|
hooah posted:I've taken the advice of removing Avast and just going with Windows Defender, but now what can I use to scan a file/folder on demand? From time to time I need to do one-off things that seem to require dubious software (join/create PDFs, etc.), and I like being able to tell something to check out a given installer. When it's dodgy things like this, I'll use Virustotal.
|
# ? May 27, 2015 11:08 |
|
|
# ? May 21, 2024 20:00 |
|
CaptainSarcastic posted:You could use Malwarebytes for that purpose. Ok, I missed that you can do a custom scan. ryanbruce posted:When it's dodgy things like this, I'll use Virustotal. Good to know about. I also discovered that Windows Defender will let you select a specific folder to scan.
|
# ? May 27, 2015 12:42 |
|
hooah posted:I've taken the advice of removing Avast and just going with Windows Defender, but now what can I use to scan a file/folder on demand? From time to time I need to do one-off things that seem to require dubious software (join/create PDFs, etc.), and I like being able to tell something to check out a given installer. At the continued risk of sounding like I am on a vendetta against MSE, it remains the literal worst AV by a significant margin and there's no sane reason to recommend it any longer. Bitdefender free fills the niche of low system impact, never annoys you AV, much better. Seriously. Like 1/3 of all "how do I remove [malware X]" threads on bleeping computer start with "I have MSE.." it's utterly useless. Using an AV that lets through 20-30 times more samples than the industry average is setting yourself up for problems.
|
# ? May 27, 2015 14:33 |
|
The industry you're talking about is incompetent beyond belief. Don't trust any AV.
|
# ? May 27, 2015 14:42 |
|
I've been using NOD32 for about 10 years and so far as I know I've never had a virus with it, and I do manual scans with other anti-malware solutions about once a week. It''s managed to catch a bunch of dodgy things over the years, especially when just browsing the web. Friends of mine who used MSE/Windows Defender have almost all had problems with viruses, and most of the time I just wipe their Windows installs and start from scratch. When I suggest they try and buy NOD32, I don't think I've had anyone come back to me with virus issues since. I know it's anecdotal, but I suppose you go with what works for you - MSE has not worked adequately for the majority of people I know that have used it.
|
# ? May 27, 2015 14:50 |
|
Khablam posted:At the continued risk of sounding like I am on a vendetta against MSE, it remains the literal worst AV by a significant margin and there's no sane reason to recommend it any longer. Ok, I'm trying out Bitdefender, but it keeps popping up its window for no apparent reason. Why. Edit: ok, yeah, gently caress this thing. I was playing a game and it popped up its stupid window, crashing the game, and the system tray was unresponsive, so I rebooted. Bitdefender crashed when it tried to run after booting. What a piece of poo poo. hooah fucked around with this message at 21:16 on May 27, 2015 |
# ? May 27, 2015 16:01 |
|
I've literally never had that experience with Bitdefender Free; the program has been quiet as a clam on every system I've ever installed it on; barebones PC, gaming rig, grandmas ancient tech, etc.
Mo_Steel fucked around with this message at 05:34 on May 28, 2015 |
# ? May 28, 2015 05:29 |
|
I know the thread is getting into a bit of a derail against MSE, but I felt compelled to add my anecdotal report on it, too. I've run Avast on my personal machines for many years, and aside from one false report from several years ago I have never had an issue with it. In the last year or so I got an SSD to add to my main desktop to run Windows from (I already had Linux on an SSD, and had been running Windows from the HDD). I did a fresh install of Windows 7 x64 Home Premium onto the SSD, and to keep it running as lean as possible went ahead and ran MSE on it. While I never got a virus (I'm careful, and also don't actually run Windows very often) it did start to seem that MSE was fighting with Windows Update. I frequently had to repair Windows Update, and it often behaved badly when it worked at all. My impression is that the MSE updater was conflicting with Windows Update, so the two Microsoft services were duking it out. Went ahead and installed Avast and removed MSE and everything went back to normal behavior. I swear I started seeing similar quirks on the Windows 8.1 tablet I got this year, and went ahead and put Avast on it, too - no problems since. Reading up on the terrible detection rate of MSE also made me want to go back to Avast, in addition to the fact that my phones and other Windows installs run it, too.
