Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Is anti-virus obsolete?


  • Please log in to reply
6 replies to this topic

#1 yudell426

yudell426

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:usa
  • Local time:09:51 PM

Posted 17 January 2014 - 07:29 AM

With the latest revelations about the Target retail store hacks, it brings up the question.......is anti-virus obsolete? The hackers managed to write code that was undetectable by that company's anti-virus program(s).

Your thoughts please. 



BC AdBot (Login to Remove)

 


#2 Kilroy

Kilroy

  • BC Advisor
  • 3,445 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Launderdale, MN
  • Local time:08:51 PM

Posted 17 January 2014 - 12:42 PM

Security is not convenient.  A workable security solution walks the fine line between secure and usable.

 

The problem with anti-virus protection is that any bad guy is going to test to make sure that his software is not detected before deploying it.  Anti-virus protection isn't obsolete so much as reactive.  They can attempt to block the unknown, but until it is known they are just guessing.  They aren't going to block all programs that encrypt your hard drive because they can be good TrueCrypt or bad like Cryptolocker.  Until they see the threat they are unable to block it.  Then went they do block it the bad guys change it so that it will work again.  It is a constant battle to hit a moving target.



#3 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,771 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:09:51 PM

Posted 17 January 2014 - 12:50 PM


Why should you use Antivirus software?An anti-virus program alone does not offer enough protection and does not provide comprehensive protection. It cannot prevent, detect and remove all threats at any given time. Anti-virus software is inherently reactive...meaning it usually finds malware after a computer has been infected. The security community is in a constant state of change as new infections appear and it takes time for them to be reported, samples collected, analyzed, and tested by anti-vendors before they can add a new threat to database definitions.

Please read Supplementing your Anti-Virus Program with Anti-Malware Tools which explains why.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#4 z3n_Force

z3n_Force

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:09:51 PM

Posted 17 January 2014 - 04:13 PM

In regards to CryptoLocker, if only Anti Virus companies, the ones who pride themselves on computer security, would develop updates to their software and make it set permissions for how many files can be encrypted per day, in what areas of your hard drive and or remove the ability to encrypt files entirely.  

 

Other notes-

I know there are already precautions you can take to prevent CryptoLocker from deploying but it would be a good idea if Anti Virus did it automatically. I also heard there was one specific (costly, to me at least, to others it would be very reasonable), prevention software in regards to encryption, that if installed, would have successfully defended computers from CryptoLocker.



#5 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,771 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:09:51 PM

Posted 17 January 2014 - 04:49 PM


A repository of all current knowledge regarding Cryptolocker is provided by Grinler (aka Lawrence Abrams), in this tutorial: CryptoLocker Ransomware Information Guide and FAQ

There is also a lengthy ongoing discussion in this topic: Cryptolocker Hijack program.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#6 Scoop8

Scoop8

  • Members
  • 326 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Dallas TX
  • Local time:08:51 PM

Posted 19 January 2014 - 12:17 PM

quietman7 has stated it so well as usual.

 

I am running a mainline AV as most PC users probably are, and in addition I'm running MBAM Pro.

 

However, I don't rely on complete protection with those tools.  I rely on them mainly to notify me of something unusual, a threat that's penetrated their defenses, or other popup messages and also from looking at information contained in scan logs.

 

That way, if I know there's something on the HDD that's bad news, I'll remove that HDD and install a cloned HDD or restore from a stored full-HDD image.  It's just another method of restoring one's PC vs seeking online help and downloading specific tools to remove malicious objects and their effects from the HDD.

 

Just my 2¢ about it but I prefer maintaining backups as compared to relying on AV or malware-specific tools as recovery methods.  As long as the AV product and my malware-specific tool is reliably reporting intrusions, I'm ok with a their success rates of blocking virtually all malicious intrusion attempts that have been detected on my PC's.

 

I've only been affected by intrusions a few times since starting home 'net use about 10 years ago.

 

In that time, most of the intrusions were easily cleaned/removed with the AV or antimalware removal tools.

 

I've used the HDD removal and clone installation method twice to restore the PC within minutes to normal operation when cleanups for those incidences were going to take, for me, too much time to successfully complete the sanitizing of my HDD.



#7 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,771 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:09:51 PM

Posted 19 January 2014 - 01:31 PM

... I don't rely on complete protection with those tools.  I rely on them mainly to notify me of something unusual, a threat that's penetrated their defenses, or other popup messages and also from looking at information contained in scan logs....I prefer maintaining backups as compared to relying on AV or malware-specific tools as recovery methods.

Exactly...backup, backup, backup. Backing up is part of best practices in the event of hardware or system failure related to other causes besides malware infection.

Answers to common security questions - Best Practices for Safe Computing
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users