Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
×
Security Software Worms IT Technology

Test of 16 Anti-Virus Products Says None Rates "Very Good" 344

An anonymous reader writes "AV-Comparative recently released the results of a malware removal test in which they evaluated 16 anti-virus software solutions. The test focused only on the malware removal/cleaning capabilities, therefore all the samples used were ones that the tested anti-virus products were able to detect. The main question was if the products were able to successfully remove malware from an already infected/compromised system. None of the products performed at a level of 'very good' in malware removal or removal of leftovers, based on those 10 samples."
This discussion has been archived. No new comments can be posted.

Test of 16 Anti-Virus Products Says None Rates "Very Good"

Comments Filter:
  • by Anonymous Coward on Saturday November 07, 2009 @10:22PM (#30018858)

    BuY H3rB@l V1agaRa t0Day!!!

  • Security... (Score:5, Insightful)

    by xanadu113 ( 657977 ) on Saturday November 07, 2009 @10:23PM (#30018866)
    Security is a process, not a product.
    • Re: (Score:3, Insightful)

      by sopssa ( 1498795 ) *

      Since you seem so confident and intelligent, how do you plan to teach that to a "normal person"?

      And on real slashdot style, a car analogy; we dont care how the taxi works or how its supposed to secure us, we just want to get around conveniently. Without getting killed. Now the taxi driver might care more about his systems and how the inners of car work, but we just couldn't care less. It's the same thing when casual people use computers, and you're pretty ignorant if you dont understand why it is so or why

      • Re:Security... (Score:5, Insightful)

        by davester666 ( 731373 ) on Saturday November 07, 2009 @10:47PM (#30018988) Journal

        It's like a piece of wood, a tape measure and a saw. If the person doesn't use the tape measure properly, and saws the wood too short, there isn't any magic that can fix the problem. Even buying a new piece of wood and a new fancy tape measure will still have the same problem if the user can't be bothered to learn how it works.

        And a computer is only slightly more complicated than a tape measure...

        • Re:Security... (Score:5, Insightful)

          by Kratisto ( 1080113 ) on Saturday November 07, 2009 @11:12PM (#30019114)
          No, see, it's like a computer and a user and antivirus software. The user expects the antivirus software to either protect him from getting a virus to begin with, or to remove it swiftly if it fails. Unfortunately, the antivirus software isn't very good in the latter situation, and because the user is an idiot, no antivirus software can help him in the first situation.
          • Re: (Score:2, Insightful)

            by davester666 ( 731373 )

            Except this is dealing with AFTER the system has been infected. From TFA, it seems as if virus checking was disabled, the system intentionally infected with various viruses, then virus removal was run. The AV software would have a reasonable chance of being able to revert your system to a pre-virus state IF it's running while the virus is being installed (which in itself shouldn't happen, but it should stop it before it's installed), but to say it should remove all trace of any given variant of any virus

        • by interkin3tic ( 1469267 ) on Sunday November 08, 2009 @04:09AM (#30020054)

          It's like a piece of wood, a tape measure and a saw. If the person doesn't use the tape measure properly, and saws the wood too short, there isn't any magic that can fix the problem.

          Ah muggles... you never cease to amuse me!

        • Re: (Score:3, Insightful)

          Except that the user isn't interested in the wood, tape measure, or saw, he wants a table, and thought he bought one, thank you very much. Why does he have to know how the tape is made to put his plate on it?

          Computers are somewhat unique in the level of awareness that a user has to have in order to use one safely. Unfortunately, for a lot of users, the difference between computers and magic is not apparent to them.

        • Re:Security... (Score:4, Interesting)

          by mustafap ( 452510 ) on Sunday November 08, 2009 @08:08AM (#30020872) Homepage

          >If the person doesn't use the tape measure properly, and saws the wood too short, there isn't any magic that can fix the problem.

          Use the other end of the piece of wood?

          Worked for me many times :o)

          "Measure twice, cut once"

      • Bad car analogy. Ignoring the tautology at the end, the computer user is more analogous to your taxi driver who does care. If you just want to be a passenger who doesn't want or need to know anything other than where they want to go, you hire the taxi driver (or perhaps a chauffeur). Now, I'm not saying that software shouldn't be made better, more secure, to do what you want, and be harder to accidentally scatter your guts over the road while killing innocent bystanders, but it's never going to be perfect,

        • Re:Security... (Score:4, Interesting)

          by Jurily ( 900488 ) <jurily AT gmail DOT com> on Saturday November 07, 2009 @11:02PM (#30019066)

          Here's another analogy for you: don't rely on the police to catch the robbers. Use houses with locks on them and learn how to use it.

