Securify This! by Munir Kotadia

A hard look at the latest developments in IT security with a real world perspective.

Jul 06 21

Why popular antivirus apps 'do not work'

Posted by Munir Kotadia @ 16:38 70 comments

Antivirus applications from Symantec, McAfee or Trend Micro -- the three leading AV vendors in 2005 -- are far less likely to detect new viruses and Trojans than the least popular brands.

This has nothing to do with the quality of the software or how long it takes the respective firms to update their clients with signatures and other malware countermeasures.

AV companies continue to refine their products and most will tell you they stopped relying on purely signature-based systems many years ago. These days they use all sorts of clever methods to try and detect suspicious behaviour but the problem is that malware authors are also very clever. Very, very clever.

On Wednesday, the general manager of Australia's Computer Emergency Response Team (AusCERT), Graham Ingram, described how the threat landscape has changed -- along with the skill of malware authors.

"We are getting code of a quality that is probably worthy of software engineers. Not application developers but software engineers," said Ingram.

However, the actual reason why the top selling antivirus applications don't work is because malware authors are specifically testing their Trojans and viruses to make sure they can bypass these applications before releasing them in the wild.

"The most popular brands of antivirus on the market… have an 80 percent miss rate… So if you are running these pieces of software, eight out of 10 pieces of malicious code are going to get in," said Ingram.

Although Ingram didn't mention any of the leading losers by name, Gartner's figures for 2005 show that Symantec is the clear leader with 53.6 percent of the market. McAfee and Trend own 18.8 percent and 13.8 percent of the market respectively.

One vendor Ingram did mention was Russian outfit Kaspersky, which in the same tests managed to block around 90 percent of new malware.

According to Gartner, Kaspersky's market share is a lowly 0.7 percent.

Most large firms already use more than one antivirus application but I wonder how many use two of the Symantec, McAfee and Trend trio?

If you do then I suggest investing in yet another -- but whatever you do, stay well away from the bestseller shelf.

Advertisement

Print feature brought to you by Hewlett Packard

Talkback 70 comments

  1. Should we be supprised Anonymous -- 21/07/06

    I suppose we cant really consider that a supprise. It was only a matter of time

  2. But there is more Anonymous -- 22/07/06

    While malware as described here might have better zero day exploit results, these companies are the quickest to release new signitures.

    Additionally, running two virus scanners on a single system (especially if the combo is McAfee and Symantec) often causes an incredible loss of computing power because on access scanners are constantly scanning eachother and the files you touch. (VA1 scans file because you touched it, VA2 scans it because VA1 did, VA1 scans it because VA2 did, loop)

    1. Exactly correct Anonymous -- 23/07/06

      The article says that you would be safer using two AV programs. However, almost every AV program tells you that you *cannot* run another AV program when you run theirs.

    2. Real-life experience speaks volumes Anonymous -- 23/07/06

      I'm a computer repair shop manager for a mid-sized university, and believe me, I've seen it all. We provide SAV corporate edition for all faculty/staff/students. Occasionally, someone brings in their fairly new machine, claims it takes forever to load Windows and programs. One of the first things I check for is whether they're using a combo of SAV and McAfee. Those two rival programs are so completely incompatible with each other that they fight it out from the beginning and take your machine down in the process. After removing McAfee, the machine operates normally.

    3. Sophos Anti-Virus or NAVCE/SAVCE? Anonymous -- 25/07/06

      "SAV" has been used to refer to both Sophos Anti-Virus and Symantec's former Norton Anti-Virus Corporate Edition (NAVCE), renamed Symatnec AntiVirus Corporate Edition (SAVCE), please be clear.

      SAVCE sucks. It has large market share because it's cheap - and it's relative quality reflects it's pricing. Being cheap in security can be dangerous.

      I haven't the problems with SAV (Sophos) that I've seen with NAVCE/SAVCE.

      Also, with the references to using multiple AV products, be sensible, it means using different products on your servers, mail gateway, than on your desktops (e.g. Sophos on servers & mail gateway, and Trend Micro on desktops).

    4. SOPHOS & INVISUS Scott C. Graham -- 05/09/07

      Glad to hear someone mention Sophos! They are just one partner of INVISUS Direct along with others who are providing the average computer user with corporate grade protection with unlimited free tech support to manage it.

      M.I.S.S. is Managed Internet Security Services and it is the wave of the future for this industry because of the spiraling epidemic of global cyber crime.

      Apply your due diligence at:

      www.StopCyberCrimeSite.com

      Scott C. Graham
      Internet Safety Advocate
      INVISUS Direct

    5. You are right on the money! Scott C. Graham -- 05/09/07

      INVISUS Direct partners with Sophos and Sunbelt and they are like clockwork.

      They provide hassle free computing that is safe and fun again with corporate grade protection offered to the average computer user and small business owner for the very first time.

      Free unlimited Tech Support in the USA is another integral part.

      You can evaluate INVISUS Direct at:

      www.StopCyberCrimeSite.com

      Scott C. Graham
      Internet Safety Advocate
      INVISUS Direct

    6. not to mention.. Anonymous -- 27/07/06

      Try running Symantec and AVG on the same machine, and have one quaranite a file, and the other quarantine the others quarantine, over and over and over....

    7. Why do that? DaveJ -- 17/08/06

      The comments about running multiple AV solutions would not mean "simultaneously" of the same machine for exactly the reasons already ststed.
      It would be a good idea, as another correspondent has already mentioned, to have different server-side and client-side solutions; or for a single machine, a second, dormant AV product to run manually as a check on the active program (which would be disabled at that time!)

