CajunTek
Insane Cajun
Premium,MVM
join:2003-08-08
Arlington, TX
 ·RoadRunner Cable
| reply to Doctor Four
Re: Symantec executive: dangerous to run free antivirus
While I disagree with the statement that Free AVs are dangerous to run. I also disagree with the statement that the 2009 version of Norton is bad. Now I don't use it, (KAV user here) but I have friends who do and some with a much less powerful box than mine and have no hog issues at all. In reality a good AV (free or pay), and safe hex is going to make you as safe as you are going to be. Noting that safe hex may include other tools and should include a limited user account as well as the stuff here: »Security »How to Secure (and Keep Secure) My (New) Computer(s): A Layered Approach:
--
da Cajun Darn I hate Malware |
|
dadkins
Can you do Blu?
Premium,MVM
join:2003-09-26
Hercules, CA
·Comcast
1 edit | reply to MarkAW
said by MarkAW  :said by dds78 :
Why do people claim I've used xxx av product and never been infected, so therefore my av is great? How do you know that you've never been infected? Because the av never warned you? What if the av didn't detect the silent rootkit install while you were surfing your favorite pr0n site?
May be because these same people don't only depend on their AV they also use online scans and other tools.  KAV online, Housecall, various RK scanners - none of them ever find anything.
Can't begin to imagine why... huh?
Several AS/AM scanners - cookies! ONOES!!1
It has come down to me scanning my machines for entertainment. Nothing of any importance is ever found.
Maybe my machines *ARE* protected after all. 
--
Think outside the Fox... Opera |
|
StraitShoot
Who Loves Ya Baby? - Theo Kojak
Premium
join:2003-02-08
Clinton, MA
| reply to Doctor Four
He's full of it! Microsoft Security Essentials has one of the BEST detection and removal processes I can find.. I WILL NEVER Pay for AV software if I can help it! |
|
Mele20
Premium
join:2001-06-05
Hilo, HI
1 edit | reply to Name Game
said by Name Game :Symantec was hooking into the OS on winXP opening their own hole and choked on it with Vista. So far in 2009 they still play down every hole they open. You can have that "layer"..I have better things to do with my time... and when a user wants to rid themselves of the AV..they need a special cleanup tool to uninstall all the bits and crumbs left on the plate. That's bad programming. Security Advisories Relating to Symantec Products» searchg.symantec.com/search?site···&start=0Symantec Security Advisory SYM09-009, Specifically Crafted Archive Files can Bypass Initial Scans June 12, 2009 » www.symantec.com/business/securi···90612_00What all should know is that.. Symantec nonetheless categorises the severity of the problem as low and in its security advisory merely provides tips for possible workarounds, rather than releasing an update. Administrators should, for example, change their gateway settings so that damaged archives are discarded. The evaluation of such vulnerabilities is a major point of distinction between different anti-virus product vendors. Last year, F-Secure evaluated the risk from such a vulnerability as high. » msmvps.com/blogs/donna/archive/2···ans.aspx So Symanec hooked the kernel in XP. So did McAfee and many others. ProcessGuard (HIPS) hooks the kernel and that is why it won't work on Vista and that pisses me off. I certainly don't think Vista is more secure because it blocks me from using PG on it.
As for malformed archives posing a serious security problem, I disagree. As Symantec points out their real time scanner will catch it. Avira can't do 7zip and many other archives. I rely solely on Guard. Guard is the core of Avira. The on demand scanner is weak. What does it matter (other than ....gee, that cut it close feeling if left to Guard/Symantec's real time scanner) if Symantec can't detect within the malformed archive files until the user tries to execute them? What matters is that Symantec detects the baddie at the moment of execution. If it doesn't do that then I would be upset but other than the "Whew! That was close" feeling of letting it get down to the nitty=gritty before detection occurs - I don't see a problem.
--
"The same ferocity that our founders devoted to protect the freedom and independence of the press is now appropriate for our defense of the freedom of the internet. The stakes are the same: the survival of our Republic". Al Gore, The Assault on Reason |
|
sivran
Long Live The Suite
Premium
join:2003-09-15
Arlington, TX
clubs: | reply to jp10558
While I haven't noticed anything of that nature with SEP (yet ), I definitely have noticed the slowdown it causes. |
|
jp10558
Premium
join:2005-06-24
Willseyville, NY
| reply to DownTheShore
said by DownTheShore :Please everyone, whether you like Norton or not, get it into your heads that the current version of is is not the same bloated or slow versions of the past. It is a completely new beast. If you're going to complain about it, at least complain about the actual product, not your memory of it. Get off your pet horses and actually try it out, THEN complain about what you don't like about it. I'm just tired of sweeping generalizations being made about products that haven't been used in a decade. Why does every discussion about AV's have to turn into a "mine is best and your's is crap" fest?  Well, I can't speak to the Norton products, but IME the SEP 11 MR4 isn't anywhere near a step forward in resource use, and still has the random - I've stopped working, so reinstall windows to fix me problems.