          • Re:Security... (Score:5, Interesting)

            by TheLink ( 130905 ) on Sunday November 08, 2009 @07:58AM (#30020832) Journal
            Most popular operating systems can be analogous to a house with locks and a separate room for "maintenance personnel only" that's locked, and your personal room with a door and lock too (there may be similar rooms of other people with corresponding doors and locks).

            The trouble is when you invite a guest into your house, there is no guest room that _you_ can easily use, so you have to invite him into your personal room. The design of the house is such that you cannot usefully interact with the guest while the guest is in a different room from you.

            This means he has full access to your personal room. The geeks who don't understand the real world will say "Ah, but OS XYZ is secure because the "maintenance personnel only" room is locked and unaccessible". But who the fuck cares? You keep most of your stuff and valuables in your personal room! Insurance can take care of recreating the maintenance room stuff - not hard since the stuff in there is the same for every house of that model. They'll never be able recreate your personal documents.

            This is changing a bit with Vista and Windows 7, but it's still not good enough IMO. As for Linux, I don't see much help with what I'm talking about for the average desktop user yet. Apparmor is not "desktop ready" yet, and SELinux is barely even ready for average admins.

            This test of AV products is like inviting a crook/spy into your whole house, closing your eyes and letting him mess it up (plant bugs if he wants etc), and then get someone to try to clean everything up and restore stuff back to what it was.

            Yes it can be done in many cases. But it's foolish to expect the clean up to be 100% in all cases.

            If you really want to do that, you use a special house. Then you invite the crook into that special house. Then when he's done, you press a button and the house reverts back to its original state.
      • Re: (Score:3, Insightful)

        People still have to learn how drive. It doesn't just work. I can go into oncoming traffic and head end a semi. Cars don't 'just work'. The best security product is never going to keep someone from running something stupid.

        they "just want it to work"

        My mom used to say 'Want in one hand and shit in the other and see which one fills up faster.'

        • Re:Security... (Score:4, Insightful)

          by slarrg ( 931336 ) on Sunday November 08, 2009 @12:09AM (#30019344)
          Even when people learn to drive, accidents still happen. That's why technology is developed to reduce the negative outcomes of those accidents (crumple zones, seat belts, airbags) or attempt to diminish the likelihood of an accident occurring in the first place (brake lights, mirrors, reflective road signs.) This is the same reason anti-virus software is developed and it's certainly appropriate to debate the effectiveness of these methods.
          • Re: (Score:3, Interesting)

            it's certainly appropriate to debate the effectiveness of these methods

            I completely agree, but some people seem to think security software is going to prevent anything from happening to their computer. I don't think a seat belt, crumple zones etc are going to prevent anything from happening to me regardless of what I do. Or for that matter what another driver does. Why should I refuse to learn anything about using a computer?

            • by slarrg ( 931336 )

              There's a difference between not learning anything about the computer (or car for that matter) and just learning enough to do the minimum necessary to use the device. When we get a driver's license, you are demonstrating that you have a minimum proficiency to drive an automobile. Truthfully, many of those people still have problems driving in inclement weather or when it's dark out but we accept that they have the minimum proficiency to share the roadways with others. Are you so certain of your mechanical k

              • Re: (Score:3, Interesting)

                I'm not suggesting people learn how to program or even know the difference between their cpu and computer case. I'm not suggesting developing safeguards are worthless. I'm only saying relying *completely* on safe guards is naive. Very simple things like not downloading free screen savers/games or clicking on links in emails from 2342@235ja.com would go a long way. I'm not suggesting anyone needs a license to get a computer.

                Unless things have changed since I took the test to get a driver's license it do
                • Re: (Score:3, Insightful)

                  by slarrg ( 931336 )

                  The primary problem that anti-virus software tries to protect against malicious activities of other people and not the actual computer user. The level of security to truly harden a networked computer from attack is incredibly high. Even the most sophisticated of us cannot guarantee 100% security of a networked system. Certainly my systems and your systems will have high levels of security but even we cannot guarantee 100% security of our own systems. Luckily, if you're in the top 50% of secure systems and y

        • by v1 ( 525388 )

          People still have to learn how drive.

          Problem is, in today's world, everyone needs a jet to get to work. Do you know how to drive a jet? I sure don't. That leaves us with companies trying to sell "jets for the common man". I'd personally prefer a jet that flies itself, doesn't randomly run into mountains, has a 100% (not 99%!) effective antimissile system, and doesn't require me to know how to maintain the turbofan. But then it looks like these companies are in the business of selling parachutes, air ba

        • Re: (Score:3, Informative)

          by Anonymous Coward
          Your mom has a potty mouth.
        • by interkin3tic ( 1469267 ) on Sunday November 08, 2009 @04:11AM (#30020064)

          My mom used to say 'Want in one hand and shit in the other and see which one fills up faster.'

