No anti virus product is perfect

Off an anti virus blog site so not my words :wink: but I agree with the fact that every anti product out their is not perfect the user is definatley a strong part of the equation.Just some pearls of wisdom ! I myself use avast home ā€¦

if you havenā€™t figured this out yet (and apparently most folks havenā€™t) there is no such thing as a perfect anti-virus productā€¦ they all fail to stop a virus at one time or another either because the virus is too new, or it spread in ways that the anti-virus couldnā€™t do anything about (network share enumeration, exploits, etc), or a host of other reasonsā€¦

for years now iā€™ve seen people ā€˜discoverā€™ the lack of perfection in their anti-virus and the overwhelming response to this is to jump ship and try a different productā€¦ the assumption is that because their anti-virus didnā€™t protect them there must be something wrong with it and they should try and find a better oneā€¦

the reality is that no matter what product you use, or even how many you use, your anti-virus product will fail at some pointā€¦ the fact that it failed to prevent an incident (or 2 or 4 or however many it failed to prevent) does not necessarily mean thereā€™s anything wrong with the product - it could be that thereā€™s something wrong with the userā€¦

the security of a system is only as strong as itā€™s weakest link and most of the time that link is the computer operator - either s/he takes unnecessary risks, or s/he doesnā€™t keep the anti-virus up to date, or s/he doesnā€™t take any other safe-hex measures, etc . . . thereā€™s only so much these products can do to protect someone from themselvesā€¦

iā€™ll be blunt - the knee-jerk reaction to blame the anti-virus for failing to prevent a virus incident needs to changeā€¦ users need to start asking themselves if there was something they could have done to prevent the incident - some security precaution they could have taken, some policy they could have put in placeā€¦ the anti-virus should not be the sole defence against malware, it should be one of many and it should be the one that acts when all other measures fail to prevent the incidentā€¦

and what other measures are those?

  1. the use of a firewall
  2. the closing of network shares and unnecessary ports
  3. keeping up to date with security patches and the migration away from the most often targeted applications (to minimize the impact of patch maintenance failure)
  4. minimizing the amount of outside active content (applications, word documents, excel spreadsheets, etc) that are introduced into the system
  5. turning off unnecessary active content support in your browser
  6. not accepting attachments from strangers
  7. not accepting attachments from legitimate contacts until after verifying that they intended to send it and what it is
  8. the use of strong passwords
  9. the scanning of all incoming material, preferably after a suitable ā€˜cool downā€™ period so that itā€™s novelty doesnā€™t play a part in avoiding detection of any malware that may be present

even after all that, you can still expect a virus/worm/malware incident once in a whileā€¦ no security is perfect, thatā€™s just something we have learn to accept and plan for (i.e. make sure you have a plan for disaster recovery)ā€¦

Hello The WhiteKnight,

I agree with you that all AV protection is a protection after the fact. People still look for another solution like an immunizing network solution, but this is still impractical or vulnerable on its own. Educating the end-user is the best policy, because they enable the present situation. For instance there is a safer alternate browser like FF. People have no spyware solutions, they did not install either Adblock or NoScript. Now spyware vendors use drive by installations of their scumware through pop-ups that look a bit like original MS prompts: ā€œClick here to continueā€ for instance. Crap onto your machine, only YOU are to blame, and because of the n33bs that do this everyday, we have scumware, malware, zombied nets, loose cycles everywhere, and our Internet experience has become one big litany of adverts and crap with a little tiny bit of real information in between. Alas that was my hiccup. I just wanted to say that the situation with software firewalls is likewise.

greets,

polonus

Hello polonus

I totally agree ! I use firefox myself and thunderbird . I was pretty sure it was the same situation with firewallā€™s ! I think if someone really wants to get passed your security they will alwayā€™s find a way . Even the most sensible users can get canā€™t out ! I can even speak from experience being cant out years ago with ms blast worm .

TheWhiteknight :wink:

  1. In the unlikely event that one does get throgh donā€™t let it inherit administrator privileges by default.

Whilst browsing or collecting email, etc. if you get infected then the malware by default inherits the same permissions that you have for your user account. So if the user account has administrator rights, the malware has administrator rights and can reap havoc. With limited rights the malware canā€™t put files in the system folders, create registry entries, etc. This greatly reduces the potential harm that can be done by an undetected or first day virus, etc.

Check out the link to DropMyRights (in my signature below) - Browsing the Web and Reading E-mail Safely as an Administrator. This obviously applies to those NT based OSes that have administrator settings, winNT, win2k, winXP.

Hi DavidR,

It goes without saying that going away from default settings, also where trusted zones and user rights (your pointhere) are concerned, actually can contribute enormously to security. Also whenever you do not completely trust a site or the contents have script disabled and pre-link scan with Dr. Webā€™s plug-in scanner or put the url into an online scanner: http://online.drweb.com/
AVX Scipt Wall & Scrip Trap help, and a good system monitoring program like System Safety Monitor. A well patched OS and all latest updates must keep you safe, but alas the only really safe computer is a computer disconnected from the Net.

polonus