Ask Slashdot: How Dead Is Antivirus, Exactly? 331
Safensoft writes: Symantec recently made a loud statement that antivirus is dead and that they don't really consider it to be a source of profit. Some companies said the same afterwards; some other suggested that Symantec just wants a bit of free media attention. The press is full of data on antivirus efficiency being quite low. A notable example would be the Zeus banking Trojan, and how only 40% of its versions can be stopped by antivirus software. The arms race between malware authors and security companies is unlikely to stop.
On the other hand, experts' opinions of antivirus software have been low for a while, so it's hardly surprising. It's not a panacea. The only question that remains is: how exactly should antivirus operate in modern security solutions? Should it be one of the key parts of a protection solution, or it should be reduced to only stopping the easiest and most well-known threats?
Threats aren't the only issue — there are also performance concerns. Processors get better, and interaction with hard drives becomes faster, but at the same time antivirus solutions require more and more of that power. Real-time file scanning, constant updates and regular checks on the whole system only mean one thing – as long as antivirus is thorough, productivity while using a computer goes down severely. This situation is not going to change, ever, so we have to deal with it. But how, exactly? Is a massive migration of everything, from workstations to automatic control systems in industry, even possible? Is using whitelisting protection on Windows-based machines is the answer? Or we should all just sit and hope for Microsoft to give us a new Windows with good integrated protection? Are there any other ways to deal with it?
On the other hand, experts' opinions of antivirus software have been low for a while, so it's hardly surprising. It's not a panacea. The only question that remains is: how exactly should antivirus operate in modern security solutions? Should it be one of the key parts of a protection solution, or it should be reduced to only stopping the easiest and most well-known threats?
Threats aren't the only issue — there are also performance concerns. Processors get better, and interaction with hard drives becomes faster, but at the same time antivirus solutions require more and more of that power. Real-time file scanning, constant updates and regular checks on the whole system only mean one thing – as long as antivirus is thorough, productivity while using a computer goes down severely. This situation is not going to change, ever, so we have to deal with it. But how, exactly? Is a massive migration of everything, from workstations to automatic control systems in industry, even possible? Is using whitelisting protection on Windows-based machines is the answer? Or we should all just sit and hope for Microsoft to give us a new Windows with good integrated protection? Are there any other ways to deal with it?
Dead as a profit source for Symantec, well, ... (Score:4, Insightful)
Re:Dead as a profit source for Symantec, well, ... (Score:5, Insightful)
Re: (Score:2)
I think using the OS supplied security controls the Windows Vista/7/8 family provides: Applocker/SRS, Group Policy, App-V
is preferable to running antivirus in an OR scenario. It's also a lot more complicated.
Re:Dead as a profit source for Symantec, well, ... (Score:5, Interesting)
I have a small client that hasn't run anything more than Microsoft Security Essentials for three years, mainly because they don't want to spend the money.
So far, I've only had to rebuild about 3 PCs in that time frame due to infection. They also got hit by crytolocker but at a weird time where it just made sense to reload the share directories from a recent backup because there hadn't been any changes to worry about between infection and last backup.
The controller feels that this is more or less an acceptable trade-off over time -- my labor cost to rebuild the PCs vs. the ongoing cost of AV.
Re:Dead as a profit source for Symantec, well, ... (Score:5, Interesting)
They are probably right there - of those 3 rebuilds, how many do you think would have been prevented by paying more for any given AV product? Thinking back, I can remember several PCs needing recovery work because of the AV system in use (good old McAfee pulled down an update which declared a piece of Windows XP itself to be malware and need deletion - leaving a machine you couldn't log in to until that file was reinstalled), and probably two nasty infections for me to clean, which got in despite McAfee being present with fairly paranoid settings.
Re:Dead as a profit source for Symantec, well, ... (Score:5, Insightful)
Thinking back, I can remember several PCs needing recovery work because of the AV system in use
THIS! Symantec once decided to start a virus scan in the middle of a disc defrag.Did a good job - bollixed the whole thing up.
I'd had to fix other computers all bitched up by McAffee also.
When the anti virus is effectively identical to a virus, there isn't much point in using it.
In the end, and while I was still using Windows, I just used MSE, which worked pretty well.
Re: (Score:2, Informative)
One quick way you can help reduce A/V hit on a system is to remove zip file scanning during on-access scans and on-demand scans. Also, setting a file scan time limit can limit the amount of time the AV spends on one particular type of file.
Other antivirus solutions handle this a bit better, but McAfee is workable w
Re: (Score:2)
As another poster pointed out, it is perfectly viable for a literate - or just sensible - individual to not use an antivirus. For more than 20 years, and for various reasons (monetary, but also relating to general hassle), I have been running my family's Windows computers without any AV save for MSE in the last few years. I have yet to have any significant problems in doing so. My parents, my wife and my son (although he just uses and iPad now) are perhaps unusual in not surfing pr0n or not clicking links o
Re: (Score:3)
The management company where I work mandates Sophos. Scans once a week and I get weekly tickets during the scan about computers running so slow that nothing can be done. When it was Sophos only, Sophos caught about 20-30 items a week and I had to reimage or repair about two computers a week from infections or Sophos-caused issues.
Now for the past year the 250 systems still use Sophos because corporate says they have to, but the site also uses Webroot. ~800k full installer for Webroot, 2-minute scans that no
Re: (Score:3)
Since the industry managed to turn against the users and trust only the media industry, the "trusted computing" solution is not a viable option.
