Along with those who believe NASA faked sending men to the moon and Holocaust deniers, is a group of people who argue that traditional anti-malware (or anti-virus) software is useless and unnecessary. These AV-deniers believe that simply by avoiding things like playing web-based games, downloading software, visiting porn sites, etc. they can avoid being infected by malware. Further they believe that anti-malware doesn’t work because it does poorly against zero day attacks, that is new and unknown malware. They ignore that something like 98% of the malware running around on the Internet consists of old, well-known, attacks.
This morning I needed to look up the opening time for a Seattle-area furniture store called Dania. So I got on my trusted computer and went to “wwwDOTdaniaDOTcom”. This was a big mistake, because that website contained a drive-by malware download. Fortunately Windows 8’s Windows Defender caught and blocked the attempted download. If not for having anti-malware software on my system it might have been infected with a Trojan that enabled remote control of my computer. Was Dania Furniture responsible for having a compromised web site? No, their actual website is www.daniafurniture.com. What percentage of people would try the harmful URL rather than the safe and correct URL? I’m guessing the vast majority.
Good, “old-fashioned”, anti-malware is a very necessary if not sufficient tool for protecting computers from being infected with malware.
One interesting point is that URL filtering was not effective in blocking my attempt to access the bogus site. In this instance I had both Norton DNS and WOT, as well as SmartScreen of course, in the path of my attempt to access the site. None of the three blocked the attempt. I subsequently checked OpenDNS and it too had no inkling that this site was harmful. Google Safe Browsing also wouldn’t have blocked access to this site. Of course, I’ve reported it to all of the above and hopefully they will have investigated and blocked access in a timely manner.
You need to use all the tools at your disposal to avoid malware, including your brain, and even then you won’t be 100% protected.
Hal – I set up Norton DNS last fall after reading one of your posts about it. I am glad you brought it up then. Just recently I mistyped a URL and Norton blocked it. It’s great to have that as a first layer of defense for all devices in my house.
Is the Defender included in Win 8 sufficient? I had assumed (hoped) it was.
As far as I can tell it is as good as any other AM engine. I can tell you that it caught this Trojan, when another well know engine did not.
The guys who say AV is useless and need not be installed are not taken seriously by anyone… or so I believed until I read your post. In my experience no credible / sensible security professional has said AV is not needed and need not be installed. When someone otherwise credible and sensible says something that sounds like that, I’ve generally found that they are really expressing frustration at the exaggerated claims of the Industry and aren’t really saying AV is useless.
The frustration appears to be that the wildly exaggerated claims of AV / AM industry, has created a distorted perception of value and is leading to wrong actions. People act more carelessly than they might if they knew that the AV offers some level of protection but this is not sufficient to cope with the sophisticated and highly targeted attacks we are now seeing. …increasingly frequently.
I am inclined to be sympathetic to this view. The impression created, with too many consumers, is that these products ‘secure’ the PC in some absolute sense. As if ‘secure’ was a boolean. This is completely understandable product pride / business promotion, etc. but it does have the effect of lulling consumers into a complacency that is unwarranted.
There are sensible things that users can (settings to change, practices to adopt) that would make a meaningful difference for the better in their security and privacy posture. These practices are hard to draw attention to when the laity believes that they are cloaked in armor. Unfortunately, as is often the case, a polarized debate rarely leads to optimal outcomes.
Changing the human dynamic is an important one. Creating a consistent environment in which the average user can learn to operate is key to that, and today we have an environment that is anything but consistent. Nor one in which a little care is sufficient to protect oneself at the same level as is possible in the physical world.
I guess I’m one of those “deniers”. However, I’m not arguing that AM doesn’t protect you against some threats, it obviously does (although in this case there probably wasn’t an actual threat on the page, just some ad/click fraud stuff). My point is rather that it is completely irresponsible to be online (with a PC) unless you know what you are doing and AM isn’t going to change that.
For example, installing updates immediately when available is *far* more important than AM, but most people don’t understand that (or aren’t able to watch for the updates and install them immediately, instead waiting for vendor updates processes that can take days.)
BTW, I apologise for only commenting when I disagree. I really enjoy and appreciate your other posts.
I completely agree with you about updates.
I was transferring some old data off 5.25″ floppies recently, and MSE picked up an ancient virus from the late 1980s! Old threats *never* go away.
(I’m not sure if it would’ve run successfully on the host system, but it could certainly have infected the VM. Which is almost as annoying.)
What are floppies?
One of the interesting things that happened when Microsoft introduced OneCare is that it got poor results on 3rd-party Anti-Virus testing because they hadn’t included signatures for viruses that the OSes OneCare ran on were immune to. So an old virus that only did something on Windows 95, for example, but not on Windows XP went undetected. While on the surface it makes sense for Microsoft to drop these seemingly obsolete signatures that isn’t how the testing bodies saw it. And I think the testers were largely right. So Microsoft started including all the old signatures.
Imagine that your Windows 8 box is immune to a virus and so your anti-malware program did not detect it. Now you go home and plug into a network and allow a Windows XP machine, that can be harmed by the malicious file, to access a share on your Windows 8 machine. You’ve just hosed the Windows XP machine. So being a virus carrier is almost as bad as being infected by the virus yourself. These days Microsoft is including signatures for Android and Apple malware to prevent Windows machines from being carriers of those.
After doing some checking, while the site in question is shady, it’s not actually serving up malware. Defender/MSE is flagging it as a redirector, seen with infected websites. But it’s entirely possible that in this case, it’s a legitimate redirect