Security

[Getback]

I'm no expert on this subject. However I'd like to share what little I know.

I recently purchased a new computer and I still don't know what was wrong with the other one but it did at one time have a nasty virus. Then the new computer felt like it was under attack. At that point I activated the Anti-virus program which included a firewall. After running the software it found nothing. Yet I did some research. After reading several articles I learned you should have two AV programs, one for viruses and one for malware. I used to do this regularly but had gotten away from it for some unknown reason.

So I ran the malware software on the new computer and it found nothing. Then I ran it on my everyday computer and there were 51 unwanted programs on it. I thought wow! Something tells me that my old gaming computer, the one I just replaced, will be full of these. As soon as I get it set up in my spare bedroom we'll see.

I really don't like running anything on my gaming computer but it has become a necessary evil. I would advise everyone to do the same.

[Vulcan]

Yet I did some research. After reading several articles I learned you should have two AV programs, one for viruses and one for malware.

That is not entirely true. Viruses are malware. So an AV program should detect malware.

Some people like to run an AV program and then occasionally use something like malwarebytes to do occasional scans. The reasoning for this is that no single AV program ever is 100% effective, and malwarebytes free version is not "active" (you cannot have AV programs active on a PC or brown stuff meets a fan). So malwarebytes acts as second "passive" AV program you can do weekly or monthly scans with.

[mikev]

That is not entirely true. Viruses are malware. So an AV program should detect malware.

Some people like to run an AV program and then occasionally use something like malwarebytes to do occasional scans. The reasoning for this is that no single AV program ever is 100% effective, and malwarebytes free version is not "active" (you cannot have AV programs active on a PC or brown stuff meets a fan). So malwarebytes acts as second "passive" AV program you can do weekly or monthly scans with.

that is spot on Vulcan.  these days it does require more then 1 security option. it is amazing how easy it is to catch a virus or even small bugs (as i call them) . some websites load adware just by going to them .

[Bizman]

That is not entirely true. Viruses are malware. So an AV program should detect malware.

Umm... To confuse people even more by being exact to the point: All malware aren't viruses, so an AV program can't be expected to detect all malware.

Malware means every type of malicious software, including viruses. Some of the subtypes are questionable like adware. I know a university professor who thinks that the book suggestions on Amazon based on his shopping history are a real time saver and good customer service. For me it's spying. Several years ago some adware companies threatened to sue Symantec if they continued to hinder their legitimate business by cleaning adware.

I like the term PUP, Potentially Unwanted Program, because it allows the cleaning of anything without stepping on someone's toes.

[BaldEagl]

Be careful because multiple AV programs can create compatibility issues and render both programs useless.

That said Malwarebytes does seem to generally coexist well with many AV programs.  I'm running it on my smart phone with Avast.

[Bizman]

Be careful because multiple AV programs can create compatibility issues and render both programs useless.

That said Malwarebytes does seem to generally coexist well with many AV programs.  I'm running it on my smart phone with Avast.

A great piece of wisdom there ^ 

Building multi-layered security involves using programs that add instead of multiply. Two active antivirus programs will fight each other, using all of the computer resources. One AV and one anti-malware will fill each other's gaps. Add to that a general hardware firewall (often in your modem) assisted by a more refined software version in your computer - remember, the restriction always wins in case of different settings! For maximized safety do regular backups of your entire system, preferably keeping them in a safe place outside your house.

Last but not least: The biggest risk for all computing safety sits between the keyboard and the back rest.

[Getback]

That is not entirely true. Viruses are malware. So an AV program should detect malware.

Some people like to run an AV program and then occasionally use something like malwarebytes to do occasional scans. The reasoning for this is that no single AV program ever is 100% effective, and malwarebytes free version is not "active" (you cannot have AV programs active on a PC or brown stuff meets a fan). So malwarebytes acts as second "passive" AV program you can do weekly or monthly scans with.

With what little I know I disagree. The reasoning is simple, my malware found issues that my AV didn't.