Othervise, it would have been nice to allow only certain binaries or software developers/publishers to run. It would also be nice to sign the binaries
and not allow changes.
Since the user seems to be the least trusted element, and that it seems that I have to blindly trust 200+ root certificate signers when using the web,
there is no use in pretending that there exist
Re: (Score:3)
That would be less help than you might expect (although OS X does do exactly this by default now). Remember all those Word macro viruses of a few years ago? Totally unaffected: it's a genuine copy of MS Word that's running, it's just doing something it really, really shouldn't be. Likewise any browser exploit. Trojans have always relied
Re: (Score:2)
Depending on who you work with, blocking attachments can be very useful. If you have users that will click on anything, yes you need to block attachments.
Unfortunately, we have users that will click on anything. But yes, security is a process.
Incentive Bug Finding (Score:2, Interesting)
What are virus writers looking to get out of writing malware? Money? Fame? Absolute Power?? Well neither of the last two are ever going to happen.
We should incentivize the reporting of bugs... Getting recognition as being a prolific bug finder, and fixer in a positive light would be a start. Also being paid is another avenue. Optional fame, and a steady reliable source of money would be very appealing to most people.
Am I just being naive?
Re:Incentive Bug Finding (Score:5, Interesting)
Money. Simple as that.
I've been on the "other side" of the security business for a bit over a decade now. I'm not really earning pocket change, but it's by some margin dwarfed by what the criminal side of our business makes.
Malware is profitable. If you really want to fight malware, you first have to make it unprofitable. As long as it is possible to profit from spam and botnets, it's not going to stop. And since the source of spam and botnets is in countries you can't really reach, while the targets are "here", I guess it's time to start punishing those who are unable or unwilling to keep their computers secure.
Yes, that means punishing the victim. Whereas the victim here is a facilitator for the culprit. It's like leaving your car unlocked and open on the main road and someone using it for a bank heist. I don't know about yours, in my country, if that's your car you're due for facilitating a crime.
Re:Incentive Bug Finding (Score:4, Funny)
But as most people just use the tools they're given and can't control how secure those tools are, in practice that would mean punishing computer programmers.
If you want the usage of C and C++ to be considered equivalent to suicide then this would be a great policy to bring about such a world.
Re: (Score:2)
You already know that unsecure use of these languages can lead to serious security breaches throughout the system. We have several methods to deal with this kind of insecurity - but they cost, either in development time or needing more people or more process or simply not being able to do certain things. All of which suck.
Honestly, at this point, I really don't see much choice other than putting most of the web on lockdown. We've built our libertarian utopia and due to the intrusion of the real world, it's
Re:Incentive Bug Finding (Score:5, Funny)
Yes, that means punishing the victim.
That's what Symantec and McAffee are for.
Re: (Score:3)
Online banking has one fundamental flaw: You (as the bank) cannot trust the machine on the other side. You can audit the shit out of your servers and your application to the point where you may consider it secure, but on the other end of that transaction is a black box. To make matters worse, more often than not it' also a black box to the person in front of it. So you and your customer may share a common goal (i.e. getting a financial transaction done properly), but there is that machine sitting between yo
Sandboxing (Score:5, Interesting)
I'd say security in the future will converge on three lines:
a) Sandboxed browsers/apps: Different browsers for mail access, general browsing and sensitive browsing (banking, using credit card, etc). All browsers revert to base state after closing, or allowing just a limited set of changes (bookmarks, cookies). The browsers are possibly stored in a USB stick with a physical write protection switch for part of the storage.
b) Trust structure: The OS will only execute programs with a certain signature, based in a chain of trust. You can choose who to trust or not.
c) Closed devices: (See Apple iPhone and iPad, but with paranoid-mode).
Well implemented, these strategies can reduce the malware threat, and they are implementable with current technology. I really don't see the anti-virus surviving much. It's an after-the-fact tech that was born as a patch for systems unprepared for a new threat. The playing board is now set and the structure of the systems must change to reflect that.
Re: (Score:3)
c) Closed devices: (See Apple iPhone and iPad, but with paranoid-mode).
That sounds horrible. We need to find a way to have security and openness, so that people can control their own devices. Personally I like Cyanogen. It gives you very fine grained control over app permissions and allows you to take or leave interaction with Google.
Re:Sandboxing (Score:5, Insightful)
That is actually the problem. You cannot have both.
EITHER you only allow execution of programs that are explicitly whitelisted by some authority. Whatever authority that may be. A corporation, the state or you (respectively whoever happens to be your admin). Then you can be certain that only stuff that had the dead chicken waved over will run.
OR you allow the user to determine what to run. Then there is literally NOTHING any security concept can do to avoid a disaster. I'm all for this approach, believe me, but what blame could you put on the OS when it keeps telling the user that it's NOT a smart idea to run happy_funny_kitten.avi.exe and the user insists?
Re:Sandboxing (Score:4, Insightful)
Agreed, but we don't need perfect security. We just need really good security and moderately careful users. I know, that's easier said that done, but I like the Android option of defaulting to just the carefully managed Play store and with Google having the ability to remotely delete apps (even if side loaded), while still giving power users the option to do what they like.