--
Opera 9.62(Build 10467); Windows XP Pro SP3;Intel C2Q6600; 3GB DDR2 1066; 1M/128k DSL; Antivir Personal; Comodo Firewall Pro 3;Proxomitron 4.5j Sidki 2008beta,GPG ID:0x0A1C6EE3 |
|
MarkAW
Barry White or lil bratt
Premium
join:2001-08-27
Canada
 ·Bell Sympatico
·Cogeco Cable
| reply to dds78
said by dds78 :
Why do people claim I've used xxx av product and never been infected, so therefore my av is great? How do you know that you've never been infected? Because the av never warned you? What if the av didn't detect the silent rootkit install while you were surfing your favorite pr0n site?
May be because these same people don't only depend on their AV they also use online scans and other tools.
--
The greatest mistake you can make in life is to be continuously fearing you will make one.
Next to knowing when to seize an opportunity, the most important thing in life is knowing when to forego an advantage. |
|
dds78
@comcast.net
| reply to Doctor Four
Why do people claim I've used xxx av product and never been infected, so therefore my av is great? How do you know that you've never been infected? Because the av never warned you? What if the av didn't detect the silent rootkit install while you were surfing your favorite pr0n site? |
|
Name Game
Premium
join:2002-07-07
North Myrtle Beach, SC
| reply to Mele20
said by Mele20 :I'm a little confused here. What do those two links have to do with your claim that Symantec offers a free version of Norton? You must have been bitten really bad at some time to be so vitrolic regarding antivirus programs. Gee. You wanna cripple your computer with various lockdowns fine. But just bear in mind that not everyone wants to do that. Some prefer to use a layered approach as I was taught right here in this very forum many years ago. It worked then and it still works now. Sorry, that it didn't work for you but that doesn't mean it won't work for others. Never been bitten.. never been crippled..just the opposite and certainly have a full rich web experience..even those SWF you shun. An AV is not a layered approach..HIPS would be.
An AV is a liability proven over and over again at DSLR forums.
Symantec was hooking into the OS on winXP opening their own hole and choked on it with Vista.
So far in 2009 they still play down every hole they open. You can have that "layer"..I have better things to do with my time... and when a user wants to rid themselves of the AV..they need a special cleanup tool to uninstall all the bits and crumbs left on the plate. That's bad programming.
Security Advisories Relating to Symantec Products
»searchg.symantec.com/search?site···&start=0
Symantec Security Advisory SYM09-009, Specifically Crafted Archive Files can Bypass Initial Scans
June 12, 2009
»www.symantec.com/business/securi···90612_00
What all should know is that..
Symantec nonetheless categorises the severity of the problem as low and in its security advisory merely provides tips for possible workarounds, rather than releasing an update. Administrators should, for example, change their gateway settings so that damaged archives are discarded. The evaluation of such vulnerabilities is a major point of distinction between different anti-virus product vendors. Last year, F-Secure evaluated the risk from such a vulnerability as high.
»msmvps.com/blogs/donna/archive/2···ans.aspx
--
Gladiator Security Forum
»www.gladiator-antivirus.com/
|
|
dadkins
Can you do Blu?
Premium,MVM
join:2003-09-26
Hercules, CA
·Comcast
| reply to Doctor Four
avast Home(free) on all machines.
*NEVER* been infected.
No! I am not a security guru, and *YES* I do download "stuff".
I also click on nearly anything I think might be interesting.
I have even purposely installed known badware to see/show people what would remove it.
Symantec? Not on a bet! No fucking way!
--
Think outside the Fox... Opera |
|
Mele20
Premium
join:2001-06-05
Hilo, HI
| reply to Name Game
I'm a little confused here. What do those two links have to do with your claim that Symantec offers a free version of Norton?
You must have been bitten really bad at some time to be so vitrolic regarding antivirus programs. Gee.
