digg

Facebook Connect Join Digg About

Why antivirus apps from Symantec, McAfee and Trend Micro do not work

zdnet.com.au Antivirus applications from Symantec, McAfee or Trend Micro -- the three leading AV vendors in 2005 -- are far less likely to detect new viruses and Trojans than the least popular brands -- AusCERT claims their MISS rate is about 80 percent.

Who dugg this? Made popular Jul 21, 2006

Digg DudeWhat is Digg?

Digg is a place for people to discover and share content from anywhere on the web. Digg surfaces the best stuff as submitted and voted on by the community. Take the Tour to learn more.

151 Comments

show profanity settings
expand all
  • poipoipoi, on 10/12/2007, -21/+67oh for ***** sake, enough with the "Linux and Macs dont get viruses" crap. everyone here is aware of this.

    half the reason people dont try linux is because of the arrogance and whining of linux users. who'd want to join that club?
  • foshizol, on 10/12/2007, -7/+47Symantec and McAfee will slow down your computer. Thier both bloatware.
  • Yorn, on 10/12/2007, -1/+31The best virus authors have financial motivation behind what they do. IE, they get paid per infection or use their network of compromised computers to make money through spam and/or installing spyware and hiding it with a rootkit.

    There are *very* few destructive viruses out there. So few, in fact, that if you find one, it's very rare and probably newsworthy. The idea of destroying a compromised computer is ridiculous. It's the same reason why so many countries make suicide illegal despite the ridiculousness of the law, both you and a compromised computer are worth more to the government and a botnet operator, respectively, alive.
  • Gryfft, on 10/12/2007, -1/+23Also, some of the most destructive and expensive viruses have just been simple worms-- didn't do any real damage on their own, but slowed the internet to a crawl in some places and ate up a LOT of bandwidth because the things were replicating so fast, and everywhere.

    One of the most interesting viruses ever, in my opinion, was one that followed up after the 'blaster' virus (Blaster was the one that made it impossible to connect to the internet, and then rebooted your computer.) The virus actually exploited the same weakness 'Blaster' used to get in, propagated, then sealed up the vulnerability it used to get in, and deleted itself. In effect, if you got that virus, you couldn't get Blaster. The only 'White hat' virus I know of.
  • dan4prez, on 10/12/2007, -4/+25NOD32 FTW
  • SquirrelOnFire, on 10/12/2007, -1/+21I always wonder to what extent virus creators are just malicious people and how much they just want to prove something. If it is the latter, why not have more humorous viruses and less destructive ones?
  • jtjdt, on 10/12/2007, -1/+17I like how (for suspicious programs) NOD32 will launch an emulation environment of Msft. Windows and observe the suspicious programs behaviours before allowing them to launch. Truly AWESOME heuristic detection.
  • spyrochaete, on 10/12/2007, -3/+16Avast rocks!
    http://www.avast.com
  • centinall, on 10/12/2007, -0/+13Especially when it comes time to renew the license. Anyone else notice this?
  • rm999, on 10/12/2007, -1/+14Even humorous viruses can be harmful. It's software running on the computer, without permission, that is self-propogating and somehow installed deep in your system. That alone could be harmful, and any small bug can be bad for a system.

    To directly address your question, I think virus writers are driven mostly by the latter, but it's so much easier to get attention by deleting the c drive than writing "H4x)R Jim wuz here ^_^" in the boot sequence (or whatever would be considered a humorous virus).
  • Sukino, on 10/12/2007, -0/+13NOD32 is rated highly by users on CNET.com, with a rating of 9.4 out of 10, compared with 2.9 for Norton Antivirus 2006 and 5.9 for McAfee VirusScan 2006.

    http://en.wikipedia.org/wiki/NOD32
  • NXIL, on 10/12/2007, -2/+14ESET NOD32: fast, lightweight, daily updates, inexpensive....
  • Yorn, on 10/12/2007, -1/+12The reason why AV companies fail is really simple -- signature-based detection doesn't work. It doesn't require that many resources, however. At least, not as much as heuristic-type scans do. People that complain about AV slowness today probably have some type of heuristic analysis built-in.

    Not only that, but some researchers, like tibbar, are actively looking at creating mutation engines that make signature based detection completely worthless. In it's current state it is mediocre.

    There is a constant struggle, an AV company *can* make a better AV engine, but it'll be intrustive, it'll crash your games, and it will affect productivity at work. But it'd be safer, it could test each executable prior to running and instead use a signature "whitelist" of files it wouldn't scan.

    Which do you want, a secure but unusable system, or an insecure but usuable system? Neither, of course, but it's difficult to find that happy inbetween.
  • inactive, on 10/12/2007, -3/+14corporate version of the Symantec stuff is just fine


    maybe you have a different def of bloat than i do.
    the best symantec product is the symantec product removal tool.
  • ThugEsquire, on 10/12/2007, -1/+12@o0joshua0o: Sure, except I'd rather live in an insecure, free world than a "secure" dictatorship. It's not like life will ever be "secure," anyway.
  • o0joshua0o, on 10/12/2007, -1/+11"Which do you want, a secure but unusable system, or an insecure but usuable system? Neither, of course, but it's difficult to find that happy inbetween."