|
# ? May 28, 2015 06:43 |
|
I think that it is adorable that all of you grade anti-virus software as if somehow you're going to get better detection rates on product X versus product Y.
|
# ? May 28, 2015 22:10 |
|
OSI bean dip posted:I think that it is adorable that all of you grade anti-virus software as if somehow you're going to get better detection rates on product X versus product Y. You seem to be lost - this isn't YOSPOS.
|
# ? May 28, 2015 22:23 |
|
CaptainSarcastic posted:You seem to be lost - this isn't YOSPOS. No. I just have no problem telling you guys that you all have unrealistic expectations for your anti-virus products you suggest is better over others.
|
# ? May 29, 2015 00:37 |
|
OSI bean dip posted:I think that it is adorable that all of you grade anti-virus software as if somehow you're going to get better detection rates on product X versus product Y. Trying too hard to be too-kool-for-school there. I mean if you see anyone claiming any/all AVs to be an infallible Aegis to your data then by all means quote that person, because it's a silly position to take. The general thread consensus is something like: Backup >>>>>>>>>>>>>>>>>>>>> anything else which is really the only sane way of dealing with the problem. Within that scope there's plenty of room to look at empirical data and choose what works for you.
|
# ? May 29, 2015 01:42 |
|
Khablam posted:Trying too hard to be too-kool-for-school there.
|
# ? May 29, 2015 07:31 |
|
Khablam posted:Trying too hard to be too-kool-for-school there. I didn't need to go far back to find that you were making AV engine recommendations: Khablam posted:At the continued risk of sounding like I am on a vendetta against MSE, it remains the literal worst AV by a significant margin and there's no sane reason to recommend it any longer. So here's the problem with what you're saying: you think that Microsoft's AV solution is horrible because it has the worst track record with its definitions and that an alternative is far better because it has a lower system impact, never "annoys" you, and is "much better". These are statements that I expect from Gartner or some other service that AV (and other) vendors get stated for them after paying a large sum of money. What does this tell me about your ability to give advice? Well it tells me that you have no clue about how AV engines work and how detections are even created. The notion that Bitdefender, MSE, Avast, Sophos, McAfee, or whatever have a "lower system impact" is idiotic to suggest because all of them at their core do the same thing. What do they do? Well, let's break it down:
This is really the basic gist of it and I am not including other things like dataloss protection and application whitelisting/blacklisting/control (whatever) which is really meant for the corporate spheres of these AV products. However, these four features are typical to the vast majority of AV product suites and that does mean that your suggestion that one AV engine has "minimal impact" over the other is asinine when in reality it is a matter of your overall system specifications, what other processes you have running at the same time, and how you've configured your AV product. Here's how an AV engine does its job regardless of what platform or company comes from when it scans a file based on the settings requested by the user (read/rename/write):
That's the really basic, basic example based on an order of what consumes less resources (this is not bible here either). I am not including things like sandboxing, analysis of instructions to see if there are junk commands being issued or calls to the OS' printer API when it is not even going to ever print, and so forth but again it gives you an idea. A signature is built based on this logic and no AV vendor does it differently--even the ones that claim that they're using wizard math or whatever crap. So why is this important to know? Well that is the problem with AV: every vendor has to create signatures based on the same logic. Microsoft, Symantec, Trend, and everyone else does it the very same way and all it really boils down to is this: manpower and some smart automation is required to come up with these definitions. This is part of the problem of why you see Cryptolocker and its variants being so prevalent right now: it's very, very easy to pump out 2,000 different, unique copies of the same malware and thus it requires the AV vendors to be able to come up with a way to fingerprint them all. The reason why I am giving you poo poo and others for suggesting AV X is better over AV Y is because the lot of you do not understand how AV works, why it's broken, and why suggesting switching to another vendor is really comical. The only AV vendors that you're going to have better success with are the ones with larger teams, better automation of sample analysis, and those with a larger customer base. AV vendors get their samples typically from honeypots and from their own customers--and they do happen to share the samples amongst themselves although it's significantly delayed and for the aforementioned reasons usually fruitless because those samples have outlived their usefulness. Most of you can avoid having to deal with malware and AV's "annoyances" if you go by this logic:
There's more to the list above but really if all of you follow the above you will almost always never get malware. So why am I complaining? Because in this thread I see constant bad advice from you and many others. While now I do security for a multi-billion dollar company, in the past I used to work in the AV industry and saw attitudes like yours as the reason why the vendors continue to flourish when in reality they have a product that is at a dead-end. The sheer notion that any of you would go and think that AV tests are useful and that Avast or Bitdefender is the best right now is laughable when you consider that just a few years ago everyone was raving about MSE. I can promise you that in the future we're still going to go on about AV vendor X being the best and will consider Avast or Bitdefender as "not much better". I've seen corporate clients switch AV vendors because it didn't catch a sample; and it's idiotic because all they're doing is just reshuffling their deck of cards--at some point the joker will come up and they'll have the same problem all over again. Every single AV vendor does the same poo poo at its core. Lain Iwakura fucked around with this message at 19:23 on May 29, 2015 |
# ? May 29, 2015 16:20 |
|
Blah blah blah blah. You lost all credibility the moment you started talking poo poo about my My Little Pony collection. NOBODY talks poo poo about my My Little Pony collection. ryanbruce fucked around with this message at 17:44 on May 29, 2015 |
# ? May 29, 2015 17:38 |
|
ryanbruce posted:Blah blah blah blah.
|
# ? May 29, 2015 17:42 |
|
Wiggly Wayne DDS posted:What is your background in security? I mean besides ignoring reality. I'm also being facetious. (Though I really did work at GS)
|
# ? May 29, 2015 17:46 |
|
OSI bean dip posted:Every single AV vendor does the same poo poo at its core. Most of this went over my tiny head. Are you saying that AVs are useless, or that they all perform identically?
|
# ? May 29, 2015 19:09 |
|
PerniciousKnid posted:Most of this went over my tiny head. Are you saying that AVs are useless, or that they all perform identically? Both. AV doesn't scale and every vendor does effectively the same thing.
|
# ? May 29, 2015 19:11 |
|
OSI bean dip posted:-wall of projected anger- I mean I get where you're coming from, but it's pointless to preach rigorous updates and to Noscript/disable flash because for 95/100 people you tell that to (or ITT it's often advice for a relative or other computer novice), they'll just turn it back on and/or rapidly acquire an "allow all" reflex in actual use. Outside of corporate environments (but then not always) where you can poo poo on people for not following procedures, telling people they need to do anything will be largely ignored. Expecting people with no interest in computers other than to use them to make informed (good) decisions, is just baiting trouble. If you accept there's a use-case for an antivirus at all in what you're suggesting, considering who you are suggesting it to, then quote:Within that scope there's plenty of room to look at empirical data and choose what works for you Note: as gets linked in here very often the test labs typically run performance tests on the AVs, as well as look at how good they are at detecting samples with no specific definitions, how quickly they turn around new definitions and, well, basically everything you said. You seem to be arguing against someone saying "this AV is the best oh wow no virus ever get this" which just isn't being said anywhere. As in literally all of this: quote:Ensuring that you're not ignoring your OS or browser's suggestion that there is an update. If you see that Chrome has gone orange or red on the top-right button, restart the browser and ignore the fact that you have 2,200 tabs open. Is already in the thread and has been re-stated by many people including myself. Why do you think you are coming in and schooling us? You missed the most useful one anyway, which is to not use a local admin account for day-to-day use. But is, again, pointless advice most times. quote:The sheer notion that any of you would go and think that AV tests are useful and that Avast or Bitdefender is the best right now is laughable when you consider that just a few years ago everyone was raving about MSE Actually, with the exception of MSE the better vendors at absolute detection rates, and detection rates of unknown samples, hasn't really changed in 5+ years. The problem I specifically address whenever it comes up is MSE, because it's bucked the trend and changed it's focus to be a basic level of AV.