You wanna cripple your computer with various lockdowns fine. But just bear in mind that not everyone wants to do that. Some prefer to use a layered approach as I was taught right here in this very forum many years ago. It worked then and it still works now. Sorry, that it didn't work for you but that doesn't mean it won't work for others.
--
"The same ferocity that our founders devoted to protect the freedom and independence of the press is now appropriate for our defense of the freedom of the internet. The stakes are the same: the survival of our Republic". Al Gore, The Assault on Reason |
|
Mele20
Premium
join:2001-06-05
Hilo, HI
| reply to Somnambul33t
Huh??? Avira for home users (all versions) doesn't do network scanning. That is the one thing I want from it, but I would have to buy Avira Professional (the corporate version) to get network scanning.
Perhaps, you are confusing Avira with Avast which does do network scanning?
--
"The same ferocity that our founders devoted to protect the freedom and independence of the press is now appropriate for our defense of the freedom of the internet. The stakes are the same: the survival of our Republic". Al Gore, The Assault on Reason |
|
Somnambul33t
L33t.
Premium
join:2002-12-05
Mullica Hill, NJ
clubs:
·Comcast
| reply to Doctor Four
awesome didnt know Avira 9 Personal now had malware protection...that's awesome.
Avira AntiVir is not perfect; i'm annoyed everytime it scans one of my torrents folder and picks up clean keygens as trojans, which is understood, but that doesnt honor the "ignore" option and constantly rescans that file forever. plus with its great network scanning i often have to add exceptions for that folder/specific files to my 2nd PC which shares that directory. no biggie but whatever.
--
Somnambulator - t3h 5133pw41k3r
The Stolen Eye TF2 Server
~Choosy moms choose Jif~ |
|
Name Game
Premium
join:2002-07-07
North Myrtle Beach, SC
1 edit | reply to DownTheShore
The concept of purchasing any signature based AV that requires constant update for a hit or miss level of protection from in-the-wild bad boys is one of the most impractical concept imaginable in the Security of an Operating System. They are a liability..not an asset and this has been proven too many times over the year.
There are many ways to lockdown your browser and protect the OS.
AV companies were late to the game from day one adressing malware.. if it was not a virus they could not handle it..for years they could not even spell trojan. So here we are in 2009 and they have their famous SUITES by buying up firewall companies and anything else to make their 'bundled package' and stay in business. Many of the paid versions have more holes than your OS.
Free works even for Symantec..
»pcworld.about.com/od/antivirus1/···offe.htm
»english.peopledaily.com.cn/20070···548.html
--
Gladiator Security Forum
»www.gladiator-antivirus.com/
|
|
Mele20
Premium
join:2001-06-05
Hilo, HI
| reply to Wolfie00
The free version has never had a firewall. Personal Premium which is the cheaper of the two paid versions does not have a firewall. The Suite has a firewall and it is adequate but lacks features and is not as easy to set up as some like ZA. I'm using ZAPro (I got it free for year on ZA's 10th Anniversary last November) with Avira free ver 9 on Vista and they work well together. On my host XP computer I use a router and classic HIPS and no software firewall.
I got a software firewall when most folks didn't even know what that was...even some technically inclined folks. I got Zone Alarm when it was brand new, and still in beta, back in 1999 for a dialup connection. So, I am used to having something to control outbound but when I discovered Process Guard, I moved to it instead. It doesn't work on Vista so I got ZA.
--
"The same ferocity that our founders devoted to protect the freedom and independence of the press is now appropriate for our defense of the freedom of the internet. The stakes are the same: the survival of our Republic". Al Gore, The Assault on Reason |
|
Wolfie00
My dog is an elitist
Premium
join:2005-03-12
| reply to Mele20
Thanks for an informative post. As a matter of my own information, when you say "The only things that the free version now 'lacks' is ... the not very good software firewall in the Suite" do you mean the free version has no firewall, or that it has a "not very good one"? From my other thread, I'm beginning to conclude that a decent outbound firewall is a pretty good thing to have! |
|
Mele20
Premium
join:2001-06-05
Hilo, HI
| reply to Somnambul33t
said by Somnambul33t :Avira uses the most advanced and proven malware engine on the planet and has a free version that doesnt really do Spyware. That was true through version 8. Ver 9 which went gold in March covers spyware in the free version. The reason Avira added it was because of Microsoft's new free AV. Avira personal free will also have the ProActive module. The only things that the free version now "lacks" is mailguard and webguard in the Premium version and the not very good software firewall in the Suite. I put "lacks" in quotation marks because I don't think Mailguard is needed - especially if you have Road Runner as all mail is scanned at the gateways and when sending. Webguard I think is redundant, unnecessary module there only to compete with other vendors who have it and ignorant users think they need it.