    8. two viruses were scanned on a single system Cynthia Kate Angus -- 26/10/07

      why did additionally two viruses become one?

  3. this article is misleading Anonymous -- 22/07/06

    This article does not specify what kinds of threats get missed. In addition, this article does not mention the way that malicious code is introduced into the system, both of which are factors that sometimes play a larger part in malware efficiency and damage than security software.

    I think that this article does more to mislead than inform. and recommending that users will be "safer" by avoiding the best seller shelf is bad advice.

    1. There is a difference between anti-virus and anti-spyware software Steven -- 24/07/06

      Yes, anti-virus software misses spyware. Go out and buy Mcafee or Symantec's anti-spyware software then. In the meantime, did anyone notice that using water in your gas tank is bad for your car?

    2. Rational arguments always win Anonymous -- 24/07/06

      If you intended to give a hate reply, you've achieved your purpose. In the meantime, this article is misleading as the gentleman said. Please don't spam us with your hate replies, the Internet is so full of.

      This article, and the one before that, "Eighty percent of new mallware defeats antivirus" are just BS, because the don't really argument their statements. Fair tests/benchmarks of the current AV software are done (couple of months interval) by Virus Bulletin - the famous VB100 Award. So how can you beat that. In the last test (June 2006 - Windows XP) McAfee, SAV and TrendMicro scored 100% detection. Then give me an reason to believe this author.

  4. Is he a used car salesman? Chris Buono -- 22/07/06

    While statistically sound, the logic here is absolutely ridiculous for anyone managing security for an enterprise. If it's not manageable, who cares how good it might be. Anyway, based on the logic of the author, it makes more sense to follow the loser. And when the loser becomes the winner (which will inevitably garner the attention of malware authors), just switch to another loser.

    Sure... I'll propose this to my management. We'll see how fast I find myself on the street.

    1. popular virus checkers Anonymous -- 14/08/06

      I appears from Chris Buono's comments that he believes that 'as long as it's manageable it doesn't matter how bad it is'. Popularity is all too often the result of expensive advertising rather than merit. I'll stick with NOD 32, especially as my ISP - who probably knows a bit more than Mr Buono - says it's the best.

  5. I whole heartedly agree . . . Jonathan Blue -- 22/07/06

    I've been a Sys Admin for 7 years and also do a lot of contract work for home Users. In my experience Symantec and McAfee are an absolute waste of money. Not only do they not catch viruses, they usually slow your PC to an absolute crawl. Especially if you get the full blown versions with AV, Anti-Spyware, Firewall, etc. They cause so many more problems than they fix the first thing I tell people is to just blow it away completely and get a product that works. (I usually recommend Nod32 by ESET).

    Go and read a write up on Symantec or McAfee's site about a virus, and on 90% of them, listed in their own write up the first thing virus writers do is disable the most popular AV programs.

    I do understand Chris's comments about Enterprise manageability, something Symantec has really pushed and does a decent job of, but others are coming on board and there are definitely better products available that can be used in an Enterprise.

    Would it be better to get a product that works and make a little more work for yourself, or try to explain to management why the entire forest has been down for two days because your AV product didn't catch the latest threat? Which of those do you think will lose you your job faster???

    1. Good blog and advice... Scott C. Graham -- 05/09/07

      Thanks for your articulate and reasoned answer; I find the same.

      Scott C. Graham
      Internet Safety Advocate
      INVISUS Direct
      www.StopCyberCrimeSite.com

  6. Malware and the BIG 3 Matt Bucko -- 22/07/06

    Maybe you should use NOD32 antivirus, it is working for me and my clients. 100% effective, probably not,but way more effective then any of the BIG 3. Oh yes, it does have a built in spyware/malware scanner

  7. What the? Anonymous -- 22/07/06

    What a load of rubish.

    Advising people to go with lesser known software, not because it's superior, but because.. Its less known?

    Here I was thinking we were past the point where main stream media pushed "Security through obscurity" as the way to go.. While we're changing our AV, perhaps we should switch all our machines to MAC and replace Office with Wordperfect?

    1. What the? Anonymous -- 24/07/06

      No, but you should switch Windows for Linux- and Office for OOO.

    2. Exactly... Jelena -- 01/08/06

      The last thing I read was that Microsoft fixed 56 security risks in IE... Come on people, 56 security risks after 15 years of making and remaking and remaking.. Preschool kids would of got it by now..

      Sometimes I think that all the bugs are there in order to make more money for the company/companies involved. If they would give us the product which would work perfectly, we just wouldn't bother to buy a newer better versions of their software.. and they would be broke in a few years..

      The only reason I am still using their products is because I have to, linux is better in many ways but it still doesn't offer good web/graphic design software.

  8. Malware Mike Worthington -- 22/07/06

    If malware authors are indeed so very very clever, how can we be sure that some of them are not posing as antivirus or antimalware providers?

    1. Rouge antivirus Anonymous -- 15/08/06

      Oh yes, they do so, they make programs that acts like a real antivirus or antipyware product. That's called rouge antivirus or rouge antispyware tools. Those will trick the user to pay some money by saying that the computer is infected or is in danger and if they would like to remove buy the upgrade blah blah blah. Some of them even displays a yellow bubble (as an urgent notofication in the same way as Microsoft displays when the firewall is not turned on or when a new update is available) so that it says that there is an infection on the computer and to remove click here. When you so you go to their website and you have to use your credit card to get rid of that message to keep popping up...