Saw similar posts before the web existed (Score:5, Insightful)
Java was supposed to be sandboxed entirely with zero chance of malware getting to anything other than it's own litter tray. Look how that turned out when it was seen as all too hard and compromises were made. Then there's the opposite that was born stupid, things like Active-X from MS that were such a stupid idea that a librarian (not a programmer) was telling me how stupid it was before launch. Then things like allowing execution of arbitrary code in images, another case of MS fucking up in a truly astonishing way - how the hell do things like that end up as anything other than SF novel plot points in a large corporation that is supposed to be competantly managed?
The answer as always is to learn from the lessons of the past instead of throwing together a pile of bits that look software shaped and rushing it out the door.
Re:Saw similar posts before the web existed (Score:5, Insightful)
Re: (Score:3)
Java was supposed to be sandboxed entirely with zero chance of malware getting to anything other than it's own litter tray. Look how that turned out when it was seen as all too hard and compromises were made.
The big problem with Java is that it requires quite a bit of C "glue" code to interface with the underlying operating system. The glue code necessary is often quite complex too, since it has to contend with issues such as the VM rearranging objects (thus glue need to "pin" the objects), garbage collection using a mark-and-sweep (thus the glue code need to make sure objects do not "dissapear" during the call), strange memory layout, multithreading/cpu cache issues etc, etc.
So while from the Java developer th
Re: (Score:2)
Then things like allowing execution of arbitrary code in images, another case of MS fucking up in a truly astonishing way - how the hell do things like that end up as anything other than SF novel plot points in a large corporation that is supposed to be competantly managed?
Blame C, zero-terminated strings and strcpy(). That you can copy a string into a buffer that can't hold it with no sanity checking is a disaster waiting to happen. Same that you read beyond the buffer waiting forever for a terminating \0 that'll never happen. Because you don't have objects you don't have sanity checks, even with the "safe" versions you have to make sure to pass the same buffer size twice. No doubt there's code like this where you haven't defined the size through a constant:
char *dst[512]; /
Re: (Score:2)
Your example is one of what an amateur C hacker might do. No competent C programmer duplicates numeric literals in the same context.
Professional standards demand e.g.:
const size_t buffsz = 1024;
char *dst[buffsz+1];
strncopy(dst, src, buffsz);
BTW, your example had a buffer-off-by-one bug even before you changed 1024 to 512. You didn't manage the terminating null.
Your second example first of all gives a compile error:
"error: cannot convert ‘int*’ to ‘char*’ in initialization"
"char *b =
Re: (Score:2)
Trusted apps need no censorship and away to have (Score:2)
Trusted apps need no censorship and away to have censorship and away to have things like user add ones.
Do you really want games with NO user maps or plugins / mods?
What about no more emulators? Other then the few paid ones that are very locked down and due to censorship issues can't have all games in a system.
No more open source apps?
NO VM's as well.
Stockholm syndrome (Score:4, Interesting)
Let's translate the OP's question:
I have this insecure by design environment, while there are more secure by design environments available (yeah, probably not completely secure, but much more secure than what I'm using now). I'd like to patch my grossly insecure environment to get at least an illusion of security instead of considering the alternatives.
Re: (Score:2)
It's likely that security isn't the OP's main concern. It rarely is.
Re: (Score:2)
I just don't understand why people keep using Windows... I understand the installed base problem but most Windows software has equivalents in other OSs and it's not that hard to learn a new OS.
I've been running Linux and Mac OS for about 10 years on various computers and never installed anti-virus and never worried about virus and never had a problem. I know these are not "perfect" but they are so much better than Windows that I just don't see why people don't switch.
Re: (Score:2)
Pining for the fjords (Score:5, Funny)
Its not dead, its just resting.
No, you don't need AV, even on Windows (Score:4, Insightful)
The most important piece of equipment for computer security is the one positioned between the chair and the keyboard. Learn to not click on stupid shit and its entirely possible to remain virus and malware free. I don't run AV software and I've never had a virus or malware on any Windows machine that I didn't purposely infect to see what happens (I work in IT, I'm expected to know that kind of stuff, so I have a machine specifically for the purpose of infecting :) ). And I run Windows almost all the time on my main daily-user machines (I run Linux on a couple of personal servers.) My just-barely-computer-literate 76 year old mother also does not run AV software, and has never had a virus or malware...and various flavors of Windows is all she's ever used.
Yes, Microsoft needs to do a better job on security. But saying its a Windows problem is a polite way of saying 90 percent of computer users are too embarrassed to take responsibility for their own stupidity.
Re: No, you don't need AV, even on Windows (Score:2)
Re: (Score:2)
Re: (Score:3)
Unread email never touches my machines. I read email via the web. Anything I want to save is then invited on to my machine. Ad servers used by sites like CNN and The Weather Channel are blocked in my HOSTS. Anything that requires a 3rd party extension to run inside Chrome requires my explicit permission to start. And those are things even a total n00b can do.
Oh, and here's the number one way I tell people to avoid spam and malware. I **NEVER** **EVER** install browser toolbars. In fact, when someone calls m
Re:No, you don't need AV, even on Windows (Score:5, Insightful)
While I agree with the general sentiment, it would be more accurate to say that you've never noticed a virus or malware on the machines, rather than you've never gotten them.
Re: (Score:3)
Then by your statement, I would ask the same thing of people who run only Linux or OSX and swear they've never had a virus or malware. Don't tell me all Linux users check the source code, apply updates regularly, read their log files, etc etc. Because I've been in this rodeo long enough to know that the average Linux or OSX user pays as little attention to things like that as the average Windows user.