[Vulcan]

With what little I know I disagree. The reasoning is simple, my malware found issues that my AV didn't.

I'm not sure how that disagrees with what I said. And I work in IT security for a living.

[Vulcan]

Umm... To confuse people even more by being exact to the point: All malware aren't viruses, so an AV program can't be expected to detect all malware.

No. That has not been the case for about 8-10 years now. Current AV software is expected to catch malware. If it doesn't then it would be considered rubbish.

The issue as with all things is that nothing is 100% perfect. Malware makers are making huge profits from their activities, so are investing much more in the threats they develop. We are effectively in an IT war at the moment. We see a minimum of 20000 new malware/viruses per day, and sometimes it gets up to 80000.

I regularly/commonly see new threats coming through where signatures are lagging 2-5 days behind. Some of them are absolutely scary (I had a customer get attacked with malformed PNG's that trigger java exploits).

The next big thing in security is ATD (Advanced Threat Detection), also called (incorrectly) APT, and (confusingly) Sandbox. The problem is it is not like the 'sandbox' AV client most people are familiar with - and requires significant resources to run (ie business grade only).

[Bizman]

No. That has not been the case for about 8-10 years now. Current AV software is expected to catch malware. If it doesn't then it would be considered rubbish.

I stand corrected, my examples may be outdated.

However, many Anti-Virus and Anti-Malware programs have an option to search for Potentially Unwanted and Potentially Dangerous programs. In my book they rate as malware, but since their detection and removal has been set optional the judgement is up to the user. I'm not trying to say some viruses were "nicer" than others, but especially the new ones can have a very small footprint. For what I've learned about current viruses and adware, the latter can really cripple a computer. But since slowing down can be considered as a choice rather than nuisance, AV programs may not clean them. At least not by default. This information I know is up to date. This is one thing why I feel it to be important to clarify the terminology. The other thing is rogue Anti-xxx programs that try to scare people by tagging every cookie and temporary file as harmful.

[Skuzzy]

The alternative is to shutdown/block the attack vectors.  No matter how many are created daily, there are a limited number of attack vectors they all use.

Of course, you have to be able to give up all the "sparklies" (no java, no javascript, no activex, no flash, no file associations....) to do that.  It is always a tradeoff.

[715]

I try to run without javascript enabled, but the problem with that is the vast majority of web pages end up being unusable or, in may cases, totally blank, with javascript off.  So I enable it on a per site basis, but that is actually pretty useless as a security measure because even well known sites have been hacked to deliver malware.  The only true solution is to pretty much give up on the internet and go read a book.

[Skuzzy]

Oh, I also forgot to mention I have a hardened firewall.  I tend to forget about that.  It catches any bad guys before they can get to any of my computers.

There is one filter which catches any binary data in the WEB port(s) data stream which is not supposed to be there.  It lets me know about it so I can enable or disable that data coming through.  Another filter checks the image data to ensure it is not carrying a bad guy.

35+ years on the net and nothing has nailed me yet.

[Vulcan]

I stand corrected, my examples may be outdated.

However, many Anti-Virus and Anti-Malware programs have an option to search for Potentially Unwanted and Potentially Dangerous programs.

That's a good point. Yet another bit of security trivia . Many years ago there was a company called Gator, they made adware. If you went and downloaded shareware from places like download.com it often had gator bundled in. Buried in the EULA was the acceptance you'd get gator installed. Gator injected ads into browsers.

Some AV companies then added gator to their detections, and by default it was classified as a 'virus'. Gator then sued said AV companies and won. So now we have the malware category and potentially unwanted programs. So the AV companies don't get sued.

[Vulcan]

The alternative is to shutdown/block the attack vectors.  No matter how many are created daily, there are a limited number of attack vectors they all use.

Of course, you have to be able to give up all the "sparklies" (no java, no javascript, no activex, no flash, no file associations....) to do that.  It is always a tradeoff.

The most common vector is email.

And you don't have to give up all the sparklies if you have a good firewall scanning all that traffic