    2. Spyware Authors DO Pose as Anti-Spyware Providers Linda -- 28/08/06

      See: "Rogue/Suspect Anti-Spyware Products & Web Sites" at http://www.spywarewarrior.com/rogue_anti-spyware.htm There are a LOT less legitimate providers than suspect providers.

  9. My antivirus experiencies Anonymous -- 22/07/06

    My first antivirus was Norton AV 2005 - I have received full 1/2 year version with my notebook ThinkPad - 3 months later ( sept. 2005 ) I have received e-mail - and the Windows was totally down - notebook was rebooting each 5 minutes.
    After reinstall I have brought Symantec AV - after 1 month the same - virus destroyed my HDD.
    After 2nd reinstall of WinXP, I was looking for some antivirus test - I founded 100% Virus Bulletin test - and the winner of this test was NOD32 - so I brought it - my experiences? 100% protected PC.

  10. Kaspersky Anonymous -- 24/07/06

    I have to agree with the author from experience. I typically fix friends and familys computers which are bogged down usually with spyware and adware. The first thing I do is uninstall Norton and install Kaspersky. Upon installation it will usually detect hundreds of objects that NAV never saw. Also the preformace gain from the switch by itself is worth 5 times the price of the software.

    1. Kaspersky Ladybear -- 24/07/06

      I have to agree, had a friend turn me on about Kaspersky, about 4 months ago and it's great and works like a charm.

    2. Kaspersky Ladybear -- 24/07/06

      I have to agree, had a friend turn me on about Kaspersky, about 4 months ago and it's great and works like a charm.

    3. Kaspersky Ladybear -- 24/07/06

      I have to agree, had a friend turn me on about Kaspersky, about 4 months ago and it's great and works like a charm.

    4. Kaspersky Anonymous -- 07/08/06

      The best thing about Kaspersky is when it screams at you when it finds something nasty!

      AAAAARGH!

    5. INVISUS Direct...FYI Scott C. Graham -- 05/09/07

      I challenge you to evaluate INVISUS Direct, the first Managed Internet Security Services company providing the average computer user with corporate grade top to bottom.

      Hassle free computing that is safe and fun again allowing you to simplify your life and secure your lifestyle.

      Scott C. Graham
      Internet Safety Advocate
      INVISUS Direct
      www.StopCyberCrimeSite.com

    6. You think Kapersky is good... Scott C. Graham -- 05/09/07

      If you think Kapersky is good, take the time to evalutate INVISUS Direct at:

      www.StopsIdentityTheft.com

      Hassle free computing that will simplify your life and secure your lifestyle.

      Scott C. Graham
      Internet Safety Advocate
      INVISUS Direct

  11. Why popular antivirus apps 'do not work' Bill Sconce -- 24/07/06

    QA comes to virus writing.

    (Two articles, 7/19 and 7/21):
    http://www.zdnet.com.au/news/security/soa/Eighty_percent_of_new_malware_defeats_antivirus/0,2000061744,39263949,00.htm
    http://www.zdnet.com.au/blogs/securifythis/soa/Why_popular_antivirus_apps_do_not_work_/0,39033341,39264249,00.htm

    It's OK (sort of) for an operating system to be full of holes.
    Right? If every computer OWNER makes up for it with their own
    time and money, and with personal diligence, "keeping their
    antivirus package up to date"?

    Yeah, right. Anyone who intends to write an exploit capable of
    getting past antivirus programs can be certain of eventual success.
    All they have to do is ... unit testing! "QA", as it's called in
    the respectable world.

    "Unit Test 0: check that your new code slips by McAfee."

    Or Symantec. Or Trend Micro. Or several of them, or all
    of them. You simply hold off releasing your virus until it
    meets "minimum ship criteria".

    There's no chance that the "antivirus" will stop you. Testing
    PROVES that your virus will slip by. Users' machines are yours
    for the taking, nyaahaaaa. You can run as many test trials it
    takes. No one is watching; you have time. YOU have THEIR code
    to test against. THEY don't know you're coming. And the best
    part: the users will get the blame.

    Graham Ingram, general manager, CERT Australia, writes:
    "the bad guys, the criminals, are testing their malicious code
    against the antivirus products to make sure they are undetectable."

    (Oo. Are they allowed to do that?)

    "the most popular brands of antivirus on the market...have an
    80 percent miss rate."

    Eighty percent miss! (But CERT should know -- it's what they do.)

    "That is not a detection rate that is a miss rate."

    It's not possible, obviously, to to develop an antivirus to detect
    the signature or behavior of a virus which no one will see until
    after it has begun its infection. The antivirus vendors don't stand
    a chance. Analyses in the security literature show that a truly
    effective virus can take over the monoculture part of the entire
    Internet before the vendors have finished their coffee.

    But vendors are not unhappy. THEY like things the way they are: bugs
    are good for business. Customer anxiety is where dollars come from.
    Not just antivirus vendors -- one OS vendor, too, has gone into the
    antivirus business, turning bugs into a profit center. (How clever
    is that?) Vendors are not about to tell customers that there's a
    real fix, and that it's choosing non-buggy software.