          Well? What were the results? How many times did you repeat the experiment?

      • The process change needs to occur in software development, not in end user behaviour.

        People need to safely run software from untrustworthy or marginally trustworthy sources, but the infrastructure isn't there. Anti-virus software is sort of a stop-gap measure, but tests like these are showing that it increasingly can't be relied upon

    • You're dead on. However, it sure is surprising that they didn't test ClamAV, isn't it? /positive MS score and open source antivirus not tested? color me surprised.

      • ClamAV does nothing automatically, so it wouldnt really qualify for the first part of the test. If youre suggesting ClamAV to people as a primary antivirus, youre doing it wrong. Moonsecure would be a different story, but Im not sure how good it is.
    • Re: (Score:2, Insightful)

      by engun ( 1234934 )
      Exactly. This is why I don't use any AV product at all. As long as you're reasonably careful not to download and install unknown programs, there's no way to justify incurring a huge performance hit on a daily basis. For example, I once "fixed" a friend's PC in which she had installed two AV programs - Avira and McAfee - for additional protection and security as I heard. File copying had dropped to something like 150Kb/sec between two hard drives because both anti-viruses were scanning it. Disabling one incr
      • by pelrun ( 25021 )

        Which is fine until that one virus manages to get through by accident. I ran my machine AV-free for a long time until that happened, and the cleanup was unpleasant - the preventive features of AV software are far superior their cleanup ones. :S

        That said, the performance of my machine running AVG got worse and worse with each new version till I got fed up and ditched it. I'm running Avast now, and the best feature is the easy access to the "disable on-access protection" option in the systray. It stays on mos

        • Re:Security... (Score:4, Insightful)

          by Darkness404 ( 1287218 ) on Saturday November 07, 2009 @11:33PM (#30019190)

          Which is fine until that one virus manages to get through by accident. I ran my machine AV-free for a long time until that happened, and the cleanup was unpleasant - the preventive features of AV software are far superior their cleanup ones. :S

          Yes, but think about it this way. Lets say your computer runs at half its speed with an anti-virus. You run your machine for 365 days without an AV for 30 mins doing routine work that would be slowed down by the AV (file copying, plus additional maintenance for the AV itself, etc) so it would take an hour. That is 182.5 hours per year you use it for maintenance without an AV. With an AV that doubles to 365 hours. Even if you add in a entirely long clean up process of 48 hours, you still come out ahead. And unless you get a nasty virus that somehow corrupts everything you can just restore from backup (you do have a backup of everything important right?) and if you don't have a backup you can usually boot from a Linux disk (most can read NTFS just fine) and copy things to an external HDD. So unless that machine was really mission critical (such as, if its down for 2 days you are out of lots of money) not having an AV and having a long clean up may actually save you time.

          • Re: (Score:2, Informative)

            by dmorris68 ( 1532203 )

            Yes, but think about it this way. Lets say your computer runs at half its speed with an anti-virus.

            I wouldn't run any AV that causes my computer run at "half its speed."

            I used to be a huge Norton AV hater. But since v2009 they did a major overhaul to their AV engine and now it runs extremely well. 2009 and 2010 consume virtually NO detectable resources, update themselves literally every few minutes, and turn themselves off completely during gaming. Kaspersky 2010 is a bit worse performance-wise, but not terribly so. I've also installed MSE on a few PC's for people and have been impressed with its per

          • Re: (Score:3, Interesting)

            Comment removed based on user account deletion
        • by mlts ( 1038732 ) *

          I run AV software for a few reasons: The first is that most AV software has heuristics. This is important for a "burglar alarm" in case something manages to get executing natively on a system. The second is to catch known threats before an OS update. AV products update at least daily, which is usually faster than OS or browser updates unless the hole is super critical. Another use is scanning files and documents before emailing. This way, if the recipient claims to have gotten an infection, I can say

          • Im not sure how much water the due diligence argument holds; antivirus doesnt keep anyone out. Firewalls and IDS would be due diligence; antivirus is of debatable value.
    • Re: (Score:3, Insightful)

      by Afforess ( 1310263 )
      I find it interesting though that Microsoft Security Essentials was one of the top three AV tested, with two "good" ratings. It also happens to be free. Maybe Microsoft is learning lessons from the past?
      • Re: (Score:3, Interesting)

        by ZosX ( 517789 )

        Using it right now. It found a suspected trojan in my half life 1 install. It looked like a false positive, but who knows. I quarantined the file anyways. It was for opposing force. Anyone else have this detection? What was interesting was that it said it listed it as active. I was kind of surprised by this. Since I long lost my half life cds, it was a pirated copy, but usually they embed trojans in the installer exe or the cracked exe, which all tested out to be fine. Security essentials seems pretty good

    • Re:Security... (Score:4, Insightful)

      by Leekle2ManE ( 1673760 ) on Saturday November 07, 2009 @11:46PM (#30019258)
      I've been reading slashdot for a while and I've avoided commenting because... I'm not a nerd. I'm a geek. Which my friend always find annoying because 'back in his day' nerd and geek were the same thing.