    This reminds me of the national security vs civil liberties debate.
  • vroxx, on 10/12/2007, -0/+10Yup, NOD32, only anti-* u need.
  • adml_shake, on 10/12/2007, -1/+11I've been a happy user of Free AVG for a while now, and I haven't noticed is bloating down my system what so ever.
  • spellcheckd, on 06/28/2009, -3/+11Kaspersky is awesome. Do yourself a favour and try!
  • schaffermk, on 10/12/2007, -3/+11The problem I have is that most AV software is bloatware that slows down your machine - symantec from my experience is the WORSE offender of this. They glom such much ***** in with the software that your machine slows more from the AV software then the virus. Additionally, ever try removing it? My vote if anyone cares is for Avast.
  • mancat, on 10/12/2007, -4/+12I have to stick up for TrendMicro OfficeScan. It's very lean, has kept all machines I manage in extremely well working order, and the web administration interface is great.
  • DigeratiPrime, on 10/12/2007, -1/+9NOD32 and Kaspersky are both highly effective and use minimal resources. Both applications run only 2 system services (processes) and total up to about 10mb of 'Mem Usage' (although I am unsure about the significance of this metric).
  • rideaurocks, on 10/12/2007, -4/+11Apparently AVG uses the Kaspersky scanning engine. Free AVG FTW!
  • adriand, on 10/12/2007, -0/+7Aoccdrnig to a rscheearch at an Elingsh uinervtisy, it deosn't mttaer in waht oredr the ltteers in a wrod are, the olny iprmoetnt tihng is taht frist and lsat ltteer is at the rghit pclae. The rset can be a toatl mses and you can sitll raed it wouthit porbelm. Tihs is bcuseae we do not raed ervey lteter by itslef but the wrod as a wlohe.


    However, If you spell things correctly, then I only have to spend a second reading a whole comment. Otherwise, people who are not so familiar with English will need to spend more time figuring out single word you really meant.

    (i tooke the above from a Joomla! installation, btw)
  • jonnyeh, on 10/12/2007, -6/+13The corporate version of the Symantec stuff is just fine, not bloaty at all
  • DigeratiPrime, on 10/12/2007, -2/+9FTW = 'for the win'
  • turbo63, on 10/12/2007, -1/+8yeah, if you want your computer to grind to a halt! Kapersky is the most system draining app I have ever used. We tried it at our company and everyone's computers grinded to a halt. Even with a lot of the scanning features turned off it still took too many resources to run.
  • cadich, on 10/12/2007, -2/+9hey, sorry to ask this, but what does FTW mean? (i'm french btw)
  • mark1372, on 10/12/2007, -3/+10A trend that is long past its usability and has now entered into extreme annoyance. Avoid at all costs. "FTW" has now entered the pantheon of overused cliches, along with w00t, pr0n, pwn3d, LOL, OMG, ROFL, RLY, PPL, and all that usual *****.
  • Chordonblue, on 10/12/2007, -0/+7The problem is that many of these vendors want to walk a VERY thin tightrope between what is a 'virus' and what is 'spyware'. There are two reasons for this:

    1) There have been a number of cases where spyware 'vendors' ('scum' are more like it), have sued Symantec and/or other AV companies because they de-installed their programs. Most of these suits are thrown out because the maliciousness is easily proven but it is time and money consuming.

    2) Can you be an anti-virus vendor and still not kill spyware on the account that one is not like the other? Apparently so. I think it's wrong, and that these guys are trying to weasel out of their responsibility to their customers. I had an interesting and frustrating discussion with a rep from Sophos about this very thing.

    One of my users got an 'unkillable' piece of spyware on his machine. Nothing I did completely killed it - it would always come back. If not the next reboot, than the next day. I found the offending file and reported it directly to Sophos who then responded by telling me that the 'program' was part of an application that the user installed. When I informed them that the user COULD NOT install anything (do to policies), they didn't know what to say except that this 'program' was part of a legitimate install.

    *****! My user got a drive-by download that screwed his computer! These AV companies do not want to take responsibility for spyware as they consider it to be different somehow than viruses - even though many of these things either carry trojans or were installed through browser/OS trickery.
  • DCstewieG, on 10/12/2007, -0/+7Except when IT decides to schedule weekly scans at noon on Wednesdays, bringing your computer to a screeching halt. This just in: productivity is down on Wednesdays.
  • rideaurocks, on 10/12/2007, -0/+6"The reason why AV companies fail is really simple -- signature-based detection doesn't work. It doesn't require that many resources, however. At least, not as much as heuristic-type scans do. People that complain about AV slowness today probably have some type of heuristic analysis built-in."