    "This is the dilemma that is building up here and the success
    rate is becoming quite worrying"

    What's should be "worrying" is that an expert could be surprised at
    virus writers' "success". It couldn't be otherwise. Nothing could
    be more certain than eventual defeat of any "antivirus" program which
    you can bring into your own lab and test against, in privacy and under
    conditions and a schedule of your choosing. Perhaps you have to be
    clever to find a bug in the underlying operating system to exploit
    in the first place (or maybe not), but you only need to be persistent,
    to keep working, to prove that your exploit slips by so-called
    "antivirus" programs before releasing it.

    Eighty percent miss. Is there any business transaction other than
    PC software in which customers can be led to expect (and put up with)
    such gloomy results?
    </essay>

    One piece of good news. The miss rate will stop increasing in about
    20 more points.

  12. dangerous article Anonymous -- 24/07/06

    To simple test a security software as a means of testing it's effectiveness against spyware seems strange to me. I use one of the big 3 security systems plus separate spyware removers. There are free one's available and others that can be aquired. It is recommended just about everywhere not to use one sole spyware remover. This article should recommend costomers of these big 3 also use other spyware removers and provide a list a recommended products. We don't all rely on one company to provide everything.

  13. dangerous article Anonymous -- 24/07/06

    To simple test a security software as a means of testing it's effectiveness against spyware seems strange to me. I use one of the big 3 security systems plus separate spyware removers. There are free one's available and others that can be aquired. It is recommended just about everywhere not to use one sole spyware remover. This article should recommend costomers of these big 3 also use other spyware removers and provide a list a recommended products. We don't all rely on one company to provide everything.

  14. dangerous article peter -- 24/07/06

    If the reviewers goal is to test spyware protection then why are they only using these 3 security systems. I find it hard to believe that the article suggests us to throw away the baby because of one thing in the bath water. Anyone who reads up on reviews will know that you do not rely one one spyware remover. I am a customer of on of these 3 and I also have one free and one aquired spyware remover. So in reality I have 3 programs to cover some that may be missed by on. This article should be indicating that in the area of spyware protection these companies don't offer the best protection and recommend alternative spyware removers. Don't throw away your security system just because one area isn't as good as it should be, use an additional program for spyware.
    What's worse is that they are recommending us to select obscure security software just because it's not one of the top 3. I expeted a higher standard from this web site

    1. INVISUS Direct...FYI Scott C. Graham -- 05/09/07

      Peter,

      Out of the box, off the shelf and Free is on it's way out. If all of them did what they were supposed to do, we would not have a Cyber Crime Epidemic.

      Managed Internet Security Services are where this industry is headed with corporate grade software now available and affordable for the masses.

      You can apply your due diligence at:

      www.StopCyberCrimeSite.com

      Scott C. Graham
      Internet Safety Advocate
      INVISUS Direct

    2. Stop spamming Anonymous -- 11/12/07

      Thanks, Scott. We're evaluating anti-virus products now and I'll be sure to never ever use "INVISUS Direct". Stop spamming! Jerk.

  15. Traditional defense is out-to-date. Anonymous -- 24/07/06

    It was obvious that traditional ways of defense are out-to-date for at least one year. There are new and strong ways to be really protected from all the malware staff- sandbox HIPS. Thare are few realizations of this technique- DefenseWall, SandboxIE, GesWall, Bufferzone. It's defense rate is something about 100%.

  16. but why is it allowed to happen in the first place? Anonymous -- 25/07/06

    maybe i'm oversimplifying things, but could there be a setting that disables writing to the hard drive so malware can't be installed ?

    if a running program (excluding web browsers) doesn't request to save data, none should be allowed.

    if i'm reading web pages, nothing really needs to be saved ( who needs remenants of web pages saved when fast internet is available).

    if i'm reading my email.....this is tougher, but i think technology and education can safely gaurd this area.

  17. Malware vs. Trojan vs Virus Cowardly Bob -- 25/07/06

    Malware, trojans, and viruses are NOT the same thing. Norton Anti-Virus will ALWAYS miss malware and trojans. Why? Because it's designed to catch VIRUSES.

    Over the last ten years I've worked in environments that typically have 10-20,000 desktops. EVERY company used Norton as the corporate AV standard. Why? Because it's effective, and lightweight. Now ANY of the products that incorporate AV with Firewall, etc. IS a major resource hog. But if you're running a Firewall directly on your pc (instead of in a hardware device, something called a ROUTER), you have the Firewall in the wrong place.

    I personally support (family/friends) about 25 machines, all remotely. They all run NAV plus Ad-Aware and Spybot. All scheduled, and using the Ad-Watch feature to protect startup entries.

    Guess what? The ONLY person who gets viruses is ME. Why? Because I download shareware in ZIP files that sometimes have stuff in them. None of my other machines EVER see a virus, and the logs show that once a month Ad-watch or ad-aware removes or blocks a piece of scumware.

    The author of this article has done nothing but propagate misinformation and dealt in fear-mongering. But I just don't know why. Does he own stock in a competing product, or is he truly that lacking in knowledge?

    I don't where J. Blue has been that he hasn't seen NAV work (or other products like it), but I know of about 60,000 machines I've seen in the last 5 years that run fine with NAV, and rarely see viruses. Part of the problem is user behavior-they love to click on ANYTHING, even if it's an EXE from VirusMan...LOL

    It shouldn't be about user behavior, but unfortunately we live in a world that permits users to be admins. If we were to change that, we'd have very little trouble with such malware.