      I've been into computers for over 10 years now and while I know far more than the average user, I don't know enough to hold a flame to many nerdier folk.

      However. I've dealt with enough real life cases in computer security/maint to know that the average user doesn't care about a process. They don't want to hear about it being a process. They view the computer as a glorified telephone/television combo. They just want to be able to power up, do what they want and log out. The average user these days isn't going to spend time to learn about how to properly protect themselves online because they have other things to do.

      To expand on a car analogy someone else used...
      Likening computer security to a car would mean comparing it to car security. While some people might take their cars to a car audio shop to get a security system installed, most will just buy their car from the dealer and just want to push the button and have their car secured. Even if they won't always push the button. Unless they're in an 'unsafe' neighborhood.

      What the average user doesn't understand is that every time the get online they're in an unsafe neighborhood. They don't know it and they're not going to do the research to find out. They're not reading /. They don't see comments about Security being a process and not a product. They just want to start up the computer and feel safe that their security system is working. They're not going to search online to find the best anti-virus product(s) available. They're not going to look for reviews of 16 anti-virus programs reviewed. They quite simply don't care and don't feel that they should have to care.

      What good is firewall software if the user has no clue whether to allow a process access to the internet or not, but since it just popped up while they were installing something new, they allow it anyways? The firewall/software does nothing for them.

      And before someone brings up the Linux solution. I love Linux. I use it. It is NOT user friendly though. With all the different flavors around, the *cough* average user would just rub their temples in frustration and stick with Macrohard products. And if they did pick a Linux distro, they would have to pray that all the components in their computer are compatible. I've installed linux on multiple systems (which previously ran some variation of winblows) and every system has had at least one piece of hardware that didn't have a driver available.

      So, to make a long story short (TOO LATE) computer security for the average person will never happen. The only way to make computers secure for the average user to make the internet secure. The only way to make the internet secure is to allow your local ISP to start white-listing/black-listing sites, thus dictating where you can and can not go. And that's never going to happen. Or at least, we hope it doesn't.
      • Re: (Score:3, Insightful)

        by Blakey Rat ( 99501 )

        To think that anybody on this community knows anything about the average user is ridiculous.

    • Re: (Score:2, Insightful)

      by mysidia ( 191772 )

      Yes, but malware is a product.

      AV/Anti-malware software should be a product that can expunge/protect against one type of security threat: rogue/malicious software.

      Nothing beyond the product should be required for expunging malware. If you are updating and the software maker is doing their job, that security threat is permanently dispensed with, and you can move on to other threat categories, if they ever become important to you.

      If not, you are secure, and done.

      Security is a process, not a product,

    • True - security is a process. But, the process should have reliable results. When the process proves unreliable, then it's called a "failure". Security failures on Windows are common - just tally up the number of banks that have been compromised, then try to make some kind of a wild stab at the numbers of consumers who have been compromised. Some of them are actually pretty savvy, too.

      Now, look to the world of Unix and Unix-like OS's. The process is FAR MORE reliable, and requires less user input to be

    • by syousef ( 465911 )

      Security is a process, not a product.

      Where can I buy that process? Who's the best supplier?

  • Sign of the times... (Score:3, Interesting)

    by unitron ( 5733 ) on Saturday November 07, 2009 @10:28PM (#30018882) Homepage Journal

    Despite this being Slashdot, when I first saw the headline about "anti-virus" products, I immediately thought "stuff like Tamiflu".

  • dd (Score:2, Funny)

    by Anonymous Coward

    Guess they didn't try:

    dd if=/dev/zero of=/dev/sda

    Only sane way to remove viruses. Rates an "Excellent".

    I guess the equivalent in Windows is to buy a new computer. Also, an "Excellent" method.

  • Browsing safely (Score:5, Insightful)

    by Utopia Tree ( 1040146 ) on Saturday November 07, 2009 @10:33PM (#30018912)
    I don't think anyone sells common sense.
    • computer, my browser is completely broken.

