Comments on: Why Anti-Virus is not a waste of money http://www.welivesecurity.com/2012/12/04/why-anti-virus-is-not-a-waste-of-money/ News, Views, and Insight from the ESET Security Community Mon, 03 Feb 2014 08:49:00 +0000 hourly 1 http://wordpress.org/?v=3.7 By: GlennJ http://www.welivesecurity.com/2012/12/04/why-anti-virus-is-not-a-waste-of-money/#comment-3803 Sat, 08 Dec 2012 21:17:21 +0000 http://blog.eset.com/?p=16025#comment-3803 Someone above mentioned that AV solutions do not try to block exploits, but some claim to do so anyway.  In the case of AVG the AVGlinkscanner component (not part of VirusTotal testing) blocks exploits such as the Blackholes and so forth in real time and it does pretty well at that.
Using VirusTotal for testing this capability of the AVG product suite would be Totally misleading, which supports Righard's thesis in this article.

]]>
By: David Harley http://www.welivesecurity.com/2012/12/04/why-anti-virus-is-not-a-waste-of-money/#comment-3802 Sat, 08 Dec 2012 10:40:46 +0000 http://blog.eset.com/?p=16025#comment-3802 I don’t know much about Emsisoft, but I wouldn’t recommend running two antivirus products of the same type at the same time on a single workstation. The additional security that I presume you’re hoping for wouldn’t necessarily compensate for the additional load on system resources. Where you have two products that work in a somewhat similar way, there’s a risk that having both in memory at the same time will actually lessen their effectiveness, even if there aren’t serious incompatibilities. (Some would probably say that just the risk is a serious incompatibility!)

]]>
By: Unknown http://www.welivesecurity.com/2012/12/04/why-anti-virus-is-not-a-waste-of-money/#comment-3801 Sat, 08 Dec 2012 07:23:38 +0000 http://blog.eset.com/?p=16025#comment-3801 i would like to ask that can we use two antivirus on a single workstation.
i want to use ESET Smart Security With Emsisoft Anti-Malware

]]>
By: Righard Zwienenberg http://www.welivesecurity.com/2012/12/04/why-anti-virus-is-not-a-waste-of-money/#comment-3800 Thu, 06 Dec 2012 09:24:47 +0000 http://blog.eset.com/?p=16025#comment-3800  
That would be problematic. First of all, the entire security suite has to be installed – for all products. That would require a lot of machines and or VM’s. Installing them all together on one machine is not possible. Second, it would require resource intensive testing. Most full suites do require interaction.
And then I’m not even touching other implementation issues as e.g. when something is a network worm and will never be written to the harddisk (e.g. CodeRed comes to mind), you would have to “inject” the malicious packages into the network stream. Not at all a realistic approach.

]]>
By: Brian http://www.welivesecurity.com/2012/12/04/why-anti-virus-is-not-a-waste-of-money/#comment-3799 Thu, 06 Dec 2012 04:56:56 +0000 http://blog.eset.com/?p=16025#comment-3799 Is there a service that will test the full desktop versions of various AV programs rather than just the CLI file scanners so we could make more representative tests?

]]>
By: David Harley http://www.welivesecurity.com/2012/12/04/why-anti-virus-is-not-a-waste-of-money/#comment-3798 Wed, 05 Dec 2012 18:43:45 +0000 http://blog.eset.com/?p=16025#comment-3798 Actually, it is clearcut. A VirusTotal report doesn‘t tell you which solutions know about a threat. It tells you which (if any) solutions will flag it as a threat under very restricted conditions that don’t reflect real-world conditions. A useful comparative test has to be much more rigorous than that, but VT was never intended as a way of testing AV.

]]>
By: Bill Pytlovany http://www.welivesecurity.com/2012/12/04/why-anti-virus-is-not-a-waste-of-money/#comment-3797 Wed, 05 Dec 2012 17:49:58 +0000 http://blog.eset.com/?p=16025#comment-3797 Thanks for another thought provoking discussion. I've always been a big fan of VirusTotal. There have been times I've suggested users upload a file they know is bad as a way to figure out which AV solutions know about the threat.

Obviously, this may not always be a clear cut way to find an automated cleanup tool.  I always say which AV solution I recommend can change monthly.  Based on recent tests I'm pleased to say this month ESET is a must have for the folks who ask me for recommendations.

Bill

 

]]>
By: David Harley http://www.welivesecurity.com/2012/12/04/why-anti-virus-is-not-a-waste-of-money/#comment-3796 Wed, 05 Dec 2012 07:51:16 +0000 http://blog.eset.com/?p=16025#comment-3796 Attempt is the key word. We certainly detect some known exploits (for instance, CVE-2012-0507, detected as Java/Exploit.CVE-2012-0507.DX, used by OSX/Dockster et al).But AV isn’t a substitute for OS or application patching, and you can’t rely on it to detect vulnerabiiities that might be exploited, either. Horses for courses.

]]>
By: Brian http://www.welivesecurity.com/2012/12/04/why-anti-virus-is-not-a-waste-of-money/#comment-3795 Wed, 05 Dec 2012 01:41:10 +0000 http://blog.eset.com/?p=16025#comment-3795 How would you say AV performance is at detecting exploits (as opposed to malware payloads)?  Some say that they aren't designed to detect exploits and yet many of them attempt to.

]]>