Ummm, not at all (Score:5, Insightful)
Anti-virus is still extremely useful. It is not an end in and of itself, it isn't a panacea that will keep you safe from everything, but it is a useful layer of security. The only true defense that has any chance is defense in depth, layers of security. So that when one layer fails, and they WILL fail there's no perfect security, other layers stop the problem.
AV is a useful layer. It screens for known threats and good AV gets that list updated multiple times per day. So it can flat out stop any known threat from getting on a system. It can scan things as they download, before they execute, and block known threats.
That is useful, particularly against the kind of threats normal users face. They don't usually face highly specialized and targeted threats, they face something that sneaks in through a bad ad in a compromised ad network or the like.
We make plenty of use of AV at work and it has done a great job cutting down on compromised systems, and cleaning up systems that do get compromised (which generally don't have AV). I certainly wouldn't rely on it as the be-all, end-all, but it is a good layer of security.
It's also a pretty cheap one. You can have MSE for free, which has about a 90% catch rate, or for $40ish per year you can get one with a much higher catch rate (NOD32 being my preference). That's not a bad price for a useful layer of security.
Re: (Score:3)
Firewalls, AV, Good practices, Awareness (Score:2)
All of these are necessary and none are a substitute for one-another. And even in concert and combination, they are not 100% effective and never can be.
The fact is, there are people who think the ability to get beyond security measures is tantamount to the "right" to break, enter and utilize. That is the source of the trouble. And until those humans are addressed effectively, there cannot be any progress against the problem. And why isn't that happening? Should be obvious.
With government writing themse
Shift from blacklists to white lists (Score:2)
Rather then looking for and identifying bad software... look for and identify good software. White lists deal with zero days. Set up security so that all unknown code is forbidden. Obviously let the user if they have permissions exempt unknown code from the security. But anything else... no execution.
Include scripts, etc.
Good design (Score:2)
It seems to me that anti-virus would be a waste of time in a well designed system. Binaries should be protected from modification. Applications with built-in VMs (like browsers) should be secure and with separate memory protection (like Safari). If a vulnerability is discovered in one of these puzzle pieces then the correct solution is to patch the vulnerability. The patch should be provided with the same speed as any upgrade to anti-virus signatures. And if you don't patch a major vulnerability in time...
Alternatives (Score:3)
There are currently two solid alternatives to traditional AV. Unfortunately, one is not suitable outside of a well-managed (i.e., corporate) environment and the other probably would not work in a full-featured computer environment.
1. Whitelisting: Application whitelisting is really, really effective. There are ways to circumvent it, but that's true of just about any technical security control. The problem with it is twofold: one, someone needs to develop exactly *what* that whitelist is, and the average home user isn't really up to the task. Bit9 (the leader in the space) has gotten around this to some degree with a cloud-based archive of "known good" files and processes, but your standard home user will still run into a lot of things they don't recognize when they install. And what if one of those things is actually an existing infection? Then they will probably add it to their whitelist...or, on the other hand, err on the side of caution and end up breaking valid software on their systems. The odds of them hitting it exactly right are very small. And even then, they have to maintain the whitelist...so if they're taken in by that "YOU NEED TO UPDATE YOUR VIDEO CODEC LOL" popup window, they'll invariably end up authorizing whatever file gets downloaded ("'Trojan_video.exe'...sounds legit to me!") and infecting their system anyways.
2. The "Walled Garden" Model: In a lot of ways, this is like whitelisting built into the underlying OS, with the OS manufacturer being the custodian of the whitelist. This is how iOS works, so it's actually a proven model. There's only been one discovered instance of malware that's slipped into the App Store, and that was easily eradicated with the press of a button back at the Apple mothership. But on the other hand, there are ancillary effects to forcing all devs to go through a single clearinghouse for software. Apple's cut of the profits, and their cut of any revenue passing through any app sold through the App Store, are obvious issues, but the antitrust risk of a PC OS with only one place to go for software is a latent...and larger risk, going forward. One court decision can break the model entirely; if Apple doesn't collect at least some money from developers, then there's no money to support the App Store and the activities around it. But if there's no central authority, then there goes the chain of trust that's necessary to maintain the safety of the OS. And there's complexity in a PC-based OS environment that you don't find in a tablet or smartphone; in the tablet/phone model, each application is an island, separate onto itself for the most part. You don't have browser plugins, underlying execution environments or interpreters (Air, Java, .NET, Python, Perl, etc.).
Either way, the "blacklist" approach doesn't work. It's all fine to point out that other things (firewalls, IPS, etc.) need to be in place, and that's true...but malware is its own threat, and cannot be fully addressed by solutions that only focus on the attack. Applications will have vulnerabilities; railing against this hasn't accomplished anything in two decades. People will make mistakes, or be social-engineered into doing things they should not do. Supply chains will become infected (remember cameras, USB drives, etc. that have come with malware?) and sometimes those mistakes will affect people besides the mistake-maker. So there needs to be a way to address malware itself.
There are two approaches that, while theoretical, also hold promise. The issue is that they are pretty much theoretical; there's no existing implementation of either of them on any scale, or as a deployable off-the-shelf technology today.
3, The Managed Immunological Response: Assume that malware will exist, and somehow get onto systems. Most complex organisms hold pathogens within themselves that are harmful...and in many cases, even contain them in a symbiotic relationship. Eradicate E. Coli from a human's lower GI tract and they'll develop problems, for example...but E.