      • Re: (Score:3, Interesting)

        by GigaplexNZ ( 1233886 )
        Completely broken? No, it still functions correctly most of the time, so just partially broken. Writing bug free software is virtually impossible, so while blaming your browser might seem like a good idea, the only way to guarantee that you aren't using a broken browser is to not use any browser.
    • Although I agree no one sells common sense, I do think clicking on links in a web browser or email shouldn't put your machine at risk. If clicking a link in Firefox or Thunderbird in Linux or BSD created a compromise in the system, people would eagerly seek a solution by reworking the architecture of the system and software. The system we see today on Linux and BSD and the like grew out of those lessons. That isn't to say you can't click on a link in Firefox that causes trouble or have an bug that is exp

    • by dbIII ( 701233 ) on Sunday November 08, 2009 @01:02AM (#30019536)
      If you had more than a passing familiarity with Microsoft's products and the elaborate pile of stuff on top that makes it even more insecure you would be aware that you need more than that. Large numbers of viruses and worms have spread with no user interaction at all, and others that required intervention have spread via things that appear to be quite innocent to the user (banner advertisement on Australia's Telstra white pages telephone number search page one day for instance). Then of course there is downloading that program that the user assumes is only going to give them an animated purple monkey, a weather report or little images of smiles to decorate their emails. They don't know that they system has no way of protecting them from such things being other than what they appear to be.
      Don't fall for the copout of accusing the users of being idiots. Instead it's a long chain of events with stupidity at many steps on the part of some developers which gave us a house of cards which the user can upset so easily.
      We can't just say "haha, user is an idiot" when we in the computer software industry can look in the mirror to see part of the real idiocy. Every time I make a user "admin" or "power user" so that they can run badly written software I add to the idiocy and create another potential node for a botnet or another chance at credit card fraud.
      At one site I do work for EVERY user has to be "admin" so they can run an internally developed dotnet application that writes it's config file to the root of the system drive simply because that's where the developer wanted to put it. The developer has a string of certifications and years of experience but still carries on with such overtly STUPID actions, not because he is stupid but because a very large chunk of the industry is stupid and stupidity is standard operating procedure. Most of the new security options in Microsoft's products are rendered pointless when the applications on top come from such a culture of stupidity.
    • Re:Browsing safely (Score:5, Insightful)

      by Tumbleweed ( 3706 ) on Sunday November 08, 2009 @01:18AM (#30019590)

      I don't think anyone sells common sense.

      It wouldn't matter if they did; no one would buy it as everyone thinks they already have it.

  • restore from a known good backup whenever the root account is compromised, be it compromised by a worm or a human, in part because it's impossible to tell the difference between a human pretending to be a worm and a worm, so it is quite difficult (perhaps impossible) to know what the attacker did, and how to undo the damage.

  • Comment removed based on user account deletion
  • WRONG SITE! (Score:5, Informative)

    by Anonymous Coward on Saturday November 07, 2009 @10:35PM (#30018926)

    They said AV-Comparative.org in the article. Try going there and see what happens. The correct site is av-comparatives.org.

  • by Jazz-Masta ( 240659 ) on Saturday November 07, 2009 @10:45PM (#30018982)

    How about testing some malware removal programs? Malwarebytes, Adaware, Spybot?

    I find Malwarebyte's Anti-malware to work wonders. Paired with Avast home edition, it is a good free combination. I think most system administrators notice the difference between software primarily tailored for virus detection and removal, and ones tailored for malware detection and removal.

    They tested these:

    Avast Professional Edition 4.8
    AVG Anti-Virus 8.5
    AVIRA AntiVir Premium 9.0
    BitDefender Anti-Virus 2010
    eScan Anti-Virus 10.0
    ESET NOD32 Antivirus 4.0
    F-Secure AntiVirus 2010
    G DATA AntiVirus 2010
    Kaspersky Anti-Virus 2010
    Kingsoft AntiVirus 9
    McAfee VirusScan Plus 2009
    Microsoft Security Essentials 1.0
    Norman Antivirus & Anti-Spyware 7.10
    Sophos Anti-Virus 7.6
    Symantec Norton Anti-Virus 2010
    Trustport Antivirus 2009

    • *whispers*
      "Shall I?"
      (whisperwhisper)
      "Why me??"
      (whisperwhisper)
      "Ok, damnit! I'll do it! But you owe me one!"

      *steps forward into the spotlight*

      *loud*
      "Well, I found a better combination:"
      *louder*
      "JUST INSTALL GNU/LINUX!"

      *normal voice*
      "Thank you, thank you! I will be here..." *dodges flying chair and Granny Smith with bite mark* "... all night!"