    1. NAVCE/SAVCE is terrible Anonymous -- 25/07/06

      Did you see what happens when Blaster or Welchia got on a machine that had NAVCE/SAVCE (Norton/Symantec AntiVirus Corporate Edition)?
      NAVCE popped up an alert saying it had detected it, but it couldn't clean it, because the file was in use!
      How ridiculous, that a corporate AV product can't terminate a process owned by a known piece of scumware.
      BTW malware incorporates viruses, trojan horses, worms,... anything malicious. Scumware includes malware, plus others, that may be just a nuisance.
      I agree you've got to use multiple products, but when you've got over 20 000 desktops, the cost of licences adds up and the beancounters are tempted to go cheap.

  18. Changing to MAC? Bill -- 27/07/06

    Well, ya gotta admin, changing to MAC pretty much knocks about 95 percent of virus and spyware right out the Windows.... er

  19. Bitdefender is the best !! Anonymous -- 30/07/06

    Bitdefender's signature + Heuristic HiVE detection, it is the best, and its so light ver10.
    Join www.BitDforum.com

  20. Why popular Anti Virus fails Anonymous -- 02/08/06

    I have to seriously question this, as beta tester for the major players in the AV market, I personally have had little problems with Viruses. More trojans and scipt based have been the bigger issue.

    Most of the infections I see are from click happy users who have no clue that the junk email they have been sent is a ruse or the IM message they get from an unkown person carries infected attachments, or the web site they are visiting is hacked and will drop sniffers on them.

    Education is the key. Social engineering is the simplest way to get people to do something they otherwise would not do. So Education is key in all of it.

    Popular brands being a target, well it is ashame that they are targeted, but it always about making the big guy take the fall isnt it.

    The problem is there are too many people looking to make their mark to get rich, even at the expense of others. Their is no code, no honour and no respect for their fellow human being.

  21. Sweeping Generalizations and Misleading Info Anonymous -- 04/08/06

    Nice job on creating a worthless article. You have however succeeded in promoting your obvious favorite, Kaspersky.

    You've done more to mislead and confuse the average consumer with out of context quotes and market shares that don't mean anything. Real journalists would gather testing results from multiple studies, and speak to the facts as opposed to creating an shock jock style article aimed at getting hits.

  22. Hugely misleading Anonymous -- 04/08/06

    The author is highly misleading by not making it clear that he's talking about threats that surface in the wild BEFORE the AV vendors come up with targeted signatures for these threats. All of the major AV vendors have a very fast turnaround time in getting their software updated. The assertion that malware has an 80% chance of getting through is hogwash.

    1. Not hogwash Nick Hatch -- 16/08/06

      I wouldn't put words in the author's mouth, I don't think he said that because he didn't mean it.

      Popular virus scanners are not effective, even against non zero-day viruses. I work at a public university in the US, I've seen students get infected by AIM viruses that are several weeks old and identified on other virus scanners. Their virus scanner was upto date, just simply not effective.

      Virus scanner companies don't get their samples out of thin air, they don't have a magical ability to have a copy of all the code in the wild.

      Start uploading trojans and viruses you find to sites like virustotal.com to see how poorly most virus scanners really work. I've started doing this when helping people clean their computers, and I've lost all faith in virus scanners altogether.

  23. Don't ditch Windows Barbara Baine -- 04/08/06

    As a user of secure, stable and free operating systems (like the BSDs and most kinds of Linux), I really love the way that gazillions of Windows junkies will bend over for Microsoft at one end and malware bandits at the other, while I can quietly get on with stuff. Keep it up.

    1. Stop drinking the kool-aid Anonymous -- 05/08/06

      I love the Mac users who claim they dont need security. This week Apple patched 26 vulnerabilities. Here is one for Linux announced today. http://www.net-security.org/advisory.php?id=6588. Yes Microsoft's platform has more holes than a collender but you're kidding yourself if you think that Linux and others aren't vulnerable as well.

    2. You're right, but Barbara Baine -- 05/08/06

      ... although it would be nice if the average Mac user learnt a little bit about computing, so that he/she could be more proactive about security, the reason he/she doesn't really have to is that OSX has a BSD security model, which is better by default at blocking/containing threats both remote and local. From the original purpose and history of Unix-derived systems comes a very non-Microsoft attitude to security, which makes for better building and quicker patching. And it's the sheer number of Microsoft users that keep the rest of us so wonderfully unmolested. Hurrah! Apart from the net being swamped with garbage from millions of malware-riddled Windows boxes, we're all happy. I've got a free adblocker on my free browser on my free OS, and a free spamfilter on my free mailserver, so I'm free of all that garbage.

  24. Re: Why popular antivirus apps 'do not work' Anonymous -- 05/08/06

    Talk is cheap. Where's the stats, the documentaion and figures to verify what he's saying? There's nothing to explain his statement. He doesn't even say which AV's he's talking about so without anything to back up his claim I'll dismiss this Blog as simply more "the sky is falling" mass hysteria inducing BS

  25. I give this article an 90% BS factor Swins -- 05/08/06

    Just statements, no hard facts, no testing protocols, just some idiot looking for some press.

  26. 100% agree with the author Frank -- 07/08/06

    Some of new viruses are known viruses which has had been “modify”. There are even open source Trojan’s which basically anybody can download the source code and compile the code to create a new virus. Many Trojan and virus makers just simply copy other people’s code and change it to create a new virus, but clever virus and Trojan maker will write his own code and some of them are very very clever, a good AV should be able to pick “modify” viruses, but most of them don’t and that’s where the problem is with popular AV’s such as Norton and MacAfee.

    The best antivirus products right now is Kaspersky (http://www.kaspersky.com/) & NOD32 (http://www.eset.com) which is sadly used by least number of people.