Re: (Score:2)
Your analysis seems to assume that there are apps, and that is it. But in reality there are apps that are virus hosts in themselves. VB within Excel. Javascript within browsers.
AV is dead. (Score:5, Insightful)
First, let me start off with the Notion that All Antivirus sucks. Regardless of the brand, or the Reputation, If you gave me an hour or less and a windows PC with any Antivirus app on the market on it, pay or free, I will give you an infected box. So why does this happen?
1) Hot, Fresh, Just for you! This is not just a slogan you see on McDonalds made to order burgers anymore. Today's Virus Obfuscation techniques are so fast and random, that when you activate an payload dropper (whether it be a Flash, Java, Website, Browser exploit or even a Trojan installer) The Payload that you get will only be statistically seen only once. You and only you will get that version of the virus even though it's using a well known virus kit that would be detected if it was not obfuscated. This technique is the reason why no AV firms detect the Fake antivirus variants or FBI Warnings or cryptolockers of the past even though all of the major codebases were detected by most AV Firms.
2) I'm an Necessary App! People need me to change their search engine, hijack their DNS, spy on them, and pop up ads randomly all over the screen and websites! [slashdot.org] Read the Slashdot Journal link for some insight on how adware gets on people's PC. Let me make something clear here. Adware is a Virus When a customer comes into my shop and has something like Conduit searchprotect, or Wajam on their machine, I tell them that's a virus because it is. They didn't want it, they got it and it's doing things they don't want. Sounds like a virus to me, yet just about every AV Firm ignores these and lets them gleefully install because they're afraid of getting sued by one of these companies so instead they make guidelines to let them slip through. [technet.com] The first AV I find that reliably removes all Adware as well as viruses without me having to manually remove them or fallback to a removal tool (like ADWCleaner, which is now starting to miss stuff as of late) I will sell in my store.
3) In Soviet Russia, Trojan Exploits You! [slashdot.org] This Journal link has been on my sig for years now, and is the primary reason why AV doesn't work anymore. This week alone I had no less then three of my customers Directly call Fake Support Scammers [youtu.be] because their PC / Printer / Camera didn't work, and they called the phone number on the first link (The Ads) they saw when they searched for "(PC / Printer / Camera) Support" and if you're letting the bad guys in to physically touch your own box you're already screwed and no AV on earth is going to save you.
Right now, I'm telling people three things:
1) Install MSE All AV sucks, The only question is how much do you want to pay for something that sucks. MSE is free, at least blocks most of the ultra bad stuff and doesn't pop up ads of any kind so it's what I install.
2) Install Adblock on all browsers I install Adblock Plus on any machine that leaves the store. if you're going to infect yourself chances are an Ad is going to lead you there. Blocking the ads blocks most of the infection vectors off the bat.
3) Don't Download or Install anything. There is no safe place I can direct people to download files without getting some sort of Adware Virus. This is easier to tell users rather than pay attention to what you download. (See #3 to understand) If they protest, go to your PC, go to ask.com with your adware blocker turned off, type in any program you would think they would download (I use VLC Media player. It never fails to show me adware links) and have them pick the download link, when they get it wrong (chances are they will) download the file and send it to virustotal.com. chances are one of the scanners will detect the Adware dropper from the fake site, Then drill it home about not downloading anything.
4)
Compliance (Score:2)
Bad Security Model in the first place (Score:2)
The root cause is that the security model of Unix that everyone copied isn't compatible with the modern world. The OS never asks what resources you want to allow a given program to access, instead it ass-u-me-s that it should have full run of everything, and just trusts the program to do the right thing.
So antivirus programs were invented to serve as a "no-fly-list" type system.... only programs on the list are stopped. This worked well until methods for changing the signature of programs got up to speed.
The real problems go deeper (Score:3)
One major problem with security is that the permission model on both Windows and Unix doesn't really give you the tools you need to keep yourself safe. We're still stuck in the 1970s university mentality where the user is assumed to have written or at least compiled the program themselves, and is supposed to have a good understanding of what it does. The program is assumed to be operating as an agent of the user, so it inherits all the user's permissions. On modern systems, with semi-trusted and untrusted code downloaded from the Internet, this assumption is absurd and dangerous.
Rather than the program inheriting the user's permissions by default, a decent modern security model would instead restrict it to a sandbox unless it was explicitly given permission to get out – and even then the user should be given veto power over specific sandbox breaches. (Android used to work like this, but Google dumbed it down for reasons that are not clear.)
By default, a program should only be able to do the following:
Anything else – Internet access, ability to freely read and write to files/folders, ability to get keyboard input when not in focus – should require explicit user permission. And the user should have the option of unchecking any or all of these authorizations and continuing to run the app without it being able to do those things. These permissions should be as fine-grained as possible, so an application could have permission to only read certain specific folders, or could be allowed to access the Internet only through a particular API (say, for handling registration or online high scores) and only for certain domains.
Never mind the quantity, feel the quality (Score:4, Interesting)
Re:Never mind the quantity, feel the quality (Score:5, Insightful)
"only 40% of its versions can be stopped by antivirus software" Take a general case. What proportion of crime is stopped by the police?
Bad analogy. Antivirus software is designed to stop virus infections, but the police are designed to make arrests, not to stop crime.
