Antivirus
Bart Silverstrim
bsilver at chrononomicon.com
Tue Jun 17 12:56:19 UTC 2008
Jonathan Dlouhy wrote:
> Good point. Thanks for mentioning it. Slightly off the topic, I have never
> ceased to be amazed at the attitude some Windows users seem to have. I think
> it's due to ignorance, mostly. Most don't know that Avast or AVG are good
> anti-virus programs and Norton and Mcafee are not. I have had countless friends
> call me in desperation upon having one of those programs let a virus through.
> Sometime it's next to impossible to fix the problem.
Because AV isn't a silver bullet. It's reactive, not proactive; there's
always a window of time open when a virus is created/modified/altered,
released, discovered, reverse engineered, a signature is created, then
released by the vendor, then your update time has to come up to get the
signature, and hopefully you weren't infected by then.
And since AV's don't normally get along with each other, you can't run
multiple engines to overlap protection.
And of course there's overhead in your AV's running, since they look at
all execution of files, along with the scheduled checks.
And you are at the whims of what the AV vendor defines as a threat. This
was rehashed on Clam's mailing list, since ClamAV isn't really an AV
anymore as much as it is a malware scanner targeted for mail servers;
the team was including signatures for spoofing and phishing sites in the
signatures to scan for. To be fair every AV vendor pulls this now, as
all sorts of cookies and javascript crap pops up as a "virus" or threat.
This is all assuming that the AV will work properly. I've had a number
of times where either the AV product implodes (Vexira liked to get stuck
with some updates not working properly, or we find a system that needs
to have the site license key updated and until then it annoys the user
with a stuck command prompt going haywire until we reinstall) or
interferes with other products (McAfee screwing up email). The only one
I haven't had a headache with of some sort has been AVG. But that
doesn't solve the other problems mentioned.
But hey, it's status quo using a broken system model and these companies
profit from it, and it's another requirement when you're dealing with
the alternative of making users care enough to learn how to use a broken
system properly. Otherwise you have to wait until a system comes along
properly built to protect users from themselves.
More information about the ubuntu-users
mailing list