    Kaspersky Anti-Virus engine is very powerful and its even used in other security vendors, such as Sybari, Netintelligence, GFI Software, F-Secure, Borderware, Frontbridge, Astaro, G-Data, Netasq and others.

    Most people claim that they been running Norton or MacAfee without having any problem and they don’t get any viruses. They just simply scan their pc using Norton or MacAfee and it will tell them that its all clean, but I can assure you from experience that there will be infected files that Norton and MacAfee will miss on your pc. Just download a trail version of Kaspersky or NOD32 and scan your pc and 100% guaranteed that they will find infected files that your current AV had miss.

    Detecting known viruses is not really the problem here with Norton and other AV’s, it's the EASE of bypassing it that is. You can very easily download a known viruses and with some help from google you can “modify” them, and after its been modify, 90% of the time Norton, and MacAfee and other AV’s will not see the file as a virus after its been “modify”. Ok so in all fairness for an experienced individual (Trojan and virus makers) Kaspersky & NOD32 can be bypassed as well but this is an inherent weakness of ALL signature based AV's. Point being that it's a lot more difficult to take an executable and "modify" it to be undetectable to Kaspersky as opposed to Norton (and some other AV's as well).

    Every single Trojan and virus maker use Kaspersky or NOD32 for personal protection, you will not find any of this guys that will use AV’s such as Norton or MacAfee, because they know how easy it’s to bypass them, even people with limited computer or programming knowledge can very easily bypass Norton or MacAfee, but it’s not so easy to bypass Kaspersky or NOD32.

    For some of you that asking for stats, documentation, figures, hard facts, testing protocols. This issue has been documented on number of sites with all the figures and facts, and if you want you can test it yourself see how powerful Norton compare to Kaspersky and NOD32.
    Simply just download a known virus which is detected by all AV’s on the market and then try to “modify” the virus. I am not going to give instructions how to “modify” your virus, there are software’s and methods to do it, just google it and you will find some info on it, after you had “modify” your virus then upload your file to http://www.virustotal.com/en/indexf.html or http://virusscan.jotti.org/ and see for yourself which AV will pick your “modified” executable as a virus, some of you will be surprise by the result. 80% of the time most popular AV’s will just simply miss the “modified” virus, but no matter how you “modify” the virus, AV’s such as Kaspersky and NOD32 have very high rate of catching the “modified” virus.

    The bottom is popular AV’s is not the best product to protect your pc, if you concern about security on you pc you better look into other products beside Norton or MacAfee.
    Kaspersky & NOD32 are excellent AV’s and they both have trial version, download it and try it, you got nothing to lose. They may not come with pretty face like Norton, but you don’t need pretty face software to protect your pc.

    There is no 100% protection against viruses and malware, there will be always new vi

    1. 100% AV solution Anonymous -- 15/08/06

      I do not know guys what are you talking about? There are far more complex testing just to run your installed AV in your computer. I do not like tests that are rely on feelings and misunderstandings of the whole AV solutions and market.

      Before you do any tests bear in mind that there are much more professional organazations that do the same in a proper way. They know what threats are in the wild, which are bigger issues which are not. They know how fast an AV company is capable of reacting a new threat, whenever the solution is correct or not.

      You can say whatever you want but it is true that Symantec for example has a 100% solution in all virus test for much longer than any other AV company has. That measurement is for the viruses spreading in the wild, not for those that you download from a chineese or whatever else site and never seen by anybody else. Those viruses handled by all AV companies in a much lower priority as they did not hit the user so you do not have to bother too much.

      The second thing is that you can download thousands of so called anti-spyware products from thge net, but they ARE the spywares instead of removing them. What they are doing is to act like a proper anti-spyware product, they will surely find something on an uninfected computer, and they will ask some money to remove it...

      Now, go to google an trust on the non-well-known AV solutions...

  27. none rick -- 08/08/06

    This is a useless article to geeks such as myself. IT people trust other AV brands than the lousy McAfee and Symantec products.

  28. my 2 cents worth Lucy -- 15/08/06

    I'm not very computer literate, but just wanted to add my 2 cents worth. I have to agree with everyone regarding McAfee. It is a waste of time and money. I brought it and used it and wondered why my computer was playing up. I was also using AVG. Had a computer literate friend come over and check my computer. Well guess what, not only was McAfee stuffing my computer up, it was also missing alot of spyware, malware etc and trojans. Got rid of McAfee. He got me onto a program called Ewido. It is the best and so easy to use. I use it in conjunction with AVG and Spybot. Ewido cost $39.00 a year, but is worth every cent. It updates automatically sometimes 3 times a day while I'm on the computer and doesnt slow the computer or fight with the other anti-spyware programs. What I'm going to do now though, is to try out Kaspersky as someone suggested. I'm going to run my Ewido first, then run Kaspersky and see if Ewido is as good as I think it is. Will get back and let you know. Locall

  29. Malware Author's Common Sense Anonymous -- 27/08/06

    A malware author will, by common sense, test their new viruses on these AV products. Whats the sense of releasing a virus that will definitely blocked by your AV? I guess the REAL challenge for them is the creation of the solution as soon as possible or as soon the virus was detected in the wild.

    btw, malware authors will definitely test their viruses on top AV products because they are the most popular, hence will affect a larger audience. =)