|
# ? May 30, 2015 00:28 |
|
Khablam posted:Actually, with the exception of MSE the better vendors at absolute detection rates, and detection rates of unknown samples, hasn't really changed in 5+ years. The problem I specifically address whenever it comes up is MSE, because it's bucked the trend and changed it's focus to be a basic level of AV. Please cite where you've come up with this conclusion. quote:You seem to be arguing against someone saying "this AV is the best oh wow no virus ever get this" which just isn't being said anywhere. I am not. I am pointing out that you seem to have no clue about what the difference is between all of these AV vendors. Here are some quotes you've made in this very thread: Khablam posted:ESET/NOD32 is good, so is Kaspersky. Avast is great for a free A/V. Khablam posted:Avast! or AVG offer significantly better protection. Avast! has better protection in it's free incarnation than AVG does. Khablam posted:NOD32/ESET detects all variants of Cryptolocker just fine, and in fact even if you disable the real-time scanner on ESET, when the definitions update it will perform a small scan of the memory, which will kill the active processes. I know this because it was all-but impossible to get cryptolocker to complete on my test machine with ESET installed, no matter how I set it to ignore it. Khablam posted:The better paid options, like Kaspersky and ESET will hardly pop up at all, even with a threat found. Khablam posted:That said, Avast!>AVG>>>>Bitdefender free>Avira. Khablam posted:I've never known Avast! to not work, and it's definitely the most robust of the free options. Why do you think it doesn't work? Have you tried it against the EICAR test files? Khablam posted:Avast! is the best free AV, and it's a bit quieter after the first couple of days. You can leave it in game mode if you want to disable all popups (you'd need to also setup common-sense automatic actions in that case). So how did you come to be a resident expert on which AV engine works best? Can you cite sources to why you choose to promote these products and then elaborate on why you think they're correct?
|
# ? May 30, 2015 01:46 |
|
The suggestions for protecting your system against viruses and malware that you posted above are helpful. I can probably save everyone time and effort by just pointing out the obvious: most of the things he (and I) have referenced in the past with respect to AV detection are based on AV-Comparatives, which is linked in the first post; ease of use probably more based on personal experiences with the interfaces of various AV clients for home users. It's clear you find some value in AV given that you recommended checking suspicious files with VirusTotal and made the comparison that "the ones with larger teams, better automation of sample analysis, and those with a larger customer base" could result in "better success", but it's also clear you believe there's not a significant difference between various AVs and that by and large they are ineffective at protecting systems from infection and that switching between them is mostly rearranging deck chairs on the Titanic. You seem to have a fair bit more experience dealing with AV programs than most of us do (seeing as most of what the people in this thread have for experience is "this is what is installed at our workplace / what we use at home / what other sites recommend based on test 'X'"). There, now we can focus on revamping the suggestions in the OP in light of your expertise and the information you've shared. A greater focus on good computer habits (backups, smart browsing, for the love of god don't open unexpected attachments, etc.) and a note in the AV section that they're all pretty similarly in line so use whatever you like but none of them are a substitute for said good habits would go a long way in helping people protect their information and save them time and effort. Mo_Steel fucked around with this message at 04:17 on May 30, 2015 |
# ? May 30, 2015 04:12 |
|
Mo_Steel posted:The suggestions for protecting your system against viruses and malware that you posted above are helpful. I can probably save everyone time and effort by just pointing out the obvious: most of the things he (and I) have referenced in the past with respect to AV detection are based on AV-Comparatives, which is linked in the first post; ease of use probably more based on personal experiences with the interfaces of various AV clients for home users. It's clear you find some value in AV given that you recommended checking suspicious files with VirusTotal and made the comparison that "the ones with larger teams, better automation of sample analysis, and those with a larger customer base" could result in "better success", but it's also clear you believe there's not a significant difference between various AVs and that by and large they are ineffective at protecting systems from infection and that switching between them is mostly rearranging deck chairs on the Titanic. You seem to have a fair bit more experience dealing with AV programs than most of us do (seeing as most of what the people in this thread have for experience is "this is what is installed at our workplace / what we use at home / what other sites recommend based on test 'X'"). Actually, I'd be glad to help out if I can start a new thread with a lack of bad advice. People are going to read this thread and get the wrong impression about how to do things correctly. This thread should be put out its misery while we're at it.
