If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. |
|
|
|
Thread Tools | Display Modes |
#11
|
|||
|
|||
Be careful of Windows update
In message "First of
One" was claimed to have wrote: A few things make daily AV software updates overkill: - Just because a zero-day virus is in the wild doesn't mean it has infected the file you happen to be downloading today. In fact virus propagation on the internet takes time. - When an AV software developer is made aware of a new virus in the wild, they still need time to analyze it and develop the signature, so even daily AV updates will lag behind virus threats by a few days. Right... So why add additional latency to the process? |
#12
|
|||
|
|||
Be careful of Windows update
* First of One:
Checking for AV updates daily is really overkill. No, it isn't. :-) I update my Avira Antivir definitions once a month and I download all kinds of cracks and no-CD patches without infection. Just because you were lucky so far doesn't mean your approach is sensible. In fact, you can be infected without knowing it. Updating your AV software daily only takes seconds and is done automatically. There is absolutely no sane reason to not do it. Benjamin |
#13
|
|||
|
|||
Be careful of Windows update
* First of One:
A few things make daily AV software updates overkill: - Just because a zero-day virus is in the wild doesn't mean it has infected the file you happen to be downloading today. In fact virus propagation on the internet takes time. This is not true, as the past has shown. Many zero day exploits are widely used within a few days. - When an AV software developer is made aware of a new virus in the wild, they still need time to analyze it and develop the signature, so even daily AV updates will lag behind virus threats by a few days. No. Just because you (the public) haven't heard of it before does not mean the AV software developers haven't, too. - Signatures is only one means of detecting viruses, the other being heuristics. Heuristics is very unreliable and only works when the malware is already on your system. Sorry, but your relaxed and very naive approach is a prime example why bot net operators never run out of zombie PCs. Benjamin |
#14
|
|||
|
|||
Be careful of Windows update
In message Benjamin Gawert
was claimed to have wrote: - Signatures is only one means of detecting viruses, the other being heuristics. Heuristics is very unreliable and only works when the malware is already on your system. *all* desktop AV software only works when malware is already on your system. Heuristics are trivially defeated by any virus author with a copy of the AV software they're trying to defeat and are therefore not particularly reliable, but that's another debate entirely. |
#15
|
|||
|
|||
Be careful of Windows update
* DevilsPGD:
Heuristics is very unreliable and only works when the malware is already on your system. *all* desktop AV software only works when malware is already on your system. Well, yes (it was badly worded, sorry). However, heuristics only works once the malware is *active* while signature-based scanning works when the malware is still *inactive* Heuristics are trivially defeated by any virus author with a copy of the AV software they're trying to defeat and are therefore not particularly reliable, but that's another debate entirely. Heuristics is a last chance of detecting something nasty but the chance that it works is minimal. Once malware is running then the whole system should be considered compromised and cleaned up appropriately. Benjamin |
#16
|
|||
|
|||
Be careful of Windows update
"Benjamin Gawert" wrote in message
... Just because you were lucky so far doesn't mean your approach is sensible. Then I've been lucky for 12 years and counting. Not a bad track record. :-) In fact, you can be infected without knowing it. Your system may be infected, too. The only difference is you can say your system is clean with 99.9% confidence, while I can say it with 99.8% confidence. Updating your AV software daily only takes seconds and is done automatically. There is absolutely no sane reason to not do it. Except no single AV app is completely effective anyway. Depending on whether the developer gets the virus sample before or after it's in the wild, there may be a lag in getting the signatures prepared. Different dev houses get different virus submissions, too, which affects their detection ability. Occasionally I get infected spam email attachments that penetrate Yahoo Mail's Symantec virus scanner, but they scan positive using Avira with my weeks-old definitions. What's more important? A good scan engine or daily-updated definitions? If you work in a particularly high-risk environment, you would need to scan files on-demand with at least two AV programs (they obviously cannot run in the background simultaneously). "Zulu" from alt.2600.cracks advocated this, using some metaphor about contraceptives... -- "War is the continuation of politics by other means. It can therefore be said that politics is war without bloodshed while war is politics with bloodshed." |
#17
|
|||
|
|||
Be careful of Windows update
* First of One:
Just because you were lucky so far doesn't mean your approach is sensible. Then I've been lucky for 12 years and counting. Not a bad track record. :-) Well, if it is 12 years or 20 years is irrelevant as malware got only really really bad within the last 5 to 7 years. Before that it was very easy to avoid malware, however this is not the case anymore. In fact, you can be infected without knowing it. Your system may be infected, too. The only difference is you can say your system is clean with 99.9% confidence, while I can say it with 99.8% confidence. Updating your antimalware program once a month does in no way give you even 90% confidence, in reality you are probably more down to 70%, if at all. Timely updates are critical for antimalware tools, updating once a month is barely batter than not updating it. Updating your AV software daily only takes seconds and is done automatically. There is absolutely no sane reason to not do it. Except no single AV app is completely effective anyway. Depending on whether the developer gets the virus sample before or after it's in the wild, there may be a lag in getting the signatures prepared. Right. So what? Just because a virus program is not 100% effective or that there might be a delay between new virii and new signatures there is no reason to add another, even longer delay. Following your logic, a cancer patient would only get his medications once a month when he is supposed to take it daily, simply because there is a delay in development and diagnostics of cancer, and despite the treatment he might die anyways. Different dev houses get different virus submissions, too, which affects their detection ability. Not really. Today, antivirus companies and security experts works quite closely together and exchange virus signatures and malware information quickly. Occasionally I get infected spam email attachments that penetrate Yahoo Mail's Symantec virus scanner, but they scan positive using Avira with my weeks-old definitions. Well, "Symantec" says it all. What's more important? A good scan engine or daily-updated definitions? It is not one or another. One is worthless without the other. Simple as that. If you work in a particularly high-risk environment, you would need to scan files on-demand with at least two AV programs (they obviously cannot run in the background simultaneously). "Zulu" from alt.2600.cracks advocated this, using some metaphor about contraceptives... If you use files from what you call "high-risk environments" then the safest way is to only use them is in locked-down virtual machines. But that makes regular timely updates of your antimalware tool not less important. Benjamin |
|
Thread Tools | |
Display Modes | |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
Update on Windows Update Problem | MZB | Dell Computers | 0 | October 25th 06 04:30 PM |
CCL too careful for their own good | Dr Teeth | UK Computer Vendors | 13 | March 5th 06 09:23 AM |
Windows Update site update | Dick | Asus Motherboards | 0 | June 22nd 04 08:05 PM |
Nvidia drivers at windows update CRITICAL UPDATE | neopolaris | Nvidia Videocards | 1 | June 5th 04 05:11 AM |
Windows Update SoundStorm update 8 September 2003 | John Boy | Asus Motherboards | 2 | November 1st 03 07:08 PM |