  30. NEW ANTIVIRUS tan -- 25/10/06

    iF U HAVE PROBLEM WITH NEW VIRUS OR WORM YOU CAN FIND FREE SOFTWARE ANTIVIRUS HERE

  31. Online Casino online casino -- 08/11/06

    <A HREF='http://www.onlinecasino.org.in'>Online Casino</A>, <A HREF='http://www.onlinecasino.org.in/online-casino-games.php'>Online Casino Games</A>,<A HREF='http://www.onlinecasino.org.in/free-play-online-casino-games.php'>Free Online Casino Games</A>,<A HREF='http://www.onlinecasino.org.in/real-vegas-online-casino.php'>Real Vegas Cnline Casino</A>,<A HREF='http://www.onlinecasino.org.in/online-casino reviews.php'>Online Casino Reviews</A>,<A HREF='http://www.onlinecasino.org.in/online-casino-gambling.php'>Online Casino Gambling</A>,<A HREF='http://www.onlinecasino.org.in/online-casino-blackjack.php'>Online Casino Blackjack</A>,<A HREF='http://www.onlinecasino.org.in/online-casino-bonus.php'>Online Casino Bonus</A>,<A HREF='http://www.onlinecasino.org.in/royal-vegas-online-casino.php'>Royal Vegas Cnline Casino</A>,<A HREF='http://www.onlinecasino.org.in/all-slots-online-casino.php'>all slots Online Casino</A>,<A HREF='http://www.onlinecasino.org.in/grand-hotel-online-casino.php'>Grand Hotel Online Casino</A>,<A HREF='http://www.onlinecasino.org.in/golden-palace-online-casino.php'>Golden Palace Online Casino</A>,<A HREF='http://www.onlinecasino.org.in/club-player-online-casino.php'>Club Player Online Casino</A>,<A HREF='http://www.onlinecasino.org.in/las-vegas-online-casino.php'>Las Vegas Online Casino</A>,<A HREF='http://www.onlinecasino.org.in/online-casino-news.php'>Online Casino News</A>,<A HREF='http://www.onlinecasino.org.in/river-belle-online-casino.php'>River Belle Online Casino</A>,<A HREF='http://www.onlinecasino.org.in/carnival-online-casino.php'>Carnival Online Casino</A>,<A HREF='http://www.onlinecasino.org.in/platinum-online-casino.php'>Platinum Online Casino</A>, <A HREF='http://www.onlinecasino.org.in/the-gaming-club-online-casino.php'>The Gaming Club Online Casino</A>,<A HREF='http://www.onlinecasino.org.in/top-online-casino.php'>Top Online Casino</A>,<A HREF='http://www.onlinecasino.org.in/online-casino-free-bonus.php'>Online Casino Free Bonus</A>,

  32. Anti-Virus Software Wilhelm Arcona -- 23/12/06

    Don't much care for any of these high priced "Quality Firms" that just rip you off,all your paying for is the Name!!.
    Far as I'm concerned,Avast AV is the best on the Internet today.That's my story and I'm sticking to it.

    Between Avast--Prevx1---and Zonealarm--I'm comfortable
    Thx much

  33. norton corp. edition. Anonymous -- 21/03/07

    i have used norton RETAIL 2002 and 2003 for YEARS.

    now i buy the "symantec enterprise edition" and i love it better than the retail products.

    all i hear is people saying "norton is trash/mcafee is trash/ect." .

    i have NEVER been infected and i use my computer to scan KNOWN INFECTED hard drives.

    not one bug, ever. (bug = virus / mal-ware)

    and YES, i have scanned my drives with a LOT of other AV programs. the MOST that has been found are "scraps" of viruses.

    scraps = NON-FUNCTIONAL pieces.

    i don't CARE about scraps. so if you consider a scanner that gets a "hit" per file then more power to you.

    all i know is that i have N-E-V-E-R had an ACTIVE virus on my systems. and THAT is what this is all about.

    lab-testing is NOT the same as "real-world" testing.

    and if you don't think so, then tell me how close you are to getting the "rated milage (per gallon/liter) " in your CAR.

  34. Its so simple, why r u going off on tangents? Kas Persky -- 29/06/07

    As someone pointed out about 50 posts previously, if you were writing a virus, surely you'd test it against the 3 most common AVs before you released it. It%u2019s not actually their fault, but like windows, they have become victims of their own success.

    You can say that Macs are more secure than windows, but they're not, they're just less popular and hence exploited less.

    I see some of you hiding behind some trick titles for malware, like spyware and Trojan and the like. You should maybe read the Kaspersky white paper "Spyware, its just old wine in new bottles". Kas seem to believe that an effective AV product should block all of this malware, not just pick and choose what to block.

    And finally, I wonder why some of you are so vocal in your criticism of this article, but then I remember that we're all involved in the industry somewhere. Some of us sell this stuff, some of us have bought into it as users, but at the end of the day we have to support our own views. And of course, the most popular 3 will have weight of numbers on their side by definition.

