Antivirus musings (was Re: SDR dongle problem)

Robert Stratton bob at stratton.net
Sun Jan 12 23:15:30 CST 2014 

For what it's worth, I used to work at Symantec. They completely overhauled the Norton Internet Security product in 2008 or 2009, and it went from something I couldn't stand using to something I rather liked, if that's possible in an antivirus product. If you're going to buy a Symantec product, get Norton Internet Security or Norton Anti-virus. Norton 360, the family/end-user thing tries to be all things to all people, and I'm not convinced it actually does any of them well. 

The McAfee consumer products had the nasty attribute that there was actually no user menu mechanism to quit the thing if I had to do something intensive. 

When I want to go low rent for A/V on MS Windows, I use Immunet's free cloud A/V product (bought by Sourcefire, thence by Cisco) along with Microsoft Security Essentials. Immunet is about as low-overhead as you can get (assuming you're Internet connected), and I personally know and/or have worked with the founders of the company before it was acquired. 

Immunet is designed to peacefully coexist with classical A/V products. (Except perhaps Kaspersky which doesn't seem to get along with anything.) They also integrated ClamAV into it, but it's not the same as ClamAV.

Avast isn't bad either, but it has a habit of continuing to alert on things that have already been mitigated, at least on the OS X version. 

No matter what A/V you run, it's probably not a bad idea to occasionally run a scan with something like Malwarebytes' scanner as well. 

The truth is that the day of significant value in antivirus software has all but passed. I recently was at an investor conference for security companies and at least 4 told tales of CISOs saying they wanted to stop buying A/V products for the enterprise. I believe them. There are better, or at least more useful approaches these days.

Sandboxing and whitelisting are the mechanisms most likely to provide cover these days. If you buy a new Dell in any of 3 product lines, they're now bundling Invincea's sandboxing product. (Which is a company based in Northern Virginia, to boot.)

Unfortunately, Bit9, perhaps the best whitelisting option out there, doesn't want to sell licenses in anything less than 500-license bundles. 

--Bob


On Jan 7, 2014, at 10:03 AM, Alberto di Bene <dibene at usa.net> wrote:

> On 1/7/2014 5:55 AM, wb4jfi at knology.net wrote:
> 
>> I don’t run Norton, and have seen lots of comments about how Norton messes up various drivers, etc. 
> 
> The same here. FWIW, I run since a few years Avast! Internet Security, and am quite satisfied with it, no problems at all.
> I have bad memories of Norton Antivirus... before my retirement, IBM forced every and all employees, at any level, to have a special
> and customized version of Norton installed, that automatically did a complete scan once per week, and this was not customizable,
> and you could not even uninstall it...
> You had to accept that, and go for a walk when the scan started... and Norton slowed down considerably the PC, in addition
> to often giving false positives.
> 
> For me it was a liberation the day I retired, as the first thing I did was to completely reformat the hard disk of the PC that
> IBM left me take home, and reinstall exactly and only the software I wanted... and Norton was not in my list...
> 
> 73  Alberto  I2PHD
> 
>  
> 
> _______________________________________________
> Tacos mailing list
> Tacos at amrad.org
> https://amrad.org/mailman/listinfo/tacos

More information about the Tacos mailing list