      (P.S.: I use Linux as my main Desktop. And Windows for the games. No hard feelings here. :)

    • Also (Score:4, Informative)

      by Sycraft-fu ( 314770 ) on Saturday November 07, 2009 @11:37PM (#30019218)

      Testing online (meaning running the removal program on a running, infected, system) removal seems kinda silly. You are fighting a war there and the malware has the upper hand being there first. On a compromised system you generally want to work on it offline. You either boot a live CD or take the hard disk to another computer. That way the malware can't be running. You can then use tools to track it down and remove it.

      Running a scanner on a live system is more of a preventative measure and a detection measure. You have a realtime scanner looking for threats coming in. If it finds them, it can block them before they have a chance to do anything. This is 99.9% of the good a virus scanner does. It stops them before they ever infect the system. It can then also help in terms of alerting you if a system is infected.

      However counting on one to be good at removal on a live system seems silly. Take the system offline, fix it, and bring it back up.

      • This is the best method to remove viruses/malware, I agree, but only if you have physical access to the machine.

        If you're supporting one of your 10 000 new friends (how convenient, so many new friends, all have viruses) over the phone, getting them to install one of those quickly, works.

      • No. That would be the smart thing to do, but the products are designed to run on an infected system. That's why they should be tested in this way.
        Also, fixing the system offline is too complicated for the average user (to whom these products aim for).

      • The offline approach worked fantastically in the year 2000, but now... the playing field has changed.

        We have root kits that embed themselves into alternate data streams, utilize virtualization, employ self-encryption and password protection and randomize what would otherwise be easy-to-detect signatures etc.. Some root kits can *only* be reliably detected if they are actually *running* because they conceal themselves using these techniques. *Even then*, it requires a competent utility with things like ste
    • They tested Anti-virus software for malware

      How about testing some malware removal programs? Malwarebytes, Adaware, Spybot?

      How should we define "malware?" AV-Comparatives.org chose (for now) not to include [av-comparatives.org] "adware, spyware, dialers, tools and rogue programs" (which they define as "Potentially Unwanted Applications"). They do include viruses, trojans, backdoors, rootkits, exploits, DDoS, flooders, sniffers, and nukers (from their "methodology" pdf file).

      Also, their "Removal-Test" page [av-comparatives.org] makes it clear that they are testing "Anti-Virus" products. I guess they are using the term "malware" because we expect "anti-virus" products to

    • Re: (Score:3, Insightful)

      by dbIII ( 701233 )

      I think most system administrators notice the difference between software primarily tailored for virus detection and removal, and ones tailored for malware detection and removal.

      I think all system administrators performing the job they are paid to do don't muck about with such things - guessing where the system has been compromised and what is in some hidden corner. Instead they wipe it and rebuild or restore from backups. Of course outside the job we are confronted by people that do not have backups or e

    • Re: (Score:3, Informative)

      by mysidia ( 191772 )

      Agreed...

      They should have instead tested:

      1. SUPERAntispyware
      2. PC Tools Spyware Doctor
      3. Malwarebytes Anti-Malware
      4. PrevX CSI
      5. Webroot Antispyware with AV and Firewall
      6. Spy Sweeper
      7. ThreatFire 4.5
      8. Vipre Antispyware 3.1
      9. CA Pestpatrol
      10. CounterSpy
      11. Trend Micro Security
      12. Tenebril SpyCatcher
      13. LavaSoft AdAware Pro 8.1
      14. McAfee Anti-Spyware
      15. Panda Internet Security
      16. AVG Anti-spyware (not anti-virus)
      17. Ashampoo Antispyware

      And then maybe considered testing some of the lesser-known or that I believe to be outdated and/or quite ineffective:

      • Spybot S
    • Why would anyone want to test Spybot? It's crap. I've seen false positives remain in Spybot that every other vendor fixed 5 years ago. It was once pretty good, but those days are long past.

  • by HermMunster ( 972336 ) on Saturday November 07, 2009 @10:50PM (#30019004)

    Stop recommending products. The tests demonstrate that av products don't perform well. It is right on. 80% of my day is spent cleaning malware. I have written here many times about how you need a combination of products. I've also emphasized the need to do the initial cleaning with the infected drive as the secondary in a second machine.

    Until you do this day in and day out please stop with the recommendations, as you are not helping anyone one bit.

    • Here's my recommendation: go hog wild, people! I love your money.
    • Re: (Score:2, Informative)

      by mysidia ( 191772 )

      Instead i'm going to make lots of recommendations. Cleaning an infection is all about using lots of tools, since no one tool is perfect, every tool has a gap in what it can detect or clean. But when it comes to prevention as few tools as possible should be used, and low-overhead choices should be used, since every tool installed and running slows down the workstation, and big-footprint tools have a big negative effect on users' productivity.