    Have a nice y'all :-)

    1. Antivirus angel -- 30/06/07

      No es que quiera hacer publicidad pero pienso que con el tiempo todos tendremos que pagar un %u201Ccanon%u201D por un antivirus, o sea la compra y actualizaciones anuales. Es terrible el tiempo que he perdido en limpiar el ordenador, ni siquiera con una restauración del sistema se ha corregido el problema. A golpe de HKEY_LOCAL_MACHINE/Run y RunOnce. Que horror, y ni que decir de los Adware, hay que ser cansinos. Cuantas veces se nos ha pasado por la cabeza que se nos estropea el ordenador y que tenemos que hacer una copia de seguridad cuanto antes. Nadie ni núnca se esta a salvo de una eventual <a href="http://www.lineared.com "> pérdida de datos de discos duros </a> de ahí la importancia de un buen sistema de copias de seguridad. Esta es la mejor forma de <a href="http://www.lineared.com "> recuperar su informacion </a> en un momento de desastre que generalmente coincide con las prisas a la hora de utilizar el sistema. Y si a pesar de todo es necesario una <a href="http://www.lineared.com/es/recuperacion-de-datos.htm "> recuperacion de datos </a> ó <a href="http://www.lineared.com/es/recuperar/disco-duro-preguntas.htm "> recuperar el disco duro </a> porque no teníamos las copias actualizadas, le recomendamos consulte con una empresa especializada como es el caso de www.lineared.com en dónde le podrán <a href="http://www.lineared.com/es/recuperar-datos.htm "> recuperar los datos </a> ó llevar a cabo la <a href="http://www.lineared.com/es/recuperacion-datos/disco-duro-faq.htm "> recuperacion del disco duro </a>. No lo dude, esta es la forma mas eficaz y segura de <a href="http://www.lineared.com/es/recuperar-disco-duro-averiado.htm "> recuperar discos duros </a>.

    2. Spyware Doctor Anonymous -- 03/07/07

      Spyware Doctor - it is a top-rated malware & spyware removal utility that detects, removes and protects your PC from thousands of potential spyware, adware, trojans, keyloggers, spybots and tracking threats.

      downloadsite:
      http://www.qweas.com/download/antivirus/anti_spy_tools/spyware_doctor.htm

    3. Wow are we divided!!.. I have a solution!! Christopher Paul Wong -- 05/09/07

      Of course the major companies are hit first, those hackers want the master key to a 10 million Hondas not a master key for a few Ferraris. As a highly succesful tech of 17 years I quit keeping ahead of hackers by changing unpopular but highly effective software every 6-8 months, I now have a service that does just that for me.... I am too busy with all of my cleints to have to come home and mess with my own PC..
      Those who argue with that fact are just simply not in know or do daily work on real people real time poblems. I use a company called INVISUS a Managed Internet Security Service for my home and office PC's.. I even share it with all of my clients... it's called INTEGRITY people.. yes maybe I miss out on the perpetual revenue of the so called "maintenance" 85% of the population calls in for.. but hey I would be like a doctor who gave you the latest medication until in became uneffective and forced you to come in for another visit and a new drug.. OR a solution.. I will share the site.. just be sure if you are in the San\Diego area you refer me new clients www.areyousafe.info

  35. KasperSky Anonymous -- 13/09/07

    yes, well said My system was infected with virus and Iwas trying to install McAfee VSE8.5I on that system but it was Rolling back at the time when services starts so then i used kaspersky it was installed and it also cleaned the system from virus spyware malware. KasperSky is gift with Bless to IT security Zone

    1. Spyware and Anti-Virus Programs Lincoln Bellows -- 28/09/07

      I�ve got some major issues with spyware on my computers right now and I�m not sure what program to use to rectify the problems. I�d prefer to use <a href=http://www.free-antivirus.eeye.com>free Antivirus Software</a> first. I really don�t want to pay for something that doesn�t work well so can anyone out there recommend anything? I don�t know where these things are coming from but I need them gone.

      When I have problems like this I start to worry about <a href=http://en.wikipedia.org/wiki/Data_theft>data file</a> theft and being spied on. It�s for this reason I need advice on what type of software is best. I�d also like to know what type of real time protection the applications offers. I like having auto protect features enabled so that my risks are even further minimalized.

  36. Must read about popular AV Anonymous -- 31/12/07

    I used to run Norton on my computer. When my subscription expired at the same exactly mid night . I received an flash warning that my computer is at risk. I click ed follow the link, I got to NORTON (Symentic) web sit. HAH. bare with me a sec. It offer me to check for free scan. Yes, I had a virus and ask me to renew my subscription . I immediately downloaded another AV. Sure enough I had the same virus which I removed. The main question remains how Norton detected a virus within few minutes of its expiry date and offered me to scan and renew . Well here is my theory if you did not get it. Most viruses and male ware is produced by these companies specially targeted by rival companies. Imagine if there is no viruses or male ware exist. How they suppose to make money??? They are the creation of their own, Just to annoy us and create fear . this is an effective tools to make money

  37. antivirus apps 'do not work' boon -- 15/04/08

    Yes. Most of the time Anti-Virus application do not detect any new malware threats now a days. The best we can do is remove it manually or call for expert help. The worst thing is even if you have valid Anti-Virus subscription, your anti-Virus company will charge you for removing the Virus. The only option left is free virus removal tools or free virus removal support. such as Spybot, Superantispyware, http://www.freetosupport.com

  38. Why AVs Don't Work Pat Curtis -- 29/05/08

    Kaspersky seems the best by actual result. Interface is a little annoying, but you can turn off the (literal) bells and whistles (sounds).

    NOD32 works well on my laptop.

    I am an "old" guy (go way back to the DOS days (before Windoze). Seen everything, I think.

    Overall, this article is right. I won't comment on why. May be true that, as some have mentioned, virus writers test against them. Maybe not.

    Symantec sucked before Peter Norton sold his stuff.

    If I am buying and anti-virus, it's going to be Kaspersky.

    Hope this helps.

Add your opinion


Munir Kotadia

Munir Kotadia

Producer

[+] Read bio