Re:Never mind the quantity, feel the quality (Score:5, Informative)
The main subset is in fact crime prevention.
Incorrect. In fact, the US courts explicitly ruled [firearmsandliberty.com] that the police do not have a duty or obligation to protect anyone, or prevent any crime.
Re:Never mind the quantity, feel the quality (Score:4, Funny)
That's why they , hold various campaigns, negotiate with relevant parties in domestic disputes and so on.
LOL I missed that in my first reply. You've really been sold a bill of goods, and bought into some specious marketing claims
patrol the streets
Very little of police resources are used for this type of activity, but when it is, it is more properly termed "looking for someone to arrest for something."
hold various campaigns
...In an attempt to "improve their image". You've obviously bought into this marketing, but many people have not [sky.com].
negotiate with relevant parties in domestic disputes
There are now federal rules (Violence Against Women Act) that generally requires an arrest to be made when a domestic call is made. The "negotiation" you're so fond of the police conducting is basically an exercise of "deciding who to arrest" and "collecting evidence on the perp". The only "prevention" aspect of this is that someone gets locked up, and prevented from beating up their domestic partner again for a day or two.
Re: (Score:3)
GP's question is a good analogy. Police can only solve crimes that have been committed. Antivirus only fixes problems that have already been identified.
Re:Never mind the quantity, feel the quality (Score:5, Insightful)
Re: (Score:3)
Well, I'll complain that heuristics just don't seem to work. Or, at the least, I've not been exposed to a heuristics program that really works.
The rest of your post makes sense to me. Most AV's do indeed hog resources, sometimes to the point that a rational person wonders why he even bothers.
Common sense protections such as you mention are the first line of defense. The wife has gone back to Windows 7, after several years of Linux. She recently complained of some stupid thing or another, and during our
Re:Never mind the quantity, feel the quality (Score:4, Interesting)
I always log on as admin on my home machine. The only time I ever got a virus on a machine was back in 1990s, where I got hit by a floppy virus that did nothing except propagate itself.
I also got owned once when I reinstalled XP on network that was completely open to the internet and forgot to unplug the PC during the installation. That installation got owned before I installed firewall in a very obvious way - it started throwing porn ad popups everywhere. I nuked the drive with format c: and reinstalled after about 20 minutes with PC unplugged.
But I haven't gotten owned once because I run as a full admin. It's more risky, sure, but it's far more comfortable to use. And security is always a trade off between risk and comfort, and safety and discomfort. And if you're smart enough at using your PC, using it as an admin, and installing from other sources is quite safe nowadays.
You may accept the discomfort that comes with your degree of safety. Many of us don't. And many of us are in fact smart enough not to get owned even at our lower safety level.
Re:Never mind the quantity, feel the quality (Score:4, Insightful)
I always log on as admin on my home machine. [...] It's more risky, sure, but it's far more comfortable to use.
This, of course, is because of the terrible decision by Microsoft to make everything wonky if you aren't admin, leading everyone and especially their mother to run as admin despite the dangers. This lead to the ironic situation where people with the most access were the least qualified, while highly qualified individuals got lesser access. Windows 7 is somewhat better about that, thank goodness. Conversely, Linux did the reverse by making things wonky when your run as root, so people don't do it unless they have to.
Considering that it takes almost zero time to request privilege escalation on the few occasions that it is needed, and that this would happen simultaneously with things that generally need "are you sure" style prompts, it really isn't that much trouble to say "escalate+yes", rather than just "yes", it is a tiny price to pay for a lot of safety.
Re:Switch to linux / OsX. (Score:5, Informative)
Never seen viruses on Linux.
I have. And that's on desktop GNU/Linux with its ~2% market share. If you look at mobile Linux (Android) the situation is much worse.
Linux's Security (Score:2)
I've been using for 10 years and haven't seen it either.
Would you even know? Perhaps if it's like Windows malware, where you end up with so much of it that the computer is unusable, but what if you only end up with one piece of malware which is careful to do things covertly?
Ten years ago you may have been able to spot malware with a simple "ps -A" but I don't even look at the output of that command anymore. There's so many processes running on my computer that any of them could be malware and I'd have no idea. ...and that's talking about malware that doesn't b
Re: (Score:3)
ESET has a Linux anti-virus, which I have used. In the past I used Avira, but they've discontinued their Antivirus for UNIX product.
Re: (Score:2)
Since version 9 (they are up to version 14 if you haven't been keeping track) all code that runs in Flash is sandboxed.
Still doesn't prevent security problems though.
I think it goes without saying - if the blood is in the water (meaning your product is heavily targeted) there really is no such thing as a totally secure product.
Re:Switch to linux / OsX. (Score:5, Insightful)
Re: (Score:2, Interesting)
Which will last exactly as long as it isn't profitable to make a virus for it.
If everyone swapped to a certain distro of Linux, I'd be willing to bet you'd have major problems within a week.
This old Trope again; completely belied by the facts that:
There are several major things;
Re:Switch to linux / OsX. (Score:5, Insightful)
Which will last exactly as long as it isn't profitable to make a virus for it. If everyone swapped to a certain distro of Linux, I'd be willing to bet you'd have major problems within a week.
Actually, compromised Linux systems are in high demand because they make great botnet command and control servers. They're far more valuable than a compromised Windows box.
