048 - 02/12/2010 11:21 Re: Internet security software [Re: hybrid8]
tanstaafl.
carpal tunnel

Registered: 08/07/1999
Posts: 5549
Loc: Ajijic, Mexico
Originally Posted By: hybrid8
I bet these guys in Iran wish they had been running better virus scanning software...

http://www.foxnews.com/scitech/2010/11/26/secret-agent-crippled-irans-nuclear-ambitions/
You're accepting at face value a story reported by Fox News?

tanstaafl.
_________________________
"There Ain't No Such Thing As A Free Lunch"

Top
Page 1 of 3 1 2 3 >