    He mentions this in the article, basically saying the opposite. These AV programs are using heuristics, but so are the people writing the viruses. They test against AV software to make sure their stuff can get through. That's why sig files are still important.
  • DigeratiPrime, on 10/12/2007, -0/+6BitDefender is actually a pig. It installs 8 system services (processes) - if I remember correctly. The only nice thing about BitDefender is it doesnt install any files into the system folders, instead everything is kept in the one %ProgramFiles%/Softwin folder.
  • fairyliquidizer, on 10/12/2007, -0/+6AVG isn't the best unfortunately. It's ok, Antivir and Avast both outperform it. Check the tests on AV Comparatives.
  • orbstra, on 10/12/2007, -1/+7simple, just stick with nod32!
  • Tiemmothi, on 10/12/2007, -0/+6There was a mac worm that mac addict had on one of its demo Cd's that they included with there mag way back when.. the released the next CD with another worm to delete the previous worm and fix the problem. This was back in the mid 90 to late90's.
  • renegadeafk, on 10/12/2007, -2/+8Mcaffee and Symantec are horribly bloated and I would never use them anyway, my old Dell 4600 Starts up faster than my dads XPS 400 because Mcaffee takes like a couple minutes just to load. I would reccomend AVG, Avast! or NOD32 for anyone looking for lighter antivirus with good detection.
  • JayWright, on 10/12/2007, -0/+6Not only that, products from those three companies quickly become more of a VIRUS themselves! They install SO much crap that most people don't want ("Security Center" sound familiar?), and they become almost IMPOSSIBLE to uninstall.

    I can't tell you how many people have called me for help because they can't get McAfee or Symantec off of their computer... It's ridiculous! When all you want is an AV program, stick with something free like Grisoft AVG.
  • inactive, on 10/12/2007, -0/+6sand boxing and or virtualization apps tend to be better than virus scanners
  • sphinx, on 10/12/2007, -0/+6Took the words right outta my mouth!
  • zcreem, on 10/12/2007, -1/+7FTW = ***** That Wanker
    A term of endearment aimed at "fools" (BA Baracus voice) that think it's cool to use numbers instead of letters, and misspell on purpose just to cover their poor spelling.
    NDMD.
  • Torx, on 10/12/2007, -0/+5For those that dont know, av-comparatives.org is a good resource to stay on top of the latest av testing. Ive been using kaspersky for a while now, version 6 rocks my bunghole. Rocked it enough, i actually purchased it. Yes, purchased. I recommend everyone to purchase a legit copy of any AV over warezing. Kas, nod32, avast are my top 3 recommends.
  • BlakeEM, on 10/12/2007, -0/+5I notice not only do these programs find less viruses but they are worse programs over all. I don't remmeber how many times I have seen Symantec killing peoples shares, internet connection, and totally futzing up a computer. We always go with Avast! and have our clients use it and have had a great expierence. Never had a problem with it and gets updates very often, almost every other day.
  • SpookyET, on 10/12/2007, -1/+6The microsoft anti-virus is not *****. They bought RAV (Romanian Ati Virus) from GeCAD software. It had the best anti-virus engine. What MS did with it, who knows. But, they also bought the GeCAD developers.
  • whisperedlie, on 10/12/2007, -1/+6also using NOD32. Love it.
  • Chamunks, on 10/12/2007, -0/+4Like i said Numerous Times Before ANTIVIR http://Free-Av.Com Or for you who speak Their Language http://free-av.de/
  • staticneuron, on 10/12/2007, -0/+4I knew a brilliant virus maker.

    He grew up and used his knowledge for more productive things, like useful computer apps and webpages. I think some of it you can chalk up to immaturity.
  • br0ck, on 10/12/2007, -0/+4@Gryfft
    Too bad the cleanup worm, Welchia, caused more problems that the worm it was fixing:
    http://www.internetnews.com/ent-news/article.php/3065761
  • atroxodisse, on 10/12/2007, -0/+4I switched to nothing. I don't run AV and I don't get Viruses. Maybe that's because I don't visit dangerous websites and I don't pirate games from crappy file sharing sites. The solution to the antivirus problem is to do regular back ups of your important data and format your computer every few months. Windows gets pretty clunky after a while anyway.
  • cgoff, on 10/12/2007, -0/+4I use FRISK F-PROT ( http://www.f-prot.com ) in an education environment and am extremely pleased with it. Not only is it super-cheap with regards to education licenses it's lightweight and always kept up to date.

    Frisk also has a free DOS scanner that uses the latest definitions so you can boot from a CD and clean out infected systems. This has saved me countless hours mucking around in Windows to root them out.
  • Fetching more discussions...
    Show 51 - 100 of 145 discussions

  • Add a Comment

    Login or register to comment!
    Or, sign-in super fast with your Facebook account ...

© Digg Inc. 2009 — Content created and posted by Digg users is dedicated to the public domain | Terms of Use Updated | Privacy Policy
DIGG, DIGG IT, DUGG, DIGG THIS, Digg graphics, logos, designs, page headers, button icons, scripts, and other service names are the trademarks of Digg Inc.