      I've also emphasized the need to do the initial cleaning with th

      • Re: (Score:3, Informative)

        by HermMunster ( 972336 )

        Regarding my comment about using a second machine to do the initial cleaning. I would have to say that you are quite short sighted. If you think ahead you'll understand the reasoning. And, if you are wise you'll understand that I would not recommend using a Windows box as the second machine.

        You are correct in that there are parts of the infections that a scanning from a second machine can't get. I don't dispute that, but that's why I said "initial" cleaning. The purpose of the initial cleaning is to all

  • No Joke (Score:5, Interesting)

    by Das Auge ( 597142 ) on Saturday November 07, 2009 @10:51PM (#30019006)
    I've been working in the on-site support field for over a decade. I've seen the viruses get nastier and nastier.

    It used to be that the virus got a hold of the system, maybe did a little damage or had a little fun. Sometimes it was pretty funny. Such as screwing with the mouse.

    Then things started to get a little more serious. The virus would insinuate itself into the system folder and maybe IE. They stated doing tasks. Thus rose the botnets.

    Then it became big business for people. The spreading of spam and fake anti-virus (that wanted you to purchase the "full version" so that you'd get rid of the virus they said you had) was the order of the day. They started blocking access to the run box, the task manager, and sites that might be able to help you (online virus scanners). They started killing the AV programs. They also replaced the explorer.exe and iexplore.exe files. Hell, they even go after Firefox, Chorme, and Opera.

    They really get their hooks into in and don't want to let go because it means money. Big money. So I'm not surprised that AV programs are having a tough time getting rid of them. It hasn't been kiddies out for fun for a long time. Now it's all about professional programmers out to make an ill gotten buck.
    • Re:No Joke (Score:5, Interesting)

      by d3ac0n ( 715594 ) on Saturday November 07, 2009 @11:13PM (#30019118)

      Ain't that the truth.

      The kicker? Most of the infections I deal with on a regular basis are coming from AD BANNERS. I have literally had people get a brand new machine, sit down at it, open IE8 and browse to one of the major sports news sites (ESPN, TSN, MLB, NFL, etc.) and get IMMEDIATELY infected by a banner ad!

      There are few things worse than giving someone a brand new machine, and before you've even been able to get back to your cube and sit down your BB is buzzing and you are being told to get back there because they have a virus! ARGH!

      Honestly, it's gotten so bad that with most of the fake AV viruses we just freaking wipe the stupid PC immediately. Format and re-image and done. It's faster and easier.

      • Re:No Joke (Score:5, Insightful)

        by dangitman ( 862676 ) on Sunday November 08, 2009 @12:26AM (#30019422)

        Most of the infections I deal with on a regular basis are coming from AD BANNERS. I have literally had people get a brand new machine, sit down at it, open IE8 and browse to one of the major sports news sites (ESPN, TSN, MLB, NFL, etc.) and get IMMEDIATELY infected by a banner ad!

        Hmmm... could a law suit (class-action or otherwise) be an idea here? After all, isn't it illegal to infect someone's computer with malware? How is it that these major websites are getting away with it?

        • by Nimey ( 114278 )

          It's not the major sites, it's the compromised ad servers that are run by others.

        • So what happens is that very few websites actually do their own ads. Instead, they sign on with a banner ad firm. They then just put code in their HTML to display those ads. so they aren't screening what goes on their sites. Now as to why you'd get hat form an ad company, most likely they got duped but who knows. At any rate they aren't doing it on purpose and it doesn't happen very often. They are just being lazy.

      • Re: (Score:3, Insightful)

        by Antony-Kyre ( 807195 )

        That is why we have to love how Google does their ads. Graphical ads just don't feel safe. But, maybe I'm paranoid. Maybe it's the flash ads that are the real offenders.

        So, either banner blocking software, or perhaps freeze software, so if someone is infected, a reboot brings it back to status quo.

    • actually i've been making a fair amount of money off of those fake AV programs lately too. I think it's called Total Security or Cyber Security or something like that, insinuates itself in the AV section of the action center. After the first couple systems i got pretty quick about removing it, only took me 15 minutes for the last system i cleaned. Just kill the active process, delete the CS folder from program files, remove the browser helper object and set avast to a thorough scan of all archives. Inci
      • Important! I noticed the other day that one of those fake AV programs (Windows Enterprise Suite), also hijacked the HOSTS files and messed with the permissions on it. I just deleted it and made a default file.