Also, the assumption behind your assertion is easily demonstrated to be untrue. MacOS had major virus problems, in spite of being much less popular than Windows. OS X has almost no viruses, in spite of being much more popular than MacOS. Android is a great case study: The dominant Android versions, using the Google Play store only, have no significant virus problems, while the much, much less popular Chinese devices have lots. iOS, of course, has basically none, and it's a far more attractive and profitable target than Chinese Android devices. It's less popular than mainstream Android, but given the demographics of the platforms is probably more attractive.
Market share has basically nothing to do with vulnerability to malware.
Re: (Score:2)
Oddly, I've never seen a virus on Mac OS, while I have seen trojans that targeted OS X. It could just be internet exposure though - I know more people connected to the net with OS X then I did with OS 8 and 9.
Re: (Score:2)
Yeah, it probably is due to that effect. The only time I've ever had an infection was on a Mac OS 9 box, which got infected via a downloaded file that was loaded onto the computer via floppy disk. I've seen a handful of OS X trojans and whatnot (though haven't been infected by any), but from what I've read in reference material, they're FAR less common than they were back in the Mac OS days, despite the fact that OS X is significantly more popular and significantly more accessible to black hats than its pre
Re: (Score:2)
Big difference in a lot of things anyway - just think how much legacy stuff was dumped for one when OS X came out that OS 9 still had. Another thought (although minor) is that OS X will no longer run PPC programs - any malware that was built for PPC is gone. Third, I think that everyone in general takes security more seriously these days.
Re: (Score:2)
Which will last exactly as long as it isn't profitable to make a virus for it.
If everyone swapped to a certain distro of Linux, I'd be willing to bet you'd have major problems within a week.
Then why isn't there "major problems" with CentOS / RHEL which are on the majority of computers connected to the internet? Because they are running an Apache webserver instead of a Gnome desktop?
The truth is, Linux computers are heavily represented on the internet yet we still don't see anything significant in the way of Linux malware.
Re:Switch to linux / OsX. (Score:5, Interesting)
Mostly 'cause it's not profitable. Too small a market. Same reason why business software is rare for Linux (desktop, at least): No market.
As for "but it's more secure because you don't need root for every shit": The current big thing, cryptolocker, would work just as well on Linux. It needs no special privileges, all it needs is to run as the current user to encrypt all of the current user's documents and hold them for ransom.
I don't want to start the flamewar of whether Linux is more secure than Windows. Mostly because it does not matter jack. Linux could be the most insecure OS on the planet and still Windows would get the bigger share of malware. Simply because it is the bigger market.
cryptolocker solution (Score:2)
... The current big thing, cryptolocker, would work just as well on Linux. It needs no special privileges, all it needs is to run as the current user to encrypt all of the current user's documents and hold them for ransom....
There is a solution for this class of malware, but it isn't anti-virus. Since cryptolocker only damages user data, the operating system should provide a secure and automatic backup of the user's data. Any time a user's file is changed, the new version is recorded on the backup, with its date. From the user's point of view, the backups are read-only, so malware can't damage them, and the user can retrieve an old version of a file at any time.
Re: (Score:3)
Windows does basically this. Volume Shadow Copy Service.
I have used it to recover machines from cryptolocker.
Re: (Score:2)
There is a solution for this class of malware, but it isn't anti-virus. Since cryptolocker only damages user data, the operating system should provide a secure and automatic backup of the user's data. Any time a user's file is changed, the new version is recorded on the backup, with its date. From the user's point of view, the backups are read-only, so malware can't damage them, and the user can retrieve an old version of a file at any time.
I hope you are aware that this could go wrong in terrible ways: there are some files that you actually want to have only in encrypted state. If your operating system always keeps a backup of their unencrypted versions, you may be secure against certain kinds of ransomwares, but open to all kinds of other data leakage.
Re: (Score:2)
There is a solution for this class of malware, but it isn't anti-virus. Since cryptolocker only damages user data, the operating system should provide a secure and automatic backup of the user's data. Any time a user's file is changed, the new version is recorded on the backup, with its date. From the user's point of view, the backups are read-only, so malware can't damage them, and the user can retrieve an old version of a file at any time.
I hope you are aware that this could go wrong in terrible ways: there are some files that you actually want to have only in encrypted state. If your operating system always keeps a backup of their unencrypted versions, you may be secure against certain kinds of ransomwares, but open to all kinds of other data leakage.
Actually, I'm not. I was imagining that my PC, including its secure backups, is under my control. If I take a portable computer out into the world, I don't take the backups with me; they stay in my secure location. If I modify files while I am away, there might be a way for them to be sent back home, but if there isn't the data is backed up when I return.
What am I missing?
Re: (Score:2)
Mostly 'cause it's not profitable. Too small a market. Same reason why business software is rare for Linux (desktop, at least): No market.
Get ready for it........Bullshit.
Linux could be the most insecure OS on the planet and still Windows would get the bigger share of malware. Simply because it is the bigger market.
How long you guys going to declare an insecure system secure because it's popular?
Tell us all about the linux servers. If they are as secure as Windows, we should see an equal number of viruses. Lots of those servers out there. But your reasoning is that no one is writing virii for them because there are a lot more windows machines in the ecosystem.
Instead of spouting microsoft fanboi swill, why don't you do a little research. Don't simply look at the desktop numbers, l
Re: (Score:2)
Mostly 'cause it's not profitable. Too small a market. Same reason why business software is rare for Linux (desktop, at least): No market.