There is one thing bad about Avira free and that is the server situation which has gotten a lot worse since ver 9 was released. It appears to have to do with ver 9 Updater trying repeatedly to connect to IPv6 addresses even on XP when IPv6 has not been installed and even when the user's ISP does not support IPv6. Plus, there is still the ongoing problem when there is a large update and you can't get it. At least a manual update is not difficult. Ver 9 free takes up to 20 times longer to update a simple VDF than ver 8 (which appears to have to do with the IPv6 connection attempts). I have reverted to ver 8 on my XP virtual computer. (On my host XP Pro computer, I never tried ver 9 and do not intend to do so). Ver 9, for me, has less problems on Vista but others seem to have problems with it on Vista as well on XP where ver 8 seems to work a lot better for me at least.
--
"The same ferocity that our founders devoted to protect the freedom and independence of the press is now appropriate for our defense of the freedom of the internet. The stakes are the same: the survival of our Republic". Al Gore, The Assault on Reason |
|
Wolfie00
My dog is an elitist
Premium
join:2005-03-12
| reply to Doctor Four
said by munky99999 :Open source ALWAYS trumps closed source. It's simply a matter of time. With all respect, that's the most preposterous generalization I've ever heard, that verges on the totally ludicrous. You can declare anything to be "simply a matter of time" including the end of civilization as we know it. That's not a useful IT policy.
said by Somnambul33t :NOD32 and Kaspersky have very mature and effective engines comparable to Avira in most ways but do not offer free versions. Avira AV is more effective than Norton, MacAfee, Panda, etc. Never used NOD32. From my limited experience the other comparisons really have to be defined by specific products and specific expectations. Kaspersky is mature and effective, yes, and a good example of a high-value paid product -- but I'm put off by its intrusiveness and propensity to slow down unpredictable classes of applications regardless of whether they're put into the trusted zone or not. Whereas, as a counter example, Symantec End Point 11.x series is both efficient highly effective, whereas 10.x had significant vulnerabilities. I'm guessing (I don't know this for a fact) that the highly regarded and efficient Norton 2009 shares the same or similar basic scan engine with Symantec 11.x.
It's complicated, and the situation changes year to year. Those spouting broad generalities don't have a lot of credibility in my book, but credible product-specific information is always something that all of us should be looking for and appreciate when we get it.
I'm not in any way an expert in virus protection or security. But I've been around IT a long, long time.
--
"Never attribute to malice that which is adequately explained by stupidity" -- a corollary of Murphy's Law
"A dog is like a child who never grows old ... always there to love and be loved" -- Aaron Katcher
|
|
dean corso
join:2007-09-07 | reply to Doctor Four
He's looking out for his wallet, not the cyber safety of those running free AV. |
|
DownTheShore
Maddie Knows Poopie
Premium
join:2003-12-02
Beautiful NJ
clubs:
| reply to PX Eliezer
said by PX Eliezer :said by DownTheShore :Why does every discussion about AV's have to turn into a "mine is best and your's is crap" fest? Maybe I'm confused, but isn't that what the Symantec guy said? To put it in more childish terms, he started it! You folks know what I was talking about. 
Instead of debating why he might be wrong, and why free AV's and the like can be as good or better than paid versions - and which ones are and give examples of EXACTLY why, which would be most helpful to others - these type of threads always devolve into the "Norton/McAfee is crap/bloated/resource-hog and I'm smarter than the rest because I'm using a freeware AV/FW/whatever" smug responses. Those add nothing to the discussion except to point out the rigidity of some mindsets who are unwilling to let go of out-moded beliefs, even when others WHO ACTUALLY USE THOSE PRODUCTS have given first-person testimonials that prove otherwise.
I will concede that SOME freeware versions can be equal to or better than paid versions, but conversely there are more freeware versions out there that are worse - just because it's easy to offer a freeware AV in order to entice others to buy other products. and those who are not security-wise wouldn't know the difference. And let's call a spade a spade here, some of you are just plain cheap  and wouldn't pay for software even if God Himself guaranteed that it was the most perfect, useful, and efficient software ever in existence, because it's become a matter of personal pride not to pay for software.
--
Patriotism is not waving a flag, it is living the ideals
Bush & Co. didn't keep us safe - 9/11 happend on their watch! |
|