    • Re:No Joke (Score:4, Informative)

      by mlts ( 1038732 ) * on Sunday November 08, 2009 @12:26AM (#30019420)

      Its even past that. It used to be kids who were out to knock off someone's machine on a local BBS. Then it became the legion of professionals who went blackhat due to cash.

      Now, you have well heeled groups, from criminal organizations to whole governments who have immensely deep pockets who spend billions in order to search through every Windows and UNIX executable just to find the single buffer overrun, race condition, or other small goof that can be used in an elaborate attack. The payoff is big, and not just economics.

      Of course the attacks are nastier and nastier.

      Best defenses? After the obvious firewall and network IDS, two of the best system level out there are virtualization with a hardened hypervisor and jailing of apps. After that, an OS based IDS that can detect known signatures and unknown suspect activity. This way, something that gets access to the OS via an unjailed browser or plugin hole is stopped.

  • The usual suspects (Score:5, Informative)

    by EmagGeek ( 574360 ) on Saturday November 07, 2009 @10:58PM (#30019054) Journal

    Of course, half of the software they tested is not anti-Malware software (Avast, for example, is an AV, not an Anti-Malware).

    They also did not test MalwareBytes, probably because it would make all of the others look bad.

    • Re: (Score:3, Informative)

      by BikeHelmet ( 1437881 )

      Malwarebytes seems to detect everything nasty.

      Of course, in my experience, it also detects a lot of stuff that isn't nasty. Don't even bother running it on a drive from an old Win98 computer. It'll tell you there's 30 viruses from 2008/2009 installed on it, even if that computer had no internet access. :P

      But if you examine the results and use some deductive reasoning, it's an amazing tool.

  • I wonder who tests if the test itself is "very good"...

    How about you, good sir...

    And you perhaps...?

    ^^

  • all lame (Score:4, Informative)

    by Danzigism ( 881294 ) on Saturday November 07, 2009 @11:32PM (#30019186)
    for the regular user, I can understand wanting the "feeling" that you're protected. however, when even the shittiest and lamest rogue-AV programs like WinAntiSpyware, Antivirus2009, System Protector Pro, Police Pro, and all the other bogus products can't be stopped by even the best of AV software, ya gotta think. these scanning programs don't do shit and make you feel like they have. so, understand how your system works. use Sysinterals Autoruns to see what shit is being loaded on your system. and become familiar with our dear friend combofix provided by Bleeping Computer [www.bleepingcomputer]. It is the only tool worth a damn that can also get rid of severe rootkits. Sometimes for the real bad ones you'll need to use the Windows Recovery Console to delete files hidden from the Windows API as well as disable infected drivers/services. AV will still be a joke since the bottom line is, you can still get infected. especially if you are prone to getting viruses anyway due to your browsing habits.
    • Sometimes for the real bad ones you'll need to use the Windows Recovery Console to delete files hidden from the Windows API as well as disable infected drivers/services.

      So... it's possible for files to hide themselves from the Windows API? That explains a lot.

  • Wipe It (Score:5, Insightful)

    by Talisman ( 39902 ) on Sunday November 08, 2009 @12:57AM (#30019526) Homepage

    Imaging products have become so good and fast that I no longer bother with 'scrubbing' a computer clean when it gets a virus. I can reimage the machine in less time; 15 minutes from start to finish, and I don't have to worry about viral remnants in the registry or some deeply buried hidden folder with a time bomb inside.

    I keep our company's image file up-to-date, and when something goes wrong with a computer (drive crash, corrupt registry, malware, whatever) they are back online in 15 minutes. Screw scouring the web for a utility to remove a particular virus that may or may not work, and screw relying on an all-in-one product to save you from malware.

    I have come to terms with the absolute fact that users are stupid and careless and aside from rare individual who bother to be responsible, they will always be stupid and careless, no matter how much I wish they would change.

    In a business environment, imaging is the way to go.

    (I use a Mac at home and don't have to worry about such things)

  • The primary purpose of an antivirus is to keep you from getting infected in the first place. Cleaning up an existing infection is secondary and, in a growing number of cases, impossible.
    • Re: (Score:2, Informative)

      by Le Marteau ( 206396 )

      Pointless? Not exactly. New viruses can appear on your systems before there are any patterns for them. It is then left to to a scan and a clean-up to deal with it.

  • We've been fighting computer viruses for decades now. And we haven't made any headway. It just seems to get worse. Isn't it time that we all just give up and allow viruses to infect our computers? Let's stop fighting it. Let's stop playing 'whack a mole'. No? You don't think so? Sorry, I just has to say that to parody all of the 'you can't stop piracy, you should just permit it' arguments.

If all else fails, lower your standards.

Working...