|
# ? May 30, 2015 06:26 |
|
OSI bean dip posted:Please cite where you've come up with this conclusion. Within that scope, again, there's absolutely no reason to not pick a better safety net than a poor one. I'm not suggesting to change your AV when one gains 99.4% and pips the previous best at 99.3%, but when you're starting from a clean slate there's no compelling reason to say "yeah lets just go with the one that has consistently scored 70% for some reason". As for the 5 year thing: April 2015: Nov 2010: Both are their real-world tests which assume users can't make smart decisions. There's not a lot of changes between the top few, and the bottom few. Most testing labs address your concerns with regards to how quickly a particular company can push out definitions, by testing the engines against new samples, using old definitions. This supports what I say in this thread, that there's a wide margin of improvement between MSE and 'better' engines, particularly Bitdefender, Kaspersky and ESET which you quote me mentioning. 5 year view: With the exception of MSE (and a lot of improvement across the board), the better engines from 5 years ago tend to be the better engines of 2015. OSI bean dip posted:Actually, I'd be glad to help out if I can start a new thread with a lack of bad advice. People are going to read this thread and get the wrong impression about how to do things correctly. This thread should be put out its misery while we're at it. Well here again we're in agreement, because the only reason I recommend AV in this thread at all is because the OP recommends MSE and it's just woefully poor at the task. (fake edit: seems to have now been removed in favour of an AV-comparatives link) I mean what is your argument, that there's no use case for any AV? Do you really think that's typical or could be expected of requests ITT where people are asking because they largely don't have a clue?
|
# ? May 30, 2015 16:50 |
|
Khablam posted:You chose to pick up specific recommendations but not the sources I posted in several places, so I assume you're just trying to get me to walk into posting test results so you can go "lol like they mean anything" and when you compare the effectiveness of any AV to simply having good knowledge of best-practice, I'd almost agree, except experience tells me you won't get people to make good choices and for the majority of users an AV is a useful safety net. quote:Within that scope, again, there's absolutely no reason to not pick a better safety net than a poor one. I'm not suggesting to change your AV when one gains 99.4% and pips the previous best at 99.3%, but when you're starting from a clean slate there's no compelling reason to say "yeah lets just go with the one that has consistently scored 70% for some reason". quote:As for the 5 year thing: quote:Well here again we're in agreement, because the only reason I recommend AV in this thread at all is because the OP recommends MSE and it's just woefully poor at the task.
|
# ? May 30, 2015 18:39 |
|
I prefer fake world tests IMHO
|
# ? May 30, 2015 18:56 |
|
Wiggly Wayne DDS posted:You said you wouldn't "walk into posting test results", yet you're citing percentages like they mean a drat in this day and age. Then you post this tripe: Do you have any particular reason to see any / all of the independent test labs as problematic, and why? Or are you just scoffing whilst just asking questions to seem like you're actually making a valid point? The testing methodology (at least for AV comparatives) is detailed on their site, which answers your questions if you're actually curious- http://www.av-comparatives.org/wp-content/uploads/testing-methodology.pdf quote:If the OP recommended different methods of jumping off a bridge what would your recommendation be? I'd choose the bungee with a 99% tested pass rate instead of the one with a 75% tested pass rate if there were some scenario where jumping off the bridge was essential. I mean we're multiple posts into this now and you're both still approaching this as though I'm stating computer security begins and ends at choosing an AV. I'm not. There still remains no compelling reason to not review your options and choose the most effective. quote:What is this good knowledge? What is best-practice? Where does this experience stem from? OSI bean dip posted:Ensuring that you're not ignoring your OS or browser's suggestion that there is an update. If you see that Chrome has gone orange or red on the top-right button, restart the browser and ignore the fact that you have 2,200 tabs open. All of which has already been stated in the thread already as well as using a non-admin account.