Get ready for it........Bullshit.
Linux could be the most insecure OS on the planet and still Windows would get the bigger share of malware. Simply because it is the bigger market.
How long you guys going to declare an insecure system secure because it's popular?
Tell us all about the linux servers. If they are as secure as Windows, we should see an equal number of viruses. Lots of those servers out there. But your reasoning is that no one is writing virii for them because there are a lot more windows machines in the ecosystem.
Instead of spouting microsoft fanboi swill, why don't you do a little research. Don't simply look at the desktop numbers, look at the total numbers of computers. Look at the server side of computing while you are at it.
There are plenty enough of OSX and Linux machines out there to make them an attractive target.
The reasons that Windows is used more often is that it is more insecure to start with, and for whatever reason, more of it's users are likely to enable malware that they see on a website or gets mailed to them.
You might not believe that. That does not make it untrue.
Wrong...
The argument that "Linux is more secure because it gets less viruses when there are as many Linux boxes (or more) in the wild vs Windows when you consider servers and clients" simply falls flat on its face when you consider the attack vector, infection rate, and profitability.
The part that you are assuming in your argument is that it would be just as profitable to target servers (Linux, Windows, etc.) as it is to target clients. This is simply an incorrect assumption. The difference is that very f
Re: (Score:2)
As a follow-up, I'm not saying that Linux isn't more secure than Windows. It probably is. All I'm saying is that the argument that it's more secure because there are less viruses is a poor one. All this means is that it is attacked less.
Re: (Score:2)
The vast majority of virus, trojan, botnet, and other infections today happen due to user activity. Also, the majority of the profits come from either getting credit card information and/or banking information. This is the low hanging fruit of the virus writers. They have found that the best attack vector is the user through spam and malicious web pages.
Do linux users not get spam? Do Linux users not go to web pages? If Linux and OSX are only "secure via obscurity", would not the user activity be absolutely equal regardless of OS?
Re: (Score:2)
Re: (Score:2)
Unless of course, the script has an exploit to give itself root access - which plenty of such are frequently being patched.
Re: (Score:2)
Microware OS9 running on a radio shack color computer in 1984 had module white listing. It used CRC but it was a step in the right direction. Too bad it took Microsoft decades to catch up.
Re: (Score:2)
As much as people like to bash Windows, I'd estimate that 99% of malware can be avoided if the user knows what he's doing.
True, but not particularly helpful since 99% of the time the user does not know what he's doing (at least, not from a computer-security standpoint -- all the user typically knows is that he's trying to accomplish task X, and here's a dialog that says it can help with that task if he clicks OK...).
Re:It works (Score:5, Informative)
Re: (Score:2)
Re: (Score:2)
Are you so sure? Norton will quarantine files that aren't even infected or malware. I found this out when trying to install some hardware drivers that were flagged and deleted on my behalf because it provided a "bad experience" for other people.
What a sorry POS that software has to be that it justifies its existence by creating fake drama with intentional false positives.
Re: (Score:2)
That would be a veritable nightmare. Not to mention that contemporary OSs would need a total rewrite to even come close to working with this idea.
Re: End state and private capitalism. (Score:4, Interesting)
Re: (Score:2)
Re: (Score:2)
The experiments in large scale communism have been the opposite of what the GP requested. They typically have reinforced selfishness and greed even more than capitalism as they are needed to survive rather than just to thrive.
Re: (Score:2)
Excessive reproduction isn't really a problem in countries with relatively high standards of living, lack of reproduction is closer to being a problem.
Illegal immigration wouldn't be a problem if the basic income were only provided to citizens. Especially if it meant that jobs paid considerably less.
The bigger problem is paying for it. Since workers wouldn't need to be paid as much, employers would be the likely targets. However, taxing by headcount would result in under-the-table employment. Taxing by i
Re: (Score:2)
Apple alone shifted $54B offshore to avoid US taxes. If we closed tax loopholes but LOWERED corporate taxes, we would have more than enough to pay for it.
Re: (Score:2, Offtopic)
He said universal basic income, which is certainly not high enough to allow anyone to buy anything they want. There would still be a divide between rich and poor with such a policy.
BTW I don't think basic income has ever been tried. Certainly massive nationalisation of all industries a la Soviet communism is not it.
Re: (Score:2)
I read somewhere that the average wal-mart relies on over $420,000 dollars a month of public assistance for each store for their employees.
Re: (Score:2)
BI is different to social security in one crucial way - you get it regardless of need. Even rich people get it. That's why it fundamentally can't reduce the divide between rich and poor. The idea is to break the cultural link between receiving income from the state and being a layabout.
Re: (Score:2)
In the future most if not all products will be produced by robots. I doubt that the robots will be demoralized enough to quit. I think people will live underground in almost 100% secure buildings. The shell of these buildings will last for centuries and require less than half the energy of today. Every need will be delivered to the occupants. It will not be utopia since there will be little need for the occupants to leave their dwelling. They will become bored with their existence since there will be no pro
Re: (Score:3)
You say that like it'd be a bad thing.
Re: (Score:2)
Sure, I'm a hoarder, chances are I might have something I no longer use but would be happy if it helped you. Maybe you have the same situation?
I'm in Montreal.
Re: (Score:2)
It can be debated WHY Linux has almost no viruses, but the fact remains that it is much less impacted. Since you don't need AV on Linux it tends to run faster.