How effective is any antivirus program?

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View


Speaking as a reasonably computer-savvy "end-user", I reckon that many years
ago viruses were just an annoyance and antivirus programs worked well.
Unfortunately, viruses, trojans, keyloggers, spyware etc., etc., etc., have
become much more malignant and sinister. They are harder to remove, hell,
they can even hide themselves from attempts to get rid of them.

So, once infected, can a system _really_ ever be cleaned, disinfected, and
healed to the point where you could use it for online shopping or internet
banking again?

The reason I ask is that a friend of mine is antivirus-ed, antispyware-ed,
antitrojan-ed to the hilt but, if any "anti" program triggers and says that
something is wrong, he doesn't rely on the program to do its job and clean
the infection - he takes it as a warning that something's wrong and he then
deletes the partition, recreates the partition, reformats and reinstalls an
earlier drive image using Acronis. He thinks that that is the only way to be
sure he can use his bank or credit card details safely.

Is he paranoid or does he have a point?

TIA



Re: How effective is any antivirus program?



Pete Zahut wrote:
Quoted text here. Click to load it

Paranoia is a good defense. ;-

At present, most infections can be cleaned, but that is slowly changing.
I think he's overdoing it, but not by much.

FWIW, I run MBAM, SuperAntiSpyware, S&D, and a rootkit sniffer/deleter
about once a week. Every other week or so the first one I run finds and
cleans out a baddie. The others then report a clean machine. Avira runs
from boot.

Herewith a tale that explains my paranoia:

About 8 months ago I had a _severe_ infection on this machine. It
deleted all the operating files for the software, blocked anti-malware
programs, disabled several control applets, and blocked downloading and
of anti-malware (AMW). I didn't have a drive image, so I couldn't just
reformat and reinstall. Fortunately, I have an older machine running
W2000, which I used to get more anti-malware. I was able to run one off
a floppy disk. I also had Portable Apps, which includes AMW and runs off
a USB stick, ran that too. I was then able to d/l more AMW and run it.
It took me the better part of two days to clean the machine, repair XP,
and reinstall the software. A couple of glitches remain, e.g. there is
no Shutdown/Log Off/etc button on the welcome screen (I think there's a
registry key to reset, but I haven't bothered to find it.)

Since then my paranoia has gone up a couple of notches, and continues to
rise, but not yet as high as your friend's. But it's getting there. Next
on my agenda is a external drive (but not NAS - networks can be
compromised too)) dedicated to store drive images for all the computers
in our house.

Cheers,
wolf k.

Re: How effective is any antivirus program?



Wolf K wrote:
Quoted text here. Click to load it

Well, that's certainly food for thought my friend  :o)

Thanks for that - I may well start a regime like my friend soon.



Re: How effective is any antivirus program?


Quoted text here. Click to load it

Both.
I triple boot XP, Vista, and Windows 7 (RC). All three of them share the
same My Documents folder on a partiton of its own.
Three nights a weeks at 2 AM Acronis makes a disk image of each OS
partition (automatic). Every morning at 5 AM Laplink automatically updates
My Documents onto another computer in my network.
I've never gotten any bugs that required having to use any of those images.
But I've had installations and uninstallations go bad and find it easier to
restore from the latest disk image than to try and debug the goofup. Most
of those have been from experimenting in Windows 7.

Off Topic: XP is my OS of choice, Vista sucks big time, and Windows 7 looks
promising.

--
        --- Everybody has a right to my opinion. ---

Re: How effective is any antivirus program?

Lil' Abner wrote:
[...]
Quoted text here. Click to load it

Yup Win7 is very nice, esp. compared to Vista, but it has two flaws that
amount to deal breakers for me:

a) the pathetic control panel, continued from Vista;
b) the hit or miss functionality of Vista hardware drivers in Win7. Win7
is supposedly Vista stripped of most of its silliness, plus a few tweaks
to the desktop, etc, so Vista drivers should work. The one for my Canon
inkjet works, the one for my Canon laser printer does not. Go figure.

And I didn't bite on the $50 "pre-release sale price" because of those
issues. I don't think Win7 is worth $100+ for upgrading from XP, even if
those issues are fixed.

cheers,
wolf k.

Re: How effective is any antivirus program?


Quoted text here. Click to load it

I did order the $100 Pro version. I still doubt if I'll use it that much,
but if I'm going to work on other people's computers, then I need to
familiarize myself with the other systems.
Another thing that sucks is that the RC version is Ultimate and they didn't
have a half price special for that version.

--
        --- Everybody has a right to my opinion. ---

Re: How effective is any antivirus program?



Quoted text here. Click to load it

Not really, some viruses had really nasty payloads and could hide
themselves well from the scanners. The scanners adapted to the new
techniques and the virus writers came up with yet another stealth
mechanism. Back and forth it went until scanners were mostly looking for
self decrypting code - emulating the environment the virus needed
sufficiently for it to decrypt and expose itself.

Quoted text here. Click to load it

This is actually old stuff - in a new venue. Most current malware uses
some sort of vulnerability (social engineering or software exploitation)
to gain processor time - whereas viruses used only legitimate means to
gain processor time (they ran hosted by another program). What was
called a form of "stealth" in the virus world, is now called a "rootkit"
(a misused term IMO) in current malware terms.

Quoted text here. Click to load it

Yes, but most savvy users keep appropriate backups (images) so as to
make "flatten and rebuild" not such a daunting prospect. Why do
intricate software surgery when you can just replace the whole shebang.

Quoted text here. Click to load it

He's a savvy user IMO.

Quoted text here. Click to load it

You decide.



Re: How effective is any antivirus program?




Quoted text here. Click to load it

I have to agree with the rootkit being a misused term in this case. It's
stealth...
 



--
Dustin Cook [Malware Researcher]
MalwareBytes - http://www.malwarebytes.org
BugHunter - http://bughunter.it-mate.co.uk

Site Timeline