|
# ? May 30, 2015 21:36 |
|
Khablam posted:At the continued risk of sounding like I am on a vendetta against MSE, it remains the literal worst AV by a significant margin and there's no sane reason to recommend it any longer. Are you saying it's even worse than Norton / McAfee, or do those no longer even count as AV?
|
# ? May 31, 2015 00:27 |
|
I'm a little lost, this last page has had a lot of information but very little in the way of practical advice. Let's see if I've got this right, my options are: 1) Install every antivirus simultaneously. 2) Install a single antivirus program. 3) Antivirus software is bad, No AV, No Internet, No Fun. Options 1 and 3 are somewhat impractical. If I'm going with option 2, what metrics would be useful for selecting an AV product and which products should be avoided at all cost. If the comparison testing is useless bullshit and every option is equally bad, should I just cycle through different AV programs on a daily basis? Maybe I should let fate decide, turn off adblock, and go with the first popup ad to FREE VIRUS SCAN CLICK HERE ? In my completely unprofessional, unqualified, unsourced and unproveable opinion most people don't care what AV program they use, but some of them do want it to work most of the time. Telling people to just install Rand(Non-lovely AV) is faster and probably safer on average than telling people to research the subject and make their own choice. I used I also installed
|
# ? May 31, 2015 06:24 |
|
Khablam posted:I'm referencing the previous post about how better to avoid viruses at all: Khablam posted:I'd almost agree, except experience tells me Khablam posted:Do you have any particular reason to see any / all of the independent test labs as problematic, and why? Or are you just scoffing whilst just asking questions to seem like you're actually making a valid point?
|
# ? May 31, 2015 08:29 |
|
Wiggly Wayne DDS posted:I'm referencing this line: Worked in a computer repair place from 1999-2004 where 80% of my job was software support (read: 'help my computer has a virus!). Worked for a system support company from 2005-2010 dealing mainly with schools, colleges and small businesses. In that time, I've never seen anything as effective as locking down systems with strict group policies and removing flash+java from all machines, for about the 10th time I absolutely agree with your basic notion that AV alone is false security. However getting home users anywhere near this level of discipline is almost impossible and any attempts to enforce anything like it, usually backfire (see: Windows UAC) where people get so used to spamming accept/yes that they never actually evaluate whether they should. This is even more problematic in threads like this, where a large number of requests are proxy-requests for people asking what they should install on mom'n'pop's laptop. In those scenarios, the only sane thing you can do is pick a decent AV, set automated backups and check in every once in a while. quote:If you're unwilling to say you're ignorant on these matters it's fine, just don't act like linking a methodology is a basis for comprehension quote:How do you think a testing lab operates? What criteria merits a sample to be included in the testing set? - Traps / Honey pots they run themselves. Partly involves getting email addresses on spam databases and collecting the results - Sourced from known malware sites - Trawling online malware depositories - Partner companies (i.e. computer repair businesses) - Online scanners (they get samples from Virustotal for instance) - Samples from vendors quote:Do the AV companies get detailed results of this test? quote:Do they get this information for free? quote:Do companies focus on improving their scores? quote:How does this impact development, given that there isn't infinite man-hours? This is all doubly-true when you look at retrospective results, where out-of-date engines and definitions are used against malware created after the cutoff. I guess if you have any evidence of AV companies stacking results by writing malware, sticking the definitions into their product, then releasing it just ahead of retrospective results then now is the time to play your ace card. Khablam fucked around with this message at 12:35 on May 31, 2015 |
# ? May 31, 2015 12:32 |
|
Avulsion posted:Let's see if I've got this right, my options are: Nobody would say that. Avulsion posted:I used
|
# ? Jun 1, 2015 00:46 |
|
http://forums.somethingawful.com/showthread.php?threadid=3723583 Consider this thread deprecated.
|
# ? Jun 2, 2015 07:13 |
|
|
# ? May 21, 2024 20:00 |
|
This thread has had an excellent run for nearly four years, thank you ryanbruce and everyone else who has contributed!
|
# ? Jun 2, 2015 15:08 |